From ad0a10441dc0ba6cdb86a8c71d421f127cf7d181 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 5 Jun 2018 15:48:45 -0700 Subject: [PATCH 1/5] Fixes for building with openssl compatibility enabled and no TLS client/server. Resolves issues building with: `./configure --enable-opensslextra --disable-rsa --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples` `./configure --enable-opensslextra --disable-ecc --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples` Ticket 3872 --- src/internal.c | 17 ++++++++++++----- src/ssl.c | 8 +++++--- tests/api.c | 7 ++++--- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/src/internal.c b/src/internal.c index f30838a10..bb116852a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -136,6 +136,7 @@ enum processReply { #ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) /* Server random bytes for TLS v1.3 described downgrade protection mechanism. */ static const byte tls13Downgrade[7] = { @@ -143,6 +144,7 @@ static const byte tls13Downgrade[7] = { }; #define TLS13_DOWNGRADE_SZ sizeof(tls13Downgrade) +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ #ifndef NO_OLD_TLS static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, @@ -2735,7 +2737,7 @@ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) #endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */ #ifndef WOLFSSL_NO_TLS12 - +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) #if !defined(NO_DH) || defined(HAVE_ECC) || \ (!defined(NO_RSA) && defined(WC_RSA_PSS)) @@ -2766,11 +2768,9 @@ static enum wc_HashType HashAlgoToType(int hashAlgo) return WC_HASH_TYPE_NONE; } - #endif /* !NO_DH || HAVE_ECC || (!NO_RSA && WC_RSA_PSS) */ - -#endif - +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ +#endif /* !WOLFSSL_NO_TLS12 */ #ifndef NO_CERTS @@ -2862,6 +2862,7 @@ void FreeX509(WOLFSSL_X509* x509) } +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) /* Encode the signature algorithm into buffer. * * hashalgo The hash algorithm. @@ -2934,10 +2935,12 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo) } /* switch */ } #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_NO_CLIENT_AUTH */ +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ #endif /* !NO_CERTS */ #ifndef NO_RSA #ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) static int TypeHash(int hashAlgo) { switch (hashAlgo) { @@ -2961,6 +2964,7 @@ static int TypeHash(int hashAlgo) return 0; } +#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ #endif /* !WOLFSSL_NO_TLS12 */ #if defined(WC_RSA_PSS) @@ -7078,6 +7082,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #endif /* WOLFSSL_NO_TLS12 */ +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) /* cipher requirements */ enum { REQUIRES_RSA, @@ -7633,6 +7638,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 0; } +#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ + #ifndef NO_CERTS diff --git a/src/ssl.c b/src/ssl.c index 7c7bd3924..8fbf2ce65 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1147,6 +1147,8 @@ int wolfSSL_negotiate(WOLFSSL* ssl) } #endif + (void)ssl; + WOLFSSL_LEAVE("wolfSSL_negotiate", err); return err; @@ -8433,11 +8435,11 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef OPENSSL_EXTRA WOLFSSL_METHOD* wolfSSLv23_method(void) { - WOLFSSL_METHOD* m; + WOLFSSL_METHOD* m = NULL; WOLFSSL_ENTER("wolfSSLv23_method"); -#ifndef NO_WOLFSSL_CLIENT +#if !defined(NO_WOLFSSL_CLIENT) m = wolfSSLv23_client_method(); -#else +#elif !defined(NO_WOLFSSL_SERVER) m = wolfSSLv23_server_method(); #endif if (m != NULL) { diff --git a/tests/api.c b/tests/api.c index abfaf936b..c867b442d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -377,7 +377,8 @@ typedef struct testVector { static const char* passed = "passed"; static const char* failed = "failed"; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) static const char* bogusFile = #ifdef _WIN32 "NUL" @@ -385,7 +386,7 @@ static const char* failed = "failed"; "/dev/null" #endif ; -#endif +#endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */ enum { TESTING_RSA = 1, @@ -1147,7 +1148,7 @@ static void test_wolfSSL_EVP_get_cipherbynid(void) *----------------------------------------------------------------------------*/ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) + (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) #define HAVE_IO_TESTS_DEPENDENCIES #endif From e1890a4b0e7e8708489728446235b226fd6c7cbf Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 