suites.c 37 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240
  1. /* suites.c
  2. *
  3. * Copyright (C) 2006-2021 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifdef HAVE_CONFIG_H
  22. #include <config.h>
  23. #endif
  24. #include <wolfssl/wolfcrypt/settings.h>
  25. #include <stdlib.h>
  26. #include <stdio.h>
  27. #include <string.h>
  28. #include <wolfssl/ssl.h>
  29. #include <tests/unit.h>
  30. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
  31. && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
  32. #include <wolfssl/wolfcrypt/ecc.h>
  33. #endif
  34. #define MAX_ARGS 40
  35. #define MAX_COMMAND_SZ 240
  36. #ifdef WOLFSSL_TLS13
  37. #define MAX_SUITE_SZ 200
  38. #else
  39. #define MAX_SUITE_SZ 80
  40. #endif
  41. #define NOT_BUILT_IN -123
  42. #if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) || \
  43. !defined(WOLFSSL_ALLOW_TLSV10)
  44. #define VERSION_TOO_OLD -124
  45. #endif
  46. #include "examples/client/client.h"
  47. #include "examples/server/server.h"
  48. #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
  49. static WOLFSSL_CTX* cipherSuiteCtx = NULL;
  50. static char nonblockFlag[] = "-N";
  51. static char noVerifyFlag[] = "-d";
  52. static char disableEMSFlag[] = "-n";
  53. static char flagSep[] = " ";
  54. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  55. static char portFlag[] = "-p";
  56. static char svrPort[] = "0";
  57. #endif
  58. static char intTestFlag[] = "-H";
  59. static char forceDefCipherListFlag[] = "defCipherList";
  60. static char exitWithRetFlag[] = "exitWithRet";
  61. static char disableDHPrimeTest[] = "-2";
  62. #ifdef WOLFSSL_ASYNC_CRYPT
  63. static int devId = INVALID_DEVID;
  64. #endif
  65. #ifdef VERSION_TOO_OLD
  66. static int GetTlsVersion(const char* line)
  67. {
  68. int version = -1;
  69. const char* find = "-v ";
  70. const char* begin = strstr(line, find);
  71. if (begin) {
  72. begin += 3;
  73. if (*begin == 'd' || *begin == 'e')
  74. begin += 2;
  75. version = atoi(begin);
  76. }
  77. return version;
  78. }
  79. #ifndef WOLFSSL_ALLOW_SSLV3
  80. /* if the protocol version is sslv3 return 1, else 0 */
  81. static int IsSslVersion(const char* line)
  82. {
  83. int version = GetTlsVersion(line);
  84. return (version == 0) ? 1 : 0;
  85. }
  86. #endif /* !WOLFSSL_ALLOW_SSLV3 */
  87. #ifndef WOLFSSL_ALLOW_TLSV10
  88. /* if the protocol version is TLSv1.0 return 1, else 0 */
  89. static int IsTls10Version(const char* line)
  90. {
  91. int version = GetTlsVersion(line);
  92. return (version == 1) ? 1 : 0;
  93. }
  94. #endif /* !WOLFSSL_ALLOW_TLSV10 */
  95. #ifdef NO_OLD_TLS
  96. /* if the protocol version is less than tls 1.2 return 1, else 0 */
  97. static int IsOldTlsVersion(const char* line)
  98. {
  99. int version = GetTlsVersion(line);
  100. return (version < 3) ? 1 : 0;
  101. }
  102. #endif /* NO_OLD_TLS */
  103. #endif /* VERSION_TOO_OLD */
  104. /* if the cipher suite on line is valid store in suite and return 1, else 0 */
  105. static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc)
  106. {
  107. int found = 0;
  108. int valid = 0;
  109. const char* find = "-l ";
  110. const char* begin = strstr(line, find);
  111. const char* end;
  112. if (suite_spc < MAX_SUITE_SZ+1)
  113. return 0;
  114. suite[0] = '\0';
  115. if (begin) {
  116. begin += 3;
  117. end = XSTRSTR(begin, " ");
  118. if (end) {
  119. long len = end - begin;
  120. if (len > MAX_SUITE_SZ) {
  121. printf("suite too long!\n");
  122. return 0;
  123. }
  124. XMEMCPY(suite, begin, len);
  125. suite[len] = '\0';
  126. }
  127. else
  128. XSTRNCPY(suite, begin, MAX_SUITE_SZ);
  129. suite[MAX_SUITE_SZ] = '\0';
  130. found = 1;
  131. }
  132. /* if QSH not enabled then do not use QSH suite */
  133. #ifdef HAVE_QSH
  134. if (suite[0] && (XSTRNCMP(suite, "QSH", 3) == 0)) {
  135. if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite + 4)
  136. != WOLFSSL_SUCCESS)
  137. return 0;
  138. }
  139. #endif
  140. if (found) {
  141. if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == WOLFSSL_SUCCESS)
  142. valid = 1;
  143. }
  144. return valid;
  145. }
  146. static int IsValidCert(const char* line)
  147. {
  148. int ret = 1;
  149. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  150. WOLFSSL_CTX* ctx;
  151. size_t i;
  152. const char* begin;
  153. char cert[80];
  154. #ifdef WOLFSSL_STATIC_MEMORY
  155. FILE* fStream = NULL;
  156. long chkSz = 0;
  157. #endif
  158. begin = XSTRSTR(line, "-c ");
  159. if (begin == NULL)
  160. return 1;
  161. begin += 3;
  162. for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++)
  163. cert[i] = *(begin++);
  164. cert[i] = '\0';
  165. #ifdef WOLFSSL_STATIC_MEMORY
  166. fStream = XFOPEN(cert, "rb");
  167. if (fStream == NULL) {
  168. printf("Failed to open file %s\n", cert);
