From e9292e301f620ff60d57caa253e71dbfc12bc6aa Mon Sep 17 00:00:00 2001 From: Masaki Iwai Date: Wed, 30 Jul 2025 10:51:08 +0900 Subject: [PATCH 01/95] add _new/_delete API for ML-KEM/ML-DSA --- wolfcrypt/src/dilithium.c | 46 +++++++++++++++++++++++++++++ wolfcrypt/src/wc_mlkem.c | 54 +++++++++++++++++++++++++++++++++++ wolfcrypt/test/test.c | 21 ++++++++++++++ wolfssl/wolfcrypt/dilithium.h | 5 ++++ wolfssl/wolfcrypt/mlkem.h | 3 ++ 5 files changed, 129 insertions(+) diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index ea0219c48b..fb0b19cccf 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -8488,6 +8488,52 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, } #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */ +#ifndef WC_NO_CONSTRUCTORS +/** + * Create a new dilithium key object. + * + * heap [in] Dynamic memory hint. + * devId [in] Device Id. + * returns MEMORY_E when dynamic memory allocation fails + */ + +dilithium_key* wc_dilithium_new(void* heap, int devId) +{ + int ret; + dilithium_key* key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap, + DYNAMIC_TYPE_DILITHIUM); + if (key != NULL) { + ret = wc_dilithium_init_ex(key, heap, devId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM); + key = NULL; + } + } + + return key; +} + +/** + * Delete and free a dilithium key object. + * + * key [in] dilithium key object to delete. + * key_p [in, out] Pointer to key pointer to set to NULL. + * returns BAD_FUNC_ARG when key is NULL + */ + +int wc_dilithium_delete(dilithium_key* key, dilithium_key** key_p) +{ + if (key == NULL) + return BAD_FUNC_ARG; + wc_dilithium_free(key); + XFREE(key, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (key_p != NULL) + *key_p = NULL; + + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + /* Initialize the dilithium private/public key. * * key [in] Dilithium key. diff --git a/wolfcrypt/src/wc_mlkem.c b/wolfcrypt/src/wc_mlkem.c index cebdc004c7..b7bc4a7c5b 100644 --- a/wolfcrypt/src/wc_mlkem.c +++ b/wolfcrypt/src/wc_mlkem.c @@ -126,6 +126,60 @@ volatile sword16 mlkem_opt_blocker = 0; /******************************************************************************/ +#ifndef WC_NO_CONSTRUCTORS +/** + * Create a new ML-KEM key object. + * + * Allocates and initializes a ML-KEM key object. + * + * @param [in] type Type of key: + * WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024, + * KYBER512, KYBER768, KYBER1024. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. + * @return Pointer to new MlKemKey object, or NULL on failure. + */ + +MlKemKey* wc_MlKemKey_New(int type, void* heap, int devId) +{ + int ret; + MlKemKey* key = (MlKemKey*)XMALLOC(sizeof(MlKemKey), heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (key != NULL) { + ret = wc_MlKemKey_Init(key, type, heap, devId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_TMP_BUFFER); + key = NULL; + } + } + + return key; +} + +/** + * Delete and free a ML-KEM key object. + * + * Frees resources associated with a ML-KEM key object and sets pointer to NULL. + * + * @param [in] key ML-KEM key object to delete. + * @param [in, out] key_p Pointer to key pointer to set to NULL. + * @return 0 on success. + * @return BAD_FUNC_ARG when key is NULL. + */ + +int wc_MlKemKey_Delete(MlKemKey* key, MlKemKey** key_p) +{ + if (key == NULL) + return BAD_FUNC_ARG; + wc_MlKemKey_Free(key); + XFREE(key, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (key_p != NULL) + *key_p = NULL; + + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + /** * Initialize the Kyber key. * diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 10b8de7a69..b5f5771bcc 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -43480,6 +43480,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void) #endif #endif #endif +#endif +#ifdef WOLFSSL_WC_MLKEM + MlKemKey *tmpKey = NULL; #endif int key_inited = 0; static const int testData[][4] = { @@ -43628,6 +43631,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void) if (XMEMCMP(priv, priv2, testData[i][2]) != 0) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + +#ifdef WOLFSSL_WC_MLKEM + tmpKey = wc_MlKemKey_New(testData[i][0], HEAP_HINT, INVALID_DEVID); + if (tmpKey == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_MlKemKey_Delete(tmpKey, &tmpKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); +#endif #endif } @@ -46865,6 +46877,7 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng) #ifndef WOLFSSL_DILITHIUM_NO_VERIFY int res = 0; #endif + dilithium_key* tmpKey = NULL; #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -46910,6 +46923,14 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng) #endif #endif + tmpKey = wc_dilithium_new(HEAP_HINT, INVALID_DEVID); + if (tmpKey == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_dilithium_delete(tmpKey, &tmpKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + out: wc_dilithium_free(key); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h index faa4e92526..db6e1c66ff 100644 --- a/wolfssl/wolfcrypt/dilithium.h +++ b/wolfssl/wolfcrypt/dilithium.h @@ -788,6 +788,11 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash, word32 hashLen, int* res, dilithium_key* key); +WOLFSSL_API +dilithium_key* wc_dilithium_new(void* heap, int devId); +WOLFSSL_API +int wc_dilithium_delete(dilithium_key* key, dilithium_key** key_p); + WOLFSSL_API int wc_dilithium_init(dilithium_key* key); diff --git a/wolfssl/wolfcrypt/mlkem.h b/wolfssl/wolfcrypt/mlkem.h index f4ad34eabe..074cd8cd3a 100644 --- a/wolfssl/wolfcrypt/mlkem.h +++ b/wolfssl/wolfcrypt/mlkem.h @@ -313,6 +313,9 @@ typedef struct MlKemKey MlKemKey; extern "C" { #endif +WOLFSSL_API MlKemKey* wc_MlKemKey_New(int type, void* heap, int devId); +WOLFSSL_API int wc_MlKemKey_Delete(MlKemKey* key, MlKemKey** key_p); + WOLFSSL_API int wc_MlKemKey_Init(MlKemKey* key, int type, void* heap, int devId); WOLFSSL_API int wc_MlKemKey_Free(MlKemKey* key); From 8dd43077fd12aa2bca68e87ca74677abf1e672e6 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 22 Aug 2025 13:24:13 -0700 Subject: [PATCH 02/95] Fix for sniffer partial segment overlap that can occur when a TCP window is full and a TCP retransmission occurs. --- src/sniffer.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index ff016491b3..808fe84673 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -5703,6 +5703,7 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, TraceRelativeSequence(*expected, real); if (real < *expected) { + int overlap = *expected - real; if (real + *sslBytes > *expected) { #ifdef WOLFSSL_ASYNC_CRYPT @@ -5717,7 +5718,6 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, * same action but for a different setup case. If changing this * block be sure to also update the block below. */ if (reassemblyList) { - int overlap = *expected - real; word32 newEnd; /* adjust to expected, remove duplicate */ @@ -5746,11 +5746,17 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, newEnd - reassemblyList->end, session, error); } } - else { - /* DUP overlap, allow */ - if (*sslBytes > 0) { - skipPartial = 0; /* do not reset sslBytes */ + else if (*sslBytes > 0) { + if (overlap < *sslBytes) { + /* adjust to remove partial overlap */ + *sslFrame += overlap; + *sslBytes -= overlap; } + else { + /* DUP overlap, allow */ + } + + skipPartial = 0; /* do not reset sslBytes */ } ret = 0; } @@ -6417,7 +6423,7 @@ doPart: ivExtra = AESGCM_EXP_IV_SZ; } - ret -= ivExtra;; + ret -= ivExtra; #if defined(HAVE_ENCRYPT_THEN_MAC) && \ !defined(WOLFSSL_AEAD_ONLY) From a67d1a84f5951b796b945d3ba347a9eb17c62726 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 23 Aug 2025 17:21:24 -0500 Subject: [PATCH 03/95] configure.ac: for linuxkm with PIE, don't include enable-fpcc in enable-all-crypto (the compiler generates a weird out-of-bounds bss reference for find_hole()); linuxkm/Makefile: in recipe (awk script) for wc_linuxkm_pie_reloc_tab.c, report and error on unexpected relocation types; linuxkm/module_hooks.c: in wc_linuxkm_normalize_relocations(): * fix bounds checking on the input, * recognize references pointing at the first byte after the end of the segment, * and mask out pad bytes when rendering the 32 bit addresses; linuxkm/wolfcrypt.lds: add 4k alignment directives just before the segment end fenceposts, to make the fenceposts more inclusive. --- configure.ac | 8 +++++++- linuxkm/Makefile | 11 ++++++++++- linuxkm/module_hooks.c | 44 ++++++++++++++++++++++++------------------ linuxkm/wolfcrypt.lds | 4 ++++ 4 files changed, 46 insertions(+), 21 deletions(-) diff --git a/configure.ac b/configure.ac index d9ba4f809e..51c614a4f9 100644 --- a/configure.ac +++ b/configure.ac @@ -1293,7 +1293,6 @@ then test "$enable_certext" = "" && enable_certext=yes test "$enable_sep" = "" && enable_sep=yes test "$enable_hkdf" = "" && enable_hkdf=yes - test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes test "$enable_psk" = "" && enable_psk=yes test "$enable_cmac" = "" && enable_cmac=yes @@ -1323,6 +1322,13 @@ then test "$enable_anon" = "" && enable_anon=yes test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes + # the compiler optimizer generates a weird out-of-bounds bss reference for + # find_hole() in the FP_ECC implementation. + if test "$ENABLED_LINUXKM_PIE" != yes + then + test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes + fi + if test "x$FIPS_VERSION" != "xv1" then test "$enable_rsapss" = "" && enable_rsapss=yes diff --git a/linuxkm/Makefile b/linuxkm/Makefile index 3674140cff..366dcc9b79 100644 --- a/linuxkm/Makefile +++ b/linuxkm/Makefile @@ -105,8 +105,9 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes" @$(READELF) --wide -r libwolfssl.ko | \ $(AWK) 'BEGIN { \ n=0; \ + bad_relocs=0; \ printf("%s\n ", \ - "const unsigned int wc_linuxkm_pie_reloc_tab[] = { "); \ + "const unsigned int wc_linuxkm_pie_reloc_tab[] = { "); \ } \ /^Relocation section '\''\.rela\.text\.wolfcrypt'\''/ { \ p=1; \ @@ -117,12 +118,20 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes" } \ /^0/ { \ if (p) { \ + if ($$3 !~ "^(R_X86_64_PLT32|R_X86_64_PC32|R_AARCH64_.