1 /* api.c API unit tests
3 * Copyright (C) 2006-2015 wolfSSL Inc.
5 * This file is part of wolfSSL. (formerly known as CyaSSL)
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
22 /*----------------------------------------------------------------------------*
24 *----------------------------------------------------------------------------*/
30 #include <wolfssl/wolfcrypt/settings.h>
32 #include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
34 #include <wolfssl/error-ssl.h>
37 #include <wolfssl/ssl.h> /* compatibility layer */
38 #include <wolfssl/test.h>
39 #include <tests/unit.h>
41 /*----------------------------------------------------------------------------*
43 *----------------------------------------------------------------------------*/
45 #define TEST_SUCCESS (1)
48 #define testingFmt " %s:"
49 #define resultFmt " %s\n"
50 static const char* passed = "passed";
51 static const char* failed = "failed";
53 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
54 static const char* bogusFile = "/dev/null";
57 /*----------------------------------------------------------------------------*
59 *----------------------------------------------------------------------------*/
61 static int test_wolfSSL_Init(void)
65 printf(testingFmt, "wolfSSL_Init()");
66 result = wolfSSL_Init();
67 printf(resultFmt, result == SSL_SUCCESS ? passed : failed);
73 static int test_wolfSSL_Cleanup(void)
77 printf(testingFmt, "wolfSSL_Cleanup()");
78 result = wolfSSL_Cleanup();
79 printf(resultFmt, result == SSL_SUCCESS ? passed : failed);
84 /*----------------------------------------------------------------------------*
86 *----------------------------------------------------------------------------*/
88 static void test_wolfSSL_Method_Allocators(void)
90 #define TEST_METHOD_ALLOCATOR(allocator, condition) \
92 WOLFSSL_METHOD *method; \
93 condition(method = allocator()); \
94 XFREE(method, 0, DYNAMIC_TYPE_METHOD); \
97 #define TEST_VALID_METHOD_ALLOCATOR(a) \
98 TEST_METHOD_ALLOCATOR(a, AssertNotNull)
100 #define TEST_INVALID_METHOD_ALLOCATOR(a) \
101 TEST_METHOD_ALLOCATOR(a, AssertNull)
104 TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
105 TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
106 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
107 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
108 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
109 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method);
111 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method);
112 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method);
113 TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method);
117 TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
118 TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
120 TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method);
121 TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method);
125 TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_server_method);
126 TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_client_method);
130 /*----------------------------------------------------------------------------*
132 *----------------------------------------------------------------------------*/
134 static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method)
138 AssertNull(ctx = wolfSSL_CTX_new(NULL));
140 AssertNotNull(method);
141 AssertNotNull(ctx = wolfSSL_CTX_new(method));
143 wolfSSL_CTX_free(ctx);
147 static void test_wolfSSL_CTX_use_certificate_file(void)
149 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
152 AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
154 /* invalid context */
155 AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCert,
157 /* invalid cert file */
158 AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
160 /* invalid cert type */
161 AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCert, 9999));
165 AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCert,SSL_FILETYPE_PEM));
168 AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM));
171 wolfSSL_CTX_free(ctx);
176 static void test_wolfSSL_CTX_use_PrivateKey_file(void)
178 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
181 AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
183 /* invalid context */
184 AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKey,
186 /* invalid key file */
187 AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
189 /* invalid key type */
190 AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, 9999));
195 AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
198 AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
201 wolfSSL_CTX_free(ctx);
206 static void test_wolfSSL_CTX_load_verify_locations(void)
208 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
211 AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
213 /* invalid context */
214 AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCert, 0));
216 /* invalid ca file */
217 AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
