deb/wolfssl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 3.13.0+dfsg

Browse Source
This commit is contained in:
Mario Fetka
2018-02-19 12:29:49 +01:00
parent 1893aafd38
commit e07619e148
472 changed files with 168552 additions and 31827 deletions
Download Patch File Download Diff File Expand all files Collapse all files

350
tests/suites.c
View File

@@ -1,6 +1,6 @@
/* suites.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -35,16 +35,17 @@
#define MAX_ARGS 40
#define MAX_COMMAND_SZ 240
#define MAX_SUITE_SZ 80
#define MAX_SUITE_SZ 80
#define NOT_BUILT_IN -123
#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3)
#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) || \
!defined(WOLFSSL_ALLOW_TLSV10)
#define VERSION_TOO_OLD -124
#endif
#include "examples/client/client.h"
#include "examples/server/server.h"
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
static WOLFSSL_CTX* cipherSuiteCtx = NULL;
static char nonblockFlag[] = "-N";
static char noVerifyFlag[] = "-d";
@@ -54,51 +55,55 @@ static char flagSep[] = " ";
static char portFlag[] = "-p";
static char svrPort[] = "0";
#endif
static char forceDefCipherListFlag[] = "-HdefCipherList";
#ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID;
#endif
#ifdef VERSION_TOO_OLD
static int GetTlsVersion(const char* line)
{
int version = -1;
const char* find = "-v ";
const char* begin = strstr(line, find);
if (begin) {
begin += 3;
version = atoi(begin);
}
return version;
}
#ifndef WOLFSSL_ALLOW_SSLV3
/* if the protocol version is sslv3 return 1, else 0 */
static int IsSslVersion(const char* line)
{
const char* find = "-v ";
const char* begin = strstr(line, find);
if (begin) {
int version = -1;
begin += 3;
version = atoi(begin);
if (version == 0)
return 1;
}
return 0;
int version = GetTlsVersion(line);
return (version == 0) ? 1 : 0;
}
#endif /* !WOLFSSL_ALLOW_SSLV3 */
#ifndef WOLFSSL_ALLOW_TLSV10
/* if the protocol version is TLSv1.0 return 1, else 0 */
static int IsTls10Version(const char* line)
{
int version = GetTlsVersion(line);
return (version == 1) ? 1 : 0;
}
#endif /* !WOLFSSL_ALLOW_TLSV10 */
#ifdef NO_OLD_TLS
/* if the protocol version is less than tls 1.2 return 1, else 0 */
static int IsOldTlsVersion(const char* line)
{
const char* find = "-v ";
const char* begin = strstr(line, find);
if (begin) {
int version = -1;
begin += 3;
version = atoi(begin);
if (version < 3)
return 1;
}
return 0;
int version = GetTlsVersion(line);
return (version < 3) ? 1 : 0;
}
#endif /* NO_OLD_TLS */
#endif /* VERSION_TOO_OLD */
/* if the cipher suite on line is valid store in suite and return 1, else 0 */
@@ -138,13 +143,13 @@ static int IsValidCipherSuite(const char* line, char* suite)
#ifdef HAVE_QSH
if (XSTRNCMP(suite, "QSH", 3) == 0) {
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite + 4)
!= SSL_SUCCESS)
!= WOLFSSL_SUCCESS)
return 0;
}
#endif
if (found) {
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == SSL_SUCCESS)
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == WOLFSSL_SUCCESS)
valid = 1;
}
@@ -155,7 +160,8 @@ static int IsValidCipherSuite(const char* line, char* suite)
static int execute_test_case(int svr_argc, char** svr_argv,
int cli_argc, char** cli_argv,
int addNoVerify, int addNonBlocking,
int addDisableEMS)
int addDisableEMS, int forceSrvDefCipherList,
int forceCliDefCipherList)
{
#ifdef WOLFSSL_TIRTOS
func_args cliArgs = {0};
@@ -174,20 +180,25 @@ static int execute_test_case(int svr_argc, char** svr_argv,
char commandLine[MAX_COMMAND_SZ];
char cipherSuite[MAX_SUITE_SZ+1];
int i;
size_t added = 0;
size_t added;
static int tests = 1;
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
char portNumber[8];
#endif
/* Is Valid Cipher and Version Checks */
/* build command list for the Is checks below */
commandLine[0] = '\0';
for (i = 0; i < svr_argc; i++) {
added = 0;
for (i = 0; i < svrArgs.argc; i++) {
added += XSTRLEN(svr_argv[i]) + 2;
if (added >= MAX_COMMAND_SZ) {
printf("server command line too long\n");
printf("server command line too long\n");
break;
}
strcat(commandLine, svr_argv[i]);
strcat(commandLine, flagSep);
}
if (IsValidCipherSuite(commandLine, cipherSuite) == 0) {
#ifdef DEBUG_SUITE_TESTS
printf("cipher suite %s not supported in build\n", cipherSuite);
@@ -203,7 +214,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
return VERSION_TOO_OLD;
}
#endif
#ifndef WOLFSSL_ALLOW_TLSV10
if (IsTls10Version(commandLine) == 1) {
#ifdef DEBUG_SUITE_TESTS
printf("protocol version on line %s is too old\n", commandLine);
#endif
return VERSION_TOO_OLD;
}
#endif
#ifdef NO_OLD_TLS
if (IsOldTlsVersion(commandLine) == 1) {
