wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-04-08 18:31:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1582 from SparkiDev/tls13_only

Browse Source 
Allow TLS 1.2 to be compiled out.
This commit is contained in:
toddouska
2018-05-29 13:26:54 -07:00
committed by GitHub
parent 92dd231c27 ba8e441e53
commit 2cf853d1f1
21 changed files with 843 additions and 606 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
tests/api.c
View File

@@ -467,11 +467,26 @@ static void test_wolfSSL_Method_Allocators(void)
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method);
#endif
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method);
#endif
#endif
#ifdef WOLFSSL_TLS13
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method);
#endif
#endif
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method);
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method);
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method);
#endif
#ifdef WOLFSSL_DTLS
@@ -903,12 +918,18 @@ static int test_wolfSSL_SetMinVersion(void)
#ifndef NO_OLD_TLS
const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2};
#else
#elif !defined(WOLFSSL_NO_TLS12)
const int versions[] = { WOLFSSL_TLSV1_2 };
#else
const int versions[] = { WOLFSSL_TLSV1_3 };
#endif
AssertTrue(wolfSSL_Init());
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
#endif
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_SetMinVersion()");
@@ -2950,7 +2971,11 @@ static void test_wolfSSL_PKCS8(void)
/* Note that wolfSSL_Init() or wolfCrypt_Init() has been called before these
* function calls */
#ifndef WOLFSSL_NO_TLS12
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
#endif
wolfSSL_CTX_set_default_passwd_cb(ctx, &PKCS8TestCallBack);
wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
@@ -3037,14 +3062,20 @@ static int test_wolfSSL_CTX_SetMinVersion(void)
#ifndef NO_OLD_TLS
const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2 };
#else
#elif !defined(WOLFSSL_NO_TLS12)
const int versions[] = { WOLFSSL_TLSV1_2 };
#elif defined(WOLFSSL_TLS13)
const int versions[] = { WOLFSSL_TLSV1_3 };
#endif
failFlag = WOLFSSL_SUCCESS;
AssertTrue(wolfSSL_Init());
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
#endif
printf(testingFmt, "wolfSSL_CTX_SetMinVersion()");
@@ -3083,7 +3114,11 @@ static int test_wolfSSL_UseOCSPStapling(void)
WOLFSSL* ssl;
wolfSSL_Init();
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
#endif
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStapling()");
@@ -3123,7 +3158,11 @@ static int test_wolfSSL_UseOCSPStaplingV2 (void)
WOLFSSL* ssl;
wolfSSL_Init();
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
#endif
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()");
@@ -15682,7 +15721,11 @@ static void test_wolfSSL_PEM_PrivateKey(void)
SSL_CTX* ctx;
char passwd[] = "bad password";
#ifndef WOLFSSL_NO_TLS12
AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method()));
#endif
AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
@@ -15719,7 +15762,11 @@ static void test_wolfSSL_PEM_PrivateKey(void)
XFILE f;
SSL_CTX* ctx;
#ifndef WOLFSSL_NO_TLS12
AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method()));
#endif
AssertNotNull(f = XFOPEN("./certs/ecc-key.der", "rb"));
bytes = XFREAD(buf, 1, sizeof(buf), f);
@@ -16021,7 +16068,8 @@ static void test_wolfSSL_ERR_peek_last_error_line(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
!defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES)
!defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \
defined(HAVE_IO_TESTS_DEPENDENCIES)
tcp_ready ready;
func_args client_args;
func_args server_args;
@@ -16577,7 +16625,7 @@ static void msg_cb(int write_p, int version, int content_type,
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
!defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES)
defined(HAVE_IO_TESTS_DEPENDENCIES)
#ifndef SINGLE_THREADED
static int msgCb(SSL_CTX *ctx, SSL *ssl)
{
@@ -16597,7 +16645,7 @@ static void test_wolfSSL_msgCb(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
!defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES)
defined(HAVE_IO_TESTS_DEPENDENCIES)
tcp_ready ready;
func_args client_args;
@@ -16622,8 +16670,13 @@ static void test_wolfSSL_msgCb(void)
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
#ifndef WOLFSSL_NO_TLS12
client_cb.method = wolfTLSv1_2_client_method;
server_cb.method = wolfTLSv1_2_server_method;
#else
client_cb.method = wolfTLSv1_3_client_method;
server_cb.method = wolfTLSv1_3_server_method;
#endif
server_args.signal = &ready;
server_args.callbacks = &server_cb;
@@ -18696,10 +18749,12 @@ static char earlyDataBuffer[1];
