tests

Author: JeremiahM37

src/tls.c

@@ -17180,8 +17180,8 @@ static word16 TLSX_GetMinSize_Server(const word16 *type)
 
 
 /** Parses a buffer of TLS extensions. */
-int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
-                                                                 Suites *suites)
+WOLFSSL_TEST_VIS int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length,
+                                byte msgType, Suites *suites)
 {
     int ret = 0;
     word16 offset = 0;

tests/api.c

@@ -37368,6 +37368,8 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_certificate_authorities_client_hello),
     TEST_DECL(test_TLSX_TCA_Find),
     TEST_DECL(test_TLSX_SNI_GetSize_overflow),
+    TEST_DECL(test_TLSX_ECH_msg_type_validation),
+    TEST_DECL(test_TLSX_SRTP_msg_type_validation),
     TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation),
     TEST_DECL(test_wolfSSL_clear_secure_renegotiation),
     TEST_DECL(test_wolfSSL_SCR_Reconnect),

tests/api/test_ossl_cipher.c

@@ -203,6 +203,34 @@ int test_wolfSSL_DES_ncbc(void)
     return EXPECT_RESULT();
 }
 
+int test_wolfSSL_DES_ncbc_zero_length(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
+    const_DES_cblock myDes;
+    DES_cblock iv;
+    DES_cblock ivSaved;
+    DES_key_schedule key = {0};
+    unsigned char msg[DES_BLOCK_SIZE] = {0};
+    unsigned char out[DES_BLOCK_SIZE] = {0};
+
+    DES_set_key(&key, &myDes);
+
+    /* length == 0 must no-op: the offset math would otherwise underflow
+     * size_t and read from a wild pointer. */
+    XMEMSET((byte*)&iv, 0xAB, DES_BLOCK_SIZE);
+    XMEMCPY(&ivSaved, &iv, DES_BLOCK_SIZE);
+    DES_ncbc_encrypt(msg, out, 0, &myDes, &iv, DES_ENCRYPT);
+    ExpectIntEQ(XMEMCMP(&iv, &ivSaved, DES_BLOCK_SIZE), 0);
+
+    XMEMSET((byte*)&iv, 0xAB, DES_BLOCK_SIZE);
+    XMEMCPY(&ivSaved, &iv, DES_BLOCK_SIZE);
+    DES_ncbc_encrypt(msg, out, 0, &myDes, &iv, DES_DECRYPT);
+    ExpectIntEQ(XMEMCMP(&iv, &ivSaved, DES_BLOCK_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
 int test_wolfSSL_DES_ecb_encrypt(void)
 {
     EXPECT_DECLS;

tests/api/test_ossl_cipher.h

@@ -26,6 +26,7 @@
 
 int test_wolfSSL_DES(void);
 int test_wolfSSL_DES_ncbc(void);
+int test_wolfSSL_DES_ncbc_zero_length(void);
 int test_wolfSSL_DES_ecb_encrypt(void);
 int test_wolfSSL_DES_ede3_cbc_encrypt(void);
 int test_wolfSSL_AES_encrypt(void);
@@ -38,6 +39,7 @@ int test_wolfSSL_RC4(void);
 #define TEST_OSSL_CIPHER_DECLS                                          \
     TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES),                   \
     TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES_ncbc),              \
+    TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES_ncbc_zero_length),  \
     TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES_ecb_encrypt),       \
     TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES_ede3_cbc_encrypt),  \
     TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_AES_encrypt),           \

tests/api/test_tls13.c

@@ -5254,3 +5254,47 @@ int test_tls13_serverhello_bad_cipher_suites(void)
 #endif
     return EXPECT_RESULT();
 }
+
+int test_tls13_cipher_list_on_tls12_ctx(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
+    !defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_CLIENT)
+    WOLFSSL_CTX* ctx = NULL;
+
+    /* A TLS 1.3-only cipher list on a TLS 1.2 context must fail rather
+     * than silently succeed while leaving default suites active. */
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
+    ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "TLS_AES_128_GCM_SHA256"),
+                WOLFSSL_FAILURE);
+
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_tls13_clear_preserves_psk_dhe(void)
+{
+    EXPECT_DECLS;
+#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \
+    defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) && \
+    (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \
+    !defined(NO_WOLFSSL_CLIENT)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(ctx), 0);
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+    ExpectIntEQ(ssl->options.noPskDheKe, 1);
+
+    /* SSL reuse must preserve the CTX-level noPskDheKe; resetting to 0
+     * would silently re-enable psk_dhe_ke for the next handshake. */
+    ExpectIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS);
+    ExpectIntEQ(ssl->options.noPskDheKe, 1);
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}

tests/api/test_tls13.h

@@ -60,6 +60,8 @@ int test_tls13_cert_with_extern_psk_requires_key_share(void);
 int test_tls13_cert_with_extern_psk_rejects_resumption(void);
 int test_tls13_cert_with_extern_psk_sh_missing_key_share(void);
 int test_tls13_cert_with_extern_psk_sh_confirms_resumption(void);
+int test_tls13_cipher_list_on_tls12_ctx(void);
+int test_tls13_clear_preserves_psk_dhe(void);
 
 #define TEST_TLS13_DECLS                                        \
     TEST_DECL_GROUP("tls13", test_tls13_apis),                  \
@@ -97,6 +99,8 @@ int test_tls13_cert_with_extern_psk_sh_confirms_resumption(void);
     TEST_DECL_GROUP("tls13", test_tls13_cert_with_extern_psk_requires_key_share), \
     TEST_DECL_GROUP("tls13", test_tls13_cert_with_extern_psk_rejects_resumption), \
     TEST_DECL_GROUP("tls13", test_tls13_cert_with_extern_psk_sh_missing_key_share), \
-    TEST_DECL_GROUP("tls13", test_tls13_cert_with_extern_psk_sh_confirms_resumption)
+    TEST_DECL_GROUP("tls13", test_tls13_cert_with_extern_psk_sh_confirms_resumption), \
+    TEST_DECL_GROUP("tls13", test_tls13_cipher_list_on_tls12_ctx),                  \
+    TEST_DECL_GROUP("tls13", test_tls13_clear_preserves_psk_dhe)
 
 #endif /* WOLFCRYPT_TEST_TLS13_H */

tests/api/test_tls_ext.c

@@ -609,3 +609,54 @@ int test_TLSX_SNI_GetSize_overflow(void)
 #endif
     return EXPECT_RESULT();
 }
+
+/* ECH is only valid in ClientHello, EncryptedExtensions, or
+ * HelloRetryRequest per RFC 9460. Feeding it in a Certificate message must
+ * be rejected with EXT_NOT_ALLOWED rather than being silently accepted. */
+int test_TLSX_ECH_msg_type_validation(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+    /* type = TLSX_ECH (0xfe0d), size = 0x0000 */
+    const byte extBytes[] = { 0xfe, 0x0d, 0x00, 0x00 };
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    ExpectIntEQ(TLSX_Parse(ssl, extBytes, (word16)sizeof(extBytes),
+                           certificate, NULL),
+                WC_NO_ERR_TRACE(EXT_NOT_ALLOWED));
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* use_srtp is only valid in ClientHello/ServerHello (pre-TLS 1.3) or
+ * ClientHello/EncryptedExtensions (TLS 1.3) per RFC 5764. Feeding it in a
+ * Certificate message must be rejected with EXT_NOT_ALLOWED. */
+int test_TLSX_SRTP_msg_type_validation(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SRTP) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+    /* type = TLSX_USE_SRTP (0x000e), size = 0x0000 */
+    const byte extBytes[] = { 0x00, 0x0e, 0x00, 0x00 };
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    ExpectIntEQ(TLSX_Parse(ssl, extBytes, (word16)sizeof(extBytes),
+                           certificate, NULL),
+                WC_NO_ERR_TRACE(EXT_NOT_ALLOWED));
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}

tests/api/test_tls_ext.h

@@ -28,5 +28,7 @@ int test_certificate_authorities_certificate_request(void);
 int test_certificate_authorities_client_hello(void);
 int test_TLSX_TCA_Find(void);
 int test_TLSX_SNI_GetSize_overflow(void);
+int test_TLSX_ECH_msg_type_validation(void);
+int test_TLSX_SRTP_msg_type_validation(void);
 
 #endif /* TESTS_API_TEST_TLS_EMS_H */

wolfssl/internal.h

@@ -3208,7 +3208,7 @@ WOLFSSL_LOCAL int   TLSX_ParseVersion(WOLFSSL* ssl, const byte* input,
 WOLFSSL_LOCAL int TLSX_SupportedVersions_Parse(const WOLFSSL* ssl,
         const byte* input, word16 length, byte msgType, ProtocolVersion* pv,
         Options* opts, TLSX** exts);
-WOLFSSL_LOCAL int   TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length,
+WOLFSSL_TEST_VIS int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                                byte msgType, Suites *suites);
 WOLFSSL_LOCAL int TLSX_Push(TLSX** list, TLSX_Type type,
                             const void* data, void* heap);