wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 11:52:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into zd20595

Browse Source
This commit is contained in:
Kareem
2025-10-07 14:23:21 -07:00
parent 931384a117 1d67e5551b
commit 233e574f32
12 changed files with 273 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

325
src/internal.c
View File

@@ -22799,7 +22799,12 @@ default:
return ZERO_RETURN;
}
#endif /* WOLFSSL_EARLY_DATA */
if (ret == 0 ||
ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
/* Reset timeout as we have received a valid
* DTLS handshake message */
ssl->dtls_timeout = ssl->dtls_timeout_init;
}
}
#endif /* WOLFSSL_DTLS13 */
}
@@ -24557,6 +24562,77 @@ int cipherExtraData(WOLFSSL* ssl)
#ifndef WOLFSSL_NO_TLS12
static int BuildMsgOrHashOutput(WOLFSSL* ssl, byte* output, int* sendSz,
int inputSz, enum HandShakeType type,
const char *name)
{
int ret = 0;
if (IsEncryptionOn(ssl, 1)) {
byte* input;
int recordHeaderSz = RECORD_HEADER_SZ;
if (ssl->options.dtls)
recordHeaderSz += DTLS_RECORD_EXTRA;
inputSz -= recordHeaderSz;
if (inputSz <= 0) {
WOLFSSL_MSG("Bad inputSz");
return BUFFER_E;
}
input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
DYNAMIC_TYPE_IN_BUFFER);
if (input == NULL)
return MEMORY_E;
XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) &&
(ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
type)) != 0) {
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
return ret;
}
#else
(void)type;
#endif
*sendSz = BuildMessage(ssl, output, *sendSz, input, inputSz,
handshake, 1, 0, 0, CUR_ORDER);
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
if (*sendSz < 0)
return *sendSz;
} else {
if (type == certificate_request)
*sendSz = inputSz;
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) {
ret = DtlsMsgPoolSave(ssl, output, (word32)*sendSz, type);
if (ret != 0)
return ret;
}
if (ssl->options.dtls)
DtlsSEQIncrement(ssl, CUR_ORDER);
#endif
ret = HashOutput(ssl, output, *sendSz, 0);
if (ret != 0)
return ret;
}
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
if (ssl->hsInfoOn)
AddPacketName(ssl, name);
if (ssl->toInfoOn) {
ret = AddPacketInfo(ssl, name, handshake, output,
*sendSz, WRITE_PROTO, 0, ssl->heap);
if (ret != 0)
return ret;
}
#else
(void)name;
#endif
ssl->buffers.outputBuffer.length += (word32)*sendSz;
ssl->options.buildingMsg = 0;
return 0;
}
#ifndef NO_CERTS
#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \
@@ -24875,6 +24951,7 @@ int SendCertificate(WOLFSSL* ssl)
}
#endif /* !NO_TLS && (!NO_WOLFSSL_SERVER || !WOLFSSL_NO_CLIENT_AUTH) */
#if !defined(NO_TLS)
/* handle generation of certificate_request (13) */
int SendCertificateRequest(WOLFSSL* ssl)
@@ -25008,75 +25085,16 @@ int SendCertificateRequest(WOLFSSL* ssl)
names = names->next;
}
#endif
(void)i;
ret = BuildMsgOrHashOutput(ssl, output, &sendSz, i, certificate_request,
"CertificateRequest");
if (ret != 0)
return ret;
if (IsEncryptionOn(ssl, 1)) {
byte* input = NULL;
int inputSz = (int)i; /* build msg adds rec hdr */
int recordHeaderSz = RECORD_HEADER_SZ;
if (ssl->options.dtls)
recordHeaderSz += DTLS_RECORD_EXTRA;
inputSz -= recordHeaderSz;
if (inputSz <= 0) {
WOLFSSL_MSG("Send Cert Req bad inputSz");
return BUFFER_E;
}
input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
DYNAMIC_TYPE_IN_BUFFER);
if (input == NULL)
return MEMORY_E;
XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) &&
(ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
certificate_request)) != 0) {
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
return ret;
}
#endif
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 1, 0, 0, CUR_ORDER);
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
if (sendSz < 0)
return sendSz;
} else {
sendSz = (int)i;
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz,
certificate_request)) != 0)
return ret;
}
if (ssl->options.dtls)
DtlsSEQIncrement(ssl, CUR_ORDER);
#endif
ret = HashOutput(ssl, output, sendSz, 0);
if (ret != 0)
return ret;
}
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
if (ssl->hsInfoOn)
AddPacketName(ssl, "CertificateRequest");
if (ssl->toInfoOn) {
ret = AddPacketInfo(ssl, "CertificateRequest", handshake, output,
sendSz, WRITE_PROTO, 0, ssl->heap);
if (ret != 0)
return ret;
}
#endif
ssl->buffers.outputBuffer.length += (word32)sendSz;
if (ssl->options.groupMessages)
ret = 0;
else
ret = SendBuffered(ssl);
ssl->options.buildingMsg = 0;
WOLFSSL_LEAVE("SendCertificateRequest", ret);
WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_SEND);
@@ -31063,47 +31081,10 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
}
#endif /* HAVE_TLS_EXTENSIONS */
if (IsEncryptionOn(ssl, 1)) {
byte* input;
int inputSz = (int)idx; /* build msg adds rec hdr */
int recordHeaderSz = RECORD_HEADER_SZ;
if (ssl->options.dtls)
recordHeaderSz += DTLS_RECORD_EXTRA;
inputSz -= recordHeaderSz;
input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
DYNAMIC_TYPE_IN_BUFFER);
if (input == NULL)
return MEMORY_E;
XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) &&
(ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
client_hello)) != 0) {
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
return ret;
}
#endif
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 1, 0, 0, CUR_ORDER);
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
if (sendSz < 0)
return sendSz;
} else {
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, client_hello)) != 0)
return ret;
}
if (ssl->options.dtls)
DtlsSEQIncrement(ssl, CUR_ORDER);
#endif
ret = HashOutput(ssl, output, sendSz, 0);
if (ret != 0)
return ret;
}
ret = BuildMsgOrHashOutput(ssl, output, &sendSz, idx, client_hello,
"ClientHello");
if (ret != 0)
return ret;
ssl->options.clientState = CLIENT_HELLO_COMPLETE;
#ifdef OPENSSL_EXTRA
@@ -31112,20 +31093,6 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
#endif
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
if (ssl->hsInfoOn) AddPacketName(ssl, "ClientHello");
if (ssl->toInfoOn) {
ret = AddPacketInfo(ssl, "ClientHello", handshake, output, sendSz,
WRITE_PROTO, 0, ssl->heap);
if (ret != 0)
return ret;
}
#endif
ssl->options.buildingMsg = 0;
ssl->buffers.outputBuffer.length += (word32)sendSz;
ret = SendBuffered(ssl);
WOLFSSL_LEAVE("SendClientHello", ret);
@@ -35599,61 +35566,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif
#endif
if (IsEncryptionOn(ssl, 1)) {
byte* input;
int inputSz = (int)idx; /* build msg adds rec hdr */
int recordHeaderSz = RECORD_HEADER_SZ;
if (ssl->options.dtls)
recordHeaderSz += DTLS_RECORD_EXTRA;
inputSz -= recordHeaderSz;
input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
DYNAMIC_TYPE_IN_BUFFER);
if (input == NULL)
return MEMORY_E;
XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) &&
(ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello)) != 0) {
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
return ret;
}
#endif
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 1, 0, 0, CUR_ORDER);
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
if (sendSz < 0)
return sendSz;
} else {
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, server_hello)) != 0)
return ret;
}
if (ssl->options.dtls)
DtlsSEQIncrement(ssl, CUR_ORDER);
#endif
ret = HashOutput(ssl, output, sendSz, 0);
if (ret != 0)
return ret;
}
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
if (ssl->hsInfoOn)
AddPacketName(ssl, "ServerHello");
if (ssl->toInfoOn) {
ret = AddPacketInfo(ssl, "ServerHello", handshake, output, sendSz,
WRITE_PROTO, 0, ssl->heap);
if (ret != 0)
return ret;
}
#endif
ret = BuildMsgOrHashOutput(ssl, output, &sendSz, idx, server_hello,
"ServerHello");
if (ret != 0)
return ret;
ssl->options.serverState = SERVER_HELLO_COMPLETE;
ssl->options.buildingMsg = 0;
ssl->buffers.outputBuffer.length += (word32)sendSz;
if (ssl->options.groupMessages)
ret = 0;
@@ -39142,64 +39060,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* get output buffer */
output = GetOutputBuffer(ssl);
AddHeaders(output, 0, server_hello_done, ssl);
ret = BuildMsgOrHashOutput(ssl, output, &sendSz,
HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ +
(ssl->options.dtls ?
DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA : 0),
server_hello_done, "ServerHelloDone");
if (ret != 0)
return ret;
if (IsEncryptionOn(ssl, 1)) {
byte* input;
int inputSz = HANDSHAKE_HEADER_SZ; /* build msg adds rec hdr */
int recordHeaderSz = RECORD_HEADER_SZ;
if (ssl->options.dtls) {
recordHeaderSz += DTLS_RECORD_EXTRA;
inputSz += DTLS_HANDSHAKE_EXTRA;
}
input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
DYNAMIC_TYPE_IN_BUFFER);
if (input == NULL)
return MEMORY_E;
XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) &&
(ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello_done)) != 0) {
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
return ret;
}
#endif
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 1, 0, 0, CUR_ORDER);
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
if (sendSz < 0)
return sendSz;
} else {
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) {
if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, server_hello_done)) != 0)
return ret;
}
if (ssl->options.dtls)
DtlsSEQIncrement(ssl, CUR_ORDER);
#endif
ret = HashOutput(ssl, output, sendSz, 0);
if (ret != 0)
return ret;
}
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
if (ssl->hsInfoOn)
AddPacketName(ssl, "ServerHelloDone");
if (ssl->toInfoOn) {
ret = AddPacketInfo(ssl, "ServerHelloDone", handshake, output,
sendSz, WRITE_PROTO, 0, ssl->heap);
if (ret != 0)
return ret;
}
#endif
ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
ssl->options.buildingMsg = 0;
ssl->buffers.outputBuffer.length += (word32)sendSz;
ret = SendBuffered(ssl);