218 AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
220 #ifndef WOLFSSL_TIRTOS
222 /* not working... investigate! */
223 /* AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, caCert, bogusFile)); */
227 AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0));
229 wolfSSL_CTX_free(ctx);
233 /*----------------------------------------------------------------------------*
235 *----------------------------------------------------------------------------*/
237 static void test_server_wolfSSL_new(void)
239 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
241 WOLFSSL_CTX *ctx_nocert;
244 AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method()));
245 AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
247 AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM));
248 AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
250 /* invalid context */
251 AssertNull(ssl = wolfSSL_new(NULL));
252 AssertNull(ssl = wolfSSL_new(ctx_nocert));
255 AssertNotNull(ssl = wolfSSL_new(ctx));
258 wolfSSL_CTX_free(ctx);
259 wolfSSL_CTX_free(ctx_nocert);
264 static void test_client_wolfSSL_new(void)
266 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
268 WOLFSSL_CTX *ctx_nocert;
271 AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method()));
272 AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
274 AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0));
276 /* invalid context */
277 AssertNull(ssl = wolfSSL_new(NULL));
280 AssertNotNull(ssl = wolfSSL_new(ctx_nocert));
284 AssertNotNull(ssl = wolfSSL_new(ctx));
287 wolfSSL_CTX_free(ctx);
288 wolfSSL_CTX_free(ctx_nocert);
292 /*----------------------------------------------------------------------------*
294 *----------------------------------------------------------------------------*/
295 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
296 !defined(NO_RSA) && !defined(SINGLE_THREADED)
297 #define HAVE_IO_TESTS_DEPENDENCIES
300 /* helper functions */
301 #ifdef HAVE_IO_TESTS_DEPENDENCIES
302 static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
305 SOCKET_T clientfd = 0;
306 word16 port = wolfSSLPort;
308 WOLFSSL_METHOD* method = 0;
309 WOLFSSL_CTX* ctx = 0;
312 char msg[] = "I hear you fa shizzle!";
316 #ifdef WOLFSSL_TIRTOS
317 fdOpenSession(Task_self());
320 ((func_args*)args)->return_code = TEST_FAIL;
321 method = wolfSSLv23_server_method();
322 ctx = wolfSSL_CTX_new(method);
324 #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
325 !defined(WOLFSSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \
326 !defined(WOLFSSL_TIRTOS)
330 wolfSSL_CTX_set_verify(ctx,
331 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
334 wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
337 if (wolfSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS)
339 /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
342 if (wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
345 /*err_sys("can't load server cert chain file, "
346 "Please run from wolfSSL home dir");*/
349 if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
352 /*err_sys("can't load server key file, "
353 "Please run from wolfSSL home dir");*/
357 ssl = wolfSSL_new(ctx);
358 tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0);
361 wolfSSL_set_fd(ssl, clientfd);
364 #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
365 wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
366 #elif !defined(NO_DH)
367 SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
371 if (wolfSSL_accept(ssl) != SSL_SUCCESS)
373 int err = wolfSSL_get_error(ssl, 0);
374 char buffer[WOLFSSL_MAX_ERROR_SZ];
375 printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
376 /*err_sys("SSL_accept failed");*/
380 idx = wolfSSL_read(ssl, input, sizeof(input)-1);
383 printf("Client message: %s\n", input);
386 if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
388 /*err_sys("SSL_write failed");*/
389 #ifdef WOLFSSL_TIRTOS
396 #ifdef WOLFSSL_TIRTOS
401 wolfSSL_shutdown(ssl);
403 wolfSSL_CTX_free(ctx);
405 CloseSocket(clientfd);
406 ((func_args*)args)->return_code = TEST_SUCCESS;
408 #ifdef WOLFSSL_TIRTOS
409 fdCloseSession(Task_self());
412 #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
413 && defined(HAVE_THREAD_LS)
414 wc_ecc_fp_free(); /* free per thread cache */
417 #ifndef WOLFSSL_TIRTOS
423 static void test_client_nofail(void* args)
427 WOLFSSL_METHOD* method = 0;
428 WOLFSSL_CTX* ctx = 0;
431 char msg[64] = "hello wolfssl!";
434 int msgSz = (int)strlen(msg);
436 #ifdef WOLFSSL_TIRTOS
437 fdOpenSession(Task_self());
440 ((func_args*)args)->return_code = TEST_FAIL;
441 method = wolfSSLv23_client_method();
442 ctx = wolfSSL_CTX_new(method);
445 wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
448 if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
450 /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
453 if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
456 /*err_sys("can't load client cert file, "
457 "Please run from wolfSSL home dir");*/
