static void test_wolfSSL_UseSupportedCurve(void) { #ifdef HAVE_SUPPORTED_CURVES WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); #ifndef NO_WOLFSSL_CLIENT /* error cases */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0)); /* success case */ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1)); #endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif }
static void test_CyaSSL_UseSupportedCurve(void) { #ifdef HAVE_SUPPORTED_CURVES CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); CYASSL *ssl = CyaSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); #ifndef NO_CYASSL_CLIENT /* error cases */ AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1)); AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseSupportedCurve(ctx, 0)); AssertIntNE(SSL_SUCCESS, CyaSSL_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1)); AssertIntNE(SSL_SUCCESS, CyaSSL_UseSupportedCurve(ssl, 0)); /* success case */ AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseSupportedCurve(ctx, CYASSL_ECC_SECP160R1)); AssertIntEQ(SSL_SUCCESS, CyaSSL_UseSupportedCurve(ssl, CYASSL_ECC_SECP160R1)); #endif CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); #endif }
static void verify_ALPN_not_matching_spdy3(WOLFSSL* ssl) { /* spdy/3 */ char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; char *proto; word16 protoSz = 0; AssertIntEQ(SSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); /* check value */ AssertIntNE(1, sizeof(nego_proto) == protoSz); AssertIntNE(0, XMEMCMP(nego_proto, proto, sizeof(nego_proto))); }
static void test_CyaSSL_UseTruncatedHMAC(void) { #ifdef HAVE_TRUNCATED_HMAC CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); CYASSL *ssl = CyaSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseTruncatedHMAC(NULL)); AssertIntNE(SSL_SUCCESS, CyaSSL_UseTruncatedHMAC(NULL)); /* success case */ AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseTruncatedHMAC(ctx)); AssertIntEQ(SSL_SUCCESS, CyaSSL_UseTruncatedHMAC(ssl)); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); #endif }
static void test_CyaSSL_UseMaxFragment(void) { #ifdef HAVE_MAX_FRAGMENT CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); CYASSL *ssl = CyaSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9)); AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9)); AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, 0)); AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, 6)); AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment(ssl, 0)); AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment(ssl, 6)); /* success case */ AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13)); AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9)); AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10)); AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11)); AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12)); AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13)); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); #endif }
static void test_CyaSSL_UseSNI(void) { #ifdef HAVE_SNI callback_functions client_callbacks = {CyaSSLv23_client_method, 0, 0, 0}; callback_functions server_callbacks = {CyaSSLv23_server_method, 0, 0, 0}; CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); CYASSL *ssl = CyaSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx"))); AssertIntNE(SSL_SUCCESS, CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl"))); AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx"))); AssertIntNE(SSL_SUCCESS, CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl"))); AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx"))); AssertIntNE(SSL_SUCCESS, CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl"))); /* success case */ AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx"))); AssertIntEQ(SSL_SUCCESS, CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl"))); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); /* Testing success case at ctx */ client_callbacks.ctx_ready = server_callbacks.ctx_ready = use_SNI_at_ctx; server_callbacks.on_result = verify_SNI_real_matching; test_CyaSSL_client_server(&client_callbacks, &server_callbacks); /* Testing success case at ssl */ client_callbacks.ctx_ready = server_callbacks.ctx_ready = NULL; client_callbacks.ssl_ready = server_callbacks.ssl_ready = use_SNI_at_ssl; test_CyaSSL_client_server(&client_callbacks, &server_callbacks); /* Testing default mismatch behaviour */ client_callbacks.ssl_ready = different_SNI_at_ssl; client_callbacks.on_result = verify_SNI_abort_on_client; server_callbacks.on_result = verify_SNI_abort_on_server; test_CyaSSL_client_server(&client_callbacks, &server_callbacks); client_callbacks.on_result = NULL; /* Testing continue on mismatch */ client_callbacks.ssl_ready = different_SNI_at_ssl; server_callbacks.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_callbacks.on_result = verify_SNI_no_matching; test_CyaSSL_client_server(&client_callbacks, &server_callbacks); /* Testing fake answer on mismatch */ server_callbacks.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_callbacks.on_result = verify_SNI_fake_matching; test_CyaSSL_client_server(&client_callbacks, &server_callbacks); test_CyaSSL_SNI_GetFromBuffer(); #endif }
static void test_wolfSSL_UseALPN_params(void) { /* "http/1.1" */ char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31}; /* "spdy/1" */ char spdy1[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x31}; /* "spdy/2" */ char spdy2[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32}; /* "spdy/3" */ char spdy3[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; char buff[256]; word32 idx; WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(SSL_SUCCESS, wolfSSL_UseALPN(NULL, http1, sizeof(http1), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0, WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* success case */ /* http1 only */ AssertIntEQ(SSL_SUCCESS, wolfSSL_UseALPN(ssl, http1, sizeof(http1), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* http1, spdy1 */ memcpy(buff, http1, sizeof(http1)); idx = sizeof(http1); buff[idx++] = ','; memcpy(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* http1, spdy2, spdy1 */ memcpy(buff, http1, sizeof(http1)); idx = sizeof(http1); buff[idx++] = ','; memcpy(buff+idx, spdy2, sizeof(spdy2)); idx += sizeof(spdy2); buff[idx++] = ','; memcpy(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* spdy3, http1, spdy2, spdy1 */ memcpy(buff, spdy3, sizeof(spdy3)); idx = sizeof(spdy3); buff[idx++] = ','; memcpy(buff+idx, http1, sizeof(http1)); idx += sizeof(http1); buff[idx++] = ','; memcpy(buff+idx, spdy2, sizeof(spdy2)); idx += sizeof(spdy2); buff[idx++] = ','; memcpy(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); }
static void test_wolfSSL_UseSNI_params(void) { WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* invalid [ctx|ssl] */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3)); /* invalid type */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3)); /* invalid data */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3)); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3)); /* success case */ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3)); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); }