6 Jun 2018 09:23:54 -0700 Subject: [PATCH 2/5] Added some bad argument checks on compatibility functions `BIO_new_mem_buf` and `PEM_read_bio_PrivateKey`. --- src/ssl.c | 11 +++++++++-- tests/api.c | 10 +++++++++- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 8fbf2ce65..e0ce59235 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11599,12 +11599,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len) { WOLFSSL_BIO* bio = NULL; - if (buf == NULL) + + if (buf == NULL || len < 0) { return bio; + } bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); - if (bio == NULL) + if (bio == NULL) { return bio; + } bio->memLen = bio->wrSz = len; bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); @@ -27389,6 +27392,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey"); + if (bio == NULL) { + return pkey; + } + if ((ret = wolfSSL_BIO_pending(bio)) > 0) { memSz = ret; mem = (char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_OPENSSL); diff --git a/tests/api.c b/tests/api.c index c867b442d..0340372e9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15712,7 +15712,10 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), WOLFSSL_SUCCESS); - /* test of creating new EVP_PKEY */ + /* test creating new EVP_PKEY with bad arg */ + AssertNull((pkey2 = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); + + /* test creating new EVP_PKEY with good args */ AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); @@ -17518,6 +17521,11 @@ static void test_wolfSSL_BIO_gets(void) printf(testingFmt, "wolfSSL_X509_BIO_gets()"); + /* try with bad args */ + AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg))); + AssertNull(bio = BIO_new_mem_buf((void*)msg, -1)); + + /* try with real msg */ AssertNotNull(bio = BIO_new_mem_buf((void*)msg, sizeof(msg))); XMEMSET(buffer, 0, bufferSz); AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio()))); From 9cbd2b00d4f1ead2c923ef6cbf107da843513b81 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 6 Jun 2018 10:04:39 -0700 Subject: [PATCH 3/5] Added test for `PEM_read_bio_PrivateKey` using BIO loaded using `BIO_new_mem_buf`. --- tests/api.c | 126 +++++++++++++++++++++++++++++++++------------------- 1 file changed, 80 insertions(+), 46 deletions(-) diff --git a/tests/api.c b/tests/api.c index 0340372e9..96ff2966f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -321,7 +321,7 @@ #include "wolfssl/internal.h" /* for testing SSL_get_peer_cert_chain */ #endif -/* enable testing buffer load functions */ +/* force enable test buffers */ #ifndef USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048 #endif @@ -15686,57 +15686,89 @@ static void test_wolfSSL_private_keys(void) static void test_wolfSSL_PEM_PrivateKey(void) { - #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ - (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) && \ - defined(USE_CERT_BUFFERS_2048) - const unsigned char* server_key = (const unsigned char*)server_key_der_2048; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + defined(USE_CERT_BUFFERS_2048) + EVP_PKEY* pkey = NULL; - EVP_PKEY* pkey2 = NULL; - BIO* bio; - unsigned char extra[10]; - int i; - - printf(testingFmt, "wolfSSL_PEM_PrivateKey()"); - - XMEMSET(extra, 0, sizeof(extra)); - AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE); - - AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, - &server_key, (long)sizeof_server_key_der_2048)); - AssertNull(pkey); - - AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, - &server_key, (long)sizeof_server_key_der_2048)); - AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - WOLFSSL_SUCCESS); + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; /* test creating new EVP_PKEY with bad arg */ - AssertNull((pkey2 = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); + AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); - /* test creating new EVP_PKEY with good args */ - AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); +#if !defined(NO_FILESYSTEM) + { + BIO* bio; + XFILE file; + const char* fname = "./certs/server-key.pem"; + size_t sz; + byte* buf; - /* test of reuse of EVP_PKEY */ - AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - AssertIntEQ(BIO_pending(bio), 0); - AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - SSL_SUCCESS); - AssertIntEQ(BIO_write(bio, extra, 10), 10); /*add 10 extra bytes after PEM*/ - AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - AssertNotNull(pkey); - AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); - AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */ - AssertIntEQ(BIO_read(bio, extra, 10), 10); - for (i = 0; i < 10; i++) { - AssertIntEQ(extra[i], 0); + file = XFOPEN(fname, "rb"); + AssertTrue((file != XBADFILE)); + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertIntEQ(XFREAD(buf, 1, sz, file), sz); + XFCLOSE(file); + + /* Test using BIO new mem and loading PEM private key */ + AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + EVP_PKEY_free(pkey); } +#endif - BIO_free(bio); - EVP_PKEY_free(pkey); - EVP_PKEY_free(pkey2); +#if (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) + { + BIO* bio; + EVP_PKEY* pkey2 = NULL; + unsigned char extra[10]; + int i; + + printf(testingFmt, "wolfSSL_PEM_PrivateKey()"); + + XMEMSET(extra, 0, sizeof(extra)); + + AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE); + + AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, + &server_key, (long)sizeof_server_key_der_2048)); + AssertNull(pkey); + + AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, + &server_key, (long)sizeof_server_key_der_2048)); + AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + + /* test creating new EVP_PKEY with good args */ + AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); + + /* test of reuse of EVP_PKEY */ + AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + AssertIntEQ(BIO_pending(bio), 0); + AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + SSL_SUCCESS); + AssertIntEQ(BIO_write(bio, extra, 10), 10); /*add 10 extra bytes after PEM*/ + AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + AssertNotNull(pkey); + AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); + AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */ + AssertIntEQ(BIO_read(bio, extra, 10), 10); + for (i = 0; i < 10; i++) { + AssertIntEQ(extra[i], 0); + } + + BIO_free(bio); + EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey2); + } + #endif /* key is DES encrypted */ #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) @@ -15810,7 +15842,9 @@ static void test_wolfSSL_PEM_PrivateKey(void) #endif printf(resultFmt, passed); - #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + + (void)server_key; +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ } From 292e9535ae4ee7c3da65d03af6c79b986f6fd946 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 6 Jun 2018 10:28:31 -0700 Subject: [PATCH 4/5] Fix for `wolfSSL_ERR_clear_error` to call `wc_ClearErrorNodes` when its available (mismatched macros), which was incorrectly causing `test_wolfSSL_ERR_put_error` to fail. Added `test_wolfSSL_PEM_PrivateKey` test for ECC based key. Refactored the RNG test to only run the reseed test if `TEST_RESEED_INTERVAL` is defined. This is the test that was causing the tests/api.c to take so long to complete. Will add this macro to the enable options test. --- src/ssl.c | 2 +- tests/api.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 64 insertions(+), 9 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e0ce59235..ca005eb19 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13618,7 +13618,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { WOLFSSL_ENTER("wolfSSL_ERR_clear_error"); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) wc_ClearErrorNodes(); #endif } diff --git a/tests/api.c b/tests/api.c index 96ff2966f..142af2a56 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15687,7 +15687,7 @@ static void test_wolfSSL_private_keys(void) static void test_wolfSSL_PEM_PrivateKey(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && \ defined(USE_CERT_BUFFERS_2048) EVP_PKEY* pkey = NULL; @@ -15696,7 +15696,8 @@ static void test_wolfSSL_PEM_PrivateKey(void) /* test creating new EVP_PKEY with bad arg */ AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); -#if !defined(NO_FILESYSTEM) + /* test loading RSA key using BIO */ +#if !defined(NO_RSA) && !defined(NO_FILESYSTEM) { BIO* bio; XFILE file; @@ -15722,7 +15723,34 @@ static void test_wolfSSL_PEM_PrivateKey(void) } #endif -#if (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) + /* test loading ECC key using BIO */ +#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + BIO* bio; + XFILE file; + const char* fname = "./certs/ecc-key.pem"; + size_t sz; + byte* buf; + + file = XFOPEN(fname, "rb"); + AssertTrue((file != XBADFILE)); + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertIntEQ(XFREAD(buf, 