460 if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
463 /*err_sys("can't load client key file, "
464 "Please run from wolfSSL home dir");*/
468 tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0);
470 ssl = wolfSSL_new(ctx);
471 wolfSSL_set_fd(ssl, sockfd);
472 if (wolfSSL_connect(ssl) != SSL_SUCCESS)
474 int err = wolfSSL_get_error(ssl, 0);
475 char buffer[WOLFSSL_MAX_ERROR_SZ];
476 printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
477 /*printf("SSL_connect failed");*/
481 if (wolfSSL_write(ssl, msg, msgSz) != msgSz)
483 /*err_sys("SSL_write failed");*/
487 input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
491 printf("Server response: %s\n", reply);
496 wolfSSL_CTX_free(ctx);
499 ((func_args*)args)->return_code = TEST_SUCCESS;
501 #ifdef WOLFSSL_TIRTOS
502 fdCloseSession(Task_self());
508 /* SNI helper functions */
511 static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
513 callback_functions* callbacks = ((func_args*)args)->callbacks;
515 WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method());
519 word16 port = wolfSSLPort;
521 char msg[] = "I hear you fa shizzle!";
522 int len = (int) XSTRLEN(msg);
526 #ifdef WOLFSSL_TIRTOS
527 fdOpenSession(Task_self());
529 ((func_args*)args)->return_code = TEST_FAIL;
531 #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
532 !defined(WOLFSSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \
533 !defined(WOLFSSL_TIRTOS)
537 wolfSSL_CTX_set_verify(ctx,
538 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
541 wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
545 AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, cliCert, 0));
547 AssertIntEQ(SSL_SUCCESS,
548 wolfSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM));
550 AssertIntEQ(SSL_SUCCESS,
551 wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
553 if (callbacks->ctx_ready)
554 callbacks->ctx_ready(ctx);
556 ssl = wolfSSL_new(ctx);
558 tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0);
561 wolfSSL_set_fd(ssl, cfd);
564 #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
565 wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
566 #elif !defined(NO_DH)
567 SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
571 if (callbacks->ssl_ready)
572 callbacks->ssl_ready(ssl);
574 /* AssertIntEQ(SSL_SUCCESS, wolfSSL_accept(ssl)); */
575 if (wolfSSL_accept(ssl) != SSL_SUCCESS) {
576 int err = wolfSSL_get_error(ssl, 0);
577 char buffer[WOLFSSL_MAX_ERROR_SZ];
578 printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
581 if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
583 printf("Client message: %s\n", input);
586 AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
587 #ifdef WOLFSSL_TIRTOS
590 wolfSSL_shutdown(ssl);
593 if (callbacks->on_result)
594 callbacks->on_result(ssl);
597 wolfSSL_CTX_free(ctx);
600 ((func_args*)args)->return_code = TEST_SUCCESS;
602 #ifdef WOLFSSL_TIRTOS
603 fdCloseSession(Task_self());
606 #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
607 && defined(HAVE_THREAD_LS)
608 wc_ecc_fp_free(); /* free per thread cache */
611 #ifndef WOLFSSL_TIRTOS
617 static void run_wolfssl_client(void* args)
619 callback_functions* callbacks = ((func_args*)args)->callbacks;
621 WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method());
625 char msg[] = "hello wolfssl server!";
626 int len = (int) XSTRLEN(msg);
630 #ifdef WOLFSSL_TIRTOS
631 fdOpenSession(Task_self());
634 ((func_args*)args)->return_code = TEST_FAIL;
637 wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
640 AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCert, 0));
642 AssertIntEQ(SSL_SUCCESS,
643 wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM));
645 AssertIntEQ(SSL_SUCCESS,
646 wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM));
648 if (callbacks->ctx_ready)
649 callbacks->ctx_ready(ctx);
651 tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0);
653 ssl = wolfSSL_new(ctx);
654 wolfSSL_set_fd(ssl, sfd);
656 if (callbacks->ssl_ready)
657 callbacks->ssl_ready(ssl);
659 if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
660 int err = wolfSSL_get_error(ssl, 0);
661 char buffer[WOLFSSL_MAX_ERROR_SZ];
662 printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
665 AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
667 if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
669 printf("Server response: %s\n", input);
673 if (callbacks->on_result)
674 callbacks->on_result(ssl);
677 wolfSSL_CTX_free(ctx);
679 ((func_args*)args)->return_code = TEST_SUCCESS;
681 #ifdef WOLFSSL_TIRTOS
682 fdCloseSession(Task_self());
686 #endif /* HAVE_SNI */
687 #endif /* io tests dependencies */
690 static void test_wolfSSL_read_write(void)
692 #ifdef HAVE_IO_TESTS_DEPENDENCIES
693 /* The unit testing for read and write shall happen simutaneously, since
694 * one can't do anything with one without the other. (Except for a failure
695 * test case.) This function will call all the others that will set up,
696 * execute, and report their test findings.
