Use uml for hostap tests

Remove tests that fail with openssl

.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests

@@ -191,13 +191,7 @@ ap_wpa2_psk_supp_proto_no_gtk_in_group_msg
 ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg
 ap_wpa2_psk_supp_proto_too_long_gtk_kde
 ap_wpa2_psk_supp_proto_gtk_not_encrypted
-ap_wpa2_psk_supp_proto_no_igtk
-ap_wpa2_psk_supp_proto_igtk_ok
-ap_wpa2_psk_supp_proto_igtk_keyid_swap
-ap_wpa2_psk_supp_proto_igtk_keyid_too_large
-ap_wpa2_psk_supp_proto_igtk_keyid_unexpected
 ap_wpa2_psk_wep
-ap_wpa2_psk_ifdown
 ap_wpa2_psk_drop_first_msg_4
 ap_wpa2_psk_disable_enable
 ap_wpa2_psk_incorrect_passphrase
@@ -210,10 +204,7 @@ ap_wpa2_disable_eapol_retry
 ap_wpa2_disable_eapol_retry_group
 ap_wpa2_psk_mic_0
 ap_wpa2_psk_local_error
-ap_wpa2_psk_inject_assoc
-ap_wpa2_psk_no_control_port
 ap_wpa2_psk_ap_control_port
-ap_wpa2_psk_ap_control_port_disabled
 ap_wpa2_psk_rsne_mismatch_ap
 ap_wpa2_psk_rsne_mismatch_ap2
 ap_wpa2_psk_rsne_mismatch_ap3
@@ -253,10 +244,8 @@ ap_wpa2_eap_aka_sql
 ap_wpa2_eap_aka_config
 ap_wpa2_eap_aka_ext
 ap_wpa2_eap_aka_ext_auth_fail
-ap_wpa2_eap_aka_prime
 ap_wpa2_eap_aka_prime_imsi_identity
 ap_wpa2_eap_aka_prime_imsi_privacy_key
-ap_wpa2_eap_aka_prime_sql
 ap_wpa2_eap_aka_prime_ext_auth_fail
 ap_wpa2_eap_aka_prime_ext
 ap_wpa2_eap_ttls_pap
@@ -416,19 +405,6 @@ ap_wpa2_radius_server_get_id
 ap_wpa2_eap_tls_tod
 ap_wpa2_eap_tls_tod_tofu
 ap_wpa2_eap_sake_no_control_port
-ap_wpa2_tdls
-ap_wpa2_tdls_concurrent_init
-ap_wpa2_tdls_concurrent_init2
-ap_wpa2_tdls_decline_resp
-ap_wpa2_tdls_long_lifetime
-ap_wpa2_tdls_long_frame
-ap_wpa2_tdls_reneg
-ap_wpa2_tdls_wrong_lifetime_resp
-ap_wpa2_tdls_diff_rsnie
-ap_wpa2_tdls_wrong_tpk_m2_mic
-ap_wpa2_tdls_wrong_tpk_m3_mic
-ap_wpa2_tdls_double_tpk_m2
-ap_wpa2_tdls_responder_teardown
 dpp_network_intro_version
 dpp_network_intro_version_change
 dpp_network_intro_version_missing_req
@@ -459,12 +435,9 @@ dpp_qr_code_curves
 dpp_qr_code_curves_brainpool
 dpp_qr_code_unsupported_curve
 dpp_qr_code_keygen_fail
-dpp_qr_code_curve_select
 dpp_qr_code_auth_broadcast
-dpp_configurator_enrollee
 dpp_configurator_enrollee_prime256v1
 dpp_configurator_enrollee_secp384r1
-dpp_configurator_enrollee_secp521r1
 dpp_configurator_enrollee_brainpoolP256r1
 dpp_configurator_enrollee_brainpoolP384r1
 dpp_configurator_enrollee_brainpoolP512r1
@@ -477,7 +450,6 @@ dpp_qr_code_curve_brainpoolP384r1
 dpp_qr_code_curve_brainpoolP512r1
 dpp_qr_code_set_key
 dpp_qr_code_auth_mutual
-dpp_qr_code_auth_mutual2
 dpp_qr_code_auth_mutual_p_256
 dpp_qr_code_auth_mutual_p_384
 dpp_qr_code_auth_mutual_p_521
@@ -514,13 +486,11 @@ dpp_config_no_signed_connector
 dpp_config_unexpected_signed_connector_char
 dpp_config_root_not_an_object
 dpp_config_no_wi_fi_tech
-dpp_config_unsupported_wi_fi_tech
 dpp_config_no_discovery
 dpp_config_no_discovery_ssid
 dpp_config_too_long_discovery_ssid
 dpp_config_no_cred
 dpp_config_no_cred_akm
-dpp_config_unsupported_cred_akm
 dpp_config_error_legacy_no_pass
 dpp_config_error_legacy_too_long_pass
 dpp_config_error_legacy_psk_with_sae
@@ -531,13 +501,10 @@ dpp_config_connector_error_ext_sign
 dpp_config_connector_error_too_short_timestamp
 dpp_config_connector_error_invalid_timestamp
 dpp_config_connector_error_invalid_timestamp_date
-dpp_config_connector_error_invalid_time_zone
-dpp_config_connector_error_invalid_time_zone_2
 dpp_config_connector_error_expired_1
 dpp_config_connector_error_expired_2
 dpp_config_connector_error_expired_3
 dpp_config_connector_error_expired_4
-dpp_config_connector_error_expired_5
 dpp_config_connector_error_expired_6
 dpp_config_connector_error_no_groups
 dpp_config_connector_error_empty_groups
@@ -565,13 +532,6 @@ dpp_ap_config_p256_bp256
 dpp_ap_config_bp256_p256
 dpp_ap_config_p521_bp512
 dpp_ap_config_reconfig_configurator
-dpp_auto_connect_1
-dpp_auto_connect_2
-dpp_auto_connect_2_connect_cmd
-dpp_auto_connect_2_sta_ver1
-dpp_auto_connect_2_ap_ver1
-dpp_auto_connect_2_ver1
-dpp_auto_connect_2_conf_ver1
 dpp_auto_connect_legacy
 dpp_auto_connect_legacy_ssid_charset
 dpp_auto_connect_legacy_sae_1
@@ -580,13 +540,6 @@ dpp_auto_connect_legacy_psk_sae_1
 dpp_auto_connect_legacy_psk_sae_2
 dpp_auto_connect_legacy_psk_sae_3
 dpp_auto_connect_legacy_pmf_required
-dpp_qr_code_auth_responder_configurator
-dpp_qr_code_auth_responder_configurator_group_id
-dpp_qr_code_auth_enrollee_init_netrole
-dpp_qr_code_hostapd_init
-dpp_qr_code_hostapd_init_offchannel
-dpp_qr_code_hostapd_init_offchannel_neg_freq
-dpp_qr_code_hostapd_ignore_mismatch
 dpp_test_vector_p_256
 dpp_test_vector_p_256_b
 dpp_test_vector_p_521
@@ -603,7 +556,6 @@ dpp_pkex_no_identifier
 dpp_pkex_identifier_mismatch
 dpp_pkex_identifier_mismatch2
 dpp_pkex_identifier_mismatch3
-dpp_pkex_5ghz
 dpp_pkex_test_vector
 dpp_pkex_code_mismatch
 dpp_pkex_code_mismatch_limit
@@ -625,7 +577,6 @@ dpp_pkex_hostapd_errors
 dpp_pkex_nak_curve_change
 dpp_pkex_nak_curve_change2
 dpp_hostapd_configurator
-dpp_hostapd_configurator_enrollee_v1
 dpp_hostapd_configurator_responder
 dpp_hostapd_configurator_fragmentation
 dpp_hostapd_enrollee_fragmentation
@@ -650,7 +601,6 @@ dpp_proto_stop_at_pkex_cr_req
 dpp_proto_stop_at_pkex_cr_resp
 dpp_proto_network_introduction
 dpp_hostapd_auth_conf_timeout
-dpp_hostapd_auth_resp_retries
 dpp_tcp
 dpp_tcp_port
 dpp_tcp_mutual
@@ -702,6 +652,5 @@ dpp_qr_code_config_event_initiator_failure
 dpp_qr_code_config_event_initiator_no_response
 dpp_qr_code_config_event_initiator_both
 dpp_tcp_qr_code_config_event_initiator
-dpp_qr_code_config_event_responder
 dpp_discard_public_action
 