  169. printf("Invalid cert, skipping test\n");
  170. return 0;
  171. } else {
  172. printf("Successfully opened file\n");
  173. }
  174. XFSEEK(fStream, 0L, SEEK_END);
  175. chkSz = XFTELL(fStream);
  176. XFCLOSE(fStream);
  177. if (chkSz > LARGEST_MEM_BUCKET) {
  178. printf("File is larger than largest bucket, skipping this test\n");
  179. return 0;
  180. }
  181. #endif
  182. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex(NULL));
  183. if (ctx == NULL)
  184. return 0;
  185. ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS;
  186. wolfSSL_CTX_free(ctx);
  187. #endif /* !NO_FILESYSTEM && !NO_CERTS */
  188. (void)line;
  189. return ret;
  190. }
  191. static int IsValidCA(const char* line)
  192. {
  193. int ret = 1;
  194. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  195. WOLFSSL_CTX* ctx;
  196. size_t i;
  197. const char* begin;
  198. char cert[80];
  199. begin = XSTRSTR(line, "-A ");
  200. if (begin == NULL)
  201. return 1;
  202. begin += 3;
  203. for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++)
  204. cert[i] = *(begin++);
  205. cert[i] = '\0';
  206. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex(NULL));
  207. if (ctx == NULL)
  208. return 0;
  209. ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS;
  210. wolfSSL_CTX_free(ctx);
  211. #endif /* !NO_FILESYSTEM && !NO_CERTS */
  212. (void)line;
  213. return ret;
  214. }
  215. #ifdef WOLFSSL_NO_CLIENT_AUTH
  216. static int IsClientAuth(const char* line, int* reqClientCert)
  217. {
  218. const char* begin;
  219. begin = XSTRSTR(line, "-H verifyFail");
  220. if (begin != NULL) {
  221. return 1;
  222. }
  223. begin = XSTRSTR(line, "-d");
  224. if (begin != NULL) {
  225. *reqClientCert = 0;
  226. }
  227. else {
  228. *reqClientCert = 1;
  229. }
  230. return 0;
  231. }
  232. #endif
  233. #ifdef NO_CERTS
  234. static int IsUsingCert(const char* line)
  235. {
  236. return XSTRSTR(line, "-c ") != NULL;
  237. }
  238. #endif
  239. #if defined(NO_CERTS) || defined(WOLFSSL_NO_CLIENT_AUTH)
  240. static int IsNoClientCert(const char* line)
  241. {
  242. const char* begin;
  243. begin = XSTRSTR(line, "-x");
  244. if (begin != NULL) {
  245. return 1;
  246. }
  247. return 0;
  248. }
  249. #endif
  250. static int execute_test_case(int svr_argc, char** svr_argv,
  251. int cli_argc, char** cli_argv,
  252. int addNoVerify, int addNonBlocking,
  253. int addDisableEMS, int forceSrvDefCipherList,
  254. int forceCliDefCipherList)
  255. {
  256. #ifdef WOLFSSL_TIRTOS
  257. func_args cliArgs = {0};
  258. func_args svrArgs = {0};
  259. cliArgs.argc = cli_argc;
  260. cliArgs.argv = cli_argv;
  261. svrArgs.argc = svr_argc;
  262. svrArgs.argv = svr_argv;
  263. #else
  264. func_args cliArgs = {cli_argc, cli_argv, 0, NULL, NULL};
  265. func_args svrArgs = {svr_argc, svr_argv, 0, NULL, NULL};
  266. #endif
  267. tcp_ready ready;
  268. THREAD_TYPE serverThread;
  269. char commandLine[MAX_COMMAND_SZ];
  270. char cipherSuite[MAX_SUITE_SZ+1];
  271. int i;
  272. size_t added;
  273. static int tests = 1;
  274. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  275. char portNumber[8];
  276. #endif
  277. int cliTestShouldFail = 0, svrTestShouldFail = 0;
  278. #ifdef WOLFSSL_NO_CLIENT_AUTH
  279. int reqClientCert;
  280. #endif
  281. /* Is Valid Cipher and Version Checks */
  282. /* build command list for the Is checks below */
  283. commandLine[0] = '\0';
  284. added = 0;
  285. for (i = 0; i < svrArgs.argc; i++) {
  286. added += XSTRLEN(svr_argv[i]) + 2;
  287. if (added >= MAX_COMMAND_SZ) {
  288. printf("server command line too long\n");
  289. break;
  290. }
  291. strcat(commandLine, svr_argv[i]);
  292. strcat(commandLine, flagSep);
  293. }
  294. if (IsValidCipherSuite(commandLine, cipherSuite, sizeof cipherSuite) == 0) {
  295. #ifdef DEBUG_SUITE_TESTS
  296. printf("cipher suite %s not supported in build\n", cipherSuite);
  297. #endif
  298. return NOT_BUILT_IN;
  299. }
  300. if (!IsValidCert(commandLine)) {
  301. #ifdef DEBUG_SUITE_TESTS
  302. printf("certificate %s not supported in build\n", commandLine);
  303. #endif
  304. return NOT_BUILT_IN;
  305. }
  306. #ifndef WOLFSSL_ALLOW_SSLV3
  307. if (IsSslVersion(commandLine) == 1) {
  308. #ifdef DEBUG_SUITE_TESTS
  309. printf("protocol version on line %s is too old\n", commandLine);
  310. #endif
  311. return VERSION_TOO_OLD;
  312. }
  313. #endif
  314. #ifndef WOLFSSL_ALLOW_TLSV10
  315. if (IsTls10Version(commandLine) == 1) {
  316. #ifdef DEBUG_SUITE_TESTS
  317. printf("protocol version on line %s is too old\n", commandLine);
  318. #endif
  319. return VERSION_TOO_OLD;
  320. }
  321. #endif
  322. #ifdef NO_OLD_TLS
  323. if (IsOldTlsVersion(commandLine) == 1) {
  324. #ifdef DEBUG_SUITE_TESTS
  325. printf("protocol version on line %s is too old\n", commandLine);
  326. #endif
  327. return VERSION_TOO_OLD;
