Add regression tests for group-setting and shared-cipher API guards

Extend test_tls13_apis with negative-count assertions for
wolfSSL_CTX_set_groups and wolfSSL_set_groups, and NULL-groups
assertions for wolfSSL_CTX_set1_groups and wolfSSL_set1_groups
(tests/api/test_tls13.c).

Add test_wolfSSL_get_shared_ciphers covering NULL ssl, NULL buf, and
zero-length inputs (tests/api/test_tls.c).

Author: ColtonWilley

tests/api/test_tls.c

@@ -857,3 +857,29 @@ int test_tls_set_curves_list_ecc_fallback(void)
     return EXPECT_RESULT();
 }
 
+int test_wolfSSL_get_shared_ciphers(void)
+{
+    EXPECT_DECLS;
+#if !defined(WOLFSSL_NO_TLS12) && !defined(NO_TLS)
+#ifndef NO_WOLFSSL_CLIENT
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL*     ssl = NULL;
+    char         buf[32];
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* NULL ssl - pre-existing guard; pins the contract. */
+    ExpectNull(wolfSSL_get_shared_ciphers(NULL, buf, sizeof(buf)));
+    /* NULL buf - primary regression case (pre-fix: XMEMCPY(NULL, ...) crash). */
+    ExpectNull(wolfSSL_get_shared_ciphers(ssl, NULL, sizeof(buf)));
+    /* len == 0 - pre-existing guard; pins the contract. */
+    ExpectNull(wolfSSL_get_shared_ciphers(ssl, buf, 0));
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif /* NO_WOLFSSL_CLIENT */
+#endif
+    return EXPECT_RESULT();
+}
+

tests/api/test_tls.h

@@ -32,6 +32,7 @@ int test_tls12_bad_cv_sig_alg(void);
 int test_tls12_no_null_compression(void);
 int test_tls12_etm_failed_resumption(void);
 int test_tls_set_curves_list_ecc_fallback(void);
+int test_wolfSSL_get_shared_ciphers(void);
 
 #define TEST_TLS_DECLS                                                         \
         TEST_DECL_GROUP("tls", test_utils_memio_move_message),                 \
@@ -43,6 +44,7 @@ int test_tls_set_curves_list_ecc_fallback(void);
         TEST_DECL_GROUP("tls", test_tls12_bad_cv_sig_alg),                     \
         TEST_DECL_GROUP("tls", test_tls12_no_null_compression),                \
         TEST_DECL_GROUP("tls", test_tls12_etm_failed_resumption),              \
-        TEST_DECL_GROUP("tls", test_tls_set_curves_list_ecc_fallback)
+        TEST_DECL_GROUP("tls", test_tls_set_curves_list_ecc_fallback),         \
+        TEST_DECL_GROUP("tls", test_wolfSSL_get_shared_ciphers)
 
 #endif /* TESTS_API_TEST_TLS_H */

tests/api/test_tls13.c

@@ -587,6 +587,8 @@ int test_tls13_apis(void)
 #endif
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
         WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, -1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
@@ -614,6 +616,8 @@ int test_tls13_apis(void)
 #endif
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups,
         WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, -1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
@@ -645,6 +649,10 @@ int test_tls13_apis(void)
         WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_set1_groups(clientSsl, too_many_groups,
         WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_set1_groups(clientCtx, NULL, 1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_set1_groups(clientSsl, NULL, 1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12