2
0

suites.c 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743
  1. /* suites.c
  2. *
  3. * Copyright (C) 2006-2017 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifdef HAVE_CONFIG_H
  22. #include <config.h>
  23. #endif
  24. #include <wolfssl/wolfcrypt/settings.h>
  25. #include <stdlib.h>
  26. #include <stdio.h>
  27. #include <string.h>
  28. #include <wolfssl/ssl.h>
  29. #include <tests/unit.h>
  30. #define MAX_ARGS 40
  31. #define MAX_COMMAND_SZ 240
  32. #define MAX_SUITE_SZ 80
  33. #define NOT_BUILT_IN -123
  34. #if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) || \
  35. !defined(WOLFSSL_ALLOW_TLSV10)
  36. #define VERSION_TOO_OLD -124
  37. #endif
  38. #include "examples/client/client.h"
  39. #include "examples/server/server.h"
  40. #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
  41. static WOLFSSL_CTX* cipherSuiteCtx = NULL;
  42. static char nonblockFlag[] = "-N";
  43. static char noVerifyFlag[] = "-d";
  44. static char disableEMSFlag[] = "-n";
  45. static char flagSep[] = " ";
  46. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  47. static char portFlag[] = "-p";
  48. static char svrPort[] = "0";
  49. #endif
  50. static char forceDefCipherListFlag[] = "-HdefCipherList";
  51. static char exitWithRetFlag[] = "-HexitWithRet";
  52. #ifdef WOLFSSL_ASYNC_CRYPT
  53. static int devId = INVALID_DEVID;
  54. #endif
  55. #ifdef VERSION_TOO_OLD
  56. static int GetTlsVersion(const char* line)
  57. {
  58. int version = -1;
  59. const char* find = "-v ";
  60. const char* begin = strstr(line, find);
  61. if (begin) {
  62. begin += 3;
  63. version = atoi(begin);
  64. }
  65. return version;
  66. }
  67. #ifndef WOLFSSL_ALLOW_SSLV3
  68. /* if the protocol version is sslv3 return 1, else 0 */
  69. static int IsSslVersion(const char* line)
  70. {
  71. int version = GetTlsVersion(line);
  72. return (version == 0) ? 1 : 0;
  73. }
  74. #endif /* !WOLFSSL_ALLOW_SSLV3 */
  75. #ifndef WOLFSSL_ALLOW_TLSV10
  76. /* if the protocol version is TLSv1.0 return 1, else 0 */
  77. static int IsTls10Version(const char* line)
  78. {
  79. int version = GetTlsVersion(line);
  80. return (version == 1) ? 1 : 0;
  81. }
  82. #endif /* !WOLFSSL_ALLOW_TLSV10 */
  83. #ifdef NO_OLD_TLS
  84. /* if the protocol version is less than tls 1.2 return 1, else 0 */
  85. static int IsOldTlsVersion(const char* line)
  86. {
  87. int version = GetTlsVersion(line);
  88. return (version < 3) ? 1 : 0;
  89. }
  90. #endif /* NO_OLD_TLS */
  91. #endif /* VERSION_TOO_OLD */
  92. /* if the cipher suite on line is valid store in suite and return 1, else 0 */
  93. static int IsValidCipherSuite(const char* line, char* suite)
  94. {
  95. int found = 0;
  96. int valid = 0;
  97. const char* find = "-l ";
  98. const char* begin = strstr(line, find);
  99. const char* end;
  100. suite[0] = '\0';
  101. if (begin) {
  102. begin += 3;
  103. end = XSTRSTR(begin, " ");
  104. if (end) {
  105. long len = end - begin;
  106. if (len > MAX_SUITE_SZ) {
  107. printf("suite too long!\n");
  108. return 0;
  109. }
  110. XMEMCPY(suite, begin, len);
  111. suite[len] = '\0';
  112. }
  113. else
  114. XSTRNCPY(suite, begin, MAX_SUITE_SZ);
  115. suite[MAX_SUITE_SZ] = '\0';
  116. found = 1;
  117. }
  118. /* if QSH not enabled then do not use QSH suite */
  119. #ifdef HAVE_QSH
  120. if (XSTRNCMP(suite, "QSH", 3) == 0) {
  121. if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite + 4)
  122. != WOLFSSL_SUCCESS)
  123. return 0;
  124. }
  125. #endif
  126. if (found) {
  127. if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == WOLFSSL_SUCCESS)
  128. valid = 1;
  129. }
  130. return valid;
  131. }
  132. static int execute_test_case(int svr_argc, char** svr_argv,
  133. int cli_argc, char** cli_argv,
  134. int addNoVerify, int addNonBlocking,
  135. int addDisableEMS, int forceSrvDefCipherList,
  136. int forceCliDefCipherList, int testShouldFail)
  137. {
  138. #ifdef WOLFSSL_TIRTOS
  139. func_args cliArgs = {0};
  140. func_args svrArgs = {0};
  141. cliArgs.argc = cli_argc;
  142. cliArgs.argv = cli_argv;
  143. svrArgs.argc = svr_argc;
  144. svrArgs.argv = svr_argv;
  145. #else
  146. func_args cliArgs = {cli_argc, cli_argv, 0, NULL, NULL};
  147. func_args svrArgs = {svr_argc, svr_argv, 0, NULL, NULL};
  148. #endif
  149. tcp_ready ready;
  150. THREAD_TYPE serverThread;
  151. char commandLine[MAX_COMMAND_SZ];
  152. char cipherSuite[MAX_SUITE_SZ+1];
  153. int i;
  154. size_t added;
  155. static int tests = 1;
  156. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  157. char portNumber[8];
  158. #endif
  159. /* Is Valid Cipher and Version Checks */
  160. /* build command list for the Is checks below */
  161. commandLine[0] = '\0';
  162. added = 0;
  163. for (i = 0; i < svrArgs.argc; i++) {
  164. added += XSTRLEN(svr_argv[i]) + 2;
  165. if (added >= MAX_COMMAND_SZ) {
  166. printf("server command line too long\n");
  167. break;
  168. }
  169. strcat(commandLine, svr_argv[i]);
  170. strcat(commandLine, flagSep);
  171. }
  172. if (IsValidCipherSuite(commandLine, cipherSuite) == 0) {
  173. #ifdef DEBUG_SUITE_TESTS
  174. printf("cipher suite %s not supported in build\n", cipherSuite);
  175. #endif
  176. return NOT_BUILT_IN;
  177. }
  178. #ifndef WOLFSSL_ALLOW_SSLV3
  179. if (IsSslVersion(commandLine) == 1) {
  180. #ifdef DEBUG_SUITE_TESTS
  181. printf("protocol version on line %s is too old\n", commandLine);
  182. #endif
  183. return VERSION_TOO_OLD;
  184. }
  185. #endif
  186. #ifndef WOLFSSL_ALLOW_TLSV10
  187. if (IsTls10Version(commandLine) == 1) {
  188. #ifdef DEBUG_SUITE_TESTS
  189. printf("protocol version on line %s is too old\n", commandLine);
  190. #endif
  191. return VERSION_TOO_OLD;
  192. }
  193. #endif
  194. #ifdef NO_OLD_TLS
  195. if (IsOldTlsVersion(commandLine) == 1) {
  196. #ifdef DEBUG_SUITE_TESTS
  197. printf("protocol version on line %s is too old\n", commandLine);
  198. #endif
  199. return VERSION_TOO_OLD;
  200. }
  201. #endif
  202. /* Build Server Command */
  203. if (addNoVerify) {
  204. printf("repeating test with client cert request off\n");
  205. if (svrArgs.argc >= MAX_ARGS)
  206. printf("server command line too long\n");
  207. else
  208. svr_argv[svrArgs.argc++] = noVerifyFlag;
  209. }
  210. if (addNonBlocking) {
  211. printf("repeating test with non blocking on\n");
  212. if (svrArgs.argc >= MAX_ARGS)
  213. printf("server command line too long\n");
  214. else
  215. svr_argv[svrArgs.argc++] = nonblockFlag;
  216. }
  217. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  218. /* add port */
  219. if (svrArgs.argc + 2 > MAX_ARGS)
  220. printf("cannot add the magic port number flag to server\n");
  221. else {
  222. svr_argv[svrArgs.argc++] = portFlag;
  223. svr_argv[svrArgs.argc++] = svrPort;
  224. }
  225. #endif
  226. if (forceSrvDefCipherList) {
  227. if (svrArgs.argc >= MAX_ARGS)
  228. printf("cannot add the force def cipher list flag to server\n");
  229. else
  230. svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
  231. }
  232. #ifdef TEST_PK_PRIVKEY
  233. svr_argv[svrArgs.argc++] = (char*)"-P";
  234. #endif
  235. if (testShouldFail) {
  236. svr_argv[svrArgs.argc++] = exitWithRetFlag;
  237. }
  238. /* update server flags list */
  239. commandLine[0] = '\0';
  240. added = 0;
  241. for (i = 0; i < svrArgs.argc; i++) {
  242. added += XSTRLEN(svr_argv[i]) + 2;
  243. if (added >= MAX_COMMAND_SZ) {
  244. printf("server command line too long\n");
  245. break;
  246. }
  247. strcat(commandLine, svr_argv[i]);
  248. strcat(commandLine, flagSep);
  249. }
  250. printf("trying server command line[%d]: %s\n", tests, commandLine);
  251. tests++; /* test count */
  252. InitTcpReady(&ready);
  253. #ifdef WOLFSSL_TIRTOS
  254. fdOpenSession(Task_self());
  255. #endif
  256. /* start server */
  257. svrArgs.signal = &ready;
  258. start_thread(server_test, &svrArgs, &serverThread);
  259. wait_tcp_ready(&svrArgs);
  260. /* Build Client Command */
  261. if (addNonBlocking) {
  262. if (cliArgs.argc >= MAX_ARGS)
  263. printf("cannot add the non block flag to client\n");
  264. else
  265. cli_argv[cliArgs.argc++] = nonblockFlag;
  266. }
  267. if (addDisableEMS) {
  268. printf("repeating test without extended master secret\n");
  269. if (cliArgs.argc >= MAX_ARGS)
  270. printf("cannot add the disable EMS flag to client\n");
  271. else
  272. cli_argv[cliArgs.argc++] = disableEMSFlag;
  273. }
  274. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
  275. if (ready.port != 0) {
  276. if (cliArgs.argc + 2 > MAX_ARGS)
  277. printf("cannot add the magic port number flag to client\n");
  278. else {
  279. snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
  280. cli_argv[cliArgs.argc++] = portFlag;
  281. cli_argv[cliArgs.argc++] = portNumber;
  282. }
  283. }
  284. #endif
  285. if (forceCliDefCipherList) {
  286. if (cliArgs.argc >= MAX_ARGS)
  287. printf("cannot add the force def cipher list flag to client\n");
  288. else
  289. cli_argv[cliArgs.argc++] = forceDefCipherListFlag;
  290. }
  291. #ifdef TEST_PK_PRIVKEY
  292. cli_argv[cliArgs.argc++] = (char*)"-P";
  293. #endif
  294. if (testShouldFail) {
  295. cli_argv[cliArgs.argc++] = exitWithRetFlag;
  296. }
  297. commandLine[0] = '\0';
  298. added = 0;
  299. for (i = 0; i < cliArgs.argc; i++) {
  300. added += XSTRLEN(cli_argv[i]) + 2;
  301. if (added >= MAX_COMMAND_SZ) {
  302. printf("client command line too long\n");
  303. break;
  304. }
  305. strcat(commandLine, cli_argv[i]);
  306. strcat(commandLine, flagSep);
  307. }
  308. printf("trying client command line[%d]: %s\n", tests, commandLine);
  309. /* start client */
  310. client_test(&cliArgs);
  311. /* verify results */
  312. if ((cliArgs.return_code != 0 && testShouldFail == 0) ||
  313. (cliArgs.return_code == 0 && testShouldFail != 0)) {
  314. printf("client_test failed\n");
  315. exit(EXIT_FAILURE);
  316. }
  317. join_thread(serverThread);
  318. if ((svrArgs.return_code != 0 && testShouldFail == 0) ||
  319. (svrArgs.return_code == 0 && testShouldFail != 0)) {
  320. printf("server_test failed\n");
  321. exit(EXIT_FAILURE);
  322. }
  323. #ifdef WOLFSSL_TIRTOS
  324. fdCloseSession(Task_self());
  325. #endif
  326. FreeTcpReady(&ready);
  327. /* only run the first test for failure cases */
  328. if (testShouldFail) {
  329. return NOT_BUILT_IN;
  330. }
  331. return 0;
  332. }
  333. static void test_harness(void* vargs)
  334. {
  335. func_args* args = (func_args*)vargs;
  336. char* script;
  337. long sz, len;
  338. int cliMode = 0; /* server or client command flag, server first */
  339. int ret;
  340. FILE* file;
  341. char* svrArgs[MAX_ARGS];
  342. int svrArgsSz;
  343. char* cliArgs[MAX_ARGS];
  344. int cliArgsSz;
  345. char* cursor;
  346. char* comment;
  347. const char* fname = "tests/test.conf";
  348. int testShouldFail = 0;
  349. if (args->argc == 1) {
  350. printf("notice: using default file %s\n", fname);
  351. }
  352. else if(args->argc > 3) {
  353. printf("usage: harness [FILE] [ARG]\n");
  354. args->return_code = 1;
  355. return;
  356. }
  357. if (args->argc >= 2) {
  358. fname = args->argv[1];
  359. }
  360. if (args->argc == 3) {
  361. testShouldFail = 1;
  362. }
  363. file = fopen(fname, "rb");
  364. if (file == NULL) {
  365. fprintf(stderr, "unable to open %s\n", fname);
  366. args->return_code = 1;
  367. return;
  368. }
  369. fseek(file, 0, SEEK_END);
  370. sz = ftell(file);
  371. rewind(file);
  372. if (sz <= 0) {
  373. fprintf(stderr, "%s is empty\n", fname);
  374. fclose(file);
  375. args->return_code = 1;
  376. return;
  377. }
  378. script = (char*)malloc(sz+1);
  379. if (script == 0) {
  380. fprintf(stderr, "unable to allocte script buffer\n");
  381. fclose(file);
  382. args->return_code = 1;
  383. return;
  384. }
  385. len = fread(script, 1, sz, file);
  386. if (len != sz) {
  387. fprintf(stderr, "read error\n");
  388. fclose(file);
  389. free(script);
  390. args->return_code = 1;
  391. return;
  392. }
  393. fclose(file);
  394. script[sz] = 0;
  395. cursor = script;
  396. svrArgsSz = 1;
  397. svrArgs[0] = args->argv[0];
  398. cliArgsSz = 1;
  399. cliArgs[0] = args->argv[0];
  400. while (*cursor != 0) {
  401. int do_it = 0;
  402. switch (*cursor) {
  403. case '\n':
  404. /* A blank line triggers test case execution or switches
  405. to client mode if we don't have the client command yet */
  406. if (cliMode == 0)
  407. cliMode = 1; /* switch to client mode processing */
  408. else
  409. do_it = 1; /* Do It, we have server and client */
  410. cursor++;
  411. break;
  412. case '#':
  413. /* Ignore lines that start with a #. */
  414. comment = XSTRSEP(&cursor, "\n");
  415. #ifdef DEBUG_SUITE_TESTS
  416. printf("%s\n", comment);
  417. #else
  418. (void)comment;
  419. #endif
  420. break;
  421. case '-':
  422. /* Parameters start with a -. They end in either a newline
  423. * or a space. Capture until either, save in Args list. */
  424. if (cliMode)
  425. cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n");
  426. else
  427. svrArgs[svrArgsSz++] = XSTRSEP(&cursor, " \n");
  428. if (*cursor == 0) /* eof */
  429. do_it = 1;
  430. break;
  431. default:
  432. /* Anything from cursor until end of line that isn't the above
  433. * is data for a paramter. Just up until the next newline in
  434. * the Args list. */
  435. if (cliMode)
  436. cliArgs[cliArgsSz++] = XSTRSEP(&cursor, "\n");
  437. else
  438. svrArgs[svrArgsSz++] = XSTRSEP(&cursor, "\n");
  439. if (*cursor == 0) /* eof */
  440. do_it = 1;
  441. break;
  442. }
  443. if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
  444. fprintf(stderr, "too many arguments, forcing test run\n");
  445. do_it = 1;
  446. }
  447. if (do_it) {
  448. ret = execute_test_case(svrArgsSz, svrArgs,
  449. cliArgsSz, cliArgs, 0, 0, 0, 0, 0,
  450. testShouldFail);
  451. /* don't repeat if not supported in build */
  452. if (ret == 0) {
  453. /* test with default cipher list on server side */
  454. execute_test_case(svrArgsSz, svrArgs,
  455. cliArgsSz, cliArgs, 0, 0, 0, 1, 0,
  456. testShouldFail);
  457. /* test with default cipher list on client side */
  458. execute_test_case(svrArgsSz, svrArgs,
  459. cliArgsSz, cliArgs, 0, 0, 0, 0, 1,
  460. testShouldFail);
  461. execute_test_case(svrArgsSz, svrArgs,
  462. cliArgsSz, cliArgs, 0, 1, 0, 0, 0,
  463. testShouldFail);
  464. execute_test_case(svrArgsSz, svrArgs,
  465. cliArgsSz, cliArgs, 1, 0, 0, 0, 0,
  466. testShouldFail);
  467. execute_test_case(svrArgsSz, svrArgs,
  468. cliArgsSz, cliArgs, 1, 1, 0, 0, 0,
  469. testShouldFail);
  470. #ifdef HAVE_EXTENDED_MASTER
  471. execute_test_case(svrArgsSz, svrArgs,
  472. cliArgsSz, cliArgs, 0, 0, 1, 0, 0,
  473. testShouldFail);
  474. execute_test_case(svrArgsSz, svrArgs,
  475. cliArgsSz, cliArgs, 0, 1, 1, 0, 0,
  476. testShouldFail);
  477. execute_test_case(svrArgsSz, svrArgs,
  478. cliArgsSz, cliArgs, 1, 0, 1, 0, 0,
  479. testShouldFail);
  480. execute_test_case(svrArgsSz, svrArgs,
  481. cliArgsSz, cliArgs, 1, 1, 1, 0, 0,
  482. testShouldFail);
  483. #endif
  484. }
  485. svrArgsSz = 1;
  486. cliArgsSz = 1;
  487. cliMode = 0;
  488. }
  489. }
  490. free(script);
  491. args->return_code = 0;
  492. }
  493. #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
  494. int SuiteTest(void)
  495. {
  496. #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
  497. func_args args;
  498. char argv0[3][80];
  499. char* myArgv[3];
  500. printf(" Begin Cipher Suite Tests\n");
  501. /* setup */
  502. myArgv[0] = argv0[0];
  503. myArgv[1] = argv0[1];
  504. myArgv[2] = argv0[2];
  505. args.argv = myArgv;
  506. strcpy(argv0[0], "SuiteTest");
  507. #ifdef WOLFSSL_STATIC_MEMORY
  508. byte memory[200000];
  509. #endif
  510. (void)test_harness;
  511. cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
  512. if (cipherSuiteCtx == NULL) {
  513. printf("can't get cipher suite ctx\n");
  514. exit(EXIT_FAILURE);
  515. }
  516. /* load in static memory buffer if enabled */
  517. #ifdef WOLFSSL_STATIC_MEMORY
  518. if (wolfSSL_CTX_load_static_memory(&cipherSuiteCtx, NULL,
  519. memory, sizeof(memory), 0, 1)
  520. != WOLFSSL_SUCCESS) {
  521. printf("unable to load static memory and create ctx");
  522. args.return_code = EXIT_FAILURE;
  523. goto exit;
  524. }
  525. #endif
  526. #ifdef WOLFSSL_ASYNC_CRYPT
  527. if (wolfAsync_DevOpen(&devId) < 0) {
  528. printf("Async device open failed");
  529. args.return_code = EXIT_FAILURE;
  530. goto exit;
  531. }
  532. wolfSSL_CTX_UseAsync(cipherSuiteCtx, devId);
  533. #endif /* WOLFSSL_ASYNC_CRYPT */
  534. /* default case */
  535. args.argc = 1;
  536. printf("starting default cipher suite tests\n");
  537. test_harness(&args);
  538. if (args.return_code != 0) {
  539. printf("error from script %d\n", args.return_code);
  540. args.return_code = EXIT_FAILURE;
  541. goto exit;
  542. }
  543. /* any extra cases will need another argument */
  544. args.argc = 2;
  545. #ifdef WOLFSSL_TLS13
  546. /* add TLSv13 extra suites */
  547. strcpy(argv0[1], "tests/test-tls13.conf");
  548. printf("starting TLSv13 extra cipher suite tests\n");
  549. test_harness(&args);
  550. if (args.return_code != 0) {
  551. printf("error from script %d\n", args.return_code);
  552. exit(EXIT_FAILURE);
  553. }
  554. #ifdef HAVE_ECC
  555. /* add TLSv13 ECC extra suites */
  556. strcpy(argv0[1], "tests/test-tls13-ecc.conf");
  557. printf("starting TLSv13 ECC extra cipher suite tests\n");
  558. test_harness(&args);
  559. if (args.return_code != 0) {
  560. printf("error from script %d\n", args.return_code);
  561. exit(EXIT_FAILURE);
  562. }
  563. #endif
  564. #endif
  565. #if defined(HAVE_CURVE25519) && defined(HAVE_ED25519)
  566. /* add ED25519 certificate cipher suite tests */
  567. strcpy(argv0[1], "tests/test-ed25519.conf");
  568. printf("starting ED25519 extra cipher suite tests\n");
  569. test_harness(&args);
  570. if (args.return_code != 0) {
  571. printf("error from script %d\n", args.return_code);
  572. exit(EXIT_FAILURE);
  573. }
  574. #endif
  575. #ifdef WOLFSSL_DTLS
  576. /* add dtls extra suites */
  577. strcpy(argv0[1], "tests/test-dtls.conf");
  578. printf("starting dtls extra cipher suite tests\n");
  579. test_harness(&args);
  580. if (args.return_code != 0) {
  581. printf("error from script %d\n", args.return_code);
  582. args.return_code = EXIT_FAILURE;
  583. goto exit;
  584. }
  585. #endif
  586. #ifdef WOLFSSL_SCTP
  587. /* add dtls-sctp extra suites */
  588. strcpy(argv0[1], "tests/test-sctp.conf");
  589. printf("starting dtls-sctp extra cipher suite tests\n");
  590. test_harness(&args);
  591. if (args.return_code != 0) {
  592. printf("error from script %d\n", args.return_code);
  593. args.return_code = EXIT_FAILURE;
  594. goto exit;
  595. }
  596. #endif
  597. #ifndef WC_STRICT_SIG
  598. #if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */
  599. /* add extra signature test suites */
  600. strcpy(argv0[1], "tests/test-sig.conf");
  601. printf("starting sig extra cipher suite tests\n");
  602. test_harness(&args);
  603. if (args.return_code != 0) {
  604. printf("error from script %d\n", args.return_code);
  605. args.return_code = EXIT_FAILURE;
  606. goto exit;
  607. }
  608. #endif /* HAVE_RSA and HAVE_ECC */
  609. #endif /* !WC_STRICT_SIG */
  610. #ifdef HAVE_QSH
  611. /* add QSH extra suites */
  612. strcpy(argv0[1], "tests/test-qsh.conf");
  613. printf("starting qsh extra cipher suite tests\n");
  614. test_harness(&args);
  615. if (args.return_code != 0) {
  616. printf("error from script %d\n", args.return_code);
  617. args.return_code = EXIT_FAILURE;
  618. goto exit;
  619. }
  620. #endif
  621. #ifndef NO_PSK
  622. /* add psk extra suites */
  623. strcpy(argv0[1], "tests/test-psk-no-id.conf");
  624. printf("starting psk no identity extra cipher suite tests\n");
  625. test_harness(&args);
  626. if (args.return_code != 0) {
  627. printf("error from script %d\n", args.return_code);
  628. args.return_code = EXIT_FAILURE;
  629. goto exit;
  630. }
  631. #endif
  632. #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3)
  633. /* test encrypted keys */
  634. strcpy(argv0[1], "tests/test-enckeys.conf");
  635. printf("starting encrypted keys extra cipher suite tests\n");
  636. test_harness(&args);
  637. if (args.return_code != 0) {
  638. printf("error from script %d\n", args.return_code);
  639. args.return_code = EXIT_FAILURE;
  640. goto exit;
  641. }
  642. #endif
  643. /* failure tests */
  644. args.argc = 3;
  645. strcpy(argv0[1], "tests/test-fails.conf");
  646. strcpy(argv0[2], "-f");
  647. printf("starting tests that expect failure\n");
  648. test_harness(&args);
  649. if (args.return_code != 0) {
  650. printf("error from script %d\n", args.return_code);
  651. args.return_code = EXIT_FAILURE;
  652. goto exit;
  653. }
  654. exit:
  655. printf(" End Cipher Suite Tests\n");
  656. wolfSSL_CTX_free(cipherSuiteCtx);
  657. wolfSSL_Cleanup();
  658. #ifdef WOLFSSL_ASYNC_CRYPT
  659. wolfAsync_DevClose(&devId);
  660. #endif
  661. return args.return_code;
  662. #else
  663. return NOT_COMPILED_IN;
  664. #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
  665. }