  328. }
  329. #endif
  330. #ifdef WOLFSSL_NO_CLIENT_AUTH
  331. if (IsClientAuth(commandLine, &reqClientCert)) {
  332. #ifdef DEBUG_SUITE_TESTS
  333. printf("client auth on line %s not supported in build\n",
  334. commandLine);
  335. #endif
  336. return NOT_BUILT_IN;
  337. }
  338. #endif
  339. #ifdef NO_CERTS
  340. if (IsUsingCert(commandLine)) {
  341. #ifdef DEBUG_SUITE_TESTS
  342. printf("certificate %s not supported in build\n", commandLine);
  343. #endif
  344. return NOT_BUILT_IN;
  345. }
  346. #endif
  347. /* Build Server Command */
  348. if (addNoVerify) {
  349. printf("repeating test with client cert request off\n");
  350. if (svrArgs.argc >= MAX_ARGS)
  351. printf("server command line too long\n");
  352. else
  353. svr_argv[svrArgs.argc++] = noVerifyFlag;
  354. }
  355. if (addNonBlocking) {
  356. printf("repeating test with non blocking on\n");
  357. if (svrArgs.argc >= MAX_ARGS)
  358. printf("server command line too long\n");
  359. else
  360. svr_argv[svrArgs.argc++] = nonblockFlag;
  361. }
  362. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  363. /* add port */
  364. if (svrArgs.argc + 2 > MAX_ARGS)
  365. printf("cannot add the magic port number flag to server\n");
  366. else {
  367. svr_argv[svrArgs.argc++] = portFlag;
  368. svr_argv[svrArgs.argc++] = svrPort;
  369. }
  370. #endif
  371. if (forceSrvDefCipherList) {
  372. if (svrArgs.argc + 2 > MAX_ARGS)
  373. printf("cannot add the force def cipher list flag to server\n");
  374. else {
  375. svr_argv[svrArgs.argc++] = intTestFlag;
  376. svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
  377. }
  378. }
  379. #ifdef TEST_PK_PRIVKEY
  380. svr_argv[svrArgs.argc++] = (char*)"-P";
  381. #endif
  382. /* update server flags list */
  383. commandLine[0] = '\0';
  384. added = 0;
  385. for (i = 0; i < svrArgs.argc; i++) {
  386. added += XSTRLEN(svr_argv[i]) + 2;
  387. if (added >= MAX_COMMAND_SZ) {
  388. printf("server command line too long\n");
  389. break;
  390. }
  391. strcat(commandLine, svr_argv[i]);
  392. strcat(commandLine, flagSep);
  393. }
  394. printf("trying server command line[%d]: %s\n", tests, commandLine);
  395. tests++; /* test count */
  396. /* determine based on args if this test is expected to fail */
  397. if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) {
  398. svrTestShouldFail = 1;
  399. }
  400. InitTcpReady(&ready);
  401. #ifdef WOLFSSL_TIRTOS
  402. fdOpenSession(Task_self());
  403. #endif
  404. /* start server */
  405. svrArgs.signal = &ready;
  406. start_thread(server_test, &svrArgs, &serverThread);
  407. wait_tcp_ready(&svrArgs);
  408. /* Build Client Command */
  409. if (addNonBlocking) {
  410. if (cliArgs.argc >= MAX_ARGS)
  411. printf("cannot add the non block flag to client\n");
  412. else
  413. cli_argv[cliArgs.argc++] = nonblockFlag;
  414. }
  415. if (addDisableEMS) {
  416. printf("repeating test without extended master secret\n");
  417. if (cliArgs.argc >= MAX_ARGS)
  418. printf("cannot add the disable EMS flag to client\n");
  419. else
  420. cli_argv[cliArgs.argc++] = disableEMSFlag;
  421. }
  422. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  423. if (ready.port != 0) {
  424. if (cliArgs.argc + 2 > MAX_ARGS)
  425. printf("cannot add the magic port number flag to client\n");
  426. else {
  427. snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
  428. cli_argv[cliArgs.argc++] = portFlag;
  429. cli_argv[cliArgs.argc++] = portNumber;
  430. }
  431. }
  432. #endif
  433. if (forceCliDefCipherList) {
  434. if (cliArgs.argc + 2 > MAX_ARGS)
  435. printf("cannot add the force def cipher list flag to client\n");
  436. else {
  437. cli_argv[cliArgs.argc++] = intTestFlag;
  438. cli_argv[cliArgs.argc++] = forceDefCipherListFlag;
  439. }
  440. }
  441. #ifdef TEST_PK_PRIVKEY
  442. cli_argv[cliArgs.argc++] = (char*)"-P";
  443. #endif
  444. commandLine[0] = '\0';
  445. added = 0;
  446. for (i = 0; i < cliArgs.argc; i++) {
  447. added += XSTRLEN(cli_argv[i]) + 2;
  448. if (added >= MAX_COMMAND_SZ) {
  449. printf("client command line too long\n");
  450. break;
  451. }
  452. strcat(commandLine, cli_argv[i]);
  453. strcat(commandLine, flagSep);
  454. }
  455. if (!IsValidCA(commandLine)) {
  456. #ifdef DEBUG_SUITE_TESTS
  457. printf("certificate %s not supported in build\n", commandLine);
  458. #endif
  459. return NOT_BUILT_IN;
  460. }
  461. #ifdef WOLFSSL_NO_CLIENT_AUTH
  462. if (reqClientCert && IsNoClientCert(commandLine)) {
  463. #ifdef DEBUG_SUITE_TESTS
  464. printf("client auth on line %s not supported in build\n",
  465. commandLine);
  466. #endif
  467. return NOT_BUILT_IN;
  468. }
  469. #endif
  470. #ifdef NO_CERTS
  471. if (IsNoClientCert(commandLine)) {
  472. #ifdef DEBUG_SUITE_TESTS
  473. printf("certificate %s not supported in build\n", commandLine);
  474. #endif
