Add regression tests for group-setting and shared-cipher API guards

Extend test_tls13_apis with negative-count assertions for
wolfSSL_CTX_set_groups and wolfSSL_set_groups, and NULL-groups
assertions for wolfSSL_CTX_set1_groups and wolfSSL_set1_groups
(tests/api/test_tls13.c).

Add test_wolfSSL_get_shared_ciphers covering NULL ssl, NULL buf, and
zero-length inputs (tests/api/test_tls.c).
This commit is contained in:
Colton Willey
2026-04-28 13:05:44 -07:00
parent af0db53e86
commit 00a21b0bfa
3 changed files with 37 additions and 1 deletions
+26
View File
@@ -1354,6 +1354,32 @@ int test_wolfSSL_alert_type_string(void)
return EXPECT_RESULT();
}
int test_wolfSSL_get_shared_ciphers(void)
{
EXPECT_DECLS;
#if !defined(WOLFSSL_NO_TLS12) && !defined(NO_TLS)
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
char buf[32];
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
ExpectNotNull(ssl = wolfSSL_new(ctx));
/* NULL ssl - pre-existing guard; pins the contract. */
ExpectNull(wolfSSL_get_shared_ciphers(NULL, buf, sizeof(buf)));
/* NULL buf - primary regression case (pre-fix: XMEMCPY(NULL, ...) crash). */
ExpectNull(wolfSSL_get_shared_ciphers(ssl, NULL, sizeof(buf)));
/* len == 0 - pre-existing guard; pins the contract. */
ExpectNull(wolfSSL_get_shared_ciphers(ssl, buf, 0));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif /* NO_WOLFSSL_CLIENT */
#endif
return EXPECT_RESULT();
}
/* Test the TLS 1.2 peerAuthGood fail-safe checks directly on both sides.
* The client branch sets NO_PEER_VERIFY; the server branch returns a generic
* fatal error from TICKET_SENT before sending its Finished. */
+3 -1
View File
@@ -43,6 +43,7 @@ int test_wolfSSL_alert_type_string(void);
int test_wolfSSL_alert_desc_string(void);
int test_record_size_matches_build_message(void);
int test_record_size_cache_invalidated_on_renegotiation(void);
int test_wolfSSL_get_shared_ciphers(void);
#define TEST_TLS_DECLS \
TEST_DECL_GROUP("tls", test_utils_memio_move_message), \
@@ -67,6 +68,7 @@ int test_record_size_cache_invalidated_on_renegotiation(void);
TEST_DECL_GROUP("tls", test_tls12_peerauth_failsafe), \
TEST_DECL_GROUP("tls", test_record_size_matches_build_message), \
TEST_DECL_GROUP("tls", \
test_record_size_cache_invalidated_on_renegotiation)
test_record_size_cache_invalidated_on_renegotiation), \
TEST_DECL_GROUP("tls", test_wolfSSL_get_shared_ciphers)
#endif /* TESTS_API_TEST_TLS_H */
+8
View File
@@ -590,6 +590,8 @@ int test_tls13_apis(void)
#endif
ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, -1),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
@@ -617,6 +619,8 @@ int test_tls13_apis(void)
#endif
ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups,
WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, -1),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
@@ -648,6 +652,10 @@ int test_tls13_apis(void)
WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(wolfSSL_set1_groups(clientSsl, too_many_groups,
WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(wolfSSL_CTX_set1_groups(clientCtx, NULL, 1),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(wolfSSL_set1_groups(clientSsl, NULL, 1),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12