#ifdef DEBUG_SUITE_TESTS
@@ -213,78 +231,52 @@ static int execute_test_case(int svr_argc, char** svr_argv,
}
#endif
/* Build Client Command */
if (addNoVerify) {
printf("repeating test with client cert request off\n");
added += 4; /* -d plus space plus terminator */
if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
printf("repeating test with client cert request off\n");
if (svrArgs.argc >= MAX_ARGS)
printf("server command line too long\n");
else {
svr_argv[svr_argc++] = noVerifyFlag;
svrArgs.argc = svr_argc;
strcat(commandLine, noVerifyFlag);
strcat(commandLine, flagSep);
}
else
svr_argv[svrArgs.argc++] = noVerifyFlag;
}
if (addNonBlocking) {
printf("repeating test with non blocking on\n");
added += 4; /* -N plus terminator */
if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
printf("repeating test with non blocking on\n");
if (svrArgs.argc >= MAX_ARGS)
printf("server command line too long\n");
else {
svr_argv[svr_argc++] = nonblockFlag;
svrArgs.argc = svr_argc;
strcat(commandLine, nonblockFlag);
strcat(commandLine, flagSep);
}
else
svr_argv[svrArgs.argc++] = nonblockFlag;
}
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
/* add port 0 */
if (svr_argc + 2 > MAX_ARGS)
/* add port */
if (svrArgs.argc + 2 > MAX_ARGS)
printf("cannot add the magic port number flag to server\n");
else
{
svr_argv[svr_argc++] = portFlag;
svr_argv[svr_argc++] = svrPort;
svrArgs.argc = svr_argc;
else {
svr_argv[svrArgs.argc++] = portFlag;
svr_argv[svrArgs.argc++] = svrPort;
}
#endif
printf("trying server command line[%d]: %s\n", tests, commandLine);
if (forceSrvDefCipherList) {
if (svrArgs.argc >= MAX_ARGS)
printf("cannot add the force def cipher list flag to server\n");
else
svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
}
/* update server flags list */
commandLine[0] = '\0';
added = 0;
for (i = 0; i < cli_argc; i++) {
added += XSTRLEN(cli_argv[i]) + 2;
for (i = 0; i < svrArgs.argc; i++) {
added += XSTRLEN(svr_argv[i]) + 2;
if (added >= MAX_COMMAND_SZ) {
printf("client command line too long\n");
printf("server command line too long\n");
break;
}
strcat(commandLine, cli_argv[i]);
strcat(commandLine, svr_argv[i]);
strcat(commandLine, flagSep);
}
if (addNonBlocking) {
added += 4; /* -N plus space plus terminator */
if (added >= MAX_COMMAND_SZ)
printf("client command line too long\n");
else {
cli_argv[cli_argc++] = nonblockFlag;
strcat(commandLine, nonblockFlag);
strcat(commandLine, flagSep);
cliArgs.argc = cli_argc;
}
}
if (addDisableEMS) {
printf("repeating test without extended master secret\n");
added += 4; /* -n plus terminator */
if (added >= MAX_COMMAND_SZ)
printf("client command line too long\n");
else {
cli_argv[cli_argc++] = disableEMSFlag;
strcat(commandLine, disableEMSFlag);
strcat(commandLine, flagSep);
cliArgs.argc = cli_argc;
}
}
printf("trying client command line[%d]: %s\n", tests++, commandLine);
printf("trying server command line[%d]: %s\n", tests, commandLine);
tests++; /* test count */
InitTcpReady(&ready);
@@ -296,31 +288,64 @@ static int execute_test_case(int svr_argc, char** svr_argv,
svrArgs.signal = &ready;
start_thread(server_test, &svrArgs, &serverThread);
wait_tcp_ready(&svrArgs);
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
if (ready.port != 0)
{
if (cli_argc + 2 > MAX_ARGS)
printf("cannot add the magic port number flag to client\n");
else {
char portNumber[8];
snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
cli_argv[cli_argc++] = portFlag;
cli_argv[cli_argc++] = portNumber;
cliArgs.argc = cli_argc;
}
/* Build Client Command */
if (addNonBlocking) {
if (cliArgs.argc >= MAX_ARGS)
printf("cannot add the non block flag to client\n");
else
cli_argv[cliArgs.argc++] = nonblockFlag;
}
if (addDisableEMS) {
printf("repeating test without extended master secret\n");
if (cliArgs.argc >= MAX_ARGS)
printf("cannot add the disable EMS flag to client\n");
else
cli_argv[cliArgs.argc++] = disableEMSFlag;
}
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
if (ready.port != 0) {
if (cliArgs.argc + 2 > MAX_ARGS)
printf("cannot add the magic port number flag to client\n");
else {
snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
cli_argv[cliArgs.argc++] = portFlag;
cli_argv[cliArgs.argc++] = portNumber;
}
#endif
}
#endif
if (forceCliDefCipherList) {
if (cliArgs.argc >= MAX_ARGS)
printf("cannot add the force def cipher list flag to client\n");
else
cli_argv[cliArgs.argc++] = forceDefCipherListFlag;
}
commandLine[0] = '\0';
added = 0;
for (i = 0; i < cliArgs.argc; i++) {
added += XSTRLEN(cli_argv[i]) + 2;
if (added >= MAX_COMMAND_SZ) {
printf("client command line too long\n");
break;
}
strcat(commandLine, cli_argv[i]);
strcat(commandLine, flagSep);
}
printf("trying client command line[%d]: %s\n", tests, commandLine);
/* start client */
client_test(&cliArgs);
/* verify results */
/* verify results */
if (cliArgs.return_code != 0) {
printf("client_test failed\n");
exit(EXIT_FAILURE);
}
join_thread(serverThread);
if (svrArgs.return_code != 0) {
if (svrArgs.return_code != 0) {
printf("server_test failed\n");
exit(EXIT_FAILURE);
}
@@ -329,7 +354,7 @@ static int execute_test_case(int svr_argc, char** svr_argv,
fdCloseSession(Task_self());
#endif
FreeTcpReady(&ready);
return 0;
}
@@ -393,7 +418,7 @@ static void test_harness(void* vargs)
args->return_code = 1;
return;
}
fclose(file);
script[sz] = 0;
@@ -442,7 +467,7 @@ static void test_harness(void* vargs)
else
svrArgs[svrArgsSz++] = strsep(&cursor, "\n");
if (*cursor == 0) /* eof */
do_it = 1;
do_it = 1;
}
if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
@@ -452,24 +477,31 @@ static void test_harness(void* vargs)
if (do_it) {
ret = execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 0);
cliArgsSz, cliArgs, 0, 0, 0, 0, 0);
/* don't repeat if not supported in build */
if (ret == 0) {
/* test with default cipher list on server side */
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 1, 0);
cliArgsSz, cliArgs, 0, 0, 0, 1, 0);
/* test with default cipher list on client side */
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 0);
cliArgsSz, cliArgs, 0, 0, 0, 0, 1);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 0);
cliArgsSz, cliArgs, 0, 1, 0, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 0, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 0, 0, 0);
#ifdef HAVE_EXTENDED_MASTER
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 1);
cliArgsSz, cliArgs, 0, 0, 1, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 1, 1);
cliArgsSz, cliArgs, 0, 1, 1, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 1);
cliArgsSz, cliArgs, 1, 0, 1, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 1);
cliArgsSz, cliArgs, 1, 1, 1, 0, 0);
#endif
}
svrArgsSz = 1;
@@ -481,10 +513,12 @@ static void test_harness(void* vargs)
free(script);
args->return_code = 0;
}
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
int SuiteTest(void)
{
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
func_args args;
char argv0[2][80];
char* myArgv[2];
@@ -513,24 +547,65 @@ int SuiteTest(void)
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_CTX_load_static_memory(&cipherSuiteCtx, NULL,
memory, sizeof(memory), 0, 1)
!= SSL_SUCCESS) {
!= WOLFSSL_SUCCESS) {
printf("unable to load static memory and create ctx");
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
if (wolfAsync_DevOpen(&devId) < 0) {
printf("Async device open failed");
args.return_code = EXIT_FAILURE;
goto exit;
}
wolfSSL_CTX_UseAsync(cipherSuiteCtx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
/* default case */
args.argc = 1;
printf("starting default cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
/* any extra cases will need another argument */
args.argc = 2;
#ifdef WOLFSSL_TLS13
/* add TLSv13 extra suites */
strcpy(argv0[1], "tests/test-tls13.conf");
printf("starting TLSv13 extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef HAVE_ECC
/* add TLSv13 ECC extra suites */
strcpy(argv0[1], "tests/test-tls13-ecc.conf");
printf("starting TLSv13 ECC extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#if defined(HAVE_CURVE25519) && defined(HAVE_ED25519)
/* add ED25519 certificate cipher suite tests */
strcpy(argv0[1], "tests/test-ed25519.conf");
printf("starting ED25519 extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef WOLFSSL_DTLS
/* add dtls extra suites */
strcpy(argv0[1], "tests/test-dtls.conf");
@@ -538,7 +613,8 @@ int SuiteTest(void)
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifdef WOLFSSL_SCTP
@@ -548,7 +624,8 @@ int SuiteTest(void)
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifndef WC_STRICT_SIG
@@ -559,7 +636,8 @@ int SuiteTest(void)
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif /* HAVE_RSA and HAVE_ECC */
#endif /* !WC_STRICT_SIG */
@@ -570,7 +648,8 @@ int SuiteTest(void)
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
@@ -581,16 +660,23 @@ int SuiteTest(void)
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
exit:
printf(" End Cipher Suite Tests\n");
wolfSSL_CTX_free(cipherSuiteCtx);
wolfSSL_Cleanup();
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
return args.return_code;
#else
return NOT_COMPILED_IN;
#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
}