diff --git a/src/ssl.c b/src/ssl.c index a18b45ce6..d5f968b73 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -56441,9 +56441,9 @@ static const size_t size_of_cmd_tbls = sizeof(conf_cmds_tbl) int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value) { int ret = WOLFSSL_FAILURE; - size_t i; - size_t cmdlen; - const char* c; + size_t i = 0; + size_t cmdlen = 0; + const char* c = NULL; WOLFSSL_ENTER("wolfSSL_CONF_cmd"); (void)cctx; @@ -56456,36 +56456,41 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value) return ret; } + if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) { + cmdlen = XSTRLEN(cmd); + + if (cmdlen < 2) { + WOLFSSL_MSG("bad cmdline command"); + return -2; + } + /* skip "-" prefix */ + c = ++cmd; + } + for (i = 0; i < size_of_cmd_tbls; i++) { /* check if the cmd is valid */ if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) { - cmdlen = XSTRLEN(cmd); - if (cmdlen < 2) { - WOLFSSL_MSG("bad cmdline command"); - return ret; - } - /* skip "-" prefix */ - c = ++cmd; - - if (XSTRCMP(c, conf_cmds_tbl[i].cmdline_cmd) == 0) { + if (c != NULL && conf_cmds_tbl[i].cmdline_cmd != NULL && + XSTRCMP(c, conf_cmds_tbl[i].cmdline_cmd) == 0) { if (conf_cmds_tbl[i].cmdfunc != NULL) { ret = conf_cmds_tbl[i].cmdfunc(cctx, value); break; } else { WOLFSSL_MSG("cmd not yet implemented"); - return ret; + return -2; } } } if (cctx->flags & WOLFSSL_CONF_FLAG_FILE) { - if (XSTRCMP(cmd, conf_cmds_tbl[i].file_cmd) == 0) { + if (conf_cmds_tbl[i].file_cmd != NULL && + XSTRCMP(cmd, conf_cmds_tbl[i].file_cmd) == 0) { if (conf_cmds_tbl[i].cmdfunc != NULL) { ret = conf_cmds_tbl[i].cmdfunc(cctx, value); break; } else { WOLFSSL_MSG("cmd not yet implemented"); - return ret; + return -2; } } } diff --git a/tests/api.c b/tests/api.c index 103144637..ab05472a3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -43085,10 +43085,99 @@ static void test_wolfSSL_OpenSSL_version(void) #endif } +static void test_CONF_CTX_CMDLINE(void) +{ +#if defined(OPENSSL_ALL) + printf(testingFmt, "test_CONF_CTX_CMDLINE"); + + SSL_CTX* ctx = NULL; + SSL_CONF_CTX* cctx = NULL; + + AssertNotNull(cctx = SSL_CONF_CTX_new()); + + #ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 + #ifdef NO_WOLFSSL_SERVER + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + #else + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + AssertTrue(1); + #endif + #endif + + /* set flags */ + AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CMDLINE), + WOLFSSL_CONF_FLAG_CMDLINE); + AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), + WOLFSSL_CONF_FLAG_CMDLINE | WOLFSSL_CONF_FLAG_CERTIFICATE); + /* cmd invalid command */ + AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2); + AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2); + AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE); + AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE); + AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE); + + /* cmd Certificate and Private Key*/ + { + #ifndef NO_CERTS + const char* ourCert = svrCertFile; + const char* ourKey = svrKeyFile; + + AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", ourCert), + WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_cmd(cctx, "-key", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "-key", ourKey), WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + #endif + } + + /* cmd curves */ + { + #if defined(HAVE_ECC) + const char* curve = "secp256r1"; + + AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", curve), WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + #endif + } + + /* cmd CipherString */ + { + char* cipher = wolfSSL_get_cipher_list(0/*top priority*/); + + AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", cipher), WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + } + + /* cmd DH parameter */ + { + #if !defined(NO_DH) && !defined(NO_BIO) + const char* ourdhcert = "./certs/dh4096.pem"; + + AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL), + -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", ourdhcert), + WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + + #endif + } + SSL_CTX_free(ctx); + SSL_CONF_CTX_free(cctx); + + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA */ +} + static void test_CONF_CTX_FILE(void) { #if defined(OPENSSL_ALL) - printf(testingFmt, "test_CONF_CTX"); + printf(testingFmt, "test_CONF_CTX_FILE"); SSL_CTX* ctx = NULL; SSL_CONF_CTX* cctx = NULL; @@ -43111,12 +43200,23 @@ static void test_CONF_CTX_FILE(void) AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE), WOLFSSL_CONF_FLAG_FILE); AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), - WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE); + WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE); + /* sanity check */ + AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2); + AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2); + AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE); + AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE); + AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE); + /* cmd Certificate and Private Key*/ { #ifndef NO_CERTS const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; + + AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS); @@ -43129,6 +43229,7 @@ static void test_CONF_CTX_FILE(void) #if defined(HAVE_ECC) const char* curve = "secp256r1"; + AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif @@ -43137,6 +43238,8 @@ static void test_CONF_CTX_FILE(void) /* cmd CipherString */ { char* cipher = wolfSSL_get_cipher_list(0/*top priority*/); + + AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); } @@ -43146,6 +43249,7 @@ static void test_CONF_CTX_FILE(void) #if !defined(NO_DH) && !defined(NO_BIO) const char* ourdhcert = "./certs/dh3072.pem"; + AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); @@ -43806,6 +43910,7 @@ void ApiTest(void) test_wolfSSL_set_psk_use_session_callback(); test_CONF_CTX_FILE(); + test_CONF_CTX_CMDLINE(); test_wolfSSL_CRYPTO_get_ex_new_index(); test_wolfSSL_DH_get0_pqg();