53
src/tls13.c
View File

@@ -306,7 +306,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
switch (hashAlgo) {
#ifndef NO_WOLFSSL_SHA256
#ifndef NO_SHA256
case sha256_mac:
ret = wc_InitSha256_ex(&digest.sha256, ssl->heap, ssl->devId);
if (ret == 0) {
@@ -3611,14 +3611,21 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
cookieSz += OPAQUE16_LEN;
}
#if !defined(NO_SHA) && defined(NO_SHA256)
cookieType = SHA;
macSz = WC_SHA_DIGEST_SIZE;
#endif /* NO_SHA */
#ifndef NO_SHA256
cookieType = WC_SHA256;
macSz = WC_SHA256_DIGEST_SIZE;
#endif /* NO_SHA256 */
#elif defined(WOLFSSL_SHA384)
cookieType = WC_SHA384;
macSz = WC_SHA384_DIGEST_SIZE;
#elif defined(WOLFSSL_TLS13_SHA512)
cookieType = WC_SHA512;
macSz = WC_SHA512_DIGEST_SIZE;
#elif defined(WOLFSSL_SM3)
cookieType = WC_SM3;
macSz = WC_SM3_DIGEST_SIZE;
#else
#error "No digest to available to use with HMAC for cookies."
#endif /* NO_SHA */
ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
if (ret == 0) {
@@ -6471,14 +6478,21 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz)
return COOKIE_ERROR;
}
#if !defined(NO_SHA) && defined(NO_SHA256)
cookieType = SHA;
macSz = WC_SHA_DIGEST_SIZE;
#endif /* NO_SHA */
#ifndef NO_SHA256
cookieType = WC_SHA256;
macSz = WC_SHA256_DIGEST_SIZE;
#endif /* NO_SHA256 */
#elif defined(WOLFSSL_SHA384)
cookieType = WC_SHA384;
macSz = WC_SHA384_DIGEST_SIZE;
#elif defined(WOLFSSL_TLS13_SHA512)
cookieType = WC_SHA512;
macSz = WC_SHA512_DIGEST_SIZE;
#elif defined(WOLFSSL_SM3)
cookieType = WC_SM3;
macSz = WC_SM3_DIGEST_SIZE;
#else
#error "No digest to available to use with HMAC for cookies."
#endif /* NO_SHA */
if (cookieSz < ssl->specs.hash_size + macSz)
return HRR_COOKIE_ERROR;
@@ -8404,7 +8418,7 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz,
/* Digest the signature data. */
switch (hashAlgo) {
#ifndef NO_WOLFSSL_SHA256
#ifndef NO_SHA256
case sha256_mac:
ret = wc_InitSha256(&digest.sha256);
if (ret == 0) {
@@ -8469,7 +8483,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo)
/* Digest the signature data. */
switch (hashAlgo) {
#ifndef NO_WOLFSSL_SHA256
#ifndef NO_SHA256
case sha256_mac:
ret = wc_InitSha256(&digest.sha256);
if (ret == 0) {
@@ -13697,12 +13711,17 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret,
return SIDE_ERROR;
if (secretSz == 0) {
#if !defined(NO_SHA) && defined(NO_SHA256)
secretSz = WC_SHA_DIGEST_SIZE;
#endif /* NO_SHA */
#ifndef NO_SHA256
secretSz = WC_SHA256_DIGEST_SIZE;
#endif /* NO_SHA256 */
#elif defined(WOLFSSL_SHA384)
secretSz = WC_SHA384_DIGEST_SIZE;
#elif defined(WOLFSSL_TLS13_SHA512)
secretSz = WC_SHA512_DIGEST_SIZE;
#elif defined(WOLFSSL_SM3)
secretSz = WC_SM3_DIGEST_SIZE;
#else
#error "No digest to available to use with HMAC for cookies."
#endif /* NO_SHA */
}
if (secretSz != ssl->buffers.tls13CookieSecret.length) {

