mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 14:50:49 +02:00
Add regression tests for group-setting and shared-cipher API guards
Extend test_tls13_apis with negative-count assertions for wolfSSL_CTX_set_groups and wolfSSL_set_groups, and NULL-groups assertions for wolfSSL_CTX_set1_groups and wolfSSL_set1_groups (tests/api/test_tls13.c). Add test_wolfSSL_get_shared_ciphers covering NULL ssl, NULL buf, and zero-length inputs (tests/api/test_tls.c).
This commit is contained in:
@@ -1354,6 +1354,32 @@ int test_wolfSSL_alert_type_string(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_wolfSSL_get_shared_ciphers(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if !defined(WOLFSSL_NO_TLS12) && !defined(NO_TLS)
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
WOLFSSL_CTX* ctx = NULL;
|
||||
WOLFSSL* ssl = NULL;
|
||||
char buf[32];
|
||||
|
||||
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
|
||||
ExpectNotNull(ssl = wolfSSL_new(ctx));
|
||||
|
||||
/* NULL ssl - pre-existing guard; pins the contract. */
|
||||
ExpectNull(wolfSSL_get_shared_ciphers(NULL, buf, sizeof(buf)));
|
||||
/* NULL buf - primary regression case (pre-fix: XMEMCPY(NULL, ...) crash). */
|
||||
ExpectNull(wolfSSL_get_shared_ciphers(ssl, NULL, sizeof(buf)));
|
||||
/* len == 0 - pre-existing guard; pins the contract. */
|
||||
ExpectNull(wolfSSL_get_shared_ciphers(ssl, buf, 0));
|
||||
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
#endif /* NO_WOLFSSL_CLIENT */
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/* Test the TLS 1.2 peerAuthGood fail-safe checks directly on both sides.
|
||||
* The client branch sets NO_PEER_VERIFY; the server branch returns a generic
|
||||
* fatal error from TICKET_SENT before sending its Finished. */
|
||||
|
||||
@@ -43,6 +43,7 @@ int test_wolfSSL_alert_type_string(void);
|
||||
int test_wolfSSL_alert_desc_string(void);
|
||||
int test_record_size_matches_build_message(void);
|
||||
int test_record_size_cache_invalidated_on_renegotiation(void);
|
||||
int test_wolfSSL_get_shared_ciphers(void);
|
||||
|
||||
#define TEST_TLS_DECLS \
|
||||
TEST_DECL_GROUP("tls", test_utils_memio_move_message), \
|
||||
@@ -67,6 +68,7 @@ int test_record_size_cache_invalidated_on_renegotiation(void);
|
||||
TEST_DECL_GROUP("tls", test_tls12_peerauth_failsafe), \
|
||||
TEST_DECL_GROUP("tls", test_record_size_matches_build_message), \
|
||||
TEST_DECL_GROUP("tls", \
|
||||
test_record_size_cache_invalidated_on_renegotiation)
|
||||
test_record_size_cache_invalidated_on_renegotiation), \
|
||||
TEST_DECL_GROUP("tls", test_wolfSSL_get_shared_ciphers)
|
||||
|
||||
#endif /* TESTS_API_TEST_TLS_H */
|
||||
|
||||
@@ -590,6 +590,8 @@ int test_tls13_apis(void)
|
||||
#endif
|
||||
ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
|
||||
WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, -1),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
|
||||
WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
|
||||
@@ -617,6 +619,8 @@ int test_tls13_apis(void)
|
||||
#endif
|
||||
ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups,
|
||||
WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, -1),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
|
||||
WOLFSSL_SUCCESS);
|
||||
ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
|
||||
@@ -648,6 +652,10 @@ int test_tls13_apis(void)
|
||||
WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
|
||||
ExpectIntEQ(wolfSSL_set1_groups(clientSsl, too_many_groups,
|
||||
WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
|
||||
ExpectIntEQ(wolfSSL_CTX_set1_groups(clientCtx, NULL, 1),
|
||||
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
|
||||
ExpectIntEQ(wolfSSL_set1_groups(clientSsl, NULL, 1),
|
||||
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
|
||||
#endif
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
|
||||
Reference in New Issue
Block a user