698 * Set up the success case first. This function will become the template
699 * for the other tests. This should eventually be renamed
701 * The success case isn't interesting, how can this fail?
702 * - Do not give the client context a CA certificate. The connect should
703 * fail. Do not need server for this?
704 * - Using NULL for the ssl object on server. Do not need client for this.
705 * - Using NULL for the ssl object on client. Do not need server for this.
706 * - Good ssl objects for client and server. Client write() without server
708 * - Good ssl objects for client and server. Server write() without client
710 * - Forgetting the password callback?
713 func_args client_args;
714 func_args server_args;
715 THREAD_TYPE serverThread;
717 #ifdef WOLFSSL_TIRTOS
718 fdOpenSession(Task_self());
722 InitTcpReady(&ready);
724 server_args.signal = &ready;
725 client_args.signal = &ready;
727 start_thread(test_server_nofail, &server_args, &serverThread);
728 wait_tcp_ready(&server_args);
729 test_client_nofail(&client_args);
730 join_thread(serverThread);
732 AssertTrue(client_args.return_code);
733 AssertTrue(server_args.return_code);
735 FreeTcpReady(&ready);
737 #ifdef WOLFSSL_TIRTOS
738 fdOpenSession(Task_self());
744 /*----------------------------------------------------------------------------*
745 | TLS extensions tests
746 *----------------------------------------------------------------------------*/
749 static void use_SNI_at_ctx(WOLFSSL_CTX* ctx)
751 byte type = WOLFSSL_SNI_HOST_NAME;
752 char name[] = "www.yassl.com";
754 AssertIntEQ(SSL_SUCCESS,
755 wolfSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name)));
758 static void use_SNI_at_ssl(WOLFSSL* ssl)
760 byte type = WOLFSSL_SNI_HOST_NAME;
761 char name[] = "www.yassl.com";
763 AssertIntEQ(SSL_SUCCESS,
764 wolfSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
767 static void different_SNI_at_ssl(WOLFSSL* ssl)
769 byte type = WOLFSSL_SNI_HOST_NAME;
770 char name[] = "ww2.yassl.com";
772 AssertIntEQ(SSL_SUCCESS,
773 wolfSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
776 static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl)
778 byte type = WOLFSSL_SNI_HOST_NAME;
782 wolfSSL_SNI_SetOptions(ssl, type, WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
785 static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl)
787 byte type = WOLFSSL_SNI_HOST_NAME;
791 wolfSSL_SNI_SetOptions(ssl, type, WOLFSSL_SNI_ANSWER_ON_MISMATCH);
794 static void verify_SNI_abort_on_client(WOLFSSL* ssl)
796 AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
799 static void verify_SNI_abort_on_server(WOLFSSL* ssl)
801 AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
804 static void verify_SNI_no_matching(WOLFSSL* ssl)
806 byte type = WOLFSSL_SNI_HOST_NAME;
807 char* request = (char*) &type; /* to be overwriten */
809 AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
811 AssertNotNull(request);
812 AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
816 static void verify_SNI_real_matching(WOLFSSL* ssl)
818 byte type = WOLFSSL_SNI_HOST_NAME;
819 char* request = NULL;
820 char name[] = "www.yassl.com";
821 word16 length = XSTRLEN(name);
823 AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type));
825 AssertIntEQ(length, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
826 AssertNotNull(request);
827 AssertStrEQ(name, request);
830 static void verify_SNI_fake_matching(WOLFSSL* ssl)
832 byte type = WOLFSSL_SNI_HOST_NAME;
833 char* request = NULL;
834 char name[] = "ww2.yassl.com";
835 word16 length = XSTRLEN(name);
837 AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type));
839 AssertIntEQ(length, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
840 AssertNotNull(request);
841 AssertStrEQ(name, request);
844 static void test_wolfSSL_SNI_GetFromBuffer(void)
846 byte buffer[] = { /* www.paypal.com */
847 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c,
848 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca,
849 0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5,
850 0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b,
851 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
852 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21,
853 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77,
854 0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00,
855 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
858 byte buffer2[] = { /* api.textmate.org */
859 0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52,
860 0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b,
861 0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f,
862 0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff,
863 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08,
864 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12,
865 0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04,
866 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d,