57
tests/api.c
View File

@@ -3172,7 +3172,8 @@ static int test_wolfSSL_CertManagerLoadCABufferType(void)
{
EXPECT_DECLS;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
!defined(NO_RSA) && !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION)
!defined(NO_RSA) && !defined(NO_SHA256) && \
!defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION)
#if defined(WOLFSSL_PEM_TO_DER)
const char* ca_cert = "./certs/ca-cert.pem";
const char* int1_cert = "./certs/intermediate/ca-int-cert.pem";
@@ -5125,12 +5126,14 @@ static int test_wolfSSL_CertRsaPss(void)
(HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \
(defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2)))
XFILE f = XBADFILE;
#ifndef NO_SHA256
const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der";
#ifdef WOLFSSL_PEM_TO_DER
const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem";
#else
const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.der";
#endif
#endif
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \
RSA_MAX_SIZE >= 3072
const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der";
@@ -5148,13 +5151,16 @@ static int test_wolfSSL_CertRsaPss(void)
WOLFSSL_CERT_MANAGER* cm = NULL;
ExpectNotNull(cm = wolfSSL_CertManagerNew());
#ifndef NO_SHA256
ExpectIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha256Cert, NULL));
#endif
#if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072
ExpectIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha384Cert, NULL));
#endif
#ifndef NO_SHA256
ExpectTrue((f = XFOPEN(rsaPssSha256Cert, "rb")) != XBADFILE);
ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
if (f != XBADFILE) {
@@ -5164,6 +5170,7 @@ static int test_wolfSSL_CertRsaPss(void)
wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
wc_FreeDecodedCert(&cert);
#endif
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \
RSA_MAX_SIZE >= 3072
@@ -5177,6 +5184,9 @@ static int test_wolfSSL_CertRsaPss(void)
#endif
wolfSSL_CertManagerFree(cm);
(void)buf;
(void)bytes;
#endif
return EXPECT_RESULT();
@@ -9465,6 +9475,8 @@ cleanup:
static int test_wolfSSL_read_write(void)
{
EXPECT_DECLS;
#ifndef NO_SHA256
/* The unit testing for read and write shall happen simultaneously, since
* one can't do anything with one without the other. (Except for a failure
* test case.) This function will call all the others that will set up,
@@ -9488,7 +9500,6 @@ static int test_wolfSSL_read_write(void)
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
EXPECT_DECLS;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
@@ -9520,7 +9531,7 @@ static int test_wolfSSL_read_write(void)
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
#endif
return EXPECT_RESULT();
}
@@ -25159,7 +25170,8 @@ static int test_wolfSSL_check_domain(void)
}
#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(OPENSSL_COMPATIBLE_DEFAULTS)
#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_SHA256)
static const char* dn = NULL;
static int test_wolfSSL_check_domain_basic_client_ssl(WOLFSSL* ssl)
{
@@ -27881,8 +27893,8 @@ static int test_wolfSSL_SESSION(void)
{
EXPECT_DECLS;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
!defined(NO_SESSION_CACHE)
!defined(NO_RSA) && !defined(NO_SHA256) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
WOLFSSL* ssl = NULL;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL_SESSION* sess = NULL;
@@ -37669,7 +37681,7 @@ static int test_X509_LOOKUP_add_dir(void)
*----------------------------------------------------------------------------*/
#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM)
#if !defined(NO_RSA) || defined(HAVE_ECC)
#if (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_SHA256)
/* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
@@ -42047,6 +42059,7 @@ static int test_wolfSSL_dtls_stateless(void)
#ifdef HAVE_CERT_CHAIN_VALIDATION
#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
#ifdef WOLFSSL_PEM_TO_DER
#ifndef NO_SHA256
static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
{
int ret;
@@ -42224,10 +42237,12 @@ static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
return ret;
}
#endif
static int test_various_pathlen_chains(void)
{
EXPECT_DECLS;
#ifndef NO_SHA256
WOLFSSL_CERT_MANAGER* cm = NULL;
/* Test chain G (large chain with varying pathLens) */
@@ -42280,6 +42295,7 @@ static int test_various_pathlen_chains(void)
ExpectNotNull(cm = wolfSSL_CertManagerNew());
ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
wolfSSL_CertManagerFree(cm);
#endif
return EXPECT_RESULT();
}
@@ -47311,7 +47327,8 @@ static int test_dtls13_bad_epoch_ch(void)
(!defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
!defined(NO_DES3))) || !defined(WOLFSSL_NO_TLS12)) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(NO_SESSION_CACHE) && !defined(NO_SHA256)
static int test_short_session_id_ssl_ready(WOLFSSL* ssl)
{
EXPECT_DECLS;
@@ -48616,8 +48633,9 @@ static int test_certreq_sighash_algos(void)
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_MAX_STRENGTH) && defined(HAVE_ECC) && \
defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_TLS12)
!defined(NO_SHA256) && defined(WOLFSSL_SHA384) && \
defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC) && \
!defined(WOLFSSL_NO_TLS12)
WOLFSSL_CTX *ctx_c = NULL;
WOLFSSL_CTX *ctx_s = NULL;
WOLFSSL *ssl_c = NULL;
@@ -49482,7 +49500,8 @@ static int test_self_signed_stapling(void)
static int test_tls_multi_handshakes_one_record(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_NO_TLS12) && !defined(NO_SHA256)
struct test_memio_ctx test_ctx;
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
@@ -49687,7 +49706,8 @@ static int test_read_write_hs(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_NO_TLS12) && !defined(NO_SHA256)
WOLFSSL_CTX *ctx_s = NULL, *ctx_c = NULL;
WOLFSSL *ssl_s = NULL, *ssl_c = NULL;
struct test_memio_ctx test_ctx;
@@ -49966,7 +49986,8 @@ static int test_get_signature_nid(void)
}
#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(NO_SHA256)
static word32 test_tls_cert_store_unchanged_HashCaTable(Signer** caTable)
{
#ifndef NO_MD5
@@ -50059,7 +50080,8 @@ static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl)
static int test_tls_cert_store_unchanged(void)
{
EXPECT_DECLS;
#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(NO_SHA256)
test_ssl_cbf client_cbf;
test_ssl_cbf server_cbf;
int i;
@@ -50290,7 +50312,7 @@ static int test_wolfSSL_SSLDisableRead(void)
static int test_wolfSSL_inject(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SHA256)
size_t i;
struct {
method_provider client_meth;
@@ -50718,6 +50740,7 @@ TEST_CASE testCases[] = {
#endif
TEST_DECL(test_EVP_PKEY_rsa),
TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
TEST_DECL(test_EVP_PKEY_ec),
TEST_DECL(test_wolfSSL_EVP_PKEY_encrypt),
TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify_rsa),
@@ -51061,7 +51084,6 @@ TEST_CASE testCases[] = {
defined(WOLFSSL_PEM_TO_DER)
TEST_DECL(test_various_pathlen_chains),
#endif
TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
/*********************************
* SSL/TLS API tests
@@ -51107,7 +51129,7 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM) && \
!defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) && \
(!defined(NO_RSA) || defined(HAVE_ECC))
(!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_SHA256)
/* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
/* Bad certificate signature tests */
TEST_DECL(test_EccSigFailure_cm),
@@ -51407,6 +51429,7 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
TEST_DECL(test_dtls_bogus_finished_epoch_zero),
TEST_DECL(test_dtls_replay),
TEST_DECL(test_dtls_srtp),
TEST_DECL(test_dtls_timeout),
TEST_DECL(test_dtls13_ack_order),
TEST_DECL(test_dtls_version_checking),
TEST_DECL(test_ocsp_status_callback),

65
tests/api/test_dtls.c
View File

@@ -1247,7 +1247,8 @@ int test_dtls_record_cross_boundaries(void)
}
#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) */
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_NO_TLS12) && !defined(NO_SHA256)
/* This test that the DTLS record boundary check doesn't interfere with TLS
* records processing */
int test_records_span_network_boundaries(void)
@@ -1637,3 +1638,65 @@ int test_dtls_srtp(void)
return EXPECT_RESULT();
}
#endif
int test_dtls_timeout(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS)
size_t i;
struct {
method_provider client_meth;
method_provider server_meth;
} params[] = {
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DTLS13)
{ wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method },
#endif
#if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_DTLS)
{ wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method },
#endif
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_DTLS)
{ wolfDTLSv1_client_method, wolfDTLSv1_server_method },
#endif
};
for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) {
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
struct test_memio_ctx test_ctx;
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
params[i].client_meth, params[i].server_meth), 0);
ExpectIntEQ(wolfSSL_dtls_set_timeout_max(ssl_c, 2), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DTLS13)
/* will return 0 when not 1.3 */
if (wolfSSL_dtls13_use_quick_timeout(ssl_c))
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
#endif
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_dtls_get_current_timeout(ssl_c), 2);
ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(wolfSSL_dtls_get_current_timeout(ssl_c), 1);
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DTLS13)
/* will return 0 when not 1.3 */
if (wolfSSL_dtls13_use_quick_timeout(ssl_c))
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
#endif
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_dtls_get_current_timeout(ssl_c), 2);
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
wolfSSL_free(ssl_s);
wolfSSL_free(ssl_c);
wolfSSL_CTX_free(ctx_s);
wolfSSL_CTX_free(ctx_c);
}
#endif
return EXPECT_RESULT();
}

