diff --git a/tests/api.c b/tests/api.c index 9bfd9b14aa..b6c39401cf 100644 --- a/tests/api.c +++ b/tests/api.c @@ -36,107 +36,17 @@ #include #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */ -#ifndef FOURK_BUF - #define FOURK_BUF 4096 -#endif -#ifndef TWOK_BUF - #define TWOK_BUF 2048 -#endif -#ifndef ONEK_BUF - #define ONEK_BUF 1024 -#endif +#include +#include + #if defined(WOLFSSL_STATIC_MEMORY) #include - -#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) - #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ - defined(SESSION_CERTS) - #ifdef OPENSSL_EXTRA - #define TEST_TLS_STATIC_MEMSZ (400000) - #else - #define TEST_TLS_STATIC_MEMSZ (320000) - #endif - #else - #define TEST_TLS_STATIC_MEMSZ (80000) - #endif #endif - -#endif /* WOLFSSL_STATIC_MEMORY */ -#ifndef HEAP_HINT - #define HEAP_HINT NULL -#endif /* WOLFSSL_STAIC_MEMORY */ #ifdef WOLFSSL_ASNC_CRYPT #include #endif #ifdef HAVE_ECC #include /* wc_ecc_fp_free */ - #ifndef ECC_ASN963_MAX_BUF_SZ - #define ECC_ASN963_MAX_BUF_SZ 133 - #endif - #ifndef ECC_PRIV_KEY_BUF - #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */ - #endif - /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */ - /* logic to choose right key ECC size */ - #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 - #define KEY14 14 - #else - #define KEY14 32 - #endif - #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128 - #define KEY16 16 - #else - #define KEY16 32 - #endif - #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 - #define KEY20 20 - #else - #define KEY20 32 - #endif - #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 - #define KEY24 24 - #else - #define KEY24 32 - #endif - #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) - #define KEY28 28 - #else - #define KEY28 32 - #endif - #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) - #define KEY30 30 - #else - #define KEY30 32 - #endif - #define KEY32 32 - #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) - #define KEY40 40 - #else - #define KEY40 32 - #endif - #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) - #define KEY48 48 - #else - #define KEY48 32 - #endif - #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) - #define KEY64 64 - #else - #define KEY64 32 - #endif - - #if !defined(HAVE_COMP_KEY) - #if !defined(NOCOMP) - #define NOCOMP 0 - #endif - #else - #if !defined(COMP) - #define COMP 1 - #endif - #endif - #if !defined(DER_SZ) - #define DER_SZ(ks) ((ks) * 2 + 1) - #endif #ifdef WOLFSSL_SM2 #include #endif @@ -144,14 +54,17 @@ #ifndef NO_ASN #include #endif -#include #include #include /* compatibility layer */ +#include + #include #include +#include + +/* for testing compatibility layer callbacks */ #include "examples/server/server.h" - /* for testing compatibility layer callbacks */ #ifndef NO_MD5 #include @@ -168,18 +81,12 @@ #ifdef WOLFSSL_SHA384 #include #endif - #ifdef WOLFSSL_SHA3 #include - #ifndef HEAP_HINT - #define HEAP_HINT NULL - #endif #endif - #ifdef WOLFSSL_SM3 #include #endif - #ifndef NO_AES #include #ifdef HAVE_AES_DECRYPT @@ -228,19 +135,14 @@ #include #endif -#include #ifndef NO_RSA #include - - #define FOURK_BUF 4096 - #define GEN_BUF 294 #endif #ifndef NO_SIG_WRAPPER #include #endif - #ifdef HAVE_AESCCM #include #endif @@ -249,7 +151,7 @@ #include #include #ifdef HAVE_LIBZ - #include + #include #endif #endif @@ -259,21 +161,6 @@ #ifndef NO_DSA #include - #ifndef ONEK_BUF - #define ONEK_BUF 1024 - #endif - #ifndef TWOK_BUF - #define TWOK_BUF 2048 - #endif - #ifndef FOURK_BUF - #define FOURK_BUF 4096 - #endif - #ifndef DSA_SIG_SIZE - #define DSA_SIG_SIZE 40 - #endif - #ifndef MAX_DSA_PARAM_SIZE - #define MAX_DSA_PARAM_SIZE 256 - #endif #endif #ifdef WOLFSSL_CMAC @@ -307,9 +194,8 @@ #include #endif -#include - -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL)) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(OPENSSL_ALL) #include #ifndef NO_ASN /* for ASN_COMMON_NAME DN_tags enum */ @@ -372,8 +258,8 @@ #endif #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ - && !defined(NO_SHA256) && !defined(RC_NO_RNG) +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \ + !defined(NO_SHA256) && !defined(RC_NO_RNG) #include #endif @@ -386,7 +272,7 @@ /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT, * for setting authKeyIdSrc in WOLFSSL_X509, or testing DTLS sequence * number tracking */ -#include "wolfssl/internal.h" + #include "wolfssl/internal.h" #endif /* force enable test buffers */ @@ -398,8 +284,6 @@ #endif #include -#include "tests/utils.h" - /* include misc.c here regardless of NO_INLINE, because misc.c implementations * have default (hidden) visibility, and in the absence of visibility, it's * benign to mask out the library implementation. @@ -407,12 +291,144 @@ #define WOLFSSL_MISC_INCLUDED #include + + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) + #define HAVE_IO_TESTS_DEPENDENCIES +#endif + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(WOLFSSL_TIRTOS) + #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES +#endif + +#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ + !defined(WOLFSSL_NO_CLIENT_AUTH)) + #define HAVE_CERT_CHAIN_VALIDATION +#endif + #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV /* FIPS build has replaced ecc.h. */ #define wc_ecc_key_get_priv(key) (&((key)->k)) #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV #endif +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || defined(SESSION_CERTS) + #ifdef OPENSSL_EXTRA + #define TEST_TLS_STATIC_MEMSZ (400000) + #else + #define TEST_TLS_STATIC_MEMSZ (320000) + #endif + #else + #define TEST_TLS_STATIC_MEMSZ (80000) + #endif +#endif + +#ifdef HAVE_ECC + #ifndef ECC_ASN963_MAX_BUF_SZ + #define ECC_ASN963_MAX_BUF_SZ 133 + #endif + #ifndef ECC_PRIV_KEY_BUF + #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */ + #endif + /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */ + /* logic to choose right key ECC size */ + #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 + #define KEY14 14 + #else + #define KEY14 32 + #endif + #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128 + #define KEY16 16 + #else + #define KEY16 32 + #endif + #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 + #define KEY20 20 + #else + #define KEY20 32 + #endif + #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 + #define KEY24 24 + #else + #define KEY24 32 + #endif + #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) + #define KEY28 28 + #else + #define KEY28 32 + #endif + #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) + #define KEY30 30 + #else + #define KEY30 32 + #endif + #define KEY32 32 + #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) + #define KEY40 40 + #else + #define KEY40 32 + #endif + #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) + #define KEY48 48 + #else + #define KEY48 32 + #endif + #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) + #define KEY64 64 + #else + #define KEY64 32 + #endif + + #if !defined(HAVE_COMP_KEY) + #if !defined(NOCOMP) + #define NOCOMP 0 + #endif + #else + #if !defined(COMP) + #define COMP 1 + #endif + #endif + #if !defined(DER_SZ) + #define DER_SZ(ks) ((ks) * 2 + 1) + #endif +#endif /* HAVE_ECC */ + +#ifndef NO_DSA + #ifndef DSA_SIG_SIZE + #define DSA_SIG_SIZE 40 + #endif + #ifndef MAX_DSA_PARAM_SIZE + #define MAX_DSA_PARAM_SIZE 256 + #endif +#endif + +#ifndef NO_RSA + #define GEN_BUF 294 +#endif + +#ifndef ONEK_BUF + #define ONEK_BUF 1024 +#endif +#ifndef TWOK_BUF + #define TWOK_BUF 2048 +#endif +#ifndef FOURK_BUF + #define FOURK_BUF 4096 +#endif + +#ifndef HEAP_HINT + #define HEAP_HINT NULL +#endif + + + + typedef struct testVector { const char* input; const char* output; @@ -580,17 +596,6 @@ static int testDevId = WOLFSSL_CAAM_DEVID; static int testDevId = INVALID_DEVID; #endif -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ - !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) -#define HAVE_IO_TESTS_DEPENDENCIES -#endif - -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ - !defined(WOLFSSL_TIRTOS) -#define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES -#endif /*----------------------------------------------------------------------------* | BIO with fixed read/write size @@ -4508,6 +4513,7 @@ static int test_wolfSSL_OtherName(void) return EXPECT_RESULT(); } +#ifdef HAVE_CERT_CHAIN_VALIDATION static int test_wolfSSL_CertRsaPss(void) { EXPECT_DECLS; @@ -4565,6 +4571,7 @@ static int test_wolfSSL_CertRsaPss(void) return EXPECT_RESULT(); } +#endif static int test_wolfSSL_CTX_load_verify_locations_ex(void) { @@ -64724,7 +64731,8 @@ static int test_wc_CreateEncryptedPKCS8Key(void) { EXPECT_DECLS; #if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \ - && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) + && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) && \ + !defined(NO_ASN_CRYPT) WC_RNG rng; byte* encKey = NULL; word32 encKeySz = 0; @@ -67249,6 +67257,10 @@ static int test_RsaSigFailure_cm(void) #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), WOLFSSL_FATAL_ERROR); +#elif defined(NO_ASN_CRYPT) + /* RSA verify is not called when ASN crypt support is disabled */ + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), + WOLFSSL_SUCCESS); #else ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), ASN_SIG_CONFIRM_E); @@ -67282,6 +67294,10 @@ static int test_EccSigFailure_cm(void) #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), WOLFSSL_FATAL_ERROR); +#elif defined(NO_ASN_CRYPT) + /* ECC verify is not called when ASN crypt support is disabled */ + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), + WOLFSSL_SUCCESS); #else ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), ASN_SIG_CONFIRM_E); @@ -76390,9 +76406,7 @@ static int test_wolfSSL_dtls_stateless(void) #endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE && * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */ -#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ - !defined(WOLFSSL_NO_CLIENT_AUTH)) +#ifdef HAVE_CERT_CHAIN_VALIDATION static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) { int ret; @@ -85358,9 +85372,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_CertManagerCRL), TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse), TEST_DECL(test_wolfSSL_CheckOCSPResponse), -#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ - !defined(WOLFSSL_NO_CLIENT_AUTH)) +#ifdef HAVE_CERT_CHAIN_VALIDATION TEST_DECL(test_various_pathlen_chains), #endif @@ -85450,7 +85462,9 @@ TEST_CASE testCases[] = { /* Large number of memory allocations. */ TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs), +#ifdef HAVE_CERT_CHAIN_VALIDATION TEST_DECL(test_wolfSSL_CertRsaPss), +#endif TEST_DECL(test_wolfSSL_CTX_load_verify_locations_ex), TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex), TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format), diff --git a/tests/unit.c b/tests/unit.c index d847b7a2fa..870be9875c 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -251,16 +251,14 @@ int unit_test(int argc, char** argv) SrpTest(); } -#ifndef NO_WOLFSSL_CIPHER_SUITE_TEST -#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) -#ifndef SINGLE_THREADED +#if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(SINGLE_THREADED) if ((ret = SuiteTest(argc, argv)) != 0) { fprintf(stderr, "suite test failed with %d\n", ret); goto exit; } #endif -#endif -#endif /* NO_WOLFSSL_CIPHER_SUITE_TEST */ exit: #ifdef HAVE_WNR diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 7887ee747c..1afe0f069a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -6278,7 +6278,7 @@ static int RsaPssHashOidToSigOid(word32 oid, word32* sigOid) #endif #ifdef WOLFSSL_ASN_TEMPLATE -/* ASN tag for hashAlgorigthm. */ +/* ASN tag for hashAlgorithm. */ #define ASN_TAG_RSA_PSS_HASH (ASN_CONTEXT_SPECIFIC | 0) /* ASN tag for maskGenAlgorithm. */ #define ASN_TAG_RSA_PSS_MGF (ASN_CONTEXT_SPECIFIC | 1) @@ -6326,7 +6326,7 @@ enum { /* Number of items in ASN.1 template for an algorithm identifier. */ #define rsaPssParamsASN_Length (sizeof(rsaPssParamsASN) / sizeof(ASNItem)) #else -/* ASN tag for hashAlgorigthm. */ +/* ASN tag for hashAlgorithm. */ #define ASN_TAG_RSA_PSS_HASH (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0) /* ASN tag for maskGenAlgorithm. */ #define ASN_TAG_RSA_PSS_MGF (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1) @@ -17748,6 +17748,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx, exit_cs: +#else + /* Warning: The NO_ASN_CRYPT option skips signature checking! */ + ret = 0; /* allow unchecked signature */ #endif /* !NO_ASN_CRYPT */ (void)keyOID;