.github/workflows/hostap-files/configs/hostap_2_10/extra.patch

@@ -0,0 +1,47 @@
+From a53a6a67dc121b45d611318e2a37815cc209839c Mon Sep 17 00:00:00 2001
+From: Juliusz Sosinowicz <juliusz@wolfssl.com>
+Date: Fri, 19 Apr 2024 16:41:38 +0200
+Subject: [PATCH] Fixes for running tests under UML
+
+- Apply commit ID fix from more recent commit
+- priv_sz and pub_sz are checked and fail on UML. Probably because stack is zeroed out.
+---
+ src/crypto/crypto_wolfssl.c | 2 +-
+ tests/hwsim/run-all.sh      | 8 +++++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
+index 00ecf61352..a57fa50697 100644
+--- a/src/crypto/crypto_wolfssl.c
++++ b/src/crypto/crypto_wolfssl.c
+@@ -785,7 +785,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
+ 	int ret = -1;
+ 	WC_RNG rng;
+ 	DhKey *dh = NULL;
+-	word32 priv_sz, pub_sz;
++	word32 priv_sz = prime_len, pub_sz = prime_len;
+ 
+ 	if (TEST_FAIL())
+ 		return -1;
+diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh
+index ee48cd0581..75c3a58b52 100755
+--- a/tests/hwsim/run-all.sh
++++ b/tests/hwsim/run-all.sh
+@@ -15,7 +15,13 @@ export LOGDIR
+ if [ -z "$DBFILE" ]; then
+     DB=""
+ else
+-    DB="-S $DBFILE --commit $(git rev-parse HEAD)"
++    DB="-S $DBFILE"
++    if [ -z "$COMMITID" ]; then
++	COMMITID="$(git rev-parse HEAD)"
++    fi
++    if [ -n "$COMMITID" ]; then
++	DB="$DB --commit $COMMITID"
++    fi
+     if [ -n "$BUILD" ]; then
+ 	DB="$DB -b $BUILD"
+     fi
+-- 
+2.34.1
+

.github/workflows/hostap-files/configs/hostap_2_10/tests

@@ -163,7 +163,6 @@ ap_wpa2_disable_eapol_retry_group
 ap_wpa2_psk_mic_0
 ap_wpa2_psk_local_error
 ap_wpa2_psk_inject_assoc
-ap_wpa2_psk_no_control_port
 ap_wpa2_psk_ap_control_port
 ap_wpa2_psk_ap_control_port_disabled
 ap_wpa2_psk_rsne_mismatch_ap
@@ -269,16 +268,3 @@ ap_wpa2_eap_psk_mac_addr_change
 ap_wpa2_eap_server_get_id
 ap_wpa2_radius_server_get_id
 ap_wpa2_eap_sake_no_control_port
-ap_wpa2_tdls
-ap_wpa2_tdls_concurrent_init
-ap_wpa2_tdls_concurrent_init2
-ap_wpa2_tdls_decline_resp
-ap_wpa2_tdls_long_lifetime
-ap_wpa2_tdls_long_frame
-ap_wpa2_tdls_reneg
-ap_wpa2_tdls_wrong_lifetime_resp
-ap_wpa2_tdls_diff_rsnie
-ap_wpa2_tdls_wrong_tpk_m2_mic
-ap_wpa2_tdls_wrong_tpk_m3_mic
-ap_wpa2_tdls_double_tpk_m2
-ap_wpa2_tdls_responder_teardown

.github/workflows/hostap-vm.yml

@@ -0,0 +1,303 @@
+name: hostap and wpa-supplicant Tests
+
+on:
+  workflow_call:
+
+env:
+  LINUX_REF: v6.6
+
+jobs:
+  build_wolfssl:
+    strategy:
+      matrix:
+        include:
+          - build_id: hostap-vm-build1
+            wolf_extra_config: --disable-tls13
+          - build_id: hostap-vm-build2
+            wolf_extra_config: >-
+              --enable-wpas-dpp --enable-brainpool --with-eccminsz=192 
+              --enable-tlsv10 --enable-oldtls
+         # - build_id: hostap-vm-build3
+         #   wolf_extra_config: >-
+         #     --enable-wpas-dpp --enable-brainpool --with-eccminsz=192 
+         #     --enable-tlsv10 --enable-oldtls
+    name: Build wolfSSL
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - if: ${{ runner.debug }}
+        name: Enable wolfSSL debug logging
+        run: |
+          echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-wpas CPPFLAGS=-DWOLFSSL_STATIC_RSA
+            ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.build_id }}
+          path: build-dir
+          retention-days: 5
+
+  build_uml_linux:
+    name: Build UML (UserMode Linux)
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Checking if we have kernel in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: linux/linux
+          key: ${{ env.LINUX_REF }}
+          lookup-only: true
+
+      - name: Checkout hostap
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: julek-wolfssl/hostap-mirror
+          path: hostap
+
+      - name: Checkout linux
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: torvalds/linux 
+          path: linux
+
+      - name: Compile linux
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config
+          cd linux
+          yes "" | ARCH=um make -j $(nproc)
+
+  hostap_test:
+    strategy:
+      fail-fast: false
+      matrix:
+        # should hostapd be compiled with wolfssl
+        hostapd: [true, false]
+        # should wpa_supplicant be compiled with wolfssl
+        wpa_supplicant: [true, false]
+        # Fix the versions of hostap and osp to not break testing when a new
+        # patch is added in to osp. Tests are read from the corresponding
+        # configs/hostap_ref/tests file.
+        config: [
+          {
+            hostap_ref: hostap_2_10,
+            remove_teap: true,
+            # TLS 1.3 does not work for this version
+            build_id: hostap-vm-build1,
+          },
+          # Test the dpp patch
+          {
+            hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+            osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+            build_id: hostap-vm-build2
+          },
+        ]
+        exclude:
+          # don't test openssl on both sides
+          - hostapd: false
+            wpa_supplicant: false
+          # no hostapd support for dpp yet
+          - hostapd: true
+            config: {
+              hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+              osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+              build_id: hostap-vm-build2
+            }
+    name: hwsim test
+    # For openssl 1.1
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 12
+    needs: [build_wolfssl, build_uml_linux]
+    steps:
+      - name: Checking if we have kernel in cache
+        uses: actions/cache/restore@v4
+        id: cache
+        with:
+          path: linux/linux
+          key: ${{ env.LINUX_REF }}
+          fail-on-cache-miss: true
+
+      - name: show file structure
+        run: tree
+
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - name: Print computed job run ID
+        run: |
+          SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
+          ${{ toJSON(github) }}
+          END_OF_HEREDOC
+          )
+          echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
+          echo Our job run ID is $SHA_SUM
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ matrix.config.build_id }}
+          path: build-dir
+
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
+            libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
+            libnl-route-3-dev libdbus-1-dev bridge-utils tshark
+          sudo pip3 install pycryptodome
+
+      - name: Checkout hostap
+        uses: actions/checkout@v4
+        with:
+          repository: julek-wolfssl/hostap-mirror 
+          path: hostap
+          ref: ${{ matrix.config.hostap_ref }}
+
+      - name: Update certs
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: ./update.sh
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+          ref: ${{ matrix.config.osp_ref }}
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Apply patch files
+        working-directory: hostap
+        run: |
+          for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
+          do
+            patch -p1 < $f
+          done
+
+      - name: Apply extra patches
+        working-directory: hostap
+        run: |
+          FILE=$GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/extra.patch
+          if [ -f "$FILE" ]; then
+            patch -p1 < $FILE
+          fi
+
+      - if: ${{ matrix.hostapd }}
+        name: Setup hostapd config file 
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
+             hostap/hostapd/.config
+          cat <<EOF >> hostap/hostapd/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Setup wpa_supplicant config file 
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
+             hostap/wpa_supplicant/.config
+          cat <<EOF >> hostap/wpa_supplicant/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - name: Build hostap and wpa_supplicant
+        working-directory: hostap/tests/hwsim/
+        run: ./build.sh
+
+      - if: ${{ matrix.hostapd }}
+        name: Confirm hostapd linking with wolfSSL
+        run: ldd hostap/hostapd/hostapd | grep wolfssl
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Confirm wpa_supplicant linking with wolfSSL
+        run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
+
+      - if: ${{ matrix.config.remove_teap }}
+        name: Remove EAP-TEAP from test configuration
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: |
+          sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
+          sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
+          sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
+          sed -e 's/TEAP,//' -i eap_user.conf
+
+      - if: ${{ runner.debug }}
+        name: Enable hostap debug logging
+        run: |
+          echo "hostap_debug_flags=--debug" >> $GITHUB_ENV
+
+      - name: Run tests
+        id: testing
+        working-directory: hostap/tests/hwsim/
+        run: |
+          cat <<EOF >> vm/vm-config
+            KERNELDIR=$GITHUB_WORKSPACE/linux
+            KVMARGS="-cpu host"
+          EOF
+          # Run tests in increments of 200 to not stall out the parallel-vm script
+          while mapfile -t -n 200 ary && ((${#ary[@]})); do
+            TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
+            HWSIM_RES=0 # Not set when command succeeds
+            ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $TESTS  || HWSIM_RES=$?
+            if [ "$HWSIM_RES" -ne "0" ]; then
+              # Let's re-run the failing tests. We gather the failed tests from the log file.
+              FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ')
+              printf 'failed tests: %s\n' "$FAILED_TESTS"
+              ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $FAILED_TESTS
+            fi
+            rm -r /tmp/hwsim-test-logs
+          done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
+
+      # The logs are quite big. It hasn't been useful so far so let's not waste
+      # precious gh space.
+      #- name: zip logs
+      #  if: ${{ failure() && steps.testing.outcome == 'failure' }}
+      #  working-directory: hostap/tests/hwsim/
+      #  run: |
+      #    rm /tmp/hwsim-test-logs/latest
+      #    zip -9 -r logs.zip /tmp/hwsim-test-logs
+      #
+      #- name: Upload failure logs
+      #  if: ${{ failure() && steps.testing.outcome == 'failure' }}
+      #  uses: actions/upload-artifact@v4
+      #  with:
+      #    name: hostap-logs-${{ env.our_job_run_id }}
+      #    path: hostap/tests/hwsim/logs.zip
+      #    retention-days: 5

src/tls.c

@@ -319,7 +319,9 @@ int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count)
     if (!IsTLS_ex(ctx->method->version))
         return BAD_FUNC_ARG;
 
+    #ifdef WOLFSSL_TLS13
     ctx->numGroups = 0;
+    #endif
     #if !defined(NO_TLS)
     TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap);
     #endif /* !NO_TLS */
@@ -333,9 +335,13 @@ int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count)
     #endif /* !NO_TLS */
             return ret;
         }
+        #ifdef WOLFSSL_TLS13
         ctx->group[i] = (word16)groups[i];
+        #endif
     }
+    #ifdef WOLFSSL_TLS13
     ctx->numGroups = (byte)count;
+    #endif
 
     return WOLFSSL_SUCCESS;
 }
@@ -358,7 +364,9 @@ int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count)
     if (!IsTLS_ex(ssl->version))
         return BAD_FUNC_ARG;
 
+    #ifdef WOLFSSL_TLS13
     ssl->numGroups = 0;
+    #endif
     #if !defined(NO_TLS)
     TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap);
     #endif /* !NO_TLS */
@@ -372,9 +380,13 @@ int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count)
     #endif /* !NO_TLS */
             return ret;
         }
+        #ifdef WOLFSSL_TLS13
         ssl->group[i] = (word16)groups[i];
+        #endif
     }
+    #ifdef WOLFSSL_TLS13
     ssl->numGroups = (byte)count;
+    #endif
 
     return WOLFSSL_SUCCESS;
 }

tests/api.c

@@ -40475,7 +40475,8 @@ static int test_wolfSSL_set1_curves_list(void)
     return EXPECT_RESULT();
 }
 
-#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+        (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && defined(HAVE_ECC)
 static int test_wolfSSL_curves_mismatch_ctx_ready(WOLFSSL_CTX* ctx)
 {
     static int counter = 0;
@@ -40505,7 +40506,8 @@ static int test_wolfSSL_curves_mismatch_ctx_ready(WOLFSSL_CTX* ctx)
 static int test_wolfSSL_curves_mismatch(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+        (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && defined(HAVE_ECC)
     test_ssl_cbf func_cb_client;
     test_ssl_cbf func_cb_server;
     size_t i;
@@ -55515,7 +55517,7 @@ static int test_tls13_apis(void)
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
-        BAD_FUNC_ARG);
+        WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
         WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
@@ -55539,7 +55541,7 @@ static int test_tls13_apis(void)
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
-        BAD_FUNC_ARG);
+        WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups,
         WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
@@ -55566,7 +55568,7 @@ static int test_tls13_apis(void)
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
-        WOLFSSL_FAILURE);
+        WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList),
         WOLFSSL_SUCCESS);
@@ -55584,7 +55586,7 @@ static int test_tls13_apis(void)
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
-        WOLFSSL_FAILURE);
+        WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList),
         WOLFSSL_SUCCESS);