867 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35,
868 0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16,
869 0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b,
870 0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b,
871 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69,
872 0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72,
873 0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00,
874 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00,
875 0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03
878 byte buffer3[] = { /* no sni extension */
879 0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea,
880 0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c,
881 0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4,
882 0x1e, 0xbb, 0xdf, 0x9d, 0x39, 0xf0, 0x65, 0x00, 0x00, 0x16, 0x00, 0x6b,
883 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
884 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x0a,
885 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
888 byte buffer4[] = { /* last extension has zero size */
889 0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00,
890 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
891 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
892 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
893 0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
894 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11,
895 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35,
896 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01,
897 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00,
898 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
899 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06,
900 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f,
901 0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
902 0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
903 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02,
904 0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00,
908 byte result[32] = {0};
911 AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buffer4, sizeof(buffer4),
912 0, result, &length));
914 AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buffer3, sizeof(buffer3),
915 0, result, &length));
917 AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2),
918 1, result, &length));
920 AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer),
921 0, result, &length));
924 AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer),
925 0, result, &length));
928 AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buffer,
929 sizeof(buffer), 0, result, &length));
932 AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buffer,
933 sizeof(buffer), 0, result, &length));
936 AssertIntEQ(SSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer),
937 0, result, &length));
939 AssertStrEQ("www.paypal.com", (const char*) result);
943 AssertIntEQ(SSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2),
944 0, result, &length));
946 AssertStrEQ("api.textmate.org", (const char*) result);
949 static void test_wolfSSL_client_server(callback_functions* client_callbacks,
950 callback_functions* server_callbacks)
952 #ifdef HAVE_IO_TESTS_DEPENDENCIES
954 func_args client_args;
955 func_args server_args;
956 THREAD_TYPE serverThread;
960 client_args.callbacks = client_callbacks;
961 server_args.callbacks = server_callbacks;
963 #ifdef WOLFSSL_TIRTOS
964 fdOpenSession(Task_self());
967 /* RUN Server side */
968 InitTcpReady(&ready);
969 server_args.signal = &ready;
970 client_args.signal = &ready;
971 start_thread(run_wolfssl_server, &server_args, &serverThread);
972 wait_tcp_ready(&server_args);
974 /* RUN Client side */
975 run_wolfssl_client(&client_args);
976 join_thread(serverThread);
978 FreeTcpReady(&ready);
979 #ifdef WOLFSSL_TIRTOS
980 fdCloseSession(Task_self());
984 (void)client_callbacks;
985 (void)server_callbacks;
989 #endif /* HAVE_SNI */
991 static void test_wolfSSL_UseSNI(void)
994 callback_functions client_callbacks = {wolfSSLv23_client_method, 0, 0, 0};
995 callback_functions server_callbacks = {wolfSSLv23_server_method, 0, 0, 0};
997 WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
998 WOLFSSL *ssl = wolfSSL_new(ctx);
1004 AssertIntNE(SSL_SUCCESS,
1005 wolfSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx")));
1006 AssertIntNE(SSL_SUCCESS,
1007 wolfSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl")));
1008 AssertIntNE(SSL_SUCCESS,
1009 wolfSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx")));
1010 AssertIntNE(SSL_SUCCESS,
1011 wolfSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl")));
1012 AssertIntNE(SSL_SUCCESS,
1013 wolfSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx")));
1014 AssertIntNE(SSL_SUCCESS,
1015 wolfSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl")));
1018 AssertIntEQ(SSL_SUCCESS,