1, sz, file), sz); + XFCLOSE(file); + + /* Test using BIO new mem and loading PEM private key */ + AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + EVP_PKEY_free(pkey); + } +#endif + +#if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) { BIO* bio; EVP_PKEY* pkey2 = NULL; @@ -15771,7 +15799,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) #endif /* key is DES encrypted */ - #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) + #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_FILESYSTEM) { pem_password_cb* passwd_cb; void* passwd_cb_userdata; @@ -15812,7 +15840,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) } #endif /* !defined(NO_DES3) */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { unsigned char buf[2048]; size_t bytes; @@ -17336,7 +17364,7 @@ static void test_wolfSSL_pseudo_rand(void) #endif } -static void test_wolfSSL_pkcs8(void) +static void test_wolfSSL_PKCS8_Compat(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) PKCS8_PRIV_KEY_INFO* pt; @@ -19451,7 +19479,8 @@ static void test_DhCallbacks(void) #ifdef HAVE_HASHDRBG -static int test_wc_RNG_GenerateBlock() +#ifdef TEST_RESEED_INTERVAL +static int test_wc_RNG_GenerateBlock_Reseed() { int i, ret; WC_RNG rng; @@ -19472,6 +19501,29 @@ static int test_wc_RNG_GenerateBlock() return ret; } +#endif /* TEST_RESEED_INTERVAL */ + +static int test_wc_RNG_GenerateBlock() +{ + int i, ret; + WC_RNG rng; + byte key[32]; + + ret = wc_InitRng(&rng); + + if (ret == 0) { + for(i = 0; i < 10; i++) { + ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); + if (ret != 0) { + break; + } + } + } + + wc_FreeRng(&rng); + + return ret; +} #endif static void test_wolfSSL_X509_CRL(void) @@ -19711,7 +19763,7 @@ void ApiTest(void) test_wolfSSL_CTX_set_srp_username(); test_wolfSSL_CTX_set_srp_password(); test_wolfSSL_pseudo_rand(); - test_wolfSSL_pkcs8(); + test_wolfSSL_PKCS8_Compat(); test_wolfSSL_ERR_put_error(); test_wolfSSL_HMAC(); test_wolfSSL_OBJ(); @@ -19900,6 +19952,9 @@ void ApiTest(void) #endif #ifdef HAVE_HASHDRBG + #ifdef TEST_RESEED_INTERVAL + AssertIntEQ(test_wc_RNG_GenerateBlock_Reseed(), 0); + #endif AssertIntEQ(test_wc_RNG_GenerateBlock(), 0); #endif From dac5f84f6160b96ac47fa7ed5f59e5fffff87b80 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 6 Jun 2018 12:54:48 -0700 Subject: [PATCH 5/5] Fix build error with missing `bio`. Fix for `pkey` not being reset to NULL for `d2i_PrivateKey` failure case test. --- tests/api.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/tests/api.c b/tests/api.c index 142af2a56..faf006ff9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15690,6 +15690,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) (!defined(NO_RSA) || defined(HAVE_ECC)) && \ defined(USE_CERT_BUFFERS_2048) + BIO* bio = NULL; EVP_PKEY* pkey = NULL; const unsigned char* server_key = (const unsigned char*)server_key_der_2048; @@ -15699,7 +15700,6 @@ static void test_wolfSSL_PEM_PrivateKey(void) /* test loading RSA key using BIO */ #if !defined(NO_RSA) && !defined(NO_FILESYSTEM) { - BIO* bio; XFILE file; const char* fname = "./certs/server-key.pem"; size_t sz; @@ -15719,14 +15719,15 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); + bio = NULL; EVP_PKEY_free(pkey); + pkey = NULL; } #endif /* test loading ECC key using BIO */ #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { - BIO* bio; XFILE file; const char* fname = "./certs/ecc-key.pem"; size_t sz; @@ -15746,13 +15747,14 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); + bio = NULL; EVP_PKEY_free(pkey); + pkey = NULL; } #endif #if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) { - BIO* bio; EVP_PKEY* pkey2 = NULL; unsigned char extra[10]; int i; @@ -15793,7 +15795,9 @@ static void test_wolfSSL_PEM_PrivateKey(void) } BIO_free(bio); + bio = NULL; EVP_PKEY_free(pkey); + pkey = NULL; EVP_PKEY_free(pkey2); } #endif @@ -15835,7 +15839,9 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); EVP_PKEY_free(pkey); + pkey = NULL; BIO_free(bio); + bio = NULL; SSL_CTX_free(ctx); } #endif /* !defined(NO_DES3) */ @@ -15865,6 +15871,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); EVP_PKEY_free(pkey); + pkey = NULL; SSL_CTX_free(ctx); } #endif @@ -15872,6 +15879,9 @@ static void test_wolfSSL_PEM_PrivateKey(void) printf(resultFmt, passed); (void)server_key; + (void)bio; + (void)pkey; + #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ }