wolfcrypt/test/test.c and wolfcrypt/test/test.h:

* add correct gating around pbkdf1_test(), pkcs12_pbkdf_test(), and scrypt_test() prototypes;
* add unit tests for wc_PBKDF_max_iterations_set() and wc_PBKDF_max_iterations_get() in pbkdf2_test();
* fix pkcs12_test() to skip the evilPkcs12 test if evil_p12 can't be parsed for any reason, mirroring the new stanza around evil_p12 in pwdbased_test().
This commit is contained in:
Daniel Pouzzner
2026-05-01 15:20:02 -05:00
parent f248b272db
commit 5b687baa94
2 changed files with 45 additions and 14 deletions
+39 -14
View File
@@ -917,12 +917,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void);
#endif
#if defined(HAVE_PBKDF1) && !defined(NO_SHA)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
#endif
#if defined(HAVE_PKCS12) && !defined(NO_SHA256)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void);
#endif
#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
#endif
#if !defined(NO_PWDBASED) && defined(HAVE_SCRYPT)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
#endif
#ifdef HAVE_ECC
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void);
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
@@ -31991,7 +31997,31 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void)
if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
return WC_TEST_RET_ENC_NC;
return 0;
{
int cur_pbkdf_limit = wc_PBKDF_max_iterations_set(iterations - 1);
if (cur_pbkdf_limit <= 0)
return WC_TEST_RET_ENC_EC(cur_pbkdf_limit);
ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd),
salt, (int)sizeof(salt), iterations,
kLen, WC_SHA256, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PBKDF_max_iterations_set(-1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PBKDF_max_iterations_set(0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PBKDF_max_iterations_get();
if (ret != iterations - 1)
return WC_TEST_RET_ENC_NC;
ret = wc_PBKDF_max_iterations_set(cur_pbkdf_limit);
if (ret != iterations - 1)
return WC_TEST_RET_ENC_EC(ret);
ret = 0;
}
return ret;
}
#endif /* HAVE_PBKDF2 && !NO_SHA256 && !NO_HMAC */
@@ -32216,12 +32246,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
goto out;
}
ret = wc_d2i_PKCS12(evil_p12, (word32)sizeof(evil_p12), evilPkcs12);
if (ret != 0) {
wc_PKCS12_free(evilPkcs12);
ret = WC_TEST_RET_ENC_EC(ret);
goto out;
}
{
if (ret == 0) {
byte* evilKey = NULL;
byte* evilCert = NULL;
word32 evilKeySz = 0, evilCertSz = 0;
@@ -32232,14 +32257,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
XFREE(evilCert, HEAP_HINT, DYNAMIC_TYPE_PKCS);
if (evilCa)
wc_FreeCertList(evilCa, HEAP_HINT);
wc_PKCS12_free(evilPkcs12);
/* Must have been rejected (not hung) */
if (ret == 0) {
ret = WC_TEST_RET_ENC_NC;
goto out;
}
ret = 0; /* rejection is the expected outcome */
}
wc_PKCS12_free(evilPkcs12);
/* Must have been rejected (not hung) */
if (ret == 0) {
ret = WC_TEST_RET_ENC_NC;
goto out;
}
ret = 0; /* rejection is the expected outcome */
}
out:
+6
View File
@@ -266,12 +266,18 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void);
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void);
#endif
#if defined(HAVE_PBKDF1) && !defined(NO_SHA)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
#endif
#if defined(HAVE_PKCS12) && !defined(NO_SHA256)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void);
#endif
#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
#endif
#if !defined(NO_PWDBASED) && defined(HAVE_SCRYPT)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
#endif
#ifdef HAVE_ECC
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void);
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \