wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8064 from SparkiDev/regression_fixes_14

Browse Source 
Regression test fixes
This commit is contained in:
Daniel Pouzzner
2024-10-15 11:47:37 -05:00
committed by GitHub
parent 0f8b4dbc63 5f1ddadf71
commit 3e1f365e75
6 changed files with 204 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/bio.c
View File

@@ -834,7 +834,9 @@ exit_chain:
(const char*)data, len, 0, ret);
}
XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (front != NULL) {
XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#ifdef WOLFSSL_BASE64_ENCODE
if (retB64 > 0 && ret > 0)

17
src/internal.c
View File

@@ -6849,10 +6849,14 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
if (ssl->buffers.key != NULL) {
FreeDer(&ssl->buffers.key);
}
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
if (ret != 0) {
return ret;
}
ssl->buffers.weOwnKey = 1;
ret = WOLFSSL_SUCCESS;
}
else {
ssl->buffers.key = ctx->privateKey;
@@ -6862,9 +6866,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#endif
#else
if (ctx->privateKey != NULL) {
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
if (ret != 0) {
return ret;
}
ssl->buffers.weOwnKey = 1;
/* Blind the private key for the SSL with new random mask. */
wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask);
@@ -6885,9 +6892,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->buffers.altKey = ctx->altPrivateKey;
#else
if (ctx->altPrivateKey != NULL) {
AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
ctx->altPrivateKey->length, ctx->altPrivateKey->type,
ctx->altPrivateKey->heap);
if (ret != 0) {
return ret;
}
/* Blind the private key for the SSL with new random mask. */
wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask);
ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
@@ -6895,6 +6905,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
if (ret != 0) {
return ret;
}
ret = WOLFSSL_SUCCESS;
}
#endif
ssl->buffers.altKeyType = ctx->altPrivateKeyType;

35
src/ssl.c
View File

@@ -19793,11 +19793,15 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
return;
/* ctx still owns certificate, certChain, key, dh, and cm */
if (ssl->buffers.weOwnCert)
if (ssl->buffers.weOwnCert) {
FreeDer(&ssl->buffers.certificate);
ssl->buffers.weOwnCert = 0;
}
ssl->buffers.certificate = NULL;
if (ssl->buffers.weOwnCertChain)
if (ssl->buffers.weOwnCertChain) {
FreeDer(&ssl->buffers.certChain);
ssl->buffers.weOwnCertChain = 0;
}
ssl->buffers.certChain = NULL;
#ifdef WOLFSSL_TLS13
ssl->buffers.certChainCnt = 0;
@@ -19807,6 +19811,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
FreeDer(&ssl->buffers.keyMask);
#endif
ssl->buffers.weOwnKey = 0;
}
ssl->buffers.key = NULL;
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
@@ -19823,6 +19828,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
FreeDer(&ssl->buffers.altKeyMask);
#endif
ssl->buffers.weOwnAltKey = 0;
}
ssl->buffers.altKey = NULL;
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
@@ -20402,11 +20408,13 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
if (ctx->certificate != NULL) {
if (ssl->buffers.certificate != NULL) {
FreeDer(&ssl->buffers.certificate);
ssl->buffers.certificate = NULL;
}
ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer,
ctx->certificate->length, ctx->certificate->type,
ctx->certificate->heap);
if (ret != 0) {
ssl->buffers.weOwnCert = 0;
return NULL;
}
@@ -20416,11 +20424,13 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
if (ctx->certChain != NULL) {
if (ssl->buffers.certChain != NULL) {
FreeDer(&ssl->buffers.certChain);
ssl->buffers.certChain = NULL;
}
ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer,
ctx->certChain->length, ctx->certChain->type,
ctx->certChain->heap);
if (ret != 0) {
ssl->buffers.weOwnCertChain = 0;
return NULL;
}
@@ -20440,10 +20450,15 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
if (ctx->privateKey != NULL) {
if (ssl->buffers.key != NULL) {
FreeDer(&ssl->buffers.key);
ssl->buffers.key = NULL;
}
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
if (ret != 0) {
ssl->buffers.weOwnKey = 0;
return NULL;
}
ssl->buffers.weOwnKey = 1;
}
else {
@@ -20454,15 +20469,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
#endif
#else
if (ctx->privateKey != NULL) {
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
if (ret != 0) {
return NULL;
}
/* Blind the private key for the SSL with new random mask. */
wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask);
ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
&ssl->buffers.keyMask);
if (ret != 0) {
return ret;
return NULL;
}
}
#endif
@@ -20484,15 +20502,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->buffers.altKey = ctx->altPrivateKey;
#else
if (ctx->altPrivateKey != NULL) {
AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
ctx->altPrivateKey->length, ctx->altPrivateKey->type,
ctx->altPrivateKey->heap);
if (ret != 0) {
return NULL;
}
/* Blind the private key for the SSL with new random mask. */
wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask);
ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
&ssl->buffers.altKeyMask);
if (ret != 0) {
return ret;
return NULL;
}
}
#endif

