deb/wolfssl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 3.13.0+dfsg

Browse Source
This commit is contained in:
Mario Fetka
2018-02-19 12:29:49 +01:00
parent 1893aafd38
commit e07619e148
472 changed files with 168552 additions and 31827 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8995
tests/api.c
View File

File diff suppressed because it is too large Load Diff

150
tests/hash.c
View File

@@ -1,6 +1,6 @@
/* hash.c has unit tests
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -254,8 +254,9 @@ int md4_test(void)
int md5_test(void)
{
Md5 md5;
byte hash[MD5_DIGEST_SIZE];
int ret;
wc_Md5 md5;
byte hash[WC_MD5_DIGEST_SIZE];
testVector a, b, c, d, e;
testVector test_md5[5];
@@ -299,13 +300,24 @@ int md5_test(void)
test_md5[3] = d;
test_md5[4] = e;
wc_InitMd5(&md5);
ret = wc_InitMd5(&md5);
if (ret) {
return ret;
}
for (i = 0; i < times; ++i) {
wc_Md5Update(&md5, (byte*)test_md5[i].input, (word32)test_md5[i].inLen);
wc_Md5Final(&md5, hash);
ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
(word32)test_md5[i].inLen);
if (ret) {
return ret;
}
if (XMEMCMP(hash, test_md5[i].output, MD5_DIGEST_SIZE) != 0)
ret = wc_Md5Final(&md5, hash);
if (ret) {
return ret;
}
if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0)
return -5 - i;
}
@@ -317,8 +329,8 @@ int md5_test(void)
#ifndef NO_SHA
int sha_test(void)
{
Sha sha;
byte hash[SHA_DIGEST_SIZE];
wc_Sha sha;
byte hash[WC_SHA_DIGEST_SIZE];
testVector a, b, c, d;
testVector test_sha[4];
@@ -365,7 +377,7 @@ int sha_test(void)
wc_ShaUpdate(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen);
wc_ShaFinal(&sha, hash);
if (XMEMCMP(hash, test_sha[i].output, SHA_DIGEST_SIZE) != 0)
if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0)
return -10 - i;
}
@@ -376,8 +388,8 @@ int sha_test(void)
#ifdef WOLFSSL_SHA224
int sha224_test(void)
{
Sha224 sha;
byte hash[SHA224_DIGEST_SIZE];
wc_Sha224 sha;
byte hash[WC_SHA224_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
@@ -388,13 +400,13 @@ int sha224_test(void)
a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
"\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
a.inLen = XSTRLEN(a.input);
a.outLen = SHA224_DIGEST_SIZE;
a.outLen = WC_SHA224_DIGEST_SIZE;
b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
b.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
"\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
b.inLen = XSTRLEN(b.input);
b.outLen = SHA224_DIGEST_SIZE;
b.outLen = WC_SHA224_DIGEST_SIZE;
test_sha[0] = a;
test_sha[1] = b;
@@ -411,7 +423,7 @@ int sha224_test(void)
if (ret != 0)
return ret;
if (XMEMCMP(hash, test_sha[i].output, SHA224_DIGEST_SIZE) != 0)
if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0)
return -10 - i;
}
@@ -422,8 +434,8 @@ int sha224_test(void)
#ifndef NO_SHA256
int sha256_test(void)
{
Sha256 sha;
byte hash[SHA256_DIGEST_SIZE];
wc_Sha256 sha;
byte hash[WC_SHA256_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
@@ -460,7 +472,7 @@ int sha256_test(void)
if (ret != 0)
return ret;
if (XMEMCMP(hash, test_sha[i].output, SHA256_DIGEST_SIZE) != 0)
if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
return -10 - i;
}
@@ -471,8 +483,8 @@ int sha256_test(void)
#ifdef WOLFSSL_SHA512
int sha512_test(void)
{
Sha512 sha;
byte hash[SHA512_DIGEST_SIZE];
wc_Sha512 sha;
byte hash[WC_SHA512_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
@@ -514,7 +526,7 @@ int sha512_test(void)
if (ret != 0)
return ret;
if (XMEMCMP(hash, test_sha[i].output, SHA512_DIGEST_SIZE) != 0)
if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
return -10 - i;
}
@@ -525,8 +537,8 @@ int sha512_test(void)
#ifdef WOLFSSL_SHA384
int sha384_test()
{
Sha384 sha;
byte hash[SHA384_DIGEST_SIZE];
wc_Sha384 sha;
byte hash[WC_SHA384_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
@@ -566,7 +578,7 @@ int sha384_test()
if (ret != 0)
return ret;
if (XMEMCMP(hash, test_sha[i].output, SHA384_DIGEST_SIZE) != 0)
if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0)
return -10 - i;
}
@@ -578,6 +590,7 @@ int sha384_test()
int ripemd_test(void)
{
RipeMd ripemd;
int ret;
byte hash[RIPEMD_DIGEST_SIZE];
testVector a, b, c, d;
@@ -614,12 +627,22 @@ int ripemd_test(void)
test_ripemd[2] = c;
test_ripemd[3] = d;
wc_InitRipeMd(&ripemd);
ret = wc_InitRipeMd(&ripemd);
if (ret) {
return ret;
}
for (i = 0; i < times; ++i) {
wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
(word32)test_ripemd[i].inLen);
wc_RipeMdFinal(&ripemd, hash);
ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
(word32)test_ripemd[i].inLen);
if (ret) {
return ret;
}
ret = wc_RipeMdFinal(&ripemd, hash);
if (ret) {
return ret;
}
if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
return -10 - i;
@@ -633,7 +656,7 @@ int ripemd_test(void)
int hmac_md5_test(void)
{
Hmac hmac;
byte hash[MD5_DIGEST_SIZE];
byte hash[WC_MD5_DIGEST_SIZE];
const char* keys[]=
{
@@ -673,12 +696,16 @@ int hmac_md5_test(void)
test_hmac[1] = b;
test_hmac[2] = c;
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return -20009;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = wc_HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)XSTRLEN(keys[i]));
ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i], (word32)XSTRLEN(keys[i]));
if (ret != 0)
return -4014;
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
@@ -689,10 +716,12 @@ int hmac_md5_test(void)
if (ret != 0)
return -4016;
if (XMEMCMP(hash, test_hmac[i].output, MD5_DIGEST_SIZE) != 0)
if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
return -20 - i;
}
wc_HmacFree(&hmac);
return 0;
}
#endif
@@ -701,7 +730,7 @@ int hmac_md5_test(void)
int hmac_sha_test(void)
{
Hmac hmac;
byte hash[SHA_DIGEST_SIZE];
byte hash[WC_SHA_DIGEST_SIZE];
const char* keys[]=
{
@@ -743,12 +772,16 @@ int hmac_sha_test(void)
test_hmac[1] = b;
test_hmac[2] = c;
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return -20009;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = wc_HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)XSTRLEN(keys[i]));
ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i], (word32)XSTRLEN(keys[i]));
if (ret != 0)
return -4017;
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
@@ -759,10 +792,12 @@ int hmac_sha_test(void)
if (ret != 0)
return -4019;
if (XMEMCMP(hash, test_hmac[i].output, SHA_DIGEST_SIZE) != 0)
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
return -20 - i;
}
wc_HmacFree(&hmac);
return 0;
}
#endif
@@ -771,7 +806,7 @@ int hmac_sha_test(void)
int hmac_sha224_test(void)
{
Hmac hmac;
byte hash[SHA224_DIGEST_SIZE];
byte hash[WC_SHA224_DIGEST_SIZE];
const char* keys[]=
{
@@ -792,13 +827,13 @@ int hmac_sha224_test(void)
a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
"\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
a.inLen = XSTRLEN(a.input);
a.outLen = SHA224_DIGEST_SIZE;
a.outLen = WC_SHA224_DIGEST_SIZE;
b.input = "what do ya want for nothing?";
b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
"\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
b.inLen = XSTRLEN(b.input);
b.outLen = SHA224_DIGEST_SIZE;
b.outLen = WC_SHA224_DIGEST_SIZE;
c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
@@ -807,18 +842,22 @@ int hmac_sha224_test(void)
c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
"\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
c.inLen = XSTRLEN(c.input);
c.outLen = SHA224_DIGEST_SIZE;
c.outLen = WC_SHA224_DIGEST_SIZE;
test_hmac[0] = a;
test_hmac[1] = b;
test_hmac[2] = c;
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return -20009;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* cavium can't handle short keys, fips not allowed */
#endif
ret = wc_HmacSetKey(&hmac, SHA224, (byte*)keys[i],(word32)XSTRLEN(keys[i]));
ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i],(word32)XSTRLEN(keys[i]));
if (ret != 0)
return -4021;
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
@@ -829,13 +868,12 @@ int hmac_sha224_test(void)
if (ret != 0)
return -4023;
if (XMEMCMP(hash, test_hmac[i].output, SHA224_DIGEST_SIZE) != 0)
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
return -20 - i;
#ifdef WOLFSSL_ASYNC_CRYPT
wc_HmacAsyncFree(&hmac);
#endif
}
wc_HmacFree(&hmac);
return 0;
}
#endif
@@ -845,7 +883,7 @@ int hmac_sha224_test(void)
int hmac_sha256_test(void)
{
Hmac hmac;
byte hash[SHA256_DIGEST_SIZE];
byte hash[WC_SHA256_DIGEST_SIZE];
const char* keys[]=
{
@@ -890,12 +928,17 @@ int hmac_sha256_test(void)
test_hmac[1] = b;
test_hmac[2] = c;
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return -20009;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = wc_HmacSetKey(&hmac,SHA256, (byte*)keys[i], (word32)XSTRLEN(keys[i]));
ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i],
(word32)XSTRLEN(keys[i]));
if (ret != 0)
return -4020;
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
@@ -906,10 +949,12 @@ int hmac_sha256_test(void)
if (ret != 0)
return -4022;
if (XMEMCMP(hash, test_hmac[i].output, SHA256_DIGEST_SIZE) != 0)
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
return -20 - i;
}
wc_HmacFree(&hmac);
return 0;
}
#endif
@@ -919,7 +964,7 @@ int hmac_sha256_test(void)
int hmac_sha384_test(void)
{
Hmac hmac;
byte hash[SHA384_DIGEST_SIZE];
byte hash[WC_SHA384_DIGEST_SIZE];
const char* keys[]=
{
@@ -967,12 +1012,17 @@ int hmac_sha384_test(void)
test_hmac[1] = b;
test_hmac[2] = c;
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return -20009;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = wc_HmacSetKey(&hmac,SHA384, (byte*)keys[i], (word32)XSTRLEN(keys[i]));
ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i],
(word32)XSTRLEN(keys[i]));
if (ret != 0)
return -4023;
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
@@ -983,10 +1033,12 @@ int hmac_sha384_test(void)
if (ret != 0)
return -4025;
if (XMEMCMP(hash, test_hmac[i].output, SHA384_DIGEST_SIZE) != 0)
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
return -20 - i;
}
wc_HmacFree(&hmac);
return 0;
}
#endif

5
tests/include.am
View File

@@ -20,9 +20,12 @@ tests_unit_test_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += tests/unit.h
EXTRA_DIST += tests/test.conf \
tests/test-tls13.conf \
tests/test-tls13-ecc.conf \
tests/test-qsh.conf \
tests/test-psk-no-id.conf \
tests/test-dtls.conf \
tests/test-sctp.conf \
tests/test-sig.conf
tests/test-sig.conf \
tests/test-ed25519.conf
DISTCLEANFILES+= tests/.libs/unit.test

10
tests/srp.c
View File

@@ -1,6 +1,6 @@
/* srp.c SRP unit tests
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -430,20 +430,20 @@ static void test_SrpGetProofAndVerify(void)
static int sha512_key_gen(Srp* srp, byte* secret, word32 size)
{
Sha512 hash;
wc_Sha512 hash;
int r;
srp->key = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_SRP);
srp->key = (byte*)XMALLOC(WC_SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_SRP);
if (srp->key == NULL)
return MEMORY_E;
srp->keySz = SHA512_DIGEST_SIZE;
srp->keySz = WC_SHA512_DIGEST_SIZE;
r = wc_InitSha512(&hash);
if (!r) r = wc_Sha512Update(&hash, secret, size);
if (!r) r = wc_Sha512Final(&hash, srp->key);
XMEMSET(&hash, 0, sizeof(Sha512));
XMEMSET(&hash, 0, sizeof(wc_Sha512));
return r;
}

350
tests/suites.c
View File

@@ -1,6 +1,6 @@
/* suites.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -35,16 +35,17 @@
#define MAX_ARGS 40
#define MAX_COMMAND_SZ 240
#define MAX_SUITE_SZ 80
#define MAX_SUITE_SZ 80
#define NOT_BUILT_IN -123
#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3)
#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) || \
!defined(WOLFSSL_ALLOW_TLSV10)
#define VERSION_TOO_OLD -124
#endif
#include "examples/client/client.h"
#include "examples/server/server.h"
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
static WOLFSSL_CTX* cipherSuiteCtx = NULL;
static char nonblockFlag[] = "-N";
static char noVerifyFlag[] = "-d";
@@ -54,51 +55,55 @@ static char flagSep[] = " ";
static char portFlag[] = "-p";
static char svrPort[] = "0";
#endif
static char forceDefCipherListFlag[] = "-HdefCipherList";
#ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID;
#endif
#ifdef VERSION_TOO_OLD
static int GetTlsVersion(const char* line)
{
int version = -1;
const char* find = "-v ";
const char* begin = strstr(line, find);
if (begin) {
begin += 3;
version = atoi(begin);
}
return version;
}
#ifndef WOLFSSL_ALLOW_SSLV3
/* if the protocol version is sslv3 return 1, else 0 */
static int IsSslVersion(const char* line)
{
const char* find = "-v ";
const char* begin = strstr(line, find);
if (begin) {
int version = -1;
begin += 3;
version = atoi(begin);
if (version == 0)
return 1;
}
return 0;
int version = GetTlsVersion(line);
return (version == 0) ? 1 : 0;
}
#endif /* !WOLFSSL_ALLOW_SSLV3 */
#ifndef WOLFSSL_ALLOW_TLSV10
/* if the protocol version is TLSv1.0 return 1, else 0 */
static int IsTls10Version(const char* line)
{
int version = GetTlsVersion(line);
return (version == 1) ? 1 : 0;
}
#endif /* !WOLFSSL_ALLOW_TLSV10 */
#ifdef NO_OLD_TLS
/* if the protocol version is less than tls 1.2 return 1, else 0 */
static int IsOldTlsVersion(const char* line)
{
const char* find = "-v ";
const char* begin = strstr(line, find);
if (begin) {
int version = -1;
begin += 3;
version = atoi(begin);
if (version < 3)
return 1;
}
return 0;
int version = GetTlsVersion(line);
return (version < 3) ? 1 : 0;
}
#endif /* NO_OLD_TLS */
#endif /* VERSION_TOO_OLD */
/* if the cipher suite on line is valid store in suite and return 1, else 0 */
@@ -138,13 +143,13 @@ static int IsValidCipherSuite(const char* line, char* suite)
#ifdef HAVE_QSH
if (XSTRNCMP(suite, "QSH", 3) == 0) {
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite + 4)
!= SSL_SUCCESS)
!= WOLFSSL_SUCCESS)
return 0;
}
#endif
if (found) {
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == SSL_SUCCESS)
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == WOLFSSL_SUCCESS)
valid = 1;
}
@@ -155,7 +160,8 @@ static int IsValidCipherSuite(const char* line, char* suite)
static int execute_test_case(int svr_argc, char** svr_argv,
int cli_argc, char** cli_argv,
int addNoVerify, int addNonBlocking,
int addDisableEMS)
int addDisableEMS, int forceSrvDefCipherList,
int forceCliDefCipherList)
{
#ifdef WOLFSSL_TIRTOS
func_args cliArgs = {0};
@@ -174,20 +180,25 @@ static int execute_test_case(int svr_argc, char** svr_argv,
char commandLine[MAX_COMMAND_SZ];
char cipherSuite[MAX_SUITE_SZ+1];
int i;
size_t added = 0;
size_t added;
static int tests = 1;
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
char portNumber[8];
#endif
/* Is Valid Cipher and Version Checks */
/* build command list for the Is checks below */
commandLine[0] = '\0';
for (i = 0; i < svr_argc; i++) {
added = 0;
for (i = 0; i < svrArgs.argc; i++) {
added += XSTRLEN(svr_argv[i]) + 2;
if (added >= MAX_COMMAND_SZ) {
printf("server command line too long\n");
printf("server command line too long\n");
break;
}
strcat(commandLine, svr_argv[i]);
strcat(commandLine, flagSep);
}
if (IsValidCipherSuite(commandLine, cipherSuite) == 0) {
#ifdef DEBUG_SUITE_TESTS
printf("cipher suite %s not supported in build\n", cipherSuite);
@@ -203,7 +214,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
return VERSION_TOO_OLD;
}
#endif
#ifndef WOLFSSL_ALLOW_TLSV10
if (IsTls10Version(commandLine) == 1) {
#ifdef DEBUG_SUITE_TESTS
printf("protocol version on line %s is too old\n", commandLine);
#endif
return VERSION_TOO_OLD;
}
#endif
#ifdef NO_OLD_TLS
if (IsOldTlsVersion(commandLine) == 1) {
#ifdef DEBUG_SUITE_TESTS
@@ -213,78 +231,52 @@ static int execute_test_case(int svr_argc, char** svr_argv,
}
#endif
/* Build Client Command */
if (addNoVerify) {
printf("repeating test with client cert request off\n");
added += 4; /* -d plus space plus terminator */
if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
printf("repeating test with client cert request off\n");
if (svrArgs.argc >= MAX_ARGS)
printf("server command line too long\n");
else {
svr_argv[svr_argc++] = noVerifyFlag;
svrArgs.argc = svr_argc;
strcat(commandLine, noVerifyFlag);
strcat(commandLine, flagSep);
}
else
svr_argv[svrArgs.argc++] = noVerifyFlag;
}
if (addNonBlocking) {
printf("repeating test with non blocking on\n");
added += 4; /* -N plus terminator */
if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
printf("repeating test with non blocking on\n");
if (svrArgs.argc >= MAX_ARGS)
printf("server command line too long\n");
else {
svr_argv[svr_argc++] = nonblockFlag;
svrArgs.argc = svr_argc;
strcat(commandLine, nonblockFlag);
strcat(commandLine, flagSep);
}
else
svr_argv[svrArgs.argc++] = nonblockFlag;
}
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
/* add port 0 */
if (svr_argc + 2 > MAX_ARGS)
/* add port */
if (svrArgs.argc + 2 > MAX_ARGS)
printf("cannot add the magic port number flag to server\n");
else
{
svr_argv[svr_argc++] = portFlag;
svr_argv[svr_argc++] = svrPort;
svrArgs.argc = svr_argc;
else {
svr_argv[svrArgs.argc++] = portFlag;
svr_argv[svrArgs.argc++] = svrPort;
}
#endif
printf("trying server command line[%d]: %s\n", tests, commandLine);
if (forceSrvDefCipherList) {
if (svrArgs.argc >= MAX_ARGS)
printf("cannot add the force def cipher list flag to server\n");
else
svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
}
/* update server flags list */
commandLine[0] = '\0';
added = 0;
for (i = 0; i < cli_argc; i++) {
added += XSTRLEN(cli_argv[i]) + 2;
for (i = 0; i < svrArgs.argc; i++) {
added += XSTRLEN(svr_argv[i]) + 2;
if (added >= MAX_COMMAND_SZ) {
printf("client command line too long\n");
printf("server command line too long\n");
break;
}
strcat(commandLine, cli_argv[i]);
strcat(commandLine, svr_argv[i]);
strcat(commandLine, flagSep);
}
if (addNonBlocking) {
added += 4; /* -N plus space plus terminator */
if (added >= MAX_COMMAND_SZ)
printf("client command line too long\n");
else {
cli_argv[cli_argc++] = nonblockFlag;
strcat(commandLine, nonblockFlag);
strcat(commandLine, flagSep);
cliArgs.argc = cli_argc;
}
}
if (addDisableEMS) {
printf("repeating test without extended master secret\n");
added += 4; /* -n plus terminator */
if (added >= MAX_COMMAND_SZ)
printf("client command line too long\n");
else {
cli_argv[cli_argc++] = disableEMSFlag;
strcat(commandLine, disableEMSFlag);
strcat(commandLine, flagSep);
cliArgs.argc = cli_argc;
}
}
printf("trying client command line[%d]: %s\n", tests++, commandLine);
printf("trying server command line[%d]: %s\n", tests, commandLine);
tests++; /* test count */
InitTcpReady(&ready);
@@ -296,31 +288,64 @@ static int execute_test_case(int svr_argc, char** svr_argv,
svrArgs.signal = &ready;
start_thread(server_test, &svrArgs, &serverThread);
wait_tcp_ready(&svrArgs);
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
if (ready.port != 0)
{
if (cli_argc + 2 > MAX_ARGS)
printf("cannot add the magic port number flag to client\n");
else {
char portNumber[8];
snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
cli_argv[cli_argc++] = portFlag;
cli_argv[cli_argc++] = portNumber;
cliArgs.argc = cli_argc;
}
/* Build Client Command */
if (addNonBlocking) {
if (cliArgs.argc >= MAX_ARGS)
printf("cannot add the non block flag to client\n");
else
cli_argv[cliArgs.argc++] = nonblockFlag;
}
if (addDisableEMS) {
printf("repeating test without extended master secret\n");
if (cliArgs.argc >= MAX_ARGS)
printf("cannot add the disable EMS flag to client\n");
else
cli_argv[cliArgs.argc++] = disableEMSFlag;
}
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
if (ready.port != 0) {
if (cliArgs.argc + 2 > MAX_ARGS)
printf("cannot add the magic port number flag to client\n");
else {
snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
cli_argv[cliArgs.argc++] = portFlag;
cli_argv[cliArgs.argc++] = portNumber;
}
#endif
}
#endif
if (forceCliDefCipherList) {
if (cliArgs.argc >= MAX_ARGS)
printf("cannot add the force def cipher list flag to client\n");
else
cli_argv[cliArgs.argc++] = forceDefCipherListFlag;
}
commandLine[0] = '\0';
added = 0;
for (i = 0; i < cliArgs.argc; i++) {
added += XSTRLEN(cli_argv[i]) + 2;
if (added >= MAX_COMMAND_SZ) {
printf("client command line too long\n");
break;
}
strcat(commandLine, cli_argv[i]);
strcat(commandLine, flagSep);
}
printf("trying client command line[%d]: %s\n", tests, commandLine);
/* start client */
client_test(&cliArgs);
/* verify results */
/* verify results */
if (cliArgs.return_code != 0) {
printf("client_test failed\n");
exit(EXIT_FAILURE);
}
join_thread(serverThread);
if (svrArgs.return_code != 0) {
if (svrArgs.return_code != 0) {
printf("server_test failed\n");
exit(EXIT_FAILURE);
}
@@ -329,7 +354,7 @@ static int execute_test_case(int svr_argc, char** svr_argv,
fdCloseSession(Task_self());
#endif
FreeTcpReady(&ready);
return 0;
}
@@ -393,7 +418,7 @@ static void test_harness(void* vargs)
args->return_code = 1;
return;
}
fclose(file);
script[sz] = 0;
@@ -442,7 +467,7 @@ static void test_harness(void* vargs)
else
svrArgs[svrArgsSz++] = strsep(&cursor, "\n");
if (*cursor == 0) /* eof */
do_it = 1;
do_it = 1;
}
if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
@@ -452,24 +477,31 @@ static void test_harness(void* vargs)
if (do_it) {
ret = execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 0);
cliArgsSz, cliArgs, 0, 0, 0, 0, 0);
/* don't repeat if not supported in build */
if (ret == 0) {
/* test with default cipher list on server side */
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 1, 0);
cliArgsSz, cliArgs, 0, 0, 0, 1, 0);
/* test with default cipher list on client side */
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 0);
cliArgsSz, cliArgs, 0, 0, 0, 0, 1);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 0);
cliArgsSz, cliArgs, 0, 1, 0, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 0, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 0, 0, 0);
#ifdef HAVE_EXTENDED_MASTER
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 1);
cliArgsSz, cliArgs, 0, 0, 1, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 1, 1);
cliArgsSz, cliArgs, 0, 1, 1, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 1);
cliArgsSz, cliArgs, 1, 0, 1, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 1);
cliArgsSz, cliArgs, 1, 1, 1, 0, 0);
#endif
}
svrArgsSz = 1;
@@ -481,10 +513,12 @@ static void test_harness(void* vargs)
free(script);
args->return_code = 0;
}
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
int SuiteTest(void)
{
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
func_args args;
char argv0[2][80];
char* myArgv[2];
@@ -513,24 +547,65 @@ int SuiteTest(void)
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_CTX_load_static_memory(&cipherSuiteCtx, NULL,
memory, sizeof(memory), 0, 1)
!= SSL_SUCCESS) {
!= WOLFSSL_SUCCESS) {
printf("unable to load static memory and create ctx");
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
if (wolfAsync_DevOpen(&devId) < 0) {
printf("Async device open failed");
args.return_code = EXIT_FAILURE;
goto exit;
}
wolfSSL_CTX_UseAsync(cipherSuiteCtx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
/* default case */
args.argc = 1;
printf("starting default cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
/* any extra cases will need another argument */
args.argc = 2;
#ifdef WOLFSSL_TLS13
/* add TLSv13 extra suites */
strcpy(argv0[1], "tests/test-tls13.conf");
printf("starting TLSv13 extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef HAVE_ECC
/* add TLSv13 ECC extra suites */
strcpy(argv0[1], "tests/test-tls13-ecc.conf");
printf("starting TLSv13 ECC extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#if defined(HAVE_CURVE25519) && defined(HAVE_ED25519)
/* add ED25519 certificate cipher suite tests */
strcpy(argv0[1], "tests/test-ed25519.conf");
printf("starting ED25519 extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef WOLFSSL_DTLS
/* add dtls extra suites */
strcpy(argv0[1], "tests/test-dtls.conf");
@@ -538,7 +613,8 @@ int SuiteTest(void)
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifdef WOLFSSL_SCTP
@@ -548,7 +624,8 @@ int SuiteTest(void)
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifndef WC_STRICT_SIG
@@ -559,7 +636,8 @@ int SuiteTest(void)
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif /* HAVE_RSA and HAVE_ECC */
#endif /* !WC_STRICT_SIG */
@@ -570,7 +648,8 @@ int SuiteTest(void)
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
@@ -581,16 +660,23 @@ int SuiteTest(void)
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
exit:
printf(" End Cipher Suite Tests\n");
wolfSSL_CTX_free(cipherSuiteCtx);
wolfSSL_Cleanup();
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
return args.return_code;
#else
return NOT_COMPILED_IN;
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
}

271
tests/test-dtls.conf
View File

@@ -1,36 +1,3 @@
# server DTLSv1 DHE-RSA-CHACHA20-POLY1305
-u
-v 2
-l DHE-RSA-CHACHA20-POLY1305
# client DTLSv1 DHE-RSA-CHACHA20-POLY1305
-u
-v 2
-l DHE-RSA-CHACHA20-POLY1305
# server DTLSv1 ECDHE-RSA-CHACHA20-POLY1305
-u
-v 2
-l ECDHE-RSA-CHACHA20-POLY1305
# client DTLSv1 ECDHE-RSA-CHACHA20-POLY1305
-u
-v 2
-l ECDHE-RSA-CHACHA20-POLY1305
# server DTLSv1 ECDHE-EDCSA-CHACHA20-POLY1305
-u
-v 2
-l ECDHE-ECDSA-CHACHA20-POLY1305
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1 ECDHE-ECDSA-CHACHA20-POLY1305
-u
-v 2
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/server-ecc.pem
# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
-u
-v 3
@@ -62,7 +29,7 @@
-u
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
-u
@@ -131,27 +98,7 @@
-u
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305-OLD
-A ./certs/server-ecc.pem
# server DTLSv1 RC4-SHA
-u
-v 2
-l RC4-SHA
# client DTLSv1 RC4-SHA
-u
-v 2
-l RC4-SHA
# server DTLSv1.2 RC4-SHA
-u
-v 3
-l RC4-SHA
# client DTLSv1.2 RC4-SHA
-u
-v 3
-l RC4-SHA
-A ./certs/ca-ecc-cert.pem
# server DTLSv1 IDEA-CBC-SHA
-u
@@ -263,16 +210,6 @@
-v 3
-l AES256-SHA256
# server DTLSv1 ECDHE-RSA-RC4
-u
-v 2
-l ECDHE-RSA-RC4-SHA
# client DTLSv1 ECDHE-RSA-RC4
-u
-v 2
-l ECDHE-RSA-RC4-SHA
# server DTLSv1.1 ECDHE-RSA-DES3
-u
-v 2
@@ -283,12 +220,12 @@
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# server DTLSv1.1 ECDHE-RSA-AES128
# server DTLSv1.1 ECDHE-RSA-AES128
-u
-v 2
-l ECDHE-RSA-AES128-SHA
# client DTLSv1.1 ECDHE-RSA-AES128
# client DTLSv1.1 ECDHE-RSA-AES128
-u
-v 2
-l ECDHE-RSA-AES128-SHA
@@ -303,16 +240,6 @@
-v 2
-l ECDHE-RSA-AES256-SHA
# server DTLSv1.2 ECDHE-RSA-RC4
-u
-v 3
-l ECDHE-RSA-RC4-SHA
# client DTLSv1.2 ECDHE-RSA-RC4
-u
-v 3
-l ECDHE-RSA-RC4-SHA
# server DTLSv1.2 ECDHE-RSA-DES3
-u
-v 3
@@ -323,12 +250,12 @@
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# server DTLSv1.2 ECDHE-RSA-AES128
# server DTLSv1.2 ECDHE-RSA-AES128
-u
-v 3
-l ECDHE-RSA-AES128-SHA
# client DTLSv1.2 ECDHE-RSA-AES128
# client DTLSv1.2 ECDHE-RSA-AES128
-u
-v 3
-l ECDHE-RSA-AES128-SHA
@@ -338,7 +265,7 @@
-v 3
-l ECDHE-RSA-AES128-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-SHA256
@@ -364,7 +291,7 @@
-u
-v 1
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
-u
@@ -377,7 +304,7 @@
-u
-v 2
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
-u
@@ -390,20 +317,7 @@
-u
-v 3
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDHE-EDCSA-RC4
-u
-v 2
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDHE-ECDSA-RC4
-u
-v 2
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDHE-ECDSA-DES3
-u
@@ -416,20 +330,20 @@
-u
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDHE-ECDSA-AES128
# server DTLSv1.1 ECDHE-ECDSA-AES128
-u
-v 2
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDHE-ECDSA-AES128
# client DTLSv1.1 ECDHE-ECDSA-AES128
-u
-v 2
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDHE-ECDSA-AES256
-u
@@ -442,20 +356,7 @@
-u
-v 2
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-RC4
-u
-v 3
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-RC4
-u
-v 3
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-DES3
-u
@@ -468,20 +369,20 @@
-u
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128
# server DTLSv1.2 ECDHE-ECDSA-AES128
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128
# client DTLSv1.2 ECDHE-ECDSA-AES128
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256
-u
@@ -494,7 +395,7 @@
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256
-u
@@ -507,19 +408,7 @@
-u
-v 3
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDH-RSA-RC4
-u
-v 2
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-RSA-RC4
-u
-v 2
-l ECDH-RSA-RC4-SHA
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDH-RSA-DES3
-u
@@ -533,14 +422,14 @@
-v 2
-l ECDH-RSA-DES-CBC3-SHA
# server DTLSv1.1 ECDH-RSA-AES128
# server DTLSv1.1 ECDH-RSA-AES128
-u
-v 2
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-RSA-AES128
# client DTLSv1.1 ECDH-RSA-AES128
-u
-v 2
-l ECDH-RSA-AES128-SHA
@@ -557,18 +446,6 @@
-v 2
-l ECDH-RSA-AES256-SHA
# server DTLSv1.2 ECDH-RSA-RC4
-u
-v 3
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-RC4
-u
-v 3
-l ECDH-RSA-RC4-SHA
# server DTLSv1.2 ECDH-RSA-DES3
-u
-v 3
@@ -581,26 +458,26 @@
-v 3
-l ECDH-RSA-DES-CBC3-SHA
# server DTLSv1.2 ECDH-RSA-AES128
# server DTLSv1.2 ECDH-RSA-AES128
-u
-v 3
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128
# client DTLSv1.2 ECDH-RSA-AES128
-u
-v 3
-l ECDH-RSA-AES128-SHA
# server DTLSv1.2 ECDH-RSA-AES128-SHA256
# server DTLSv1.2 ECDH-RSA-AES128-SHA256
-u
-v 3
-l ECDH-RSA-AES128-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128-SHA256
# client DTLSv1.2 ECDH-RSA-AES128-SHA256
-u
-v 3
-l ECDH-RSA-AES128-SHA256
@@ -617,19 +494,6 @@
-v 3
-l ECDH-RSA-AES256-SHA
# server DTLSv1.1 ECDH-EDCSA-RC4
-u
-v 2
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-ECDSA-RC4
-u
-v 2
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDH-ECDSA-DES3
-u
-v 2
@@ -641,20 +505,20 @@
-u
-v 2
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDH-ECDSA-AES128
# server DTLSv1.1 ECDH-ECDSA-AES128
-u
-v 2
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-ECDSA-AES128
# client DTLSv1.1 ECDH-ECDSA-AES128
-u
-v 2
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDH-ECDSA-AES256
-u
@@ -667,20 +531,7 @@
-u
-v 2
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-RC4
-u
-v 3
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-RC4
-u
-v 3
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-DES3
-u
@@ -693,20 +544,20 @@
-u
-v 3
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-AES128
# server DTLSv1.2 ECDH-ECDSA-AES128
-u
-v 3
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128
# client DTLSv1.2 ECDH-ECDSA-AES128
-u
-v 3
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256
-u
@@ -715,11 +566,11 @@
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256
# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-AES256
-u
@@ -732,14 +583,14 @@
-u
-v 3
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-RSA-AES256-SHA384
# server DTLSv1.2 ECDHE-RSA-AES256-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-SHA384
# client DTLSv1.2 ECDHE-RSA-AES256-SHA384
# client DTLSv1.2 ECDHE-RSA-AES256-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-SHA384
@@ -755,16 +606,16 @@
-u
-v 3
-l ECDHE-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-RSA-AES256-SHA384
# server DTLSv1.2 ECDH-RSA-AES256-SHA384
-u
-v 3
-l ECDH-RSA-AES256-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES256-SHA384
# client DTLSv1.2 ECDH-RSA-AES256-SHA384
-u
-v 3
-l ECDH-RSA-AES256-SHA384
@@ -776,11 +627,11 @@
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384
# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
@@ -926,18 +777,18 @@
-v 3
-l PSK-AES256-CBC-SHA384
# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u
@@ -950,20 +801,20 @@
-u
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-u
@@ -976,14 +827,14 @@
-u
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
@@ -998,14 +849,14 @@
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
@@ -1057,7 +908,7 @@
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-u
@@ -1070,7 +921,7 @@
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8
-u
@@ -1083,7 +934,7 @@
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ADH-AES128-SHA
-u

56
tests/test-ed25519.conf Normal file
View File

@@ -0,0 +1,56 @@
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ed25519/server-ed25519.pem
-k ./certs/ed25519/server-ed25519-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ed25519/root-ed25519.pem
-C
# Enable when CRL for ED25519 certificates available.
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
#-v 3
#-l ECDHE-ECDSA-AES128-GCM-SHA256
#-c ./certs/ed25519/server-ed25519.pem
#-k ./certs/ed25519/server-ed25519-key.pem
#-A ./certs/ed25519/client-ed25519.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
#-v 3
#-l ECDHE-ECDSA-AES128-GCM-SHA256
#-c ./certs/ed25519/client-ed25519.pem
#-k ./certs/ed25519/client-ed25519-key.pem
#-A ./certs/ed25519/root-ed25519.pem
#-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/ed25519/server-ed25519.pem
-k ./certs/ed25519/server-ed25519-key.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ed25519/root-ed25519.pem
-C
# Enable when CRL for ED25519 certificates available.
# server TLSv1.3 TLS13-AES128-GCM-SHA256
#-v 4
#-l TLS13-AES128-GCM-SHA256
#-c ./certs/ed25519/server-ed25519.pem
#-k ./certs/ed25519/server-ed25519-key.pem
#-A ./certs/ed25519/client-ed25519.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256
#-v 4
#-l TLS13-AES128-GCM-SHA256
#-c ./certs/ed25519/client-ed25519.pem
#-k ./certs/ed25519/client-ed25519-key.pem
#-A ./certs/ed25519/root-ed25519.pem
#-C

50
tests/test-psk-no-id.conf
View File

@@ -251,3 +251,53 @@
-v 3
-l PSK-AES256-GCM-SHA384
# server TLSv1.3 AES128-GCM-SHA256
-s
-v 4
-l TLS13-AES128-GCM-SHA256
# client TLSv1.3 AES128-GCM-SHA256
-s
-v 4
-l TLS13-AES128-GCM-SHA256
# server TLSv1.3 accepting EarlyData using PSK
-v 4
-l TLS13-AES128-GCM-SHA256
-r
-s
-0
# client TLSv1.3 sending EarlyData using PSK
-v 4
-l TLS13-AES128-GCM-SHA256
-r
-s
-0
# server TLSv1.3 not accepting EarlyData using PSK
-v 4
-l TLS13-AES128-GCM-SHA256
-r
-s
# client TLSv1.3 sending EarlyData using PSK
-v 4
-l TLS13-AES128-GCM-SHA256
-r
-s
-0
# server TLSv1.3 accepting EarlyData using PSK
-v 4
-l TLS13-AES128-GCM-SHA256
-r
-s
-0
# client TLSv1.3 not sending EarlyData using PSK
-v 4
-l TLS13-AES128-GCM-SHA256
-r
-s

134
tests/test-qsh.conf
View File

@@ -28,60 +28,6 @@
-s
-l QSH:PSK-CHACHA20-POLY1305
# server TLSv1 DHE-RSA-CHACHA20-POLY1305
-v 1
-l QSH:DHE-RSA-CHACHA20-POLY1305
# client TLSv1 DHE-RSA-CHACHA20-POLY1305
-v 1
-l QSH:DHE-RSA-CHACHA20-POLY1305
# server TLSv1 ECDHE-EDCSA-CHACHA20-POLY1305
-v 1
-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-CHACHA20-POLY1305
-v 1
-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/server-ecc.pem
# server TLSv1 ECDHE-RSA-CHACHA20-POLY1305
-v 1
-l QSH:ECDHE-RSA-CHACHA20-POLY1305
# client TLSv1 ECDHE-RSA-CHACHA20-POLY1305
-v 1
-l QSH:ECDHE-RSA-CHACHA20-POLY1305
# server TLSv1.1 DHE-RSA-CHACHA20-POLY1305
-v 2
-l QSH:DHE-RSA-CHACHA20-POLY1305
# client TLSv1.1 DHE-RSA-CHACHA20-POLY1305
-v 2
-l QSH:DHE-RSA-CHACHA20-POLY1305
# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
-v 2
-l QSH:ECDHE-RSA-CHACHA20-POLY1305
# client TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
-v 2
-l QSH:ECDHE-RSA-CHACHA20-POLY1305
# server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305
-v 2
-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305
-v 2
-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/server-ecc.pem
# server TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD
-v 3
-l QSH:DHE-RSA-CHACHA20-POLY1305-OLD
@@ -107,7 +53,7 @@
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD
-v 3
-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305-OLD
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 DHE-RSA-CHACHA20-POLY1305
-v 3
@@ -134,7 +80,7 @@
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
-v 3
-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server SSLv3 RC4-SHA
-v 0
@@ -393,7 +339,7 @@
# client TLSv1 ECDHE-ECDSA-NULL-SHA
-v 1
-l QSH:ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
-v 2
@@ -404,7 +350,7 @@
# client TLSv1 ECDHE-ECDSA-NULL-SHA
-v 2
-l QSH:ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
-v 3
@@ -415,7 +361,7 @@
# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
-v 3
-l QSH:ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-RSA-RC4
-v 2
@@ -498,7 +444,7 @@
# client TLSv1 ECDHE-ECDSA-RC4
-v 1
-l QSH:ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-ECDSA-DES3
-v 1
@@ -509,7 +455,7 @@
# client TLSv1 ECDHE-ECDSA-DES3
-v 1
-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-ECDSA-AES128
-v 1
@@ -520,7 +466,7 @@
# client TLSv1 ECDHE-ECDSA-AES128
-v 1
-l QSH:ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-ECDSA-AES256
-v 1
@@ -531,7 +477,7 @@
# client TLSv1 ECDHE-ECDSA-AES256
-v 1
-l QSH:ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-EDCSA-RC4
-v 2
@@ -542,7 +488,7 @@
# client TLSv1.1 ECDHE-ECDSA-RC4
-v 2
-l QSH:ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-ECDSA-DES3
-v 2
@@ -553,7 +499,7 @@
# client TLSv1.1 ECDHE-ECDSA-DES3
-v 2
-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-ECDSA-AES128
-v 2
@@ -564,7 +510,7 @@
# client TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l QSH:ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-ECDSA-AES256
-v 2
@@ -575,7 +521,7 @@
# client TLSv1.1 ECDHE-ECDSA-AES256
-v 2
-l QSH:ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-RC4
-v 3
@@ -586,7 +532,7 @@
# client TLSv1.2 ECDHE-ECDSA-RC4
-v 3
-l QSH:ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-DES3
-v 3
@@ -597,7 +543,7 @@
# client TLSv1.2 ECDHE-ECDSA-DES3
-v 3
-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128
-v 3
@@ -608,7 +554,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l QSH:ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
-v 3
@@ -619,7 +565,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
-v 3
-l QSH:ECDHE-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES256
-v 3
@@ -630,7 +576,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES256
-v 3
-l QSH:ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDH-RSA-RC4
-v 1
@@ -771,7 +717,7 @@
# client TLSv1 ECDH-ECDSA-RC4
-v 1
-l QSH:ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDH-ECDSA-DES3
-v 1
@@ -782,7 +728,7 @@
# client TLSv1 ECDH-ECDSA-DES3
-v 1
-l QSH:ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDH-ECDSA-AES128
-v 1
@@ -793,7 +739,7 @@
# client TLSv1 ECDH-ECDSA-AES128
-v 1
-l QSH:ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDH-ECDSA-AES256
-v 1
@@ -804,7 +750,7 @@
# client TLSv1 ECDH-ECDSA-AES256
-v 1
-l QSH:ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDH-EDCSA-RC4
-v 2
@@ -815,7 +761,7 @@
# client TLSv1.1 ECDH-ECDSA-RC4
-v 2
-l QSH:ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDH-ECDSA-DES3
-v 2
@@ -826,7 +772,7 @@
# client TLSv1.1 ECDH-ECDSA-DES3
-v 2
-l QSH:ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDH-ECDSA-AES128
-v 2
@@ -837,7 +783,7 @@
# client TLSv1.1 ECDH-ECDSA-AES128
-v 2
-l QSH:ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDH-ECDSA-AES256
-v 2
@@ -848,7 +794,7 @@
# client TLSv1.1 ECDH-ECDSA-AES256
-v 2
-l QSH:ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-RC4
-v 3
@@ -859,7 +805,7 @@
# client TLSv1.2 ECDH-ECDSA-RC4
-v 3
-l QSH:ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-DES3
-v 3
@@ -870,7 +816,7 @@
# client TLSv1.2 ECDH-ECDSA-DES3
-v 3
-l QSH:ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES128
-v 3
@@ -881,7 +827,7 @@
# client TLSv1.2 ECDH-ECDSA-AES128
-v 3
-l QSH:ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES128-SHA256
-v 3
@@ -892,7 +838,7 @@
# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
-v 3
-l QSH:ECDH-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES256
-v 3
@@ -903,7 +849,7 @@
# client TLSv1.2 ECDH-ECDSA-AES256
-v 3
-l QSH:ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-RSA-AES256-SHA384
-v 3
@@ -922,7 +868,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES256-SHA384
-v 3
-l QSH:ECDHE-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-RSA-AES256-SHA384
-v 3
@@ -943,7 +889,7 @@
# client TLSv1.2 ECDH-ECDSA-AES256-SHA384
-v 3
-l QSH:ECDH-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 HC128-SHA
-v 1
@@ -1700,7 +1646,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l QSH:ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3
@@ -1711,7 +1657,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3
-l QSH:ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-v 3
@@ -1722,7 +1668,7 @@
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-v 3
-l QSH:ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-v 3
@@ -1733,7 +1679,7 @@
# client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-v 3
-l QSH:ECDH-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-v 3
@@ -1832,7 +1778,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM
-v 3
-l QSH:ECDHE-ECDSA-AES128-CCM
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-v 3
@@ -1843,7 +1789,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-v 3
-l QSH:ECDHE-ECDSA-AES128-CCM-8
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
-v 3
@@ -1854,7 +1800,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
-v 3
-l QSH:ECDHE-ECDSA-AES256-CCM-8
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 PSK-AES128-CCM
-s

66
tests/test-sctp.conf
View File

@@ -29,7 +29,7 @@
-G
-v 2
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
-G
@@ -62,7 +62,7 @@
-G
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
-G
@@ -131,7 +131,7 @@
-G
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305-OLD
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1 RC4-SHA
-G
@@ -364,7 +364,7 @@
-G
-v 1
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
-G
@@ -377,7 +377,7 @@
-G
-v 2
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
-G
@@ -390,7 +390,7 @@
-G
-v 3
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDHE-EDCSA-RC4
-G
@@ -403,7 +403,7 @@
-G
-v 2
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDHE-ECDSA-DES3
-G
@@ -416,7 +416,7 @@
-G
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDHE-ECDSA-AES128
-G
@@ -429,7 +429,7 @@
-G
-v 2
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDHE-ECDSA-AES256
-G
@@ -442,7 +442,7 @@
-G
-v 2
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-RC4
-G
@@ -455,7 +455,7 @@
-G
-v 3
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-DES3
-G
@@ -468,7 +468,7 @@
-G
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128
-G
@@ -481,7 +481,7 @@
-G
-v 3
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256
-G
@@ -494,7 +494,7 @@
-G
-v 3
-l ECDHE-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256
-G
@@ -507,7 +507,7 @@
-G
-v 3
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDH-RSA-RC4
-G
@@ -628,7 +628,7 @@
-G
-v 2
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDH-ECDSA-DES3
-G
@@ -641,7 +641,7 @@
-G
-v 2
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDH-ECDSA-AES128
-G
@@ -654,7 +654,7 @@
-G
-v 2
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.1 ECDH-ECDSA-AES256
-G
@@ -667,7 +667,7 @@
-G
-v 2
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-RC4
-G
@@ -680,7 +680,7 @@
-G
-v 3
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-DES3
-G
@@ -693,7 +693,7 @@
-G
-v 3
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-AES128
-G
@@ -706,7 +706,7 @@
-G
-v 3
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256
-G
@@ -719,7 +719,7 @@
-G
-v 3
-l ECDH-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-AES256
-G
@@ -732,7 +732,7 @@
-G
-v 3
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-RSA-AES256-SHA384
-G
@@ -755,7 +755,7 @@
-G
-v 3
-l ECDHE-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-RSA-AES256-SHA384
-G
@@ -780,7 +780,7 @@
-G
-v 3
-l ECDH-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
@@ -937,7 +937,7 @@
-G
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-G
@@ -950,7 +950,7 @@
-G
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-G
@@ -963,7 +963,7 @@
-G
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-G
@@ -976,7 +976,7 @@
-G
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-G
@@ -1057,7 +1057,7 @@
-G
-v 3
-l ECDHE-ECDSA-AES128-CCM
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-G
@@ -1070,7 +1070,7 @@
-G
-v 3
-l ECDHE-ECDSA-AES128-CCM-8
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8
-G
@@ -1083,7 +1083,7 @@
-G
-v 3
-l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server DTLSv1.2 ADH-AES128-SHA
-G

17
tests/test-sig.conf
View File

@@ -18,7 +18,7 @@
# client TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-ECDSA-AES128
-v 1
@@ -62,7 +62,7 @@
# client TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-ECDSA-AES128
-v 2
@@ -106,7 +106,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
-v 3
@@ -174,6 +174,17 @@
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-privkey.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384

67
tests/test-tls13-ecc.conf Normal file
View File

@@ -0,0 +1,67 @@
# server TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
-v 4
-l TLS13-CHACH20-POLY1305-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
-v 4
-l TLS13-CHACH20-POLY1305-SHA256
-A ./certs/ca-ecc-cert.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
# server TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-A ./certs/ca-ecc-cert.pem
# server TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4
-l TLS13-AES128-CCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4
-l TLS13-AES128-CCM-SHA256
-A ./certs/ca-ecc-cert.pem
# server TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4
-l TLS13-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4
-l TLS13-AES128-CCM-8-SHA256
-A ./certs/ca-ecc-cert.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-t

74
tests/test-tls13.conf Normal file
View File

@@ -0,0 +1,74 @@
# server TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
-v 4
-l TLS13-CHACH20-POLY1305-SHA256
# client TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
-v 4
-l TLS13-CHACH20-POLY1305-SHA256
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
# server TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
# client TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
# server TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4
-l TLS13-AES128-CCM-SHA256
# client TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4
-l TLS13-AES128-CCM-SHA256
# server TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4
-l TLS13-AES128-CCM-8-SHA256
# client TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4
-l TLS13-AES128-CCM-8-SHA256
# server TLSv1.3 accepting EarlyData
-v 4
-l TLS13-AES128-GCM-SHA256
-r
-0
# client TLSv1.3 sending EarlyData
-v 4
-l TLS13-AES128-GCM-SHA256
-r
-0
# server TLSv1.3 not accepting EarlyData
-v 4
-l TLS13-AES128-GCM-SHA256
-r
# client TLSv1.3 sending EarlyData
-v 4
-l TLS13-AES128-GCM-SHA256
-r
-0
# server TLSv1.3 accepting EarlyData
-v 4
-l TLS13-AES128-GCM-SHA256
-r
-0
# client TLSv1.3 not sending EarlyData
-v 4
-l TLS13-AES128-GCM-SHA256
-r

242
tests/test.conf
View File

@@ -1,30 +1,3 @@
# server TLSv1.1 DHE-RSA-CHACHA20-POLY1305
-v 2
-l DHE-RSA-CHACHA20-POLY1305
# client TLSv1.1 DHE-RSA-CHACHA20-POLY1305
-v 2
-l DHE-RSA-CHACHA20-POLY1305
# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
-v 2
-l ECDHE-RSA-CHACHA20-POLY1305
# client TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
-v 2
-l ECDHE-RSA-CHACHA20-POLY1305
# server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305
-v 2
-l ECDHE-ECDSA-CHACHA20-POLY1305
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305
-v 2
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/server-ecc.pem
# server TLSv1.2 DHE-RSA-CHACHA20-POLY1305
-v 3
-l DHE-RSA-CHACHA20-POLY1305
@@ -50,7 +23,7 @@
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
-v 3
@@ -107,7 +80,7 @@
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305-OLD
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server SSLv3 RC4-SHA
-v 0
@@ -341,11 +314,11 @@
-v 1
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1 ECDHE-RSA-AES128
# server TLSv1 ECDHE-RSA-AES128
-v 1
-l ECDHE-RSA-AES128-SHA
# client TLSv1 ECDHE-RSA-AES128
# client TLSv1 ECDHE-RSA-AES128
-v 1
-l ECDHE-RSA-AES128-SHA
@@ -373,11 +346,11 @@
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1.1 ECDHE-RSA-AES128
# server TLSv1.1 ECDHE-RSA-AES128
-v 2
-l ECDHE-RSA-AES128-SHA
# client TLSv1.1 ECDHE-RSA-AES128
# client TLSv1.1 ECDHE-RSA-AES128
-v 2
-l ECDHE-RSA-AES128-SHA
@@ -405,11 +378,11 @@
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1.2 ECDHE-RSA-AES128
# server TLSv1.2 ECDHE-RSA-AES128
-v 3
-l ECDHE-RSA-AES128-SHA
# client TLSv1.2 ECDHE-RSA-AES128
# client TLSv1.2 ECDHE-RSA-AES128
-v 3
-l ECDHE-RSA-AES128-SHA
@@ -417,7 +390,7 @@
-v 3
-l ECDHE-RSA-AES128-SHA256
# client TLSv1.2 ECDHE-RSA-AES128-SHA256
# client TLSv1.2 ECDHE-RSA-AES128-SHA256
-v 3
-l ECDHE-RSA-AES128-SHA256
@@ -438,7 +411,7 @@
# client TLSv1 ECDHE-ECDSA-NULL-SHA
-v 1
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
-v 2
@@ -449,7 +422,7 @@
# client TLSv1 ECDHE-ECDSA-NULL-SHA
-v 2
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
-v 3
@@ -460,7 +433,7 @@
# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
-v 3
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-ECDSA-RC4
-v 1
@@ -471,7 +444,7 @@
# client TLSv1 ECDHE-ECDSA-RC4
-v 1
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-ECDSA-DES3
-v 1
@@ -482,18 +455,18 @@
# client TLSv1 ECDHE-ECDSA-DES3
-v 1
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-ECDSA-AES128
# server TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-AES128
# client TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-ECDSA-AES256
-v 1
@@ -504,7 +477,7 @@
# client TLSv1 ECDHE-ECDSA-AES256
-v 1
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-EDCSA-RC4
-v 2
@@ -515,7 +488,7 @@
# client TLSv1.1 ECDHE-ECDSA-RC4
-v 2
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-ECDSA-DES3
-v 2
@@ -526,18 +499,18 @@
# client TLSv1.1 ECDHE-ECDSA-DES3
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-ECDSA-AES128
# server TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-AES128
# client TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDHE-ECDSA-AES256
-v 2
@@ -548,7 +521,7 @@
# client TLSv1.1 ECDHE-ECDSA-AES256
-v 2
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-RC4
-v 3
@@ -559,7 +532,7 @@
# client TLSv1.2 ECDHE-ECDSA-RC4
-v 3
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-DES3
-v 3
@@ -570,18 +543,18 @@
# client TLSv1.2 ECDHE-ECDSA-DES3
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128
# server TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128
# client TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
-v 3
@@ -592,7 +565,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
-v 3
-l ECDHE-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES256
-v 3
@@ -603,7 +576,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES256
-v 3
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDH-RSA-RC4
-v 1
@@ -625,13 +598,13 @@
-v 1
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1 ECDH-RSA-AES128
# server TLSv1 ECDH-RSA-AES128
-v 1
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-RSA-AES128
# client TLSv1 ECDH-RSA-AES128
-v 1
-l ECDH-RSA-AES128-SHA
@@ -665,13 +638,13 @@
-v 2
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1.1 ECDH-RSA-AES128
# server TLSv1.1 ECDH-RSA-AES128
-v 2
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-RSA-AES128
# client TLSv1.1 ECDH-RSA-AES128
-v 2
-l ECDH-RSA-AES128-SHA
@@ -705,23 +678,23 @@
-v 3
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1.2 ECDH-RSA-AES128
# server TLSv1.2 ECDH-RSA-AES128
-v 3
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES128
# client TLSv1.2 ECDH-RSA-AES128
-v 3
-l ECDH-RSA-AES128-SHA
# server TLSv1.2 ECDH-RSA-AES128-SHA256
# server TLSv1.2 ECDH-RSA-AES128-SHA256
-v 3
-l ECDH-RSA-AES128-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES128-SHA256
# client TLSv1.2 ECDH-RSA-AES128-SHA256
-v 3
-l ECDH-RSA-AES128-SHA256
@@ -744,7 +717,7 @@
# client TLSv1 ECDH-ECDSA-RC4
-v 1
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDH-ECDSA-DES3
-v 1
@@ -755,18 +728,18 @@
# client TLSv1 ECDH-ECDSA-DES3
-v 1
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDH-ECDSA-AES128
# server TLSv1 ECDH-ECDSA-AES128
-v 1
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-ECDSA-AES128
# client TLSv1 ECDH-ECDSA-AES128
-v 1
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDH-ECDSA-AES256
-v 1
@@ -777,7 +750,7 @@
# client TLSv1 ECDH-ECDSA-AES256
-v 1
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDH-EDCSA-RC4
-v 2
@@ -788,7 +761,7 @@
# client TLSv1.1 ECDH-ECDSA-RC4
-v 2
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDH-ECDSA-DES3
-v 2
@@ -799,18 +772,18 @@
# client TLSv1.1 ECDH-ECDSA-DES3
-v 2
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDH-ECDSA-AES128
# server TLSv1.1 ECDH-ECDSA-AES128
-v 2
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-ECDSA-AES128
# client TLSv1.1 ECDH-ECDSA-AES128
-v 2
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.1 ECDH-ECDSA-AES256
-v 2
@@ -821,7 +794,7 @@
# client TLSv1.1 ECDH-ECDSA-AES256
-v 2
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-RC4
-v 3
@@ -832,7 +805,7 @@
# client TLSv1.2 ECDH-ECDSA-RC4
-v 3
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-DES3
-v 3
@@ -843,18 +816,18 @@
# client TLSv1.2 ECDH-ECDSA-DES3
-v 3
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES128
# server TLSv1.2 ECDH-ECDSA-AES128
-v 3
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES128
# client TLSv1.2 ECDH-ECDSA-AES128
-v 3
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES128-SHA256
-v 3
@@ -862,10 +835,10 @@
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
-v 3
-l ECDH-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES256
-v 3
@@ -876,13 +849,13 @@
# client TLSv1.2 ECDH-ECDSA-AES256
-v 3
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-RSA-AES256-SHA384
-v 3
-l ECDHE-RSA-AES256-SHA384
# client TLSv1.2 ECDHE-RSA-AES256-SHA384
# client TLSv1.2 ECDHE-RSA-AES256-SHA384
-v 3
-l ECDHE-RSA-AES256-SHA384
@@ -895,15 +868,15 @@
# client TLSv1.2 ECDHE-ECDSA-AES256-SHA384
-v 3
-l ECDHE-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-RSA-AES256-SHA384
# server TLSv1.2 ECDH-RSA-AES256-SHA384
-v 3
-l ECDH-RSA-AES256-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES256-SHA384
# client TLSv1.2 ECDH-RSA-AES256-SHA384
-v 3
-l ECDH-RSA-AES256-SHA384
@@ -913,10 +886,10 @@
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES256-SHA384
# client TLSv1.2 ECDH-ECDSA-AES256-SHA384
-v 3
-l ECDH-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1 HC128-SHA
-v 1
@@ -1664,11 +1637,11 @@
-v 3
-l DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.2 RSA-AES128-GCM-SHA256
# server TLSv1.2 RSA-AES128-GCM-SHA256
-v 3
-l AES128-GCM-SHA256
# client TLSv1.2 RSA-AES128-GCM-SHA256
# client TLSv1.2 RSA-AES128-GCM-SHA256
-v 3
-l AES128-GCM-SHA256
@@ -1680,16 +1653,16 @@
-v 3
-l AES256-GCM-SHA384
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3
@@ -1700,18 +1673,18 @@
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-v 3
@@ -1722,13 +1695,13 @@
# client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
@@ -1740,13 +1713,13 @@
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
@@ -1760,11 +1733,11 @@
-v 3
-l ECDH-RSA-AES256-GCM-SHA384
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
@@ -1821,7 +1794,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM
-v 3
-l ECDHE-ECDSA-AES128-CCM
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-v 3
@@ -1832,7 +1805,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-v 3
-l ECDHE-ECDSA-AES128-CCM-8
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
-v 3
@@ -1843,7 +1816,7 @@
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
-v 3
-l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/server-ecc.pem
-A ./certs/ca-ecc-cert.pem
# server TLSv1.2 PSK-AES128-CCM
-s
@@ -2196,3 +2169,50 @@
-v 3
-l NTRU-AES128-SHA
# server TLSv1.2 verify callback override
-v 3
-l ECDHE-RSA-AES128-SHA256
# client TLSv1.2 verify callback override
-v 3
-l ECDHE-RSA-AES128-SHA256
-j
# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
-v 3
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/ca-ecc-cert.pem
-t
# server TLSv1.2 private-only key
-v 3
-c ./certs/ecc-privOnlyCert.pem
-k ./certs/ecc-privOnlyKey.pem
# client TLSv1.2 private-only key on server
-v 3
-d
# server TLSv1.2 with fragment
-v 3
# client TLSv1.2 with fragment
-v 3
-F 1
# server TLSv1.2 RSA 3072-bit DH 3072-bit
-v 3
-D certs/dh3072.pem
-A certs/client-cert-3072.pem
# client TLSv1.2 RSA 3072-bit DH 3072-bit
-v 3
-D certs/dh3072.pem
-c certs/client-cert-3072.pem
-k certs/client-key-3072.pem

11
tests/unit.c
View File

@@ -1,6 +1,6 @@
/* unit.c API unit tests driver
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -45,7 +45,7 @@ int main(int argc, char** argv)
int unit_test(int argc, char** argv)
{
int ret;
int ret = 0;
(void)argc;
(void)argv;
@@ -68,24 +68,25 @@ int unit_test(int argc, char** argv)
if ( (ret = HashTest()) != 0){
printf("hash test failed with %d\n", ret);
return ret;
goto exit;
}
#ifndef SINGLE_THREADED
if ( (ret = SuiteTest()) != 0){
printf("suite test failed with %d\n", ret);
return ret;
goto exit;
}
#endif
SrpTest();
exit:
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");
#endif /* HAVE_WNR */
return 0;
return ret;
}

2
tests/unit.h
View File

@@ -1,6 +1,6 @@
/* unit.c API unit tests driver
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*