  475. return NOT_BUILT_IN;
  476. }
  477. #endif
  478. printf("trying client command line[%d]: %s\n", tests, commandLine);
  479. tests++;
  480. /* determine based on args if this test is expected to fail */
  481. if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) {
  482. cliTestShouldFail = 1;
  483. }
  484. /* start client */
  485. client_test(&cliArgs);
  486. /* verify results */
  487. if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) ||
  488. (cliArgs.return_code == 0 && cliTestShouldFail != 0)) {
  489. printf("client_test failed %d %s\n", cliArgs.return_code,
  490. cliTestShouldFail ? "(should fail)" : "");
  491. XEXIT(EXIT_FAILURE);
  492. }
  493. join_thread(serverThread);
  494. if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) ||
  495. (svrArgs.return_code == 0 && svrTestShouldFail != 0)) {
  496. printf("server_test failed %d %s\n", svrArgs.return_code,
  497. svrTestShouldFail ? "(should fail)" : "");
  498. XEXIT(EXIT_FAILURE);
  499. }
  500. #ifdef WOLFSSL_TIRTOS
  501. fdCloseSession(Task_self());
  502. #endif
  503. FreeTcpReady(&ready);
  504. /* only run the first test for expected failure cases */
  505. /* the example server/client are not designed to handle expected failure in
  506. all cases, such as non-blocking, etc... */
  507. if (svrTestShouldFail || cliTestShouldFail) {
  508. return NOT_BUILT_IN;
  509. }
  510. return 0;
  511. }
  512. static void test_harness(void* vargs)
  513. {
  514. func_args* args = (func_args*)vargs;
  515. char* script;
  516. long sz, len;
  517. int cliMode = 0; /* server or client command flag, server first */
  518. int ret;
  519. FILE* file;
  520. char* svrArgs[MAX_ARGS];
  521. int svrArgsSz;
  522. char* cliArgs[MAX_ARGS];
  523. int cliArgsSz;
  524. char* cursor;
  525. char* comment;
  526. char lastChar = '\0';
  527. int do_it = 0;
  528. const char* fname = "tests/test.conf";
  529. const char* addArgs = NULL;
  530. if (args->argc == 1) {
  531. printf("notice: using default file %s\n", fname);
  532. }
  533. else if (args->argc == 3) {
  534. addArgs = args->argv[2];
  535. }
  536. else if (args->argc > 3) {
  537. printf("usage: harness [FILE] [ARG]\n");
  538. args->return_code = 1;
  539. return;
  540. }
  541. if (args->argc >= 2) {
  542. fname = args->argv[1];
  543. }
  544. file = fopen(fname, "rb");
  545. if (file == NULL) {
  546. fprintf(stderr, "unable to open %s\n", fname);
  547. args->return_code = 1;
  548. return;
  549. }
  550. fseek(file, 0, SEEK_END);
  551. sz = ftell(file);
  552. rewind(file);
  553. if (sz <= 0) {
  554. fprintf(stderr, "%s is empty\n", fname);
  555. fclose(file);
  556. args->return_code = 1;
  557. return;
  558. }
  559. script = (char*)malloc(sz+1);
  560. if (script == 0) {
  561. fprintf(stderr, "unable to allocate script buffer\n");
  562. fclose(file);
  563. args->return_code = 1;
  564. return;
  565. }
  566. len = fread(script, 1, sz, file);
  567. if (len != sz) {
  568. fprintf(stderr, "read error\n");
  569. fclose(file);
  570. free(script);
  571. args->return_code = 1;
  572. return;
  573. }
  574. fclose(file);
  575. script[sz] = 0;
  576. cursor = script;
  577. svrArgsSz = 1;
  578. svrArgs[0] = args->argv[0];
  579. cliArgsSz = 1;
  580. cliArgs[0] = args->argv[0];
  581. while (cursor && *cursor != 0) {
  582. switch (*cursor) {
  583. case '\n':
  584. /* A blank line triggers test case execution or switches
  585. to client mode if we don't have the client command yet */
  586. if (lastChar != '\n' && (cliArgsSz > 1 || svrArgsSz > 1)) {
  587. if (cliMode == 0)
  588. cliMode = 1; /* switch to client mode processing */
  589. else
  590. do_it = 1; /* Do It, we have server and client */
  591. }
  592. #ifdef DEBUG_SUITE_TESTS
  593. else {
  594. /* skip extra new-lines */
  595. printf("skipping extra new line\n");
  596. }
  597. #endif
  598. lastChar = *cursor;
  599. cursor++;
  600. break;
  601. case '#':
  602. lastChar = *cursor;
  603. /* Ignore lines that start with a # */
  604. comment = XSTRSEP(&cursor, "\n");
  605. #ifdef DEBUG_SUITE_TESTS
  606. printf("%s\n", comment);
  607. #else
  608. (void)comment;
  609. #endif
  610. break;
  611. case '-':
  612. default:
  613. /* Parameters start with a -. They end in either a newline
  614. * or a space. Capture until either, save in Args list. */
  615. lastChar = *cursor;
  616. if (cliMode)
  617. cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n");
  618. else
  619. svrArgs[svrArgsSz++] = XSTRSEP(&cursor, " \n");
  620. if (cursor == NULL || *cursor == '\0') /* eof */
  621. do_it = 1;
  622. break;
  623. }
  624. if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
  625. fprintf(stderr, "too many arguments, forcing test run\n");
  626. do_it = 1;
  627. }
  628. if (do_it) {
  629. /* additional arguments processing */
  630. if (cliArgsSz+2 < MAX_ARGS && svrArgsSz+2 < MAX_ARGS) {
