From 65b2b14a0f033475110bd3dc01a1d26b7d40130f Mon Sep 17 00:00:00 2001 From: John Blixt Date: Wed, 17 Aug 2016 10:32:03 -0600 Subject: [PATCH 1/7] added test functions for wolfCrypt_Init and OCSP stapling v1 and v2 --- tests/api.c | 104 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 103 insertions(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 689100e68..af0fb45c4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -101,6 +101,22 @@ static int test_wolfSSL_Cleanup(void) return result; } + +/* Initialize the wolfcrypt state. + * POST: 0 success. + */ +static int test_wolfCrypt_Init(void) +{ + int result; + + printf(testingFmt, "wolfCrypt_Init()"); + result = wolfCrypt_Init(); + printf(resultFmt, result == 0 ? passed : failed); + + return result; + +} /* END test_wolfCrypt_Init */ + /*----------------------------------------------------------------------------* | Method Allocators *----------------------------------------------------------------------------*/ @@ -1828,6 +1844,78 @@ static void test_wolfSSL_X509_NAME_get_entry(void) } +/*----------------------------------------------------------------------------* + | OCSP Stapling + *----------------------------------------------------------------------------*/ + + +/* Testing wolfSSL_UseOCSPStapling function. + * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST + * POST: 1 returned for success. + */ +#if defined(HAVE_OCSP) + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) +static int test_wolfSSL_UseOCSPStapling(void) +{ + int ret; + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + + + wolfSSL_Init(); + ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + ssl = wolfSSL_new(ctx); + printf(testingFmt, "wolfSSL_UseOCSPStapling()"); + + ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE); + + printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); + + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + wolfSSL_Cleanup(); + + if(ret) { return SSL_SUCCESS;} + else { return SSL_FAILURE;} + +} /*END test_wolfSSL_UseOCSPStapling */ + +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST. */ + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 +static int test_wolfSSL_UseOCSPStaplingV2(void) +{ + int ret; + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + + wolfSSL_Init(); + ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + ssl = wolfSSL_new(ctx); + printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()"); + + ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE ); + + printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + wolfSSL_Cleanup(); + + if(ret) {return SSL_SUCCESS;} + else {return SSL_FAILURE;} +} /*END test_wolfSSL_UseOCSPStaplingV2*/ + +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST. */ +#endif /* HAVE_OCSP*/ + + + + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -1852,16 +1940,30 @@ void ApiTest(void) test_wolfSSL_read_write(); test_wolfSSL_dtls_export(); + /* TLS extensions tests */ test_wolfSSL_UseSNI(); test_wolfSSL_UseMaxFragment(); test_wolfSSL_UseTruncatedHMAC(); test_wolfSSL_UseSupportedCurve(); test_wolfSSL_UseALPN(); - /* X509 tests */ test_wolfSSL_X509_NAME_get_entry(); + /* wolfcrypt initialization tests */ + AssertFalse(test_wolfCrypt_Init()); + + /*OCSP Stapling. */ +#if defined(HAVE_OCSP) +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + AssertTrue(test_wolfSSL_UseOCSPStapling()); +#endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + AssertTrue(test_wolfSSL_UseOCSPStaplingV2()); +#endif +#endif /* HAVE_OCSP. */ + test_wolfSSL_Cleanup(); printf(" End API Tests\n"); + } From 584733b138e7b513fb088a8c90177dba5d9fe3dd Mon Sep 17 00:00:00 2001 From: John Blixt Date: Wed, 17 Aug 2016 11:27:14 -0600 Subject: [PATCH 2/7] Chris looked at functions added for correctness. --- tests/api.c | 48 +++++++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 19 deletions(-) diff --git a/tests/api.c b/tests/api.c index af0fb45c4..00656fef6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1853,9 +1853,8 @@ static void test_wolfSSL_X509_NAME_get_entry(void) * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST * POST: 1 returned for success. */ -#if defined(HAVE_OCSP) - -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) +#if defined(HAVE_OCSP) + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) static int test_wolfSSL_UseOCSPStapling(void) { int ret; @@ -1876,16 +1875,19 @@ static int test_wolfSSL_UseOCSPStapling(void) wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - wolfSSL_Cleanup(); - - if(ret) { return SSL_SUCCESS;} - else { return SSL_FAILURE;} + + if(ret != SSL_SUCCESS){ + wolfSSL_Cleanup(); + return SSL_FAILURE; + } + + return wolfSSL_Cleanup(); } /*END test_wolfSSL_UseOCSPStapling */ -#endif /* HAVE_CERTIFICATE_STATUS_REQUEST. */ + #endif /* HAVE_CERTIFICATE_STATUS_REQUEST. */ -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 static int test_wolfSSL_UseOCSPStaplingV2(void) { int ret; @@ -1904,13 +1906,17 @@ static int test_wolfSSL_UseOCSPStaplingV2(void) wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - wolfSSL_Cleanup(); - if(ret) {return SSL_SUCCESS;} - else {return SSL_FAILURE;} + if(ret != SSL_SUCCESS){ + wolfSSL_Cleanup(); + return SSL_FAILURE; + } + + return wolfSSL_Cleanup(); + } /*END test_wolfSSL_UseOCSPStaplingV2*/ -#endif /* HAVE_CERTIFICATE_STATUS_REQUEST. */ + #endif /* HAVE_CERTIFICATE_STATUS_REQUEST. */ #endif /* HAVE_OCSP*/ @@ -1923,7 +1929,7 @@ static int test_wolfSSL_UseOCSPStaplingV2(void) void ApiTest(void) { printf(" Begin API Tests\n"); - test_wolfSSL_Init(); + AssertTrue(test_wolfSSL_Init()); test_wolfSSL_Method_Allocators(); test_wolfSSL_CTX_new(wolfSSLv23_server_method()); @@ -1955,15 +1961,19 @@ void ApiTest(void) /*OCSP Stapling. */ #if defined(HAVE_OCSP) -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + AssertTrue(test_wolfSSL_UseOCSPStapling()); -#endif -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + + #endif + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + AssertTrue(test_wolfSSL_UseOCSPStaplingV2()); -#endif + + #endif #endif /* HAVE_OCSP. */ - test_wolfSSL_Cleanup(); + AssertTrue(test_wolfSSL_Cleanup()); printf(" End API Tests\n"); } From cddc771829fe4eccc00ca236001fbebba6427463 Mon Sep 17 00:00:00 2001 From: John Blixt Date: Wed, 17 Aug 2016 14:05:37 -0600 Subject: [PATCH 3/7] Added wolfSSL_SetMinVersion --- tests/api.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/tests/api.c b/tests/api.c index 00656fef6..310d4cf0f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -29,6 +29,7 @@ #endif #include + #if defined(WOLFSSL_STATIC_MEMORY) #include #endif /* WOLFSSL_STATIC_MEMORY */ @@ -502,6 +503,40 @@ static void test_wolfSSL_SetTmpDH_buffer(void) #endif } + +/* Test function for wolfSSL_SetMinVersion + * POST: return 1 on success. + */ +static int test_wolfSSL_SetMinVersion(void) +{ + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + int version, ret; + + AssertTrue(wolfSSL_Init()); + ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + ssl = wolfSSL_new(ctx); + + version = 3; + + printf(testingFmt, "wolfSSL_SetMinVersion()"); + + ret = wolfSSL_SetMinVersion(ssl, version); + + printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + AssertTrue(wolfSSL_Cleanup()); + + if(ret != SSL_SUCCESS) { return SSL_FAILURE; } + + return SSL_SUCCESS; + +} /* END test_wolfSSL_SetMinVersion */ + + + /*----------------------------------------------------------------------------* | IO *----------------------------------------------------------------------------*/ @@ -1945,6 +1980,7 @@ void ApiTest(void) test_wolfSSL_SetTmpDH_buffer(); test_wolfSSL_read_write(); test_wolfSSL_dtls_export(); + AssertTrue(test_wolfSSL_SetMinVersion()); /* TLS extensions tests */ From b068eec96d598a3f09157261ba0cb120ad24b993 Mon Sep 17 00:00:00 2001 From: John Blixt Date: Wed, 17 Aug 2016 14:41:37 -0600 Subject: [PATCH 4/7] added wolfSSL_CTX_SetMinVersion --- tests/api.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/api.c b/tests/api.c index 310d4cf0f..ddfd8e17b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1878,6 +1878,30 @@ static void test_wolfSSL_X509_NAME_get_entry(void) #endif /* !NO_CERTS */ } +static int test_wolfSSL_CTX_SetMinVersion(void) +{ + WOLFSSL_CTX* ctx; + int version, ret; + + AssertTrue(wolfSSL_Init()); + ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + version = 3; + + printf(testingFmt, "wolfSSL_CTX_SetMinVersion()"); + + ret = wolfSSL_CTX_SetMinVersion(ctx, version); + + printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); + + wolfSSL_CTX_free(ctx); + AssertTrue(wolfSSL_Cleanup()); + + if(ret != SSL_SUCCESS) {return SSL_FAILURE;} + + return SSL_SUCCESS; + +} /* END test_wolfSSL_CTX_SetMinVersion */ + /*----------------------------------------------------------------------------* | OCSP Stapling @@ -1991,6 +2015,7 @@ void ApiTest(void) test_wolfSSL_UseALPN(); /* X509 tests */ test_wolfSSL_X509_NAME_get_entry(); + AssertTrue(test_wolfSSL_CTX_SetMinVersion()); /* wolfcrypt initialization tests */ AssertFalse(test_wolfCrypt_Init()); From f61c045e65e3018b78c1735389b8f9d1d16953c1 Mon Sep 17 00:00:00 2001 From: John Blixt Date: Thu, 18 Aug 2016 10:03:33 -0600 Subject: [PATCH 5/7] Changes to the Assert Macros used and added wolfSSL_CTX_use_certificate_buffer() --- tests/api.c | 67 ++++++++++++++++++++++++++++++++++------------------- 1 file changed, 43 insertions(+), 24 deletions(-) diff --git a/tests/api.c b/tests/api.c index ddfd8e17b..299800f25 100644 --- a/tests/api.c +++ b/tests/api.c @@ -211,6 +211,25 @@ static void test_wolfSSL_CTX_use_certificate_file(void) #endif } +static int test_wolfSSL_CTX_use_certificate_buffer(void) +{ +#ifndef NO_CERTS + WOLFSSL_CTX* ctx; + int ret; + + printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()"); + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #ifdef USE_CERT_BUFFERS_2048 + ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, + sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1); + #endif + printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); + + return ret; +#else + return; +#endif +} /*END test_wolfSSL_CTX_use_certificate_buffer*/ static void test_wolfSSL_CTX_use_PrivateKey_file(void) { @@ -511,17 +530,15 @@ static int test_wolfSSL_SetMinVersion(void) { WOLFSSL_CTX* ctx; WOLFSSL* ssl; - int version, ret; + int ret; AssertTrue(wolfSSL_Init()); ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); ssl = wolfSSL_new(ctx); - - version = 3; printf(testingFmt, "wolfSSL_SetMinVersion()"); - ret = wolfSSL_SetMinVersion(ssl, version); + ret = wolfSSL_SetMinVersion(ssl, 3); printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); @@ -536,7 +553,6 @@ static int test_wolfSSL_SetMinVersion(void) } /* END test_wolfSSL_SetMinVersion */ - /*----------------------------------------------------------------------------* | IO *----------------------------------------------------------------------------*/ @@ -1878,25 +1894,27 @@ static void test_wolfSSL_X509_NAME_get_entry(void) #endif /* !NO_CERTS */ } +/* Testing function wolfSSL_CTX_SetMinVersion + * POST: 1 on success. + */ static int test_wolfSSL_CTX_SetMinVersion(void) { WOLFSSL_CTX* ctx; - int version, ret; + int ret; AssertTrue(wolfSSL_Init()); ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); - version = 3; printf(testingFmt, "wolfSSL_CTX_SetMinVersion()"); - ret = wolfSSL_CTX_SetMinVersion(ctx, version); + ret = wolfSSL_CTX_SetMinVersion(ctx, 3); printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); wolfSSL_CTX_free(ctx); AssertTrue(wolfSSL_Cleanup()); - if(ret != SSL_SUCCESS) {return SSL_FAILURE;} + if(ret != SSL_SUCCESS) { return SSL_FAILURE; } return SSL_SUCCESS; @@ -1912,32 +1930,32 @@ static int test_wolfSSL_CTX_SetMinVersion(void) * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST * POST: 1 returned for success. */ -#if defined(HAVE_OCSP) +#if defined(HAVE_OCSP) #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) static int test_wolfSSL_UseOCSPStapling(void) { int ret; WOLFSSL_CTX* ctx; WOLFSSL* ssl; - - + + wolfSSL_Init(); ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStapling()"); - ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, + ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE); - + printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); - + wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - if(ret != SSL_SUCCESS){ + if(ret != SSL_SUCCESS){ wolfSSL_Cleanup(); - return SSL_FAILURE; + return SSL_FAILURE; } return wolfSSL_Cleanup(); @@ -1958,7 +1976,7 @@ static int test_wolfSSL_UseOCSPStaplingV2(void) ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()"); - ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, + ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE ); printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); @@ -1988,11 +2006,12 @@ static int test_wolfSSL_UseOCSPStaplingV2(void) void ApiTest(void) { printf(" Begin API Tests\n"); - AssertTrue(test_wolfSSL_Init()); + AssertIntEQ(test_wolfSSL_Init(), SSL_SUCCESS); test_wolfSSL_Method_Allocators(); test_wolfSSL_CTX_new(wolfSSLv23_server_method()); test_wolfSSL_CTX_use_certificate_file(); + AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), SSL_SUCCESS); test_wolfSSL_CTX_use_PrivateKey_file(); test_wolfSSL_CTX_load_verify_locations(); test_wolfSSL_CTX_trust_peer_cert(); @@ -2004,7 +2023,8 @@ void ApiTest(void) test_wolfSSL_SetTmpDH_buffer(); test_wolfSSL_read_write(); test_wolfSSL_dtls_export(); - AssertTrue(test_wolfSSL_SetMinVersion()); + AssertIntEQ(test_wolfSSL_SetMinVersion(), SSL_SUCCESS); + AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), SSL_SUCCESS); /* TLS extensions tests */ @@ -2015,7 +2035,6 @@ void ApiTest(void) test_wolfSSL_UseALPN(); /* X509 tests */ test_wolfSSL_X509_NAME_get_entry(); - AssertTrue(test_wolfSSL_CTX_SetMinVersion()); /* wolfcrypt initialization tests */ AssertFalse(test_wolfCrypt_Init()); @@ -2024,17 +2043,17 @@ void ApiTest(void) #if defined(HAVE_OCSP) #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) - AssertTrue(test_wolfSSL_UseOCSPStapling()); + AssertIntEQ(test_wolfSSL_UseOCSPStapling(), SSL_SUCCESS); #endif #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 - AssertTrue(test_wolfSSL_UseOCSPStaplingV2()); + AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), SSL_SUCCESS); #endif #endif /* HAVE_OCSP. */ - AssertTrue(test_wolfSSL_Cleanup()); + AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); printf(" End API Tests\n"); } From 813a9b05b5c51a43a0542f4a4e85ce82cb96e8ac Mon Sep 17 00:00:00 2001 From: John Blixt Date: Thu, 18 Aug 2016 15:07:07 -0600 Subject: [PATCH 6/7] Clean up and Chris check added the changes. --- tests/api.c | 203 ++++++++++++++++++++++++++++------------------------ 1 file changed, 109 insertions(+), 94 deletions(-) diff --git a/tests/api.c b/tests/api.c index 299800f25..54212a4a3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -103,7 +103,7 @@ static int test_wolfSSL_Cleanup(void) } -/* Initialize the wolfcrypt state. +/* Initialize the wolfCrypt state. * POST: 0 success. */ static int test_wolfCrypt_Init(void) @@ -211,24 +211,30 @@ static void test_wolfSSL_CTX_use_certificate_file(void) #endif } +/* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into + * context using buffer. + * PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with + * --enable-testcert flag. + */ static int test_wolfSSL_CTX_use_certificate_buffer(void) { -#ifndef NO_CERTS - WOLFSSL_CTX* ctx; - int ret; - - printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()"); - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); - #ifdef USE_CERT_BUFFERS_2048 - ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, + #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) + WOLFSSL_CTX* ctx; + int ret; + + printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()"); + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1); + + printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); + + return ret; + #else + return SSL_SUCCESS; #endif - printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); - - return ret; -#else - return; -#endif + } /*END test_wolfSSL_CTX_use_certificate_buffer*/ static void test_wolfSSL_CTX_use_PrivateKey_file(void) @@ -523,14 +529,20 @@ static void test_wolfSSL_SetTmpDH_buffer(void) } -/* Test function for wolfSSL_SetMinVersion +/* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version + * allowed. * POST: return 1 on success. */ static int test_wolfSSL_SetMinVersion(void) { WOLFSSL_CTX* ctx; WOLFSSL* ssl; - int ret; + int failFlag, itr; + + const char* versionsVar[] = { "retV1", "retV1_1", "retV1_2" }; + const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, + WOLFSSL_TLSV1_2}; + failFlag = SSL_SUCCESS; AssertTrue(wolfSSL_Init()); ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); @@ -538,17 +550,19 @@ static int test_wolfSSL_SetMinVersion(void) printf(testingFmt, "wolfSSL_SetMinVersion()"); - ret = wolfSSL_SetMinVersion(ssl, 3); - - printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); + for (itr = 0; itr < (int)(sizeof(versionsVar)/sizeof(char*)); itr++){ + if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != SSL_SUCCESS){ + failFlag = SSL_FAILURE; + } + } + + printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); AssertTrue(wolfSSL_Cleanup()); - - if(ret != SSL_SUCCESS) { return SSL_FAILURE; } - - return SSL_SUCCESS; + + return failFlag; } /* END test_wolfSSL_SetMinVersion */ @@ -1894,29 +1908,38 @@ static void test_wolfSSL_X509_NAME_get_entry(void) #endif /* !NO_CERTS */ } -/* Testing function wolfSSL_CTX_SetMinVersion +/* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade + * version allowed. * POST: 1 on success. */ static int test_wolfSSL_CTX_SetMinVersion(void) { WOLFSSL_CTX* ctx; - int ret; + int failFlag, itr; + + const char* versionsVar[] = { "retV1", "retV1_1", "retV1_2" }; + const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, + WOLFSSL_TLSV1_2 }; + + failFlag = SSL_SUCCESS; AssertTrue(wolfSSL_Init()); ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); printf(testingFmt, "wolfSSL_CTX_SetMinVersion()"); - ret = wolfSSL_CTX_SetMinVersion(ctx, 3); + for (itr = 0; itr < (int)(sizeof(versionsVar)/sizeof(char*)); itr++){ + if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != SSL_SUCCESS){ + failFlag = SSL_FAILURE; + } + } - printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); + printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed); wolfSSL_CTX_free(ctx); AssertTrue(wolfSSL_Cleanup()); - if(ret != SSL_SUCCESS) { return SSL_FAILURE; } - - return SSL_SUCCESS; + return failFlag; } /* END test_wolfSSL_CTX_SetMinVersion */ @@ -1926,78 +1949,82 @@ static int test_wolfSSL_CTX_SetMinVersion(void) *----------------------------------------------------------------------------*/ -/* Testing wolfSSL_UseOCSPStapling function. +/* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need + * need to contact the CA, lowering the cost of cert revocation checking. * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST * POST: 1 returned for success. */ -#if defined(HAVE_OCSP) - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) static int test_wolfSSL_UseOCSPStapling(void) { - int ret; - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) + int ret; + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + + wolfSSL_Init(); + ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + ssl = wolfSSL_new(ctx); + printf(testingFmt, "wolfSSL_UseOCSPStapling()"); + + ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE); + + printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); - wolfSSL_Init(); - ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); - ssl = wolfSSL_new(ctx); - printf(testingFmt, "wolfSSL_UseOCSPStapling()"); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); - ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, - WOLFSSL_CSR2_OCSP_USE_NONCE); + if(ret != SSL_SUCCESS){ + wolfSSL_Cleanup(); + return SSL_FAILURE; + } - printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); - - - wolfSSL_free(ssl); - wolfSSL_CTX_free(ctx); - - if(ret != SSL_SUCCESS){ - wolfSSL_Cleanup(); - return SSL_FAILURE; - } - - return wolfSSL_Cleanup(); + return wolfSSL_Cleanup(); + #else + return SSL_SUCCESS; + #endif } /*END test_wolfSSL_UseOCSPStapling */ - #endif /* HAVE_CERTIFICATE_STATUS_REQUEST. */ - #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 +/* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 funciton. OCSP + * stapling eliminates the need ot contact the CA and lowers cert revocation + * check. + * PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined. + */ static int test_wolfSSL_UseOCSPStaplingV2(void) { - int ret; - WOLFSSL_CTX* ctx; - WOLFSSL* ssl; + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) + int ret; + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; - wolfSSL_Init(); - ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); - ssl = wolfSSL_new(ctx); - printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()"); + wolfSSL_Init(); + ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + ssl = wolfSSL_new(ctx); + printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()"); - ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, - WOLFSSL_CSR2_OCSP_USE_NONCE ); + ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE ); - printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); + printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); - wolfSSL_free(ssl); - wolfSSL_CTX_free(ctx); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); - if(ret != SSL_SUCCESS){ - wolfSSL_Cleanup(); - return SSL_FAILURE; - } + if(ret != SSL_SUCCESS){ + wolfSSL_Cleanup(); + return SSL_FAILURE; + } - return wolfSSL_Cleanup(); + return wolfSSL_Cleanup(); + #else + return SSL_SUCCESS; + #endif } /*END test_wolfSSL_UseOCSPStaplingV2*/ - #endif /* HAVE_CERTIFICATE_STATUS_REQUEST. */ -#endif /* HAVE_OCSP*/ - - - /*----------------------------------------------------------------------------* | Main @@ -2007,7 +2034,8 @@ void ApiTest(void) { printf(" Begin API Tests\n"); AssertIntEQ(test_wolfSSL_Init(), SSL_SUCCESS); - + /* wolfcrypt initialization tests */ + AssertFalse(test_wolfCrypt_Init()); test_wolfSSL_Method_Allocators(); test_wolfSSL_CTX_new(wolfSSLv23_server_method()); test_wolfSSL_CTX_use_certificate_file(); @@ -2026,33 +2054,20 @@ void ApiTest(void) AssertIntEQ(test_wolfSSL_SetMinVersion(), SSL_SUCCESS); AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), SSL_SUCCESS); - /* TLS extensions tests */ test_wolfSSL_UseSNI(); test_wolfSSL_UseMaxFragment(); test_wolfSSL_UseTruncatedHMAC(); test_wolfSSL_UseSupportedCurve(); test_wolfSSL_UseALPN(); + /* X509 tests */ test_wolfSSL_X509_NAME_get_entry(); - /* wolfcrypt initialization tests */ - AssertFalse(test_wolfCrypt_Init()); - /*OCSP Stapling. */ -#if defined(HAVE_OCSP) - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) - AssertIntEQ(test_wolfSSL_UseOCSPStapling(), SSL_SUCCESS); - - #endif - #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 - AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), SSL_SUCCESS); - #endif -#endif /* HAVE_OCSP. */ - AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); printf(" End API Tests\n"); From a9935cbc285d3420d7ab12309111c07ffdda46b1 Mon Sep 17 00:00:00 2001 From: John Blixt Date: Fri, 19 Aug 2016 10:23:55 -0600 Subject: [PATCH 7/7] Made changes found by Jenkins. --- tests/api.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/tests/api.c b/tests/api.c index 54212a4a3..b2dfdfbe6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -218,7 +218,7 @@ static void test_wolfSSL_CTX_use_certificate_file(void) */ static int test_wolfSSL_CTX_use_certificate_buffer(void) { - #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) + #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) WOLFSSL_CTX* ctx; int ret; @@ -229,6 +229,7 @@ static int test_wolfSSL_CTX_use_certificate_buffer(void) sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1); printf(resultFmt, ret == SSL_SUCCESS ? passed : failed); + wolfSSL_CTX_free(ctx); return ret; #else @@ -538,10 +539,13 @@ static int test_wolfSSL_SetMinVersion(void) WOLFSSL_CTX* ctx; WOLFSSL* ssl; int failFlag, itr; - - const char* versionsVar[] = { "retV1", "retV1_1", "retV1_2" }; - const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, + + #ifndef NO_OLD_TLS + const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2}; + #else + const int versions[] = { WOLFSSL_TLSV1_2 }; + #endif failFlag = SSL_SUCCESS; AssertTrue(wolfSSL_Init()); @@ -550,18 +554,18 @@ static int test_wolfSSL_SetMinVersion(void) printf(testingFmt, "wolfSSL_SetMinVersion()"); - for (itr = 0; itr < (int)(sizeof(versionsVar)/sizeof(char*)); itr++){ + for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){ if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != SSL_SUCCESS){ failFlag = SSL_FAILURE; } } - + printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); AssertTrue(wolfSSL_Cleanup()); - + return failFlag; } /* END test_wolfSSL_SetMinVersion */ @@ -1916,10 +1920,13 @@ static int test_wolfSSL_CTX_SetMinVersion(void) { WOLFSSL_CTX* ctx; int failFlag, itr; - - const char* versionsVar[] = { "retV1", "retV1_1", "retV1_2" }; - const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, + + #ifndef NO_OLD_TLS + const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2 }; + #else + const int versions[] = { WOLFSSL_TLSV1_2 }; + #endif failFlag = SSL_SUCCESS; @@ -1928,10 +1935,10 @@ static int test_wolfSSL_CTX_SetMinVersion(void) printf(testingFmt, "wolfSSL_CTX_SetMinVersion()"); - for (itr = 0; itr < (int)(sizeof(versionsVar)/sizeof(char*)); itr++){ + for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){ if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != SSL_SUCCESS){ failFlag = SSL_FAILURE; - } + } } printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed);