feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Clean up and Chris check added the changes.

Browse Source
This commit is contained in:
John Blixt
2016-08-18 15:07:07 -06:00
parent f61c045e65
commit 813a9b05b5
1 changed files with 109 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

203
tests/api.c
View File

@ -103,7 +103,7 @@ static int test_wolfSSL_Cleanup(void)
} }
/* Initialize the wolfcrypt state. /* Initialize the wolfCrypt state.
* POST: 0 success. * POST: 0 success.
*/ */
static int test_wolfCrypt_Init(void) static int test_wolfCrypt_Init(void)
@ -211,24 +211,30 @@ static void test_wolfSSL_CTX_use_certificate_file(void)
#endif #endif
} }
/* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
* context using buffer.
* PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
* --enable-testcert flag.
*/
static int test_wolfSSL_CTX_use_certificate_buffer(void) static int test_wolfSSL_CTX_use_certificate_buffer(void)
{ {
#ifndef NO_CERTS #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048)
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
int ret; int ret;
printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()"); printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#ifdef USE_CERT_BUFFERS_2048
ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1); sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1);
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
return ret;
#else
return SSL_SUCCESS;
#endif #endif
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
return ret;
#else
return;
#endif
} /*END test_wolfSSL_CTX_use_certificate_buffer*/ } /*END test_wolfSSL_CTX_use_certificate_buffer*/
static void test_wolfSSL_CTX_use_PrivateKey_file(void) static void test_wolfSSL_CTX_use_PrivateKey_file(void)
@ -523,14 +529,20 @@ static void test_wolfSSL_SetTmpDH_buffer(void)
} }
/* Test function for wolfSSL_SetMinVersion /* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
* allowed.
* POST: return 1 on success. * POST: return 1 on success.
*/ */
static int test_wolfSSL_SetMinVersion(void) static int test_wolfSSL_SetMinVersion(void)
{ {
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
WOLFSSL* ssl; WOLFSSL* ssl;
int ret; int failFlag, itr;
const char* versionsVar[] = { "retV1", "retV1_1", "retV1_2" };
const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2};
failFlag = SSL_SUCCESS;
AssertTrue(wolfSSL_Init()); AssertTrue(wolfSSL_Init());
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
@ -538,17 +550,19 @@ static int test_wolfSSL_SetMinVersion(void)
printf(testingFmt, "wolfSSL_SetMinVersion()"); printf(testingFmt, "wolfSSL_SetMinVersion()");
ret = wolfSSL_SetMinVersion(ssl, 3); for (itr = 0; itr < (int)(sizeof(versionsVar)/sizeof(char*)); itr++){
if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != SSL_SUCCESS){
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); failFlag = SSL_FAILURE;
}
}
printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl); wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
AssertTrue(wolfSSL_Cleanup()); AssertTrue(wolfSSL_Cleanup());
if(ret != SSL_SUCCESS) { return SSL_FAILURE; } return failFlag;
return SSL_SUCCESS;
} /* END test_wolfSSL_SetMinVersion */ } /* END test_wolfSSL_SetMinVersion */
@ -1894,29 +1908,38 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
#endif /* !NO_CERTS */ #endif /* !NO_CERTS */
} }
/* Testing function wolfSSL_CTX_SetMinVersion /* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade
* version allowed.
* POST: 1 on success. * POST: 1 on success.
*/ */
static int test_wolfSSL_CTX_SetMinVersion(void) static int test_wolfSSL_CTX_SetMinVersion(void)
{ {
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
int ret; int failFlag, itr;
const char* versionsVar[] = { "retV1", "retV1_1", "retV1_2" };
const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2 };
failFlag = SSL_SUCCESS;
AssertTrue(wolfSSL_Init()); AssertTrue(wolfSSL_Init());
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
printf(testingFmt, "wolfSSL_CTX_SetMinVersion()"); printf(testingFmt, "wolfSSL_CTX_SetMinVersion()");
ret = wolfSSL_CTX_SetMinVersion(ctx, 3); for (itr = 0; itr < (int)(sizeof(versionsVar)/sizeof(char*)); itr++){
if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != SSL_SUCCESS){
failFlag = SSL_FAILURE;
}
}
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
AssertTrue(wolfSSL_Cleanup()); AssertTrue(wolfSSL_Cleanup());
if(ret != SSL_SUCCESS) { return SSL_FAILURE; } return failFlag;
return SSL_SUCCESS;
} /* END test_wolfSSL_CTX_SetMinVersion */ } /* END test_wolfSSL_CTX_SetMinVersion */
@ -1926,78 +1949,82 @@ static int test_wolfSSL_CTX_SetMinVersion(void)
*----------------------------------------------------------------------------*/ *----------------------------------------------------------------------------*/
/* Testing wolfSSL_UseOCSPStapling function. /* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need