  631. if (addArgs == NULL || XSTRSTR(addArgs, "doDH") == NULL) {
  632. /* The `-2` disable DH prime check is added to all tests by default */
  633. cliArgs[cliArgsSz++] = disableDHPrimeTest;
  634. svrArgs[svrArgsSz++] = disableDHPrimeTest;
  635. }
  636. if (addArgs && XSTRSTR(addArgs, "expFail")) {
  637. /* Tests should expect to fail */
  638. cliArgs[cliArgsSz++] = intTestFlag;
  639. cliArgs[cliArgsSz++] = exitWithRetFlag;
  640. svrArgs[svrArgsSz++] = intTestFlag;
  641. svrArgs[svrArgsSz++] = exitWithRetFlag;
  642. }
  643. }
  644. ret = execute_test_case(svrArgsSz, svrArgs,
  645. cliArgsSz, cliArgs, 0, 0, 0, 0, 0);
  646. /* don't repeat if not supported in build */
  647. if (ret == 0) {
  648. /* test with default cipher list on server side */
  649. execute_test_case(svrArgsSz, svrArgs,
  650. cliArgsSz, cliArgs, 0, 0, 0, 1, 0);
  651. /* test with default cipher list on client side */
  652. execute_test_case(svrArgsSz, svrArgs,
  653. cliArgsSz, cliArgs, 0, 0, 0, 0, 1);
  654. execute_test_case(svrArgsSz, svrArgs,
  655. cliArgsSz, cliArgs, 0, 1, 0, 0, 0);
  656. execute_test_case(svrArgsSz, svrArgs,
  657. cliArgsSz, cliArgs, 1, 0, 0, 0, 0);
  658. execute_test_case(svrArgsSz, svrArgs,
  659. cliArgsSz, cliArgs, 1, 1, 0, 0, 0);
  660. #ifdef HAVE_EXTENDED_MASTER
  661. execute_test_case(svrArgsSz, svrArgs,
  662. cliArgsSz, cliArgs, 0, 0, 1, 0, 0);
  663. execute_test_case(svrArgsSz, svrArgs,
  664. cliArgsSz, cliArgs, 0, 1, 1, 0, 0);
  665. execute_test_case(svrArgsSz, svrArgs,
  666. cliArgsSz, cliArgs, 1, 0, 1, 0, 0);
  667. execute_test_case(svrArgsSz, svrArgs,
  668. cliArgsSz, cliArgs, 1, 1, 1, 0, 0);
  669. #endif
  670. }
  671. svrArgsSz = 1;
  672. cliArgsSz = 1;
  673. cliMode = 0;
  674. do_it = 0;
  675. }
  676. }
  677. free(script);
  678. args->return_code = 0;
  679. }
  680. #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
  681. int SuiteTest(int argc, char** argv)
  682. {
  683. #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
  684. func_args args;
  685. char argv0[3][80];
  686. char* myArgv[3];
  687. printf(" Begin Cipher Suite Tests\n");
  688. /* setup */
  689. myArgv[0] = argv0[0];
  690. myArgv[1] = argv0[1];
  691. myArgv[2] = argv0[2];
  692. args.argv = myArgv;
  693. strcpy(argv0[0], "SuiteTest");
  694. #ifdef WOLFSSL_STATIC_MEMORY
  695. byte memory[200000];
  696. #endif
  697. cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  698. if (cipherSuiteCtx == NULL) {
  699. printf("can't get cipher suite ctx\n");
  700. args.return_code = EXIT_FAILURE;
  701. goto exit;
  702. }
  703. /* load in static memory buffer if enabled */
  704. #ifdef WOLFSSL_STATIC_MEMORY
  705. if (wolfSSL_CTX_load_static_memory(&cipherSuiteCtx, NULL,
  706. memory, sizeof(memory), 0, 1)
  707. != WOLFSSL_SUCCESS) {
  708. printf("unable to load static memory and create ctx");
  709. args.return_code = EXIT_FAILURE;
  710. goto exit;
  711. }
  712. #endif
  713. #ifdef WOLFSSL_ASYNC_CRYPT
  714. if (wolfAsync_DevOpen(&devId) < 0) {
  715. printf("Async device open failed");
  716. args.return_code = EXIT_FAILURE;
  717. goto exit;
  718. }
  719. wolfSSL_CTX_SetDevId(cipherSuiteCtx, devId);
  720. #endif /* WOLFSSL_ASYNC_CRYPT */
  721. /* support for custom command line tests */
  722. if (argc > 1) {
  723. /* Examples:
  724. ./tests/unit.test tests/test-altchains.conf
  725. ./tests/unit.test tests/test-fails.conf expFail
  726. ./tests/unit.test tests/test-dhprime.conf doDH
  727. */
  728. args.argc = argc;
  729. args.argv = argv;
  730. test_harness(&args);
  731. if (args.return_code != 0) {
  732. printf("error from script %d\n", args.return_code);
  733. args.return_code = EXIT_FAILURE;
  734. }
  735. goto exit;
  736. }
  737. /* default case */
  738. args.argc = 1;
  739. printf("starting default cipher suite tests\n");
  740. test_harness(&args);
  741. if (args.return_code != 0) {
  742. printf("error from script %d\n", args.return_code);
  743. args.return_code = EXIT_FAILURE;
  744. goto exit;
  745. }
  746. /* any extra cases will need another argument */
  747. args.argc = 2;
  748. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  749. /* SHA-2 cipher suites in old TLS versions */
  750. strcpy(argv0[1], "tests/test-sha2.conf");
  751. printf("starting SHA-2 cipher suite in old TLS versions tests\n");
  752. test_harness(&args);
  753. if (args.return_code != 0) {
  754. printf("error from script %d\n", args.return_code);
  755. args.return_code = EXIT_FAILURE;
  756. goto exit;
  757. }
  758. #endif
  759. #ifdef WOLFSSL_TLS13
  760. /* add TLSv13 extra suites */
  761. strcpy(argv0[1], "tests/test-tls13.conf");
  762. printf("starting TLSv13 extra cipher suite tests\n");
  763. test_harness(&args);
  764. if (args.return_code != 0) {
  765. printf("error from script %d\n", args.return_code);
  766. args.return_code = EXIT_FAILURE;
  767. goto exit;
  768. }
  769. #ifdef HAVE_ECC
  770. /* add TLSv13 ECC extra suites */
  771. strcpy(argv0[1], "tests/test-tls13-ecc.conf");
  772. printf("starting TLSv13 ECC extra cipher suite tests\n");
  773. test_harness(&args);
  774. if (args.return_code != 0) {
  775. printf("error from script %d\n", args.return_code);
  776. args.return_code = EXIT_FAILURE;
  777. goto exit;
  778. }
  779. #endif
  780. #ifndef WOLFSSL_NO_TLS12
  781. /* add TLSv13 downgrade tets */
  782. strcpy(argv0[1], "tests/test-tls13-down.conf");
  783. printf("starting TLSv13 Downgrade extra tests\n");
  784. test_harness(&args);
  785. if (args.return_code != 0) {
  786. printf("error from script %d\n", args.return_code);
  787. args.return_code = EXIT_FAILURE;
  788. goto exit;
  789. }
  790. #endif
  791. #endif
  792. #if defined(HAVE_CURVE25519) && defined(HAVE_ED25519) && \
  793. defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_VERIFY) && \
  794. defined(HAVE_ED25519_KEY_IMPORT) && defined(HAVE_ED25519_KEY_EXPORT)
  795. /* add ED25519 certificate cipher suite tests */
  796. strcpy(argv0[1], "tests/test-ed25519.conf");
  797. printf("starting ED25519 extra cipher suite tests\n");
  798. test_harness(&args);
  799. if (args.return_code != 0) {
  800. printf("error from script %d\n", args.return_code);
  801. args.return_code = EXIT_FAILURE;
  802. goto exit;
  803. }
  804. #endif
  805. #if defined(HAVE_CURVE448) && defined(HAVE_ED448) && \
  806. defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_VERIFY) && \
  807. defined(HAVE_ED448_KEY_IMPORT) && defined(HAVE_ED448_KEY_EXPORT)
  808. /* add ED448 certificate cipher suite tests */
  809. strcpy(argv0[1], "tests/test-ed448.conf");
  810. printf("starting ED448 extra cipher suite tests\n");
  811. test_harness(&args);
  812. if (args.return_code != 0) {
  813. printf("error from script %d\n", args.return_code);
  814. args.return_code = EXIT_FAILURE;
  815. goto exit;
  816. }
  817. #endif
  818. #if defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \
  819. (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
  820. /* add P-521 certificate cipher suite tests */
  821. strcpy(argv0[1], "tests/test-p521.conf");
  822. printf("starting P-521 extra cipher suite tests\n");
  823. test_harness(&args);
  824. if (args.return_code != 0) {
  825. printf("error from script %d\n", args.return_code);
  826. args.return_code = EXIT_FAILURE;
  827. goto exit;
  828. }
  829. #endif
  830. #if defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_CUSTOM_CURVES) && \
  831. defined(HAVE_ECC_KOBLITZ) && defined(HAVE_ECC_BRAINPOOL)
  832. /* TLS non-NIST curves (Koblitz / Brainpool) */
  833. strcpy(argv0[1], "tests/test-ecc-cust-curves.conf");
  834. printf("starting TLS test of non-NIST curves (Koblitz / Brainpool)\n");
  835. test_harness(&args);
  836. if (args.return_code != 0) {
  837. printf("error from script %d\n", args.return_code);
  838. args.return_code = EXIT_FAILURE;
  839. goto exit;
  840. }
  841. #endif
  842. #ifdef WOLFSSL_DTLS
  843. /* add dtls extra suites */
  844. strcpy(argv0[1], "tests/test-dtls.conf");
  845. printf("starting dtls extra cipher suite tests\n");
  846. test_harness(&args);
  847. if (args.return_code != 0) {
  848. printf("error from script %d\n", args.return_code);
  849. args.return_code = EXIT_FAILURE;
  850. goto exit;
  851. }
  852. /* add dtls grouping tests */
  853. strcpy(argv0[1], "tests/test-dtls-group.conf");
  854. printf("starting dtls message grouping tests\n");
  855. test_harness(&args);
  856. if (args.return_code != 0) {
  857. printf("error from script %d\n", args.return_code);
  858. args.return_code = EXIT_FAILURE;
  859. goto exit;
  860. }
  861. /* add dtls session resumption tests */
  862. strcpy(argv0[1], "tests/test-dtls-resume.conf");
  863. printf("starting dtls session resumption tests\n");
  864. test_harness(&args);
  865. if (args.return_code != 0) {
  866. printf("error from script %d\n", args.return_code);
  867. args.return_code = EXIT_FAILURE;
  868. goto exit;
  869. }
  870. #ifdef HAVE_SECURE_RENEGOTIATION
  871. /* add dtls renegotiation tests */
  872. strcpy(argv0[1], "tests/test-dtls-reneg-client.conf");
  873. printf("starting dtls secure renegotiation client tests\n");
  874. test_harness(&args);
  875. if (args.return_code != 0) {
  876. printf("error from script %d\n", args.return_code);
  877. args.return_code = EXIT_FAILURE;
  878. goto exit;
  879. }
  880. strcpy(argv0[1], "tests/test-dtls-reneg-server.conf");
  881. printf("starting dtls secure renegotiation server tests\n");
  882. test_harness(&args);
  883. if (args.return_code != 0) {
  884. printf("error from script %d\n", args.return_code);
  885. args.return_code = EXIT_FAILURE;
  886. goto exit;
  887. }
  888. #endif
  889. #ifdef WOLFSSL_DTLS_MTU
  890. /* Add dtls different MTU size tests.
