From 541ea51ad5ca07f26f58415d8805537660fc7bec Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 26 May 2023 15:49:14 +1000 Subject: [PATCH] Tests api.c: rework for malloc failure testing Modified number of tests to not crash on failure and cleanup allocations on failure. Added memory fail count option to set which memory allocation to start failing on. Fix issues found from testing. bio.c: BIO_new() move ref count up so that calls to wolfSSL_BIO_free() work. internal.c: ImportCipherSpecState wasn't checking SetKeySide for failure. Crash when pointer is NULL and accessed directly. ocsp.c: wolfSSL_OCSP_response_get1_basic() doesn't need to free vs->source as it is freed in WOLFSSL_OCSP_RESPONSE_free(). ssl.c: ProcessBuffer() Don't strip PKCS#8 header if failed to create DER. Crasged as directly accessing 'der' which was NULL. ssl_asn.c: wolfssl_asn1_integer_require_len was checking wrong variable to see if allocation failed. x509,c: wolfSSL_X509_ALGOR_set0 needs to set aobj only when no failure possible. wolfSSL_X509_chain_up_ref needs to call cleanup to ensure everything is freed. --- src/bio.c | 33 +- src/internal.c | 5 +- src/ocsp.c | 6 +- src/ssl.c | 10 +- src/ssl_asn1.c | 2 +- src/x509.c | 10 +- tests/api.c | 6830 +++++++++++++++++++----------------- tests/unit.c | 14 +- tests/unit.h | 103 +- wolfcrypt/src/asn.c | 9 +- wolfcrypt/src/memory.c | 96 +- wolfcrypt/src/wc_port.c | 6 + wolfssl/test.h | 11 +- wolfssl/wolfcrypt/memory.h | 5 + 14 files changed, 3888 insertions(+), 3252 deletions(-) diff --git a/src/bio.c b/src/bio.c index 103d7771f..39e542b25 100644 --- a/src/bio.c +++ b/src/bio.c @@ -2481,6 +2481,23 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->shutdown = BIO_CLOSE; /* default to close things */ bio->num = WOLFSSL_BIO_ERROR; bio->init = 1; + + #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) + { + int ret; + wolfSSL_RefInit(&bio->ref, &ret); + #ifdef WOLFSSL_REFCNT_ERROR_RETURN + if (ret != 0) { + wolfSSL_BIO_free(bio); + WOLFSSL_MSG("wc_InitMutex failed for WOLFSSL_BIO"); + return NULL; + } + #else + (void)ret; + #endif + } + #endif + if (method->type == WOLFSSL_BIO_MEMORY) bio->eof = WOLFSSL_BIO_ERROR; /* Return value for empty buffer */ if (method->type == WOLFSSL_BIO_MEMORY || @@ -2507,22 +2524,6 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) method->createCb(bio); } - #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) - { - int ret; - wolfSSL_RefInit(&bio->ref, &ret); - #ifdef WOLFSSL_REFCNT_ERROR_RETURN - if (ret != 0) { - wolfSSL_BIO_free(bio); - WOLFSSL_MSG("wc_InitMutex failed for WOLFSSL_BIO"); - return NULL; - } - #else - (void)ret; - #endif - } - #endif - } return bio; } diff --git a/src/internal.c b/src/internal.c index c6c22bc01..12cf97ac6 100644 --- a/src/internal.c +++ b/src/internal.c @@ -913,6 +913,7 @@ static int ImportCipherSpecState(WOLFSSL* ssl, const byte* exp, word32 len, word32 tmp_seq_peer_hi; word32 tmp_seq_lo; word32 tmp_seq_hi; + int ret; WOLFSSL_ENTER("ImportCipherSpecState"); @@ -951,7 +952,9 @@ static int ImportCipherSpecState(WOLFSSL* ssl, const byte* exp, word32 len, tmp_seq_lo = ssl->keys.sequence_number_lo; tmp_seq_hi = ssl->keys.sequence_number_hi; - SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE); + if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) < 0) { + return ret; + } /* reset sequence numbers after setting keys */ ssl->keys.peer_sequence_number_lo = tmp_seq_peer_lo; diff --git a/src/ocsp.c b/src/ocsp.c index 796b80f55..30f5e16a0 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -938,8 +938,10 @@ WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response) DYNAMIC_TYPE_OCSP_ENTRY); bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (bs->single == NULL || bs->source == NULL) { - if (bs->single) XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); - if (bs->source) XFREE(bs->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (bs->single) { + XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); + bs->single = NULL; + } wolfSSL_OCSP_RESPONSE_free(bs); bs = NULL; } diff --git a/src/ssl.c b/src/ssl.c index 98cba225a..e0336f7bd 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7365,7 +7365,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #ifdef HAVE_PKCS8 /* if private key try and remove PKCS8 header */ - if (type == PRIVATEKEY_TYPE) { + if (ret == 0 && type == PRIVATEKEY_TYPE) { if ((ret = ToTraditional_ex(der->buffer, der->length, &algId)) > 0) { /* Found PKCS8 header */ @@ -8013,7 +8013,10 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl, &consumed, 0, verify); - if (ret < 0) { + if (ret == MEMORY_E) { + return ret; + } + else if (ret < 0) { #if defined(WOLFSSL_WPAS) && defined(HAVE_CRL) DerBuffer* der = NULL; EncryptedInfo info; @@ -38466,7 +38469,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); } if (certData != NULL) { - XFREE(*cert, heap, DYNAMIC_TYPE_PKCS); *cert = NULL; + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); } /* Free up WC_DerCertList and move on */ while (current != NULL) { @@ -38580,6 +38583,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; } wolfSSL_X509_free(*cert); *cert = NULL; + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); ret = WOLFSSL_FAILURE; goto out; } diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index 3075665dc..53503ee2d 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -623,7 +623,7 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len, if ((!a->isDynamic) && (len > (int)a->dataMax)) { /* Create a new buffer to hold large integer value. */ data = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); - if (a->data == NULL) { + if (data == NULL) { ret = 0; } else { diff --git a/src/x509.c b/src/x509.c index baf7e8158..6f5e095d3 100644 --- a/src/x509.c +++ b/src/x509.c @@ -9007,9 +9007,6 @@ int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj if (!algor) { return WOLFSSL_FAILURE; } - if (aobj) { - algor->algorithm = aobj; - } if (!algor->parameter) { algor->parameter = wolfSSL_ASN1_TYPE_new(); @@ -9018,6 +9015,9 @@ int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj } } + if (aobj) { + algor->algorithm = aobj; + } wolfSSL_ASN1_TYPE_set(algor->parameter, ptype, pval); return WOLFSSL_SUCCESS; @@ -9991,8 +9991,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( { ret = wc_InitRng(&rng); if (ret != 0) { - XFREE(cert, NULL, DYNAMIC_TYPE_CERT); - return WOLFSSL_FAILURE; + ret = WOLFSSL_FAILURE; + goto cleanup; } ret = wc_MakeCert_ex(cert, der, *derSz, type, key, &rng); diff --git a/tests/api.c b/tests/api.c index a68bd1db8..a427e2de9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -583,37 +583,39 @@ static int test_fileAccess(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM) + EXPECT_DECLS; const char *fname[] = { - svrCertFile, svrKeyFile, caCertFile, - eccCertFile, eccKeyFile, eccRsaCertFile, - cliCertFile, cliCertDerFile, cliKeyFile, - dhParamFile, - cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile, - cliEdCertFile, cliEdKeyFile, caEdCertFile, - NULL + svrCertFile, svrKeyFile, caCertFile, + eccCertFile, eccKeyFile, eccRsaCertFile, + cliCertFile, cliCertDerFile, cliKeyFile, + dhParamFile, + cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile, + cliEdCertFile, cliEdKeyFile, caEdCertFile, + NULL }; - const char derfile[] = "./certs/server-cert.der"; - XFILE f; + const char derfile[] = "./certs/server-cert.der"; + XFILE f = XBADFILE; size_t sz; - byte *buff; + byte *buff = NULL; int i; - AssertTrue(XFOPEN("badfilename", "rb") == XBADFILE); + ExpectTrue(XFOPEN("badfilename", "rb") == XBADFILE); for (i=0; fname[i] != NULL ; i++) { - AssertTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE); + ExpectTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE); XFCLOSE(f); } - AssertTrue((f = XFOPEN(derfile, "rb")) != XBADFILE); - AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0); - sz = (size_t) XFTELL(f); - AssertTrue(XFSEEK(f, 0, XSEEK_SET) == 0); - AssertTrue(sz == sizeof_server_cert_der_2048); - AssertTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL) ; - AssertTrue(XFREAD(buff, 1, sz, f) == sz); - XMEMCMP(server_cert_der_2048, buff, sz); + ExpectTrue((f = XFOPEN(derfile, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(f, 0, XSEEK_END) == 0); + ExpectIntGE(sz = (size_t) XFTELL(f), sizeof_server_cert_der_2048); + ExpectTrue(XFSEEK(f, 0, XSEEK_SET) == 0); + ExpectTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL); + ExpectTrue(XFREAD(buff, 1, sz, f) == sz); + ExpectIntEQ(XMEMCMP(server_cert_der_2048, buff, sz), 0); + XFREE(buff, NULL, DYNAMIC_TYPE_FILE); + XFCLOSE(f); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -624,18 +626,20 @@ static int test_fileAccess(void) static int test_wolfSSL_Method_Allocators(void) { + EXPECT_DECLS; + #define TEST_METHOD_ALLOCATOR(allocator, condition) \ do { \ - WOLFSSL_METHOD *method; \ + WOLFSSL_METHOD *method = NULL; \ condition(method = allocator()); \ XFREE(method, 0, DYNAMIC_TYPE_METHOD); \ - } while(0) + } while (0) #define TEST_VALID_METHOD_ALLOCATOR(a) \ - TEST_METHOD_ALLOCATOR(a, AssertNotNull) + TEST_METHOD_ALLOCATOR(a, ExpectNotNull) #define TEST_INVALID_METHOD_ALLOCATOR(a) \ - TEST_METHOD_ALLOCATOR(a, AssertNull) + TEST_METHOD_ALLOCATOR(a, ExpectNull) #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_SSLV3 @@ -742,7 +746,7 @@ static int test_wolfSSL_Method_Allocators(void) #endif /* WOLFSSL_DTLS */ #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ - return TEST_SUCCESS; + return EXPECT_RESULT(); } @@ -752,16 +756,17 @@ static int test_wolfSSL_Method_Allocators(void) #ifndef NO_WOLFSSL_SERVER static int test_wolfSSL_CTX_new(void) { + EXPECT_DECLS; WOLFSSL_CTX *ctx; WOLFSSL_METHOD* method; - AssertNull(ctx = wolfSSL_CTX_new(NULL)); - AssertNotNull(method = wolfSSLv23_server_method()); - AssertNotNull(ctx = wolfSSL_CTX_new(method)); + ExpectNull(ctx = wolfSSL_CTX_new(NULL)); + ExpectNotNull(method = wolfSSLv23_server_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(method)); wolfSSL_CTX_free(ctx); - return TEST_RES_CHECK(1); + return EXPECT_RESULT(); } #endif @@ -769,8 +774,9 @@ static int test_wolfSSL_CTX_new(void) (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM) static int test_for_double_Free(void) { - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + EXPECT_DECLS; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; int skipTest = 0; const char* testCertFile; const char* testKeyFile; @@ -811,106 +817,112 @@ static int test_for_double_Free(void) #endif #ifndef NO_RSA - testCertFile = svrCertFile; - testKeyFile = svrKeyFile; + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) - testCertFile = eccCertFile; - testKeyFile = eccKeyFile; + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; #else skipTest = 1; #endif if (skipTest != 1) { #ifndef NO_WOLFSSL_SERVER - ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else - ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); - ssl = wolfSSL_new(ctx); - AssertNotNull(ssl); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); /* First test freeing SSL, then CTX */ wolfSSL_free(ssl); + ssl = NULL; wolfSSL_CTX_free(ctx); + ctx = NULL; #ifndef NO_WOLFSSL_CLIENT - ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else - ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); - ssl = wolfSSL_new(ctx); - AssertNotNull(ssl); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); /* Next test freeing CTX then SSL */ wolfSSL_CTX_free(ctx); + ctx = NULL; wolfSSL_free(ssl); + ssl = NULL; #ifndef NO_WOLFSSL_SERVER - ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else - ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif /* Test setting ciphers at ctx level */ - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers)); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers)); #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \ defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) /* only update TLSv13 suites */ - AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384")); + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384")); #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \ defined(WOLFSSL_AES_128) && !defined(NO_RSA) /* only update pre-TLSv13 suites */ - AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256")); + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, + "ECDHE-RSA-AES128-GCM-SHA256")); #endif #ifdef OPENSSL_EXTRA - AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, openvpnCiphers)); + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, openvpnCiphers)); #endif - AssertNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_CTX_free(ctx); + ctx = NULL; wolfSSL_free(ssl); + ssl = NULL; #ifndef NO_WOLFSSL_CLIENT - ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else - ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); - ssl = wolfSSL_new(ctx); - AssertNotNull(ssl); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); /* test setting ciphers at SSL level */ - AssertTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers)); + ExpectTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers)); #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \ defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) /* only update TLSv13 suites */ - AssertTrue(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384")); + ExpectTrue(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384")); #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \ defined(WOLFSSL_AES_128) && !defined(NO_RSA) /* only update pre-TLSv13 suites */ - AssertTrue(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256")); + ExpectTrue(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256")); #endif wolfSSL_CTX_free(ctx); + ctx = NULL; wolfSSL_free(ssl); + ssl = NULL; } - return TEST_RES_CHECK(1); + return EXPECT_RESULT(); } #endif @@ -921,10 +933,11 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void) #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) + EXPECT_DECLS; const char* testCertFile; const char* testKeyFile; - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; const byte cipherList[] = { @@ -1077,41 +1090,37 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void) #endif #ifndef NO_WOLFSSL_SERVER - ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else - ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif - AssertTrue(wolfSSL_CTX_set_cipher_list_bytes(ctx, &cipherList[0U], + ExpectTrue(wolfSSL_CTX_set_cipher_list_bytes(ctx, &cipherList[0U], sizeof(cipherList))); wolfSSL_CTX_free(ctx); + ctx = NULL; #ifndef NO_WOLFSSL_SERVER - ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else - ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); - ssl = wolfSSL_new(ctx); - AssertNotNull(ssl); + ExpectNotNull(ssl = wolfSSL_new(ctx)); - AssertTrue(wolfSSL_set_cipher_list_bytes(ssl, &cipherList[0U], + ExpectTrue(wolfSSL_set_cipher_list_bytes(ssl, &cipherList[0U], sizeof(cipherList))); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* (OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES) && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) && (!NO_RSA || HAVE_ECC) */ @@ -1123,30 +1132,33 @@ static int test_wolfSSL_CTX_use_certificate_file(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) - WOLFSSL_CTX *ctx; + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); /* invalid context */ - AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile, - WOLFSSL_FILETYPE_PEM)); + ExpectFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile, + WOLFSSL_FILETYPE_PEM)); /* invalid cert file */ - AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile, - WOLFSSL_FILETYPE_PEM)); + ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile, + WOLFSSL_FILETYPE_PEM)); /* invalid cert type */ - AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999)); + ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999)); #ifdef NO_RSA /* rsa needed */ - AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,WOLFSSL_FILETYPE_PEM)); + ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM)); #else /* success */ - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM)); #endif wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -1183,17 +1195,19 @@ static int test_wolfSSL_CTX_use_certificate_buffer(void) int res = TEST_SKIPPED; #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \ !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER) - WOLFSSL_CTX* ctx; + EXPECT_DECLS; + WOLFSSL_CTX* ctx = NULL; int ret; - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); - ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, - sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1); + ExpectIntEQ(ret = wolfSSL_CTX_use_certificate_buffer(ctx, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); + res = EXPECT_RESULT(); #endif return res; @@ -1203,31 +1217,34 @@ static int test_wolfSSL_CTX_use_PrivateKey_file(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) - WOLFSSL_CTX *ctx; + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); /* invalid context */ - AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile, - WOLFSSL_FILETYPE_PEM)); + ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); /* invalid key file */ - AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile, - WOLFSSL_FILETYPE_PEM)); + ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile, + WOLFSSL_FILETYPE_PEM)); /* invalid key type */ - AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999)); + ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999)); /* success */ #ifdef NO_RSA /* rsa needed */ - AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); #else /* success */ - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); #endif wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -1240,72 +1257,73 @@ static int test_wolfSSL_CTX_trust_peer_cert(void) int res = TEST_SKIPPED; #if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) - WOLFSSL_CTX *ctx; - WOLFSSL* ssl; + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL* ssl = NULL; - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); - AssertNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); #if !defined(NO_FILESYSTEM) /* invalid file */ - AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, NULL, + ExpectIntNE(wolfSSL_CTX_trust_peer_cert(ctx, NULL, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); - AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile, + ExpectIntNE(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); - AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, + ExpectIntNE(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* success */ - AssertIntEQ(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, + ExpectIntEQ(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* unload cert */ - AssertIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS); /* invalid file */ - AssertIntNE(wolfSSL_trust_peer_cert(ssl, NULL, + ExpectIntNE(wolfSSL_trust_peer_cert(ssl, NULL, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); - AssertIntNE(wolfSSL_trust_peer_cert(ssl, bogusFile, + ExpectIntNE(wolfSSL_trust_peer_cert(ssl, bogusFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); - AssertIntNE(wolfSSL_trust_peer_cert(ssl, cliCertFile, + ExpectIntNE(wolfSSL_trust_peer_cert(ssl, cliCertFile, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* success */ - AssertIntEQ(wolfSSL_trust_peer_cert(ssl, cliCertFile, + ExpectIntEQ(wolfSSL_trust_peer_cert(ssl, cliCertFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #ifdef WOLFSSL_LOCAL_X509_STORE /* unload cert */ - AssertIntNE(wolfSSL_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_Unload_trust_peers(ssl), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_Unload_trust_peers(ssl), WOLFSSL_SUCCESS); #endif #endif /* Test of loading certs from buffers */ /* invalid buffer */ - AssertIntNE(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1, + ExpectIntNE(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* success */ #ifdef USE_CERT_BUFFERS_1024 - AssertIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024, + ExpectIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024, sizeof_client_cert_der_1024, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif #ifdef USE_CERT_BUFFERS_2048 - AssertIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048, + ExpectIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048, sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif /* unload cert */ - AssertIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -1316,9 +1334,10 @@ static int test_wolfSSL_CTX_load_verify_locations(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT) - WOLFSSL_CTX *ctx; + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; #ifndef NO_RSA - WOLFSSL_CERT_MANAGER* cm; + WOLFSSL_CERT_MANAGER* cm = NULL; #ifdef PERSIST_CERT_CACHE int cacheSz; #endif @@ -1329,56 +1348,60 @@ static int test_wolfSSL_CTX_load_verify_locations(void) const char* load_expired_path = "./certs/test/expired"; #endif - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); /* invalid arguments */ - AssertIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), WOLFSSL_FAILURE); - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), + WOLFSSL_FAILURE); /* invalid ca file */ - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL), - WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL), + WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE)); #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \ (defined(WOLFSSL_QT) && \ !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR)) /* invalid path */ - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile), - WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile), + WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE)); #endif /* load ca cert */ #ifdef NO_RSA - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), - WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), + WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE)); #else /* Skip the following test without RSA certs. */ - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), + WOLFSSL_SUCCESS); #ifdef PERSIST_CERT_CACHE /* Get cert cache size */ - cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx); + ExpectIntGT(cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx), 0); #endif /* Test unloading CA's */ - AssertIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS); #ifdef PERSIST_CERT_CACHE /* Verify no certs (result is less than cacheSz) */ - AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx)); + ExpectIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx)); #endif /* load ca cert again */ - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), + WOLFSSL_SUCCESS); /* Test getting CERT_MANAGER */ - AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx)); + ExpectNotNull(cm = wolfSSL_CTX_GetCertManager(ctx)); /* Test unloading CA's using CM */ - AssertIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); #ifdef PERSIST_CERT_CACHE /* Verify no certs (result is less than cacheSz) */ - AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx)); + ExpectIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx)); #endif #endif @@ -1386,41 +1409,43 @@ static int test_wolfSSL_CTX_load_verify_locations(void) /* Test loading CA certificates using a path */ #ifdef NO_RSA /* failure here okay since certs in external directory are RSA */ - AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #else - AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #endif /* Test loading path with no files */ - AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_no_certs_path, - WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, + load_no_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE); /* Test loading expired CA certificates */ #ifdef NO_RSA - AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path, + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, + load_expired_path, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #else - AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path, + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, + load_expired_path, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #endif /* Test loading CA certificates and ignoring all errors */ #ifdef NO_RSA - AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE); #else - AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS); #endif #endif wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -1638,6 +1663,7 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ defined(HAVE_LIGHTY) + EXPECT_DECLS; WOLFSSL_CERT_MANAGER* cm = NULL; /* Raw OCSP response bytes captured using the following setup: * - Run responder with @@ -1774,7 +1800,7 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void) }; OcspEntry entry[1]; CertStatus status[1]; - OcspRequest* request; + OcspRequest* request = NULL; byte serial[] = {0x05}; byte issuerHash[] = {0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04}; @@ -1784,36 +1810,38 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void) XMEMSET(entry, 0, sizeof(OcspEntry)); XMEMSET(status, 0, sizeof(CertStatus)); - AssertNotNull(request = wolfSSL_OCSP_REQUEST_new()); - request->serial = (byte*)XMALLOC(sizeof(serial), NULL, - DYNAMIC_TYPE_OCSP_REQUEST); - AssertNotNull(request->serial); + ExpectNotNull(request = wolfSSL_OCSP_REQUEST_new()); + ExpectNotNull(request->serial = (byte*)XMALLOC(sizeof(serial), NULL, + DYNAMIC_TYPE_OCSP_REQUEST)); - request->serialSz = sizeof(serial); - XMEMCPY(request->serial, serial, sizeof(serial)); - XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash)); - XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash)); + if ((request != NULL) && (request->serial != NULL)) { + request->serialSz = sizeof(serial); + XMEMCPY(request->serial, serial, sizeof(serial)); + XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash)); + XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash)); + } - AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); - AssertIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CertManagerLoadCA(cm, + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, "./certs/ocsp/intermediate1-ca-cert.pem", NULL), WOLFSSL_SUCCESS); /* Response should be valid. */ - AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, response, + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, response, sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); /* Flip a byte in the request serial number, response should be invalid * now. */ - request->serial[0] ^= request->serial[0]; - AssertIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, response, + if ((request != NULL) && (request->serial != NULL)) + request->serial[0] ^= request->serial[0]; + ExpectIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, response, sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); wolfSSL_OCSP_REQUEST_free(request); wolfSSL_CertManagerFree(cm); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || * WOLFSSL_APACHE_HTTPD || HAVE_LIGHTY */ #endif /* HAVE_OCSP */ @@ -1824,60 +1852,62 @@ static int test_wolfSSL_CheckOCSPResponse(void) { int result = TEST_SKIPPED; #if defined(HAVE_OCSP) && !defined(NO_RSA) && defined(OPENSSL_ALL) + EXPECT_DECLS; const char* responseFile = "./certs/ocsp/test-response.der"; const char* responseMultiFile = "./certs/ocsp/test-multi-response.der"; - const char* responseNoInternFile = "./certs/ocsp/test-response-nointern.der"; + const char* responseNoInternFile = + "./certs/ocsp/test-response-nointern.der"; const char* caFile = "./certs/ocsp/root-ca-cert.pem"; OcspResponse* res = NULL; byte data[4096]; const unsigned char* pt; int dataSz; - XFILE f; - WOLFSSL_OCSP_BASICRESP* bs; - WOLFSSL_X509_STORE* st; - WOLFSSL_X509* issuer; + XFILE f = XBADFILE; + WOLFSSL_OCSP_BASICRESP* bs = NULL; + WOLFSSL_X509_STORE* st = NULL; + WOLFSSL_X509* issuer = NULL; - f = XFOPEN(responseFile, "rb"); - AssertTrue(f != XBADFILE); - dataSz = (word32)XFREAD(data, 1, sizeof(data), f); - AssertIntGT(dataSz, 0); + ExpectTrue((f = XFOPEN(responseFile, "rb")) != XBADFILE); + ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0); XFCLOSE(f); + f = XBADFILE; pt = data; - res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz); - AssertNotNull(res); - issuer = wolfSSL_X509_load_certificate_file(caFile, SSL_FILETYPE_PEM); - AssertNotNull(issuer); - st = wolfSSL_X509_STORE_new(); - AssertNotNull(st); - AssertIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS); - bs = wolfSSL_OCSP_response_get1_basic(res); - AssertNotNull(bs); - AssertIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), WOLFSSL_SUCCESS); + ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); + ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(st = wolfSSL_X509_STORE_new()); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS); + ExpectNotNull(bs = wolfSSL_OCSP_response_get1_basic(res)); + ExpectIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), WOLFSSL_SUCCESS); wolfSSL_OCSP_BASICRESP_free(bs); + bs = NULL; wolfSSL_OCSP_RESPONSE_free(res); + res = NULL; wolfSSL_X509_STORE_free(st); + st = NULL; wolfSSL_X509_free(issuer); + issuer = NULL; /* check loading a response with optional certs */ - f = XFOPEN(responseNoInternFile, "rb"); - AssertTrue(f != XBADFILE); - dataSz = (word32)XFREAD(data, 1, sizeof(data), f); - AssertIntGT(dataSz, 0); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(responseNoInternFile, "rb")) != XBADFILE); + ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + f = XBADFILE; pt = data; - res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz); - AssertNotNull(res); + ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); wolfSSL_OCSP_RESPONSE_free(res); + res = NULL; /* check loading a response with multiple certs */ { WOLFSSL_CERT_MANAGER* cm = NULL; - OcspEntry *entry; - CertStatus* status; - OcspRequest* request; + OcspEntry *entry = NULL; + CertStatus* status = NULL; + OcspRequest* request = NULL; byte serial1[] = {0x01}; byte serial[] = {0x02}; @@ -1893,63 +1923,72 @@ static int test_wolfSSL_CheckOCSPResponse(void) 0x7E, 0x72, 0x15, 0x21 }; - entry = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL, - DYNAMIC_TYPE_OPENSSL); - AssertNotNull(entry); + ExpectNotNull(entry = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL, + DYNAMIC_TYPE_OPENSSL)); - status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, - DYNAMIC_TYPE_OPENSSL); - AssertNotNull(status); + ExpectNotNull(status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, + DYNAMIC_TYPE_OPENSSL)); - XMEMSET(entry, 0, sizeof(OcspEntry)); - XMEMSET(status, 0, sizeof(CertStatus)); + if (entry != NULL) + XMEMSET(entry, 0, sizeof(OcspEntry)); + if (status != NULL) + XMEMSET(status, 0, sizeof(CertStatus)); - AssertNotNull(request = wolfSSL_OCSP_REQUEST_new()); - request->serial = (byte*)XMALLOC(sizeof(serial), NULL, - DYNAMIC_TYPE_OCSP_REQUEST); - AssertNotNull(request->serial); + ExpectNotNull(request = wolfSSL_OCSP_REQUEST_new()); + ExpectNotNull(request->serial = (byte*)XMALLOC(sizeof(serial), NULL, + DYNAMIC_TYPE_OCSP_REQUEST)); - request->serialSz = sizeof(serial); - XMEMCPY(request->serial, serial, sizeof(serial)); - XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash)); - XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash)); + if (request != NULL && request->serial != NULL) { + request->serialSz = sizeof(serial); + XMEMCPY(request->serial, serial, sizeof(serial)); + XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash)); + XMEMCPY(request->issuerKeyHash, issuerKeyHash, + sizeof(issuerKeyHash)); + } - AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); - AssertIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CertManagerLoadCA(cm, caFile, NULL), + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, caFile, NULL), WOLFSSL_SUCCESS); - f = XFOPEN(responseMultiFile, "rb"); - AssertTrue(f != XBADFILE); - dataSz = (word32)XFREAD(data, 1, sizeof(data), f); - AssertIntGT(dataSz, 0); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(responseMultiFile, "rb")) != XBADFILE); + ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + f = XBADFILE; - AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS); - AssertNotNull(entry->status); + ExpectNotNull(entry->status); - XMEMCPY(request->serial, serial1, sizeof(serial1)); - AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, + if (request != NULL && request->serial != NULL) + XMEMCPY(request->serial, serial1, sizeof(serial1)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS); /* store both status's in the entry to check that "next" is not * overwritten */ - status->next = entry->status; - entry->status = status; + if (EXPECT_SUCCESS() && status != NULL && entry != NULL) { + status->next = entry->status; + entry->status = status; + } - XMEMCPY(request->serial, serial, sizeof(serial)); - AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, + if (request != NULL && request->serial != NULL) + XMEMCPY(request->serial, serial, sizeof(serial)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS); - AssertNotNull(entry->status->next); + ExpectNotNull(entry->status->next); /* compare the status found */ - AssertIntEQ(status->serialSz, entry->status->serialSz); - AssertIntEQ(XMEMCMP(status->serial, entry->status->serial, + ExpectIntEQ(status->serialSz, entry->status->serialSz); + ExpectIntEQ(XMEMCMP(status->serial, entry->status->serial, status->serialSz), 0); + if (status != NULL && entry != NULL && entry->status != status) { + XFREE(status, NULL, DYNAMIC_TYPE_OPENSSL); + } wolfSSL_OCSP_CERTID_free(entry); wolfSSL_OCSP_REQUEST_free(request); wolfSSL_CertManagerFree(cm); @@ -1960,25 +1999,22 @@ static int test_wolfSSL_CheckOCSPResponse(void) const char* responsePssFile = "./certs/ocsp/test-response-rsapss.der"; /* check loading a response with RSA-PSS signature */ - f = XFOPEN(responsePssFile, "rb"); - AssertTrue(f != XBADFILE); - dataSz = (word32)XFREAD(data, 1, sizeof(data), f); - AssertIntGT(dataSz, 0); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(responsePssFile, "rb")) != XBADFILE); + ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0); + if (f != XBADFILE) + XFCLOSE(f); pt = data; - res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz); - AssertNotNull(res); + ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); /* try to verify the response */ - issuer = wolfSSL_X509_load_certificate_file(caFile, SSL_FILETYPE_PEM); - AssertNotNull(issuer); - st = wolfSSL_X509_STORE_new(); - AssertNotNull(st); - AssertIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS); - bs = wolfSSL_OCSP_response_get1_basic(res); - AssertNotNull(bs); - AssertIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), WOLFSSL_SUCCESS); + ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(st = wolfSSL_X509_STORE_new()); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS); + ExpectNotNull(bs = wolfSSL_OCSP_response_get1_basic(res)); + ExpectIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), + WOLFSSL_SUCCESS); wolfSSL_OCSP_BASICRESP_free(bs); wolfSSL_OCSP_RESPONSE_free(res); wolfSSL_X509_STORE_free(st); @@ -1986,7 +2022,7 @@ static int test_wolfSSL_CheckOCSPResponse(void) } #endif - result = TEST_RES_CHECK(1); + result = EXPECT_RESULT(); #endif /* HAVE_OCSP */ return result; } @@ -1995,34 +2031,32 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + EXPECT_DECLS; const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; int ret; ret = test_cm_load_ca_file(ca_cert); #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); + ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR); #elif defined(NO_RSA) - AssertIntEQ(ret, ASN_UNKNOWN_OID_E); + ExpectIntEQ(ret, ASN_UNKNOWN_OID_E); #else - AssertIntEQ(ret, WOLFSSL_SUCCESS); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); #endif ret = test_cm_load_ca_file(ca_expired_cert); #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); - res = TEST_RES_CHECK(ret == WOLFSSL_FATAL_ERROR); + ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR); #elif defined(NO_RSA) - AssertIntEQ(ret, ASN_UNKNOWN_OID_E); - res = TEST_RES_CHECK(ret == ASN_UNKNOWN_OID_E); + ExpectIntEQ(ret, ASN_UNKNOWN_OID_E); #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \ !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME) - AssertIntEQ(ret, ASN_AFTER_DATE_E); - res = TEST_RES_CHECK(ret == ASN_AFTER_DATE_E); + ExpectIntEQ(ret, ASN_AFTER_DATE_E); #else - AssertIntEQ(ret, WOLFSSL_SUCCESS); - res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); #endif + res = EXPECT_RESULT(); #endif return res; @@ -2032,31 +2066,31 @@ static int test_wolfSSL_CertManagerLoadCABuffer_ex(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + EXPECT_DECLS; const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; int ret; ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE); #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); + ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR); #elif defined(NO_RSA) - AssertIntEQ(ret, ASN_UNKNOWN_OID_E); + ExpectIntEQ(ret, ASN_UNKNOWN_OID_E); #else - AssertIntEQ(ret, WOLFSSL_SUCCESS); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); #endif ret = test_cm_load_ca_file_ex(ca_expired_cert, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY); #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); - res = TEST_RES_CHECK(ret == WOLFSSL_FATAL_ERROR); + ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR); #elif defined(NO_RSA) - AssertIntEQ(ret, ASN_UNKNOWN_OID_E); - res = TEST_RES_CHECK(ret == ASN_UNKNOWN_OID_E); + ExpectIntEQ(ret, ASN_UNKNOWN_OID_E); #else - AssertIntEQ(ret, WOLFSSL_SUCCESS); - res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); #endif + + res = EXPECT_RESULT(); #endif return res; @@ -2069,7 +2103,7 @@ static int test_wolfSSL_CertManagerGetCerts(void) #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ defined(WOLFSSL_SIGNER_DER_CERT) - + EXPECT_DECLS; WOLFSSL_CERT_MANAGER* cm = NULL; WOLFSSL_STACK* sk = NULL; X509* x509 = NULL; @@ -2083,32 +2117,36 @@ static int test_wolfSSL_CertManagerGetCerts(void) const byte* der; int derSz = 0; - AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb")); + ExpectNotNull(file1 = fopen("./certs/ca-cert.pem", "rb")); - AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); - fclose(file1); + ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); + if (file1 != NULL) { + fclose(file1); + } - AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); - AssertNull(sk = wolfSSL_CertManagerGetCerts(cm)); + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + ExpectNull(sk = wolfSSL_CertManagerGetCerts(cm)); - AssertNotNull(der = wolfSSL_X509_get_der(cert1, &derSz)); - ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1); + ExpectNotNull(der = wolfSSL_X509_get_der(cert1, &derSz)); + ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT * and full OpenSSL compatibility */ - AssertIntEQ(ret, ASN_SELF_SIGNED_E); + ASN_SELF_SIGNED_E #else - AssertIntEQ(ret, ASN_NO_SIGNER_E); + ASN_NO_SIGNER_E #endif + ); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, "./certs/ca-cert.pem", NULL)); - AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm)); + ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(cm)); for (i = 0; i < sk_X509_num(sk); i++) { - x509 = sk_X509_value(sk, i); - AssertIntEQ(0, wolfSSL_X509_cmp(x509, cert1)); + ExpectNotNull(x509 = sk_X509_value(sk, i)); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509, cert1)); #ifdef DEBUG_WOLFSSL_VERBOSE bio = BIO_new(wolfSSL_BIO_s_file()); @@ -2123,7 +2161,7 @@ static int test_wolfSSL_CertManagerGetCerts(void) sk_X509_pop_free(sk, NULL); wolfSSL_CertManagerFree(cm); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ defined(WOLFSSL_SIGNER_DER_CERT) */ @@ -2137,28 +2175,29 @@ static int test_wolfSSL_CertManagerSetVerify(void) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) + EXPECT_DECLS; int ret = 0; - WOLFSSL_CERT_MANAGER* cm; + WOLFSSL_CERT_MANAGER* cm = NULL; int tmp = myVerifyAction; const char* ca_cert = "./certs/ca-cert.pem"; const char* expiredCert = "./certs/test/expired/expired-cert.pem"; - cm = wolfSSL_CertManagerNew(); - AssertNotNull(cm); + ExpectNotNull(cm = wolfSSL_CertManagerNew()); wolfSSL_CertManagerSetVerify(cm, myVerify); - ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL); + ExpectIntEQ(ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - AssertIntEQ(ret, -1); + -1 #else - AssertIntEQ(ret, WOLFSSL_SUCCESS); + WOLFSSL_SUCCESS #endif + ); /* Use the test CB that always accepts certs */ myVerifyAction = VERIFY_OVERRIDE_ERROR; - ret = wolfSSL_CertManagerVerify(cm, expiredCert, WOLFSSL_FILETYPE_PEM); - AssertIntEQ(ret, WOLFSSL_SUCCESS); + ExpectIntEQ(ret = wolfSSL_CertManagerVerify(cm, expiredCert, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ALWAYS_VERIFY_CB { @@ -2166,15 +2205,15 @@ static int test_wolfSSL_CertManagerSetVerify(void) /* Use the test CB that always fails certs */ myVerifyAction = VERIFY_FORCE_FAIL; - ret = wolfSSL_CertManagerVerify(cm, verifyCert, WOLFSSL_FILETYPE_PEM); - AssertIntEQ(ret, VERIFY_CERT_ERROR); + ExpectIntEQ(ret = wolfSSL_CertManagerVerify(cm, verifyCert, + WOLFSSL_FILETYPE_PEM), VERIFY_CERT_ERROR); } #endif wolfSSL_CertManagerFree(cm); myVerifyAction = tmp; - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -2214,9 +2253,10 @@ static int test_wolfSSL_CertManagerNameConstraint(void) defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) - WOLFSSL_CERT_MANAGER* cm; - WOLFSSL_EVP_PKEY *priv; - WOLFSSL_X509_NAME* name; + EXPECT_DECLS; + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; const char* ca_cert = "./certs/test/cert-ext-nc.