static int test_tls13_apis(void)
{
int ret = 0;
#ifndef WOLFSSL_NO_TLS12
WOLFSSL_CTX* clientTls12Ctx;
WOLFSSL* clientTls12Ssl;
WOLFSSL_CTX* serverTls12Ctx;
WOLFSSL* serverTls12Ssl;
#endif
WOLFSSL_CTX* clientCtx;
WOLFSSL* clientSsl;
WOLFSSL_CTX* serverCtx;
@@ -18714,6 +18769,7 @@ static int test_tls13_apis(void)
int groups[1] = { WOLFSSL_ECC_X25519 };
int numGroups = 1;
#ifndef WOLFSSL_NO_TLS12
clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
clientTls12Ssl = wolfSSL_new(clientTls12Ctx);
serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
@@ -18722,6 +18778,7 @@ static int test_tls13_apis(void)
wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM);
#endif
serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
#endif
clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
clientSsl = wolfSSL_new(clientCtx);
@@ -18735,7 +18792,9 @@ static int test_tls13_apis(void)
#ifdef WOLFSSL_SEND_HRR_COOKIE
AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)),
@@ -18746,88 +18805,116 @@ static int test_tls13_apis(void)
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1),
WOLFSSL_SUCCESS);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
WOLFSSL_SUCCESS);
#elif defined(HAVE_CURVE25519)
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
WOLFSSL_SUCCESS);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
NOT_COMPILED_IN);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
NOT_COMPILED_IN);
#endif
AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR);
AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR);
#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR);
#endif
#ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR);
#endif
AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
WOLFSSL_MAX_GROUP_COUNT + 1),
BAD_FUNC_ARG);
@@ -18839,8 +18926,10 @@ static int test_tls13_apis(void)
AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_set_groups(clientSsl, groups,
WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
@@ -18851,13 +18940,17 @@ static int test_tls13_apis(void)
#ifdef WOLFSSL_EARLY_DATA
AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 0), 0);
AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 0), 0);
AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
@@ -18872,9 +18965,11 @@ static int test_tls13_apis(void)
AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
sizeof(earlyData), &outSz),
SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
sizeof(earlyData), &outSz),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
sizeof(earlyData), &outSz),
WOLFSSL_FATAL_ERROR);
@@ -18893,9 +18988,11 @@ static int test_tls13_apis(void)
AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
sizeof(earlyDataBuffer), &outSz),
SIDE_ERROR);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
sizeof(earlyDataBuffer), &outSz),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
sizeof(earlyDataBuffer), &outSz),
WOLFSSL_FATAL_ERROR);
@@ -18906,10 +19003,12 @@ static int test_tls13_apis(void)
wolfSSL_free(clientSsl);
wolfSSL_CTX_free(clientCtx);
#ifndef WOLFSSL_NO_TLS12
wolfSSL_free(serverTls12Ssl);
wolfSSL_CTX_free(serverTls12Ctx);
wolfSSL_free(clientTls12Ssl);
wolfSSL_CTX_free(clientTls12Ctx);
#endif
return ret;
}
@@ -19037,12 +19136,20 @@ static void test_DhCallbacks(void)
/* set callbacks to use DH functions */
func_cb_client.ctx_ready = &test_dh_ctx_setup;
func_cb_client.ssl_ready = &test_dh_ssl_setup;
#ifndef WOLFSSL_NO_TLS12
func_cb_client.method = wolfTLSv1_2_client_method;
#else
func_cb_client.method = wolfTLSv1_3_client_method;
#endif
client_args.callbacks = &func_cb_client;
func_cb_server.ctx_ready = &test_dh_ctx_setup;
func_cb_server.ssl_ready = &test_dh_ssl_setup;
#ifndef WOLFSSL_NO_TLS12
func_cb_server.method = wolfTLSv1_2_server_method;
#else
func_cb_server.method = wolfTLSv1_3_server_method;
#endif
server_args.callbacks = &func_cb_server;
start_thread(test_server_nofail, &server_args, &serverThread);
@@ -19084,12 +19191,20 @@ static void test_DhCallbacks(void)
/* set callbacks to use DH functions */
func_cb_client.ctx_ready = &test_dh_ctx_setup;
func_cb_client.ssl_ready = &test_dh_ssl_setup_fail;
#ifndef WOLFSSL_NO_TLS12
func_cb_client.method = wolfTLSv1_2_client_method;
#else
func_cb_client.method = wolfTLSv1_3_client_method;
#endif
client_args.callbacks = &func_cb_client;
func_cb_server.ctx_ready = &test_dh_ctx_setup;
func_cb_server.ssl_ready = &test_dh_ssl_setup_fail;
#ifndef WOLFSSL_NO_TLS12
func_cb_server.method = wolfTLSv1_2_server_method;
#else
func_cb_server.method = wolfTLSv1_3_server_method;
#endif
server_args.callbacks = &func_cb_server;
start_thread(test_server_nofail, &server_args, &serverThread);

3
tests/include.am
View File

@@ -21,8 +21,11 @@ endif
EXTRA_DIST += tests/unit.h
EXTRA_DIST += tests/test.conf \
tests/test-tls13.conf \
tests/test-tls13-down.conf \
tests/test-tls13-ecc.conf \
tests/test-tls13-psk.conf \
tests/test-qsh.conf \
tests/test-psk.conf \
tests/test-psk-no-id.conf \
tests/test-dtls.conf \
tests/test-sctp.conf \

31
tests/suites.c
View File

@@ -576,7 +576,7 @@ int SuiteTest(void)
(void)test_harness;
cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method());
if (cipherSuiteCtx == NULL) {
printf("can't get cipher suite ctx\n");
exit(EXIT_FAILURE);
@@ -634,6 +634,16 @@ int SuiteTest(void)
exit(EXIT_FAILURE);
}
#endif
#ifndef WOLFSSL_NO_TLS12
/* add TLSv13 downgrade tets */
strcpy(argv0[1], "tests/test-tls13-down.conf");
printf("starting TLSv13 Downgrade extra tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#if defined(HAVE_CURVE25519) && defined(HAVE_ED25519)
/* add ED25519 certificate cipher suite tests */
@@ -692,15 +702,28 @@ int SuiteTest(void)
}
#endif
#ifndef NO_PSK
/* add psk extra suites */
strcpy(argv0[1], "tests/test-psk-no-id.conf");
printf("starting psk no identity extra cipher suite tests\n");
#ifndef WOLFSSL_NO_TLS12
/* add psk cipher suites */
strcpy(argv0[1], "tests/test-psk.conf");
printf("starting psk cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifdef WOLFSSL_TLS13
/* add psk extra suites */
strcpy(argv0[1], "tests/test-tls13-psk.conf");
printf("starting TLS 1.3 psk no identity extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#endif
#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3)
/* test encrypted keys */

15
tests/test-psk.conf Normal file
View File

@@ -0,0 +1,15 @@
# server - standard PSK
-j
-l PSK-CHACHA20-POLY1305
# client- standard PSK
-s
-l PSK-CHACHA20-POLY1305
# server
-j
-l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305
# client
-l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305

43
tests/test-tls13-down.conf Normal file
View File

@@ -0,0 +1,43 @@
# server TLSv1.3 downgrade
-v d
-l TLS13-CHACHA20-POLY1305-SHA256
# client TLSv1.2
-v 3
# server TLSv1.2
-v 3
# client TLSv1.3 downgrade
-v d
# server TLSv1.3 downgrade
-v d
# client TLSv1.3 downgrade
-v d
# server TLSv1.3 downgrade but don't and resume
-v d
-r
# client TLSv1.3 downgrade but don't and resume
-v d
-r
# server TLSv1.3 downgrade and resume
-v d
-r
# client TLSv1.2 and resume
-v 3
-r
# server TLSv1.2 and resume
-v d
-r
# lcient TLSv1.3 downgrade and resume
-v 3
-r

31
tests/test-tls13-psk.conf Normal file
View File

@@ -0,0 +1,31 @@
# server TLSv1.3 PSK
-v 4
-s
-l TLS13-AES128-GCM-SHA256
-d
# client TLSv1.3 PSK
-v 4
-s
-l TLS13-AES128-GCM-SHA256
# server TLSv1.3 PSK
-v 4
-j
-l TLS13-AES128-GCM-SHA256
-d
# client TLSv1.3 PSK
-v 4
-s
-l TLS13-AES128-GCM-SHA256
# server TLSv1.3 PSK
-v 4
-j
-l TLS13-AES128-GCM-SHA256
-d
# client TLSv1.3 not-PSK
-v 4
-l TLS13-AES128-GCM-SHA256

122
tests/test-tls13.conf
View File

@@ -38,6 +38,37 @@
-v 4
-l TLS13-AES128-CCM-8-SHA256
# server TLSv1.3 resumption
-v 4
-l TLS13-AES128-GCM-SHA256
-r
# client TLSv1.3 resumption
-v 4
-l TLS13-AES128-GCM-SHA256
-r
# server TLSv1.3 resumption - SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-r
# client TLSv1.3 resumption - SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-r
# server TLSv1.3 PSK without (EC)DHE
-v 4
-l TLS13-AES128-GCM-SHA256
-r
# client TLSv1.3 PSK without (EC)DHE
-v 4
-l TLS13-AES128-GCM-SHA256
-r
-K
# server TLSv1.3 accepting EarlyData
-v 4
-l TLS13-AES128-GCM-SHA256
@@ -71,3 +102,94 @@
-v 4
-l TLS13-AES128-GCM-SHA256
-r
# server TLSv1.3
-v 4
-l TLS13-AES128-GCM-SHA256
# client TLSv1.3 Fragments
-v 4
-l TLS13-AES128-GCM-SHA256
-F 1
# server TLSv1.3
-v 4
-l TLS13-AES128-GCM-SHA256
# client TLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm
-v 4
-l TLS13-AES128-GCM-SHA256
-J
# server TLSv1.3
-v 4
-l TLS13-AES128-GCM-SHA256
-J
# client TLSv1.3 HelloRetryRequest with cookie
-v 4
-l TLS13-AES128-GCM-SHA256
-J
# server TLSv1.3
-v 4
-l TLS13-AES128-GCM-SHA256
# client TLSv1.3 no client certificate
-v 4
-l TLS13-AES128-GCM-SHA256
-x
# server TLSv1.3
-v 4
-l TLS13-AES128-GCM-SHA256
# client TLSv1.3 DH key exchange
-v 4
-l TLS13-AES128-GCM-SHA256
-y
# server TLSv1.3
-v 4
-l TLS13-AES128-GCM-SHA256
# client TLSv1.3 ECC key exchange
-v 4
-l TLS13-AES128-GCM-SHA256
-Y
# server TLSv1.3
-v 4
-l TLS13-AES128-GCM-SHA256
# client TLSv1.3 ECC key exchange
-v 4
-l TLS13-AES128-GCM-SHA256
-Y
# server TLSv1.3 multiple cipher suites
-v 4
-l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256
# client TLSv1.3
-v 4
# server TLSv1.3 KeyUpdate
-v 4
-l TLS13-AES128-GCM-SHA256
-U
# client TLSv1.3 KeyUpdate
-v 4
-l TLS13-AES128-GCM-SHA256
-I
# server TLSv1.3 Post-Handshake Authentication
-v 4
-l TLS13-AES128-GCM-SHA256
-Q
# client TLSv1.3 Post-Handshake Authentication
-v 4
-l TLS13-AES128-GCM-SHA256
-Q