* need to contact the CA, lowering the cost of cert revocation checking.
* PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
* POST: 1 returned for success. * POST: 1 returned for success.
*/ */
#if defined(HAVE_OCSP)
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
static int test_wolfSSL_UseOCSPStapling(void) static int test_wolfSSL_UseOCSPStapling(void)
{ {
int ret; #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP)
WOLFSSL_CTX* ctx; int ret;
WOLFSSL* ssl; WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
wolfSSL_Init();
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStapling()");
ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE);
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
wolfSSL_Init(); wolfSSL_free(ssl);
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); wolfSSL_CTX_free(ctx);
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStapling()");
ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, if(ret != SSL_SUCCESS){
WOLFSSL_CSR2_OCSP_USE_NONCE); wolfSSL_Cleanup();
return SSL_FAILURE;
}
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); return wolfSSL_Cleanup();
#else
return SSL_SUCCESS;
wolfSSL_free(ssl); #endif
wolfSSL_CTX_free(ctx);
if(ret != SSL_SUCCESS){
wolfSSL_Cleanup();
return SSL_FAILURE;
}
return wolfSSL_Cleanup();
} /*END test_wolfSSL_UseOCSPStapling */ } /*END test_wolfSSL_UseOCSPStapling */
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST. */
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 /* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 funciton. OCSP
* stapling eliminates the need ot contact the CA and lowers cert revocation
* check.
* PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined.
*/
static int test_wolfSSL_UseOCSPStaplingV2(void) static int test_wolfSSL_UseOCSPStaplingV2(void)
{ {
int ret; #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP)
WOLFSSL_CTX* ctx; int ret;
WOLFSSL* ssl; WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
wolfSSL_Init(); wolfSSL_Init();
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
ssl = wolfSSL_new(ctx); ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()"); printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()");
ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE ); WOLFSSL_CSR2_OCSP_USE_NONCE );
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl); wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
if(ret != SSL_SUCCESS){ if(ret != SSL_SUCCESS){
wolfSSL_Cleanup(); wolfSSL_Cleanup();
return SSL_FAILURE; return SSL_FAILURE;
} }
return wolfSSL_Cleanup(); return wolfSSL_Cleanup();
#else
return SSL_SUCCESS;
#endif
} /*END test_wolfSSL_UseOCSPStaplingV2*/ } /*END test_wolfSSL_UseOCSPStaplingV2*/
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST. */
#endif /* HAVE_OCSP*/
/*----------------------------------------------------------------------------* /*----------------------------------------------------------------------------*
| Main | Main
@ -2007,7 +2034,8 @@ void ApiTest(void)
{ {
printf(" Begin API Tests\n"); printf(" Begin API Tests\n");
AssertIntEQ(test_wolfSSL_Init(), SSL_SUCCESS); AssertIntEQ(test_wolfSSL_Init(), SSL_SUCCESS);
/* wolfcrypt initialization tests */
AssertFalse(test_wolfCrypt_Init());
test_wolfSSL_Method_Allocators(); test_wolfSSL_Method_Allocators();
test_wolfSSL_CTX_new(wolfSSLv23_server_method()); test_wolfSSL_CTX_new(wolfSSLv23_server_method());
test_wolfSSL_CTX_use_certificate_file(); test_wolfSSL_CTX_use_certificate_file();
@ -2026,33 +2054,20 @@ void ApiTest(void)
AssertIntEQ(test_wolfSSL_SetMinVersion(), SSL_SUCCESS); AssertIntEQ(test_wolfSSL_SetMinVersion(), SSL_SUCCESS);
AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), SSL_SUCCESS); AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), SSL_SUCCESS);
/* TLS extensions tests */ /* TLS extensions tests */
test_wolfSSL_UseSNI(); test_wolfSSL_UseSNI();
test_wolfSSL_UseMaxFragment(); test_wolfSSL_UseMaxFragment();
test_wolfSSL_UseTruncatedHMAC(); test_wolfSSL_UseTruncatedHMAC();
test_wolfSSL_UseSupportedCurve(); test_wolfSSL_UseSupportedCurve();
test_wolfSSL_UseALPN(); test_wolfSSL_UseALPN();
/* X509 tests */ /* X509 tests */
test_wolfSSL_X509_NAME_get_entry(); test_wolfSSL_X509_NAME_get_entry();
/* wolfcrypt initialization tests */
AssertFalse(test_wolfCrypt_Init());
/*OCSP Stapling. */ /*OCSP Stapling. */
#if defined(HAVE_OCSP)
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
AssertIntEQ(test_wolfSSL_UseOCSPStapling(), SSL_SUCCESS); AssertIntEQ(test_wolfSSL_UseOCSPStapling(), SSL_SUCCESS);
#endif
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), SSL_SUCCESS); AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), SSL_SUCCESS);
#endif
#endif /* HAVE_OCSP. */
AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS);
printf(" End API Tests\n"); printf(" End API Tests\n");