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; int i = 0; @@ -2224,53 +2264,56 @@ static int test_wolfSSL_CertManagerNameConstraint(void) RsaKey key; WC_RNG rng; - byte *der; - int derSz; + byte *der = NULL; + int derSz = 0; word32 idx = 0; byte *pt; - WOLFSSL_X509 *x509, *ca; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; wc_InitRng(&rng); /* load in CA private key for signing */ - AssertIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, testDevId), 0); - AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, + ExpectIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, sizeof_server_key_der_2048), 0); /* get ca certificate then alter it */ - AssertNotNull(der = + ExpectNotNull(der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); - AssertNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz)); - XMEMCPY(der, pt, derSz); + ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz)); + if (der != NULL) { + XMEMCPY(der, pt, derSz); - /* find the name constraint extension and alter it */ - pt = der; - for (i = 0; i < derSz - 3; i++) { - if (XMEMCMP(pt, extNameConsOid, 3) == 0) { - pt += 3; - break; + /* find the name constraint extension and alter it */ + pt = der; + for (i = 0; i < derSz - 3; i++) { + if (XMEMCMP(pt, extNameConsOid, 3) == 0) { + pt += 3; + break; + } + pt++; } - pt++; - } - AssertIntNE(i, derSz - 3); /* did not find OID if this case is hit */ + ExpectIntNE(i, derSz - 3); /* did not find OID if this case is hit */ - /* go to the length value and set it to 0 */ - while (i < derSz && *pt != 0x81) { + /* go to the length value and set it to 0 */ + while (i < derSz && *pt != 0x81) { + pt++; + i++; + } + ExpectIntNE(i, derSz); /* did not place to alter */ pt++; - i++; + *pt = 0x00; } - AssertIntNE(i, derSz); /* did not place to alter */ - pt++; - *pt = 0x00; /* resign the altered certificate */ - AssertIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der, + ExpectIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der, FOURK_BUF, &key, NULL, &rng)), 0); - AssertNotNull(cm = wolfSSL_CertManagerNew()); - AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); wolfSSL_CertManagerFree(cm); @@ -2281,70 +2324,74 @@ static int test_wolfSSL_CertManagerNameConstraint(void) /* add email alt name to satisfy constraint */ pt = (byte*)server_key_der_2048; - AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); - AssertNotNull(cm = wolfSSL_CertManagerNew()); - AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_DER(der, derSz, "ca.der"); - AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* Good cert test with proper alt email name */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); + name = NULL; wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); + x509 = NULL; /* Cert with bad alt name list */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_CertManagerFree(cm); @@ -2352,7 +2399,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void) wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -2366,17 +2413,19 @@ static int test_wolfSSL_CertManagerNameConstraint2(void) !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) + EXPECT_DECLS; const char* ca_cert = "./certs/test/cert-ext-ndir.der"; const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der"; const char* server_cert = "./certs/server-cert.pem"; - WOLFSSL_CERT_MANAGER* cm; - WOLFSSL_X509 *x509, *ca; + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; - const unsigned char *der; + const unsigned char *der = NULL; const unsigned char *pt; - WOLFSSL_EVP_PKEY *priv; - WOLFSSL_X509_NAME* name; - int derSz; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; + int derSz = 0; /* C=US*/ char altName[] = { @@ -2401,27 +2450,27 @@ static int test_wolfSSL_CertManagerNameConstraint2(void) }; /* load in CA private key for signing */ pt = ca_key_der_2048; - AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, sizeof_ca_key_der_2048)); - AssertNotNull(cm = wolfSSL_CertManagerNew()); - AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); - AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); - AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + ExpectNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif - AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* add in matching DIR alt name and resign */ @@ -2432,16 +2481,17 @@ static int test_wolfSSL_CertManagerNameConstraint2(void) wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif - AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); + x509 = NULL; /* check verify fail */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); /* add in miss matching DIR alt name and resign */ wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), @@ -2452,22 +2502,23 @@ static int test_wolfSSL_CertManagerNameConstraint2(void) #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif - AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif /* check that it still fails if one bad altname and one good altname is in * the certificate */ wolfSSL_X509_free(x509); - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + x509 = NULL; + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), ASN_DIR_TYPE); @@ -2477,21 +2528,22 @@ static int test_wolfSSL_CertManagerNameConstraint2(void) #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif - AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif /* check it fails with switching position of bad altname */ wolfSSL_X509_free(x509); - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + x509 = NULL; + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), ASN_DIR_TYPE); wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); @@ -2501,45 +2553,47 @@ static int test_wolfSSL_CertManagerNameConstraint2(void) #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif - AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(x509); + x509 = NULL; wolfSSL_X509_free(ca); + ca = NULL; /* now test with excluded name constraint */ - AssertNotNull(cm = wolfSSL_CertManagerNew()); - AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2, + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2, WOLFSSL_FILETYPE_ASN1)); - AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); - AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + ExpectNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc), ASN_DIR_TYPE); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif - AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif wolfSSL_CertManagerFree(cm); @@ -2547,7 +2601,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void) wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -2561,105 +2615,114 @@ static int test_wolfSSL_CertManagerNameConstraint3(void) defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) - WOLFSSL_CERT_MANAGER* cm; - WOLFSSL_EVP_PKEY *priv; - WOLFSSL_X509_NAME* name; + EXPECT_DECLS; + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; const char* ca_cert = "./certs/test/cert-ext-mnc.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; - byte *der; - int derSz; + byte *der = NULL; + int derSz = 0; byte *pt; - WOLFSSL_X509 *x509, *ca; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; pt = (byte*)server_key_der_2048; - AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); - AssertNotNull(cm = wolfSSL_CertManagerNew()); - AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_DER(der, derSz, "ca.der"); - AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* check satisfying .wolfssl.com constraint passes */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); + name = NULL; wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); + x509 = NULL; /* check satisfying .random.com constraint passes */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); + name = NULL; wolfSSL_X509_add_altname(x509, "wolfssl@info.example.com", ASN_RFC822_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); + x509 = NULL; /* check fail case when neither constraint is matched */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@info.com", 16, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_CertManagerFree(cm); @@ -2667,7 +2730,7 @@ static int test_wolfSSL_CertManagerNameConstraint3(void) wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -2681,146 +2744,161 @@ static int test_wolfSSL_CertManagerNameConstraint4(void) defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) - WOLFSSL_CERT_MANAGER* cm; - WOLFSSL_EVP_PKEY *priv; - WOLFSSL_X509_NAME* name; + EXPECT_DECLS; + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; const char* ca_cert = "./certs/test/cert-ext-ncdns.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; - byte *der; + byte *der = NULL; int derSz; byte *pt; - WOLFSSL_X509 *x509, *ca; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; pt = (byte*)server_key_der_2048; - AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); - AssertNotNull(cm = wolfSSL_CertManagerNew()); - AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_DER(der, derSz, "ca.der"); - AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* check satisfying wolfssl.com constraint passes */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); + name = NULL; wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); + x509 = NULL; /* check satisfying example.com constraint passes */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"example.com", 11, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); + name = NULL; wolfSSL_X509_add_altname(x509, "www.example.com", ASN_DNS_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); + x509 = NULL; /* check satisfying wolfssl.com constraint passes with list of DNS's */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); + name = NULL; wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "extra.wolfssl.com", ASN_DNS_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-multiple-constraint-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); + x509 = NULL; /* check fail when one DNS in the list is bad */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); + name = NULL; wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.nomatch.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-multiple-constraint-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); + x509 = NULL; /* check fail case when neither constraint is matched */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"common", 6, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.random.com", ASN_DNS_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_CertManagerFree(cm); @@ -2828,7 +2906,7 @@ static int test_wolfSSL_CertManagerNameConstraint4(void) wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -2842,142 +2920,157 @@ static int test_wolfSSL_CertManagerNameConstraint5(void) defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) - WOLFSSL_CERT_MANAGER* cm; - WOLFSSL_EVP_PKEY *priv; - WOLFSSL_X509_NAME* name; + EXPECT_DECLS; + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; const char* ca_cert = "./certs/test/cert-ext-ncmixed.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; - byte *der; + byte *der = NULL; int derSz; byte *pt; - WOLFSSL_X509 *x509, *ca; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; pt = (byte*)server_key_der_2048; - AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); - AssertNotNull(cm = wolfSSL_CertManagerNew()); - AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_DER(der, derSz, "ca.der"); - AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* check satisfying wolfssl.com constraint passes */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"example", 7, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); + name = NULL; wolfSSL_X509_add_altname(x509, "good.example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "facts@into.wolfssl.com", ASN_RFC822_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); + x509 = NULL; /* fail with DNS check because of common name */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); + name = NULL; wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "facts@wolfssl.com", ASN_RFC822_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cn-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); + x509 = NULL; /* fail on permitted DNS name constraint */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); + name = NULL; wolfSSL_X509_add_altname(x509, "www.example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.wolfssl", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-1st-constraint-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); + x509 = NULL; /* fail on permitted email name constraint */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); + name = NULL; wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); wolfSSL_X509_add_altname(x509, "info@example.com", ASN_RFC822_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-2nd-constraint-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); + x509 = NULL; /* success with empty email name */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); - AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; - AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); - AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-missing-constraint-cert.pem"); - AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); @@ -2995,37 +3088,37 @@ static int test_wolfSSL_FPKI(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_FPKI) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) - XFILE f; + EXPECT_DECLS; + XFILE f = XBADFILE; const char* fpkiCert = "./certs/fpki-cert.der"; DecodedCert cert; byte buf[4096]; - byte* uuid; - byte* fascn; + byte* uuid = NULL; + byte* fascn = NULL; word32 fascnSz; word32 uuidSz; - int bytes; + int bytes = 0; - f = XFOPEN(fpkiCert, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buf, 1, sizeof(buf), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(fpkiCert, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); wc_InitDecodedCert(&cert, buf, bytes, NULL); - AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); - AssertIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), LENGTH_ONLY_E) ; - fascn = (byte*)XMALLOC(fascnSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - AssertNotNull(fascn); - AssertIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); + ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), LENGTH_ONLY_E) ; + ExpectNotNull(fascn = (byte*)XMALLOC(fascnSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0); XFREE(fascn, NULL, DYNAMIC_TYPE_TMP_BUFFER); - AssertIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), LENGTH_ONLY_E); - uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - AssertNotNull(uuid); - AssertIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0); + ExpectIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), LENGTH_ONLY_E); + ExpectNotNull(uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0); XFREE(uuid, NULL, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDecodedCert(&cert); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3037,22 +3130,23 @@ static int test_wolfSSL_OtherName(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && !defined(NO_FILESYSTEM) - XFILE f; + EXPECT_DECLS; + XFILE f = XBADFILE; const char* ridCert = "./certs/rid-cert.der"; DecodedCert cert; byte buf[4096]; - int bytes; + int bytes = 0; - f = XFOPEN(ridCert, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buf, 1, sizeof(buf), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(ridCert, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); wc_InitDecodedCert(&cert, buf, bytes, NULL); - AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); wc_FreeDecodedCert(&cert); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3066,7 +3160,8 @@ static int test_wolfSSL_CertRsaPss(void) (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \ (defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2))) - XFILE f; + EXPECT_DECLS; + XFILE f = XBADFILE; const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der"; const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem"; #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \ @@ -3078,40 +3173,41 @@ static int test_wolfSSL_CertRsaPss(void) #endif DecodedCert cert; byte buf[4096]; - int bytes; - WOLFSSL_CERT_MANAGER* cm; + int bytes = 0; + WOLFSSL_CERT_MANAGER* cm = NULL; - cm = wolfSSL_CertManagerNew(); - AssertNotNull(cm); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha256Cert, NULL)); #if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072 - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha384Cert, NULL)); #endif - f = XFOPEN(rsaPssSha256Cert, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buf, 1, sizeof(buf), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(rsaPssSha256Cert, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } wc_InitDecodedCert(&cert, buf, bytes, NULL); - AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0); wc_FreeDecodedCert(&cert); #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \ RSA_MAX_SIZE >= 3072 - f = XFOPEN(rsaPssSha384Cert, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buf, 1, sizeof(buf), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(rsaPssSha384Cert, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); wc_InitDecodedCert(&cert, buf, bytes, NULL); - AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0); wc_FreeDecodedCert(&cert); #endif wolfSSL_CertManagerFree(cm); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3122,29 +3218,29 @@ static int test_wolfSSL_CertManagerCRL(void) int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \ !defined(NO_RSA) - + EXPECT_DECLS; const char* ca_cert = "./certs/ca-cert.pem"; const char* crl1 = "./certs/crl/crl.pem"; const char* crl2 = "./certs/crl/crl2.pem"; WOLFSSL_CERT_MANAGER* cm = NULL; - AssertNotNull(cm = wolfSSL_CertManagerNew()); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0)); wolfSSL_CertManagerFreeCRL(cm); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); wolfSSL_CertManagerFree(cm); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3155,31 +3251,32 @@ static int test_wolfSSL_CTX_load_verify_locations_ex(void) int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) - WOLFSSL_CTX* ctx; + EXPECT_DECLS; + WOLFSSL_CTX* ctx = NULL; const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; - ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - AssertNotNull(ctx); + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); /* test good CA */ - AssertTrue(WOLFSSL_SUCCESS == + ExpectTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_locations_ex(ctx, ca_cert, NULL, WOLFSSL_LOAD_FLAG_NONE)); /* test expired CA */ #if !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME) - AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #else - AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #endif - AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3191,54 +3288,55 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ defined(USE_CERT_BUFFERS_2048) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + EXPECT_DECLS; WOLFSSL_CTX* ctx; const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der"; byte ca_expired_cert[TWOK_BUF]; word32 sizeof_ca_expired_cert; - XFILE fp; + XFILE fp = XBADFILE; #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); #endif - AssertNotNull(ctx); + ExpectNotNull(ctx); /* test good CA */ - AssertTrue(WOLFSSL_SUCCESS == + ExpectTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048, sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_NONE)); /* load expired CA */ XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert)); - fp = XFOPEN(ca_expired_cert_file, "rb"); - AssertTrue(fp != XBADFILE); - sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1, - sizeof(ca_expired_cert), fp); - XFCLOSE(fp); + ExpectTrue((fp = XFOPEN(ca_expired_cert_file, "rb")) != XBADFILE); + ExpectIntGT(sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1, + sizeof(ca_expired_cert), fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); /* test expired CA failure */ #if !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME) - AssertIntNE(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, + ExpectIntNE(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #else - AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, + ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #endif /* test expired CA success */ - AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, + ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3250,21 +3348,22 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void) #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) - WOLFSSL_CTX* ctx; + EXPECT_DECLS; + WOLFSSL_CTX* ctx = NULL; #ifndef NO_WOLFSSL_CLIENT - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif - AssertTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_chain_buffer_format( + ExpectTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_chain_buffer_format( ctx, ca_cert_chain_der, sizeof_ca_cert_chain_der, WOLFSSL_FILETYPE_ASN1)); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3275,8 +3374,9 @@ static int test_wolfSSL_CTX_add1_chain_cert(void) int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \ defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) + EXPECT_DECLS; WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + WOLFSSL* ssl = NULL;; const char *certChain[] = { "./certs/intermediate/client-int-cert.pem", "./certs/intermediate/ca-int2-cert.pem", @@ -3285,34 +3385,36 @@ static int test_wolfSSL_CTX_add1_chain_cert(void) NULL }; const char** cert; - WOLFSSL_X509* x509; + WOLFSSL_X509* x509 = NULL; WOLF_STACK_OF(X509)* chain = NULL; - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); - AssertNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); for (cert = certChain; *cert != NULL; cert++) { - x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM); - AssertNotNull(x509); - AssertIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1); X509_free(x509); + x509 = NULL; } for (cert = certChain; *cert != NULL; cert++) { - x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM); - AssertNotNull(x509); - AssertIntEQ(SSL_add1_chain_cert(ssl, x509), 1); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 1); X509_free(x509); + x509 = NULL; } - AssertIntEQ(SSL_CTX_get0_chain_certs(ctx, &chain), 1); - AssertIntEQ(sk_X509_num(chain), 3); - AssertIntEQ(SSL_get0_chain_certs(ssl, &chain), 1); - AssertIntEQ(sk_X509_num(chain), 3); + ExpectIntEQ(SSL_CTX_get0_chain_certs(ctx, &chain), 1); + ExpectIntEQ(sk_X509_num(chain), 3); + ExpectIntEQ(SSL_get0_chain_certs(ssl, &chain), 1); + ExpectIntEQ(sk_X509_num(chain), 3); SSL_free(ssl); SSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -3322,30 +3424,30 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + EXPECT_DECLS; const char* server_chain_der = "./certs/server-cert-chain.der"; const char* client_single_pem = "./certs/client-cert.pem"; WOLFSSL_CTX* ctx; - int ret = 0; (void)server_chain_der; (void)client_single_pem; (void)ctx; + #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - AssertNotNull(ctx); #endif + ExpectNotNull(ctx); - AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(ret == 0); + res = EXPECT_RESULT(); #endif return res; } @@ -3355,32 +3457,35 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void) int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) - WOLFSSL_CTX *ctx; + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; + (void)ctx; + #ifndef NO_WOLFSSL_CLIENT - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* invalid context */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL, dhParamFile, WOLFSSL_FILETYPE_PEM)); /* invalid dhParamFile file */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, NULL, WOLFSSL_FILETYPE_PEM)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, bogusFile, WOLFSSL_FILETYPE_PEM)); /* success */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -3390,32 +3495,36 @@ static int test_wolfSSL_CTX_SetTmpDH_buffer(void) int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_DH) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) - WOLFSSL_CTX *ctx; - (void)ctx; + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; + #ifndef NO_WOLFSSL_CLIENT - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* invalid context */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, dh_key_der_2048, - sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, + dh_key_der_2048, sizeof_dh_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); /* invalid dhParamFile file */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL, 0, WOLFSSL_FILETYPE_ASN1)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048, - sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dsa_key_der_2048, sizeof_dsa_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); /* success */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, - sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dh_key_der_2048, sizeof_dh_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -3425,39 +3534,44 @@ static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void) int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_DH) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + EXPECT_DECLS; WOLFSSL_CTX *ctx; + (void)ctx; + #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - AssertNotNull(ctx); #endif + ExpectNotNull(ctx); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072)); - AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, + ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, - sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dh_key_der_2048, sizeof_dh_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024)); - AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, - sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dh_key_der_2048, sizeof_dh_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, - sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dh_key_der_2048, sizeof_dh_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -3467,6 +3581,7 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void) int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_DER_LOAD) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + EXPECT_DECLS; WOLFSSL_CTX* ctx = NULL; const char* derCert = "./certs/server-cert.der"; const char* nullPath = NULL; @@ -3474,36 +3589,36 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void) const char* emptyPath = ""; /* der load Case 1 ctx NULL */ - AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); #ifndef NO_WOLFSSL_CLIENT - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* Case 2 filePath NULL */ - AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath, + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); /* Case 3 invalid format */ - AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); /* Case 4 filePath not valid */ - AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath, + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); /* Case 5 filePath empty */ - AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath, + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); #ifndef NO_RSA /* Case 6 success case */ - AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3513,69 +3628,70 @@ static int test_wolfSSL_CTX_enable_disable(void) { int res = TEST_SKIPPED; #ifndef NO_CERTS + EXPECT_DECLS; WOLFSSL_CTX* ctx = NULL; #ifdef HAVE_CRL - AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG); #endif #ifdef HAVE_OCSP - AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG); #endif #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_CLIENT #ifdef HAVE_EXTENDED_MASTER - AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG); #endif - ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #ifdef HAVE_EXTENDED_MASTER - AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS); #endif #elif !defined(NO_WOLFSSL_SERVER) - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); - #else - return TEST_SUCCESS; + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif - #ifdef HAVE_CRL - AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS); - #endif + #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) - #ifdef HAVE_OCSP - AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE), - WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE), - WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL), - WOLFSSL_SUCCESS); - #endif + #ifdef HAVE_CRL + ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS); + #endif - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ - defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS); - #endif - wolfSSL_CTX_free(ctx); + #ifdef HAVE_OCSP + ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL), + WOLFSSL_SUCCESS); + #endif - res = TEST_RES_CHECK(1); + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS); + #endif + wolfSSL_CTX_free(ctx); + #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ + + res = EXPECT_RESULT(); #endif /* NO_CERTS */ return res; @@ -3585,20 +3701,21 @@ static int test_wolfSSL_CTX_ticket_API(void) { int res = TEST_SKIPPED; #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) + EXPECT_DECLS; WOLFSSL_CTX* ctx = NULL; void *userCtx = (void*)"this is my ctx"; - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(ctx, userCtx)); - AssertTrue(userCtx == wolfSSL_CTX_get_TicketEncCtx(ctx)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(ctx, userCtx)); + ExpectTrue(userCtx == wolfSSL_CTX_get_TicketEncCtx(ctx)); wolfSSL_CTX_free(ctx); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx)); - AssertNull(wolfSSL_CTX_get_TicketEncCtx(NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx)); + ExpectNull(wolfSSL_CTX_get_TicketEncCtx(NULL)); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */ return res; } @@ -3701,30 +3818,34 @@ static int test_server_wolfSSL_new(void) int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_SERVER) - WOLFSSL_CTX *ctx; - WOLFSSL_CTX *ctx_nocert; - WOLFSSL *ssl; + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL_CTX *ctx_nocert = NULL; + WOLFSSL *ssl = NULL; - AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method())); - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); /* invalid context */ - AssertNull(ssl = wolfSSL_new(NULL)); -#if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT) && !defined(OPENSSL_EXTRA) - AssertNull(ssl = wolfSSL_new(ctx_nocert)); + ExpectNull(ssl = wolfSSL_new(NULL)); +#if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT) && \ + !defined(OPENSSL_EXTRA) + ExpectNull(ssl = wolfSSL_new(ctx_nocert)); #endif /* success */ - AssertNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx_nocert); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3736,30 +3857,32 @@ static int test_client_wolfSSL_new(void) int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) - WOLFSSL_CTX *ctx; - WOLFSSL_CTX *ctx_nocert; - WOLFSSL *ssl; + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL_CTX *ctx_nocert = NULL; + WOLFSSL *ssl = NULL; - AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method())); - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); - AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); + ExpectTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); /* invalid context */ - AssertNull(ssl = wolfSSL_new(NULL)); + ExpectNull(ssl = wolfSSL_new(NULL)); /* success */ - AssertNotNull(ssl = wolfSSL_new(ctx_nocert)); + ExpectNotNull(ssl = wolfSSL_new(ctx_nocert)); wolfSSL_free(ssl); + ssl = NULL; /* success */ - AssertNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx_nocert); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3770,51 +3893,52 @@ static int test_wolfSSL_SetTmpDH_file(void) int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \ !defined(NO_WOLFSSL_SERVER) - WOLFSSL_CTX *ctx; - WOLFSSL *ssl; + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #ifndef NO_RSA - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #elif defined(HAVE_ECC) - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)); #elif defined(HAVE_ED25519) - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile, + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM)); #elif defined(HAVE_ED448) - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile, + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile, + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile, WOLFSSL_FILETYPE_PEM)); #endif - AssertNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); /* invalid ssl */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL, dhParamFile, WOLFSSL_FILETYPE_PEM)); /* invalid dhParamFile file */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, NULL, WOLFSSL_FILETYPE_PEM)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, bogusFile, WOLFSSL_FILETYPE_PEM)); /* success */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3824,34 +3948,35 @@ static int test_wolfSSL_SetTmpDH_buffer(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER) - WOLFSSL_CTX *ctx; - WOLFSSL *ssl; + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); - AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, - sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, - sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, + sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, + sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); /* invalid ssl */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); /* invalid dhParamFile file */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL, 0, WOLFSSL_FILETYPE_ASN1)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048, sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); /* success */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -3861,47 +3986,47 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER) - WOLFSSL_CTX *ctx, *ctx2; - WOLFSSL *ssl, *ssl2; - ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - AssertNotNull(ctx); - AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL_CTX *ctx2 = NULL; + WOLFSSL *ssl = NULL; + WOLFSSL *ssl2 = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, + ExpectTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072)); - ssl = wolfSSL_new(ctx); - AssertNotNull(ssl); - ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method()); - AssertNotNull(ctx2); - AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048, + ExpectTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048, sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024)); - ssl2 = wolfSSL_new(ctx2); - AssertNotNull(ssl2); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024)); + ExpectNotNull(ssl2 = wolfSSL_new(ctx2)); - AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, + ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072)); - AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072)); + ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024)); - AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024)); + ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); wolfSSL_free(ssl2); @@ -3909,7 +4034,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void) wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -3924,8 +4049,8 @@ static int test_wolfSSL_SetMinVersion(void) int res = TEST_SKIPPED; #ifndef NO_WOLFSSL_CLIENT int failFlag = WOLFSSL_SUCCESS; - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; int itr; #ifndef NO_OLD_TLS @@ -5225,6 +5350,11 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) ctx = wolfSSL_CTX_new(method); } if (ctx == NULL) { + /* Release the wait for TCP ready. */ + PTHREAD_CHECK_RET(pthread_mutex_lock(&opts->signal->mutex)); + opts->signal->ready = 1; + PTHREAD_CHECK_RET(pthread_cond_signal(&opts->signal->cond)); + PTHREAD_CHECK_RET(pthread_mutex_unlock(&opts->signal->mutex)); goto done; } @@ -5441,11 +5571,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ -#ifdef WOLFSSL_TIRTOS - return; -#else - return 0; -#endif + goto done; } if (cbf != NULL && cbf->on_result != NULL) @@ -5495,7 +5621,8 @@ done: #endif } -#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) +#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \ + !defined(WOLFSSL_NO_TLS12) static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) { SOCKET_T sockfd = 0; @@ -5511,15 +5638,16 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) int idx; int ret, err = 0; int sharedCtx = 0; - int loop_count = ((func_args*)args)->argc; + func_args* opts = (func_args*)args; + int loop_count = opts->argc; int count = 0; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif - ((func_args*)args)->return_code = TEST_FAIL; - cbf = ((func_args*)args)->callbacks; + opts->return_code = TEST_FAIL; + cbf = opts->callbacks; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (cbf != NULL && cbf->ctx) { @@ -5540,7 +5668,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) } #if defined(USE_WINDOWS_API) - port = ((func_args*)args)->signal->port; + port = opts->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) /* Let tcp_listen assign port */ @@ -5560,18 +5688,33 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0) != WOLFSSL_SUCCESS) { /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/ + /* Release the wait for TCP ready. */ + PTHREAD_CHECK_RET(pthread_mutex_lock(&opts->signal->mutex)); + opts->signal->ready = 1; + PTHREAD_CHECK_RET(pthread_cond_signal(&opts->signal->cond)); + PTHREAD_CHECK_RET(pthread_mutex_unlock(&opts->signal->mutex)); goto done; } if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ + /* Release the wait for TCP ready. */ + PTHREAD_CHECK_RET(pthread_mutex_lock(&opts->signal->mutex)); + opts->signal->ready = 1; + PTHREAD_CHECK_RET(pthread_cond_signal(&opts->signal->cond)); + PTHREAD_CHECK_RET(pthread_mutex_unlock(&opts->signal->mutex)); goto done; } if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ + /* Release the wait for TCP ready. */ + PTHREAD_CHECK_RET(pthread_mutex_lock(&opts->signal->mutex)); + opts->signal->ready = 1; + PTHREAD_CHECK_RET(pthread_cond_signal(&opts->signal->cond)); + PTHREAD_CHECK_RET(pthread_mutex_unlock(&opts->signal->mutex)); goto done; } /* call ctx setup callback */ @@ -5582,18 +5725,33 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) while (count != loop_count) { ssl = wolfSSL_new(ctx); if (ssl == NULL) { + /* Release the wait for TCP ready. */ + PTHREAD_CHECK_RET(pthread_mutex_lock(&opts->signal->mutex)); + opts->signal->ready = 1; + PTHREAD_CHECK_RET(pthread_cond_signal(&opts->signal->cond)); + PTHREAD_CHECK_RET(pthread_mutex_unlock(&opts->signal->mutex)); goto done; } if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ + /* Release the wait for TCP ready. */ + PTHREAD_CHECK_RET(pthread_mutex_lock(&opts->signal->mutex)); + opts->signal->ready = 1; + PTHREAD_CHECK_RET(pthread_cond_signal(&opts->signal->cond)); + PTHREAD_CHECK_RET(pthread_mutex_unlock(&opts->signal->mutex)); goto done; } if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ + /* Release the wait for TCP ready. */ + PTHREAD_CHECK_RET(pthread_mutex_lock(&opts->signal->mutex)); + opts->signal->ready = 1; + PTHREAD_CHECK_RET(pthread_cond_signal(&opts->signal->cond)); + PTHREAD_CHECK_RET(pthread_mutex_unlock(&opts->signal->mutex)); goto done; } @@ -5643,11 +5801,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ - #ifdef WOLFSSL_TIRTOS - return; - #else - return 0; - #endif + goto done; } /* free ssl for this connection */ wolfSSL_shutdown(ssl); @@ -5660,7 +5814,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) Task_yield(); #endif - ((func_args*)args)->return_code = TEST_SUCCESS; + opts->return_code = TEST_SUCCESS; done: if (ssl != NULL) { @@ -5980,7 +6134,7 @@ void test_wolfSSL_client_server_nofail(callback_functions* client_cb, #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \ - !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) + !defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_CLIENT) static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args) { SOCKET_T sockfd = 0; @@ -6129,6 +6283,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args } session = wolfSSL_get1_session(ssl); if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) { + wolfSSL_SESSION_free(session); /* err_sys ("SSL_clear failed"); */ goto done; } @@ -6202,129 +6357,6 @@ done: #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) */ - -static int test_client_verifyDepth(void* args) -{ -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) - SOCKET_T sockfd = 0; - callback_functions* cbf; - - WOLFSSL_CTX* ctx = 0; - WOLFSSL* ssl = 0; - - char msg[64] = "hello wolfssl!"; - char reply[1024]; - int input; - int msgSz = (int)XSTRLEN(msg); - int ret, err = 0; - int verify_depth = ((func_args*)args)->argc; - - ((func_args*)args)->return_code = TEST_FAIL; - cbf = ((func_args*)args)->callbacks; - - { - WOLFSSL_METHOD* method = NULL; - if (cbf != NULL && cbf->method != NULL) { - method = cbf->method(); - } - else { - method = wolfSSLv23_client_method(); - } - ctx = wolfSSL_CTX_new(method); - } - - /* Do connect here so server detects failures */ - tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, - 0, 0, NULL); - - if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) - != WOLFSSL_SUCCESS) - { - /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ - goto done; - } - if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { - /*err_sys("can't load client cert file, " - "Please run from wolfSSL home dir");*/ - goto done; - } - if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, - WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { - /*err_sys("can't load client key file, " - "Please run from wolfSSL home dir");*/ - goto done; - } - - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); - - /* set verify depth */ - if (verify_depth == 0) { - myVerifyAction = VERIFY_OVERRIDE_ERROR; - SSL_CTX_set_verify_depth(ctx, verify_depth); - } - else if (verify_depth == -1) { - myVerifyAction = VERIFY_USE_PREVERFIY; - SSL_CTX_set_verify_depth(ctx, 0); - } - else if (verify_depth > 0) { - myVerifyAction = VERIFY_USE_PREVERFIY; - SSL_CTX_set_verify_depth(ctx, verify_depth); - } - - ssl = wolfSSL_new(ctx); - if (ssl == NULL) { - goto done; - } - - if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { - /*err_sys("SSL_set_fd failed");*/ - goto done; - } - - #ifdef WOLFSSL_ASYNC_CRYPT - err = 0; /* Reset error */ - #endif - do { - #ifdef WOLFSSL_ASYNC_CRYPT - if (err == WC_PENDING_E) { - ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); - if (ret < 0) { break; } else if (ret == 0) { continue; } - } - #endif - ret = wolfSSL_connect(ssl); - err = wolfSSL_get_error(ssl, 0); - } while (err == WC_PENDING_E); - if (ret != WOLFSSL_SUCCESS) { - char buff[WOLFSSL_MAX_ERROR_SZ]; - fprintf(stderr, "error = %d, %s\n", err, - wolfSSL_ERR_error_string(err, buff)); - goto done; - } - - if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { - goto done; - } - - input = wolfSSL_read(ssl, reply, sizeof(reply)-1); - if (input > 0) { - reply[input] = '\0'; - fprintf(stderr, "Server response: %s\n", reply); - } - - ((func_args*)args)->return_code = TEST_SUCCESS; - -done: - wolfSSL_free(ssl); - wolfSSL_CTX_free(ctx); - CloseSocket(sockfd); -#else - (void)args; -#endif /* defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) */ - - return 0; -} - #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && \ defined(HAVE_ALPN) && defined(HAVE_SNI) && \ @@ -6347,11 +6379,11 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; - WOLFSSL_CTX* ctx = NULL; - WOLFSSL* ssl = NULL; - SOCKET_T sfd = 0; - SOCKET_T cfd = 0; - word16 port; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + SOCKET_T sfd = 0; + SOCKET_T cfd = 0; + word16 port; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); @@ -6361,6 +6393,49 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) ((func_args*)args)->return_code = TEST_FAIL; +#if defined(USE_WINDOWS_API) + port = ((func_args*)args)->signal->port; +#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ + !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) + /* Let tcp_listen assign port */ + port = 0; +#else + /* Use default port */ + port = wolfSSLPort; +#endif + +#ifdef WOLFSSL_DTLS + if (callbacks->method == wolfDTLS_server_method +#ifdef WOLFSSL_STATIC_MEMORY + || callbacks->method_ex == wolfDTLS_server_method_ex +#endif +#ifndef NO_OLD_TLS + || callbacks->method == wolfDTLSv1_server_method +#ifdef WOLFSSL_STATIC_MEMORY + || callbacks->method_ex == wolfDTLSv1_server_method_ex +#endif +#endif +#ifndef WOLFSSL_NO_TLS12 + || callbacks->method == wolfDTLSv1_2_server_method +#ifdef WOLFSSL_STATIC_MEMORY + || callbacks->method_ex == wolfDTLSv1_2_server_method_ex +#endif +#endif +#ifdef WOLFSSL_DTLS13 + || callbacks->method == wolfDTLSv1_3_server_method +#ifdef WOLFSSL_STATIC_MEMORY + || callbacks->method_ex == wolfDTLSv1_3_server_method_ex +#endif +#endif + ) { + tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0, 0, 0); + } + else +#endif + { + tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); + } + #ifdef WOLFSSL_STATIC_MEMORY if (callbacks->method_ex != NULL && callbacks->mem != NULL && callbacks->memSz > 0) { @@ -6368,16 +6443,14 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) callbacks->mem, callbacks->memSz, 0, 1); if (ret != WOLFSSL_SUCCESS) { fprintf(stderr, "CTX static new failed %d\n", ret); - return 0; + goto cleanup; } } #else - if (ctx == NULL) { - ctx = wolfSSL_CTX_new(callbacks->method()); - } + ctx = wolfSSL_CTX_new(callbacks->method()); if (ctx == NULL) { fprintf(stderr, "CTX new failed\n"); - return 0; + goto cleanup; } #endif @@ -6395,17 +6468,6 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) wolfSSL_CTX_SetDevId(ctx, callbacks->devId); -#if defined(USE_WINDOWS_API) - port = ((func_args*)args)->signal->port; -#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ - !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) - /* Let tcp_listen assign port */ - port = 0; -#else - /* Use default port */ - port = wolfSSLPort; -#endif - wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); @@ -6414,28 +6476,33 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) #endif #if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS) if (callbacks->method == wolfDTLSv1_2_server_method) { - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_dtls_set_export(ctx, test_export)); + if (wolfSSL_CTX_dtls_set_export(ctx, test_export) != WOLFSSL_SUCCESS) + goto cleanup; } #endif - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0)); + if (wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0) != + WOLFSSL_SUCCESS) { + goto cleanup; + } - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, - WOLFSSL_FILETYPE_PEM)); + if (wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + goto cleanup; + } - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, - WOLFSSL_FILETYPE_PEM)); + if (wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + goto cleanup; + } #ifdef HAVE_CRL if (callbacks->crlPemFile != NULL) { - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile, - WOLFSSL_FILETYPE_PEM)); + if (wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + goto cleanup; + } } #endif @@ -6445,37 +6512,40 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) ssl = wolfSSL_new(ctx); if (ssl == NULL) { fprintf(stderr, "SSL new failed\n"); - wolfSSL_CTX_free(ctx); - return 0; + goto cleanup; } if (wolfSSL_dtls(ssl)) { SOCKADDR_IN_T cliAddr; socklen_t cliLen; cliLen = sizeof(cliAddr); - tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0, 0, 0); idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK, (struct sockaddr*)&cliAddr, &cliLen); - AssertIntGT(idx, 0); + if (idx <= 0) { + goto cleanup; + } wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen); } else { - tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); CloseSocket(sfd); } - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd)); + if (wolfSSL_set_fd(ssl, cfd) != WOLFSSL_SUCCESS) { + goto cleanup; + } if (callbacks->loadToSSL) { wolfSSL_SetDevId(ssl, callbacks->devId); - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, - WOLFSSL_FILETYPE_PEM)); + if (wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + goto cleanup; + } - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, - WOLFSSL_FILETYPE_PEM)); + if (wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + goto cleanup; + } } #ifdef NO_PSK @@ -6540,7 +6610,9 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) ret = wolfSSL_write(ssl, msg, len); err = wolfSSL_get_error(ssl, ret); } while (err == WC_PENDING_E); - AssertIntEQ(len, ret); + if (len != ret) { + goto cleanup; + } #if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL) && \ defined(WOLFSSL_DTLS) @@ -6550,10 +6622,16 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) wolfSSL_dtls_export(ssl, NULL, &sz); import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - AssertNotNull(import); + if (import == NULL) { + goto cleanup; + } idx = wolfSSL_dtls_export(ssl, import, &sz); - AssertIntGE(idx, 0); - AssertIntGE(wolfSSL_dtls_import(ssl, import, idx), 0); + if (idx < 0) { + goto cleanup; + } + if (wolfSSL_dtls_import(ssl, import, idx) < 0) { + goto cleanup; + } XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER); } #endif @@ -6567,6 +6645,8 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) callbacks->on_result(ssl); wolfSSL_shutdown(ssl); + +cleanup: wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); @@ -6617,7 +6697,7 @@ static void run_wolfssl_client(void* args) callbacks->mem, callbacks->memSz, 0, 1); if (ret != WOLFSSL_SUCCESS) { fprintf(stderr, "CTX static new failed %d\n", ret); - return; + goto cleanup; } } #else @@ -6626,7 +6706,7 @@ static void run_wolfssl_client(void* args) } if (ctx == NULL) { fprintf(stderr, "CTX new failed\n"); - return; + goto cleanup; } #endif @@ -6642,24 +6722,29 @@ static void run_wolfssl_client(void* args) wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0)); + if (wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0) != + WOLFSSL_SUCCESS) { + goto cleanup; + } if (!callbacks->loadToSSL) { - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, - WOLFSSL_FILETYPE_PEM)); + if (wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + goto cleanup; + } - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, - WOLFSSL_FILETYPE_PEM)); + if (wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + goto cleanup; + } } #ifdef HAVE_CRL if (callbacks->crlPemFile != NULL) { - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile, - WOLFSSL_FILETYPE_PEM)); + if (wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + goto cleanup; + } } #endif @@ -6675,18 +6760,22 @@ static void run_wolfssl_client(void* args) tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, ssl); } - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd)); + if (wolfSSL_set_fd(ssl, sfd) != WOLFSSL_SUCCESS) { + goto cleanup; + } if (callbacks->loadToSSL) { wolfSSL_SetDevId(ssl, callbacks->devId); - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, - WOLFSSL_FILETYPE_PEM)); + if (wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + goto cleanup; + } - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, - WOLFSSL_FILETYPE_PEM)); + if (wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + goto cleanup; + } } if (callbacks->ssl_ready) @@ -6725,7 +6814,8 @@ static void run_wolfssl_client(void* args) ret = wolfSSL_write(ssl, msg, len); err = wolfSSL_get_error(ssl, ret); } while (err == WC_PENDING_E); - AssertIntEQ(len, ret); + if (len != ret) + goto cleanup; #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ @@ -6750,6 +6840,7 @@ static void run_wolfssl_client(void* args) if (callbacks->on_result) callbacks->on_result(ssl); +cleanup: wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sfd); @@ -6787,6 +6878,7 @@ static int test_wolfSSL_read_write(void) func_args client_args; func_args server_args; THREAD_TYPE serverThread; + EXPECT_DECLS; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); @@ -6810,8 +6902,8 @@ static int test_wolfSSL_read_write(void) test_client_nofail(&client_args, NULL); join_thread(serverThread); - AssertTrue(client_args.return_code); - AssertTrue(server_args.return_code); + ExpectTrue(client_args.return_code); + ExpectTrue(server_args.return_code); FreeTcpReady(&ready); @@ -6819,14 +6911,14 @@ static int test_wolfSSL_read_write(void) fdOpenSession(Task_self()); #endif - return TEST_RES_CHECK(1); + return EXPECT_RESULT(); } static int test_wolfSSL_reuse_WOLFSSLobj(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \ - !defined(WOLFSSL_TLS13) + !defined(WOLFSSL_NO_TLS12) /* The unit test for session resumption by re-using WOLFSSL object. * WOLFSSL object is not cleared after first session. It re-use the obeject * for second connection. @@ -6835,9 +6927,14 @@ static int test_wolfSSL_reuse_WOLFSSLobj(void) func_args client_args; func_args server_args; THREAD_TYPE serverThread; + callback_functions client_cbf; + callback_functions server_cbf; + EXPECT_DECLS; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); + XMEMSET(&client_cbf, 0, sizeof(callback_functions)); + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif @@ -6850,6 +6947,11 @@ static int test_wolfSSL_reuse_WOLFSSLobj(void) ready.port = GetRandomPort(); #endif + client_cbf.method = wolfTLSv1_2_client_method; + server_cbf.method = wolfTLSv1_2_server_method; + client_args.callbacks = &client_cbf; + server_args.callbacks = &server_cbf; + server_args.signal = &ready; client_args.signal = &ready; /* the var is used for loop number */ @@ -6860,8 +6962,8 @@ static int test_wolfSSL_reuse_WOLFSSLobj(void) test_client_reuse_WOLFSSLobj(&client_args, NULL, &server_args); join_thread(serverThread); - AssertTrue(client_args.return_code); - AssertTrue(server_args.return_code); + ExpectTrue(client_args.return_code); + ExpectTrue(server_args.return_code); FreeTcpReady(&ready); @@ -6869,99 +6971,131 @@ static int test_wolfSSL_reuse_WOLFSSLobj(void) fdOpenSession(Task_self()); #endif - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */ return res; } -static int test_wolfSSL_CTX_verifyDepth_ServerClient(void) +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) +static void test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready( + WOLFSSL_CTX* ctx) +{ + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); + myVerifyAction = VERIFY_USE_PREVERFIY; + wolfSSL_CTX_set_verify_depth(ctx, 2); +} +#endif + +static int test_wolfSSL_CTX_verifyDepth_ServerClient_1(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) - - /* This unit test is to check set verify Depth */ - tcp_ready ready; - func_args client_args; - func_args server_args; - THREAD_TYPE serverThread; + EXPECT_DECLS; callback_functions client_cbf; + callback_functions server_cbf; - XMEMSET(&client_args, 0, sizeof(func_args)); - XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); #ifdef WOLFSSL_TLS13 client_cbf.method = wolfTLSv1_3_client_method; #endif /* WOLFSSL_TLS13 */ - - client_args.callbacks = &client_cbf; - - StartTCP(); - InitTcpReady(&ready); - -#if defined(USE_WINDOWS_API) - /* use RNG to get random port if using windows */ - ready.port = GetRandomPort(); -#endif - - server_args.signal = &ready; - client_args.signal = &ready; - /* the var is used for loop number */ - server_args.argc = 1; + client_cbf.ctx_ready = + test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready; /* test case 1 verify depth is equal to peer chain */ - { - start_thread(test_server_nofail, &server_args, &serverThread); - wait_tcp_ready(&server_args); + test_wolfSSL_client_server_nofail(&client_cbf, &server_cbf); - /* the var is used for verify depth */ - client_args.argc = 2; + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); - test_client_verifyDepth(&client_args); - join_thread(serverThread); - AssertIntEQ(client_args.return_code, TEST_SUCCESS); - AssertIntEQ(server_args.return_code, TEST_SUCCESS); - } + res = EXPECT_RESULT(); +#endif /* (OPENSSL_EXTRA) && !(WOLFSSL_TIRTOS) && (NO_WOLFSSL_CLIENT) */ + + return res; +} + +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) +static void test_wolfSSL_CTX_verifyDepth_ServerClient_2_ctx_ready( + WOLFSSL_CTX* ctx) +{ + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); + myVerifyAction = VERIFY_USE_PREVERFIY; + wolfSSL_CTX_set_verify_depth(ctx, 1); +} +#endif + +static int test_wolfSSL_CTX_verifyDepth_ServerClient_2(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) + EXPECT_DECLS; + callback_functions client_cbf; + callback_functions server_cbf; + + XMEMSET(&client_cbf, 0, sizeof(callback_functions)); + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); + +#ifdef WOLFSSL_TLS13 + client_cbf.method = wolfTLSv1_3_client_method; +#endif /* WOLFSSL_TLS13 */ + client_cbf.ctx_ready = + test_wolfSSL_CTX_verifyDepth_ServerClient_2_ctx_ready; /* test case 2 * verify depth is zero, number of peer's chain is 2. * verify result becomes MAX_CHAIN_ERROR, but it is overridden in * callback. */ + test_wolfSSL_client_server_nofail(&client_cbf, &server_cbf); - /* the var is used for verify depth 0 and VERIFY_OVERRIDE_ERROR */ - { - start_thread(test_server_nofail, &server_args, &serverThread); - wait_tcp_ready(&server_args); + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); + + res = EXPECT_RESULT(); +#endif /* (OPENSSL_EXTRA) && !(WOLFSSL_TIRTOS) && (NO_WOLFSSL_CLIENT) */ + + return res; +} + +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) +static void test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready( + WOLFSSL_CTX* ctx) +{ + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); + myVerifyAction = VERIFY_USE_PREVERFIY; + wolfSSL_CTX_set_verify_depth(ctx, 0); +} +#endif + +static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) + EXPECT_DECLS; + callback_functions client_cbf; + callback_functions server_cbf; + + XMEMSET(&client_cbf, 0, sizeof(callback_functions)); + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); + +#ifdef WOLFSSL_TLS13 + client_cbf.method = wolfTLSv1_3_client_method; +#endif /* WOLFSSL_TLS13 */ + client_cbf.ctx_ready = + test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready; - client_args.argc = 0; - test_client_verifyDepth(&client_args); - join_thread(serverThread); - AssertIntEQ(client_args.return_code, TEST_SUCCESS); - AssertIntEQ(server_args.return_code, TEST_SUCCESS); - } /* test case 3 * verify depth is zero, number of peer's chain is 2 * verify result becomes MAX_CHAIN_ERRO. call-back returns failure. * therefore, handshake becomes failure. */ - /* the var is used for verify depth 0 and VERIFY_USE_PREVERFIY */ - { - start_thread(test_server_nofail, &server_args, &serverThread); - wait_tcp_ready(&server_args); + test_wolfSSL_client_server_nofail(&client_cbf, &server_cbf); - client_args.argc = -1; - test_client_verifyDepth(&client_args); - join_thread(serverThread); - AssertIntEQ(client_args.return_code, TEST_SUCCESS); - AssertIntEQ(server_args.return_code, TEST_SUCCESS); - } + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); - FreeTcpReady(&ready); - - res = TEST_RES_CHECK(1); -#else - (void)test_client_verifyDepth; + res = EXPECT_RESULT(); #endif /* (OPENSSL_EXTRA) && !(WOLFSSL_TIRTOS) && (NO_WOLFSSL_CLIENT) */ return res; @@ -6975,9 +7109,10 @@ static int test_wolfSSL_CTX_set_cipher_list(void) #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ !defined(WOLFSSL_TIRTOS) && !defined(NO_AES) && !defined(WOLFSSL_NO_TLS12) \ && !defined(NO_SHA256) && defined(HAVE_ECC) - WOLFSSL_CTX* ctx; - WOLFSSL_CTX* ctxClient; - WOLFSSL* sslClient; + EXPECT_DECLS; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL_CTX* ctxClient = NULL; + WOLFSSL* sslClient = NULL; tcp_ready ready; func_args client_args; func_args server_args; @@ -6994,18 +7129,18 @@ static int test_wolfSSL_CTX_set_cipher_list(void) XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); - AssertNotNull((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()))); - AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "DEFAULT:!NULL")); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectNotNull((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()))); + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, "DEFAULT:!NULL")); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); - AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method()))); - AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE-RSA-AES128-SHA256")); + ExpectNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method()))); + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE-RSA-AES128-SHA256")); client_cb.ctx = ctxClient; server_cb.ctx = ctx; @@ -7019,33 +7154,35 @@ static int test_wolfSSL_CTX_set_cipher_list(void) client_args.callbacks = &client_cb; client_args.return_code = TEST_FAIL; - start_thread(test_server_nofail, &server_args, &serverThread); - wait_tcp_ready(&server_args); - test_client_nofail(&client_args, NULL); - join_thread(serverThread); + if (EXPECT_SUCCESS()) { + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + test_client_nofail(&client_args, NULL); + join_thread(serverThread); + } wolfSSL_CTX_free(client_cb.ctx); wolfSSL_CTX_free(server_cb.ctx); - AssertIntEQ(server_args.return_code, TEST_SUCCESS); + ExpectIntEQ(server_args.return_code, TEST_SUCCESS); FreeTcpReady(&ready); /* check with cipher string that has '+' */ - AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method()))); - AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM")); - AssertNotNull((sslClient = wolfSSL_new(ctxClient))); + ExpectNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method()))); + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM")); + ExpectNotNull((sslClient = wolfSSL_new(ctxClient))); /* check for the existance of an ECDHE ECDSA cipher suite */ - { + if (EXPECT_SUCCESS()) { int i = 0; int found = 0; const char* suite; - WOLF_STACK_OF(WOLFSSL_CIPHER)* sk; + WOLF_STACK_OF(WOLFSSL_CIPHER)* sk = NULL; WOLFSSL_CIPHER* current; - AssertNotNull((sk = wolfSSL_get_ciphers_compat(sslClient))); + ExpectNotNull((sk = wolfSSL_get_ciphers_compat(sslClient))); do { current = wolfSSL_sk_SSL_CIPHER_value(sk, i++); if (current) { @@ -7056,13 +7193,13 @@ static int test_wolfSSL_CTX_set_cipher_list(void) } } } while (current); - AssertIntEQ(found, 1); + ExpectIntEQ(found, 1); } wolfSSL_free(sslClient); wolfSSL_CTX_free(ctxClient); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -7203,6 +7340,9 @@ static int test_client_get_finished(void* args, cbType cb) reply[ret] = '\0'; fprintf(stderr, "Server response: %s\n", reply); } + else if (ret < 0) { + goto done; + } ((func_args*)args)->return_code = TEST_SUCCESS; @@ -7223,6 +7363,7 @@ static int test_wolfSSL_get_finished(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_HAVE_TLS_UNIQUE) + EXPECT_DECLS; tcp_ready ready; func_args client_args; func_args server_args; @@ -7247,16 +7388,16 @@ static int test_wolfSSL_get_finished(void) test_client_get_finished(&client_args, NULL); join_thread(serverThread); - AssertTrue(client_args.return_code); - AssertTrue(server_args.return_code); + ExpectTrue(client_args.return_code); + ExpectTrue(server_args.return_code); /* test received msg vs sent msg */ - AssertIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE)); - AssertIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE)); + ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE)); + ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE)); FreeTcpReady(&ready); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #else (void)test_client_get_finished; #endif /* !NO_RSA && WOLFSSL_HAVE_TLS_UNIQUE */ @@ -7366,6 +7507,7 @@ static int test_wolfSSL_CTX_add_session(void) #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ !defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \ !defined(NO_SESSION_CACHE) + EXPECT_DECLS; tcp_ready ready; func_args client_args; func_args server_args; @@ -7446,17 +7588,23 @@ static int test_wolfSSL_CTX_add_session(void) test_client_nofail(&client_args, NULL); join_thread(serverThread); - AssertTrue(client_args.return_code); - AssertTrue(server_args.return_code); + ExpectTrue(client_args.return_code); + ExpectTrue(server_args.return_code); FreeTcpReady(&ready); + + if (EXPECT_FAIL()) + break; } wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_client_sess); wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_server_sess); wolfSSL_CTX_free(test_wolfSSL_CTX_add_session_server_ctx); + + if (EXPECT_FAIL()) + break; } - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -7789,6 +7937,7 @@ static int test_wolfSSL_CTX_add_session_ext(void) !defined(HUGE_SESSION_CACHE) && \ !defined(BIG_SESSION_CACHE) && \ !defined(MEDIUM_SESSION_CACHE) + EXPECT_DECLS; /* Test the default 33 sessions */ struct test_params { @@ -7891,26 +8040,29 @@ static int test_wolfSSL_CTX_add_session_ext(void) test_wolfSSL_client_server_nofail(&client_cb, &server_cb); - AssertTrue(client_cb.return_code); - AssertTrue(server_cb.return_code); - AssertIntEQ(twcase_get_session_called, 0); + ExpectTrue(client_cb.return_code); + ExpectTrue(server_cb.return_code); + ExpectIntEQ(twcase_get_session_called, 0); + if (EXPECT_FAIL()) + break; + switch (j) { case 0: case 1: case 2: /* cache cannot be searched with out a connection */ /* Add a new session */ - AssertIntEQ(twcase_new_session_called, 1); + ExpectIntEQ(twcase_new_session_called, 1); /* In twcase_server_sess_ctx_pre_shutdown * wolfSSL_CTX_add_session which evicts the existing session * in cache and adds it back in */ - AssertIntLE(twcase_remove_session_called, 1); + ExpectIntLE(twcase_remove_session_called, 1); break; case 3: case 4: /* no external cache */ - AssertIntEQ(twcase_new_session_called, 0); - AssertIntEQ(twcase_remove_session_called, 0); + ExpectIntEQ(twcase_new_session_called, 0); + ExpectIntEQ(twcase_remove_session_called, 0); break; } @@ -7931,8 +8083,8 @@ static int test_wolfSSL_CTX_add_session_ext(void) test_wolfSSL_client_server_nofail(&client_cb, &server_cb); - AssertTrue(client_cb.return_code); - AssertTrue(server_cb.return_code); + ExpectTrue(client_cb.return_code); + ExpectTrue(server_cb.return_code); /* Clear cache before checking */ wolfSSL_CTX_flush_sessions(NULL, -1); @@ -7944,12 +8096,12 @@ static int test_wolfSSL_CTX_add_session_ext(void) /* cache hit */ /* DTLS accesses cache once for stateless parsing and * once for stateful parsing */ - AssertIntEQ(twcase_get_session_called, !dtls ? 1 : 2); + ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2); /* (D)TLSv1.3 creates a new ticket, * updates both internal and external cache */ - AssertIntEQ(twcase_new_session_called, 1); - AssertIntEQ(twcase_remove_session_called, 1); + ExpectIntEQ(twcase_new_session_called, 1); + ExpectIntEQ(twcase_remove_session_called, 1); } else { @@ -7957,27 +8109,27 @@ static int test_wolfSSL_CTX_add_session_ext(void) /* DTLS accesses cache once for stateless parsing and * once for stateful parsing */ #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME - AssertIntEQ(twcase_get_session_called, !dtls ? 1 : 2); + ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2); #else - AssertIntEQ(twcase_get_session_called, 1); + ExpectIntEQ(twcase_get_session_called, 1); #endif - AssertIntEQ(twcase_new_session_called, 0); + ExpectIntEQ(twcase_new_session_called, 0); /* Called on session added in * twcase_server_sess_ctx_pre_shutdown */ - AssertIntEQ(twcase_remove_session_called, 1); + ExpectIntEQ(twcase_remove_session_called, 1); } break; case 1: if (tls13) { /* (D)TLSv1.3 case */ /* cache hit */ - AssertIntEQ(twcase_get_session_called, 1); + ExpectIntEQ(twcase_get_session_called, 1); /* (D)TLSv1.3 creates a new ticket, * updates both internal and external cache */ - AssertIntEQ(twcase_new_session_called, 1); + ExpectIntEQ(twcase_new_session_called, 1); /* Called on session added in * twcase_server_sess_ctx_pre_shutdown and by wolfSSL */ - AssertIntEQ(twcase_remove_session_called, 1); + ExpectIntEQ(twcase_remove_session_called, 1); } else { /* non (D)TLSv1.3 case */ @@ -7985,27 +8137,27 @@ static int test_wolfSSL_CTX_add_session_ext(void) /* DTLS accesses cache once for stateless parsing and * once for stateful parsing */ #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME - AssertIntEQ(twcase_get_session_called, !dtls ? 1 : 2); + ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2); #else - AssertIntEQ(twcase_get_session_called, 1); + ExpectIntEQ(twcase_get_session_called, 1); #endif - AssertIntEQ(twcase_new_session_called, 0); + ExpectIntEQ(twcase_new_session_called, 0); /* Called on session added in * twcase_server_sess_ctx_pre_shutdown */ - AssertIntEQ(twcase_remove_session_called, 1); + ExpectIntEQ(twcase_remove_session_called, 1); } break; case 2: if (tls13) { /* (D)TLSv1.3 case */ /* cache hit */ - AssertIntEQ(twcase_get_session_called, 1); + ExpectIntEQ(twcase_get_session_called, 1); /* (D)TLSv1.3 creates a new ticket, * updates both internal and external cache */ - AssertIntEQ(twcase_new_session_called, 1); + ExpectIntEQ(twcase_new_session_called, 1); /* Called on session added in * twcase_server_sess_ctx_pre_shutdown and by wolfSSL */ - AssertIntEQ(twcase_remove_session_called, 1); + ExpectIntEQ(twcase_remove_session_called, 1); } else { /* non (D)TLSv1.3 case */ @@ -8013,35 +8165,41 @@ static int test_wolfSSL_CTX_add_session_ext(void) /* DTLS accesses cache once for stateless parsing and * once for stateful parsing */ #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME - AssertIntEQ(twcase_get_session_called, !dtls ? 1 : 2); + ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2); #else - AssertIntEQ(twcase_get_session_called, 1); + ExpectIntEQ(twcase_get_session_called, 1); #endif - AssertIntEQ(twcase_new_session_called, 0); + ExpectIntEQ(twcase_new_session_called, 0); /* Called on session added in * twcase_server_sess_ctx_pre_shutdown */ - AssertIntEQ(twcase_remove_session_called, 1); + ExpectIntEQ(twcase_remove_session_called, 1); } break; case 3: case 4: /* no external cache */ - AssertIntEQ(twcase_get_session_called, 0); - AssertIntEQ(twcase_new_session_called, 0); - AssertIntEQ(twcase_remove_session_called, 0); + ExpectIntEQ(twcase_get_session_called, 0); + ExpectIntEQ(twcase_new_session_called, 0); + ExpectIntEQ(twcase_remove_session_called, 0); break; } wolfSSL_SESSION_free(twcase_client_first_session_ptr); wolfSSL_SESSION_free(twcase_server_first_session_ptr); wolfSSL_CTX_free(twcase_server_current_ctx_ptr); + + if (EXPECT_FAIL()) + break; } twcase_get_sessionCb_cleanup(); XMEMSET(&server_sessionCache.entries, 0, sizeof(server_sessionCache.entries)); fprintf(stderr, "\tEnd %s\n", params[i].tls_version); + + if (EXPECT_FAIL()) + break; } wc_FreeMutex(&server_sessionCache.htLock); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -8108,6 +8266,7 @@ static int test_wolfSSL_dtls_export(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) + EXPECT_DECLS; tcp_ready ready; func_args client_args; func_args server_args; @@ -8143,8 +8302,8 @@ static int test_wolfSSL_dtls_export(void) run_wolfssl_client(&client_args); join_thread(serverThread); - AssertTrue(client_args.return_code); - AssertTrue(server_args.return_code); + ExpectTrue(client_args.return_code); + ExpectTrue(server_args.return_code); FreeTcpReady(&ready); @@ -8152,15 +8311,16 @@ static int test_wolfSSL_dtls_export(void) fdOpenSession(Task_self()); #endif - { + if (EXPECT_SUCCESS()) { SOCKET_T sockfd = 0; - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; char msg[64] = "hello wolfssl!"; char reply[1024]; int msgSz = (int)XSTRLEN(msg); byte *session, *window; - unsigned int sessionSz, windowSz; + unsigned int sessionSz = 0; + unsigned int windowSz = 0; #ifndef TEST_IPV6 struct sockaddr_in peerAddr; @@ -8172,17 +8332,17 @@ static int test_wolfSSL_dtls_export(void) /* Set ctx to DTLS 1.2 */ - AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); - AssertNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); /* test importing version 3 */ - AssertIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); + ExpectIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); /* test importing bad length and bad version */ version_3[2] += 1; - AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); + ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); version_3[2] -= 1; version_3[1] = 0XA0; - AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); + ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); @@ -8213,55 +8373,55 @@ static int test_wolfSSL_dtls_export(void) wait_tcp_ready(&server_args); /* create and connect with client */ - AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 1, 0, NULL); - AssertNotNull(ssl = wolfSSL_new(ctx)); - AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); /* store server information connected too */ XMEMSET(&peerAddr, 0, sizeof(peerAddr)); #ifndef TEST_IPV6 peerAddr.sin_family = AF_INET; - AssertIntEQ(XINET_PTON(AF_INET, wolfSSLIP, &peerAddr.sin_addr),1); + ExpectIntEQ(XINET_PTON(AF_INET, wolfSSLIP, &peerAddr.sin_addr),1); peerAddr.sin_port = XHTONS(server_args.signal->port); #else peerAddr.sin6_family = AF_INET6; - AssertIntEQ( + ExpectIntEQ( XINET_PTON(AF_INET6, wolfSSLIP, &peerAddr.sin6_addr),1); peerAddr.sin6_port = XHTONS(server_args.signal->port); #endif - AssertIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)), + ExpectIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0); + ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0); session = (byte*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - AssertIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0); - AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); - AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0); - AssertIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0); + ExpectIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0); + ExpectIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); + ExpectIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0); + ExpectIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0); window = (byte*)XMALLOC(windowSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0); + ExpectIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0); wolfSSL_free(ssl); for (i = 1; i < server_args.argc; i++) { /* restore state */ - AssertNotNull(ssl = wolfSSL_new(ctx)); - AssertIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0); - AssertIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0); - AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)), + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0); + ExpectIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0); + ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); - AssertIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0); - AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0); + ExpectIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); + ExpectIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0); + ExpectIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0); wolfSSL_free(ssl); } XFREE(session, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -8270,7 +8430,7 @@ static int test_wolfSSL_dtls_export(void) fprintf(stderr, "done and waiting for server\n"); join_thread(serverThread); - AssertIntEQ(server_args.return_code, TEST_SUCCESS); + ExpectIntEQ(server_args.return_code, TEST_SUCCESS); FreeTcpReady(&ready); @@ -8279,7 +8439,7 @@ static int test_wolfSSL_dtls_export(void) #endif } - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -8478,21 +8638,6 @@ static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args) ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; - { - WOLFSSL_METHOD* method = NULL; - if (cbf != NULL && cbf->method != NULL) { - method = cbf->method(); - } - else { - method = wolfTLSv1_2_server_method(); - } - ctx = wolfSSL_CTX_new(method); - } - if (ctx == NULL) { - goto done; - } - wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"); - #if defined(USE_WINDOWS_API) port = ((func_args*)args)->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ @@ -8508,6 +8653,21 @@ static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args) tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); CloseSocket(sockfd); + { + WOLFSSL_METHOD* method = NULL; + if (cbf != NULL && cbf->method != NULL) { + method = cbf->method(); + } + else { + method = wolfTLSv1_2_server_method(); + } + ctx = wolfSSL_CTX_new(method); + } + if (ctx == NULL) { + goto done; + } + wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"); + /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); @@ -8604,6 +8764,7 @@ static void load_tls13_canned_server(WOLFSSL* ssl) /* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ static int test_wolfSSL_tls_export_run(int v) { + EXPECT_DECLS; SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; @@ -8638,7 +8799,7 @@ static int test_wolfSSL_tls_export_run(int v) server_cbf.ssl_ready = load_tls12_canned_server; /* setup the client side */ - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"); clientSession = canned_client_session; clientSessionSz = sizeof(canned_client_session); @@ -8649,7 +8810,7 @@ static int test_wolfSSL_tls_export_run(int v) server_cbf.ssl_ready = load_tls13_canned_server; /* setup the client side */ - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); clientSession = canned_client_tls13_session; clientSessionSz = sizeof(canned_client_tls13_session); break; @@ -8666,20 +8827,20 @@ static int test_wolfSSL_tls_export_run(int v) fdOpenSession(Task_self()); #endif - AssertNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl); - AssertIntEQ(wolfSSL_tls_import(ssl, clientSession, clientSessionSz), + ExpectIntEQ(wolfSSL_tls_import(ssl, clientSession, clientSessionSz), clientSessionSz); replySz = sizeof(reply); - AssertIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0); + ExpectIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0); #if !defined(NO_PSK) && defined(HAVE_ANON) /* index 20 has is setting if PSK was on and 49 is if anon is allowed */ - AssertIntEQ(XMEMCMP(reply, clientSession, replySz), 0); + ExpectIntEQ(XMEMCMP(reply, clientSession, replySz), 0); #endif wolfSSL_set_fd(ssl, sockfd); - AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); - AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)-1), 0); + ExpectIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); + ExpectIntGT(wolfSSL_read(ssl, reply, sizeof(reply)-1), 0); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); @@ -8697,15 +8858,14 @@ static int test_wolfSSL_tls_export_run(int v) join_thread(serverThread); - AssertIntEQ(server_args.return_code, TEST_SUCCESS); + ExpectIntEQ(server_args.return_code, TEST_SUCCESS); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif - - return TEST_RES_CHECK(1); + return EXPECT_RESULT(); } #endif @@ -8782,29 +8942,30 @@ static int test_wolfSSL_UseSNI_params(void) { int res = TEST_SKIPPED; #if !defined(NO_WOLFSSL_CLIENT) + EXPECT_DECLS; WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); - AssertNotNull(ctx); - AssertNotNull(ssl); + ExpectNotNull(ctx); + ExpectNotNull(ssl); /* invalid [ctx|ssl] */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3)); /* invalid type */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3)); /* invalid data */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3)); /* success case */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* !NO_WOLFSSL_CLIENT */ return res; @@ -9013,6 +9174,7 @@ static int test_wolfSSL_UseSNI_connection(void) static int test_wolfSSL_SNI_GetFromBuffer(void) { + EXPECT_DECLS; byte buff[] = { /* www.paypal.com */ 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c, 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca, @@ -9086,60 +9248,60 @@ static int test_wolfSSL_SNI_GetFromBuffer(void) byte result[32] = {0}; word32 length = 32; - AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4), + ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4), 0, result, &length)); - AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3), + ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3), 0, result, &length)); - AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), + ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), 1, result, &length)); - AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), + ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[0] = 0x16; - AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), + ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[1] = 0x03; - AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff, + ExpectIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[2] = 0x03; - AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff, + ExpectIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[4] = 0x64; - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); result[length] = 0; - AssertStrEQ("www.paypal.com", (const char*) result); + ExpectStrEQ("www.paypal.com", (const char*) result); length = 32; - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), 0, result, &length)); result[length] = 0; - AssertStrEQ("api.textmate.org", (const char*) result); + ExpectStrEQ("api.textmate.org", (const char*) result); /* SSL v2.0 tests */ - AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5, + ExpectIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); buff5[2] = 0x02; - AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, + ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); buff5[2] = 0x01; buff5[6] = 0x08; - AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, + ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); buff5[6] = 0x09; buff5[8] = 0x01; - AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, + ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); - return TEST_RES_CHECK(1); + return EXPECT_RESULT(); } #endif /* HAVE_SNI */ @@ -9152,49 +9314,50 @@ static int test_wolfSSL_UseTrustedCA(void) #if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) - WOLFSSL_CTX *ctx; - WOLFSSL *ssl; + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; byte id[20]; #ifndef NO_WOLFSSL_SERVER - AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()))); - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + ExpectNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()))); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #else - AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()))); + ExpectNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()))); #endif - AssertNotNull((ssl = wolfSSL_new(ctx))); + ExpectNotNull((ssl = wolfSSL_new(ctx))); XMEMSET(id, 0, sizeof(id)); /* error cases */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5)); #ifdef NO_SHA - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id))); #endif - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_X509_NAME, id, 0)); /* success cases */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0)); #ifndef NO_SHA - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id))); #endif - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_X509_NAME, id, 5)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* HAVE_TRUSTED_CA */ return res; @@ -9207,12 +9370,13 @@ static int test_wolfSSL_UseMaxFragment(void) !defined(NO_FILESYSTEM) && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + EXPECT_DECLS; #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); #else WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); #endif - WOLFSSL *ssl; + WOLFSSL *ssl = NULL; #ifdef OPENSSL_EXTRA int (*UseMaxFragment)(SSL *s, uint8_t mode); int (*CTX_UseMaxFragment)(SSL_CTX *c, uint8_t mode); @@ -9222,14 +9386,13 @@ static int test_wolfSSL_UseMaxFragment(void) #endif #ifndef NO_WOLFSSL_SERVER - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #endif - AssertNotNull(ctx); + ExpectNotNull(ctx); - ssl = wolfSSL_new(ctx); - AssertNotNull(ssl); + ExpectNotNull(ssl = wolfSSL_new(ctx)); #ifdef OPENSSL_EXTRA CTX_UseMaxFragment = SSL_CTX_set_tlsext_max_fragment_length; @@ -9240,47 +9403,47 @@ static int test_wolfSSL_UseMaxFragment(void) #endif /* error cases */ - AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9)); - AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment( NULL, WOLFSSL_MFL_2_9)); - AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1)); - AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1)); - AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1)); - AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1)); + ExpectIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9)); + ExpectIntNE(WOLFSSL_SUCCESS, UseMaxFragment( NULL, WOLFSSL_MFL_2_9)); + ExpectIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1)); + ExpectIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1)); + ExpectIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1)); + ExpectIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1)); /* success case */ #ifdef OPENSSL_EXTRA - AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); + ExpectIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); #else - AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); #endif - AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9)); - AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10)); - AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11)); - AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12)); + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9)); + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10)); + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11)); + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12)); #ifdef OPENSSL_EXTRA - AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); + ExpectIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); - AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); + ExpectIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); #else - AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); - AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); #endif - AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_9)); - AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_10)); - AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_11)); - AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_12)); + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_9)); + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_10)); + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_11)); + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_12)); #ifdef OPENSSL_EXTRA - AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); + ExpectIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); #else - AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); #endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return res; @@ -9292,35 +9455,35 @@ static int test_wolfSSL_UseTruncatedHMAC(void) #if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + EXPECT_DECLS; #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); #else WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); #endif - WOLFSSL *ssl; + WOLFSSL *ssl = NULL; - AssertNotNull(ctx); + ExpectNotNull(ctx); #ifndef NO_WOLFSSL_SERVER - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #endif - ssl = wolfSSL_new(ctx); - AssertNotNull(ssl); + ExpectNotNull(ssl = wolfSSL_new(ctx)); /* error cases */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL)); /* success case */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return res; @@ -9329,32 +9492,34 @@ static int test_wolfSSL_UseTruncatedHMAC(void) static int test_wolfSSL_UseSupportedCurve(void) { int res = TEST_SKIPPED; -#if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) +#if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_TLS) + EXPECT_DECLS; WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); - AssertNotNull(ctx); - AssertNotNull(ssl); + ExpectNotNull(ctx); + ExpectNotNull(ssl); /* error cases */ - AssertIntNE(WOLFSSL_SUCCESS, - wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0)); + ExpectIntNE(WOLFSSL_SUCCESS, + wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0)); - AssertIntNE(WOLFSSL_SUCCESS, - wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0)); + ExpectIntNE(WOLFSSL_SUCCESS, + wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0)); /* success case */ - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)); - AssertIntEQ(WOLFSSL_SUCCESS, - wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -9558,6 +9723,7 @@ static int test_wolfSSL_UseALPN_params(void) { int res = TEST_SKIPPED; #ifndef NO_WOLFSSL_CLIENT + EXPECT_DECLS; /* "http/1.1" */ char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31}; /* "spdy/1" */ @@ -9572,19 +9738,19 @@ static int test_wolfSSL_UseALPN_params(void) WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); - AssertNotNull(ctx); - AssertNotNull(ssl); + ExpectNotNull(ctx); + ExpectNotNull(ssl); /* error cases */ - AssertIntNE(WOLFSSL_SUCCESS, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(NULL, http1, sizeof(http1), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0, - WOLFSSL_ALPN_FAILED_ON_MISMATCH)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0, + WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* success case */ /* http1 only */ - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, http1, sizeof(http1), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); @@ -9594,8 +9760,8 @@ static int test_wolfSSL_UseALPN_params(void) buff[idx++] = ','; XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, - WOLFSSL_ALPN_FAILED_ON_MISMATCH)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, + WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* http1, spdy2, spdy1 */ XMEMCPY(buff, http1, sizeof(http1)); @@ -9606,8 +9772,8 @@ static int test_wolfSSL_UseALPN_params(void) buff[idx++] = ','; XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, - WOLFSSL_ALPN_FAILED_ON_MISMATCH)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, + WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* spdy3, http1, spdy2, spdy1 */ XMEMCPY(buff, spdy3, sizeof(spdy3)); @@ -9621,13 +9787,13 @@ static int test_wolfSSL_UseALPN_params(void) buff[idx++] = ','; XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, - WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, + WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -9728,7 +9894,7 @@ static int test_wolfSSL_set_alpn_protos(void) server_cb.ctx_ready = NULL; server_cb.ssl_ready = set_alpn_protos; server_cb.on_result = verify_alpn_matching_spdy3; test_wolfSSL_client_server(&client_cb, &server_cb); - res = TEST_RES_CHECK(1); + res = TEST_SUCCESS; #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ return res; } @@ -9739,24 +9905,25 @@ static int test_wolfSSL_DisableExtendedMasterSecret(void) { int res = TEST_SKIPPED; #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT) + EXPECT_DECLS; WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); - AssertNotNull(ctx); - AssertNotNull(ssl); + ExpectNotNull(ctx); + ExpectNotNull(ssl); /* error cases */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL)); /* success cases */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -9765,24 +9932,25 @@ static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void) { int res = TEST_SKIPPED; #if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT) + EXPECT_DECLS; WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); - AssertNotNull(ctx); - AssertNotNull(ssl); + ExpectNotNull(ctx); + ExpectNotNull(ssl); /* error cases */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL)); - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL)); /* success cases */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -9795,6 +9963,7 @@ static int test_wolfSSL_SCR_Reconnect(void) #if defined(HAVE_SECURE_RENEGOTIATION) && \ defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) && \ defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) + EXPECT_DECLS; struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; @@ -9804,21 +9973,21 @@ static int test_wolfSSL_SCR_Reconnect(void) test_ctx.c_ciphers = "ECDHE-RSA-AES256-GCM-SHA384"; test_ctx.s_ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305"; - AssertIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_c)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_s)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_c)); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_s)); - AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_c)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_s)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_c)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_s)); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); /* WOLFSSL_FATAL_ERROR since it will block */ - AssertIntEQ(wolfSSL_Rehandshake(ssl_s), WOLFSSL_FATAL_ERROR); - AssertIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), WOLFSSL_ERROR_WANT_READ); - AssertIntEQ(wolfSSL_read(ssl_c, &data, 1), WOLFSSL_FATAL_ERROR); - AssertIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + ExpectIntEQ(wolfSSL_read(ssl_c, &data, 1), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), WOLFSSL_ERROR_WANT_READ); - AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); wolfSSL_free(ssl_c); ssl_c = NULL; wolfSSL_free(ssl_s); @@ -9826,15 +9995,15 @@ static int test_wolfSSL_SCR_Reconnect(void) wolfSSL_CTX_free(ctx_c); ctx_c = NULL; test_ctx.c_ciphers = "ECDHE-RSA-CHACHA20-POLY1305"; - AssertIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); - AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); wolfSSL_free(ssl_s); wolfSSL_free(ssl_c); wolfSSL_CTX_free(ctx_s); wolfSSL_CTX_free(ctx_c); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -9882,6 +10051,7 @@ static int test_tls_ext_duplicate(void) int res = TEST_SKIPPED; #if !defined(NO_WOLFSSL_SERVER) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \ !defined(NO_FILESYSTEM) + EXPECT_DECLS; const unsigned char clientHelloDupTlsExt[] = { 0x16, 0x03, 0x03, 0x00, 0x6a, 0x01, 0x00, 0x00, 0x66, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe, @@ -9905,8 +10075,8 @@ static int test_tls_ext_duplicate(void) WOLFSSL_BUFFER_INFO msg; const char* testCertFile; const char* testKeyFile; - WOLFSSL_CTX *ctx; - WOLFSSL *ssl; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; #ifndef NO_RSA testCertFile = svrCertFile; @@ -9916,12 +10086,11 @@ static int test_tls_ext_duplicate(void) testKeyFile = eccKeyFile; #endif - ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); /* Read from 'msg'. */ @@ -9930,19 +10099,19 @@ static int test_tls_ext_duplicate(void) wolfSSL_SetIOSend(ctx, DummySend); ssl = wolfSSL_new(ctx); - AssertNotNull(ssl); + ExpectNotNull(ssl); msg.buffer = (unsigned char*)clientHelloDupTlsExt; msg.length = (unsigned int)sizeof(clientHelloDupTlsExt); wolfSSL_SetIOReadCtx(ssl, &msg); - AssertIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_get_error(ssl, 0), DUPLICATE_TLS_EXT_E); + ExpectIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl, 0), DUPLICATE_TLS_EXT_E); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -9957,10 +10126,11 @@ static int test_wolfSSL_X509_NAME_get_entry(void) #if defined(OPENSSL_ALL) || \ (defined(OPENSSL_EXTRA) && \ (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS))) + EXPECT_DECLS; /* use openssl like name to test mapping */ X509_NAME_ENTRY* ne; X509_NAME* name; - X509* x509; + X509* x509 = NULL; #ifndef NO_FILESYSTEM ASN1_STRING* asn; char* subCN = NULL; @@ -9970,51 +10140,44 @@ static int test_wolfSSL_X509_NAME_get_entry(void) #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ defined(WOLFSSL_NGINX) #ifndef NO_BIO - BIO* bio; + BIO* bio = NULL; #endif #endif #ifndef NO_FILESYSTEM - x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM); - AssertNotNull(x509); - name = X509_get_subject_name(x509); - idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1); - AssertIntGE(idx, 0); - ne = X509_NAME_get_entry(name, idx); - AssertNotNull(ne); - asn = X509_NAME_ENTRY_get_data(ne); - AssertNotNull(asn); - subCN = (char*)ASN1_STRING_data(asn); - AssertNotNull(subCN); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = X509_get_subject_name(x509)); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); + ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); + ExpectNotNull(asn = X509_NAME_ENTRY_get_data(ne)); + ExpectNotNull(subCN = (char*)ASN1_STRING_data(asn)); wolfSSL_FreeX509(x509); + x509 = NULL; #endif - x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM); - AssertNotNull(x509); - name = X509_get_subject_name(x509); - idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1); - AssertIntGE(idx, 0); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = X509_get_subject_name(x509)); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ defined(WOLFSSL_NGINX) #ifndef NO_BIO - AssertNotNull(bio = BIO_new(BIO_s_mem())); - AssertIntEQ(X509_NAME_print_ex(bio, name, 4, + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(bio, name, 4, (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); - AssertIntEQ(X509_NAME_print_ex_fp(stderr, name, 4, + ExpectIntEQ(X509_NAME_print_ex_fp(stderr, name, 4, (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); BIO_free(bio); #endif #endif - ne = X509_NAME_get_entry(name, idx); - AssertNotNull(ne); - AssertNotNull(object = X509_NAME_ENTRY_get_object(ne)); + ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); + ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); wolfSSL_FreeX509(x509); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */ #endif /* !NO_CERTS && !NO_RSA */ @@ -10033,6 +10196,7 @@ static int test_wolfSSL_PKCS12(void) #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \ !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \ !defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO) + EXPECT_DECLS; byte buf[6000]; char file[] = "./certs/test-servercert.p12"; char order[] = "./certs/ecc-rsa-server.p12"; @@ -10043,70 +10207,71 @@ static int test_wolfSSL_PKCS12(void) const char goodPsw[] = "wolfSSL test"; const char badPsw[] = "bad"; #ifdef HAVE_ECC - WOLFSSL_X509_NAME* subject; - WOLFSSL_X509 *x509; + WOLFSSL_X509_NAME *subject = NULL; + WOLFSSL_X509 *x509 = NULL; #endif - XFILE f; + XFILE f = XBADFILE; int bytes, ret, goodPswLen, badPswLen; - WOLFSSL_BIO *bio; - WOLFSSL_EVP_PKEY *pkey; - WC_PKCS12 *pkcs12; - WC_PKCS12 *pkcs12_2; - WOLFSSL_X509 *cert; - WOLFSSL_X509 *tmp; - WOLF_STACK_OF(WOLFSSL_X509) *ca; + WOLFSSL_BIO *bio = NULL; + WOLFSSL_EVP_PKEY *pkey = NULL; + WC_PKCS12 *pkcs12 = NULL; + WC_PKCS12 *pkcs12_2 = NULL; + WOLFSSL_X509 *cert = NULL; + WOLFSSL_X509 *tmp = NULL; + WOLF_STACK_OF(WOLFSSL_X509) *ca = NULL; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) - WOLFSSL_CTX *ctx; - WOLFSSL *ssl; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL; #endif - f = XFOPEN(file, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buf, 1, sizeof(buf), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } goodPswLen = (int)XSTRLEN(goodPsw); badPswLen = (int)XSTRLEN(badPsw); - bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); - AssertNotNull(bio); + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - AssertIntEQ(BIO_write(bio, buf, bytes), bytes); /* d2i consumes BIO */ - d2i_PKCS12_bio(bio, &pkcs12); - AssertNotNull(pkcs12); + ExpectIntEQ(BIO_write(bio, buf, bytes), bytes); /* d2i consumes BIO */ + ExpectNotNull(d2i_PKCS12_bio(bio, &pkcs12)); + ExpectNotNull(pkcs12); BIO_free(bio); + bio = NULL; /* check verify MAC directly */ - ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen); - AssertIntEQ(ret, 1); + ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen), 1); /* check verify MAC fail case directly */ - ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen); - AssertIntEQ(ret, 0); + ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen), 0); /* check verify MAC fail case */ - ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL); - AssertIntEQ(ret, 0); - AssertNull(pkey); - AssertNull(cert); + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); + ExpectNull(pkey); + ExpectNull(cert); /* check parse with no extra certs kept */ - ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL); - AssertIntEQ(ret, 1); - AssertNotNull(pkey); - AssertNotNull(cert); + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; wolfSSL_X509_free(cert); + cert = NULL; /* check parse with extra certs kept */ - ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca); - AssertIntEQ(ret, 1); - AssertNotNull(pkey); - AssertNotNull(cert); - AssertNotNull(ca); + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) @@ -10114,111 +10279,131 @@ static int test_wolfSSL_PKCS12(void) /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */ #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* Copy stack structure */ - AssertNotNull(tmp_ca = X509_chain_up_ref(ca)); - AssertIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1); + ExpectNotNull(tmp_ca = X509_chain_up_ref(ca)); + ExpectIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1); /* CTX now owns the tmp_ca stack structure */ tmp_ca = NULL; - AssertIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1); - AssertNotNull(tmp_ca); - AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca)); + ExpectIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1); + ExpectNotNull(tmp_ca); + ExpectIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca)); /* Check that the main cert is also set */ - AssertNotNull(SSL_CTX_get0_certificate(ctx)); - AssertNotNull(ssl = SSL_new(ctx)); - AssertNotNull(SSL_get_certificate(ssl)); + ExpectNotNull(SSL_CTX_get0_certificate(ctx)); + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectNotNull(SSL_get_certificate(ssl)); SSL_free(ssl); SSL_CTX_free(ctx); + ctx = NULL; #endif #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ /* should be 2 other certs on stack */ - tmp = sk_X509_pop(ca); - AssertNotNull(tmp); + ExpectNotNull(tmp = sk_X509_pop(ca)); X509_free(tmp); - tmp = sk_X509_pop(ca); - AssertNotNull(tmp); + ExpectNotNull(tmp = sk_X509_pop(ca)); X509_free(tmp); - AssertNull(sk_X509_pop(ca)); + ExpectNull(sk_X509_pop(ca)); EVP_PKEY_free(pkey); + pkey = NULL; X509_free(cert); + cert = NULL; sk_X509_pop_free(ca, X509_free); + ca = NULL; /* check PKCS12_create */ - AssertNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0)); - AssertIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + ExpectNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0)); + ExpectIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), SSL_SUCCESS); - AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, + ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, -1, -1, 100, -1, 0))); EVP_PKEY_free(pkey); + pkey = NULL; X509_free(cert); + cert = NULL; sk_X509_pop_free(ca, NULL); + ca = NULL; - AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), + ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), SSL_SUCCESS); PKCS12_free(pkcs12_2); - AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, + pkcs12_2 = NULL; + ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 2000, 1, 0))); EVP_PKEY_free(pkey); + pkey = NULL; X509_free(cert); + cert = NULL; sk_X509_pop_free(ca, NULL); + ca = NULL; /* convert to DER then back and parse */ - AssertNotNull(bio = BIO_new(BIO_s_mem())); - AssertIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS); PKCS12_free(pkcs12_2); + pkcs12_2 = NULL; - AssertNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL)); + ExpectNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL)); BIO_free(bio); - AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), + bio = NULL; + ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), SSL_SUCCESS); /* should be 2 other certs on stack */ - tmp = sk_X509_pop(ca); - AssertNotNull(tmp); + ExpectNotNull(tmp = sk_X509_pop(ca)); X509_free(tmp); - tmp = sk_X509_pop(ca); - AssertNotNull(tmp); + ExpectNotNull(tmp = sk_X509_pop(ca)); X509_free(tmp); - AssertNull(sk_X509_pop(ca)); + ExpectNull(sk_X509_pop(ca)); #ifndef NO_RC4 PKCS12_free(pkcs12_2); - AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL, + pkcs12_2 = NULL; + ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL, NID_pbe_WithSHA1And128BitRC4, NID_pbe_WithSHA1And128BitRC4, 2000, 1, 0))); EVP_PKEY_free(pkey); + pkey = NULL; X509_free(cert); + cert = NULL; sk_X509_pop_free(ca, NULL); + ca = NULL; - AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), + ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), SSL_SUCCESS); #endif /* NO_RC4 */ EVP_PKEY_free(pkey); + pkey = NULL; X509_free(cert); + cert = NULL; PKCS12_free(pkcs12); + pkcs12 = NULL; PKCS12_free(pkcs12_2); + pkcs12_2 = NULL; sk_X509_pop_free(ca, NULL); + ca = NULL; #ifdef HAVE_ECC /* test order of parsing */ - f = XFOPEN(order, "rb"); - AssertTrue(f != XBADFILE); - bytes = (int)XFREAD(buf, 1, sizeof(buf), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(order, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } - AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); - AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); - AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)), + ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); + ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); + ExpectIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)), WOLFSSL_SUCCESS); /* check use of pkey after parse */ @@ -10226,151 +10411,168 @@ static int test_wolfSSL_PKCS12(void) || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif - AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); SSL_CTX_free(ctx); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif - AssertNotNull(pkey); - AssertNotNull(cert); - AssertNotNull(ca); + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); /* compare subject lines of certificates */ - AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert)); - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile, + ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert)); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile, SSL_FILETYPE_PEM)); - AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); X509_free(x509); + x509 = NULL; /* test expected fail case */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, SSL_FILETYPE_PEM)); - AssertIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + ExpectIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); X509_free(x509); + x509 = NULL; X509_free(cert); + cert = NULL; /* get subject line from ca stack */ - AssertNotNull(cert = sk_X509_pop(ca)); - AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert)); + ExpectNotNull(cert = sk_X509_pop(ca)); + ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert)); /* compare subject from certificate in ca to expected */ - AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, SSL_FILETYPE_PEM)); - AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); EVP_PKEY_free(pkey); + pkey = NULL; X509_free(x509); + x509 = NULL; X509_free(cert); + cert = NULL; BIO_free(bio); + bio = NULL; PKCS12_free(pkcs12); + pkcs12 = NULL; sk_X509_pop_free(ca, NULL); /* TEST d2i_PKCS12_fp */ + ca = NULL; /* test order of parsing */ - f = XFOPEN(file, "rb"); - AssertTrue(f != XBADFILE); - AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } /* check verify MAC fail case */ - ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL); - AssertIntEQ(ret, 0); - AssertNull(pkey); - AssertNull(cert); + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); + ExpectNull(pkey); + ExpectNull(cert); /* check parse with no extra certs kept */ - ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL); - AssertIntEQ(ret, 1); - AssertNotNull(pkey); - AssertNotNull(cert); + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; wolfSSL_X509_free(cert); + cert = NULL; /* check parse with extra certs kept */ - ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca); - AssertIntEQ(ret, 1); - AssertNotNull(pkey); - AssertNotNull(cert); - AssertNotNull(ca); + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; wolfSSL_X509_free(cert); + cert = NULL; sk_X509_pop_free(ca, NULL); + ca = NULL; PKCS12_free(pkcs12); + pkcs12 = NULL; #endif /* HAVE_ECC */ #ifdef WC_RC2 /* test PKCS#12 with RC2 encryption */ - f = XFOPEN(rc2p12, "rb"); - AssertTrue(f != XBADFILE); - bytes = (int)XFREAD(buf, 1, sizeof(buf), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(rc2p12, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } - AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); - AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); + ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); + ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); /* check verify MAC fail case */ - ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL); - AssertIntEQ(ret, 0); - AssertNull(pkey); - AssertNull(cert); + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); + ExpectNull(pkey); + ExpectNull(cert); /* check parse iwth not extra certs kept */ - ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL); - AssertIntEQ(ret, WOLFSSL_SUCCESS); - AssertNotNull(pkey); - AssertNotNull(cert); + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), + WOLFSSL_SUCCESS); + ExpectNotNull(pkey); + ExpectNotNull(cert); wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; wolfSSL_X509_free(cert); + cert = NULL; /* check parse with extra certs kept */ - ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca); - AssertIntEQ(ret, WOLFSSL_SUCCESS); - AssertNotNull(pkey); - AssertNotNull(cert); - AssertNotNull(ca); + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + WOLFSSL_SUCCESS);; + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_X509_free(cert); sk_X509_pop_free(ca, NULL); BIO_free(bio); + bio = NULL; PKCS12_free(pkcs12); + pkcs12 = NULL; #endif /* WC_RC2 */ /* Test i2d_PKCS12_bio */ - f = XFOPEN(file, "rb"); - AssertTrue((f != XBADFILE)); - AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); + if (f != XBADFILE) + XFCLOSE(f); - bio = BIO_new(BIO_s_mem()); - AssertNotNull(bio); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); - ret = i2d_PKCS12_bio(bio, pkcs12); - AssertIntEQ(ret, 1); + ExpectIntEQ(ret = i2d_PKCS12_bio(bio, pkcs12), 1); - ret = i2d_PKCS12_bio(NULL, pkcs12); - AssertIntEQ(ret, 0); + ExpectIntEQ(ret = i2d_PKCS12_bio(NULL, pkcs12), 0); - ret = i2d_PKCS12_bio(bio, NULL); - AssertIntEQ(ret, 0); + ExpectIntEQ(ret = i2d_PKCS12_bio(bio, NULL), 0); PKCS12_free(pkcs12); BIO_free(bio); (void)order; - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_EXTRA */ #endif /* HAVE_FIPS */ return res; @@ -10408,43 +10610,45 @@ static int test_wolfSSL_no_password_cb(void) int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \ && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) - WOLFSSL_CTX* ctx; + EXPECT_DECLS; + WOLFSSL_CTX* ctx = NULL; byte buff[FOURK_BUF]; const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der"; const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem"; - XFILE f; + XFILE f = XBADFILE; int bytes; #ifndef NO_WOLFSSL_CLIENT - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method())); #endif wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack); - AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE); - bytes = (int)XFREAD(buff, 1, sizeof(buff), f); - XFCLOSE(f); - AssertIntLE(bytes, sizeof(buff)); - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntLE(bytes, sizeof(buff)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE); - bytes = (int)XFREAD(buff, 1, sizeof(buff), f); - XFCLOSE(f); - AssertIntLE(bytes, sizeof(buff)); - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + ExpectIntLE(bytes, sizeof(buff)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); - if (failTestCallbackCalled != 0) { - Fail(("Password callback should not be called by default"), - ("Password callback was called without attempting " - "to first decipher private key without password.")); - } + /* Password callback should not be called by default */ + ExpectIntEQ(failTestCallbackCalled, 0); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -10480,6 +10684,7 @@ static int test_wolfSSL_PKCS8(void) #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \ !defined(WOLFCRYPT_ONLY) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + EXPECT_DECLS; byte buff[FOURK_BUF]; byte der[FOURK_BUF]; #ifndef NO_RSA @@ -10490,9 +10695,9 @@ static int test_wolfSSL_PKCS8(void) #ifdef HAVE_ECC const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der"; #endif - XFILE f; - int bytes; - WOLFSSL_CTX* ctx; + XFILE f = XBADFILE; + int bytes = 0; + WOLFSSL_CTX* ctx = NULL; #if defined(HAVE_ECC) && !defined(NO_CODING) int ret; ecc_key key; @@ -10514,15 +10719,15 @@ static int test_wolfSSL_PKCS8(void) #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); #endif #else #ifndef WOLFSSL_NO_TLS12 - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); #endif #endif @@ -10533,76 +10738,84 @@ static int test_wolfSSL_PKCS8(void) #if !defined(NO_RSA) && !defined(NO_SHA) /* test loading PEM PKCS8 encrypted file */ - f = XFOPEN(serverKeyPkcs8EncPemFile, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buff, 1, sizeof(buff), f); - XFCLOSE(f); - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectTrue((f = XFOPEN(serverKeyPkcs8EncPemFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ - AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */ - AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), + ExpectIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "yassl123"), 0); /* test that error value is returned with a bad password */ - AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), + ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "bad"), 0); /* test loading PEM PKCS8 encrypted file */ - f = XFOPEN(serverKeyPkcs8EncDerFile, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buff, 1, sizeof(buff), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(serverKeyPkcs8EncDerFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } flag = 1; /* used by password callback as return code */ - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ - AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif /* !NO_RSA && !NO_SHA */ #if defined(HAVE_ECC) && !defined(NO_SHA) /* test loading PEM PKCS8 encrypted ECC Key file */ - f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buff, 1, sizeof(buff), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } flag = 1; /* used by password callback as return code */ - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ - AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */ - AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), + ExpectIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "yassl123"), 0); /* test that error value is returned with a bad password */ - AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), + ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "bad"), 0); /* test loading DER PKCS8 encrypted ECC Key file */ - f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buff, 1, sizeof(buff), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } flag = 1; /* used by password callback as return code */ - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ - AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* leave flag as "okay" */ @@ -10613,62 +10826,68 @@ static int test_wolfSSL_PKCS8(void) #ifndef NO_RSA /* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */ - f = XFOPEN(serverKeyPkcs8DerFile, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buff, 1, sizeof(buff), f); - XFCLOSE(f); - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectTrue((f = XFOPEN(serverKeyPkcs8DerFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* test loading PEM PKCS8 private key file (not encrypted) */ - f = XFOPEN(serverKeyPkcs8PemFile, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buff, 1, sizeof(buff), f); - XFCLOSE(f); - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectTrue((f = XFOPEN(serverKeyPkcs8PemFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #endif /* !NO_RSA */ /* Test PKCS8 PEM ECC key no crypt */ - f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buff, 1, sizeof(buff), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } #ifdef HAVE_ECC /* Test PKCS8 PEM ECC key no crypt */ - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #ifndef NO_CODING /* decrypt PKCS8 PEM to key in DER format */ - AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der, + ExpectIntGT((bytes = wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), NULL)), 0); ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes); wc_ecc_free(&key); } - AssertIntEQ(ret, 0); + ExpectIntEQ(ret, 0); #endif /* Test PKCS8 DER ECC key no crypt */ - f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb"); - AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buff, 1, sizeof(buff), f); - XFCLOSE(f); + ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) + XFCLOSE(f); /* Test using a PKCS8 ECC PEM */ - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #else /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */ - AssertIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der, + ExpectIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER); #endif /* HAVE_ECC */ wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */ return res; @@ -10680,6 +10899,7 @@ static int test_wolfSSL_PKCS8_ED25519(void) #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \ defined(HAVE_ED25519_KEY_IMPORT) + EXPECT_DECLS; const byte encPrivKey[] = \ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n" @@ -10689,24 +10909,24 @@ static int test_wolfSSL_PKCS8_ED25519(void) "-----END ENCRYPTED PRIVATE KEY-----\n"; const char password[] = "abcdefghijklmnopqrstuvwxyz"; byte der[FOURK_BUF]; - WOLFSSL_CTX* ctx; + WOLFSSL_CTX* ctx = NULL; int bytes; XMEMSET(der, 0, sizeof(der)); - AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, + ExpectIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, (word32)sizeof(der), password)), 0); #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #ifndef NO_WOLFSSL_SERVER - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes, + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return res; @@ -10718,6 +10938,7 @@ static int test_wolfSSL_PKCS8_ED448(void) #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \ defined(HAVE_ED448_KEY_IMPORT) + EXPECT_DECLS; const byte encPrivKey[] = \ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" "MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n" @@ -10727,24 +10948,24 @@ static int test_wolfSSL_PKCS8_ED448(void) "-----END ENCRYPTED PRIVATE KEY-----\n"; const char password[] = "abcdefghijklmnopqrstuvwxyz"; byte der[FOURK_BUF]; - WOLFSSL_CTX* ctx; + WOLFSSL_CTX* ctx = NULL; int bytes; XMEMSET(der, 0, sizeof(der)); - AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, + ExpectIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, (word32)sizeof(der), password)), 0); #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #ifndef NO_WOLFSSL_SERVER - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif - AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes, + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return res; @@ -10755,6 +10976,7 @@ static int test_wolfSSL_PKCS5(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED) + EXPECT_DECLS; #ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */ const char* passwd = "myfipsPa$$W0rd"; #else @@ -10765,22 +10987,20 @@ static int test_wolfSSL_PKCS5(void) DYNAMIC_TYPE_TMP_BUFFER); int ret = 0; - AssertNotNull(out); - ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt, - (int)XSTRLEN((const char *) salt), 10, - WC_SHA_DIGEST_SIZE,out); - AssertIntEQ(ret, SSL_SUCCESS); + ExpectNotNull(out); + ExpectIntEQ(ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt, + (int)XSTRLEN((const char *) salt), 10, WC_SHA_DIGEST_SIZE,out), + WOLFSSL_SUCCESS); #ifdef WOLFSSL_SHA512 - ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt, - (int)XSTRLEN((const char *) salt), 10, - wolfSSL_EVP_sha512(), WC_SHA_DIGEST_SIZE, out); - AssertIntEQ(ret, SSL_SUCCESS); + ExpectIntEQ(ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt, + (int)XSTRLEN((const char *) salt), 10, wolfSSL_EVP_sha512(), + WC_SHA_DIGEST_SIZE, out), SSL_SUCCESS); #endif XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */ return res; } @@ -10792,29 +11012,33 @@ static int test_wolfSSL_URI(void) #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ defined(OPENSSL_EXTRA)) - WOLFSSL_X509* x509; + EXPECT_DECLS; + WOLFSSL_X509* x509 = NULL; const char uri[] = "./certs/client-uri-cert.pem"; const char urn[] = "./certs/client-absolute-urn.pem"; const char badUri[] = "./certs/client-relative-uri.pem"; - x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM); - AssertNotNull(x509); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(uri, + WOLFSSL_FILETYPE_PEM)); wolfSSL_FreeX509(x509); + x509 = NULL; - x509 = wolfSSL_X509_load_certificate_file(urn, WOLFSSL_FILETYPE_PEM); - AssertNotNull(x509); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(urn, + WOLFSSL_FILETYPE_PEM)); wolfSSL_FreeX509(x509); + x509 = NULL; - x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM); #if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT) \ && !defined(WOLFSSL_FPKI) - AssertNull(x509); + ExpectNull(x509 = wolfSSL_X509_load_certificate_file(badUri, + WOLFSSL_FILETYPE_PEM)); #else - AssertNotNull(x509); - wolfSSL_FreeX509(x509); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(badUri, + WOLFSSL_FILETYPE_PEM)); #endif + wolfSSL_FreeX509(x509); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -10825,21 +11049,22 @@ static int test_wolfSSL_TBS(void) int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ && defined(OPENSSL_EXTRA) - WOLFSSL_X509* x509; + EXPECT_DECLS; + WOLFSSL_X509* x509 = NULL; const unsigned char* tbs; int tbsSz; - AssertNotNull(x509 = - wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile, + WOLFSSL_FILETYPE_PEM)); - AssertNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz)); - AssertNull(tbs = wolfSSL_X509_get_tbs(x509, NULL)); - AssertNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); - AssertIntEQ(tbsSz, 1003); + ExpectNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz)); + ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, NULL)); + ExpectNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); + ExpectIntEQ(tbsSz, 1003); wolfSSL_FreeX509(x509); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -10849,57 +11074,59 @@ static int test_wolfSSL_X509_verify(void) int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ && defined(OPENSSL_EXTRA) - WOLFSSL_X509* ca; - WOLFSSL_X509* serv; - WOLFSSL_EVP_PKEY* pkey; + EXPECT_DECLS; + WOLFSSL_X509* ca = NULL; + WOLFSSL_X509* serv = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; unsigned char buf[2048]; const unsigned char* pt = NULL; int bufSz; - AssertNotNull(ca = + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM)); - AssertIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz), + ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz), + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz), WOLFSSL_SUCCESS); - AssertIntEQ(bufSz, 294); + ExpectIntEQ(bufSz, 294); bufSz = 2048; - AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE); - AssertIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk); + ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk); - AssertNotNull(serv = + ExpectNotNull(serv = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM)); /* success case */ pt = buf; - AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); + ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); - AssertIntEQ(i2d_PUBKEY(pkey, NULL), bufSz); + ExpectIntEQ(i2d_PUBKEY(pkey, NULL), bufSz); - AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; /* fail case */ bufSz = 2048; - AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz), + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz), WOLFSSL_SUCCESS); pt = buf; - AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); - AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE); + ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); + ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE); - AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR); - AssertIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_FreeX509(ca); wolfSSL_FreeX509(serv); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -11000,6 +11227,7 @@ static int test_wolfSSL_X509_TLS_version(void) defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) \ && !defined(NO_ASN_TIME) + EXPECT_DECLS; tcp_ready ready; func_args server_args; func_args client_args; @@ -11050,11 +11278,11 @@ static int test_wolfSSL_X509_TLS_version(void) join_thread(serverThread); #ifndef OPENSSL_COMPATIBLE_DEFAULTS - AssertIntEQ(client_args.return_code, TEST_FAIL); - AssertIntEQ(server_args.return_code, TEST_FAIL); + ExpectIntEQ(client_args.return_code, TEST_FAIL); + ExpectIntEQ(server_args.return_code, TEST_FAIL); #else - AssertIntEQ(client_args.return_code, TEST_SUCCESS); - AssertIntEQ(server_args.return_code, TEST_SUCCESS); + ExpectIntEQ(client_args.return_code, TEST_SUCCESS); + ExpectIntEQ(server_args.return_code, TEST_SUCCESS); #endif FreeTcpReady(&ready); @@ -11106,8 +11334,8 @@ static int test_wolfSSL_X509_TLS_version(void) test_client_nofail(&client_args, NULL); join_thread(serverThread); - AssertIntEQ(client_args.return_code, TEST_SUCCESS); - AssertIntEQ(server_args.return_code, TEST_SUCCESS); + ExpectIntEQ(client_args.return_code, TEST_SUCCESS); + ExpectIntEQ(server_args.return_code, TEST_SUCCESS); FreeTcpReady(&ready); @@ -11115,7 +11343,7 @@ static int test_wolfSSL_X509_TLS_version(void) fdCloseSession(Task_self()); #endif - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -11178,37 +11406,45 @@ static int test_wolfSSL_CTX_SetMinVersion(void) */ static int test_wolfSSL_UseOCSPStapling(void) { - int res = TEST_SKIPPED; - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \ - !defined(NO_WOLFSSL_CLIENT) - int ret; - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + int res = TEST_SKIPPED; +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \ + !defined(NO_WOLFSSL_CLIENT) + EXPECT_DECLS; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 - ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); #else - ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); #endif #else #ifndef WOLFSSL_NO_TLS12 - ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); #else - ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); #endif #endif - ssl = wolfSSL_new(ctx); + ExpectNotNull(ssl = wolfSSL_new(ctx)); - ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, - WOLFSSL_CSR2_OCSP_USE_NONCE); + ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), +#ifndef NO_WOLFSSL_CLIENT + 1 +#else + BAD_FUNC_ARG +#endif + ); - wolfSSL_free(ssl); - wolfSSL_CTX_free(ctx); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); - #endif - return res; + res = EXPECT_RESULT(); +#endif + return res; } /*END test_wolfSSL_UseOCSPStapling */ @@ -11219,39 +11455,47 @@ static int test_wolfSSL_UseOCSPStapling(void) */ static int test_wolfSSL_UseOCSPStaplingV2(void) { - int res = TEST_SKIPPED; - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \ - !defined(NO_WOLFSSL_CLIENT) - int ret; - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + int res = TEST_SKIPPED; +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \ + !defined(NO_WOLFSSL_CLIENT) + EXPECT_DECLS; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 - ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); #else - ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); #endif #else #ifndef WOLFSSL_NO_TLS12 - ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); #else - ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); #endif #endif - ssl = wolfSSL_new(ctx); + ExpectNotNull(ssl = wolfSSL_new(ctx)); - ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, - WOLFSSL_CSR2_OCSP_USE_NONCE ); + ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), +#ifndef NO_WOLFSSL_CLIENT + 1 +#else + BAD_FUNC_ARG +#endif + ); - wolfSSL_free(ssl); - wolfSSL_CTX_free(ctx); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); - #endif - return res; + res = EXPECT_RESULT(); +#endif + return res; -} /*END test_wolfSSL_UseOCSPStaplingV2*/ +} /* END test_wolfSSL_UseOCSPStaplingV2 */ /*----------------------------------------------------------------------------* | Multicast Tests @@ -11261,9 +11505,9 @@ static int test_wolfSSL_mcast(void) int res = TEST_SKIPPED; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \ (defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER)) - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; - int result; + EXPECT_DECLS; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; byte preMasterSecret[512]; byte clientRandom[32]; byte serverRandom[32]; @@ -11271,31 +11515,26 @@ static int test_wolfSSL_mcast(void) byte buf[256]; word16 newId; - ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()); - AssertNotNull(ctx); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())); - result = wolfSSL_CTX_mcast_set_member_id(ctx, 0); - AssertIntEQ(result, WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_mcast_set_member_id(ctx, 0), WOLFSSL_SUCCESS); - ssl = wolfSSL_new(ctx); - AssertNotNull(ssl); + ExpectNotNull(ssl = wolfSSL_new(ctx)); XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret)); XMEMSET(clientRandom, 0xA5, sizeof(clientRandom)); XMEMSET(serverRandom, 0x5A, sizeof(serverRandom)); - result = wolfSSL_set_secret(ssl, 23, - preMasterSecret, sizeof(preMasterSecret), - clientRandom, serverRandom, suite); - AssertIntEQ(result, WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_secret(ssl, 23, preMasterSecret, + sizeof(preMasterSecret), clientRandom, serverRandom, suite), + WOLFSSL_SUCCESS); - result = wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf)); - AssertIntLE(result, 0); - AssertIntLE(newId, 100); + ExpectIntLE(wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf)), 0); + ExpectIntLE(newId, 100); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST && (WOLFSSL_TLS13 || * WOLFSSL_SNIFFER) */ return res; @@ -31313,45 +31552,47 @@ static int test_wolfSSL_ASN1_BIT_STRING(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && defined(OPENSSL_ALL) - ASN1_BIT_STRING* str; + EXPECT_DECLS; + ASN1_BIT_STRING* str = NULL; - AssertNotNull(str = ASN1_BIT_STRING_new()); + ExpectNotNull(str = ASN1_BIT_STRING_new()); /* Empty data testing. */ - AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 1), 0); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 1), 0); ASN1_BIT_STRING_free(str); + str = NULL; - AssertNotNull(str = ASN1_BIT_STRING_new()); + ExpectNotNull(str = ASN1_BIT_STRING_new()); /* Invalid parameter testing. */ - AssertIntEQ(ASN1_BIT_STRING_set_bit(NULL, 42, 1), 0); - AssertIntEQ(ASN1_BIT_STRING_set_bit(str, -1, 1), 0); - AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 2), 0); - AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, -1), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(NULL, 42, 1), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, -1, 1), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 2), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, -1), 0); /* No bit string - bit is always 0. */ - AssertIntEQ(ASN1_BIT_STRING_get_bit(NULL, 42), 0); - AssertIntEQ(ASN1_BIT_STRING_get_bit(NULL, -1), 0); - AssertIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0); - AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 0), 0); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(NULL, 42), 0); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(NULL, -1), 0); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 0), 0); - AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1); - AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1); - AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0); - AssertIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0); - AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1); - AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1); - AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0); - AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 91, 0), 1); - AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 91), 0); - AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 89, 0), 1); - AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 89), 0); - AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 0), 1); - AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 91, 0), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 91), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 89, 0), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 89), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 0), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 0); ASN1_BIT_STRING_free(str); ASN1_BIT_STRING_free(NULL); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -31360,8 +31601,9 @@ static int test_wolfSSL_ASN1_INTEGER(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) - ASN1_INTEGER* a; - ASN1_INTEGER* dup; + EXPECT_DECLS; + ASN1_INTEGER* a = NULL; + ASN1_INTEGER* dup = NULL; const unsigned char invalidLenDer[] = { 0x02, 0x20, 0x00 }; @@ -31376,24 +31618,26 @@ static int test_wolfSSL_ASN1_INTEGER(void) /* Invalid parameter testing. */ ASN1_INTEGER_free(NULL); - AssertNull(wolfSSL_ASN1_INTEGER_dup(NULL)); + ExpectNull(wolfSSL_ASN1_INTEGER_dup(NULL)); - AssertNotNull(a = ASN1_INTEGER_new()); - AssertNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a)); + ExpectNotNull(a = ASN1_INTEGER_new()); + ExpectNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a)); + ASN1_INTEGER_free(dup); + dup = NULL; + ASN1_INTEGER_free(a); + a = NULL; + + p = longDer; + ExpectNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer))); + + p = longDer; + ExpectNotNull(a = d2i_ASN1_INTEGER(NULL, &p, sizeof(longDer))); + ExpectPtrNE(p, longDer); + ExpectNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a)); ASN1_INTEGER_free(dup); ASN1_INTEGER_free(a); - p = longDer; - AssertNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer))); - - p = longDer; - AssertNotNull(a = d2i_ASN1_INTEGER(NULL, &p, sizeof(longDer))); - AssertPtrNE(p, longDer); - AssertNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a)); - ASN1_INTEGER_free(dup); - ASN1_INTEGER_free(a); - - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -31402,35 +31646,36 @@ static int test_wolfSSL_ASN1_INTEGER_cmp(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) - ASN1_INTEGER* a; - ASN1_INTEGER* b; + EXPECT_DECLS; + ASN1_INTEGER* a = NULL; + ASN1_INTEGER* b = NULL; - AssertNotNull(a = ASN1_INTEGER_new()); - AssertNotNull(b = ASN1_INTEGER_new()); - AssertIntEQ(ASN1_INTEGER_set(a, 1), 1); - AssertIntEQ(ASN1_INTEGER_set(b, 1), 1); + ExpectNotNull(a = ASN1_INTEGER_new()); + ExpectNotNull(b = ASN1_INTEGER_new()); + ExpectIntEQ(ASN1_INTEGER_set(a, 1), 1); + ExpectIntEQ(ASN1_INTEGER_set(b, 1), 1); /* Invalid parameter testing. */ - AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, NULL), -1); - AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, NULL), -1); - AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, b), -1); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, NULL), -1); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, NULL), -1); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, b), -1); - AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); - AssertIntEQ(ASN1_INTEGER_set(b, -1), 1); - AssertIntGT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); - AssertIntEQ(ASN1_INTEGER_set(a, -2), 1); - AssertIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); - AssertIntEQ(ASN1_INTEGER_set(b, 1), 1); - AssertIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); - AssertIntEQ(ASN1_INTEGER_set(a, 0x01), 1); - AssertIntEQ(ASN1_INTEGER_set(b, 0x1000), 1); - AssertIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); - AssertIntGT(wolfSSL_ASN1_INTEGER_cmp(b, a), 0); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + ExpectIntEQ(ASN1_INTEGER_set(b, -1), 1); + ExpectIntGT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + ExpectIntEQ(ASN1_INTEGER_set(a, -2), 1); + ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + ExpectIntEQ(ASN1_INTEGER_set(b, 1), 1); + ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + ExpectIntEQ(ASN1_INTEGER_set(a, 0x01), 1); + ExpectIntEQ(ASN1_INTEGER_set(b, 0x1000), 1); + ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + ExpectIntGT(wolfSSL_ASN1_INTEGER_cmp(b, a), 0); ASN1_INTEGER_free(b); ASN1_INTEGER_free(a); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -31439,90 +31684,103 @@ static int test_wolfSSL_ASN1_INTEGER_BN(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) - ASN1_INTEGER* ai; - ASN1_INTEGER* ai2; - BIGNUM* bn; - BIGNUM* bn2; + EXPECT_DECLS; + ASN1_INTEGER* ai = NULL; + ASN1_INTEGER* ai2 = NULL; + BIGNUM* bn = NULL; + BIGNUM* bn2 = NULL; - ai = ASN1_INTEGER_new(); - AssertNotNull(ai); - bn2 = BN_new(); - AssertNotNull(bn2); + ExpectNotNull(ai = ASN1_INTEGER_new()); + ExpectNotNull(bn2 = BN_new()); /* Invalid parameter testing. */ - AssertNull(bn = ASN1_INTEGER_to_BN(NULL, NULL)); - AssertNull(ai2 = BN_to_ASN1_INTEGER(NULL, NULL)); + ExpectNull(bn = ASN1_INTEGER_to_BN(NULL, NULL)); + ExpectNull(ai2 = BN_to_ASN1_INTEGER(NULL, NULL)); /* at the moment hard setting since no set function */ - ai->data[0] = 0xff; /* No DER encoding. */ - ai->length = 1; + if (ai != NULL) { + ai->data[0] = 0xff; /* No DER encoding. */ + ai->length = 1; + } #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) - AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); BN_free(bn); + bn = NULL; #else - AssertNull(ASN1_INTEGER_to_BN(ai, NULL)); + ExpectNull(ASN1_INTEGER_to_BN(ai, NULL)); #endif - ai->data[0] = 0x02; /* tag for ASN_INTEGER */ - ai->data[1] = 0x04; /* bad length of integer */ - ai->data[2] = 0x03; - ai->length = 3; + if (ai != NULL) { + ai->data[0] = 0x02; /* tag for ASN_INTEGER */ + ai->data[1] = 0x04; /* bad length of integer */ + ai->data[2] = 0x03; + ai->length = 3; + } #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) /* Interpreted as a number 0x020403. */ - AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); BN_free(bn); + bn = NULL; #else - AssertNull(ASN1_INTEGER_to_BN(ai, NULL)); + ExpectNull(ASN1_INTEGER_to_BN(ai, NULL)); #endif - ai->data[0] = 0x02; /* tag for ASN_INTEGER */ - ai->data[1] = 0x01; /* length of integer */ - ai->data[2] = 0x03; - ai->length = 3; - AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); - AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, NULL)); - AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); - AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); - AssertIntEQ(BN_cmp(bn, bn2), 0); + if (ai != NULL) { + ai->data[0] = 0x02; /* tag for ASN_INTEGER */ + ai->data[1] = 0x01; /* length of integer */ + ai->data[2] = 0x03; + ai->length = 3; + } + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); + ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, NULL)); + ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); + ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); + ExpectIntEQ(BN_cmp(bn, bn2), 0); - ai->data[0] = 0x02; /* tag for ASN_INTEGER */ - ai->data[1] = 0x02; /* length of integer */ - ai->data[2] = 0x00; /* padding byte to ensure positive */ - ai->data[3] = 0xff; - ai->length = 4; - AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); - AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); - AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); - AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); - AssertIntEQ(BN_cmp(bn, bn2), 0); + if (ai != NULL) { + ai->data[0] = 0x02; /* tag for ASN_INTEGER */ + ai->data[1] = 0x02; /* length of integer */ + ai->data[2] = 0x00; /* padding byte to ensure positive */ + ai->data[3] = 0xff; + ai->length = 4; + } + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); + ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); + ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); + ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); + ExpectIntEQ(BN_cmp(bn, bn2), 0); - ai->data[0] = 0x02; /* tag for ASN_INTEGER */ - ai->data[1] = 0x01; /* length of integer */ - ai->data[2] = 0x00; - ai->length = 3; - AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); - AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); - AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); - AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); - AssertIntEQ(BN_cmp(bn, bn2), 0); + if (ai != NULL) { + ai->data[0] = 0x02; /* tag for ASN_INTEGER */ + ai->data[1] = 0x01; /* length of integer */ + ai->data[2] = 0x00; + ai->length = 3; + } + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); + ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); + ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); + ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); + ExpectIntEQ(BN_cmp(bn, bn2), 0); - ai->data[0] = 0x02; /* tag for ASN_INTEGER */ - ai->data[1] = 0x01; /* length of integer */ - ai->data[2] = 0x01; - ai->length = 3; - ai->negative = 1; - AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); - AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); - AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); - AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); - AssertIntEQ(BN_cmp(bn, bn2), 0); + if (ai != NULL) { + ai->data[0] = 0x02; /* tag for ASN_INTEGER */ + ai->data[1] = 0x01; /* length of integer */ + ai->data[2] = 0x01; + ai->length = 3; + ai->negative = 1; + } + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); + ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); + ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); + ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); + ExpectIntEQ(BN_cmp(bn, bn2), 0); BN_free(bn2); BN_free(bn); ASN1_INTEGER_free(ai2); ASN1_INTEGER_free(ai); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -31531,99 +31789,99 @@ static int test_wolfSSL_ASN1_INTEGER_get_set(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) - ASN1_INTEGER *a; + EXPECT_DECLS; + ASN1_INTEGER *a = NULL; long val; - int ret; - a = ASN1_INTEGER_new(); + ExpectNotNull(a = ASN1_INTEGER_new()); /* Invalid parameter testing. */ - AssertIntEQ(ASN1_INTEGER_get(NULL), 0); + ExpectIntEQ(ASN1_INTEGER_get(NULL), 0); #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) - AssertIntEQ(ASN1_INTEGER_get(a), 0); + ExpectIntEQ(ASN1_INTEGER_get(a), 0); #else - AssertIntEQ(ASN1_INTEGER_get(a), -1); + ExpectIntEQ(ASN1_INTEGER_get(a), -1); #endif ASN1_INTEGER_free(a); + a = NULL; - a = ASN1_INTEGER_new(); + ExpectNotNull(a = ASN1_INTEGER_new()); val = 0; - ret = ASN1_INTEGER_set(NULL, val); - AssertIntEQ(ret, 0); + ExpectIntEQ(ASN1_INTEGER_set(NULL, val), 0); ASN1_INTEGER_free(a); + a = NULL; /* 0 */ - a = ASN1_INTEGER_new(); + ExpectNotNull(a = ASN1_INTEGER_new()); val = 0; - ret = ASN1_INTEGER_set(a, val); - AssertIntEQ(ret, 1); - AssertIntEQ(ASN1_INTEGER_get(a), val); + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); ASN1_INTEGER_free(a); + a = NULL; /* 40 */ - a = ASN1_INTEGER_new(); + ExpectNotNull(a = ASN1_INTEGER_new()); val = 40; - ret = ASN1_INTEGER_set(a, val); - AssertIntEQ(ret, 1); - AssertIntEQ(ASN1_INTEGER_get(a), val); + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); ASN1_INTEGER_free(a); + a = NULL; /* -40 */ - a = ASN1_INTEGER_new(); + ExpectNotNull(a = ASN1_INTEGER_new()); val = -40; - ret = ASN1_INTEGER_set(a, val); - AssertIntEQ(ret, 1); - AssertIntEQ(ASN1_INTEGER_get(a), val); + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); ASN1_INTEGER_free(a); + a = NULL; /* 128 */ - a = ASN1_INTEGER_new(); + ExpectNotNull(a = ASN1_INTEGER_new()); val = 128; - ret = ASN1_INTEGER_set(a, val); - AssertIntEQ(ret, 1); - AssertIntEQ(ASN1_INTEGER_get(a), val); + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); ASN1_INTEGER_free(a); + a = NULL; /* -128 */ - a = ASN1_INTEGER_new(); + ExpectNotNull(a = ASN1_INTEGER_new()); val = -128; - ret = ASN1_INTEGER_set(a, val); - AssertIntEQ(ret, 1); - AssertIntEQ(ASN1_INTEGER_get(a), val); + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); ASN1_INTEGER_free(a); + a = NULL; /* 200 */ - a = ASN1_INTEGER_new(); + ExpectNotNull(a = ASN1_INTEGER_new()); val = 200; - ret = ASN1_INTEGER_set(a, val); - AssertIntEQ(ret, 1); - AssertIntEQ(ASN1_INTEGER_get(a), val); + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); ASN1_INTEGER_free(a); + a = NULL; /* int max (2147483647) */ - a = ASN1_INTEGER_new(); + ExpectNotNull(a = ASN1_INTEGER_new()); val = 2147483647; - ret = ASN1_INTEGER_set(a, val); - AssertIntEQ(ret, 1); - AssertIntEQ(ASN1_INTEGER_get(a), val); + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); ASN1_INTEGER_free(a); + a = NULL; /* int min (-2147483648) */ - a = ASN1_INTEGER_new(); + ExpectNotNull(a = ASN1_INTEGER_new()); val = -2147483647 - 1; - ret = ASN1_INTEGER_set(a, val); - AssertIntEQ(ret, 1); - AssertIntEQ(ASN1_INTEGER_get(a), val); + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); ASN1_INTEGER_free(a); + a = NULL; /* long max positive */ - a = ASN1_INTEGER_new(); + ExpectNotNull(a = ASN1_INTEGER_new()); val = (long)(((unsigned long)-1) >> 1); - ret = ASN1_INTEGER_set(a, val); - AssertIntEQ(ret, 1); - AssertIntEQ(ASN1_INTEGER_get(a), val); + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); ASN1_INTEGER_free(a); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -31639,11 +31897,13 @@ static int test_wolfSSL_d2i_ASN1_INTEGER(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) + EXPECT_DECLS; size_t i; WOLFSSL_ASN1_INTEGER* a = NULL; WOLFSSL_ASN1_INTEGER* b = NULL; WOLFSSL_ASN1_INTEGER* c = NULL; const byte* p = NULL; + byte* p2 = NULL; byte* reEncoded = NULL; int reEncodedSz; @@ -31699,76 +31959,80 @@ static int test_wolfSSL_d2i_ASN1_INTEGER(void) /* Check d2i error conditions */ /* NULL pointer to input. */ - AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, NULL, 1))); - AssertNull(b); + ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, NULL, 1))); + ExpectNull(b); /* NULL input. */ - AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 1))); - AssertNull(b); + ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 1))); + ExpectNull(b); /* 0 length. */ p = testVectors[0].der; - AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 0))); - AssertNull(b); + ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 0))); + ExpectNull(b); /* Negative length. */ p = testVectors[0].der; - AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, -1))); - AssertNull(b); + ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, -1))); + ExpectNull(b); /* Garbage DER input. */ p = garbageDer; - AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, sizeof(garbageDer)))); - AssertNull(b); + ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, sizeof(garbageDer)))); + ExpectNull(b); - { /* Check i2d error conditions */ /* NULL input. */ - byte* p2 = NULL; - AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(NULL, &p2), 0); + ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(NULL, &p2), 0); /* 0 length input data buffer (a->length == 0). */ - AssertNotNull((a = wolfSSL_ASN1_INTEGER_new())); - AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0); - a->data = NULL; + ExpectNotNull((a = wolfSSL_ASN1_INTEGER_new())); + ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0); + if (a != NULL) + a->data = NULL; /* NULL input data buffer. */ - AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0); - /* Reset a->data. */ - a->data = a->intData; - /* Set a to valid value. */ - AssertIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS); - /* NULL output buffer. */ - AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 0); - wolfSSL_ASN1_INTEGER_free(a); + ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0); + if (a != NULL) { + /* Reset a->data. */ + a->data = a->intData; } + /* Set a to valid value. */ + ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS); + /* NULL output buffer. */ + ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 0); + wolfSSL_ASN1_INTEGER_free(a); + a = NULL; for (i = 0; i < NUM_TEST_VECTORS; ++i) { p = testVectors[i].der; - a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, testVectors[i].derSz); - AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + ExpectNotNull(a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, + testVectors[i].derSz)); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); if (testVectors[i].derSz <= sizeof(long)) { - c = wolfSSL_ASN1_INTEGER_new(); - wolfSSL_ASN1_INTEGER_set(c, testVectors[i].value); - AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, c), 0); + ExpectNotNull(c = wolfSSL_ASN1_INTEGER_new()); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(c, testVectors[i].value), 1); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, c), 0); wolfSSL_ASN1_INTEGER_free(c); + c = NULL; } /* Convert to DER without a pre-allocated output buffer. */ - AssertIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0); - AssertIntEQ(reEncodedSz, testVectors[i].derSz); - AssertIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0); + ExpectIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0); + ExpectIntEQ(reEncodedSz, testVectors[i].derSz); + ExpectIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0); /* Convert to DER with a pre-allocated output buffer. In this case, the * output buffer pointer should be incremented just past the end of the * encoded data. */ - p = reEncoded; - AssertIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0); - AssertIntEQ(reEncodedSz, testVectors[i].derSz); - AssertPtrEq(p, reEncoded - reEncodedSz); - AssertIntEQ(XMEMCMP(p, testVectors[i].der, reEncodedSz), 0); + p2 = reEncoded; + ExpectIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &p2)), 0); + ExpectIntEQ(reEncodedSz, testVectors[i].derSz); + ExpectPtrEq(reEncoded, p2 - reEncodedSz); + ExpectIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0); - XFREE(reEncoded - reEncodedSz, NULL, DYNAMIC_TYPE_ASN1); + XFREE(reEncoded, NULL, DYNAMIC_TYPE_ASN1); reEncoded = NULL; wolfSSL_ASN1_INTEGER_free(a); + a = NULL; } - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_EXTRA */ return res; } @@ -31777,10 +32041,11 @@ static int test_wolfSSL_a2i_ASN1_INTEGER(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) - BIO* bio; - BIO* out; - BIO* fixed; - ASN1_INTEGER* ai; + EXPECT_DECLS; + BIO* bio = NULL; + BIO* out = NULL; + BIO* fixed = NULL; + ASN1_INTEGER* ai = NULL; char buf[] = "123456\n12345\n1123456789123456\\\n78901234567890 \r\n\n"; char tmp[1024]; int tmpSz; @@ -31790,81 +32055,81 @@ static int test_wolfSSL_a2i_ASN1_INTEGER(void) char longStr[] = "123456781234567812345678123456781234567812345678\n" "123456781234567812345678123456781234567812345678\\\n12345678\n"; - AssertNotNull(out = BIO_new(BIO_s_mem())); - AssertNotNull(ai = ASN1_INTEGER_new()); + ExpectNotNull(out = BIO_new(BIO_s_mem())); + ExpectNotNull(ai = ASN1_INTEGER_new()); - AssertNotNull(bio = BIO_new_mem_buf(buf, -1)); + ExpectNotNull(bio = BIO_new_mem_buf(buf, -1)); /* Invalid parameter testing. */ - AssertIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, -1), 0); - AssertIntEQ(a2i_ASN1_INTEGER(bio, NULL, NULL, -1), 0); - AssertIntEQ(a2i_ASN1_INTEGER(NULL, ai, NULL, -1), 0); - AssertIntEQ(a2i_ASN1_INTEGER(NULL, NULL, tmp, -1), 0); - AssertIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, 1024), 0); - AssertIntEQ(a2i_ASN1_INTEGER(NULL, ai, tmp, 1024), 0); - AssertIntEQ(a2i_ASN1_INTEGER(bio, NULL, tmp, 1024), 0); - AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, NULL, 1024), 0); - AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, -1), 0); - AssertIntEQ(i2a_ASN1_INTEGER(NULL, NULL), 0); - AssertIntEQ(i2a_ASN1_INTEGER(bio, NULL), 0); - AssertIntEQ(i2a_ASN1_INTEGER(NULL, ai), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, -1), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, NULL, -1), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, NULL, -1), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, tmp, -1), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, 1024), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, tmp, 1024), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, tmp, 1024), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, NULL, 1024), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, -1), 0); + ExpectIntEQ(i2a_ASN1_INTEGER(NULL, NULL), 0); + ExpectIntEQ(i2a_ASN1_INTEGER(bio, NULL), 0); + ExpectIntEQ(i2a_ASN1_INTEGER(NULL, ai), 0); /* No data to read from BIO. */ - AssertIntEQ(a2i_ASN1_INTEGER(out, ai, tmp, 1024), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(out, ai, tmp, 1024), 0); /* read first line */ - AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); - AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 6); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 6); XMEMSET(tmp, 0, 1024); tmpSz = BIO_read(out, tmp, 1024); - AssertIntEQ(tmpSz, 6); - AssertIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0); + ExpectIntEQ(tmpSz, 6); + ExpectIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0); /* fail on second line (not % 2) */ - AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0); /* read 3rd long line */ - AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); - AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 30); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 30); XMEMSET(tmp, 0, 1024); tmpSz = BIO_read(out, tmp, 1024); - AssertIntEQ(tmpSz, 30); - AssertIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0); + ExpectIntEQ(tmpSz, 30); + ExpectIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0); /* fail on empty line */ - AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0); BIO_free(bio); + bio = NULL; /* Make long integer, requiring dynamic memory, even longer. */ - AssertNotNull(bio = BIO_new_mem_buf(longStr, -1)); - AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); - AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 48); + ExpectNotNull(bio = BIO_new_mem_buf(longStr, -1)); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 48); XMEMSET(tmp, 0, 1024); tmpSz = BIO_read(out, tmp, 1024); - AssertIntEQ(tmpSz, 48); - AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); - AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 56); + ExpectIntEQ(tmpSz, 48); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 56); XMEMSET(tmp, 0, 1024); tmpSz = BIO_read(out, tmp, 1024); - AssertIntEQ(tmpSz, 56); - AssertIntEQ(wolfSSL_ASN1_INTEGER_set(ai, 1), 1); + ExpectIntEQ(tmpSz, 56); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(ai, 1), 1); BIO_free(bio); BIO_free(out); - AssertNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ - AssertIntEQ(BIO_write(fixed, tmp, 1), 1); - AssertIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); - AssertIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0); + ExpectIntEQ(BIO_write(fixed, tmp, 1), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0); BIO_free(fixed); ASN1_INTEGER_free(ai); - - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -31873,178 +32138,208 @@ static int test_wolfSSL_i2c_ASN1_INTEGER(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) - ASN1_INTEGER *a; + EXPECT_DECLS; + ASN1_INTEGER *a = NULL; unsigned char *pp,*tpp; int ret; - a = wolfSSL_ASN1_INTEGER_new(); + ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new()); /* Invalid parameter testing. */ /* Set pp to an invalid value. */ pp = NULL; - AssertIntEQ(i2c_ASN1_INTEGER(NULL, &pp), 0); - AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 0); - AssertIntEQ(i2c_ASN1_INTEGER(NULL, NULL), 0); + ExpectIntEQ(i2c_ASN1_INTEGER(NULL, &pp), 0); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &pp), 0); + ExpectIntEQ(i2c_ASN1_INTEGER(NULL, NULL), 0); /* 40 */ - a->intData[0] = ASN_INTEGER; - a->intData[1] = 1; - a->intData[2] = 40; - AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); - AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 40; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; - XMEMSET(pp, 0, ret + 1); - AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 1); - pp--; - AssertIntEQ(*pp, 40); - XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1); + tpp--; + ExpectIntEQ(*tpp, 40); + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; /* 128 */ - a->intData[0] = ASN_INTEGER; - a->intData[1] = 1; - a->intData[2] = 128; - AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); - AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 128; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; - XMEMSET(pp, 0, ret + 1); - AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 2); - pp--; - AssertIntEQ(*(pp--), 128); - AssertIntEQ(*pp, 0); - XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2); + tpp--; + ExpectIntEQ(*(tpp--), 128); + ExpectIntEQ(*tpp, 0); + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; /* -40 */ - a->intData[0] = ASN_INTEGER; - a->intData[1] = 1; - a->intData[2] = 40; - a->negative = 1; - AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); - AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 40; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; - XMEMSET(pp, 0, ret + 1); - AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 1); - pp--; - AssertIntEQ(*pp, 216); - XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1); + tpp--; + ExpectIntEQ(*tpp, 216); + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; /* -128 */ - a->intData[0] = ASN_INTEGER; - a->intData[1] = 1; - a->intData[2] = 128; - a->negative = 1; - AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); - AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 128; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; - XMEMSET(pp, 0, ret + 1); - AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 1); - pp--; - AssertIntEQ(*pp, 128); - XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1); + tpp--; + ExpectIntEQ(*tpp, 128); + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; /* -200 */ - a->intData[0] = ASN_INTEGER; - a->intData[1] = 1; - a->intData[2] = 200; - a->negative = 1; - AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); - AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 200; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; - XMEMSET(pp, 0, ret + 1); - AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 2); - pp--; - AssertIntEQ(*(pp--), 56); - AssertIntEQ(*pp, 255); - XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2); + tpp--; + ExpectIntEQ(*(tpp--), 56); + ExpectIntEQ(*tpp, 255); + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; /* Empty */ - a->intData[0] = ASN_INTEGER; - a->intData[1] = 0; - a->negative = 0; - AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); - AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 0; + a->negative = 0; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; - XMEMSET(pp, 0, ret + 1); - AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 1); - pp--; - AssertIntEQ(*pp, 0); - XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1); + tpp--; + ExpectIntEQ(*tpp, 0); + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; /* 0 */ - a->intData[0] = ASN_INTEGER; - a->intData[1] = 1; - a->intData[2] = 0; - a->negative = 1; - AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); - AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 0; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; - XMEMSET(pp, 0, ret + 1); - AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 1); - pp--; - AssertIntEQ(*pp, 0); - XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1); + tpp--; + ExpectIntEQ(*tpp, 0); + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; /* 0x100 */ - a->intData[0] = ASN_INTEGER; - a->intData[1] = 2; - a->intData[2] = 0x01; - a->intData[3] = 0x00; - a->negative = 0; - AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); - AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 2; + a->intData[2] = 0x01; + a->intData[3] = 0x00; + a->negative = 0; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; - XMEMSET(pp, 0, ret + 1); - AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 2); - pp -= 2; - AssertIntEQ(pp[0], 0x01); - AssertIntEQ(pp[1], 0x00); - XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2); + tpp -= 2; + ExpectIntEQ(tpp[0], 0x01); + ExpectIntEQ(tpp[1], 0x00); + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; /* -0x8000 => 0x8000 */ - a->intData[0] = ASN_INTEGER; - a->intData[1] = 2; - a->intData[2] = 0x80; - a->intData[3] = 0x00; - a->negative = 1; - AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); - AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 2; + a->intData[2] = 0x80; + a->intData[3] = 0x00; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; - XMEMSET(pp, 0, ret + 1); - AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 2); - pp -= 2; - AssertIntEQ(pp[0], 0x80); - AssertIntEQ(pp[1], 0x00); - XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2); + tpp -= 2; + ExpectIntEQ(tpp[0], 0x80); + ExpectIntEQ(tpp[1], 0x00); + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; /* -0x8001 => 0xFF7FFF */ - a->intData[0] = ASN_INTEGER; - a->intData[1] = 2; - a->intData[2] = 0x80; - a->intData[3] = 0x01; - a->negative = 1; - AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 3); - AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 2; + a->intData[2] = 0x80; + a->intData[3] = 0x01; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 3); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; - XMEMSET(pp, 0, ret + 1); - AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 3); - pp -= 3; - AssertIntEQ(pp[0], 0xFF); - AssertIntEQ(pp[1], 0x7F); - AssertIntEQ(pp[2], 0xFF); - XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 3); + tpp -= 3; + ExpectIntEQ(tpp[0], 0xFF); + ExpectIntEQ(tpp[1], 0x7F); + ExpectIntEQ(tpp[2], 0xFF); + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_ASN1_INTEGER_free(a); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_EXTRA && !NO_ASN */ return res; } @@ -32053,26 +32348,28 @@ static int test_wolfSSL_ASN1_OBJECT(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) - ASN1_OBJECT* a; + EXPECT_DECLS; + ASN1_OBJECT* a = NULL; ASN1_OBJECT s; const unsigned char der[] = { 0x06, 0x01, 0x00 }; /* Invalid parameter testing. */ ASN1_OBJECT_free(NULL); - AssertNull(wolfSSL_ASN1_OBJECT_dup(NULL)); + ExpectNull(wolfSSL_ASN1_OBJECT_dup(NULL)); /* Test that a static ASN1_OBJECT can be freed. */ XMEMSET(&s, 0, sizeof(ASN1_OBJECT)); ASN1_OBJECT_free(&s); - AssertNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s)); + ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s)); ASN1_OBJECT_free(a); + a = NULL; s.obj = der; s.objSz = sizeof(der); - AssertNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s)); + ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s)); ASN1_OBJECT_free(a); ASN1_OBJECT_free(&s); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_EXTRA */ return res; } @@ -32081,6 +32378,7 @@ static int test_wolfSSL_ASN1_get_object(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + EXPECT_DECLS; const unsigned char* derBuf = cliecc_cert_der_256; const unsigned char* nullPtr = NULL; const unsigned char objDerInvalidLen[] = { 0x30, 0x81 }; @@ -32095,124 +32393,125 @@ static int test_wolfSSL_ASN1_get_object(void) long asnLen = 0; int tag = 0; int cls = 0; - ASN1_OBJECT* a; + ASN1_OBJECT* a = NULL; ASN1_OBJECT s; XMEMSET(&s, 0, sizeof(ASN1_OBJECT)); /* Invalid encoding at length. */ p = objDerInvalidLen; - AssertIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)), + ExpectIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)), 0x80); p = objDerBadLen; /* Error = 0x80, Constructed = 0x20 */ - AssertIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)), + ExpectIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)), 0x80 | 0x20); /* Read a couple TLV triplets and make sure they match the expected values */ /* SEQUENCE */ - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0); - AssertIntEQ(asnLen, 862); - AssertIntEQ(tag, 0x10); - AssertIntEQ(cls, 0); + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0); + ExpectIntEQ(asnLen, 862); + ExpectIntEQ(tag, 0x10); + ExpectIntEQ(cls, 0); /* SEQUENCE */ - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); - AssertIntEQ(asnLen, 772); - AssertIntEQ(tag, 0x10); - AssertIntEQ(cls, 0); + ExpectIntEQ(asnLen, 772); + ExpectIntEQ(tag, 0x10); + ExpectIntEQ(cls, 0); /* [0] */ - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); - AssertIntEQ(asnLen, 3); - AssertIntEQ(tag, 0); - AssertIntEQ(cls, 0x80); + ExpectIntEQ(asnLen, 3); + ExpectIntEQ(tag, 0); + ExpectIntEQ(cls, 0x80); /* INTEGER */ - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); - AssertIntEQ(asnLen, 1); - AssertIntEQ(tag, 0x2); - AssertIntEQ(cls, 0); + ExpectIntEQ(asnLen, 1); + ExpectIntEQ(tag, 0x2); + ExpectIntEQ(cls, 0); derBuf += asnLen; /* INTEGER */ - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); - AssertIntEQ(asnLen, 20); - AssertIntEQ(tag, 0x2); - AssertIntEQ(cls, 0); + ExpectIntEQ(asnLen, 20); + ExpectIntEQ(tag, 0x2); + ExpectIntEQ(cls, 0); derBuf += asnLen; /* SEQUENCE */ - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); - AssertIntEQ(asnLen, 10); - AssertIntEQ(tag, 0x10); - AssertIntEQ(cls, 0); + ExpectIntEQ(asnLen, 10); + ExpectIntEQ(tag, 0x10); + ExpectIntEQ(cls, 0); /* Found OBJECT_ID. */ /* Invalid parameter testing. */ - AssertIntEQ(ASN1_get_object(NULL, NULL, NULL, NULL, 0), 0x80); - AssertIntEQ(ASN1_get_object(&nullPtr, NULL, NULL, NULL, 0), 0x80); - AssertIntEQ(ASN1_get_object(NULL, &asnLen, &tag, &cls, len), 0x80); - AssertIntEQ(ASN1_get_object(&nullPtr, &asnLen, &tag, &cls, len), 0x80); - AssertIntEQ(ASN1_get_object(&derBuf, NULL, &tag, &cls, len), 0x80); - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, NULL, &cls, len), 0x80); - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, NULL, len), 0x80); - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, 0), 0x80); - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, -1), 0x80); - AssertNull(d2i_ASN1_OBJECT(NULL, NULL, -1)); - AssertNull(d2i_ASN1_OBJECT(NULL, &nullPtr, -1)); - AssertNull(d2i_ASN1_OBJECT(NULL, &derBuf, -1)); - AssertNull(d2i_ASN1_OBJECT(NULL, NULL, 0)); - AssertNull(d2i_ASN1_OBJECT(&a, NULL, len)); - AssertNull(d2i_ASN1_OBJECT(&a, &nullPtr, len)); - AssertNull(d2i_ASN1_OBJECT(&a, &derBuf, -1)); - AssertNull(c2i_ASN1_OBJECT(NULL, NULL, -1)); - AssertNull(c2i_ASN1_OBJECT(NULL, &nullPtr, -1)); - AssertNull(c2i_ASN1_OBJECT(NULL, &derBuf, -1)); - AssertNull(c2i_ASN1_OBJECT(NULL, NULL, 1)); - AssertNull(c2i_ASN1_OBJECT(NULL, &nullPtr, 1)); + ExpectIntEQ(ASN1_get_object(NULL, NULL, NULL, NULL, 0), 0x80); + ExpectIntEQ(ASN1_get_object(&nullPtr, NULL, NULL, NULL, 0), 0x80); + ExpectIntEQ(ASN1_get_object(NULL, &asnLen, &tag, &cls, len), 0x80); + ExpectIntEQ(ASN1_get_object(&nullPtr, &asnLen, &tag, &cls, len), 0x80); + ExpectIntEQ(ASN1_get_object(&derBuf, NULL, &tag, &cls, len), 0x80); + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, NULL, &cls, len), 0x80); + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, NULL, len), 0x80); + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, 0), 0x80); + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, -1), 0x80); + ExpectNull(d2i_ASN1_OBJECT(NULL, NULL, -1)); + ExpectNull(d2i_ASN1_OBJECT(NULL, &nullPtr, -1)); + ExpectNull(d2i_ASN1_OBJECT(NULL, &derBuf, -1)); + ExpectNull(d2i_ASN1_OBJECT(NULL, NULL, 0)); + ExpectNull(d2i_ASN1_OBJECT(&a, NULL, len)); + ExpectNull(d2i_ASN1_OBJECT(&a, &nullPtr, len)); + ExpectNull(d2i_ASN1_OBJECT(&a, &derBuf, -1)); + ExpectNull(c2i_ASN1_OBJECT(NULL, NULL, -1)); + ExpectNull(c2i_ASN1_OBJECT(NULL, &nullPtr, -1)); + ExpectNull(c2i_ASN1_OBJECT(NULL, &derBuf, -1)); + ExpectNull(c2i_ASN1_OBJECT(NULL, NULL, 1)); + ExpectNull(c2i_ASN1_OBJECT(NULL, &nullPtr, 1)); /* Invalid encoding at length. */ p = objDerInvalidLen; - AssertNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerInvalidLen))); + ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerInvalidLen))); p = objDerBadLen; - AssertNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerBadLen))); + ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerBadLen))); p = objDerNotObj; - AssertNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNotObj))); + ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNotObj))); p = objDerNoData; - AssertNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNoData))); + ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNoData))); /* Create an ASN OBJECT from content */ p = derBuf + 2; - AssertNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 8)); + ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 8)); ASN1_OBJECT_free(a); + a = NULL; /* Create an ASN OBJECT from DER */ - AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len)); + ExpectNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len)); /* Invalid parameter testing. */ - AssertIntEQ(i2d_ASN1_OBJECT(NULL, NULL), 0); - AssertIntEQ(i2d_ASN1_OBJECT(&s, NULL), 0); + ExpectIntEQ(i2d_ASN1_OBJECT(NULL, NULL), 0); + ExpectIntEQ(i2d_ASN1_OBJECT(&s, NULL), 0); - AssertIntEQ(i2d_ASN1_OBJECT(a, NULL), 8); + ExpectIntEQ(i2d_ASN1_OBJECT(a, NULL), 8); der = NULL; - AssertIntEQ(i2d_ASN1_OBJECT(a, &der), 8); + ExpectIntEQ(i2d_ASN1_OBJECT(a, &der), 8); derPtr = objDer; - AssertIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 8); - AssertPtrNE(derPtr, objDer); - AssertIntEQ(XMEMCMP(der, objDer, 8), 0); + ExpectIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 8); + ExpectPtrNE(derPtr, objDer); + ExpectIntEQ(XMEMCMP(der, objDer, 8), 0); XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); ASN1_OBJECT_free(a); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */ return res; } @@ -32221,6 +32520,7 @@ static int test_wolfSSL_i2a_ASN1_OBJECT(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO) + EXPECT_DECLS; ASN1_OBJECT* obj = NULL; ASN1_OBJECT* a = NULL; BIO *bio = NULL; @@ -32229,38 +32529,41 @@ static int test_wolfSSL_i2a_ASN1_OBJECT(void) const unsigned char goodDer[] = { 0x06, 0x01, 0x01 }; const unsigned char* p; - AssertNotNull(obj = OBJ_nid2obj(NID_sha256)); - AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL); + ExpectNotNull(obj = OBJ_nid2obj(NID_sha256)); + ExpectTrue((bio = BIO_new(BIO_s_mem())) != NULL); - AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0); - AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0); + ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0); + ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0); - AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0); + ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0); /* No DER encoding in ASN1_OBJECT. */ - a = wolfSSL_ASN1_OBJECT_new(); - AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); + ExpectNotNull(a = wolfSSL_ASN1_OBJECT_new()); + ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); ASN1_OBJECT_free(a); + a = NULL; /* DER encoding - not OBJECT_ID */ p = notObjDer; - AssertNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3)); - AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); + ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3)); + ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); ASN1_OBJECT_free(a); + a = NULL; /* Bad length encoding. */ p = badLenDer; - AssertNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3)); - AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); + ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3)); + ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); ASN1_OBJECT_free(a); + a = NULL; /* Good encoding - but unknown. */ p = goodDer; - AssertNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3)); - AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); + ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3)); + ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); ASN1_OBJECT_free(a); BIO_free(bio); ASN1_OBJECT_free(obj); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -32270,24 +32573,24 @@ static int test_wolfSSL_i2t_ASN1_OBJECT(void) int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) - + EXPECT_DECLS; char buf[50] = {0}; ASN1_OBJECT* obj; const char* oid = "2.5.29.19"; const char* ln = "X509v3 Basic Constraints"; obj = NULL; - AssertIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), 0); - AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), 0); - AssertIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), 0); + ExpectIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), 0); + ExpectIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), 0); + ExpectIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), 0); - AssertNotNull(obj = OBJ_txt2obj(oid, 0)); + ExpectNotNull(obj = OBJ_txt2obj(oid, 0)); XMEMSET(buf, 0, sizeof(buf)); - AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln)); - AssertIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0); + ExpectIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln)); + ExpectIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0); ASN1_OBJECT_free(obj); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */ return res; } @@ -32296,30 +32599,33 @@ static int test_wolfSSL_sk_ASN1_OBJECT(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) - WOLFSSL_STACK* sk; + EXPECT_DECLS; + WOLFSSL_STACK* sk = NULL; WOLFSSL_ASN1_OBJECT* obj; - AssertNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - AssertNotNull(sk = wolfSSL_sk_new_asn1_obj()); + ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj()); wolfSSL_sk_ASN1_OBJECT_free(sk); + sk = NULL; - AssertNotNull(sk = wolfSSL_sk_new_asn1_obj()); - AssertIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), 0); - AssertIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, NULL), 0); - AssertIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), 0); - AssertIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1); + ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj()); + ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), 0); + ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, NULL), 0); + ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), 0); + ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1); wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); + sk = NULL; /* obj freed in pop_free call. */ - AssertNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - AssertNotNull(sk = wolfSSL_sk_new_asn1_obj()); - AssertIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1); - AssertPtrEq(obj, wolfSSL_sk_ASN1_OBJECT_pop(sk)); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj()); + ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1); + ExpectPtrEq(obj, wolfSSL_sk_ASN1_OBJECT_pop(sk)); wolfSSL_sk_ASN1_OBJECT_free(sk); wolfSSL_ASN1_OBJECT_free(obj); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* !NO_ASN && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */ return res; } @@ -32328,6 +32634,7 @@ static int test_wolfSSL_ASN1_STRING(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) + EXPECT_DECLS; ASN1_STRING* str = NULL; ASN1_STRING* c = NULL; const char data[] = "hello wolfSSL"; @@ -32335,55 +32642,56 @@ static int test_wolfSSL_ASN1_STRING(void) const char longData[] = "This string must be longer than CTC_NAME_SIZE that is defined as 64."; - AssertNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); ASN1_STRING_free(str); + str = NULL; - AssertNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); - AssertIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING); - AssertIntEQ(ASN1_STRING_type(NULL), 0); + ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ExpectIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING); + ExpectIntEQ(ASN1_STRING_type(NULL), 0); /* Check setting to NULL works. */ - AssertIntEQ(ASN1_STRING_set(str, NULL, 0), 1); - AssertIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1); - AssertIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1); - AssertIntEQ(ASN1_STRING_set(str, NULL, -1), 0); - AssertIntEQ(ASN1_STRING_set(NULL, NULL, 0), 0); + ExpectIntEQ(ASN1_STRING_set(str, NULL, 0), 1); + ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1); + ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1); + ExpectIntEQ(ASN1_STRING_set(str, NULL, -1), 0); + ExpectIntEQ(ASN1_STRING_set(NULL, NULL, 0), 0); - AssertIntEQ(wolfSSL_ASN1_STRING_copy(NULL, NULL), 0); - AssertIntEQ(wolfSSL_ASN1_STRING_copy(str, NULL), 0); - AssertIntEQ(wolfSSL_ASN1_STRING_copy(NULL, str), 0); - AssertNull(wolfSSL_ASN1_STRING_dup(NULL)); + ExpectIntEQ(wolfSSL_ASN1_STRING_copy(NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_copy(str, NULL), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_copy(NULL, str), 0); + ExpectNull(wolfSSL_ASN1_STRING_dup(NULL)); - AssertNotNull(c = wolfSSL_ASN1_STRING_dup(str)); - AssertIntEQ(ASN1_STRING_cmp(NULL, NULL), -1); - AssertIntEQ(ASN1_STRING_cmp(str, NULL), -1); - AssertIntEQ(ASN1_STRING_cmp(NULL, c), -1); - AssertIntEQ(ASN1_STRING_cmp(str, c), 0); - AssertIntEQ(ASN1_STRING_set(c, (const void*)data2, -1), 1); - AssertIntGT(ASN1_STRING_cmp(str, c), 0); - AssertIntEQ(ASN1_STRING_set(str, (const void*)longData, -1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_copy(c, str), 1); - AssertIntEQ(ASN1_STRING_cmp(str, c), 0); + ExpectNotNull(c = wolfSSL_ASN1_STRING_dup(str)); + ExpectIntEQ(ASN1_STRING_cmp(NULL, NULL), -1); + ExpectIntEQ(ASN1_STRING_cmp(str, NULL), -1); + ExpectIntEQ(ASN1_STRING_cmp(NULL, c), -1); + ExpectIntEQ(ASN1_STRING_cmp(str, c), 0); + ExpectIntEQ(ASN1_STRING_set(c, (const void*)data2, -1), 1); + ExpectIntGT(ASN1_STRING_cmp(str, c), 0); + ExpectIntEQ(ASN1_STRING_set(str, (const void*)longData, -1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_copy(c, str), 1); + ExpectIntEQ(ASN1_STRING_cmp(str, c), 0); /* Check setting back to smaller size frees dynamic data. */ - AssertIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1); - AssertIntLT(ASN1_STRING_cmp(str, c), 0); - AssertIntGT(ASN1_STRING_cmp(c, str), 0); + ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1); + ExpectIntLT(ASN1_STRING_cmp(str, c), 0); + ExpectIntGT(ASN1_STRING_cmp(c, str), 0); - AssertNull(ASN1_STRING_get0_data(NULL)); - AssertNotNull(ASN1_STRING_get0_data(str)); - AssertNull(ASN1_STRING_data(NULL)); - AssertNotNull(ASN1_STRING_data(str)); - AssertIntEQ(ASN1_STRING_length(NULL), 0); - AssertIntGT(ASN1_STRING_length(str), 0); + ExpectNull(ASN1_STRING_get0_data(NULL)); + ExpectNotNull(ASN1_STRING_get0_data(str)); + ExpectNull(ASN1_STRING_data(NULL)); + ExpectNotNull(ASN1_STRING_data(str)); + ExpectIntEQ(ASN1_STRING_length(NULL), 0); + ExpectIntGT(ASN1_STRING_length(str), 0); ASN1_STRING_free(c); ASN1_STRING_free(str); ASN1_STRING_free(NULL); #ifndef NO_WOLFSSL_STUB - AssertNull(d2i_DISPLAYTEXT(NULL, NULL, 0)); + ExpectNull(d2i_DISPLAYTEXT(NULL, NULL, 0)); #endif - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -32391,49 +32699,51 @@ static int test_wolfSSL_ASN1_STRING(void) static int test_wolfSSL_ASN1_STRING_to_UTF8(void) { int res = TEST_SKIPPED; -#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_RSA) - WOLFSSL_X509* x509; - WOLFSSL_X509_NAME* subject; - WOLFSSL_X509_NAME_ENTRY* e; - WOLFSSL_ASN1_STRING* a; - FILE* file; +#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) + EXPECT_DECLS; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_NAME* subject = NULL; + WOLFSSL_X509_NAME_ENTRY* e = NULL; + WOLFSSL_ASN1_STRING* a = NULL; + FILE* file = XBADFILE; int idx = 0; char targetOutput[16] = "www.wolfssl.com"; - unsigned char* actual_output; + unsigned char* actual_output = NULL; int len = 0; - int result = 0; - AssertNotNull(file = fopen("./certs/server-cert.pem", "rb")); - AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); - fclose(file); + ExpectNotNull(file = fopen("./certs/server-cert.pem", "rb")); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != NULL) + fclose(file); /* wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName */ - AssertNotNull(subject = wolfSSL_X509_get_subject_name(x509)); - AssertIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject, + ExpectNotNull(subject = wolfSSL_X509_get_subject_name(x509)); + ExpectIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject, NID_commonName, -1)), 5); - AssertNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx)); - AssertNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e)); - AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15); - result = strncmp((const char*)actual_output, targetOutput, len); - AssertIntEQ(result, 0); + ExpectNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx)); + ExpectNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e)); + ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15); + ExpectIntEQ(strncmp((const char*)actual_output, targetOutput, len), 0); + a = NULL; /* wolfSSL_ASN1_STRING_to_UTF8(NULL, valid) */ - AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)), -1); + ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)), -1); /* wolfSSL_ASN1_STRING_to_UTF8(valid, NULL) */ - AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)), -1); + ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)), -1); /* wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL) */ - AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)), -1); + ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)), -1); wolfSSL_X509_free(x509); XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER); - AssertNotNull(a = ASN1_STRING_new()); - AssertIntEQ(wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a), -1); + ExpectNotNull(a = ASN1_STRING_new()); + ExpectIntEQ(wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a), -1); ASN1_STRING_free(a); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -32442,28 +32752,30 @@ static int test_wolfSSL_i2s_ASN1_STRING(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) - WOLFSSL_ASN1_STRING* str; + EXPECT_DECLS; + WOLFSSL_ASN1_STRING* str = NULL; const char* data = "test_wolfSSL_i2s_ASN1_STRING"; - char* ret; + char* ret = NULL; - AssertNotNull(str = ASN1_STRING_new()); + ExpectNotNull(str = ASN1_STRING_new()); - AssertNull(wolfSSL_i2s_ASN1_STRING(NULL, NULL)); + ExpectNull(wolfSSL_i2s_ASN1_STRING(NULL, NULL)); /* No data. */ - AssertNull(wolfSSL_i2s_ASN1_STRING(NULL, str)); + ExpectNull(wolfSSL_i2s_ASN1_STRING(NULL, str)); - AssertIntEQ(ASN1_STRING_set(str, data, 0), 1); - AssertNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str)); + ExpectIntEQ(ASN1_STRING_set(str, data, 0), 1); + ExpectNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str)); XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ret = NULL; - AssertIntEQ(ASN1_STRING_set(str, data, -1), 1); + ExpectIntEQ(ASN1_STRING_set(str, data, -1), 1); /* No type. */ - AssertNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str)); + ExpectNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str)); XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER); ASN1_STRING_free(str); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -32474,8 +32786,9 @@ static int test_wolfSSL_ASN1_STRING_canon(void) #if defined(WOLFSSL_TEST_STATIC_BUILD) #if !defined(NO_CERTS) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) - WOLFSSL_ASN1_STRING* orig; - WOLFSSL_ASN1_STRING* canon; + EXPECT_DECLS; + WOLFSSL_ASN1_STRING* orig = NULL; + WOLFSSL_ASN1_STRING* canon = NULL; const char* data = "test_wolfSSL_ASN1_STRING_canon"; const char* whitespaceOnly = "\t\r\n"; const char* modData = " \x01\f\t\x02\r\n\v\xff\nTt \n"; @@ -32483,45 +32796,48 @@ static int test_wolfSSL_ASN1_STRING_canon(void) const char longData[] = "This string must be longer than CTC_NAME_SIZE that is defined as 64."; - AssertNotNull(orig = ASN1_STRING_new()); - AssertNotNull(canon = ASN1_STRING_new()); + ExpectNotNull(orig = ASN1_STRING_new()); + ExpectNotNull(canon = ASN1_STRING_new()); /* Invalid parameter testing. */ - AssertIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); - AssertIntEQ(ASN1_STRING_cmp(orig, canon), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); + ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0); - AssertIntEQ(ASN1_STRING_set(orig, longData, (int)XSTRLEN(data)), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); - AssertIntEQ(ASN1_STRING_cmp(orig, canon), 0); + ExpectIntEQ(ASN1_STRING_set(orig, longData, (int)XSTRLEN(data)), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); + ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0); - AssertIntEQ(ASN1_STRING_set(orig, data, (int)XSTRLEN(data)), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); - AssertIntEQ(ASN1_STRING_cmp(orig, canon), 0); + ExpectIntEQ(ASN1_STRING_set(orig, data, (int)XSTRLEN(data)), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); + ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0); ASN1_STRING_free(orig); + orig = NULL; - AssertNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8)); - AssertIntEQ(ASN1_STRING_set(orig, modData, 15), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); - AssertIntEQ(ASN1_STRING_set(orig, canonData, 8), 1); - AssertIntEQ(ASN1_STRING_cmp(orig, canon), 0); + ExpectNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8)); + ExpectIntEQ(ASN1_STRING_set(orig, modData, 15), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); + ExpectIntEQ(ASN1_STRING_set(orig, canonData, 8), 1); + ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0); ASN1_STRING_free(orig); + orig = NULL; - AssertNotNull(orig = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)); - AssertIntEQ(ASN1_STRING_set(orig, whitespaceOnly, 3), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); + ExpectNotNull(orig = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)); + ExpectIntEQ(ASN1_STRING_set(orig, whitespaceOnly, 3), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); ASN1_STRING_free(orig); - AssertNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8)); - AssertIntEQ(ASN1_STRING_cmp(orig, canon), 0); + orig = NULL; + ExpectNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8)); + ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0); ASN1_STRING_free(orig); ASN1_STRING_free(canon); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif #endif return res; @@ -32532,6 +32848,7 @@ static int test_wolfSSL_ASN1_STRING_print(void) int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS) && \ !defined(NO_BIO) + EXPECT_DECLS; ASN1_STRING* asnStr = NULL; const char HELLO_DATA[]= \ {'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'}; @@ -32540,9 +32857,9 @@ static int test_wolfSSL_ASN1_STRING_print(void) unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)]; unsigned char expected[sizeof(unprintableData)+1]; unsigned char rbuf[MAX_BUF]; - - BIO *bio; - int p_len, i; + BIO *bio = NULL; + int p_len; + int i; /* setup */ @@ -32564,37 +32881,38 @@ static int test_wolfSSL_ASN1_STRING_print(void) expected[sizeof(expected)-1] = '\0'; XMEMSET(rbuf, 0, MAX_BUF); - bio = BIO_new(BIO_s_mem()); - BIO_set_write_buf_size(bio, MAX_BUF); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, MAX_BUF), 0); - asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); - ASN1_STRING_set(asnStr,(const void*)unprintableData, - (int)sizeof(unprintableData)); + ExpectNotNull(asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ExpectIntEQ(ASN1_STRING_set(asnStr,(const void*)unprintableData, + (int)sizeof(unprintableData)), 1); /* test */ - AssertIntEQ(wolfSSL_ASN1_STRING_print(NULL, NULL), 0); - AssertIntEQ(wolfSSL_ASN1_STRING_print(bio, NULL), 0); - AssertIntEQ(wolfSSL_ASN1_STRING_print(NULL, asnStr), 0); - AssertIntEQ(p_len = wolfSSL_ASN1_STRING_print(bio, asnStr), 46); - BIO_read(bio, (void*)rbuf, 46); + ExpectIntEQ(wolfSSL_ASN1_STRING_print(NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, NULL), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_print(NULL, asnStr), 0); + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print(bio, asnStr), 46); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 46), 46); - AssertStrEQ((char*)rbuf, (const char*)expected); + ExpectStrEQ((char*)rbuf, (const char*)expected); BIO_free(bio); + bio = NULL; - AssertNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem())); - AssertIntEQ(BIO_set_write_buf_size(bio, 1), 1); + ExpectNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ - AssertIntEQ(BIO_write(bio, rbuf, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); - AssertIntEQ(BIO_set_write_buf_size(bio, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); - AssertIntEQ(BIO_set_write_buf_size(bio, 45), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); + ExpectIntEQ(BIO_write(bio, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); + ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); + ExpectIntEQ(BIO_set_write_buf_size(bio, 45), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); BIO_free(bio); ASN1_STRING_free(asnStr); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS && !NO_BIO */ return res; } @@ -32603,149 +32921,143 @@ static int test_wolfSSL_ASN1_STRING_print_ex(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO) - ASN1_STRING* asn_str; + EXPECT_DECLS; + ASN1_STRING* asn_str = NULL; const char data[] = "Hello wolfSSL!"; - ASN1_STRING* esc_str; + ASN1_STRING* esc_str = NULL; const char esc_data[] = "a+;<>"; - ASN1_STRING* neg_int; + ASN1_STRING* neg_int = NULL; const char neg_int_data[] = "\xff"; - ASN1_STRING* neg_enum; + ASN1_STRING* neg_enum = NULL; const char neg_enum_data[] = "\xff"; - BIO *bio; - BIO *fixed; + BIO *bio = NULL; + BIO *fixed = NULL; unsigned long flags; int p_len; unsigned char rbuf[255]; /* setup */ XMEMSET(rbuf, 0, 255); - AssertNotNull(bio = BIO_new(BIO_s_mem())); - BIO_set_write_buf_size(bio, 255); - AssertNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, 255), 0); + ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); - asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); - ASN1_STRING_set(asn_str, (const void*)data, sizeof(data)); - esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); - ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data)); - neg_int = ASN1_STRING_type_new(V_ASN1_NEG_INTEGER); - ASN1_STRING_set(neg_int, (const void*)neg_int_data, - sizeof(neg_int_data) - 1); - neg_enum = ASN1_STRING_type_new(V_ASN1_NEG_ENUMERATED); - ASN1_STRING_set(neg_enum, (const void*)neg_enum_data, - sizeof(neg_enum_data) - 1); + ExpectNotNull(asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ExpectIntEQ(ASN1_STRING_set(asn_str, (const void*)data, sizeof(data)), 1); + ExpectNotNull(esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ExpectIntEQ(ASN1_STRING_set(esc_str, (const void*)esc_data, + sizeof(esc_data)), 1); + ExpectNotNull(neg_int = ASN1_STRING_type_new(V_ASN1_NEG_INTEGER)); + ExpectIntEQ(ASN1_STRING_set(neg_int, (const void*)neg_int_data, + sizeof(neg_int_data) - 1), 1); + ExpectNotNull(neg_enum = ASN1_STRING_type_new(V_ASN1_NEG_ENUMERATED)); + ExpectIntEQ(ASN1_STRING_set(neg_enum, (const void*)neg_enum_data, + sizeof(neg_enum_data) - 1), 1); /* Invalid parameter testing. */ - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, NULL, 0), 0); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(bio, NULL, 0), 0); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, asn_str, 0), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, NULL, 0), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(bio, NULL, 0), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, asn_str, 0), 0); /* no flags */ XMEMSET(rbuf, 0, 255); flags = 0; - p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); - AssertIntEQ(p_len, 15); - BIO_read(bio, (void*)rbuf, 15); - AssertStrEQ((char*)rbuf, "Hello wolfSSL!"); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 15); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 15), 15); + ExpectStrEQ((char*)rbuf, "Hello wolfSSL!"); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ - AssertIntEQ(BIO_write(fixed, rbuf, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 14), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 14), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); /* RFC2253 Escape */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_ESC_2253; - p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags); - AssertIntEQ(p_len, 9); - BIO_read(bio, (void*)rbuf, 9); - AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>"); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags), 9); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 9), 9); + ExpectStrEQ((char*)rbuf, "a\\+\\;\\<\\>"); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ - AssertIntEQ(BIO_write(fixed, rbuf, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 8), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); + ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 8), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); /* Show type */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_SHOW_TYPE; - p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); - AssertIntEQ(p_len, 28); - BIO_read(bio, (void*)rbuf, 28); - AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!"); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 28); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 28), 28); + ExpectStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!"); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ - AssertIntEQ(BIO_write(fixed, rbuf, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 12), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 27), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 12), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 27), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); /* Dump All */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL; - p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); - AssertIntEQ(p_len, 31); - BIO_read(bio, (void*)rbuf, 31); - AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100"); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 31); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 31), 31); + ExpectStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100"); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ - AssertIntEQ(BIO_write(fixed, rbuf, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 30), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 30), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); /* Dump Der */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER; - p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); - AssertIntEQ(p_len, 35); - BIO_read(bio, (void*)rbuf, 35); - AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100"); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 35); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 35), 35); + ExpectStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100"); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ - AssertIntEQ(BIO_write(fixed, rbuf, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 2), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 30), 1); - AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 2), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 30), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); /* Dump All + Show type */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; - p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); - AssertIntEQ(p_len, 44); - BIO_read(bio, (void*)rbuf, 44); - AssertStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100"); + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 44); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 44), 44); + ExpectStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100"); /* Dump All + Show type - Negative Integer. */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; - p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_int, flags); - AssertIntEQ(p_len, 11); - BIO_read(bio, (void*)rbuf, 11); - AssertStrEQ((char*)rbuf, "INTEGER:#FF"); + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_int, flags), 11); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 11), 11); + ExpectStrEQ((char*)rbuf, "INTEGER:#FF"); /* Dump All + Show type - Negative Enumerated. */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; - p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_enum, flags); - AssertIntEQ(p_len, 14); - BIO_read(bio, (void*)rbuf, 14); - AssertStrEQ((char*)rbuf, "ENUMERATED:#FF"); + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_enum, flags), 14); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 14), 14); + ExpectStrEQ((char*)rbuf, "ENUMERATED:#FF"); BIO_free(fixed); BIO_free(bio); @@ -32754,10 +33066,10 @@ static int test_wolfSSL_ASN1_STRING_print_ex(void) ASN1_STRING_free(neg_int); ASN1_STRING_free(neg_enum); - AssertStrEQ(wolfSSL_ASN1_tag2str(-1), "(unknown)"); - AssertStrEQ(wolfSSL_ASN1_tag2str(31), "(unknown)"); + ExpectStrEQ(wolfSSL_ASN1_tag2str(-1), "(unknown)"); + ExpectStrEQ(wolfSSL_ASN1_tag2str(31), "(unknown)"); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -32766,8 +33078,9 @@ static int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_ASN) - ASN1_STRING* asn1str_test; - ASN1_STRING* asn1str_answer; + EXPECT_DECLS; + ASN1_STRING* asn1str_test = NULL; + ASN1_STRING* asn1str_answer = NULL; /* Each character is encoded using 4 bytes */ char input[] = { 0, 0, 0, 'T', @@ -32782,38 +33095,39 @@ static int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void) 0, 0, 1, 's', }; - AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(NULL), 0); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(NULL), 0); /* Test wrong type. */ - AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); - AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); + ExpectNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); ASN1_STRING_free(asn1str_test); + asn1str_test = NULL; - AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)); + ExpectNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)); /* Test bad length. */ - AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input) - 1), 1); - AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); + ExpectIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input) - 1), 1); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); /* Test bad input. */ - AssertIntEQ(ASN1_STRING_set(asn1str_test, badInput + 0, 4), 1); - AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); - AssertIntEQ(ASN1_STRING_set(asn1str_test, badInput + 4, 4), 1); - AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); - AssertIntEQ(ASN1_STRING_set(asn1str_test, badInput + 8, 4), 1); - AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); + ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 0, 4), 1); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); + ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 4, 4), 1); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); + ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 8, 4), 1); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); - AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1); - AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1); + ExpectIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1); - AssertNotNull( + ExpectNotNull( asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)); - AssertIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1); + ExpectIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1); - AssertIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0); + ExpectIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0); ASN1_STRING_free(asn1str_test); ASN1_STRING_free(asn1str_answer); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_ALL && !NO_ASN */ return res; } @@ -32822,24 +33136,24 @@ static int test_wolfSSL_ASN1_GENERALIZEDTIME_free(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) - WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime; + EXPECT_DECLS; + WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime = NULL; unsigned char nullstr[32]; XMEMSET(nullstr, 0, 32); - asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC( - sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (asn1_gtime) { + ExpectNotNull(asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC( + sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, DYNAMIC_TYPE_TMP_BUFFER)); + if (asn1_gtime != NULL) { XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE); wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime); - AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32)); + ExpectIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32)); XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); } wolfSSL_ASN1_GENERALIZEDTIME_free(NULL); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_EXTRA */ return res; } @@ -32848,46 +33162,48 @@ static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) + EXPECT_DECLS; WOLFSSL_ASN1_GENERALIZEDTIME gtime; - BIO* bio; + BIO* bio = NULL; unsigned char buf[24]; int i; - AssertNotNull(bio = BIO_new(BIO_s_mem())); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); BIO_set_write_buf_size(bio, 24); XMEMSET(>ime, 0, sizeof(WOLFSSL_ASN1_GENERALIZEDTIME)); XMEMCPY(gtime.data, "20180504123500Z", ASN_GENERALIZED_TIME_SIZE); gtime.length = ASN_GENERALIZED_TIME_SIZE; /* Type not set. */ - AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); gtime.type = V_ASN1_GENERALIZEDTIME; /* Invalid parameters testing. */ - AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, >ime), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, >ime), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 1); - AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 20); - AssertIntEQ(XMEMCMP(buf, "May 04 12:35:00 2018", 20), 0); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 20); + ExpectIntEQ(XMEMCMP(buf, "May 04 12:35:00 2018", 20), 0); BIO_free(bio); + bio = NULL; - AssertNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem())); - AssertIntEQ(BIO_set_write_buf_size(bio, 1), 1); + ExpectNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ - AssertIntEQ(BIO_write(bio, buf, 1), 1); - AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); + ExpectIntEQ(BIO_write(bio, buf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); for (i = 1; i < 20; i++) { - AssertIntEQ(BIO_set_write_buf_size(bio, i), 1); - AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); + ExpectIntEQ(BIO_set_write_buf_size(bio, i), 1); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); } BIO_free(bio); wolfSSL_ASN1_GENERALIZEDTIME_free(>ime); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_EXTRA */ return res; } @@ -32896,34 +33212,35 @@ static int test_wolfSSL_ASN1_TIME(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) - WOLFSSL_ASN1_TIME* asn_time; + EXPECT_DECLS; + WOLFSSL_ASN1_TIME* asn_time = NULL; unsigned char *data; - AssertNotNull(asn_time = ASN1_TIME_new()); + ExpectNotNull(asn_time = ASN1_TIME_new()); #ifndef NO_WOLFSSL_STUB - AssertNotNull(ASN1_TIME_set(asn_time, 1)); + ExpectNotNull(ASN1_TIME_set(asn_time, 1)); #endif - AssertIntEQ(ASN1_TIME_set_string(NULL, NULL), 0); - AssertIntEQ(ASN1_TIME_set_string(asn_time, NULL), 0); - AssertIntEQ(ASN1_TIME_set_string(NULL, + ExpectIntEQ(ASN1_TIME_set_string(NULL, NULL), 0); + ExpectIntEQ(ASN1_TIME_set_string(asn_time, NULL), 0); + ExpectIntEQ(ASN1_TIME_set_string(NULL, "String longer than CTC_DATA_SIZE that is 32 bytes"), 0); - AssertIntEQ(ASN1_TIME_set_string(NULL, "101219181011Z"), 1); - AssertIntEQ(ASN1_TIME_set_string(asn_time, "101219181011Z"), 1); + ExpectIntEQ(ASN1_TIME_set_string(NULL, "101219181011Z"), 1); + ExpectIntEQ(ASN1_TIME_set_string(asn_time, "101219181011Z"), 1); - AssertIntEQ(wolfSSL_ASN1_TIME_get_length(NULL), 0); - AssertIntEQ(wolfSSL_ASN1_TIME_get_length(asn_time), ASN_UTC_TIME_SIZE - 1); - AssertNull(wolfSSL_ASN1_TIME_get_data(NULL)); - AssertNotNull(data = wolfSSL_ASN1_TIME_get_data(asn_time)); - AssertIntEQ(XMEMCMP(data, "101219181011Z", 14), 0); + ExpectIntEQ(wolfSSL_ASN1_TIME_get_length(NULL), 0); + ExpectIntEQ(wolfSSL_ASN1_TIME_get_length(asn_time), ASN_UTC_TIME_SIZE - 1); + ExpectNull(wolfSSL_ASN1_TIME_get_data(NULL)); + ExpectNotNull(data = wolfSSL_ASN1_TIME_get_data(asn_time)); + ExpectIntEQ(XMEMCMP(data, "101219181011Z", 14), 0); - AssertIntEQ(ASN1_TIME_check(NULL), 0); - AssertIntEQ(ASN1_TIME_check(asn_time), 1); + ExpectIntEQ(ASN1_TIME_check(NULL), 0); + ExpectIntEQ(ASN1_TIME_check(asn_time), 1); ASN1_TIME_free(asn_time); ASN1_TIME_free(NULL); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -32934,26 +33251,27 @@ static int test_wolfSSL_ASN1_TIME_to_string(void) #ifndef NO_ASN_TIME #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) - WOLFSSL_ASN1_TIME* t; + EXPECT_DECLS; + WOLFSSL_ASN1_TIME* t = NULL; char buf[ASN_GENERALIZED_TIME_SIZE]; - AssertNotNull((t = ASN1_TIME_new())); - AssertIntEQ(ASN1_TIME_set_string(t, "030222211515Z"), 1); + ExpectNotNull((t = ASN1_TIME_new())); + ExpectIntEQ(ASN1_TIME_set_string(t, "030222211515Z"), 1); /* Invalid parameter testing. */ - AssertNull(ASN1_TIME_to_string(NULL, NULL, 4)); - AssertNull(ASN1_TIME_to_string(t, NULL, 4)); - AssertNull(ASN1_TIME_to_string(NULL, buf, 4)); - AssertNull(ASN1_TIME_to_string(NULL, NULL, 5)); - AssertNull(ASN1_TIME_to_string(NULL, buf, 5)); - AssertNull(ASN1_TIME_to_string(t, NULL, 5)); - AssertNull(ASN1_TIME_to_string(t, buf, 4)); + ExpectNull(ASN1_TIME_to_string(NULL, NULL, 4)); + ExpectNull(ASN1_TIME_to_string(t, NULL, 4)); + ExpectNull(ASN1_TIME_to_string(NULL, buf, 4)); + ExpectNull(ASN1_TIME_to_string(NULL, NULL, 5)); + ExpectNull(ASN1_TIME_to_string(NULL, buf, 5)); + ExpectNull(ASN1_TIME_to_string(t, NULL, 5)); + ExpectNull(ASN1_TIME_to_string(t, buf, 4)); /* Buffer needs to be longer than minimum of 5 characters. */ - AssertNull(ASN1_TIME_to_string(t, buf, 5)); + ExpectNull(ASN1_TIME_to_string(t, buf, 5)); ASN1_TIME_free(t); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif #endif /* NO_ASN_TIME */ return res; @@ -32963,92 +33281,93 @@ static int test_wolfSSL_ASN1_TIME_diff_compare(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) - ASN1_TIME* fromTime; - ASN1_TIME* closeToTime; - ASN1_TIME* toTime; - ASN1_TIME* invalidTime; + EXPECT_DECLS; + ASN1_TIME* fromTime = NULL; + ASN1_TIME* closeToTime = NULL; + ASN1_TIME* toTime = NULL; + ASN1_TIME* invalidTime = NULL; int daysDiff; int secsDiff; - AssertNotNull((fromTime = ASN1_TIME_new())); + ExpectNotNull((fromTime = ASN1_TIME_new())); /* Feb 22, 2003, 21:15:15 */ - AssertIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1); - AssertNotNull((closeToTime = ASN1_TIME_new())); + ExpectIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1); + ExpectNotNull((closeToTime = ASN1_TIME_new())); /* Feb 22, 2003, 21:16:15 */ - AssertIntEQ(ASN1_TIME_set_string(closeToTime, "030222211615Z"), 1); - AssertNotNull((toTime = ASN1_TIME_new())); + ExpectIntEQ(ASN1_TIME_set_string(closeToTime, "030222211615Z"), 1); + ExpectNotNull((toTime = ASN1_TIME_new())); /* Dec 19, 2010, 18:10:11 */ - AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1); - AssertNotNull((invalidTime = ASN1_TIME_new())); + ExpectIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1); + ExpectNotNull((invalidTime = ASN1_TIME_new())); /* Dec 19, 2010, 18:10:11 but 'U' instead of 'Z' which is invalid. */ - AssertIntEQ(ASN1_TIME_set_string(invalidTime, "102519181011U"), 1); + ExpectIntEQ(ASN1_TIME_set_string(invalidTime, "102519181011U"), 1); - AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, invalidTime), 0); - AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, invalidTime, toTime), 0); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, invalidTime), 0); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, invalidTime, toTime), 0); - AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); /* Error conditions. */ - AssertIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime), 0); - AssertIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime), 0); + ExpectIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime), 0); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime), 0); /* If both times are NULL, difference is 0. */ - AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, NULL), 1); - AssertIntEQ(daysDiff, 0); - AssertIntEQ(secsDiff, 0); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, NULL), 1); + ExpectIntEQ(daysDiff, 0); + ExpectIntEQ(secsDiff, 0); /* If one time is NULL, it defaults to the current time. */ - AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, toTime), 1); - AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, NULL), 1); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, toTime), 1); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, NULL), 1); /* Normal operation. Both times non-NULL. */ - AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); - AssertIntEQ(daysDiff, 2856); - AssertIntEQ(secsDiff, 75296); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); + ExpectIntEQ(daysDiff, 2856); + ExpectIntEQ(secsDiff, 75296); /* Swapping the times should return negative values. */ - AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, toTime, fromTime), 1); - AssertIntEQ(daysDiff, -2856); - AssertIntEQ(secsDiff, -75296); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, toTime, fromTime), 1); + ExpectIntEQ(daysDiff, -2856); + ExpectIntEQ(secsDiff, -75296); /* Compare with invalid time string. */ - AssertIntEQ(ASN1_TIME_compare(fromTime, invalidTime), -2); - AssertIntEQ(ASN1_TIME_compare(invalidTime, toTime), -2); + ExpectIntEQ(ASN1_TIME_compare(fromTime, invalidTime), -2); + ExpectIntEQ(ASN1_TIME_compare(invalidTime, toTime), -2); /* Compare with days difference of 0. */ - AssertIntEQ(ASN1_TIME_compare(fromTime, closeToTime), -1); - AssertIntEQ(ASN1_TIME_compare(closeToTime, fromTime), 1); + ExpectIntEQ(ASN1_TIME_compare(fromTime, closeToTime), -1); + ExpectIntEQ(ASN1_TIME_compare(closeToTime, fromTime), 1); /* Days and seconds differences not 0. */ - AssertIntEQ(ASN1_TIME_compare(fromTime, toTime), -1); - AssertIntEQ(ASN1_TIME_compare(toTime, fromTime), 1); + ExpectIntEQ(ASN1_TIME_compare(fromTime, toTime), -1); + ExpectIntEQ(ASN1_TIME_compare(toTime, fromTime), 1); /* Same time. */ - AssertIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0); + ExpectIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0); /* Compare regression test: No seconds difference, just difference in days. */ ASN1_TIME_set_string(fromTime, "19700101000000Z"); ASN1_TIME_set_string(toTime, "19800101000000Z"); - AssertIntEQ(ASN1_TIME_compare(fromTime, toTime), -1); - AssertIntEQ(ASN1_TIME_compare(toTime, fromTime), 1); - AssertIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0); + ExpectIntEQ(ASN1_TIME_compare(fromTime, toTime), -1); + ExpectIntEQ(ASN1_TIME_compare(toTime, fromTime), 1); + ExpectIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0); /* Edge case with Unix epoch. */ - AssertNotNull(ASN1_TIME_set_string(fromTime, "19700101000000Z")); - AssertNotNull(ASN1_TIME_set_string(toTime, "19800101000000Z")); - AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); - AssertIntEQ(daysDiff, 3652); - AssertIntEQ(secsDiff, 0); + ExpectNotNull(ASN1_TIME_set_string(fromTime, "19700101000000Z")); + ExpectNotNull(ASN1_TIME_set_string(toTime, "19800101000000Z")); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); + ExpectIntEQ(daysDiff, 3652); + ExpectIntEQ(secsDiff, 0); /* Edge case with year > 2038 (year 2038 problem). */ - AssertNotNull(ASN1_TIME_set_string(toTime, "99991231235959Z")); - AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); - AssertIntEQ(daysDiff, 2932896); - AssertIntEQ(secsDiff, 86399); + ExpectNotNull(ASN1_TIME_set_string(toTime, "99991231235959Z")); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); + ExpectIntEQ(daysDiff, 2932896); + ExpectIntEQ(secsDiff, 86399); ASN1_TIME_free(fromTime); ASN1_TIME_free(closeToTime); ASN1_TIME_free(toTime); ASN1_TIME_free(invalidTime); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -33058,6 +33377,7 @@ static int test_wolfSSL_ASN1_TIME_adj(void) int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ && !defined(USER_TIME) && !defined(TIME_OVERRIDES) + EXPECT_DECLS; const int year = 365*24*60*60; const int day = 24*60*60; const int hour = 60*60; @@ -33066,37 +33386,40 @@ static int test_wolfSSL_ASN1_TIME_adj(void) #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) const byte asn_gen_time = ASN_GENERALIZED_TIME; #endif - WOLFSSL_ASN1_TIME* asn_time; - WOLFSSL_ASN1_TIME* s; + WOLFSSL_ASN1_TIME* asn_time = NULL; + WOLFSSL_ASN1_TIME* s = NULL; int offset_day; long offset_sec; char date_str[CTC_DATE_SIZE + 1]; time_t t; - AssertNotNull(s = wolfSSL_ASN1_TIME_new()); + ExpectNotNull(s = wolfSSL_ASN1_TIME_new()); /* UTC notation test */ /* 2000/2/15 20:30:00 */ t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; offset_day = 7; offset_sec = 45 * mini; /* offset_sec = -45 * min;*/ - AssertNotNull(asn_time = + ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec)); - AssertTrue(asn_time->type == asn_utc_time); - XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); + ExpectTrue(asn_time->type == asn_utc_time); + ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data, + CTC_DATE_SIZE)); date_str[CTC_DATE_SIZE] = '\0'; - AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13)); + ExpectIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13)); /* negative offset */ offset_sec = -45 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); - AssertNotNull(asn_time); - AssertTrue(asn_time->type == asn_utc_time); - XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); + ExpectNotNull(asn_time); + ExpectTrue(asn_time->type == asn_utc_time); + ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data, + CTC_DATE_SIZE)); date_str[CTC_DATE_SIZE] = '\0'; - AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13)); + ExpectIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13)); XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); + s = NULL; XMEMSET(date_str, 0, sizeof(date_str)); /* Generalized time will overflow time_t if not long */ @@ -33108,13 +33431,16 @@ static int test_wolfSSL_ASN1_TIME_adj(void) t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day; offset_day = 12; offset_sec = 10 * mini; - asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); - AssertTrue(asn_time->type == asn_gen_time); - XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); + ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, + offset_sec)); + ExpectTrue(asn_time->type == asn_gen_time); + ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data, + CTC_DATE_SIZE)); date_str[CTC_DATE_SIZE] = '\0'; - AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15)); + ExpectIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15)); XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); + s = NULL; XMEMSET(date_str, 0, sizeof(date_str)); #endif /* !TIME_T_NOT_64BIT && !NO_64BIT */ @@ -33124,21 +33450,25 @@ static int test_wolfSSL_ASN1_TIME_adj(void) t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day; offset_day = 7; offset_sec = 45 * mini; - asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); - AssertTrue(asn_time->type == asn_utc_time); - XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); + ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, + offset_sec)); + ExpectTrue(asn_time->type == asn_utc_time); + ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data, + CTC_DATE_SIZE)); date_str[CTC_DATE_SIZE] = '\0'; - AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); + ExpectIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); - asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec); - AssertTrue(asn_time->type == asn_utc_time); - XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); + ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, + offset_sec)); + ExpectTrue(asn_time->type == asn_utc_time); + ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data, + CTC_DATE_SIZE)); date_str[CTC_DATE_SIZE] = '\0'; - AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); + ExpectIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -33149,71 +33479,72 @@ static int test_wolfSSL_ASN1_TIME_to_tm(void) #if (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_ALL)) && !defined(NO_ASN_TIME) + EXPECT_DECLS; ASN1_TIME asnTime; struct tm tm; time_t testTime = 1683926567; /* Fri May 12 09:22:47 PM UTC 2023 */ XMEMSET(&asnTime, 0, sizeof(ASN1_TIME)); - AssertIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1); - AssertIntEQ(ASN1_TIME_to_tm(&asnTime, NULL), 1); - AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); + ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, NULL), 1); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); - AssertIntEQ(tm.tm_sec, 15); - AssertIntEQ(tm.tm_min, 15); - AssertIntEQ(tm.tm_hour, 21); - AssertIntEQ(tm.tm_mday, 22); - AssertIntEQ(tm.tm_mon, 1); - AssertIntEQ(tm.tm_year, 100); - AssertIntEQ(tm.tm_isdst, 0); + ExpectIntEQ(tm.tm_sec, 15); + ExpectIntEQ(tm.tm_min, 15); + ExpectIntEQ(tm.tm_hour, 21); + ExpectIntEQ(tm.tm_mday, 22); + ExpectIntEQ(tm.tm_mon, 1); + ExpectIntEQ(tm.tm_year, 100); + ExpectIntEQ(tm.tm_isdst, 0); #ifdef XMKTIME - AssertIntEQ(tm.tm_wday, 2); - AssertIntEQ(tm.tm_yday, 52); + ExpectIntEQ(tm.tm_wday, 2); + ExpectIntEQ(tm.tm_yday, 52); #endif - AssertIntEQ(ASN1_TIME_set_string(&asnTime, "500222211515Z"), 1); - AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); - AssertIntEQ(tm.tm_year, 50); + ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "500222211515Z"), 1); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); + ExpectIntEQ(tm.tm_year, 50); /* Get current time. */ - AssertIntEQ(ASN1_TIME_to_tm(NULL, NULL), 0); - AssertIntEQ(ASN1_TIME_to_tm(NULL, &tm), 1); + ExpectIntEQ(ASN1_TIME_to_tm(NULL, NULL), 0); + ExpectIntEQ(ASN1_TIME_to_tm(NULL, &tm), 1); XMEMSET(&asnTime, 0, sizeof(ASN1_TIME)); /* 0 length. */ - AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); /* No type. */ asnTime.length = 1; - AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); /* Not UTCTIME length. */ asnTime.type = V_ASN1_UTCTIME; - AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); /* Not GENERALIZEDTIME length. */ asnTime.type = V_ASN1_GENERALIZEDTIME; - AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); /* Not Zulu timezone. */ - AssertIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515U"), 1); - AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); - AssertIntEQ(ASN1_TIME_set_string(&asnTime, "20000222211515U"), 1); - AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515U"), 1); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "20000222211515U"), 1); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); #ifdef XMKTIME - AssertNotNull(ASN1_TIME_adj(&asnTime, testTime, 0, 0)); - AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); - AssertIntEQ(tm.tm_sec, 47); - AssertIntEQ(tm.tm_min, 22); - AssertIntEQ(tm.tm_hour, 21); - AssertIntEQ(tm.tm_mday, 12); - AssertIntEQ(tm.tm_mon, 4); - AssertIntEQ(tm.tm_year, 123); - AssertIntEQ(tm.tm_wday, 5); - AssertIntEQ(tm.tm_yday, 131); + ExpectNotNull(ASN1_TIME_adj(&asnTime, testTime, 0, 0)); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); + ExpectIntEQ(tm.tm_sec, 47); + ExpectIntEQ(tm.tm_min, 22); + ExpectIntEQ(tm.tm_hour, 21); + ExpectIntEQ(tm.tm_mday, 12); + ExpectIntEQ(tm.tm_mon, 4); + ExpectIntEQ(tm.tm_year, 123); + ExpectIntEQ(tm.tm_wday, 5); + ExpectIntEQ(tm.tm_yday, 131); /* Confirm that when used with a tm struct from ASN1_TIME_adj, all other fields are zeroed out as expected. */ - AssertIntEQ(tm.tm_isdst, 0); + ExpectIntEQ(tm.tm_isdst, 0); #endif - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -33222,87 +33553,96 @@ static int test_wolfSSL_ASN1_TIME_to_generalizedtime(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) - WOLFSSL_ASN1_TIME *t; - WOLFSSL_ASN1_TIME *out; - WOLFSSL_ASN1_TIME *gtime; + EXPECT_DECLS; + WOLFSSL_ASN1_TIME *t = NULL; + WOLFSSL_ASN1_TIME *out = NULL; + WOLFSSL_ASN1_TIME *gtime = NULL; int tlen = 0; - unsigned char *data; + unsigned char *data = NULL; - AssertNotNull(t = wolfSSL_ASN1_TIME_new()); - AssertNull(wolfSSL_ASN1_TIME_to_generalizedtime(NULL, &out)); + ExpectNotNull(t = wolfSSL_ASN1_TIME_new()); + ExpectNull(wolfSSL_ASN1_TIME_to_generalizedtime(NULL, &out)); /* type not set. */ - AssertNull(wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); + ExpectNull(wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); + t = NULL; /* UTC Time test */ - AssertNotNull(t = wolfSSL_ASN1_TIME_new()); - XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE); - t->type = ASN_UTC_TIME; - t->length = ASN_UTC_TIME_SIZE; - XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); + ExpectNotNull(t = wolfSSL_ASN1_TIME_new()); + if (t != NULL) { + XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE); + t->type = ASN_UTC_TIME; + t->length = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); + } - tlen = wolfSSL_ASN1_TIME_get_length(t); - AssertIntEQ(tlen, ASN_UTC_TIME_SIZE); - data = wolfSSL_ASN1_TIME_get_data(t); - AssertStrEQ((char*)data, "050727123456Z"); + ExpectIntEQ(tlen = wolfSSL_ASN1_TIME_get_length(t), ASN_UTC_TIME_SIZE); + ExpectStrEQ((char*)(data = wolfSSL_ASN1_TIME_get_data(t)), "050727123456Z"); out = NULL; - gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); + ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); wolfSSL_ASN1_TIME_free(gtime); - AssertNotNull(out = wolfSSL_ASN1_TIME_new()); - gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); - AssertPtrEq(gtime, out); - AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); - AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); - AssertStrEQ((char*)gtime->data, "20050727123456Z"); + gtime = NULL; + ExpectNotNull(out = wolfSSL_ASN1_TIME_new()); + ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); + ExpectPtrEq(gtime, out); + ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME); + ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); + ExpectStrEQ((char*)gtime->data, "20050727123456Z"); /* Generalized Time test */ - XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); - XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE); - XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE); - t->type = ASN_GENERALIZED_TIME; - t->length = ASN_GENERALIZED_TIME_SIZE; - XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE); + ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE)); + ExpectNotNull(XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE)); + ExpectNotNull(XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE)); + if (t != NULL) { + t->type = ASN_GENERALIZED_TIME; + t->length = ASN_GENERALIZED_TIME_SIZE; + XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE); + } - tlen = wolfSSL_ASN1_TIME_get_length(t); - AssertIntEQ(tlen, ASN_GENERALIZED_TIME_SIZE); - data = wolfSSL_ASN1_TIME_get_data(t); - AssertStrEQ((char*)data, "20050727123456Z"); - gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); - AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); - AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); - AssertStrEQ((char*)gtime->data, "20050727123456Z"); + ExpectIntEQ(tlen = wolfSSL_ASN1_TIME_get_length(t), + ASN_GENERALIZED_TIME_SIZE); + ExpectStrEQ((char*)(data = wolfSSL_ASN1_TIME_get_data(t)), + "20050727123456Z"); + ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); + ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME); + ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); + ExpectStrEQ((char*)gtime->data, "20050727123456Z"); /* UTC Time to Generalized Time 1900's test */ - XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); - XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE); - XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE); - t->type = ASN_UTC_TIME; - t->length = ASN_UTC_TIME_SIZE; - XMEMCPY(t->data, "500727123456Z", ASN_UTC_TIME_SIZE); + ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE)); + ExpectNotNull(XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE)); + ExpectNotNull(XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE)); + if (t != NULL) { + t->type = ASN_UTC_TIME; + t->length = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data, "500727123456Z", ASN_UTC_TIME_SIZE); + } - gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); - AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); - AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); - AssertStrEQ((char*)gtime->data, "19500727123456Z"); + ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); + ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME); + ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); + ExpectStrEQ((char*)gtime->data, "19500727123456Z"); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* Null parameter test */ - XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); + ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE)); gtime = NULL; out = NULL; - t->type = ASN_UTC_TIME; - t->length = ASN_UTC_TIME_SIZE; - XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); - AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL)); - AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); - AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); - AssertStrEQ((char*)gtime->data, "20050727123456Z"); + if (t != NULL) { + t->type = ASN_UTC_TIME; + t->length = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); + } + ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL)); + ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME); + ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); + ExpectStrEQ((char*)gtime->data, "20050727123456Z"); XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -33315,53 +33655,56 @@ static int test_wolfSSL_ASN1_TIME_print(void) defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_ALL)) && defined(USE_CERT_BUFFERS_2048) && \ !defined(NO_ASN_TIME) - BIO* bio; - BIO* fixed; - X509* x509; + EXPECT_DECLS; + BIO* bio = NULL; + BIO* fixed = NULL; + X509* x509 = NULL; const unsigned char* der = client_cert_der_2048; ASN1_TIME* notAfter; ASN1_TIME* notBefore; unsigned char buf[25]; - AssertNotNull(bio = BIO_new(BIO_s_mem())); - AssertNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); - AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der, + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der, sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); - AssertNotNull(notBefore = X509_get_notBefore(x509)); + ExpectNotNull(notBefore = X509_get_notBefore(x509)); - AssertIntEQ(ASN1_TIME_print(NULL, NULL), 0); - AssertIntEQ(ASN1_TIME_print(bio, NULL), 0); - AssertIntEQ(ASN1_TIME_print(NULL, notBefore), 0); + ExpectIntEQ(ASN1_TIME_print(NULL, NULL), 0); + ExpectIntEQ(ASN1_TIME_print(bio, NULL), 0); + ExpectIntEQ(ASN1_TIME_print(NULL, notBefore), 0); - AssertIntEQ(ASN1_TIME_print(bio, notBefore), 1); - AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); - AssertIntEQ(XMEMCMP(buf, "Dec 16 21:17:49 2022 GMT", sizeof(buf) - 1), 0); + ExpectIntEQ(ASN1_TIME_print(bio, notBefore), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); + ExpectIntEQ(XMEMCMP(buf, "Dec 16 21:17:49 2022 GMT", sizeof(buf) - 1), 0); /* Test BIO_write fails. */ - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ - AssertIntEQ(BIO_write(fixed, buf, 1), 1); - AssertIntEQ(ASN1_TIME_print(fixed, notBefore), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); - AssertIntEQ(ASN1_TIME_print(fixed, notBefore), 0); - AssertIntEQ(BIO_set_write_buf_size(fixed, 23), 1); - AssertIntEQ(ASN1_TIME_print(fixed, notBefore), 0); + ExpectIntEQ(BIO_write(fixed, buf, 1), 1); + ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 23), 1); + ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0); /* create a bad time and test results */ - AssertNotNull(notAfter = X509_get_notAfter(x509)); - AssertIntEQ(ASN1_TIME_check(notAfter), 1); - notAfter->data[8] = 0; - notAfter->data[3] = 0; - AssertIntNE(ASN1_TIME_print(bio, notAfter), 1); - AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); - AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); - AssertIntEQ(ASN1_TIME_check(notAfter), 0); + ExpectNotNull(notAfter = X509_get_notAfter(x509)); + ExpectIntEQ(ASN1_TIME_check(notAfter), 1); + if (EXPECT_SUCCESS()) { + notAfter->data[8] = 0; + notAfter->data[3] = 0; + } + ExpectIntNE(ASN1_TIME_print(bio, notAfter), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); + ExpectIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); + ExpectIntEQ(ASN1_TIME_check(notAfter), 0); BIO_free(bio); BIO_free(fixed); X509_free(x509); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -33370,7 +33713,8 @@ static int test_wolfSSL_ASN1_UTCTIME_print(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO) - BIO* bio; + EXPECT_DECLS; + BIO* bio = NULL; ASN1_UTCTIME* utc = NULL; unsigned char buf[25]; const char* validDate = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */ @@ -33378,43 +33722,50 @@ static int test_wolfSSL_ASN1_UTCTIME_print(void) const char* genDate = "20190424111501Z"; /* GEN = YYYYMMDDHHMMSSZ */ /* Valid date */ - AssertNotNull(bio = BIO_new(BIO_s_mem())); - AssertNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL, + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL, DYNAMIC_TYPE_ASN1)); - utc->type = ASN_UTC_TIME; - utc->length = ASN_UTC_TIME_SIZE; - XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE); + if (utc != NULL) { + utc->type = ASN_UTC_TIME; + utc->length = ASN_UTC_TIME_SIZE; + XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE); + } - AssertIntEQ(ASN1_UTCTIME_print(NULL, NULL), 0); - AssertIntEQ(ASN1_UTCTIME_print(bio, NULL), 0); - AssertIntEQ(ASN1_UTCTIME_print(NULL, utc), 0); + ExpectIntEQ(ASN1_UTCTIME_print(NULL, NULL), 0); + ExpectIntEQ(ASN1_UTCTIME_print(bio, NULL), 0); + ExpectIntEQ(ASN1_UTCTIME_print(NULL, utc), 0); - AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 1); - AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); - AssertIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0); + ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); + ExpectIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0); XMEMSET(buf, 0, sizeof(buf)); BIO_free(bio); + bio = NULL; /* Invalid format */ - AssertNotNull(bio = BIO_new(BIO_s_mem())); - utc->type = ASN_UTC_TIME; - utc->length = ASN_UTC_TIME_SIZE; - XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE); - AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0); - AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); - AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + if (utc != NULL) { + utc->type = ASN_UTC_TIME; + utc->length = ASN_UTC_TIME_SIZE; + XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE); + } + ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 0); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); + ExpectIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); /* Invalid type */ - utc->type = ASN_GENERALIZED_TIME; - utc->length = ASN_GENERALIZED_TIME_SIZE; - XMEMCPY(utc->data, (byte*)genDate, ASN_GENERALIZED_TIME_SIZE); - AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0); + if (utc != NULL) { + utc->type = ASN_GENERALIZED_TIME; + utc->length = ASN_GENERALIZED_TIME_SIZE; + XMEMCPY(utc->data, (byte*)genDate, ASN_GENERALIZED_TIME_SIZE); + } + ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 0); XFREE(utc, NULL, DYNAMIC_TYPE_ASN1); BIO_free(bio); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */ return res; } @@ -33424,73 +33775,85 @@ static int test_wolfSSL_ASN1_TYPE(void) int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) - WOLFSSL_ASN1_TYPE* t; - WOLFSSL_ASN1_OBJECT* obj; + EXPECT_DECLS; + WOLFSSL_ASN1_TYPE* t = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; #ifndef NO_ASN_TIME - WOLFSSL_ASN1_TIME* time; + WOLFSSL_ASN1_TIME* time = NULL; #endif - WOLFSSL_ASN1_STRING* str; + WOLFSSL_ASN1_STRING* str = NULL; unsigned char data[] = { 0x00 }; ASN1_TYPE_set(NULL, V_ASN1_NULL, NULL); - AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); ASN1_TYPE_set(t, V_ASN1_EOC, NULL); wolfSSL_ASN1_TYPE_free(t); + t = NULL; - AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); ASN1_TYPE_set(t, V_ASN1_NULL, NULL); ASN1_TYPE_set(t, V_ASN1_NULL, data); wolfSSL_ASN1_TYPE_free(t); + t = NULL; - AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); - AssertNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); ASN1_TYPE_set(t, V_ASN1_OBJECT, obj); wolfSSL_ASN1_TYPE_free(t); + t = NULL; #ifndef NO_ASN_TIME - AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); - AssertNotNull(time = wolfSSL_ASN1_TIME_new()); + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(time = wolfSSL_ASN1_TIME_new()); ASN1_TYPE_set(t, V_ASN1_UTCTIME, time); wolfSSL_ASN1_TYPE_free(t); + t = NULL; - AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); - AssertNotNull(time = wolfSSL_ASN1_TIME_new()); + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(time = wolfSSL_ASN1_TIME_new()); ASN1_TYPE_set(t, V_ASN1_GENERALIZEDTIME, time); wolfSSL_ASN1_TYPE_free(t); + t = NULL; #endif - AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); - AssertNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_UTF8STRING, str); wolfSSL_ASN1_TYPE_free(t); + t = NULL; - AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); - AssertNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_PRINTABLESTRING, str); wolfSSL_ASN1_TYPE_free(t); + t = NULL; - AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); - AssertNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_T61STRING, str); wolfSSL_ASN1_TYPE_free(t); + t = NULL; - AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); - AssertNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_IA5STRING, str); wolfSSL_ASN1_TYPE_free(t); + t = NULL; - AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); - AssertNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_UNIVERSALSTRING, str); wolfSSL_ASN1_TYPE_free(t); + t = NULL; - AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); - AssertNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_SEQUENCE, str); wolfSSL_ASN1_TYPE_free(t); + t = NULL; - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -33516,12 +33879,22 @@ typedef struct { ASN1_INTEGER *integer; } TEST_ASN1; -#define WOLFSSL_ASN1_INTEGER_ASN1 2 ASN1_SEQUENCE(TEST_ASN1) = { ASN1_SIMPLE(TEST_ASN1, integer, ASN1_INTEGER), } ASN1_SEQUENCE_END(TEST_ASN1) IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1) + +typedef struct { + ASN1_OCTET_STRING *octet_string; +} TEST_FAIL_ASN1; + +#define WOLFSSL_ASN1_OCTET_STRING_ASN1 4 +ASN1_SEQUENCE(TEST_FAIL_ASN1) = { + ASN1_SIMPLE(TEST_FAIL_ASN1, octet_string, ASN1_OCTET_STRING), +} ASN1_SEQUENCE_END(TEST_FAIL_ASN1) + +IMPLEMENT_ASN1_FUNCTIONS(TEST_FAIL_ASN1) #endif static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) @@ -33530,16 +33903,20 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) /* Testing code used in dpp.c in hostap */ #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - EC_KEY *eckey; - EVP_PKEY *key; + EXPECT_DECLS; + EC_KEY *eckey = NULL; + EVP_PKEY *key = NULL; size_t len; unsigned char *der = NULL; DPP_BOOTSTRAPPING_KEY *bootstrap = NULL; const unsigned char *in = ecc_clikey_der_256; - const EC_GROUP *group; - const EC_POINT *point; + WOLFSSL_ASN1_OBJECT* ec_obj = NULL; + WOLFSSL_ASN1_OBJECT* group_obj = NULL; + const EC_GROUP *group = NULL; + const EC_POINT *point = NULL; int nid; TEST_ASN1 *test_asn1 = NULL; + TEST_FAIL_ASN1 test_fail_asn1; const unsigned char badObjDer[] = { 0x06, 0x00 }; const unsigned char goodObjDer[] = { @@ -33549,102 +33926,128 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) XMEMSET(&emptyTemplate, 0, sizeof(WOLFSSL_ASN1_ITEM)); - AssertNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new()); + ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new()); der = NULL; - AssertIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), 0); - AssertIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), 0); - AssertIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); + ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), 0); + ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), 0); + ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); - AssertNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in, + ExpectNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in, (long)sizeof_ecc_clikey_der_256)); - AssertNotNull(eckey = EVP_PKEY_get1_EC_KEY(key)); - AssertNotNull(group = EC_KEY_get0_group(eckey)); - AssertNotNull(point = EC_KEY_get0_public_key(eckey)); + ExpectNotNull(eckey = EVP_PKEY_get1_EC_KEY(key)); + ExpectNotNull(group = EC_KEY_get0_group(eckey)); + ExpectNotNull(point = EC_KEY_get0_public_key(eckey)); nid = EC_GROUP_get_curve_name(group); - AssertIntEQ(X509_ALGOR_set0(bootstrap->alg, OBJ_nid2obj(EVP_PKEY_EC), - V_ASN1_OBJECT, OBJ_nid2obj(nid)), 1); - AssertIntEQ(EC_POINT_point2oct(group, point, 0, NULL, 0, NULL), 0); + ec_obj = OBJ_nid2obj(EVP_PKEY_EC); + group_obj = OBJ_nid2obj(nid); + if ((ec_obj != NULL) && (group_obj != NULL)) { + ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, ec_obj, V_ASN1_OBJECT, + group_obj), 1); + if (EXPECT_SUCCESS()) { + ec_obj = NULL; + group_obj = NULL; + } + } + wolfSSL_ASN1_OBJECT_free(group_obj); + wolfSSL_ASN1_OBJECT_free(ec_obj); + ExpectIntEQ(EC_POINT_point2oct(group, point, 0, NULL, 0, NULL), 0); #ifdef HAVE_COMP_KEY - AssertIntGT((len = EC_POINT_point2oct( + ExpectIntGT((len = EC_POINT_point2oct( group, point, POINT_CONVERSION_COMPRESSED, NULL, 0, NULL)), 0); #else - AssertIntGT((len = EC_POINT_point2oct( + ExpectIntGT((len = EC_POINT_point2oct( group, point, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL)), 0); #endif - AssertNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1)); + ExpectNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1)); #ifdef HAVE_COMP_KEY - AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, + ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, der, len-1, NULL), 0); - AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, + ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, der, len, NULL), len); #else - AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, + ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, der, len-1, NULL), 0); - AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, + ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, der, len, NULL), len); #endif - bootstrap->pub_key->data = der; - bootstrap->pub_key->length = (int)len; - /* Not actually used */ - bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; + if (EXPECT_SUCCESS()) { + bootstrap->pub_key->data = der; + bootstrap->pub_key->length = (int)len; + /* Not actually used */ + bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; + } - AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 0); + ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 0); der = NULL; - AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); - AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); + ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); + ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); XFREE(der, NULL, DYNAMIC_TYPE_ASN1); EVP_PKEY_free(key); EC_KEY_free(eckey); DPP_BOOTSTRAPPING_KEY_free(bootstrap); + bootstrap = NULL; DPP_BOOTSTRAPPING_KEY_free(NULL); /* Create bootstrap key with bad OBJECT_ID DER data, parameter that is * a NULL and an empty BIT_STRING. */ - AssertNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new()); - bootstrap->alg->algorithm = wolfSSL_ASN1_OBJECT_new(); - bootstrap->alg->algorithm->obj = badObjDer; - bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(badObjDer); - bootstrap->alg->parameter = wolfSSL_ASN1_TYPE_new(); - bootstrap->alg->parameter->type = V_ASN1_NULL; - bootstrap->alg->parameter->value.ptr = NULL; - bootstrap->pub_key->data = NULL; - bootstrap->pub_key->length = 0; - /* Not actually used */ - bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; + ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new()); + ExpectNotNull(bootstrap->alg->algorithm = wolfSSL_ASN1_OBJECT_new()); + if (EXPECT_SUCCESS()) { + bootstrap->alg->algorithm->obj = badObjDer; + bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(badObjDer); + } + ExpectNotNull(bootstrap->alg->parameter = wolfSSL_ASN1_TYPE_new()); + if (EXPECT_SUCCESS()) { + bootstrap->alg->parameter->type = V_ASN1_NULL; + bootstrap->alg->parameter->value.ptr = NULL; + bootstrap->pub_key->data = NULL; + bootstrap->pub_key->length = 0; + /* Not actually used */ + bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; + } /* Encode with bad OBJECT_ID. */ der = NULL; - AssertIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); + ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); /* Fix OBJECT_ID and encode with empty BIT_STRING. */ - bootstrap->alg->algorithm->obj = goodObjDer; - bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(goodObjDer); - bootstrap->alg->algorithm->grp = 2; + if (EXPECT_SUCCESS()) { + bootstrap->alg->algorithm->obj = goodObjDer; + bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(goodObjDer); + bootstrap->alg->algorithm->grp = 2; + } der = NULL; - AssertIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16); - AssertIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), 0); + ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16); + ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), 0); XFREE(der, NULL, DYNAMIC_TYPE_ASN1); DPP_BOOTSTRAPPING_KEY_free(bootstrap); /* Test integer */ - AssertNotNull(test_asn1 = TEST_ASN1_new()); + ExpectNotNull(test_asn1 = TEST_ASN1_new()); der = NULL; - ASN1_INTEGER_set(test_asn1->integer, 100); - AssertIntEQ(i2d_TEST_ASN1(test_asn1, &der), 5); + ExpectIntEQ(ASN1_INTEGER_set(test_asn1->integer, 100), 1); + ExpectIntEQ(i2d_TEST_ASN1(test_asn1, &der), 5); XFREE(der, NULL, DYNAMIC_TYPE_ASN1); TEST_ASN1_free(test_asn1); - /* Test error cases. */ - AssertNull(wolfSSL_ASN1_item_new(NULL)); + /* Test integer cases. */ + ExpectNull(wolfSSL_ASN1_item_new(NULL)); TEST_ASN1_free(NULL); - res = TEST_RES_CHECK(1); + /* Test error cases. */ + ExpectNull(TEST_FAIL_ASN1_new()); + ExpectNull(wolfSSL_ASN1_item_new(NULL)); + TEST_FAIL_ASN1_free(NULL); + XMEMSET(&test_fail_asn1, 0, sizeof(TEST_FAIL_ASN1)); + ExpectIntEQ(i2d_TEST_FAIL_ASN1(&test_fail_asn1, &der), 0); + + res = EXPECT_RESULT(); #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* OPENSSL_ALL && HAVE_ECC && USE_CERT_BUFFERS_256 */ return res; @@ -34295,6 +34698,7 @@ static int test_wc_PemToDer(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) + EXPECT_DECLS; int ret; DerBuffer* pDer = NULL; const char* ca_cert = "./certs/server-cert.pem"; @@ -34305,17 +34709,16 @@ static int test_wc_PemToDer(void) XMEMSET(&info, 0, sizeof(info)); - ret = load_file(ca_cert, &cert_buf, &cert_sz); - if (ret == 0) { - ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE, - &pDer, NULL, &info, &eccKey); - AssertIntEQ(ret, 0); + ExpectIntEQ(ret = load_file(ca_cert, &cert_buf, &cert_sz), 0); + ExpectIntEQ(ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE, &pDer, NULL, + &info, &eccKey), 0); + wc_FreeDer(&pDer); + pDer = NULL; - wc_FreeDer(&pDer); - } - - if (cert_buf) + if (cert_buf != NULL) { free(cert_buf); + cert_buf = NULL; + } #ifdef HAVE_ECC { @@ -34323,22 +34726,23 @@ static int test_wc_PemToDer(void) byte key_buf[256] = {0}; /* Test fail of loading a key with cert type */ - AssertIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0); + ExpectIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0); key_buf[0] = '\n'; - XMEMCPY(key_buf + 1, cert_buf, cert_sz); - AssertIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE, + ExpectNotNull(XMEMCPY(key_buf + 1, cert_buf, cert_sz)); + ExpectIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE, &pDer, NULL, &info, &eccKey)), 0); #ifdef OPENSSL_EXTRA - AssertIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE, + ExpectIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE, &pDer, NULL, &info, &eccKey)), 0); #endif wc_FreeDer(&pDer); - if (cert_buf) + if (cert_buf != NULL) free(cert_buf); } #endif - res = TEST_RES_CHECK(1); + + res = EXPECT_RESULT(); #endif return res; } @@ -34347,16 +34751,17 @@ static int test_wc_AllocDer(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) - int ret; + EXPECT_DECLS; DerBuffer* pDer = NULL; word32 testSize = 1024; - ret = wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT); - AssertIntEQ(ret, 0); - AssertNotNull(pDer); + ExpectIntEQ(wc_AllocDer(NULL, testSize, CERT_TYPE, HEAP_HINT), + BAD_FUNC_ARG); + ExpectIntEQ(wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT), 0); + ExpectNotNull(pDer); wc_FreeDer(&pDer); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -34365,29 +34770,40 @@ static int test_wc_CertPemToDer(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) - int ret; + EXPECT_DECLS; const char* ca_cert = "./certs/ca-cert.pem"; byte* cert_buf = NULL; - size_t cert_sz = 0, cert_dersz = 0; + size_t cert_sz = 0; + size_t cert_dersz = 0; byte* cert_der = NULL; - ret = load_file(ca_cert, &cert_buf, &cert_sz); - if (ret == 0) { - cert_dersz = cert_sz; /* DER will be smaller than PEM */ - cert_der = (byte*)malloc(cert_dersz); - if (cert_der) { - ret = wc_CertPemToDer(cert_buf, (int)cert_sz, - cert_der, (int)cert_dersz, CERT_TYPE); - AssertIntGE(ret, 0); - } - } + ExpectIntEQ(load_file(ca_cert, &cert_buf, &cert_sz), 0); + cert_dersz = cert_sz; /* DER will be smaller than PEM */ + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, + (int)cert_dersz, CERT_TYPE), 0); - if (cert_der) + ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, -1, CERT_TYPE), + BAD_FUNC_ARG); + ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL, -1, CERT_TYPE), + BAD_FUNC_ARG); + ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der, -1, CERT_TYPE), + BAD_FUNC_ARG); + ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, (int)cert_dersz, + CERT_TYPE), BAD_FUNC_ARG); + ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der, + (int)cert_dersz, CERT_TYPE), BAD_FUNC_ARG); + ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL, + (int)cert_dersz, CERT_TYPE), BAD_FUNC_ARG); + ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, -1, + CERT_TYPE), BAD_FUNC_ARG); + + if (cert_der != NULL) free(cert_der); - if (cert_buf) + if (cert_buf != NULL) free(cert_buf); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -34395,9 +34811,8 @@ static int test_wc_CertPemToDer(void) static int test_wc_KeyPemToDer(void) { int res = TEST_SKIPPED; - #if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - + EXPECT_DECLS; int ret; const byte cert_buf[] = \ "-----BEGIN PRIVATE KEY-----\n" @@ -34434,44 +34849,36 @@ static int test_wc_KeyPemToDer(void) byte* cert_der = NULL; /* Bad arg: Cert buffer is NULL */ - ret = wc_KeyPemToDer(NULL, cert_sz, cert_der, cert_dersz, ""); - AssertIntEQ(ret, BAD_FUNC_ARG); + ExpectIntEQ(wc_KeyPemToDer(NULL, cert_sz, cert_der, cert_dersz, ""), + BAD_FUNC_ARG); /* Bad arg: Cert DER buffer non-NULL but size zero (or less) */ - ret = wc_KeyPemToDer(cert_buf, cert_sz, (byte*)&cert_der, 0, ""); - AssertIntEQ(ret, BAD_FUNC_ARG); + ExpectIntEQ(wc_KeyPemToDer(cert_buf, cert_sz, (byte*)&cert_der, 0, ""), + BAD_FUNC_ARG); /* Test normal operation */ cert_dersz = cert_sz; /* DER will be smaller than PEM */ - cert_der = (byte*)malloc(cert_dersz); - AssertNotNull(cert_der); - if (cert_der) { - ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, cert_pw); - AssertIntGE(ret, 0); - AssertIntLE(ret, cert_sz); + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, + cert_pw), 0); + ExpectIntLE(ret, cert_sz); + if (cert_der != NULL) { free(cert_der); cert_der = NULL; - ret = 0; } - if (ret == 0) { - /* Test NULL for DER buffer to return needed DER buffer size */ - ret = wc_KeyPemToDer(cert_buf, cert_sz, NULL, 0, ""); - AssertIntGT(ret, 0); - AssertIntLE(ret, cert_sz); - cert_dersz = ret; - cert_der = (byte*)malloc(cert_dersz); - AssertNotNull(cert_der); - if (cert_der) { - ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, cert_pw); - AssertIntGE(ret, 0); - AssertIntLE(ret, cert_sz); - free(cert_der); - cert_der = NULL; - } - } + /* Test NULL for DER buffer to return needed DER buffer size */ + ExpectIntGT(ret = wc_KeyPemToDer(cert_buf, cert_sz, NULL, 0, ""), 0); + ExpectIntLE(ret, cert_sz); + cert_dersz = ret; + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, + cert_pw), 0); + ExpectIntLE(ret, cert_sz); + if (cert_der != NULL) + free(cert_der); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -34481,53 +34888,42 @@ static int test_wc_PubKeyPemToDer(void) int res = TEST_SKIPPED; #if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && \ (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)) - int ret; + EXPECT_DECLS; + int ret = 0; const char* key = "./certs/ecc-client-keyPub.pem"; byte* cert_buf = NULL; size_t cert_sz = 0, cert_dersz = 0; byte* cert_der = NULL; - ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, - cert_der, (int)cert_dersz); - AssertIntGE(ret, BAD_FUNC_ARG); + ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, + cert_der, (int)cert_dersz), BAD_FUNC_ARG); - ret = load_file(key, &cert_buf, &cert_sz); - if (ret == 0) { - cert_dersz = cert_sz; /* DER will be smaller than PEM */ - cert_der = (byte*)malloc(cert_dersz); - AssertNotNull(cert_der); - if (cert_der) { - ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, - (int)cert_dersz); - AssertIntGE(ret, 0); - free(cert_der); - cert_der = NULL; - ret = 0; - } + ExpectIntEQ(load_file(key, &cert_buf, &cert_sz), 0); + cert_dersz = cert_sz; /* DER will be smaller than PEM */ + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, + (int)cert_dersz), 0); + if (cert_der != NULL) { + free(cert_der); + cert_der = NULL; } - if (ret == 0) { - /* Test NULL for DER buffer to return needed DER buffer size */ - ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, NULL, 0); - AssertIntGT(ret, 0); - AssertIntLE(ret, cert_sz); - cert_dersz = ret; - cert_der = (byte*)malloc(cert_dersz); - AssertNotNull(cert_der); - if (cert_der) { - ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, - (int)cert_dersz); - AssertIntGE(ret, 0); - free(cert_der); - cert_der = NULL; - } + /* Test NULL for DER buffer to return needed DER buffer size */ + ExpectIntGT(ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, NULL, 0), 0); + ExpectIntLE(ret, cert_sz); + cert_dersz = ret; + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, + (int)cert_dersz), 0); + if (cert_der != NULL) { + free(cert_der); } - if (cert_buf) { + if (cert_buf != NULL) { free(cert_buf); } - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -34537,22 +34933,21 @@ static int test_wc_PemPubKeyToDer(void) int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && \ (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)) - int ret; + EXPECT_DECLS; const char* key = "./certs/ecc-client-keyPub.pem"; size_t cert_dersz = 1024; - byte* cert_der = (byte*)malloc(cert_dersz); + byte* cert_der = NULL; - ret = wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz); - AssertIntGE(ret, BAD_FUNC_ARG); - - if (cert_der) { - ret = wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz); - AssertIntGE(ret, 0); + ExpectIntGE(wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz), + BAD_FUNC_ARG); + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz), 0); + if (cert_der != NULL) { free(cert_der); } - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -34561,6 +34956,7 @@ static int test_wc_GetPubKeyDerFromCert(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) || defined(HAVE_ECC) + EXPECT_DECLS; int ret; word32 idx = 0; byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */ @@ -34572,7 +34968,7 @@ static int test_wc_GetPubKeyDerFromCert(void) #endif #if ((!defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)) || \ defined(WOLFSSL_CERT_REQ)) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) - XFILE fp; + XFILE fp = XBADFILE; #endif #ifndef NO_RSA RsaKey rsaKey; @@ -34595,53 +34991,53 @@ static int test_wc_GetPubKeyDerFromCert(void) #else unsigned char eccCert[ONEK_BUF]; word32 eccCertSz; - XFILE fp2; + XFILE fp2 = XBADFILE; #endif #endif #ifndef NO_RSA #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - fp = XFOPEN("./certs/1024/client-cert.der", "rb"); - AssertTrue((fp != XBADFILE)); - rsaCertDerSz = (word32)XFREAD(rsaCertDer, 1, sizeof(rsaCertDer), fp); - XFCLOSE(fp); + ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != XBADFILE); + ExpectIntGT(rsaCertDerSz = (word32)XFREAD(rsaCertDer, 1, sizeof(rsaCertDer), + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } #endif /* good test case - RSA DER cert */ wc_InitDecodedCert(&decoded, rsaCertDer, rsaCertDerSz, NULL); - ret = wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL); - AssertIntEQ(ret, 0); + ExpectIntEQ(wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL), 0); - ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz); - AssertIntEQ(ret, 0); - AssertIntGT(keyDerSz, 0); + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), 0); + ExpectIntGT(keyDerSz, 0); /* sanity check, verify we can import DER public key */ ret = wc_InitRsaKey(&rsaKey, HEAP_HINT); - AssertIntEQ(ret, 0); - ret = wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz); - AssertIntEQ(ret, 0); - wc_FreeRsaKey(&rsaKey); + ExpectIntEQ(ret, 0); + ExpectIntEQ(wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz), 0); + if (ret == 0) { + wc_FreeRsaKey(&rsaKey); + } /* test LENGTH_ONLY_E case */ keyDerSz = 0; - ret = wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz); - AssertIntEQ(ret, LENGTH_ONLY_E); - AssertIntGT(keyDerSz, 0); + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz), + LENGTH_ONLY_E); + ExpectIntGT(keyDerSz, 0); /* bad args: DecodedCert NULL */ - ret = wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz); - AssertIntEQ(ret, BAD_FUNC_ARG); + ExpectIntEQ(wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz), BAD_FUNC_ARG); /* bad args: output key buff size */ - ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL); - AssertIntEQ(ret, BAD_FUNC_ARG); + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL), BAD_FUNC_ARG); /* bad args: zero size output key buffer */ keyDerSz = 0; - ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz); - AssertIntEQ(ret, BAD_FUNC_ARG); + ExpectIntEQ(ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), + BAD_FUNC_ARG); wc_FreeDecodedCert(&decoded); @@ -34649,28 +35045,29 @@ static int test_wc_GetPubKeyDerFromCert(void) #if defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM) { XMEMSET(certBuf, 0, sizeof(certBuf)); - fp = XFOPEN("./certs/csr.signed.der", "rb"); - AssertTrue((fp != XBADFILE)); - certBufSz = (word32)XFREAD(certBuf, 1, certBufSz, fp); - XFCLOSE(fp); + ExpectTrue((fp = XFOPEN("./certs/csr.signed.der", "rb")) != XBADFILE); + ExpectIntGT(certBufSz = (word32)XFREAD(certBuf, 1, certBufSz, fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + } wc_InitDecodedCert(&decoded, certBuf, certBufSz, NULL); - ret = wc_ParseCert(&decoded, CERTREQ_TYPE, VERIFY, NULL); - AssertIntEQ(ret, 0); + ExpectIntEQ(wc_ParseCert(&decoded, CERTREQ_TYPE, VERIFY, NULL), 0); /* good test case - RSA DER certificate request */ keyDerSz = sizeof(keyDer); - ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz); - AssertIntEQ(ret, 0); - AssertIntGT(keyDerSz, 0); + ExpectIntEQ(ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), + 0); + ExpectIntGT(keyDerSz, 0); /* sanity check, verify we can import DER public key */ ret = wc_InitRsaKey(&rsaKey, HEAP_HINT); - AssertIntEQ(ret, 0); + ExpectIntEQ(ret, 0); idx = 0; - ret = wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz); - AssertIntEQ(ret, 0); - wc_FreeRsaKey(&rsaKey); + ExpectIntEQ(wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz), 0); + if (ret == 0) { + wc_FreeRsaKey(&rsaKey); + } wc_FreeDecodedCert(&decoded); } @@ -34679,41 +35076,42 @@ static int test_wc_GetPubKeyDerFromCert(void) #ifdef HAVE_ECC #ifndef USE_CERT_BUFFERS_256 - fp2 = XFOPEN("./certs/client-ecc-cert.der", "rb"); - AssertTrue((fp2 != XBADFILE)); - eccCertSz = (word32)XFREAD(eccCert, 1, ONEK_BUF, fp2); - XFCLOSE(fp2); + ExpectTrue((fp2 = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(eccCertSz = (word32)XFREAD(eccCert, 1, ONEK_BUF, fp2), 0); + if (fp2 != XBADFILE) { + XFCLOSE(fp2); + } #endif wc_InitDecodedCert(&decoded, eccCert, eccCertSz, NULL); - ret = wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL); - AssertIntEQ(ret, 0); + ExpectIntEQ(wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL), 0); /* good test case - ECC */ XMEMSET(keyDer, 0, sizeof(keyDer)); keyDerSz = sizeof(keyDer); - ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz); - AssertIntEQ(ret, 0); - AssertIntGT(keyDerSz, 0); + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), 0); + ExpectIntGT(keyDerSz, 0); /* sanity check, verify we can import DER public key */ ret = wc_ecc_init(&eccKey); - AssertIntEQ(ret, 0); + ExpectIntEQ(ret, 0); idx = 0; /* reset idx to 0, used above in RSA case */ - ret = wc_EccPublicKeyDecode(keyDer, &idx, &eccKey, keyDerSz); - AssertIntEQ(ret, 0); - wc_ecc_free(&eccKey); + ExpectIntEQ(wc_EccPublicKeyDecode(keyDer, &idx, &eccKey, keyDerSz), 0); + if (ret == 0) { + wc_ecc_free(&eccKey); + } /* test LENGTH_ONLY_E case */ keyDerSz = 0; - ret = wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz); - AssertIntEQ(ret, LENGTH_ONLY_E); - AssertIntGT(keyDerSz, 0); + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz), + LENGTH_ONLY_E); + ExpectIntGT(keyDerSz, 0); wc_FreeDecodedCert(&decoded); #endif - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif /* !NO_RSA || HAVE_ECC */ return res; } @@ -34723,6 +35121,7 @@ static int test_wc_CheckCertSigPubKey(void) int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && defined(WOLFSSL_PEM_TO_DER) && defined(HAVE_ECC) + EXPECT_DECLS; int ret; const char* ca_cert = "./certs/ca-cert.pem"; byte* cert_buf = NULL; @@ -34733,62 +35132,50 @@ static int test_wc_CheckCertSigPubKey(void) word32 keyDerSz = (word32)sizeof(keyDer); DecodedCert decoded; - ret = load_file(ca_cert, &cert_buf, &cert_sz); - if (ret == 0) { - cert_dersz = (word32)cert_sz; /* DER will be smaller than PEM */ - cert_der = (byte*)malloc(cert_dersz); - if (cert_der) { - ret = wc_CertPemToDer(cert_buf, (int)cert_sz, - cert_der, (int)cert_dersz, CERT_TYPE); - AssertIntGE(ret, 0); - } - } + ExpectIntEQ(load_file(ca_cert, &cert_buf, &cert_sz), 0); + cert_dersz = (word32)cert_sz; /* DER will be smaller than PEM */ + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(ret = wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, + (int)cert_dersz, CERT_TYPE), 0); wc_InitDecodedCert(&decoded, cert_der, cert_dersz, NULL); - ret = wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL); - AssertIntEQ(ret, 0); + ExpectIntEQ(wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL), 0); - ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz); - AssertIntEQ(ret, 0); - AssertIntGT(keyDerSz, 0); + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), 0); + ExpectIntGT(keyDerSz, 0); /* Good test case. */ - ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, keyDerSz, - RSAk); - AssertIntEQ(ret, 0); + ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, + keyDerSz, RSAk), 0); /* No certificate. */ - ret = wc_CheckCertSigPubKey(NULL, cert_dersz, NULL, keyDer, keyDerSz, - ECDSAk); - AssertIntEQ(ret, BAD_FUNC_ARG); + ExpectIntEQ(wc_CheckCertSigPubKey(NULL, cert_dersz, NULL, keyDer, keyDerSz, + ECDSAk), BAD_FUNC_ARG); /* Bad cert size. */ - ret = wc_CheckCertSigPubKey(cert_der, 0, NULL, keyDer, keyDerSz, - RSAk); - AssertTrue(ret == ASN_PARSE_E || ret == BUFFER_E); + ExpectIntNE(ret = wc_CheckCertSigPubKey(cert_der, 0, NULL, keyDer, keyDerSz, + RSAk), 0); + ExpectTrue(ret == ASN_PARSE_E || ret == BUFFER_E); /* No public key. */ - ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, NULL, keyDerSz, - RSAk); - AssertIntEQ(ret, ASN_NO_SIGNER_E); + ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, NULL, + keyDerSz, RSAk), ASN_NO_SIGNER_E); /* Bad public key size. */ - ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0, - RSAk); - AssertIntEQ(ret, BAD_FUNC_ARG); + ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0, + RSAk), BAD_FUNC_ARG); /* Wrong aglo. */ - ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, keyDerSz, - ECDSAk); - AssertIntEQ(ret, ASN_PARSE_E); + ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, + keyDerSz, ECDSAk), ASN_PARSE_E); wc_FreeDecodedCert(&decoded); - if (cert_der) + if (cert_der != NULL) free(cert_der); - if (cert_buf) + if (cert_buf != NULL) free(cert_buf); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; } @@ -38694,64 +39081,66 @@ static int test_wolfSSL_Tls13_Key_Logging_test(void) #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) static int test_wolfSSL_Tls13_ECH_params(void) { + EXPECT_DECLS; #if !defined(NO_WOLFSSL_CLIENT) word32 outputLen = 0; byte testBuf[72]; WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); - AssertNotNull(ctx); - AssertNotNull(ssl); + ExpectNotNull(ctx); + ExpectNotNull(ssl); /* invalid ctx */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(NULL, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(NULL, "ech-public-name.com", 0, 0, 0)); /* invalid public name */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, NULL, 0, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, NULL, 0, 0, 0)); /* invalid algorithms */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, "ech-public-name.com", 1000, 1000, 1000)); /* invalid ctx */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(NULL, NULL, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(NULL, NULL, &outputLen)); /* invalid output len */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(ctx, NULL, NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(ctx, NULL, NULL)); /* invalid ssl */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(NULL, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(NULL, (char*)testBuf, sizeof(testBuf))); /* invalid configs64 */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, NULL, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, NULL, sizeof(testBuf))); /* invalid size */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, (char*)testBuf, 0)); /* invalid ssl */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(NULL, testBuf, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(NULL, testBuf, sizeof(testBuf))); /* invalid configs */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, NULL, + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, NULL, sizeof(testBuf))); /* invalid size */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, 0)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, 0)); /* invalid ssl */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(NULL, NULL, &outputLen)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(NULL, NULL, &outputLen)); /* invalid size */ - AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(ssl, NULL, NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(ssl, NULL, NULL)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif /* !NO_WOLFSSL_CLIENT */ - return TEST_SUCCESS; + return EXPECT_RESULT(); } static int test_wolfSSL_Tls13_ECH(void) { + EXPECT_DECLS; tcp_ready ready; func_args client_args; func_args server_args; @@ -38759,8 +39148,8 @@ static int test_wolfSSL_Tls13_ECH(void) callback_functions server_cbf; callback_functions client_cbf; SOCKET_T sockfd = 0; - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; const char* publicName = "ech-public-name.com"; const char* privateName = "ech-private-name.com"; int privateNameLen = 20; @@ -38779,15 +39168,15 @@ static int test_wolfSSL_Tls13_ECH(void) server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */ /* create the server context here so we can get the ech config */ - AssertNotNull(server_cbf.ctx = + ExpectNotNull(server_cbf.ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); /* generate ech config */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(server_cbf.ctx, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(server_cbf.ctx, publicName, 0, 0, 0)); /* get the config for the client to use */ - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(server_cbf.ctx, rawEchConfig, &rawEchConfigLen)); @@ -38799,36 +39188,36 @@ static int test_wolfSSL_Tls13_ECH(void) wait_tcp_ready(&server_args); /* run as a TLS1.3 client */ - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); - AssertIntEQ(WOLFSSL_SUCCESS, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); /* get connected the server task */ - AssertNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); /* set the ech configs for the client */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, rawEchConfig, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, rawEchConfig, rawEchConfigLen)); /* set the sni for the client */ - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, privateName, privateNameLen)); - AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_write(ssl, privateName, privateNameLen), + ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_write(ssl, privateName, privateNameLen), privateNameLen); - AssertIntGT((replyLen = wolfSSL_read(ssl, reply, sizeof(reply))), 0); + ExpectIntGT((replyLen = wolfSSL_read(ssl, reply, sizeof(reply))), 0); /* add th null terminator for string compare */ reply[replyLen] = 0; /* check that the server replied with the private name */ - AssertStrEQ(privateName, reply); + ExpectStrEQ(privateName, reply); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); @@ -38836,7 +39225,7 @@ static int test_wolfSSL_Tls13_ECH(void) FreeTcpReady(&ready); - return TEST_SUCCESS; + return EXPECT_RESULT(); } #endif /* HAVE_ECH && WOLFSSL_TLS13 */ @@ -60775,19 +61164,19 @@ static int test_SetTmpEC_DHE_Sz(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT) - WOLFSSL_CTX *ctx; - WOLFSSL *ssl; - ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - AssertNotNull(ctx); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32)); - ssl = wolfSSL_new(ctx); - AssertNotNull(ssl); - AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32)); + EXPECT_DECLS; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -60797,32 +61186,36 @@ static int test_wolfSSL_CTX_get0_privatekey(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_ALL + EXPECT_DECLS; WOLFSSL_CTX* ctx = NULL; + (void)ctx; + #ifndef NO_RSA - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); - AssertNull(SSL_CTX_get0_privatekey(ctx)); - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); + ExpectNull(SSL_CTX_get0_privatekey(ctx)); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); - AssertNull(SSL_CTX_get0_privatekey(ctx)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + ExpectNull(SSL_CTX_get0_privatekey(ctx)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(SSL_CTX_get0_privatekey(ctx)); + ExpectNotNull(SSL_CTX_get0_privatekey(ctx)); wolfSSL_CTX_free(ctx); + ctx = NULL; #endif #ifdef HAVE_ECC - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); - AssertNull(SSL_CTX_get0_privatekey(ctx)); - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); + ExpectNull(SSL_CTX_get0_privatekey(ctx)); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)); - AssertNull(SSL_CTX_get0_privatekey(ctx)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, + ExpectNull(SSL_CTX_get0_privatekey(ctx)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)); - AssertNotNull(SSL_CTX_get0_privatekey(ctx)); + ExpectNotNull(SSL_CTX_get0_privatekey(ctx)); wolfSSL_CTX_free(ctx); #endif - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -60833,12 +61226,13 @@ static int test_wolfSSL_dtls_set_mtu(void) int res = TEST_SKIPPED; #if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \ !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_DTLS) + EXPECT_DECLS; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; const char* testCertFile; const char* testKeyFile; - AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; @@ -60847,25 +61241,25 @@ static int test_wolfSSL_dtls_set_mtu(void) testKeyFile = eccKeyFile; #endif if (testCertFile != NULL && testKeyFile != NULL) { - AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); } - AssertNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); - AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE); - AssertIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -60983,7 +61377,7 @@ static int test_wolfSSL_dtls_plaintext(void) return TEST_FAIL; } - return TEST_RES_CHECK(1); + return TEST_SUCCESS; } #else static int test_wolfSSL_dtls_plaintext(void) { @@ -63106,6 +63500,7 @@ static int test_wolfSSL_ERR_strings(void) int res = TEST_SKIPPED; #if !defined(NO_ERROR_STRINGS) + EXPECT_DECLS; const char* err1 = "unsupported cipher suite"; const char* err2 = "wolfSSL PEM routines"; const char* err = NULL; @@ -63115,33 +63510,27 @@ static int test_wolfSSL_ERR_strings(void) (void)err2; #if defined(OPENSSL_EXTRA) - err = ERR_reason_error_string(UNSUPPORTED_SUITE); - AssertTrue(err != NULL); - AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); + ExpectNotNull(err = ERR_reason_error_string(UNSUPPORTED_SUITE)); + ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); - err = ERR_func_error_string(UNSUPPORTED_SUITE); - AssertTrue(err != NULL); - AssertIntEQ((*err == '\0'), 1); + ExpectNotNull(err = ERR_func_error_string(UNSUPPORTED_SUITE)); + ExpectIntEQ((*err == '\0'), 1); - err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD); - AssertTrue(err != NULL); - AssertIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0); + ExpectNotNull(err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD)); + ExpectIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0); #else - err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE); - AssertTrue(err != NULL); - AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); + ExpectNotNull(err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE)); + ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); - err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE); - AssertTrue(err != NULL); - AssertIntEQ((*err == '\0'), 1); + ExpectNotNull(err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE)); + ExpectIntEQ((*err == '\0'), 1); /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */ - err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2); - AssertTrue(err != NULL); - AssertIntEQ((*err == '\0'), 1); + ExpectNotNull(err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2)); + ExpectIntEQ((*err == '\0'), 1); #endif - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -63151,13 +63540,13 @@ static int test_wolfSSL_EVP_shake128(void) int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ defined(WOLFSSL_SHAKE128) + EXPECT_DECLS; const EVP_MD* md = NULL; - md = EVP_shake128(); - AssertTrue(md != NULL); - AssertIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0); + ExpectNotNull(md = EVP_shake128()); + ExpectIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -63168,13 +63557,13 @@ static int test_wolfSSL_EVP_shake256(void) int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ defined(WOLFSSL_SHAKE256) + EXPECT_DECLS; const EVP_MD* md = NULL; - md = EVP_shake256(); - AssertTrue(md != NULL); - AssertIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0); + ExpectNotNull(md = EVP_shake256()); + ExpectIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -63184,22 +63573,21 @@ static int test_EVP_blake2(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && (defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)) + EXPECT_DECLS; const EVP_MD* md = NULL; (void)md; #if defined(HAVE_BLAKE2) - md = EVP_blake2b512(); - AssertTrue(md != NULL); - AssertIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0); + ExpectNotNull(md = EVP_blake2b512()); + ExpectIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0); #endif #if defined(HAVE_BLAKE2S) - md = EVP_blake2s256(); - AssertTrue(md != NULL); - AssertIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0); + ExpectNotNull(md = EVP_blake2s256()); + ExpectIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0); #endif - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -63248,15 +63636,10 @@ static int test_EVP_MD_do_all(void) int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) EVP_MD_do_all(NULL, stderr); - /* to confirm previous call gives no harm */ - AssertTrue(1); - EVP_MD_do_all(list_md_fn, stderr); - /* to confirm previous call gives no harm */ - AssertTrue(1); - res = TEST_RES_CHECK(1); + res = TEST_SUCCESS; #endif return res; @@ -63288,29 +63671,18 @@ static int test_OBJ_NAME_do_all(void) #if defined(OPENSSL_EXTRA) OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NULL, NULL); - /* to confirm previous call gives no harm */ - AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NULL, stderr); - /* to confirm previous call gives no harm */ - AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_t, stderr); - AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_t, stderr); - AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_COMP_METH, obj_name_t, stderr); - AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_NUM, obj_name_t, stderr); - AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_UNDEF, obj_name_t, stderr); - AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_t, stderr); - AssertTrue(1); OBJ_NAME_do_all(-1, obj_name_t, stderr); - AssertTrue(1); - res = TEST_RES_CHECK(1); + res = TEST_SUCCESS; #endif return res; @@ -63321,6 +63693,7 @@ static int test_SSL_CIPHER_get_xxx(void) int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) + EXPECT_DECLS; const SSL_CIPHER* cipher = NULL; STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; int i, numCiphers = 0; @@ -63372,9 +63745,9 @@ static int test_SSL_CIPHER_get_xxx(void) #endif #ifdef NO_WOLFSSL_SERVER - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif if (cipher_id) { @@ -63389,15 +63762,14 @@ static int test_SSL_CIPHER_get_xxx(void) testKeyFile = NULL; #endif if (testCertFile != NULL && testKeyFile != NULL) { - AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, + ExpectTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, SSL_FILETYPE_PEM)); - AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile, SSL_FILETYPE_PEM)); } - ssl = SSL_new(ctx); - AssertNotNull(ssl); - AssertIntEQ(SSL_in_init(ssl), 1); + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectIntEQ(SSL_in_init(ssl), 1); supportedCiphers = SSL_get_ciphers(ssl); numCiphers = sk_num(supportedCiphers); @@ -63414,11 +63786,11 @@ static int test_SSL_CIPHER_get_xxx(void) } /* test case for */ if (i != numCiphers) { - AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid1); - AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid2); - AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid3); - AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid4); - AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid5); + ExpectIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid1); + ExpectIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid2); + ExpectIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid3); + ExpectIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid4); + ExpectIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid5); } if (cipher_id2) { @@ -63435,21 +63807,19 @@ static int test_SSL_CIPHER_get_xxx(void) } /* test case for */ if (i != numCiphers) { - AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid21); - AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid22); - AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid23); - AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid24); - AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid25); + ExpectIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid21); + ExpectIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid22); + ExpectIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid23); + ExpectIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid24); + ExpectIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid25); } } } - if (ctx) - SSL_CTX_free(ctx); - if (ssl) - SSL_free(ssl); + SSL_CTX_free(ctx); + SSL_free(ssl); - res = TEST_RES_CHECK(1); + res = EXPECT_RESULT(); #endif return res; @@ -66116,9 +66486,10 @@ typedef struct { const char *name; TEST_FUNC func; byte run:1; + byte fail:1; } TEST_CASE; -#define TEST_DECL(func) { #func, func, 0 } +#define TEST_DECL(func) { #func, func, 0, 0 } int testAll = 1; @@ -66129,13 +66500,17 @@ TEST_CASE testCases[] = { #ifndef NO_WOLFSSL_SERVER TEST_DECL(test_wolfSSL_CTX_new), #endif + TEST_DECL(test_server_wolfSSL_new), + TEST_DECL(test_client_wolfSSL_new), #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM) TEST_DECL(test_for_double_Free), #endif #ifdef HAVE_IO_TESTS_DEPENDENCIES TEST_DECL(test_wolfSSL_get_finished), + /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_CTX_add_session), + /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_CTX_add_session_ext), #endif TEST_DECL(test_SSL_CIPHER_get_xxx), @@ -66150,7 +66525,9 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer), TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file), TEST_DECL(test_wolfSSL_CTX_load_verify_locations), + /* Large number of memory allocations. */ TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs), + TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse), TEST_DECL(test_wolfSSL_CheckOCSPResponse), TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer), @@ -66178,22 +66555,27 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_CTX_der_load_verify_locations), TEST_DECL(test_wolfSSL_CTX_enable_disable), TEST_DECL(test_wolfSSL_CTX_ticket_API), - TEST_DECL(test_server_wolfSSL_new), - TEST_DECL(test_client_wolfSSL_new), TEST_DECL(test_wolfSSL_SetTmpDH_file), TEST_DECL(test_wolfSSL_SetTmpDH_buffer), TEST_DECL(test_wolfSSL_SetMinMaxDhKey_Sz), TEST_DECL(test_SetTmpEC_DHE_Sz), TEST_DECL(test_wolfSSL_CTX_get0_privatekey), TEST_DECL(test_wolfSSL_dtls_set_mtu), + /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_dtls_plaintext), #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) TEST_DECL(test_wolfSSL_read_write), + /* Can't memory test as server hangs if client fails before second connect. + */ TEST_DECL(test_wolfSSL_reuse_WOLFSSLobj), - TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient), + TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient_1), + TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient_2), + TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient_3), TEST_DECL(test_wolfSSL_CTX_set_cipher_list), + /* Can't memory test as server hangs. */ TEST_DECL(test_wolfSSL_dtls_export), + /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_tls_export), #endif TEST_DECL(test_wolfSSL_SetMinVersion), @@ -66203,6 +66585,7 @@ TEST_CASE testCases[] = { #ifdef HAVE_IO_TESTS_DEPENDENCIES #ifdef HAVE_SNI TEST_DECL(test_wolfSSL_UseSNI_params), + /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_UseSNI_connection), TEST_DECL(test_wolfSSL_SNI_GetFromBuffer), #endif /* HAVE_SNI */ @@ -66212,10 +66595,12 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_UseTruncatedHMAC), TEST_DECL(test_wolfSSL_UseSupportedCurve), #if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES) + /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_UseALPN_connection), TEST_DECL(test_wolfSSL_UseALPN_params), #endif #ifdef HAVE_ALPN_PROTOS_SUPPORT + /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_set_alpn_protos), #endif TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret), @@ -66224,6 +66609,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_tls_ext_duplicate), #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) TEST_DECL(test_wolfSSL_Tls13_ECH_params), + /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_Tls13_ECH), #endif @@ -66238,6 +66624,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_URI), TEST_DECL(test_wolfSSL_TBS), TEST_DECL(test_wolfSSL_X509_verify), + /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_X509_TLS_version), TEST_DECL(test_wc_PemToDer), @@ -66290,6 +66677,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_ASN1_TYPE), TEST_DECL(test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS), + /* Converted above to use Expect unless where stated. */ /* compatibility tests */ TEST_DECL(test_wolfSSL_lhash), TEST_DECL(test_wolfSSL_X509_NAME), @@ -67256,13 +67644,15 @@ static double gettime_secs(void) } #endif -void ApiTest(void) +int ApiTest(void) { int i; int ret; + int res = 0; #ifndef WOLFSSL_UNIT_TEST_NO_TIMING double timeDiff; #endif + EXPECT_DECLS; printf(" Begin API Tests\n"); fflush(stdout); @@ -67270,46 +67660,56 @@ void ApiTest(void) /* we must perform init and cleanup if not all tests are running */ if (!testAll) { #ifdef WOLFCRYPT_ONLY - wolfCrypt_Init(); + if (wolfCrypt_Init() != 0) { + printf("wolfCrypt Initialization failed\n"); + res = 1; + } #else - wolfSSL_Init(); + if (wolfSSL_Init() != WOLFSSL_SUCCESS) { + printf("wolfSSL Initialization failed\n"); + res = 1; + } #endif } - for (i = 0; i < TEST_CASE_CNT; ++i) { - /* When not testing all cases then skip if not marked for running. */ - if (!testAll && !testCases[i].run) { - continue; + if (res == 0) { + for (i = 0; i < TEST_CASE_CNT; ++i) { + /* When not testing all cases then skip if not marked for running. + */ + if (!testAll && !testCases[i].run) { + continue; + } + + TestSetup(); + + printf(" %3d: %-52s:", i + 1, testCases[i].name); + fflush(stdout); + #ifndef WOLFSSL_UNIT_TEST_NO_TIMING + timeDiff = gettime_secs(); + #endif + ret = testCases[i].func(); + #ifndef WOLFSSL_UNIT_TEST_NO_TIMING + timeDiff = gettime_secs() - timeDiff; + #endif + #ifndef WOLFSSL_UNIT_TEST_NO_TIMING + if (ret != TEST_SKIPPED) { + printf(" %s (%9.5lf)\n", apitest_res_string(ret), timeDiff); + } + else + #endif + { + printf(" %s\n", apitest_res_string(ret)); + } + fflush(stdout); + /* if return code is < 0 and not skipped then assert error */ + Expect((ret > 0 || ret == TEST_SKIPPED), + ("Test failed\n"), + ("ret %d", ret)); + testCases[i].fail = ((ret <= 0) && (ret != TEST_SKIPPED)); + res |= ((ret <= 0) && (ret != TEST_SKIPPED)); + + TestCleanup(); } - - TestSetup(); - - printf(" %3d: %-52s:", i + 1, testCases[i].name); - fflush(stdout); - #ifndef WOLFSSL_UNIT_TEST_NO_TIMING - timeDiff = gettime_secs(); - #endif - ret = testCases[i].func(); - #ifndef WOLFSSL_UNIT_TEST_NO_TIMING - timeDiff = gettime_secs() - timeDiff; - #endif - #ifndef WOLFSSL_UNIT_TEST_NO_TIMING - if (ret != TEST_SKIPPED) { - printf(" %s (%9.5lf)\n", apitest_res_string(ret), timeDiff); - } - else - #endif - { - printf(" %s\n", apitest_res_string(ret)); - } - fflush(stdout); - /* if return code is < 0 and not skipped then assert error */ - Assert((ret > 0 || ret == TEST_SKIPPED), - ("Test failed\n"), - ("ret %d", ret)); - - - TestCleanup(); } #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \ @@ -67327,6 +67727,18 @@ void ApiTest(void) (void)testDevId; + if (res != 0) { + printf("\nFAILURES:\n"); + for (i = 0; i < TEST_CASE_CNT; ++i) { + if (testCases[i].fail) { + printf(" %3d: %s\n", i + 1, testCases[i].name); + } + } + printf("\n"); + fflush(stdout); + } + printf(" End API Tests\n"); fflush(stdout); + return res; } diff --git a/tests/unit.c b/tests/unit.c index bfb629cae..0f54f7a72 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -34,6 +34,7 @@ int allTesting = 1; +int apiTesting = 1; int myoptind = 0; char* myoptarg = NULL; int unit_test(int argc, char** argv); @@ -185,21 +186,26 @@ int unit_test(int argc, char** argv) goto exit; } else if (XSTRCMP(argv[1], "--api") == 0) { + allTesting = 0; + } + else if (XSTRCMP(argv[1], "--no-api") == 0) { + apiTesting = 0; } else if (argv[1][1] >= '0' && argv[1][1] <= '9') { ret = ApiTest_RunIdx(atoi(argv[1] + 1)); if (ret != 0) { goto exit; } + allTesting = 0; } else { ret = ApiTest_RunName(argv[1] + 1); if (ret != 0) { goto exit; } + allTesting = 0; } - allTesting = 0; argc--; argv++; } @@ -208,7 +214,11 @@ int unit_test(int argc, char** argv) if (argc == 1) #endif { - ApiTest(); + if (apiTesting) { + ret = ApiTest(); + if (ret != 0) + goto exit; + } if (!allTesting) { goto exit; diff --git a/tests/unit.h b/tests/unit.h index 1801df4dd..cce5257df 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -122,10 +122,111 @@ #define AssertPtrLE(x, y) AssertPtr(x, y, <=, >) +#define EXPECT_DECLS \ + int _ret = 0 +#define EXPECT_RESULT() \ + ((_ret == 0) ? TEST_SUCCESS : TEST_FAIL) +#define EXPECT_SUCCESS() \ + (_ret == 0) +#define EXPECT_FAIL() \ + (_ret != 0) + +#define ExpFail(description, result) do { \ + printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \ + fputs("\n expected: ", stdout); printf description; \ + fputs("\n result: ", stdout); printf result; fputs("\n\n", stdout); \ + fflush(stdout); \ + _ret = -1; \ +} while (0) + +#define Expect(test, description, result) \ + if ((_ret == 0) && (!(test))) ExpFail(description, result) + +#define ExpectTrue(x) Expect( (x), ("%s is true", #x), (#x " => FALSE")) +#define ExpectFalse(x) Expect(!(x), ("%s is false", #x), (#x " => TRUE")) +#define ExpectNotNull(x) Expect( (x), ("%s is not null", #x), (#x " => NULL")) + +#define ExpectNull(x) do { \ + if (_ret == 0) { \ + PEDANTIC_EXTENSION void* _x = (void*)(x); \ + Expect(!_x, ("%s is null", #x), (#x " => %p", _x)); \ + } \ +} while(0) + +#define ExpectInt(x, y, op, er) do { \ + if (_ret == 0) { \ + int _x = (int)(x); \ + int _y = (int)(y); \ + Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%d " #er " %d", _x, _y));\ + } \ +} while(0) + +#define ExpectIntEQ(x, y) ExpectInt(x, y, ==, !=) +#define ExpectIntNE(x, y) ExpectInt(x, y, !=, ==) +#define ExpectIntGT(x, y) ExpectInt(x, y, >, <=) +#define ExpectIntLT(x, y) ExpectInt(x, y, <, >=) +#define ExpectIntGE(x, y) ExpectInt(x, y, >=, <) +#define ExpectIntLE(x, y) ExpectInt(x, y, <=, >) + +#define ExpectStr(x, y, op, er) do { \ + if (_ret == 0) { \ + const char* _x = (const char*)(x); \ + const char* _y = (const char*)(y); \ + int _z = (_x && _y) ? strcmp(_x, _y) : -1; \ + Expect(_z op 0, ("%s " #op " %s", #x, #y), \ + ("\"%s\" " #er " \"%s\"", _x, _y));\ + } \ +} while(0) + +#define ExpectStrEQ(x, y) ExpectStr(x, y, ==, !=) +#define ExpectStrNE(x, y) ExpectStr(x, y, !=, ==) +#define ExpectStrGT(x, y) ExpectStr(x, y, >, <=) +#define ExpectStrLT(x, y) ExpectStr(x, y, <, >=) +#define ExpectStrGE(x, y) ExpectStr(x, y, >=, <) +#define ExpectStrLE(x, y) ExpectStr(x, y, <=, >) + +#define ExpectPtr(x, y, op, er) do { \ + if (_ret == 0) { \ + PRAGMA_GCC_DIAG_PUSH; \ + /* remarkably, without this inhibition, */ \ + /* the _Pragma()s make the declarations warn. */ \ + PRAGMA_GCC("GCC diagnostic ignored \"-Wdeclaration-after-statement\"");\ + /* inhibit "ISO C forbids conversion of function pointer */ \ + /* to object pointer type [-Werror=pedantic]" */ \ + PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\""); \ + void* _x = (void*)(x); \ + void* _y = (void*)(y); \ + Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y));\ + PRAGMA_GCC_DIAG_POP; \ + } \ +} while(0) + +#define ExpectPtrEq(x, y) ExpectPtr(x, y, ==, !=) +#define ExpectPtrNE(x, y) ExpectPtr(x, y, !=, ==) +#define ExpectPtrGT(x, y) ExpectPtr(x, y, >, <=) +#define ExpectPtrLT(x, y) ExpectPtr(x, y, <, >=) +#define ExpectPtrGE(x, y) ExpectPtr(x, y, >=, <) +#define ExpectPtrLE(x, y) ExpectPtr(x, y, <=, >) + +#define ExpectBuf(x, y, z, op, er) do { \ + if (_ret == 0) { \ + const byte* _x = (const byte*)(x); \ + const byte* _y = (const byte*)(y); \ + int _z = (int)(z); \ + int _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, _z) : -1; \ + Expect(_w op 0, ("%s " #op " %s for %s", #x, #y, #z), \ + ("\"%p\" " #er " \"%p\" for \"%d\"", _x, _y, _z));\ + } \ +} while(0) + +#define ExpectBufEQ(x, y, z) ExpectBuf(x, y, z, ==, !=) +#define ExpectBufNE(x, y, z) ExpectBuf(x, y, z, !=, ==) + + void ApiTest_PrintTestCases(void); int ApiTest_RunIdx(int idx); int ApiTest_RunName(char* name); -void ApiTest(void); +int ApiTest(void); int SuiteTest(int argc, char** argv); int HashTest(void); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 192ab09ae..a1897c00a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -15390,15 +15390,18 @@ static int ConfirmSignature(SignatureCtx* sigCtx, sigCtx->key.rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), sigCtx->heap, DYNAMIC_TYPE_RSA); - sigCtx->sigCpy = (byte*)XMALLOC(sigSz, sigCtx->heap, - DYNAMIC_TYPE_SIGNATURE); - if (sigCtx->key.rsa == NULL || sigCtx->sigCpy == NULL) { + if (sigCtx->key.rsa == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } if ((ret = wc_InitRsaKey_ex(sigCtx->key.rsa, sigCtx->heap, sigCtx->devId)) != 0) { goto exit_cs; } + sigCtx->sigCpy = (byte*)XMALLOC(sigSz, sigCtx->heap, + DYNAMIC_TYPE_SIGNATURE); + if (sigCtx->sigCpy == NULL) { + ERROR_OUT(MEMORY_E, exit_cs); + } if (sigSz > MAX_ENCODED_SIG_SZ) { WOLFSSL_MSG("Verify Signature is too big"); ERROR_OUT(BUFFER_E, exit_cs); diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 83a23ad79..ce98b4376 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -24,10 +24,6 @@ #include #endif -#ifdef WOLFSSL_LINUXKM - #define WOLFSSL_NEED_LINUX_CURRENT -#endif - #include /* check old macros @wc_fips */ @@ -55,6 +51,8 @@ Possible memory options: * WOLFSSL_MALLOC_CHECK: Reports malloc or alignment failure using WOLFSSL_STATIC_ALIGN * WOLFSSL_FORCE_MALLOC_FAIL_TEST: Used for internal testing to induce random malloc failures. * WOLFSSL_HEAP_TEST: Used for internal testing of heap hint + * WOLFSSL_MEM_FAIL_COUNT: Fail memory allocation at a count from + * environment variable: MEM_FAIL_CNT. */ #ifdef WOLFSSL_ZEPHYR @@ -264,6 +262,50 @@ void wc_MemZero_Check(void* addr, size_t len) } #endif /* WOLFSSL_CHECK_MEM_ZERO */ +#ifdef WOLFSSL_MEM_FAIL_COUNT +static wolfSSL_Mutex memFailMutex; +int mem_fail_allocs = 0; +int mem_fail_frees = 0; +int mem_fail_cnt = 0; + +void wc_MemFailCount_Init() +{ + wc_InitMutex(&memFailMutex); + char* cnt = getenv("MEM_FAIL_CNT"); + if (cnt != NULL) { + fprintf(stderr, "MemFailCount At: %d\n", mem_fail_cnt); + mem_fail_cnt = atoi(cnt); + } +} +static int wc_MemFailCount_AllocMem(void) +{ + int ret = 1; + + wc_LockMutex(&memFailMutex); + if ((mem_fail_cnt > 0) && (mem_fail_cnt <= mem_fail_allocs + 1)) { + ret = 0; + } + else { + mem_fail_allocs++; + } + wc_UnLockMutex(&memFailMutex); + + return ret; +} +static void wc_MemFailCount_FreeMem(void) +{ + wc_LockMutex(&memFailMutex); + mem_fail_frees++; + wc_UnLockMutex(&memFailMutex); +} +void wc_MemFailCount_Free() +{ + wc_FreeMutex(&memFailMutex); + fprintf(stderr, "MemFailCount Total: %d\n", mem_fail_allocs); + fprintf(stderr, "MemFailCount Frees: %d\n", mem_fail_frees); +} +#endif + #ifdef WOLFSSL_DEBUG_MEMORY void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line) #else @@ -272,6 +314,13 @@ void* wolfSSL_Malloc(size_t size) { void* res = 0; +#ifdef WOLFSSL_MEM_FAIL_COUNT + if (!wc_MemFailCount_AllocMem()) { + WOLFSSL_MSG("MemFailCnt: Fail malloc"); + return NULL; + } +#endif + #ifdef WOLFSSL_CHECK_MEM_ZERO /* Space for requested size. */ size += MEM_ALIGN; @@ -365,6 +414,9 @@ void wolfSSL_Free(void *ptr) /* Check that the pointer is zero where required. */ wc_MemZero_Check(((unsigned char*)ptr) + MEM_ALIGN, *(size_t*)ptr); #endif +#ifdef WOLFSSL_MEM_FAIL_COUNT + wc_MemFailCount_FreeMem(); +#endif if (free_function) { #ifdef WOLFSSL_DEBUG_MEMORY @@ -417,6 +469,13 @@ void* wolfSSL_Realloc(void *ptr, size_t size) #else void* res = 0; +#ifdef WOLFSSL_MEM_FAIL_COUNT + if (!wc_MemFailCount_AllocMem()) { + WOLFSSL_MSG("MemFailCnt: Fail realloc"); + return NULL; + } +#endif + if (realloc_function) { #ifdef WOLFSSL_DEBUG_MEMORY res = realloc_function(ptr, size, func, line); @@ -432,6 +491,12 @@ void* wolfSSL_Realloc(void *ptr, size_t size) #endif } +#ifdef WOLFSSL_MEM_FAIL_COUNT + if (ptr != NULL) { + wc_MemFailCount_FreeMem(); + } +#endif + return res; #endif } @@ -1245,6 +1310,13 @@ void *xmalloc(size_t n, void* heap, int type, const char* func, void* p = NULL; word32* p32; +#ifdef WOLFSSL_MEM_FAIL_COUNT + if (!wc_MemFailCount_AllocMem()) { + WOLFSSL_MSG("MemFailCnt: Fail malloc"); + return NULL; + } +#endif + if (malloc_function) p32 = malloc_function(n + sizeof(word32) * 4); else @@ -1270,6 +1342,13 @@ void *xrealloc(void *p, size_t n, void* heap, int type, const char* func, word32* oldp32 = NULL; word32 oldLen; +#ifdef WOLFSSL_MEM_FAIL_COUNT + if (!wc_MemFailCount_AllocMem()) { + WOLFSSL_MSG("MemFailCnt: Fail malloc"); + return NULL; + } +#endif + if (p != NULL) { oldp32 = (word32*)p; oldp32 -= 4; @@ -1293,6 +1372,12 @@ void *xrealloc(void *p, size_t n, void* heap, int type, const char* func, type, func, file, line); } +#ifdef WOLFSSL_MEM_FAIL_COUNT + if (p != NULL) { + wc_MemFailCount_FreeMem(); + } +#endif + (void)heap; return newp; @@ -1303,6 +1388,9 @@ void xfree(void *p, void* heap, int type, const char* func, const char* file, word32* p32 = (word32*)p; if (p != NULL) { + #ifdef WOLFSSL_MEM_FAIL_COUNT + wc_MemFailCount_FreeMem(); + #endif p32 -= 4; fprintf(stderr, "Free: %p -> %u (%d) at %s:%s:%u\n", p, p32[0], type, diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 1d0e935d2..7b387e151 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -144,6 +144,9 @@ int wolfCrypt_Init(void) * must be freed. */ wc_MemZero_Init(); #endif + #ifdef WOLFSSL_MEM_FAIL_COUNT + wc_MemFailCount_Init(); + #endif #ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST { @@ -474,6 +477,9 @@ int wolfCrypt_Cleanup(void) Entropy_Final(); #endif + #ifdef WOLFSSL_MEM_FAIL_COUNT + wc_MemFailCount_Free(); + #endif #ifdef WOLFSSL_CHECK_MEM_ZERO /* Free the mutex for access to the list of memory locations that * must be freed. */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 5bd9aea8f..8dac9e4ec 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -2930,12 +2930,13 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) wolfSSL_X509_get_subject_name(peer), 0, 0); printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer, subject); - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - /* preverify needs to be self-signer error for Qt compat. - * Should be ASN_SELF_SIGNED_E */ - if (XSTRCMP(issuer, subject) == 0 && preverify == ASN_NO_SIGNER_E) - return 0; + if (issuer != NULL && subject != NULL) { + /* preverify needs to be self-signer error for Qt compat. + * Should be ASN_SELF_SIGNED_E */ + if (XSTRCMP(issuer, subject) == 0 && preverify == ASN_NO_SIGNER_E) + return 0; + } #endif XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index 969a0c26e..15978b837 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -238,6 +238,11 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, __cyg_profile_func_exit(void *func, void *caller); #endif /* WOLFSSL_STACK_LOG */ +#ifdef WOLFSSL_MEM_FAIL_COUNT +WOLFSSL_LOCAL void wc_MemFailCount_Init(void); +WOLFSSL_LOCAL void wc_MemFailCount_Free(void); +#endif + #ifdef WOLFSSL_CHECK_MEM_ZERO WOLFSSL_LOCAL void wc_MemZero_Init(void); WOLFSSL_LOCAL void wc_MemZero_Free(void);