1019 wolfSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx")));
1020 AssertIntEQ(SSL_SUCCESS,
1021 wolfSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl")));
1024 wolfSSL_CTX_free(ctx);
1026 /* Testing success case at ctx */
1027 client_callbacks.ctx_ready = server_callbacks.ctx_ready = use_SNI_at_ctx;
1028 server_callbacks.on_result = verify_SNI_real_matching;
1030 test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
1032 /* Testing success case at ssl */
1033 client_callbacks.ctx_ready = server_callbacks.ctx_ready = NULL;
1034 client_callbacks.ssl_ready = server_callbacks.ssl_ready = use_SNI_at_ssl;
1036 test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
1038 /* Testing default mismatch behaviour */
1039 client_callbacks.ssl_ready = different_SNI_at_ssl;
1040 client_callbacks.on_result = verify_SNI_abort_on_client;
1041 server_callbacks.on_result = verify_SNI_abort_on_server;
1043 test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
1044 client_callbacks.on_result = NULL;
1046 /* Testing continue on mismatch */
1047 client_callbacks.ssl_ready = different_SNI_at_ssl;
1048 server_callbacks.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl;
1049 server_callbacks.on_result = verify_SNI_no_matching;
1051 test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
1053 /* Testing fake answer on mismatch */
1054 server_callbacks.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl;
1055 server_callbacks.on_result = verify_SNI_fake_matching;
1057 test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
1059 test_wolfSSL_SNI_GetFromBuffer();
1063 static void test_wolfSSL_UseMaxFragment(void)
1065 #ifdef HAVE_MAX_FRAGMENT
1066 WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
1067 WOLFSSL *ssl = wolfSSL_new(ctx);
1073 AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9));
1074 AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment( NULL, WOLFSSL_MFL_2_9));
1075 AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, 0));
1076 AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, 6));
1077 AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, 0));
1078 AssertIntNE(SSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, 6));
1081 AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9));
1082 AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10));
1083 AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11));
1084 AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12));
1085 AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
1086 AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_9));
1087 AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_10));
1088 AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_11));
1089 AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_12));
1090 AssertIntEQ(SSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
1093 wolfSSL_CTX_free(ctx);
1097 static void test_wolfSSL_UseTruncatedHMAC(void)
1099 #ifdef HAVE_TRUNCATED_HMAC
1100 WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
1101 WOLFSSL *ssl = wolfSSL_new(ctx);
1107 AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL));
1108 AssertIntNE(SSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL));
1111 AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx));
1112 AssertIntEQ(SSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl));
1115 wolfSSL_CTX_free(ctx);
1119 static void test_wolfSSL_UseSupportedCurve(void)
1121 #ifdef HAVE_SUPPORTED_CURVES
1122 WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
1123 WOLFSSL *ssl = wolfSSL_new(ctx);
1128 #ifndef NO_WOLFSSL_CLIENT
1130 AssertIntNE(SSL_SUCCESS,
1131 wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
1132 AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0));
1134 AssertIntNE(SSL_SUCCESS,
1135 wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
1136 AssertIntNE(SSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0));
1139 AssertIntEQ(SSL_SUCCESS,
1140 wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1));
1141 AssertIntEQ(SSL_SUCCESS,
1142 wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1));
1146 wolfSSL_CTX_free(ctx);
1150 /*----------------------------------------------------------------------------*
1152 *----------------------------------------------------------------------------*/
1156 printf(" Begin API Tests\n");
1157 test_wolfSSL_Init();
1159 test_wolfSSL_Method_Allocators();
1160 test_wolfSSL_CTX_new(wolfSSLv23_server_method());
1161 test_wolfSSL_CTX_use_certificate_file();
1162 test_wolfSSL_CTX_use_PrivateKey_file();
1163 test_wolfSSL_CTX_load_verify_locations();
1164 test_server_wolfSSL_new();
1165 test_client_wolfSSL_new();
1166 test_wolfSSL_read_write();
1168 /* TLS extensions tests */
1169 test_wolfSSL_UseSNI();
1170 test_wolfSSL_UseMaxFragment();
1171 test_wolfSSL_UseTruncatedHMAC();
1172 test_wolfSSL_UseSupportedCurve();
1174 test_wolfSSL_Cleanup();
1175 printf(" End API Tests\n");