1
src/ssl_asn1.c
View File

@@ -580,6 +580,7 @@ static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem,
if (impBuf != NULL) {
tmp = *src + (tmp - impBuf); /* for the next calculation */
XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
impBuf = NULL;
}
if (asnLen >= 0 && (int)(tmp - *src) != asnLen) {
WOLFSSL_MSG("ptr not advanced enough");

7
src/x509.c
View File

@@ -562,7 +562,6 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
/* Create a WOLFSSL_ASN1_STRING from the DER. */
str = wolfSSL_ASN1_STRING_type_new(tag);
if (str == NULL) {
wolfSSL_ASN1_OBJECT_free(obj);
goto err;
}
wolfSSL_ASN1_STRING_set(str, p, (int)len);
@@ -15087,12 +15086,14 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR;
}
}
if (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR) {
if ((req->reqAttributes != NULL) &&
(req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR)) {
ret = wolfSSL_sk_push(req->reqAttributes, attr) > 0
? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
else
else {
ret = WOLFSSL_FAILURE;
}
if (ret != WOLFSSL_SUCCESS)
wolfSSL_X509_ATTRIBUTE_free(attr);
}

195
tests/api.c
View File

@@ -34967,15 +34967,6 @@ static int test_wc_dilithium_der(void)
ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der,
DILITHIUM_MAX_DER_SIZE, 1), pubDerLen);
idx = 0;
{
fprintf(stderr, "\n");
for (int ii = 0; ii < pubDerLen; ii++) {
if ((ii % 8) == 0) fprintf(stderr, " ");
fprintf(stderr, "0x%02x,", der[ii]);
if ((ii % 8) == 7) fprintf(stderr, "\n");
else fprintf(stderr, " ");
}
}
ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0);
ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der,
@@ -49182,6 +49173,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
word32 badOutSz = 0;
byte data[] = "Test data to encode.";
#ifndef NO_RSA
int encryptOid = RSAk;
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof(client_key_der_2048)];
byte cert[sizeof(client_cert_der_2048)];
@@ -49224,6 +49216,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
int encryptOid = ECDSAk;
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
unsigned char key[sizeof(ecc_clikey_der_256)];
@@ -49271,7 +49264,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->encryptOID = encryptOid;
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
@@ -49288,8 +49281,9 @@ static int test_wc_PKCS7_EncodeSignedData(void)
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
#ifdef ASN_BER_TO_DER
#if defined(ASN_BER_TO_DER) && !defined(NO_RSA)
wc_PKCS7_Free(pkcs7);
pkcs7 = NULL;
/* reinitialize and test setting stream mode */
{
@@ -49306,7 +49300,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->encryptOID = encryptOid;
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
@@ -49329,7 +49323,8 @@ static int test_wc_PKCS7_EncodeSignedData(void)
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
/* use exact signed buffer size since BER encoded */
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz), 0);
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz),
0);
wc_PKCS7_Free(pkcs7);
/* now try with using callbacks for IO */
@@ -49342,7 +49337,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
pkcs7->contentSz = FOURK_BUF*2;
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->encryptOID = encryptOid;
#ifdef NO_SHA
pkcs7->hashOID = SHA256h;
#else
@@ -51699,10 +51694,10 @@ static int test_wc_PKCS7_BER(void)
byte decoded[2048];
#endif
word32 derSz = 0;
#ifndef NO_PKCS7_STREAM
#if !defined(NO_PKCS7_STREAM) && !defined(NO_RSA)
word32 z;
int ret;
#endif /* !NO_PKCS7_STREAM */
#endif /* !NO_PKCS7_STREAM && !NO_RSA */
ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
@@ -55071,8 +55066,14 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
group_obj = OBJ_nid2obj(NID_secp256k1);
ExpectIntEQ(X509_ALGOR_set0(nested_asn1->key->alg, ec_obj,
V_ASN1_OBJECT, group_obj), 1);
ec_obj = NULL;
group_obj = NULL;
if (EXPECT_SUCCESS()) {
ec_obj = NULL;
group_obj = NULL;
}
else {
wolfSSL_ASN1_OBJECT_free(ec_obj);
wolfSSL_ASN1_OBJECT_free(group_obj);
}
ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->key->pub_key, 50, 1),
1);
/* nested_asn1->asn1_obj->key */
@@ -55080,8 +55081,14 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
group_obj = OBJ_nid2obj(NID_secp256k1);
ExpectIntEQ(X509_ALGOR_set0(nested_asn1->asn1_obj->key->alg, ec_obj,
V_ASN1_OBJECT, group_obj), 1);
ec_obj = NULL;
group_obj = NULL;
if (EXPECT_SUCCESS()) {
ec_obj = NULL;
group_obj = NULL;
}
else {
wolfSSL_ASN1_OBJECT_free(ec_obj);
wolfSSL_ASN1_OBJECT_free(group_obj);
}
ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->key->pub_key,
500, 1), 1);
/* nested_asn1->asn1_obj->asnNum */
@@ -55099,13 +55106,18 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
ExpectIntGT(
sk_ASN1_GENERALSTRING_push(nested_asn1->asn1_obj->strList,
genStr), 0);
if (EXPECT_FAIL()) {
ASN1_GENERALSTRING_free(genStr);
}
}
/* nested_asn1->asn1_obj->str */
ExpectNotNull(nested_asn1->asn1_obj->str->d.str2
= ASN1_BIT_STRING_new());
ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->str->d.str2,
150, 1), 1);
nested_asn1->asn1_obj->str->type = 2;
if (nested_asn1 != NULL) {
nested_asn1->asn1_obj->str->type = 2;
}
der = NULL;
ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1, &der), 285);
@@ -55136,6 +55148,9 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
ExpectNotNull(asn1_num = ASN1_INTEGER_new());
ExpectIntEQ(ASN1_INTEGER_set(asn1_num, i), 1);
ExpectIntGT(wolfSSL_sk_insert(asn1_item, asn1_num, -1), 0);
if (EXPECT_FAIL()) {
ASN1_INTEGER_free(asn1_num);
}
}
der = NULL;
@@ -55175,6 +55190,9 @@ static int test_wolfSSL_i2d_ASN1_TYPE(void)
ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
ExpectNotNull(asn1type = ASN1_TYPE_new());
if (EXPECT_FAIL()) {
ASN1_STRING_free(str);
}
ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str);
}
@@ -61608,6 +61626,7 @@ static int test_wolfSSL_BN_enc_dec(void)
ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a));
BN_free(a);
a = NULL;
ExpectNotNull(a = BN_new());
ExpectIntEQ(BN_set_word(a, 2), 1);
ExpectNull(BN_bin2bn(binNum, -1, a));
@@ -65695,7 +65714,9 @@ static int test_wolfSSL_ERR_print_errors(void)
defined(DEBUG_WOLFSSL)
static int test_wolfSSL_error_cb(const char *str, size_t len, void *u)
{
wolfSSL_BIO_write((BIO*)u, str, (int)len);
if (u != NULL) {
wolfSSL_BIO_write((BIO*)u, str, (int)len);
}
return 0;
}
#endif
@@ -68478,7 +68499,7 @@ static int test_GENERAL_NAME_set0_othername(void) {
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \
defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \
defined(WOLFSSL_FPKI)
defined(WOLFSSL_FPKI) && !defined(NO_RSA)
/* ./configure --enable-opensslall --enable-certgen --enable-certreq
* --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID
* -DWOLFSSL_ALT_NAMES -DWOLFSSL_FPKI' */
@@ -68562,7 +68583,7 @@ static int test_othername_and_SID_ext(void) {
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \
defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \
defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE)
defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_RSA)
/* ./configure --enable-opensslall --enable-certgen --enable-certreq
* --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID
* -DWOLFSSL_ALT_NAMES -DWOLFSSL_FPKI' */
@@ -68674,6 +68695,7 @@ static int test_othername_and_SID_ext(void) {
exts = NULL;
ASN1_OBJECT_free(upn_oid);
ASN1_OBJECT_free(sid_oid);
sid_oid = NULL;
ASN1_OCTET_STRING_free(sid_data);
X509_REQ_free(x509);
EVP_PKEY_free(priv);
@@ -75687,7 +75709,8 @@ static int test_wolfSSL_OCSP_parse_url(void)
}
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \
defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) && \
!defined(NO_ASN_TIME)
static time_t test_wolfSSL_OCSP_REQ_CTX_time_cb(time_t* t)
{
if (t != NULL) {
@@ -75909,10 +75932,12 @@ static int test_wolfSSL_OCSP_REQ_CTX(void)
ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), -1);
ExpectIntEQ(BIO_write(bio2, ocspRespBin, sizeof(ocspRespBin)),
sizeof(ocspRespBin));
#ifndef NO_ASN_TIME
ExpectIntEQ(wc_SetTimeCb(test_wolfSSL_OCSP_REQ_CTX_time_cb), 0);
ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), 1);
ExpectIntEQ(wc_SetTimeCb(NULL), 0);
ExpectNotNull(rsp);
#endif
OCSP_REQ_CTX_free(ctx);
OCSP_REQUEST_free(req);
@@ -82438,6 +82463,14 @@ static int test_wolfSSL_RSA(void)
unsigned char hash[SHA256_DIGEST_LENGTH];
unsigned char signature[2048/8];
unsigned int signatureLen = 0;
BIGNUM* n2 = NULL;
BIGNUM* e2 = NULL;
BIGNUM* d2 = NULL;
BIGNUM* p2 = NULL;
BIGNUM* q2 = NULL;
BIGNUM* dmp12 = NULL;
BIGNUM* dmq12 = NULL;
BIGNUM* iqmp2 = NULL;
XMEMSET(hash, 0, sizeof(hash));
RSA_get0_key(rsa, &n, &e, &d);
@@ -82451,42 +82484,121 @@ static int test_wolfSSL_RSA(void)
signatureLen, rsa), 1);
/* Verifying */
ExpectNotNull(n2 = BN_dup(n));
ExpectNotNull(e2 = BN_dup(e));
ExpectNotNull(p2 = BN_dup(p));
ExpectNotNull(q2 = BN_dup(q));
ExpectNotNull(dmp12 = BN_dup(dmp1));
ExpectNotNull(dmq12 = BN_dup(dmq1));
ExpectNotNull(iqmp2 = BN_dup(iqmp));
ExpectNotNull(rsa2 = RSA_new());
ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), NULL), 1);
ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, NULL), 1);
if (EXPECT_SUCCESS()) {
n2 = NULL;
e2 = NULL;
}
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa2), 1);
ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1);
ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
if (EXPECT_SUCCESS()) {
p2 = NULL;
q2 = NULL;
}
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa2), 1);
ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1),
BN_dup(iqmp)), 1);
ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
if (EXPECT_SUCCESS()) {
dmp12 = NULL;
dmq12 = NULL;
iqmp2 = NULL;
}
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa2), 1);
RSA_free(rsa2);
rsa2 = NULL;
BN_free(iqmp2);
iqmp2 = NULL;
BN_free(dmq12);
dmq12 = NULL;
BN_free(dmp12);
dmp12 = NULL;
BN_free(q2);
q2 = NULL;
BN_free(p2);
p2 = NULL;
BN_free(e2);
e2 = NULL;
BN_free(n2);
n2 = NULL;
ExpectNotNull(n2 = BN_dup(n));
ExpectNotNull(e2 = BN_dup(e));
ExpectNotNull(d2 = BN_dup(d));
ExpectNotNull(p2 = BN_dup(p));
ExpectNotNull(q2 = BN_dup(q));
ExpectNotNull(dmp12 = BN_dup(dmp1));
ExpectNotNull(dmq12 = BN_dup(dmq1));
ExpectNotNull(iqmp2 = BN_dup(iqmp));
/* Signing */
XMEMSET(signature, 0, sizeof(signature));
ExpectNotNull(rsa2 = RSA_new());
ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), BN_dup(d)), 1);
ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, d2), 1);
if (EXPECT_SUCCESS()) {
n2 = NULL;
e2 = NULL;
d2 = NULL;
}
#if defined(WOLFSSL_SP_MATH) && !defined(RSA_LOW_MEM)
/* SP is not support signing without CRT parameters. */
ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
&signatureLen, rsa2), 0);
ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
if (EXPECT_SUCCESS()) {
p2 = NULL;
q2 = NULL;
}
ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
&signatureLen, rsa2), 0);
#else
ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
&signatureLen, rsa2), 1);
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa), 1);
ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1);
ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
if (EXPECT_SUCCESS()) {
p2 = NULL;
q2 = NULL;
}
XMEMSET(signature, 0, sizeof(signature));
ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
&signatureLen, rsa2), 1);
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa), 1);
ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1),
BN_dup(iqmp)), 1);
#endif
ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
if (EXPECT_SUCCESS()) {
dmp12 = NULL;
dmq12 = NULL;
iqmp2 = NULL;
}
ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
&signatureLen, rsa2), 1);
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa), 1);
RSA_free(rsa2);
rsa2 = NULL;
BN_free(iqmp2);
BN_free(dmq12);
BN_free(dmp12);
BN_free(q2);
BN_free(p2);
BN_free(d2);
BN_free(e2);
BN_free(n2);
}
#endif
@@ -92660,8 +92772,7 @@ static int test_tls13_rpk_handshake(void)
* expecting default settings works and no negotiation performed.
*/
if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
return TEST_FAIL;
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
/* confirm no negotiation occurred */
ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
@@ -92718,8 +92829,7 @@ static int test_tls13_rpk_handshake(void)
* expecting default settings works and no negotiation performed.
*/
if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
return TEST_FAIL;
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
/* confirm no negotiation occurred */
ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
@@ -92788,8 +92898,7 @@ static int test_tls13_rpk_handshake(void)
ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
WOLFSSL_SUCCESS);
if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
return TEST_FAIL;
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
WOLFSSL_SUCCESS);
@@ -94335,9 +94444,11 @@ static int test_dtls_client_hello_timeout_downgrade(void)
/* Drop the SH */
dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff);
len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
if (EXPECT_SUCCESS()) {
XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len -
(sizeof(DtlsRecordLayerHeader) + len));
}
test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len;
/* Read the remainder of the flight */
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
@@ -94366,9 +94477,11 @@ static int test_dtls_client_hello_timeout_downgrade(void)
/* Drop the SH */
dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff);
len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
if (EXPECT_SUCCESS()) {
XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len -
(sizeof(DtlsRecordLayerHeader) + len));
}
test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len;
/* Read the remainder of the flight */
ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);