forked from wolfSSL/wolfssl
Add support for maximum DH key size
This commit is contained in:
Sean Parkinson
155
tests/api.c
155
tests/api.c
@@ -772,6 +772,37 @@ static void test_wolfSSL_CTX_SetTmpDH_buffer(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
static void test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
|
||||
{
|
||||
#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_CLIENT)
|
||||
WOLFSSL_CTX *ctx;
|
||||
|
||||
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
|
||||
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
|
||||
|
||||
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
|
||||
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048));
|
||||
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
|
||||
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
|
||||
|
||||
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
|
||||
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048));
|
||||
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
|
||||
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
|
||||
wolfSSL_CTX_free(ctx);
|
||||
#endif
|
||||
}
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| SSL
|
||||
*----------------------------------------------------------------------------*/
|
||||
@@ -907,6 +938,56 @@ static void test_wolfSSL_SetTmpDH_buffer(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
static void test_wolfSSL_SetMinMaxDhKey_Sz(void)
|
||||
{
|
||||
#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_CLIENT)
|
||||
WOLFSSL_CTX *ctx, *ctx2;
|
||||
WOLFSSL *ssl, *ssl2;
|
||||
|
||||
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
|
||||
AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
|
||||
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
|
||||
sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
|
||||
AssertNotNull(ssl = wolfSSL_new(ctx));
|
||||
AssertNotNull(ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method()));
|
||||
AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048,
|
||||
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048,
|
||||
sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
|
||||
AssertNotNull(ssl2 = wolfSSL_new(ctx2));
|
||||
|
||||
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
|
||||
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048));
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
|
||||
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072));
|
||||
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
|
||||
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
|
||||
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048));
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
|
||||
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024));
|
||||
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
|
||||
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
|
||||
|
||||
wolfSSL_free(ssl2);
|
||||
wolfSSL_CTX_free(ctx2);
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
/* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
|
||||
* allowed.
|
||||
@@ -1814,26 +1895,26 @@ static void test_wolfSSL_read_write(void)
|
||||
defined(WOLFSSL_SESSION_EXPORT)
|
||||
/* canned export of a session using older version 3 */
|
||||
static unsigned char version_3[] = {
|
||||
0xA5, 0xA3, 0x01, 0x87, 0x00, 0x39, 0x00, 0x01,
|
||||
0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
|
||||
0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
|
||||
0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01,
|
||||
0xA5, 0xA3, 0x01, 0x87, 0x00, 0x3b, 0x00, 0x01,
|
||||
0x00, 0x00, 0x00, 0x80, 0x0C, 0x00, 0x00, 0x00,
|
||||
0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
|