1
tests/api/test_dtls.h
View File

@@ -41,4 +41,5 @@ int test_dtls_drop_client_ack(void);
int test_dtls_bogus_finished_epoch_zero(void);
int test_dtls_replay(void);
int test_dtls_srtp(void);
int test_dtls_timeout(void);
#endif /* TESTS_API_DTLS_H */

4
tests/api/test_pkcs12.c
View File

@@ -42,7 +42,7 @@ int test_wc_i2d_PKCS12(void)
EXPECT_DECLS;
#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
&& !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES) && !defined(NO_SHA)
&& !defined(NO_AES) && !defined(NO_SHA) && !defined(NO_SHA256)
WC_PKCS12* pkcs12 = NULL;
unsigned char der[FOURK_BUF * 2];
unsigned char* pt;
@@ -163,6 +163,7 @@ int test_wc_PKCS12_create(void)
{
EXPECT_DECLS;
#ifndef NO_SHA256
EXPECT_TEST(test_wc_PKCS12_create_once(-1, -1));
#if !defined(NO_RC4) && !defined(NO_SHA)
EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_RC4_128, PBE_SHA1_RC4_128));
@@ -187,6 +188,7 @@ int test_wc_PKCS12_create(void)
#if defined(HAVE_AES_CBC) && !defined(NO_AES) && !defined(NO_AES_256) && \
!defined(NO_SHA) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_DES3)
EXPECT_TEST(test_wc_PKCS12_create_once(PBE_AES256_CBC, PBE_SHA1_DES3));
#endif
#endif
(void) test_wc_PKCS12_create_once;

9
tests/api/test_pkcs7.c
View File

@@ -2163,10 +2163,10 @@ int test_wc_PKCS7_DecodeEnvelopedData_multiple_recipients(void)
byte decodedData[8192];
ExpectTrue((f = XFOPEN(testFile, "rb")) != XBADFILE);
testDerBufferSz = XFREAD(testDerBuffer, 1,
sizeof(testDerBuffer), f);
ExpectIntNE(testDerBufferSz, 0);
if (f != XBADFILE) {
testDerBufferSz = XFREAD(testDerBuffer, 1,
sizeof(testDerBuffer), f);
ExpectIntGT(testDerBufferSz, 0);
XFCLOSE(f);
f = XBADFILE;
}
@@ -2188,6 +2188,7 @@ int test_wc_PKCS7_DecodeEnvelopedData_multiple_recipients(void)
ExpectIntGT(ret, 0);
#endif
wc_PKCS7_Free(pkcs7);
pkcs7 = NULL;
}
/* test with client cert recipient */
@@ -2207,6 +2208,7 @@ int test_wc_PKCS7_DecodeEnvelopedData_multiple_recipients(void)
ExpectIntGT(ret, 0);
#endif
wc_PKCS7_Free(pkcs7);
pkcs7 = NULL;
}
/* test with ca cert recipient (which should fail) */
@@ -2222,6 +2224,7 @@ int test_wc_PKCS7_DecodeEnvelopedData_multiple_recipients(void)
(word32)testDerBufferSz, decodedData, sizeof(decodedData));
ExpectIntLT(ret, 0);
wc_PKCS7_Free(pkcs7);
pkcs7 = NULL;
}
return EXPECT_RESULT();

5
tests/api/test_rsa.c
View File

@@ -106,8 +106,9 @@ int test_wc_RsaPrivateKeyDecode(void)
int test_wc_RsaPublicKeyDecode(void)
{
EXPECT_DECLS;
#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024) || \
defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
#if !defined(NO_RSA) && !defined(NO_SHA256) && \
(defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \
!defined(HAVE_FIPS)
RsaKey keyPub;
byte* tmp = NULL;
word32 idx = 0;

5
testsuite/testsuite.c
View File

@@ -197,8 +197,11 @@ int testsuite_test(int argc, char** argv)
#else
simple_test(&server_args);
#endif
if (server_args.return_code != 0) return server_args.return_code;
if (server_args.return_code != 0)
return server_args.return_code;
#if !defined(NETOS)
FreeTcpReady(&ready);
InitTcpReady(&ready);
/* Echo input wolfSSL client server test */
#ifdef HAVE_STACK_SIZE
StackSizeCheck_launch(&server_args, echoserver_test, &serverThread,

13
wolfcrypt/test/test.c
View File

@@ -18607,7 +18607,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
};
byte output[WC_SHA256_DIGEST_SIZE * 4];
byte output[32 * 4];
wc_test_ret_t ret;
WOLFSSL_ENTER("random_test");
@@ -20624,7 +20624,9 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
#ifdef WOLFSSL_SHA224
WC_MGF1SHA224,
#endif
#ifndef NO_SHA256
WC_MGF1SHA256,
#endif
#ifdef WOLFSSL_SHA384
WC_MGF1SHA384,
#endif
@@ -20639,7 +20641,9 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
#ifdef WOLFSSL_SHA224
WC_HASH_TYPE_SHA224,
#endif
#ifndef NO_SHA256
WC_HASH_TYPE_SHA256,
#endif
#ifdef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384,
#endif
@@ -28293,6 +28297,7 @@ typedef struct {
* serverHelloRandom, serverFinishedRandom, and clietnFinishedRandom
* hashed together. */
static const Tls13KdfTestVector tls13KdfTestVectors[] = {
#ifndef NO_SHA256
{ /* 1 */
WC_HASH_TYPE_SHA256, 35, 35,
{ /* PSK */
@@ -28516,6 +28521,7 @@ static const Tls13KdfTestVector tls13KdfTestVectors[] = {
0xa5, 0x7c, 0x50, 0x14, 0xfd, 0xe7, 0x5f, 0x8b, 0xd3, 0x2f, 0xdc, 0x9b,
0xa9, 0x93, 0x22, 0x19, 0xe6, 0xf2, 0x0c, 0xd8 }
},
#endif
#ifdef WOLFSSL_SHA384
{ /* 26 */
WC_HASH_TYPE_SHA384, 35, 35,
@@ -32335,6 +32341,7 @@ done:
!defined(NO_ECC_SIGN)
static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key)
{
#ifndef NO_SHA256
wc_test_ret_t ret;
word32 sigSz;
int size;
@@ -32379,6 +32386,10 @@ static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key)
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
TEST_SLEEP();
#else
(void)rng;
(void)key;
#endif
return 0;
}

2
wolfssl/internal.h
View File

@@ -4465,7 +4465,7 @@ WOLFSSL_LOCAL int BuildCertHashes(const WOLFSSL* ssl, Hashes* hashes);
#ifdef WOLFSSL_TLS13
typedef union Digest {
#ifndef NO_WOLFSSL_SHA256
#ifndef NO_SHA256
wc_Sha256 sha256;
#endif
#ifdef WOLFSSL_SHA384

8
wolfssl/test.h
View File

@@ -1535,6 +1535,7 @@ static WC_INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
int udp, int sctp, WOLFSSL* ssl)
{
SOCKADDR_IN_T addr;
fprintf(stderr, "connecting to %s:%d\n", ip, port);
build_addr(&addr, ip, port, udp, sctp);
if (udp) {
wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
@@ -1542,8 +1543,10 @@ static WC_INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
tcp_socket(sockfd, udp, sctp);
if (!udp) {
if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) {
perror("connect");
err_sys_with_errno("tcp connect failed");
}
}
}
@@ -1555,7 +1558,7 @@ static WC_INLINE void udp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
SOCKADDR_IN_T addr;
build_addr(&addr, ip, port, 1, 0);
if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
err_sys_with_errno("tcp connect failed");
err_sys_with_errno("udp connect failed");
}
@@ -1692,6 +1695,7 @@ static WC_INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
}
}
#endif
fprintf(stderr, "listening on port %d\n", *port);
}