diff --git a/examples/client/client.c b/examples/client/client.c index fcab9d5f2..c87429b77 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -486,7 +486,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port, /* Measures throughput in kbps. Throughput = number of bytes */ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, int dtlsUDP, int dtlsSCTP, int block, size_t throughput, int useX25519, - int useX448) + int useX448, int exitWithRet) { double start, conn_time = 0, tx_time = 0, rx_time = 0; SOCKET_T sockfd; @@ -591,7 +591,10 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, } while (err == WC_PENDING_E); if (ret != len) { printf("SSL_write bench error %d!\n", err); - err_sys("SSL_write failed"); + if (!exitWithRet) + err_sys("SSL_write failed"); + ret = err; + goto doExit; } tx_time += current_time(0) - start; @@ -645,6 +648,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, else { err_sys("Client buffer malloc failed"); } +doExit: if(tx_buffer) XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); if(rx_buffer) XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -656,6 +660,9 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, wolfSSL_free(ssl); ssl = NULL; CloseSocket(sockfd); + if (exitWithRet) + return err; + #if !defined(__MINGW32__) printf("wolfSSL Client Benchmark %zu bytes\n" #else @@ -1595,6 +1602,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) StackTrap(); + /* Reinitialize the global myVerifyAction. */ + myVerifyAction = VERIFY_OVERRIDE_ERROR; + #ifndef WOLFSSL_VXWORKS /* Not used: All used */ while ((ch = mygetopt(argc, argv, "?:" @@ -2613,9 +2623,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (throughput) { ((func_args*)args)->return_code = ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP, - block, throughput, useX25519, useX448); + block, throughput, useX25519, useX448, + exitWithRet); wolfSSL_CTX_free(ctx); ctx = NULL; - XEXIT_T(EXIT_SUCCESS); + if (!exitWithRet) + XEXIT_T(EXIT_SUCCESS); + else + goto exit; } #if defined(WOLFSSL_MDK_ARM) diff --git a/examples/server/server.c b/examples/server/server.c index c575f2f88..5394c1681 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -381,6 +381,8 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, err_sys_ex(runWithErrors, "SSL_read failed"); break; } + if (err == WOLFSSL_ERROR_ZERO_RETURN) + return WOLFSSL_ERROR_ZERO_RETURN; } else { rx_pos += ret; @@ -438,7 +440,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, ); } - return EXIT_SUCCESS; + return 0; } static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) @@ -1097,6 +1099,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef WOLFSSL_VXWORKS useAnyAddr = 1; #else + + /* Reinitialize the global myVerifyAction. */ + myVerifyAction = VERIFY_OVERRIDE_ERROR; + /* Not Used: h, z, F, T, V, W, X */ while ((ch = mygetopt(argc, argv, "?:" "abc:defgijk:l:mnop:q:rstuv:wxy" @@ -2446,7 +2452,15 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif } else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) { - ServerEchoData(ssl, clientfd, echoData, block, throughput); + err = ServerEchoData(ssl, clientfd, echoData, block, throughput); + if (err != 0) { + SSL_free(ssl); ssl = NULL; + SSL_CTX_free(ctx); ctx = NULL; + CloseSocket(clientfd); + CloseSocket(sockfd); + ((func_args*)args)->return_code = err; + goto exit; + } } #if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX) diff --git a/tests/include.am b/tests/include.am index 07230abf3..1ef0a7cdf 100644 --- a/tests/include.am +++ b/tests/include.am @@ -31,6 +31,7 @@ EXTRA_DIST += tests/test.conf \ tests/test-psk-no-id.conf \ tests/test-psk-no-id-sha2.conf \ tests/test-dtls.conf \ + tests/test-dtls-fails.conf \ tests/test-dtls-group.conf \ tests/test-dtls-reneg-client.conf \ tests/test-dtls-reneg-server.conf \ diff --git a/tests/suites.c b/tests/suites.c index d4e4107af..72ae8fddf 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -455,6 +455,7 @@ static int execute_test_case(int svr_argc, char** svr_argv, return NOT_BUILT_IN; } printf("trying client command line[%d]: %s\n", tests, commandLine); + tests++; /* determine based on args if this test is expected to fail */ if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) { @@ -881,6 +882,20 @@ int SuiteTest(int argc, char** argv) goto exit; } #endif +#ifndef WOLFSSL_NO_DTLS_SIZE_CHECK + /* failure tests */ + args.argc = 3; + strcpy(argv0[1], "tests/test-dtls-fails.conf"); + strcpy(argv0[2], "expFail"); /* tests are expected to fail */ + printf("starting dtls tests that expect failure\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + strcpy(argv0[2], ""); +#endif #endif #ifdef WOLFSSL_SCTP /* add dtls-sctp extra suites */ @@ -1038,7 +1053,7 @@ int SuiteTest(int argc, char** argv) args.argc = 3; strcpy(argv0[1], "tests/test-dhprime.conf"); strcpy(argv0[2], "doDH"); /* add DH prime flag */ - printf("starting tests that expect failure\n"); + printf("starting dh prime tests\n"); test_harness(&args); if (args.return_code != 0) { printf("error from script %d\n", args.return_code); diff --git a/tests/test-dtls-fails.conf b/tests/test-dtls-fails.conf new file mode 100644 index 000000000..07492f2f7 --- /dev/null +++ b/tests/test-dtls-fails.conf @@ -0,0 +1,16 @@ +# DTLS test +# server DTLSv1.2 too big test +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem +-u +-B 9000 + +# client DTLSv1.2 too big test +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-A ./certs/ca-ecc-cert.pem +-u +-B 9000 + diff --git a/tests/test-fails.conf b/tests/test-fails.conf index d1dd44417..40afb54e0 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -114,6 +114,7 @@ # server -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-H verifyFail # client verify should fail -v 3 @@ -128,10 +129,12 @@ # client -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 +-H verifyFail # server -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 +-H verifyFail # client verify should fail -v 3 @@ -146,6 +149,7 @@ # client -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 +-H verifyFail # error going into callback, return error # server @@ -153,6 +157,7 @@ -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem -k ./certs/server-key.pem +-H verifyFail # client verify should fail -v 3 @@ -164,6 +169,7 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem -k ./certs/ecc-key.pem +-H verifyFail # client verify should fail -v 3 @@ -173,10 +179,12 @@ # server send alert on no mutual authentication -v 3 -F +-H verifyFail # client send alert on no mutual authentication -v 3 -x +-H verifyFail # server TLSv1.3 fail on no client certificate # server always sets WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT unless using -d @@ -187,4 +195,3 @@ -v 4 -l TLS13-AES128-GCM-SHA256 -x -