||||
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x30, 0x05,
|
||||
0x09, 0x0A, 0x01, 0x01, 0x00, 0x0D, 0x05, 0xFE,
|
||||
0xFD, 0x01, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0xC0, 0x30, 0x05, 0x09, 0x0A,
|
||||
0x01, 0x01, 0x00, 0x0D, 0x05, 0xFE, 0xFD, 0x01,
|
||||
0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x06, 0x00, 0x05, 0x00, 0x06, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00,
|
||||
0x05, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00,
|
||||
0x01, 0x00, 0x07, 0x00, 0x00, 0x00, 0x30, 0x00,
|
||||
0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x02, 0x00,
|
||||
0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x02, 0x00, 0x00, 0x00, 0x3F, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x06, 0x00, 0x01, 0x00, 0x07, 0x00, 0x00, 0x00,
|
||||
0x30, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00,
|
||||
0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3F, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
@@ -1845,25 +1926,25 @@ static unsigned char version_3[] = {
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x20, 0x05, 0x12, 0xCF, 0x22,
|
||||
0xA1, 0x9F, 0x1C, 0x39, 0x1D, 0x31, 0x11, 0x12,
|
||||
0x1D, 0x11, 0x18, 0x0D, 0x0B, 0xF3, 0xE1, 0x4D,
|
||||
0xDC, 0xB1, 0xF1, 0x39, 0x98, 0x91, 0x6C, 0x48,
|
||||
0xE5, 0xED, 0x11, 0x12, 0xA0, 0x00, 0xF2, 0x25,
|
||||
0x4C, 0x09, 0x26, 0xD1, 0x74, 0xDF, 0x23, 0x40,
|
||||
0x15, 0x6A, 0x42, 0x2A, 0x26, 0xA5, 0xAC, 0x56,
|
||||
0xD5, 0x4A, 0x20, 0xB7, 0xE9, 0xEF, 0xEB, 0xAF,
|
||||
0xA8, 0x1E, 0x23, 0x7C, 0x04, 0xAA, 0xA1, 0x6D,
|
||||
0x92, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x01, 0x0C, 0x79, 0x7B,
|
||||
0xFA, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0xAA, 0xA1, 0x6D, 0x92, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10,
|
||||
0x00, 0x20, 0x00, 0x04, 0x00, 0x10, 0x00, 0x10,
|
||||
0x08, 0x02, 0x05, 0x08, 0x01, 0x30, 0x28, 0x00,
|
||||
0x00, 0x0F, 0x00, 0x02, 0x00, 0x09, 0x31, 0x32,
|
||||
0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0xED,
|
||||
0x4F
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x05, 0x12,
|
||||
0xCF, 0x22, 0xA1, 0x9F, 0x1C, 0x39, 0x1D, 0x31,
|
||||
0x11, 0x12, 0x1D, 0x11, 0x18, 0x0D, 0x0B, 0xF3,
|
||||
0xE1, 0x4D, 0xDC, 0xB1, 0xF1, 0x39, 0x98, 0x91,
|
||||
0x6C, 0x48, 0xE5, 0xED, 0x11, 0x12, 0xA0, 0x00,
|
||||
0xF2, 0x25, 0x4C, 0x09, 0x26, 0xD1, 0x74, 0xDF,
|
||||
0x23, 0x40, 0x15, 0x6A, 0x42, 0x2A, 0x26, 0xA5,
|
||||
0xAC, 0x56, 0xD5, 0x4A, 0x20, 0xB7, 0xE9, 0xEF,
|
||||
0xEB, 0xAF, 0xA8, 0x1E, 0x23, 0x7C, 0x04, 0xAA,
|
||||
0xA1, 0x6D, 0x92, 0x79, 0x7B, 0xFA, 0x80, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0C,
|
||||
0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0xAA, 0xA1, 0x6D, 0x92,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x10, 0x00, 0x20, 0x00, 0x04, 0x00, 0x10,
|
||||
0x00, 0x10, 0x08, 0x02, 0x05, 0x08, 0x01, 0x30,
|
||||
0x28, 0x00, 0x00, 0x0F, 0x00, 0x02, 0x00, 0x09,
|
||||
0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E,
|
||||
0x31, 0xED, 0x4F
|
||||
};
|
||||
#endif /* defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
|
||||
defined(WOLFSSL_SESSION_EXPORT) */
|
||||
@@ -19899,10 +19980,12 @@ void ApiTest(void)
|
||||
test_wolfSSL_CTX_trust_peer_cert();
|
||||
test_wolfSSL_CTX_SetTmpDH_file();
|
||||
test_wolfSSL_CTX_SetTmpDH_buffer();
|
||||
test_wolfSSL_CTX_SetMinMaxDhKey_Sz();
|
||||
test_server_wolfSSL_new();
|
||||
test_client_wolfSSL_new();
|
||||
test_wolfSSL_SetTmpDH_file();
|
||||
test_wolfSSL_SetTmpDH_buffer();
|
||||
test_wolfSSL_SetMinMaxDhKey_Sz();
|
||||
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
|
||||
test_wolfSSL_read_write();
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user