  891. * These also use grouping to force wolfSSL to
  892. * bounce off the MTU limit more */
  893. strcpy(argv0[1], "tests/test-dtls-mtu.conf");
  894. printf("starting dtls MTU tests\n");
  895. test_harness(&args);
  896. if (args.return_code != 0) {
  897. printf("error from script %d\n", args.return_code);
  898. args.return_code = EXIT_FAILURE;
  899. goto exit;
  900. }
  901. #endif
  902. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  903. /* add dtls extra suites */
  904. strcpy(argv0[1], "tests/test-dtls-sha2.conf");
  905. printf("starting dtls extra cipher suite tests - old TLS sha-2 cs\n");
  906. test_harness(&args);
  907. if (args.return_code != 0) {
  908. printf("error from script %d\n", args.return_code);
  909. args.return_code = EXIT_FAILURE;
  910. goto exit;
  911. }
  912. #endif
  913. #ifndef WOLFSSL_NO_DTLS_SIZE_CHECK
  914. /* failure tests */
  915. args.argc = 3;
  916. strcpy(argv0[1], "tests/test-dtls-fails.conf");
  917. strcpy(argv0[2], "expFail"); /* tests are expected to fail */
  918. printf("starting dtls tests that expect failure\n");
  919. test_harness(&args);
  920. if (args.return_code != 0) {
  921. printf("error from script %d\n", args.return_code);
  922. args.return_code = EXIT_FAILURE;
  923. goto exit;
  924. }
  925. strcpy(argv0[2], "");
  926. #endif
  927. #ifdef WOLFSSL_EXTRA_ALERTS
  928. /* failure tests */
  929. args.argc = 3;
  930. strcpy(argv0[1], "tests/test-dtls-fails-cipher.conf");
  931. strcpy(argv0[2], "expFail"); /* tests are expected to fail */
  932. printf("starting dtls cipher mismatch tests that expect failure\n");
  933. test_harness(&args);
  934. if (args.return_code != 0) {
  935. printf("error from script %d\n", args.return_code);
  936. args.return_code = EXIT_FAILURE;
  937. goto exit;
  938. }
  939. strcpy(argv0[2], "");
  940. #endif
  941. #endif
  942. #ifdef WOLFSSL_SCTP
  943. /* add dtls-sctp extra suites */
  944. strcpy(argv0[1], "tests/test-sctp.conf");
  945. printf("starting dtls-sctp extra cipher suite tests\n");
  946. test_harness(&args);
  947. if (args.return_code != 0) {
  948. printf("error from script %d\n", args.return_code);
  949. args.return_code = EXIT_FAILURE;
  950. goto exit;
  951. }
  952. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  953. /* add dtls-sctp extra suites */
  954. strcpy(argv0[1], "tests/test-sctp-sha2.conf");
  955. printf("starting dtls-sctp extra cipher suite tests - old TLS sha-2 cs\n");
  956. test_harness(&args);
  957. if (args.return_code != 0) {
  958. printf("error from script %d\n", args.return_code);
  959. args.return_code = EXIT_FAILURE;
  960. goto exit;
  961. }
  962. #endif
  963. #endif
  964. #ifndef WC_STRICT_SIG
  965. #if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */
  966. /* add extra signature test suites */
  967. strcpy(argv0[1], "tests/test-sig.conf");
  968. printf("starting sig extra cipher suite tests\n");
  969. test_harness(&args);
  970. if (args.return_code != 0) {
  971. printf("error from script %d\n", args.return_code);
  972. args.return_code = EXIT_FAILURE;
  973. goto exit;
  974. }
  975. #endif /* HAVE_RSA and HAVE_ECC */
  976. #endif /* !WC_STRICT_SIG */
  977. #ifdef HAVE_QSH
  978. /* add QSH extra suites */
  979. strcpy(argv0[1], "tests/test-qsh.conf");
  980. printf("starting qsh extra cipher suite tests\n");
  981. test_harness(&args);
  982. if (args.return_code != 0) {
  983. printf("error from script %d\n", args.return_code);
  984. args.return_code = EXIT_FAILURE;
  985. goto exit;
  986. }
  987. #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
  988. strcpy(argv0[1], "tests/test-qsh-sha2.conf");
  989. printf("starting qsh extra cipher suite tests - old TLS sha-2 cs\n");
  990. test_harness(&args);
  991. if (args.return_code != 0) {
  992. printf("error from script %d\n", args.return_code);
  993. args.return_code = EXIT_FAILURE;
  994. goto exit;
  995. }
  996. #endif
  997. #endif
  998. #ifndef NO_PSK
  999. #ifndef WOLFSSL_NO_TLS12
  1000. #if !defined(NO_RSA) || defined(HAVE_ECC)
  1001. /* add psk cipher suites */
  1002. strcpy(argv0[1], "tests/test-psk.conf");
  1003. printf("starting psk cipher suite tests\n");
  1004. test_harness(&args);
  1005. if (args.return_code != 0) {
  1006. printf("error from script %d\n", args.return_code);
  1007. args.return_code = EXIT_FAILURE;
  1008. goto exit;
  1009. }
  1010. #endif
  1011. #endif
  1012. #ifdef WOLFSSL_TLS13
  1013. /* add psk extra suites */
  1014. strcpy(argv0[1], "tests/test-tls13-psk.conf");
  1015. printf("starting TLS 1.3 psk no identity extra cipher suite tests\n");
  1016. test_harness(&args);
  1017. if (args.return_code != 0) {
  1018. printf("error from script %d\n", args.return_code);
  1019. args.return_code = EXIT_FAILURE;
  1020. goto exit;
  1021. }
  1022. #endif
  1023. #endif
  1024. #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_MD5) &&\
  1025. !defined(NO_SHA)
  1026. /* test encrypted keys */
  1027. strcpy(argv0[1], "tests/test-enckeys.conf");
  1028. printf("starting encrypted keys extra cipher suite tests\n");
  1029. test_harness(&args);
  1030. if (args.return_code != 0) {
  1031. printf("error from script %d\n", args.return_code);
  1032. args.return_code = EXIT_FAILURE;
  1033. goto exit;
  1034. }
  1035. #endif
  1036. #ifdef HAVE_MAX_FRAGMENT
  1037. /* Max fragment cipher suite tests */
  1038. strcpy(argv0[1], "tests/test-maxfrag.conf");
  1039. printf("starting max fragment cipher suite tests\n");
  1040. test_harness(&args);
  1041. if (args.return_code != 0) {
  1042. printf("error from script %d\n", args.return_code);
  1043. args.return_code = EXIT_FAILURE;
  1044. goto exit;
  1045. }
  1046. #ifdef WOLFSSL_DTLS
  1047. strcpy(argv0[1], "tests/test-maxfrag-dtls.conf");
  1048. printf("starting dtls max fragment cipher suite tests\n");
  1049. test_harness(&args);
  1050. if (args.return_code != 0) {
  1051. printf("error from script %d\n", args.return_code);
  1052. args.return_code = EXIT_FAILURE;
  1053. goto exit;
  1054. }
  1055. #endif
  1056. #endif
  1057. #ifdef WOLFSSL_ALT_CERT_CHAINS
  1058. /* tests for alt chains */
  1059. strcpy(argv0[1], "tests/test-altchains.conf");
  1060. printf("starting certificate alternate chain cipher suite tests\n");
  1061. test_harness(&args);
  1062. if (args.return_code != 0) {
  1063. printf("error from script %d\n", args.return_code);
  1064. args.return_code = EXIT_FAILURE;
  1065. goto exit;
  1066. }
  1067. #else
  1068. /* tests for chains */
  1069. strcpy(argv0[1], "tests/test-chains.conf");
  1070. printf("starting certificate chain cipher suite tests\n");
  1071. test_harness(&args);
  1072. if (args.return_code != 0) {
  1073. printf("error from script %d\n", args.return_code);
  1074. args.return_code = EXIT_FAILURE;
  1075. goto exit;
  1076. }
  1077. #endif
  1078. #ifdef WOLFSSL_TRUST_PEER_CERT
  1079. /* tests for trusted peer cert */
  1080. strcpy(argv0[1], "tests/test-trustpeer.conf");
  1081. printf("starting trusted peer certificate cipher suite tests\n");
  1082. test_harness(&args);
  1083. if (args.return_code != 0) {
  1084. printf("error from script %d\n", args.return_code);
  1085. args.return_code = EXIT_FAILURE;
  1086. goto exit;
  1087. }
  1088. #endif
  1089. /* tests for dh prime */
  1090. args.argc = 3;
  1091. strcpy(argv0[1], "tests/test-dhprime.conf");
  1092. strcpy(argv0[2], "doDH"); /* add DH prime flag */
  1093. printf("starting dh prime tests\n");
  1094. test_harness(&args);
  1095. if (args.return_code != 0) {
  1096. printf("error from script %d\n", args.return_code);
  1097. args.return_code = EXIT_FAILURE;
  1098. goto exit;
  1099. }
  1100. /* failure tests */
  1101. args.argc = 3;
  1102. strcpy(argv0[1], "tests/test-fails.conf");
  1103. strcpy(argv0[2], "expFail"); /* tests are expected to fail */
  1104. printf("starting tests that expect failure\n");
  1105. test_harness(&args);
  1106. if (args.return_code != 0) {
  1107. printf("error from script %d\n", args.return_code);
  1108. args.return_code = EXIT_FAILURE;
  1109. goto exit;
  1110. }
  1111. exit:
  1112. if (args.return_code == 0)
  1113. printf("\n Success -- All results as expected.\n");
  1114. printf(" End Cipher Suite Tests\n");
  1115. wolfSSL_CTX_free(cipherSuiteCtx);
  1116. wolfSSL_Cleanup();
  1117. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
  1118. && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
  1119. wc_ecc_fp_free(); /* free per thread cache */
  1120. #endif
  1121. #ifdef WOLFSSL_ASYNC_CRYPT
  1122. wolfAsync_DevClose(&devId);
  1123. #endif
  1124. return args.return_code;
  1125. #else
  1126. return NOT_COMPILED_IN;
  1127. (void)argc;
  1128. (void)argv;
  1129. #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
  1130. }