*)$$") { \ + print "Unexpected relocation type:\n" $$0 >"/dev/stderr"; \ + ++bad_relocs; \ + } \ printf("0x%s%s", \ gensub("^0*","",1,$$1), \ ((++n%8) ? ", " : ",\n ")); \ } \ } \ END { \ + if (bad_relocs) { \ + print "Found " bad_relocs " unexpected relocations." >"/dev/stderr"; \ + exit(1); \ + } \ print "~0U };\nconst size_t wc_linuxkm_pie_reloc_tab_length = sizeof wc_linuxkm_pie_reloc_tab / sizeof wc_linuxkm_pie_reloc_tab[0];";\ }' > wc_linuxkm_pie_reloc_tab.c +$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE= diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index d9e0064fbc..5d09a2e185 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -611,8 +611,9 @@ ssize_t wc_linuxkm_normalize_relocations( int n_text_r = 0, n_rodata_r = 0, n_rwdata_r = 0, n_bss_r = 0, n_other_r = 0; #endif - if ((text_in < __wc_text_start) || - (text_in >= __wc_text_end)) + if ((text_in_len == 0) || + (text_in < __wc_text_start) || + (text_in + text_in_len >= __wc_text_end)) { return -1; } @@ -663,7 +664,7 @@ ssize_t wc_linuxkm_normalize_relocations( abs_ptr = (uintptr_t)text_in + next_reloc + 4 + reloc_buf; if ((abs_ptr >= (uintptr_t)__wc_text_start) && - (abs_ptr < (uintptr_t)__wc_text_end)) + (abs_ptr <= (uintptr_t)__wc_text_end)) { /* internal references in the .wolfcrypt.text segment don't need * normalization. @@ -674,7 +675,7 @@ ssize_t wc_linuxkm_normalize_relocations( continue; } else if ((abs_ptr >= (uintptr_t)__wc_rodata_start) && - (abs_ptr < (uintptr_t)__wc_rodata_end)) + (abs_ptr <= (uintptr_t)__wc_rodata_end)) { #ifdef DEBUG_LINUXKM_PIE_SUPPORT ++n_rodata_r; @@ -684,7 +685,7 @@ ssize_t wc_linuxkm_normalize_relocations( reloc_buf |= WC_RODATA_TAG; } else if ((abs_ptr >= (uintptr_t)__wc_rwdata_start) && - (abs_ptr < (uintptr_t)__wc_rwdata_end)) + (abs_ptr <= (uintptr_t)__wc_rwdata_end)) { #ifdef DEBUG_LINUXKM_PIE_SUPPORT ++n_rwdata_r; @@ -694,7 +695,7 @@ ssize_t wc_linuxkm_normalize_relocations( reloc_buf |= WC_RWDATA_TAG; } else if ((abs_ptr >= (uintptr_t)__wc_bss_start) && - (abs_ptr < (uintptr_t)__wc_bss_end)) + (abs_ptr <= (uintptr_t)__wc_bss_end)) { #ifdef DEBUG_LINUXKM_PIE_SUPPORT ++n_bss_r; @@ -710,19 +711,23 @@ ssize_t wc_linuxkm_normalize_relocations( reloc_buf = WC_OTHER_TAG; #ifdef DEBUG_LINUXKM_PIE_SUPPORT ++n_other_r; + /* we're currently only handling 32 bit relocations (R_X86_64_PLT32 + * and R_X86_64_PC32) so the top half of the word64 is padding we + * can lop off for rendering. + */ pr_notice("found non-wolfcrypt relocation at text offset 0x%x to " - "addr 0x%lx, text=%px-%px, rodata=%px-%px, " - "rwdata=%px-%px, bss=%px-%px\n", + "addr 0x%x, text=%x-%x, rodata=%x-%x, " + "rwdata=%x-%x, bss=%x-%x\n", wc_linuxkm_pie_reloc_tab[i], - abs_ptr, - __wc_text_start, - __wc_text_end, - __wc_rodata_start, - __wc_rodata_end, - __wc_rwdata_start, - __wc_rwdata_end, - __wc_bss_start, - __wc_bss_end); + (unsigned)(uintptr_t)abs_ptr, + (unsigned)(uintptr_t)__wc_text_start, + (unsigned)(uintptr_t)__wc_text_end, + (unsigned)(uintptr_t)__wc_rodata_start, + (unsigned)(uintptr_t)__wc_rodata_end, + (unsigned)(uintptr_t)__wc_rwdata_start, + (unsigned)(uintptr_t)__wc_rwdata_end, + (unsigned)(uintptr_t)__wc_bss_start, + (unsigned)(uintptr_t)__wc_bss_end); #endif } put_unaligned((u32)reloc_buf, (int32_t *)&text_out[next_reloc]); @@ -730,8 +735,9 @@ ssize_t wc_linuxkm_normalize_relocations( #ifdef DEBUG_LINUXKM_PIE_SUPPORT if (n_other_r > 0) - pr_notice("text_in=%px relocs=%d/%d/%d/%d/%d ret = %zu\n", - text_in, n_text_r, n_rodata_r, n_rwdata_r, n_bss_r, n_other_r, + pr_notice("text_in=%x relocs=%d/%d/%d/%d/%d ret = %zu\n", + (unsigned)(uintptr_t)text_in, n_text_r, n_rodata_r, + n_rwdata_r, n_bss_r, n_other_r, text_in_len); #endif diff --git a/linuxkm/wolfcrypt.lds b/linuxkm/wolfcrypt.lds index 55a5a78f70..6399a0c263 100644 --- a/linuxkm/wolfcrypt.lds +++ b/linuxkm/wolfcrypt.lds @@ -3,24 +3,28 @@ SECTIONS { .text.wolfcrypt : { __wc_text_start = .; *(.text.wolfcrypt) + . = ALIGN(4096); __wc_text_end = .; } . = ALIGN(4096); .rodata.wolfcrypt : { __wc_rodata_start = .; *(.rodata.wolfcrypt) + . = ALIGN(4096); __wc_rodata_end = .; } . = ALIGN(4096); .data.wolfcrypt : { __wc_rwdata_start = .; *(.data.wolfcrypt) + . = ALIGN(4096); __wc_rwdata_end = .; } . = ALIGN(4096); .bss.wolfcrypt : { __wc_bss_start = .; *(.bss.wolfcrypt) + . = ALIGN(4096); __wc_bss_end = .; } . = ALIGN(4096); From 6ab6634efcd49d8b29eb33b744f35ec2c24e6568 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Mon, 25 Aug 2025 09:28:08 -0500 Subject: [PATCH 04/95] Fix markdown in docs --- ChangeLog.md | 8 ++++---- README.md | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 093debee03..44cfe9ba8c 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -9,7 +9,7 @@ NOTE: * wolfSSL is now GPLv3 instead of GPLv2 * MD5 is now disabled by default -PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. +PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request number where the code change was added. ## Vulnerabilities @@ -208,7 +208,7 @@ https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assur NOTE: * --enable-heapmath is deprecated -PR stands for Pull Request, and PR references a GitHub pull request +PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request number where the code change was added. @@ -424,7 +424,7 @@ NOTE: user_settings.h. -PR stands for Pull Request, and PR references a GitHub pull request +PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request number where the code change was added. @@ -544,7 +544,7 @@ https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assur NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 -PR stands for Pull Request, and PR references a GitHub pull request +PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request number where the code change was added. diff --git a/README.md b/README.md index 051901292c..47b1b60d88 100644 --- a/README.md +++ b/README.md @@ -86,7 +86,7 @@ NOTE: * wolfSSL is now GPLv3 instead of GPLv2 * MD5 is now disabled by default -PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. +PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request number where the code change was added. ## Vulnerabilities From 2885df68b4f55961548d3a292128613c18e6774b Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Mon, 25 Aug 2025 12:01:29 -0400 Subject: [PATCH 05/95] Properly detect duplicate CKS extensions. --- src/tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/tls.c b/src/tls.c index 84114f7e33..7ce76aacc5 100644 --- a/src/tls.c +++ b/src/tls.c @@ -16129,6 +16129,9 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, if ((type <= 62) || (type == TLSX_RENEGOTIATION_INFO) #ifdef WOLFSSL_QUIC || (type == TLSX_KEY_QUIC_TP_PARAMS_DRAFT) + #endif + #ifdef WOLFSSL_DUAL_ALG_CERTS + || (type == TLSX_CKS) #endif ) { From 8207053636056211a038758fc17290911b349c5c Mon Sep 17 00:00:00 2001 From: Alex Lanzano Date: Mon, 25 Aug 2025 13:56:35 -0400 Subject: [PATCH 06/95] Fix value comparison typo in if statement --- wolfcrypt/src/logging.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index a09d8d614b..a9f18b5e5b 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -397,7 +397,7 @@ static void wolfssl_log(const int logLevel, const char* const file_name, /* Assume zero-terminated msg, len less than WOLFSSL_MSG_CERT_BUF_SZ */ written = XVSNPRINTF(msg, WOLFSSL_MSG_CERT_BUF_SZ, fmt, args); va_end(args); - if ((written > 0) && (loggingCertEnabled =! 0)) { + if ((written > 0) && (loggingCertEnabled != 0)) { wolfssl_log(INFO_LOG, NULL, 0, msg); } #ifdef WOLFSSL_SMALL_STACK From 115d4d88c02ee2099aa3270cab0a72b40e8125e0 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 22 Aug 2025 10:13:13 +1000 Subject: [PATCH 07/95] api.c: pull out TLS 1.3 specific tests --- CMakeLists.txt | 1 + tests/api.c | 2046 +------------------------------------- tests/api/include.am | 3 + tests/api/test_tls13.c | 2143 ++++++++++++++++++++++++++++++++++++++++ tests/api/test_tls13.h | 42 + 5 files changed, 2191 insertions(+), 2044 deletions(-) create mode 100644 tests/api/test_tls13.c create mode 100644 tests/api/test_tls13.h diff --git a/CMakeLists.txt b/CMakeLists.txt index 7badff1aaf..bc299d2488 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2689,6 +2689,7 @@ if(WOLFSSL_EXAMPLES) tests/api/test_ossl_ec.c tests/api/test_ossl_ecx.c tests/api/test_ossl_dsa.c + tests/api/test_tls13.c tests/srp.c tests/suites.c tests/w64wrapper.c diff --git a/tests/api.c b/tests/api.c index dac4590cd1..a0b059fc82 100644 --- a/tests/api.c +++ b/tests/api.c @@ -227,6 +227,7 @@ #include #include #include +#include #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ !defined(NO_RSA) && \ @@ -37585,958 +37586,6 @@ static int test_EccSigFailure_cm(void) #endif /* !NO_RSA || HAVE_ECC */ #endif /* NO_CERTS */ -#ifdef WOLFSSL_TLS13 -#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) -#ifdef WC_SHA384_DIGEST_SIZE - static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, }; -#else - static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, }; -#endif -#endif -#ifdef WOLFSSL_EARLY_DATA -static const char earlyData[] = "Early Data"; -static char earlyDataBuffer[1]; -#endif - -static int test_tls13_apis(void) -{ - EXPECT_DECLS; -#if defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) && \ - (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) - int ret; -#endif -#ifndef WOLFSSL_NO_TLS12 -#ifndef NO_WOLFSSL_CLIENT - WOLFSSL_CTX* clientTls12Ctx = NULL; - WOLFSSL* clientTls12Ssl = NULL; -#endif -#ifndef NO_WOLFSSL_SERVER - WOLFSSL_CTX* serverTls12Ctx = NULL; - WOLFSSL* serverTls12Ssl = NULL; -#endif -#endif -#ifndef NO_WOLFSSL_CLIENT - WOLFSSL_CTX* clientCtx = NULL; - WOLFSSL* clientSsl = NULL; -#endif -#ifndef NO_WOLFSSL_SERVER - WOLFSSL_CTX* serverCtx = NULL; - WOLFSSL* serverSsl = NULL; -#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) -#ifndef NO_RSA - const char* ourCert = svrCertFile; - const char* ourKey = svrKeyFile; -#elif defined(HAVE_ECC) - const char* ourCert = eccCertFile; - const char* ourKey = eccKeyFile; -#elif defined(HAVE_ED25519) - const char* ourCert = edCertFile; - const char* ourKey = edKeyFile; -#elif defined(HAVE_ED448) - const char* ourCert = ed448CertFile; - const char* ourKey = ed448KeyFile; -#endif -#endif -#endif - int required; -#ifdef WOLFSSL_EARLY_DATA - int outSz; -#endif -#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) - int groups[2] = { WOLFSSL_ECC_SECP256R1, -#ifdef WOLFSSL_HAVE_MLKEM -#ifdef WOLFSSL_MLKEM_KYBER - #ifndef WOLFSSL_NO_KYBER512 - WOLFSSL_KYBER_LEVEL1 - #elif !defined(WOLFSSL_NO_KYBER768) - WOLFSSL_KYBER_LEVEL3 - #else - WOLFSSL_KYBER_LEVEL5 - #endif -#else - #ifndef WOLFSSL_NO_ML_KEM_512 - WOLFSSL_ML_KEM_512 - #elif !defined(WOLFSSL_NO_ML_KEM_768) - WOLFSSL_ML_KEM_768 - #else - WOLFSSL_ML_KEM_1024 - #endif -#endif -#else - WOLFSSL_ECC_SECP256R1 -#endif - }; -#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) - int bad_groups[2] = { 0xDEAD, 0xBEEF }; -#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ - int numGroups = 2; -#endif -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) - char groupList[] = -#ifdef HAVE_CURVE25519 - "X25519:" -#endif -#ifdef HAVE_CURVE448 - "X448:" -#endif -#ifndef NO_ECC_SECP -#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 - "P-521:secp521r1:" -#endif -#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 - "P-384:secp384r1:" -#endif -#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 - "P-256:secp256r1" -#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ - !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ - !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ - !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) -#ifdef WOLFSSL_MLKEM_KYBER - #ifndef WOLFSSL_NO_KYBER512 - ":P256_KYBER_LEVEL1" - #elif !defined(WOLFSSL_NO_KYBER768) - ":P256_KYBER_LEVEL3" - #else - ":P256_KYBER_LEVEL5" - #endif -#else - #ifndef WOLFSSL_NO_KYBER512 - ":SecP256r1MLKEM512" - #elif !defined(WOLFSSL_NO_KYBER768) - ":SecP384r1MLKEM768" - #else - ":SecP521r1MLKEM1024" - #endif -#endif -#endif -#endif -#endif /* !defined(NO_ECC_SECP) */ -#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ - !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ - !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ - !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) -#ifdef WOLFSSL_MLKEM_KYBER - #ifndef WOLFSSL_NO_KYBER512 - ":KYBER_LEVEL1" - #elif !defined(WOLFSSL_NO_KYBER768) - ":KYBER_LEVEL3" - #else - ":KYBER_LEVEL5" - #endif -#else - #ifndef WOLFSSL_NO_KYBER512 - ":ML_KEM_512" - #elif !defined(WOLFSSL_NO_KYBER768) - ":ML_KEM_768" - #else - ":ML_KEM_1024" - #endif -#endif -#endif - ""; -#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */ -#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ - !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ - !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ - !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) - int mlkemLevel; -#endif - -#ifndef WOLFSSL_NO_TLS12 -#ifndef NO_WOLFSSL_CLIENT - clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); - clientTls12Ssl = wolfSSL_new(clientTls12Ctx); -#endif -#ifndef NO_WOLFSSL_SERVER - serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); -#if !defined(NO_CERTS) - #if !defined(NO_FILESYSTEM) - wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert); - wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, - WOLFSSL_FILETYPE_PEM); - #elif defined(USE_CERT_BUFFERS_2048) - wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx, - server_cert_der_2048, sizeof_server_cert_der_2048, - WOLFSSL_FILETYPE_ASN1); - wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, server_key_der_2048, - sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1); - #elif defined(USE_CERT_BUFFERS_256) - wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx, - serv_ecc_der_256, sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1); - wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, ecc_key_der_256, - sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1); - #endif -#endif - serverTls12Ssl = wolfSSL_new(serverTls12Ctx); -#endif -#endif - -#ifndef NO_WOLFSSL_CLIENT - clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); - clientSsl = wolfSSL_new(clientCtx); -#endif -#ifndef NO_WOLFSSL_SERVER - serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); -#if !defined(NO_CERTS) - /* ignore load failures, since we just need the server to have a cert set */ - #if !defined(NO_FILESYSTEM) - wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert); - wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM); - #elif defined(USE_CERT_BUFFERS_2048) - wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx, - server_cert_der_2048, sizeof_server_cert_der_2048, - WOLFSSL_FILETYPE_ASN1); - wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, server_key_der_2048, - sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1); - #elif defined(USE_CERT_BUFFERS_256) - wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx, serv_ecc_der_256, - sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1); - wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, ecc_key_der_256, - sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1); - #endif -#endif - serverSsl = wolfSSL_new(serverCtx); - ExpectNotNull(serverSsl); -#endif - -#ifdef WOLFSSL_SEND_HRR_COOKIE - ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT - ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), WC_NO_ERR_TRACE(SIDE_ERROR)); -#endif -#ifndef NO_WOLFSSL_SERVER -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - - ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)), - WOLFSSL_SUCCESS); -#endif -#endif - -#ifdef HAVE_SUPPORTED_CURVES -#ifdef HAVE_ECC - ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_SERVER - do { - ret = wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1); - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) - wolfSSL_AsyncPoll(serverSsl, WOLF_POLL_FLAG_CHECK_HW); - #endif - } - while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); - ExpectIntEQ(ret, WOLFSSL_SUCCESS); -#endif -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - do { - ret = wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1); - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) - wolfSSL_AsyncPoll(clientTls12Ssl, WOLF_POLL_FLAG_CHECK_HW); - #endif - } - while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); - ExpectIntEQ(ret, WOLFSSL_SUCCESS); -#endif - do { - ret = wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1); - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) - wolfSSL_AsyncPoll(clientSsl, WOLF_POLL_FLAG_CHECK_HW); - #endif - } - while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); - ExpectIntEQ(ret, WOLFSSL_SUCCESS); -#endif -#elif defined(HAVE_CURVE25519) - ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519), - WOLFSSL_SUCCESS); -#endif -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519), - WOLFSSL_SUCCESS); -#endif - ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519), - WOLFSSL_SUCCESS); -#endif -#elif defined(HAVE_CURVE448) - ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448), - WOLFSSL_SUCCESS); -#endif -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448), - WOLFSSL_SUCCESS); -#endif - ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448), - WOLFSSL_SUCCESS); -#endif -#else - ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), - WC_NO_ERR_TRACE(NOT_COMPILED_IN)); -#endif - ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), - WC_NO_ERR_TRACE(NOT_COMPILED_IN)); -#endif -#endif - -#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ - !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ - !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ - !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) -#ifndef WOLFSSL_NO_ML_KEM -#ifndef WOLFSSL_NO_ML_KEM_768 - mlkemLevel = WOLFSSL_ML_KEM_768; -#elif !defined(WOLFSSL_NO_ML_KEM_1024) - mlkemLevel = WOLFSSL_ML_KEM_1024; -#else - mlkemLevel = WOLFSSL_ML_KEM_512; -#endif -#else -#ifndef WOLFSSL_NO_KYBER768 - mlkemLevel = WOLFSSL_KYBER_LEVEL3; -#elif !defined(WOLFSSL_NO_KYBER1024) - mlkemLevel = WOLFSSL_KYBER_LEVEL5; -#else - mlkemLevel = WOLFSSL_KYBER_LEVEL1; -#endif -#endif - ExpectIntEQ(wolfSSL_UseKeyShare(NULL, mlkemLevel), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, mlkemLevel), - WOLFSSL_SUCCESS); -#endif -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, mlkemLevel), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, mlkemLevel), - WOLFSSL_SUCCESS); -#endif -#endif - - ExpectIntEQ(wolfSSL_NoKeyShares(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR)); -#endif -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS); -#endif - ExpectIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS); -#endif -#endif /* HAVE_SUPPORTED_CURVES */ - - ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT - ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR)); -#endif -#ifndef NO_WOLFSSL_SERVER -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0); -#endif - - ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT - ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), WC_NO_ERR_TRACE(SIDE_ERROR)); -#endif -#ifndef NO_WOLFSSL_SERVER -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0); -#endif - - ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0); -#endif -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0); -#endif - - ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0); -#endif -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0); -#endif - - ExpectIntEQ(wolfSSL_update_keys(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_update_keys(clientSsl), WC_NO_ERR_TRACE(BUILD_MSG_ERROR)); -#endif -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_update_keys(serverSsl), WC_NO_ERR_TRACE(BUILD_MSG_ERROR)); -#endif - - ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_key_update_response(NULL, &required), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - -#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), WC_NO_ERR_TRACE(SIDE_ERROR)); -#endif -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0); -#endif - - ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR)); -#endif -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0); -#endif - - ExpectIntEQ(wolfSSL_request_certificate(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT - ExpectIntEQ(wolfSSL_request_certificate(clientSsl), WC_NO_ERR_TRACE(SIDE_ERROR)); -#endif -#ifndef NO_WOLFSSL_SERVER -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_request_certificate(serverTls12Ssl), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_request_certificate(serverSsl), WC_NO_ERR_TRACE(NOT_READY_ERROR)); -#endif -#endif - -#ifdef HAVE_ECC -#ifndef WOLFSSL_NO_SERVER_GROUPS_EXT - ExpectIntEQ(wolfSSL_preferred_group(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_preferred_group(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR)); -#endif -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_preferred_group(clientSsl), WC_NO_ERR_TRACE(NOT_READY_ERROR)); -#endif -#endif - -#ifdef HAVE_SUPPORTED_CURVES - ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT - ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups), - WOLFSSL_SUCCESS); -#endif - ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, - WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - - ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT - ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups), - WOLFSSL_SUCCESS); -#endif - ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, - WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - -#ifdef OPENSSL_EXTRA - ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#ifndef NO_WOLFSSL_CLIENT - ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#endif - ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList), - WOLFSSL_SUCCESS); -#endif - ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList), - WOLFSSL_SUCCESS); -#endif -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList), - WOLFSSL_SUCCESS); -#endif - - ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#ifndef NO_WOLFSSL_CLIENT - ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#endif - ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList), - WOLFSSL_SUCCESS); -#endif - ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList), - WOLFSSL_SUCCESS); -#endif -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList), - WOLFSSL_SUCCESS); -#endif -#endif /* OPENSSL_EXTRA */ -#endif /* HAVE_SUPPORTED_CURVES */ -#endif /* HAVE_ECC */ - -#ifdef WOLFSSL_EARLY_DATA -#ifndef OPENSSL_EXTRA - ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#else - ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(SSL_CTX_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif -#ifndef NO_WOLFSSL_CLIENT -#ifndef OPENSSL_EXTRA - ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), WC_NO_ERR_TRACE(SIDE_ERROR)); - ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR)); -#else - ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), WC_NO_ERR_TRACE(SIDE_ERROR)); - ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR)); -#endif -#endif -#ifndef NO_WOLFSSL_SERVER -#ifndef WOLFSSL_NO_TLS12 -#ifndef OPENSSL_EXTRA - ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#else - ExpectIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif -#endif -#ifndef OPENSSL_EXTRA -#ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), - WOLFSSL_SUCCESS); -#else - ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0); -#endif - ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32); -#else - ExpectIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1); - ExpectIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32); -#endif -#endif - -#ifndef OPENSSL_EXTRA - ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#else - ExpectIntEQ(SSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(SSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif -#ifndef NO_WOLFSSL_CLIENT -#ifndef OPENSSL_EXTRA -#ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS); -#else - ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), 0); -#endif - ExpectIntEQ(wolfSSL_get_max_early_data(clientSsl), 17); -#else - ExpectIntEQ(SSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS); - ExpectIntEQ(SSL_get_max_early_data(clientSsl), 17); -#endif -#endif -#ifndef NO_WOLFSSL_SERVER -#ifndef WOLFSSL_NO_TLS12 -#ifndef OPENSSL_EXTRA - ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#else - ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif -#endif -#ifndef OPENSSL_EXTRA -#ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), WOLFSSL_SUCCESS); -#else - ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0); -#endif - ExpectIntEQ(wolfSSL_get_max_early_data(serverSsl), 16); -#else - ExpectIntEQ(SSL_set_max_early_data(serverSsl, 16), 1); - ExpectIntEQ(SSL_get_max_early_data(serverSsl), 16); -#endif -#endif - - - ExpectIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData), - &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_CLIENT - ExpectIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData), - &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, - sizeof(earlyData), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_write_early_data(serverSsl, earlyData, - sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR)); -#endif -#ifndef NO_WOLFSSL_CLIENT -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData, - sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, - sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); -#endif - - ExpectIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer, - sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef NO_WOLFSSL_SERVER - ExpectIntEQ(wolfSSL_read_early_data(serverSsl, NULL, - sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1, - &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, - sizeof(earlyDataBuffer), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif -#ifndef NO_WOLFSSL_CLIENT - ExpectIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer, - sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR)); -#endif -#ifndef NO_WOLFSSL_SERVER -#ifndef WOLFSSL_NO_TLS12 - ExpectIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer, - sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, - sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); -#endif -#endif - -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA) - ExpectIntLT(SSL_get_early_data_status(NULL), 0); -#endif - - -#ifndef NO_WOLFSSL_SERVER - wolfSSL_free(serverSsl); - wolfSSL_CTX_free(serverCtx); -#endif -#ifndef NO_WOLFSSL_CLIENT - wolfSSL_free(clientSsl); - wolfSSL_CTX_free(clientCtx); -#endif - -#ifndef WOLFSSL_NO_TLS12 -#ifndef NO_WOLFSSL_SERVER - wolfSSL_free(serverTls12Ssl); - wolfSSL_CTX_free(serverTls12Ctx); -#endif -#ifndef NO_WOLFSSL_CLIENT - wolfSSL_free(clientTls12Ssl); - wolfSSL_CTX_free(clientTls12Ctx); -#endif -#endif - - return EXPECT_RESULT(); -} - -#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \ - defined(HAVE_ECC) && defined(BUILD_TLS_AES_128_GCM_SHA256) && \ - defined(BUILD_TLS_AES_256_GCM_SHA384) -/* Called when writing. */ -static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx) -{ - (void)ssl; - (void)buf; - (void)sz; - (void)ctx; - - /* Force error return from wolfSSL_accept_TLSv13(). */ - return WANT_WRITE; -} -/* Called when reading. */ -static int CsRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) -{ - WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx; - int len = (int)msg->length; - - (void)ssl; - (void)sz; - - /* Pass back as much of message as will fit in buffer. */ - if (len > sz) - len = sz; - XMEMCPY(buf, msg->buffer, len); - /* Move over returned data. */ - msg->buffer += len; - msg->length -= len; - - /* Amount actually copied. */ - return len; -} -#endif - -static int test_tls13_cipher_suites(void) -{ - EXPECT_DECLS; -#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \ - defined(HAVE_ECC) && defined(BUILD_TLS_AES_128_GCM_SHA256) && \ - defined(BUILD_TLS_AES_256_GCM_SHA384) - WOLFSSL_CTX* ctx = NULL; - WOLFSSL *ssl = NULL; - int i; - byte clientHello[] = { - 0x16, 0x03, 0x03, 0x01, 0x9b, 0x01, 0x00, 0x01, - 0x97, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe, - 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55, - 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8, - 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c, - 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b, - 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda, - 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, - /* Cipher suites: 0x13, 0x01 = TLS13-AES128-GCM-SHA256, twice. */ - 0x13, 0x01, - 0x13, 0x01, 0x01, 0x00, 0x01, 0x4a, 0x00, 0x2d, - 0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x33, 0x00, - 0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, - 0x90, 0xfc, 0xe2, 0x97, 0x05, 0x7c, 0xb5, 0x23, - 0x5d, 0x5f, 0x5b, 0xcd, 0x0c, 0x1e, 0xe0, 0xe9, - 0xab, 0x38, 0x6b, 0x1e, 0x20, 0x5c, 0x1c, 0x90, - 0x2a, 0x9e, 0x68, 0x8e, 0x70, 0x05, 0x10, 0xa8, - 0x02, 0x1b, 0xf9, 0x5c, 0xef, 0xc9, 0xaf, 0xca, - 0x1a, 0x3b, 0x16, 0x8b, 0xe4, 0x1b, 0x3c, 0x15, - 0xb8, 0x0d, 0xbd, 0xaf, 0x62, 0x8d, 0xa7, 0x13, - 0xa0, 0x7c, 0xe0, 0x59, 0x0c, 0x4f, 0x8a, 0x6d, - 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04, 0x00, - 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x03, 0x05, - 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, 0x08, - 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, - 0x09, 0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03, - 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00, - 0x02, 0x00, 0x17, 0x00, 0x16, 0x00, 0x00, 0x00, - 0x23, 0x00, 0x00, 0x00, 0x29, 0x00, 0xb9, 0x00, - 0x94, 0x00, 0x8e, 0x0f, 0x12, 0xfa, 0x84, 0x1f, - 0x76, 0x94, 0xd7, 0x09, 0x5e, 0xad, 0x08, 0x51, - 0xb6, 0x80, 0x28, 0x31, 0x8b, 0xfd, 0xc6, 0xbd, - 0x9e, 0xf5, 0x3b, 0x4d, 0x02, 0xbe, 0x1d, 0x73, - 0xea, 0x13, 0x68, 0x00, 0x4c, 0xfd, 0x3d, 0x48, - 0x51, 0xf9, 0x06, 0xbb, 0x92, 0xed, 0x42, 0x9f, - 0x7f, 0x2c, 0x73, 0x9f, 0xd9, 0xb4, 0xef, 0x05, - 0x26, 0x5b, 0x60, 0x5c, 0x0a, 0xfc, 0xa3, 0xbd, - 0x2d, 0x2d, 0x8b, 0xf9, 0xaa, 0x5c, 0x96, 0x3a, - 0xf2, 0xec, 0xfa, 0xe5, 0x57, 0x2e, 0x87, 0xbe, - 0x27, 0xc5, 0x3d, 0x4f, 0x5d, 0xdd, 0xde, 0x1c, - 0x1b, 0xb3, 0xcc, 0x27, 0x27, 0x57, 0x5a, 0xd9, - 0xea, 0x99, 0x27, 0x23, 0xa6, 0x0e, 0xea, 0x9c, - 0x0d, 0x85, 0xcb, 0x72, 0xeb, 0xd7, 0x93, 0xe3, - 0xfe, 0xf7, 0x5c, 0xc5, 0x5b, 0x75, 0x8c, 0x47, - 0x0a, 0x0e, 0xc4, 0x1a, 0xda, 0xef, 0x75, 0xe5, - 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0xfb, 0x92, 0xce, 0xaa, 0x00, 0x21, 0x20, - 0xcb, 0x73, 0x25, 0x80, 0x46, 0x78, 0x4f, 0xe5, - 0x34, 0xf6, 0x91, 0x13, 0x7f, 0xc8, 0x8d, 0xdc, - 0x81, 0x04, 0xb7, 0x0d, 0x49, 0x85, 0x2e, 0x12, - 0x7a, 0x07, 0x23, 0xe9, 0x13, 0xa4, 0x6d, 0x8c - }; - WOLFSSL_BUFFER_INFO msg; - /* Offset into ClientHello message data of first cipher suite. */ - const int csOff = 78; - /* Server cipher list. */ - const char* serverCs = "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256"; - /* Suite list with duplicates. */ - const char* dupCs = "TLS13-AES128-GCM-SHA256:" - "TLS13-AES128-GCM-SHA256:" - "TLS13-AES256-GCM-SHA384:" - "TLS13-AES256-GCM-SHA384:" - "TLS13-AES128-GCM-SHA256"; -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) - const byte dupCsBytes[] = { TLS13_BYTE, TLS_AES_256_GCM_SHA384, - TLS13_BYTE, TLS_AES_256_GCM_SHA384, - TLS13_BYTE, TLS_AES_128_GCM_SHA256, - TLS13_BYTE, TLS_AES_128_GCM_SHA256, - TLS13_BYTE, TLS_AES_256_GCM_SHA384 }; -#endif - - /* Set up wolfSSL context. */ - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); - ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, - WOLFSSL_FILETYPE_PEM)); - /* Read from 'msg'. */ - wolfSSL_SetIORecv(ctx, CsRecv); - /* No where to send to - dummy sender. */ - wolfSSL_SetIOSend(ctx, CsSend); - - /* Test cipher suite list with many copies of a cipher suite. */ - ExpectNotNull(ssl = wolfSSL_new(ctx)); - msg.buffer = clientHello; - msg.length = (unsigned int)sizeof(clientHello); - wolfSSL_SetIOReadCtx(ssl, &msg); - /* Force server to have as many occurrences of same cipher suite as - * possible. */ - if (ssl != NULL) { - Suites* suites = (Suites*)WOLFSSL_SUITES(ssl); - suites->suiteSz = WOLFSSL_MAX_SUITE_SZ; - for (i = 0; i < suites->suiteSz; i += 2) { - suites->suites[i + 0] = TLS13_BYTE; - suites->suites[i + 1] = TLS_AES_128_GCM_SHA256; - } - } - /* Test multiple occurrences of same cipher suite. */ - ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - wolfSSL_free(ssl); - ssl = NULL; - - /* Set client order opposite to server order: - * TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384 */ - clientHello[csOff + 0] = TLS13_BYTE; - clientHello[csOff + 1] = TLS_AES_128_GCM_SHA256; - clientHello[csOff + 2] = TLS13_BYTE; - clientHello[csOff + 3] = TLS_AES_256_GCM_SHA384; - - /* Test server order negotiation. */ - ExpectNotNull(ssl = wolfSSL_new(ctx)); - msg.buffer = clientHello; - msg.length = (unsigned int)sizeof(clientHello); - wolfSSL_SetIOReadCtx(ssl, &msg); - /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */ - ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS); - /* Negotiate cipher suites in server order: TLS13-AES256-GCM-SHA384 */ - ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - /* Check refined order - server order. */ - ExpectIntEQ(ssl->suites->suiteSz, 4); - ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE); - ExpectIntEQ(ssl->suites->suites[1], TLS_AES_256_GCM_SHA384); - ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE); - ExpectIntEQ(ssl->suites->suites[3], TLS_AES_128_GCM_SHA256); - wolfSSL_free(ssl); - ssl = NULL; - - /* Test client order negotiation. */ - ExpectNotNull(ssl = wolfSSL_new(ctx)); - msg.buffer = clientHello; - msg.length = (unsigned int)sizeof(clientHello); - wolfSSL_SetIOReadCtx(ssl, &msg); - /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */ - ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_UseClientSuites(ssl), 0); - /* Negotiate cipher suites in client order: TLS13-AES128-GCM-SHA256 */ - ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - /* Check refined order - client order. */ - ExpectIntEQ(ssl->suites->suiteSz, 4); - ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE); - ExpectIntEQ(ssl->suites->suites[1], TLS_AES_128_GCM_SHA256); - ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE); - ExpectIntEQ(ssl->suites->suites[3], TLS_AES_256_GCM_SHA384); - wolfSSL_free(ssl); - ssl = NULL; - - /* Check duplicate detection is working. */ - ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, dupCs), WOLFSSL_SUCCESS); - ExpectIntEQ(ctx->suites->suiteSz, 4); - ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE); - ExpectIntEQ(ctx->suites->suites[1], TLS_AES_128_GCM_SHA256); - ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE); - ExpectIntEQ(ctx->suites->suites[3], TLS_AES_256_GCM_SHA384); - -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) - ExpectIntEQ(wolfSSL_CTX_set_cipher_list_bytes(ctx, dupCsBytes, - sizeof(dupCsBytes)), WOLFSSL_SUCCESS); - ExpectIntEQ(ctx->suites->suiteSz, 4); - ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE); - ExpectIntEQ(ctx->suites->suites[1], TLS_AES_256_GCM_SHA384); - ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE); - ExpectIntEQ(ctx->suites->suites[3], TLS_AES_128_GCM_SHA256); -#endif - - wolfSSL_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - -#endif - #if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12) #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && \ !defined(NO_AES) && defined(HAVE_AES_CBC) && \ @@ -47546,77 +46595,6 @@ static int test_multiple_alerts_EAGAIN(void) } #endif -#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\ - && !defined(NO_PSK) -static unsigned int test_tls13_bad_psk_binder_client_cb(WOLFSSL* ssl, - const char* hint, char* identity, unsigned int id_max_len, - unsigned char* key, unsigned int key_max_len) -{ - (void)ssl; - (void)hint; - (void)key_max_len; - - /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - XSTRNCPY(identity, "Client_identity", id_max_len); - - key[0] = 0x20; - return 1; -} - -static unsigned int test_tls13_bad_psk_binder_server_cb(WOLFSSL* ssl, - const char* id, unsigned char* key, unsigned int key_max_len) -{ - (void)ssl; - (void)id; - (void)key_max_len; - /* zero means error */ - key[0] = 0x10; - return 1; -} -#endif - -static int test_tls13_bad_psk_binder(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\ - && !defined(NO_PSK) - WOLFSSL_CTX *ctx_c = NULL; - WOLFSSL_CTX *ctx_s = NULL; - WOLFSSL *ssl_c = NULL; - WOLFSSL *ssl_s = NULL; - struct test_memio_ctx test_ctx; - WOLFSSL_ALERT_HISTORY h; - - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, - wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); - - wolfSSL_set_psk_client_callback(ssl_c, test_tls13_bad_psk_binder_client_cb); - wolfSSL_set_psk_server_callback(ssl_s, test_tls13_bad_psk_binder_server_cb); - - ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), - WOLFSSL_ERROR_WANT_READ); - - ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); - ExpectIntEQ( wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), - WC_NO_ERR_TRACE(BAD_BINDER)); - - ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), - WC_NO_ERR_TRACE(FATAL_ERROR)); - ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS); - ExpectIntEQ(h.last_rx.code, illegal_parameter); - ExpectIntEQ(h.last_rx.level, alert_fatal); - - wolfSSL_free(ssl_c); - wolfSSL_CTX_free(ctx_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_s); -#endif - return EXPECT_RESULT(); -} - #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) static int test_harden_no_secure_renegotiation_io_cb(WOLFSSL *ssl, char *buf, @@ -47806,115 +46784,6 @@ static int test_override_alt_cert_chain(void) } #endif -#if defined(HAVE_RPK) && !defined(NO_TLS) - -#define svrRpkCertFile "./certs/rpk/server-cert-rpk.der" -#define clntRpkCertFile "./certs/rpk/client-cert-rpk.der" - -#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13) -static int MyRpkVerifyCb(int mode, WOLFSSL_X509_STORE_CTX* strctx) -{ - int ret = WOLFSSL_SUCCESS; - (void)mode; - (void)strctx; - WOLFSSL_ENTER("MyRpkVerifyCb"); - return ret; -} -#endif /* WOLFSSL_ALWAYS_VERIFY_CB && WOLFSSL_TLS13 */ - -static WC_INLINE int test_rpk_memio_setup( - struct test_memio_ctx *ctx, - WOLFSSL_CTX **ctx_c, - WOLFSSL_CTX **ctx_s, - WOLFSSL **ssl_c, - WOLFSSL **ssl_s, - method_provider method_c, - method_provider method_s, - const char* certfile_c, int fmt_cc, /* client cert file path and format */ - const char* certfile_s, int fmt_cs, /* server cert file path and format */ - const char* pkey_c, int fmt_kc, /* client private key and format */ - const char* pkey_s, int fmt_ks /* server private key and format */ - ) -{ - int ret; - if (ctx_c != NULL && *ctx_c == NULL) { - *ctx_c = wolfSSL_CTX_new(method_c()); - if (*ctx_c == NULL) { - return -1; - } - wolfSSL_CTX_set_verify(*ctx_c, WOLFSSL_VERIFY_PEER, NULL); - - ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0); - if (ret != WOLFSSL_SUCCESS) { - return -1; - } - wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb); - wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb); - - ret = wolfSSL_CTX_use_certificate_file(*ctx_c, certfile_c, fmt_cc); - if (ret != WOLFSSL_SUCCESS) { - return -1; - } - ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_c, pkey_c, fmt_kc); - if (ret != WOLFSSL_SUCCESS) { - return -1; - } - } - - if (ctx_s != NULL && *ctx_s == NULL) { - *ctx_s = wolfSSL_CTX_new(method_s()); - if (*ctx_s == NULL) { - return -1; - } - wolfSSL_CTX_set_verify(*ctx_s, WOLFSSL_VERIFY_PEER, NULL); - - ret = wolfSSL_CTX_load_verify_locations(*ctx_s, cliCertFile, 0); - if (ret != WOLFSSL_SUCCESS) { - return -1; - } - - ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, pkey_s, fmt_ks); - if (ret != WOLFSSL_SUCCESS) { - return -1; - } - ret = wolfSSL_CTX_use_certificate_file(*ctx_s, certfile_s, fmt_cs); - if (ret != WOLFSSL_SUCCESS) { - return -1; - } - wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb); - wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb); - if (ctx->s_ciphers != NULL) { - ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers); - if (ret != WOLFSSL_SUCCESS) { - return -1; - } - } - } - - if (ctx_c != NULL && ssl_c != NULL) { - *ssl_c = wolfSSL_new(*ctx_c); - if (*ssl_c == NULL) { - return -1; - } - wolfSSL_SetIOWriteCtx(*ssl_c, ctx); - wolfSSL_SetIOReadCtx(*ssl_c, ctx); - } - if (ctx_s != NULL && ssl_s != NULL) { - *ssl_s = wolfSSL_new(*ctx_s); - if (*ssl_s == NULL) { - return -1; - } - wolfSSL_SetIOWriteCtx(*ssl_s, ctx); - wolfSSL_SetIOReadCtx(*ssl_s, ctx); -#if !defined(NO_DH) - SetDH(*ssl_s); -#endif - } - - return 0; -} -#endif /* HAVE_RPK && !NO_TLS */ - static int test_rpk_set_xxx_cert_type(void) { EXPECT_DECLS; @@ -48149,689 +47018,6 @@ static int test_rpk_set_xxx_cert_type(void) return EXPECT_RESULT(); } -static int test_tls13_rpk_handshake(void) -{ - EXPECT_DECLS; -#if defined(HAVE_RPK) && (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)) -#ifdef WOLFSSL_TLS13 - int ret = 0; -#endif - WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; - WOLFSSL *ssl_c = NULL, *ssl_s = NULL; - struct test_memio_ctx test_ctx; - int err; - char certType_c[MAX_CLIENT_CERT_TYPE_CNT]; - char certType_s[MAX_CLIENT_CERT_TYPE_CNT]; - int typeCnt_c; - int typeCnt_s; - int tp = 0; -#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13) - int isServer; -#endif - - (void)err; - (void)typeCnt_c; - (void)typeCnt_s; - (void)certType_c; - (void)certType_s; - -#ifndef WOLFSSL_NO_TLS12 - /* TLS1.2 - * Both client and server load x509 cert and start handshaking. - * Check no negotiation occurred. - */ - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - - ExpectIntEQ( - test_rpk_memio_setup( - &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, - wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, - cliCertFile, WOLFSSL_FILETYPE_PEM, - svrCertFile, WOLFSSL_FILETYPE_PEM, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM) - , 0); - - - /* set client certificate type in client end */ - certType_c[0] = WOLFSSL_CERT_TYPE_RPK; - certType_c[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_c = 2; - - certType_s[0] = WOLFSSL_CERT_TYPE_RPK; - certType_s[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_s = 2; - - /* both client and server do not call client/server_cert_type APIs, - * expecting default settings works and no negotiation performed. - */ - - ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); - - /* confirm no negotiation occurred */ - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN); - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); - - (void)typeCnt_c; - (void)typeCnt_s; - - wolfSSL_free(ssl_c); - wolfSSL_CTX_free(ctx_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_s); - ssl_c = ssl_s = NULL; - ctx_c = ctx_s = NULL; -#endif - -#ifdef WOLFSSL_TLS13 - /* Both client and server load x509 cert and start handshaking. - * Check no negotiation occurred. - */ - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - - ExpectIntEQ( - test_rpk_memio_setup( - &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, - wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - cliCertFile, WOLFSSL_FILETYPE_PEM, - svrCertFile, WOLFSSL_FILETYPE_PEM, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) - , 0); - - /* set client certificate type in client end */ - certType_c[0] = WOLFSSL_CERT_TYPE_RPK; - certType_c[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_c = 2; - - certType_s[0] = WOLFSSL_CERT_TYPE_RPK; - certType_s[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_s = 2; - - /* both client and server do not call client/server_cert_type APIs, - * expecting default settings works and no negotiation performed. - */ - - ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); - - /* confirm no negotiation occurred */ - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); - - (void)typeCnt_c; - (void)typeCnt_s; - - wolfSSL_free(ssl_c); - wolfSSL_CTX_free(ctx_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_s); - ssl_c = ssl_s = NULL; - ctx_c = ctx_s = NULL; - - - /* Both client and server load RPK cert and start handshaking. - * Confirm negotiated cert types match as expected. - */ - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - - ExpectIntEQ( - test_rpk_memio_setup( - &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, - wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, - svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) - , 0); - - /* set client certificate type in client end */ - certType_c[0] = WOLFSSL_CERT_TYPE_RPK; - certType_c[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_c = 2; - - certType_s[0] = WOLFSSL_CERT_TYPE_RPK; - certType_s[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_s = 2; - - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* set server certificate type in client end */ - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - /* set client certificate type in server end */ - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* set server certificate type in server end */ - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - wolfSSL_free(ssl_c); - wolfSSL_CTX_free(ctx_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_s); - ssl_c = ssl_s = NULL; - ctx_c = ctx_s = NULL; -#endif - - -#ifndef WOLFSSL_NO_TLS12 - /* TLS1.2 - * Both client and server load RPK cert and start handshaking. - * Confirm negotiated cert types match as expected. - */ - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - - ExpectIntEQ( - test_rpk_memio_setup( - &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, - wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, - clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, - svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) - , 0); - - /* set client certificate type in client end */ - certType_c[0] = WOLFSSL_CERT_TYPE_RPK; - certType_c[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_c = 2; - - certType_s[0] = WOLFSSL_CERT_TYPE_RPK; - certType_s[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_s = 2; - - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* set server certificate type in client end */ - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - /* set client certificate type in server end */ - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* set server certificate type in server end */ - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) - return TEST_FAIL; - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - wolfSSL_free(ssl_c); - wolfSSL_CTX_free(ctx_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_s); - ssl_c = ssl_s = NULL; - ctx_c = ctx_s = NULL; -#endif - - -#ifdef WOLFSSL_TLS13 - /* Both client and server load x509 cert. - * Have client call set_client_cert_type with both RPK and x509. - * This doesn't makes client add client cert type extension to ClientHello, - * since it does not load RPK cert actually. - */ - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - - ExpectIntEQ( - test_rpk_memio_setup( - &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, - wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - cliCertFile, WOLFSSL_FILETYPE_PEM, - svrCertFile, WOLFSSL_FILETYPE_PEM, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) - , 0); - - /* set client certificate type in client end - * - * client indicates both RPK and x509 certs are available but loaded RPK - * cert only. It does not have client add client-cert-type extension in CH. - */ - certType_c[0] = WOLFSSL_CERT_TYPE_RPK; - certType_c[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_c = 2; - - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* client indicates both RPK and x509 certs are acceptable */ - certType_s[0] = WOLFSSL_CERT_TYPE_RPK; - certType_s[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_s = 2; - - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - /* server indicates both RPK and x509 certs are acceptable */ - certType_c[0] = WOLFSSL_CERT_TYPE_RPK; - certType_c[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_c = 2; - - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* server should indicate only RPK cert is available */ - certType_s[0] = WOLFSSL_CERT_TYPE_X509; - certType_s[1] = -1; - typeCnt_s = 1; - - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) - return TEST_FAIL; - - /* Negotiation for client-cert-type should NOT happen. Therefore -1 should - * be returned as cert type. - */ - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); - - wolfSSL_free(ssl_c); - wolfSSL_CTX_free(ctx_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_s); - ssl_c = ssl_s = NULL; - ctx_c = ctx_s = NULL; - - - /* Have client load RPK cert and have server load x509 cert. - * Check the negotiation result from both ends. - */ - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - - ExpectIntEQ( - test_rpk_memio_setup( - &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, - wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, - svrCertFile, WOLFSSL_FILETYPE_PEM, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) - , 0); - - /* have client tell to use RPK cert */ - certType_c[0] = WOLFSSL_CERT_TYPE_RPK; - certType_c[1] = -1; - typeCnt_c = 1; - - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* have client tell to accept both RPK and x509 cert */ - certType_s[0] = WOLFSSL_CERT_TYPE_X509; - certType_s[1] = WOLFSSL_CERT_TYPE_RPK; - typeCnt_s = 2; - - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - /* have server accept to both RPK and x509 cert */ - certType_c[0] = WOLFSSL_CERT_TYPE_X509; - certType_c[1] = WOLFSSL_CERT_TYPE_RPK; - typeCnt_c = 2; - - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* does not call wolfSSL_set_server_cert_type intentionally in sesrver - * end, expecting the default setting works. - */ - - - if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) - return TEST_FAIL; - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); - - wolfSSL_free(ssl_c); - wolfSSL_CTX_free(ctx_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_s); - ssl_c = ssl_s = NULL; - ctx_c = ctx_s = NULL; - - - /* Have both client and server load RPK cert, however, have server - * indicate its cert type x509. - * Client is expected to detect the cert type mismatch then to send alert - * with "unsupported_certificate". - */ - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - - ExpectIntEQ( - test_rpk_memio_setup( - &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, - wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, - svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, /* server sends RPK cert */ - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) - , 0); - - /* have client tell to use RPK cert */ - certType_c[0] = WOLFSSL_CERT_TYPE_RPK; - certType_c[1] = -1; - typeCnt_c = 1; - - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* have client tell to accept both RPK and x509 cert */ - certType_s[0] = WOLFSSL_CERT_TYPE_X509; - certType_s[1] = WOLFSSL_CERT_TYPE_RPK; - typeCnt_s = 2; - - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - /* have server accept to both RPK and x509 cert */ - certType_c[0] = WOLFSSL_CERT_TYPE_X509; - certType_c[1] = WOLFSSL_CERT_TYPE_RPK; - typeCnt_c = 2; - - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* have server tell to use x509 cert intentionally. This will bring - * certificate type mismatch in client side. - */ - certType_s[0] = WOLFSSL_CERT_TYPE_X509; - certType_s[1] = -1; - typeCnt_s = 1; - - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - /* expect client detect cert type mismatch then send Alert */ - ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); - if (ret != -1) - return TEST_FAIL; - - ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE)); - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); - - wolfSSL_free(ssl_c); - wolfSSL_CTX_free(ctx_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_s); - ssl_c = ssl_s = NULL; - ctx_c = ctx_s = NULL; - - - /* Have client load x509 cert and server load RPK cert, - * however, have client indicate its cert type RPK. - * Server is expected to detect the cert type mismatch then to send alert - * with "unsupported_certificate". - */ - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - - ExpectIntEQ( - test_rpk_memio_setup( - &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, - wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - cliCertFile, WOLFSSL_FILETYPE_PEM, - svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) - , 0); - - /* have client tell to use RPK cert intentionally */ - certType_c[0] = WOLFSSL_CERT_TYPE_RPK; - certType_c[1] = -1; - typeCnt_c = 1; - - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* have client tell to accept both RPK and x509 cert */ - certType_s[0] = WOLFSSL_CERT_TYPE_X509; - certType_s[1] = WOLFSSL_CERT_TYPE_RPK; - typeCnt_s = 2; - - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - /* have server accept to both RPK and x509 cert */ - certType_c[0] = WOLFSSL_CERT_TYPE_X509; - certType_c[1] = WOLFSSL_CERT_TYPE_RPK; - typeCnt_c = 2; - - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* have server tell to use x509 cert intentionally. This will bring - * certificate type mismatch in client side. - */ - certType_s[0] = WOLFSSL_CERT_TYPE_X509; - certType_s[1] = -1; - typeCnt_s = 1; - - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); - - /* expect server detect cert type mismatch then send Alert */ - ExpectIntNE(ret, 0); - err = wolfSSL_get_error(ssl_c, ret); - ExpectIntEQ(err, WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE)); - - /* client did not load RPK cert actually, so negotiation did not happen */ - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); - - /* client did not load RPK cert actually, so negotiation did not happen */ - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); - - wolfSSL_free(ssl_c); - wolfSSL_CTX_free(ctx_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_s); - ssl_c = ssl_s = NULL; - ctx_c = ctx_s = NULL; - - -#if defined(WOLFSSL_ALWAYS_VERIFY_CB) - /* Both client and server load RPK cert and set certificate verify - * callbacks then start handshaking. - * Confirm both side can refer the peer's cert. - */ - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - - ExpectIntEQ( - test_rpk_memio_setup( - &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, - wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, - svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, - cliKeyFile, WOLFSSL_FILETYPE_PEM, - svrKeyFile, WOLFSSL_FILETYPE_PEM ) - , 0); - - /* set client certificate type in client end */ - certType_c[0] = WOLFSSL_CERT_TYPE_RPK; - certType_c[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_c = 2; - - certType_s[0] = WOLFSSL_CERT_TYPE_RPK; - certType_s[1] = WOLFSSL_CERT_TYPE_X509; - typeCnt_s = 2; - - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* set server certificate type in client end */ - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - /* set client certificate type in server end */ - ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), - WOLFSSL_SUCCESS); - - /* set server certificate type in server end */ - ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), - WOLFSSL_SUCCESS); - - /* set certificate verify callback to both client and server */ - isServer = 0; - wolfSSL_SetCertCbCtx(ssl_c, &isServer); - wolfSSL_set_verify(ssl_c, SSL_VERIFY_PEER, MyRpkVerifyCb); - - isServer = 1; - wolfSSL_SetCertCbCtx(ssl_c, &isServer); - wolfSSL_set_verify(ssl_s, SSL_VERIFY_PEER, MyRpkVerifyCb); - - ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); - if (ret != 0) - return TEST_FAIL; - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), - WOLFSSL_SUCCESS); - ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); - - wolfSSL_free(ssl_c); - wolfSSL_CTX_free(ctx_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_s); - ssl_c = ssl_s = NULL; - ctx_c = ctx_s = NULL; -#endif /* WOLFSSL_ALWAYS_VERIFY_CB */ -#endif /* WOLFSSL_TLS13 */ - -#endif /* HAVE_RPK && (!WOLFSSL_NO_TLS12 || WOLFSSL_TLS13) */ - return EXPECT_RESULT(); -} - #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) @@ -50968,226 +49154,6 @@ static int test_dtls13_missing_finished_server(void) return EXPECT_RESULT(); } -#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ - defined(HAVE_LIBOQS) -static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx) -{ -#ifdef WOLFSSL_MLKEM_KYBER - int group = WOLFSSL_KYBER_LEVEL5; -#else - int group = WOLFSSL_ML_KEM_1024; -#endif - AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS); -} - -static void test_tls13_pq_groups_on_result(WOLFSSL* ssl) -{ -#ifdef WOLFSSL_MLKEM_KYBER - AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5"); -#else - AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024"); -#endif -} -#endif - -static int test_tls13_pq_groups(void) -{ - EXPECT_DECLS; -#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ - defined(HAVE_LIBOQS) - callback_functions func_cb_client; - callback_functions func_cb_server; - - XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); - XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); - - func_cb_client.method = wolfTLSv1_3_client_method; - func_cb_server.method = wolfTLSv1_3_server_method; - func_cb_client.ctx_ready = test_tls13_pq_groups_ctx_ready; - func_cb_client.on_result = test_tls13_pq_groups_on_result; - func_cb_server.on_result = test_tls13_pq_groups_on_result; - - test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); - - ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS); - ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS); -#endif - return EXPECT_RESULT(); -} - -static int test_tls13_early_data(void) -{ - EXPECT_DECLS; -#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ - defined(WOLFSSL_EARLY_DATA) && defined(HAVE_SESSION_TICKET) - int written = 0; - int read = 0; - size_t i; - int splitEarlyData; - char msg[] = "This is early data"; - char msg2[] = "This is client data"; - char msg3[] = "This is server data"; - char msg4[] = "This is server immediate data"; - char msgBuf[50]; - struct { - method_provider client_meth; - method_provider server_meth; - const char* tls_version; - int isUdp; - } params[] = { -#ifdef WOLFSSL_TLS13 - { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - "TLS 1.3", 0 }, -#endif -#ifdef WOLFSSL_DTLS13 - { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, - "DTLS 1.3", 1 }, -#endif - }; - - for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) { - for (splitEarlyData = 0; splitEarlyData < 2; splitEarlyData++) { - struct test_memio_ctx test_ctx; - WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; - WOLFSSL *ssl_c = NULL, *ssl_s = NULL; - WOLFSSL_SESSION *sess = NULL; - - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - - fprintf(stderr, "\tEarly data with %s\n", params[i].tls_version); - - ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, - &ssl_s, params[i].client_meth, params[i].server_meth), 0); - - /* Get a ticket so that we can do 0-RTT on the next connection */ - ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); - /* Make sure we read the ticket */ - ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1); - ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); - ExpectNotNull(sess = wolfSSL_get1_session(ssl_c)); - - wolfSSL_free(ssl_c); - ssl_c = NULL; - wolfSSL_free(ssl_s); - ssl_s = NULL; - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, - params[i].client_meth, params[i].server_meth), 0); - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS); -#ifdef WOLFSSL_DTLS13 - if (params[i].isUdp) { - wolfSSL_SetLoggingPrefix("server"); -#ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME - ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), WOLFSSL_SUCCESS); -#else - /* Let's test this but we generally don't recommend turning off the - * cookie exchange */ - ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS); -#endif - } -#endif - - /* Test 0-RTT data */ - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg), - &written), sizeof(msg)); - ExpectIntEQ(written, sizeof(msg)); - - if (splitEarlyData) { - ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg), - &written), sizeof(msg)); - ExpectIntEQ(written, sizeof(msg)); - } - - /* Read first 0-RTT data (if split otherwise entire data) */ - wolfSSL_SetLoggingPrefix("server"); - ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf), - &read), sizeof(msg)); - ExpectIntEQ(read, sizeof(msg)); - ExpectStrEQ(msg, msgBuf); - - /* Test 0.5-RTT data */ - ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4)); - - if (splitEarlyData) { - /* Read second 0-RTT data */ - ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf), - &read), sizeof(msg)); - ExpectIntEQ(read, sizeof(msg)); - ExpectStrEQ(msg, msgBuf); - } - - if (params[i].isUdp) { - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_connect(ssl_c), -1); - ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(APP_DATA_READY)); - - /* Read server 0.5-RTT data */ - ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4)); - ExpectStrEQ(msg4, msgBuf); - - /* Complete handshake */ - ExpectIntEQ(wolfSSL_connect(ssl_c), -1); - ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); - /* Use wolfSSL_is_init_finished to check if handshake is complete. Normally - * a user would loop until it is true but here we control both sides so we - * just assert the expected value. wolfSSL_read_early_data does not provide - * handshake status to us with non-blocking IO and we can't use - * wolfSSL_accept as TLS layer may return ZERO_RETURN due to early data - * parsing logic. */ - wolfSSL_SetLoggingPrefix("server"); - ExpectFalse(wolfSSL_is_init_finished(ssl_s)); - ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf), - &read), 0); - ExpectIntEQ(read, 0); - ExpectTrue(wolfSSL_is_init_finished(ssl_s)); - - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); - } - else { - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); - - wolfSSL_SetLoggingPrefix("server"); - ExpectFalse(wolfSSL_is_init_finished(ssl_s)); - ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf), - &read), 0); - ExpectIntEQ(read, 0); - ExpectTrue(wolfSSL_is_init_finished(ssl_s)); - - /* Read server 0.5-RTT data */ - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4)); - ExpectStrEQ(msg4, msgBuf); - } - - /* Test bi-directional write */ - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2)); - wolfSSL_SetLoggingPrefix("server"); - ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2)); - ExpectStrEQ(msg2, msgBuf); - ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3)); - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg3)); - ExpectStrEQ(msg3, msgBuf); - - wolfSSL_SetLoggingPrefix(NULL); - ExpectTrue(wolfSSL_session_reused(ssl_c)); - ExpectTrue(wolfSSL_session_reused(ssl_s)); - - wolfSSL_SESSION_free(sess); - wolfSSL_free(ssl_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_c); - wolfSSL_CTX_free(ctx_s); - } - } -#endif - return EXPECT_RESULT(); -} #ifdef HAVE_CERTIFICATE_STATUS_REQUEST static int test_self_signed_stapling_client_v1_ctx_ready(WOLFSSL_CTX* ctx) @@ -52881,11 +50847,7 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify), #endif TEST_DECL(test_wolfSSL_set_options), -#ifdef WOLFSSL_TLS13 - /* TLS v1.3 API tests */ - TEST_DECL(test_tls13_apis), - TEST_DECL(test_tls13_cipher_suites), -#endif + TEST_TLS13_DECLS, TEST_DECL(test_wolfSSL_tmp_dh), TEST_DECL(test_wolfSSL_ctrl), @@ -53151,12 +51113,10 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify), TEST_DECL(test_extra_alerts_skip_hs), TEST_DECL(test_extra_alerts_bad_psk), TEST_DECL(test_multiple_alerts_EAGAIN), - TEST_DECL(test_tls13_bad_psk_binder), /* Can't memory test as client/server Asserts. */ TEST_DECL(test_harden_no_secure_renegotiation), TEST_DECL(test_override_alt_cert_chain), TEST_DECL(test_rpk_set_xxx_cert_type), - TEST_DECL(test_tls13_rpk_handshake), TEST_DECL(test_dtls13_bad_epoch_ch), TEST_DECL(test_short_session_id), TEST_DECL(test_wolfSSL_dtls13_null_cipher), @@ -53195,8 +51155,6 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify), TEST_DECL(test_dtls13_missing_finished_client), TEST_DECL(test_dtls13_missing_finished_server), TEST_DECL(test_wolfSSL_dtls_set_pending_peer), - TEST_DECL(test_tls13_pq_groups), - TEST_DECL(test_tls13_early_data), TEST_DECL(test_tls_multi_handshakes_one_record), TEST_DECL(test_write_dup), TEST_DECL(test_read_write_hs), diff --git a/tests/api/include.am b/tests/api/include.am index d09773dbdd..21d7dd89e8 100644 --- a/tests/api/include.am +++ b/tests/api/include.am @@ -77,6 +77,8 @@ tests_unit_test_SOURCES += tests/api/test_ossl_dh.c tests_unit_test_SOURCES += tests/api/test_ossl_ec.c tests_unit_test_SOURCES += tests/api/test_ossl_ecx.c tests_unit_test_SOURCES += tests/api/test_ossl_dsa.c +# TLS 1.3 specific +tests_unit_test_SOURCES += tests/api/test_tls13.c endif EXTRA_DIST += tests/api/api.h @@ -143,4 +145,5 @@ EXTRA_DIST += tests/api/test_ossl_dh.h EXTRA_DIST += tests/api/test_ossl_ec.h EXTRA_DIST += tests/api/test_ossl_ecx.h EXTRA_DIST += tests/api/test_ossl_dsa.h +EXTRA_DIST += tests/api/test_tls13.h diff --git a/tests/api/test_tls13.c b/tests/api/test_tls13.c new file mode 100644 index 0000000000..3121608e24 --- /dev/null +++ b/tests/api/test_tls13.c @@ -0,0 +1,2143 @@ +/* test_tls13.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) +#ifdef WC_SHA384_DIGEST_SIZE + static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, }; +#else + static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, }; +#endif +#endif +#ifdef WOLFSSL_EARLY_DATA +static const char earlyData[] = "Early Data"; +static char earlyDataBuffer[1]; +#endif + +int test_tls13_apis(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_TLS13 +#if defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) && \ + (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) + int ret; +#endif +#ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_CTX* clientTls12Ctx = NULL; + WOLFSSL* clientTls12Ssl = NULL; +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_CTX* serverTls12Ctx = NULL; + WOLFSSL* serverTls12Ssl = NULL; +#endif +#endif +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_CTX* clientCtx = NULL; + WOLFSSL* clientSsl = NULL; +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_CTX* serverCtx = NULL; + WOLFSSL* serverSsl = NULL; +#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) +#ifndef NO_RSA + const char* ourCert = svrCertFile; + const char* ourKey = svrKeyFile; +#elif defined(HAVE_ECC) + const char* ourCert = eccCertFile; + const char* ourKey = eccKeyFile; +#elif defined(HAVE_ED25519) + const char* ourCert = edCertFile; + const char* ourKey = edKeyFile; +#elif defined(HAVE_ED448) + const char* ourCert = ed448CertFile; + const char* ourKey = ed448KeyFile; +#endif +#endif +#endif + int required; +#ifdef WOLFSSL_EARLY_DATA + int outSz; +#endif +#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) + int groups[2] = { WOLFSSL_ECC_SECP256R1, +#ifdef WOLFSSL_HAVE_MLKEM +#ifdef WOLFSSL_MLKEM_KYBER + #ifndef WOLFSSL_NO_KYBER512 + WOLFSSL_KYBER_LEVEL1 + #elif !defined(WOLFSSL_NO_KYBER768) + WOLFSSL_KYBER_LEVEL3 + #else + WOLFSSL_KYBER_LEVEL5 + #endif +#else + #ifndef WOLFSSL_NO_ML_KEM_512 + WOLFSSL_ML_KEM_512 + #elif !defined(WOLFSSL_NO_ML_KEM_768) + WOLFSSL_ML_KEM_768 + #else + WOLFSSL_ML_KEM_1024 + #endif +#endif +#else + WOLFSSL_ECC_SECP256R1 +#endif + }; +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) + int bad_groups[2] = { 0xDEAD, 0xBEEF }; +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ + int numGroups = 2; +#endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) + char groupList[] = +#ifdef HAVE_CURVE25519 + "X25519:" +#endif +#ifdef HAVE_CURVE448 + "X448:" +#endif +#ifndef NO_ECC_SECP +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 + "P-521:secp521r1:" +#endif +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 + "P-384:secp384r1:" +#endif +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + "P-256:secp256r1" +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +#ifdef WOLFSSL_MLKEM_KYBER + #ifndef WOLFSSL_NO_KYBER512 + ":P256_KYBER_LEVEL1" + #elif !defined(WOLFSSL_NO_KYBER768) + ":P256_KYBER_LEVEL3" + #else + ":P256_KYBER_LEVEL5" + #endif +#else + #ifndef WOLFSSL_NO_KYBER512 + ":SecP256r1MLKEM512" + #elif !defined(WOLFSSL_NO_KYBER768) + ":SecP384r1MLKEM768" + #else + ":SecP521r1MLKEM1024" + #endif +#endif +#endif +#endif +#endif /* !defined(NO_ECC_SECP) */ +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +#ifdef WOLFSSL_MLKEM_KYBER + #ifndef WOLFSSL_NO_KYBER512 + ":KYBER_LEVEL1" + #elif !defined(WOLFSSL_NO_KYBER768) + ":KYBER_LEVEL3" + #else + ":KYBER_LEVEL5" + #endif +#else + #ifndef WOLFSSL_NO_KYBER512 + ":ML_KEM_512" + #elif !defined(WOLFSSL_NO_KYBER768) + ":ML_KEM_768" + #else + ":ML_KEM_1024" + #endif +#endif +#endif + ""; +#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */ +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) + int mlkemLevel; +#endif + +#ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_CLIENT + clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + clientTls12Ssl = wolfSSL_new(clientTls12Ctx); +#endif +#ifndef NO_WOLFSSL_SERVER + serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); +#if !defined(NO_CERTS) + #if !defined(NO_FILESYSTEM) + wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert); + wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, + WOLFSSL_FILETYPE_PEM); + #elif defined(USE_CERT_BUFFERS_2048) + wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1); + wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, server_key_der_2048, + sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1); + #elif defined(USE_CERT_BUFFERS_256) + wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx, + serv_ecc_der_256, sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1); + wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, ecc_key_der_256, + sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1); + #endif +#endif + serverTls12Ssl = wolfSSL_new(serverTls12Ctx); +#endif +#endif + +#ifndef NO_WOLFSSL_CLIENT + clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + clientSsl = wolfSSL_new(clientCtx); +#endif +#ifndef NO_WOLFSSL_SERVER + serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); +#if !defined(NO_CERTS) + /* ignore load failures, since we just need the server to have a cert set */ + #if !defined(NO_FILESYSTEM) + wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert); + wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM); + #elif defined(USE_CERT_BUFFERS_2048) + wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1); + wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, server_key_der_2048, + sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1); + #elif defined(USE_CERT_BUFFERS_256) + wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx, serv_ecc_der_256, + sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1); + wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, ecc_key_der_256, + sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1); + #endif +#endif + serverSsl = wolfSSL_new(serverCtx); + ExpectNotNull(serverSsl); +#endif + +#ifdef WOLFSSL_SEND_HRR_COOKIE + ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)), + WOLFSSL_SUCCESS); +#endif +#endif + +#ifdef HAVE_SUPPORTED_CURVES +#ifdef HAVE_ECC + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + do { + ret = wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1); + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(serverSsl, WOLF_POLL_FLAG_CHECK_HW); + #endif + } + while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + do { + ret = wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1); + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(clientTls12Ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + } + while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif + do { + ret = wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1); + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(clientSsl, WOLF_POLL_FLAG_CHECK_HW); + #endif + } + while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif +#elif defined(HAVE_CURVE25519) + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519), + WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519), + WOLFSSL_SUCCESS); +#endif +#elif defined(HAVE_CURVE448) + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448), + WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448), + WOLFSSL_SUCCESS); +#endif +#else + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif +#endif + +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +#ifndef WOLFSSL_NO_ML_KEM +#ifndef WOLFSSL_NO_ML_KEM_768 + mlkemLevel = WOLFSSL_ML_KEM_768; +#elif !defined(WOLFSSL_NO_ML_KEM_1024) + mlkemLevel = WOLFSSL_ML_KEM_1024; +#else + mlkemLevel = WOLFSSL_ML_KEM_512; +#endif +#else +#ifndef WOLFSSL_NO_KYBER768 + mlkemLevel = WOLFSSL_KYBER_LEVEL3; +#elif !defined(WOLFSSL_NO_KYBER1024) + mlkemLevel = WOLFSSL_KYBER_LEVEL5; +#else + mlkemLevel = WOLFSSL_KYBER_LEVEL1; +#endif +#endif + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, mlkemLevel), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, mlkemLevel), + WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, mlkemLevel), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, mlkemLevel), + WOLFSSL_SUCCESS); +#endif +#endif + + ExpectIntEQ(wolfSSL_NoKeyShares(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS); +#endif +#endif /* HAVE_SUPPORTED_CURVES */ + + ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0); +#endif + + ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0); +#endif + + ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0); +#endif + + ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0); +#endif + + ExpectIntEQ(wolfSSL_update_keys(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_update_keys(clientSsl), + WC_NO_ERR_TRACE(BUILD_MSG_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_update_keys(serverSsl), + WC_NO_ERR_TRACE(BUILD_MSG_ERROR)); +#endif + + ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_key_update_response(NULL, &required), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + +#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0); +#endif + + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0); +#endif + + ExpectIntEQ(wolfSSL_request_certificate(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_request_certificate(clientSsl), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_request_certificate(serverTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_request_certificate(serverSsl), + WC_NO_ERR_TRACE(NOT_READY_ERROR)); +#endif +#endif + +#ifdef HAVE_ECC +#ifndef WOLFSSL_NO_SERVER_GROUPS_EXT + ExpectIntEQ(wolfSSL_preferred_group(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_preferred_group(serverSsl), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_preferred_group(clientSsl), + WC_NO_ERR_TRACE(NOT_READY_ERROR)); +#endif +#endif + +#ifdef HAVE_SUPPORTED_CURVES + ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, + WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, + WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + +#ifdef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList), + WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList), + WOLFSSL_SUCCESS); +#endif + + ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList), + WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList), + WOLFSSL_SUCCESS); +#endif +#endif /* OPENSSL_EXTRA */ +#endif /* HAVE_SUPPORTED_CURVES */ +#endif /* HAVE_ECC */ + +#ifdef WOLFSSL_EARLY_DATA +#ifndef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_CTX_get_max_early_data(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), + WC_NO_ERR_TRACE(SIDE_ERROR)); + ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#else + ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), + WC_NO_ERR_TRACE(SIDE_ERROR)); + ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 +#ifndef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#endif +#ifndef OPENSSL_EXTRA +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), + WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0); +#endif + ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32); +#else + ExpectIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1); + ExpectIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32); +#endif +#endif + +#ifndef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_get_max_early_data(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(SSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef OPENSSL_EXTRA +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), 0); +#endif + ExpectIntEQ(wolfSSL_get_max_early_data(clientSsl), 17); +#else + ExpectIntEQ(SSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_get_max_early_data(clientSsl), 17); +#endif +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 +#ifndef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#endif +#ifndef OPENSSL_EXTRA +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0); +#endif + ExpectIntEQ(wolfSSL_get_max_early_data(serverSsl), 16); +#else + ExpectIntEQ(SSL_set_max_early_data(serverSsl, 16), 1); + ExpectIntEQ(SSL_get_max_early_data(serverSsl), 16); +#endif +#endif + + + ExpectIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData), + &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData), + &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, + sizeof(earlyData), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_write_early_data(serverSsl, earlyData, + sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData, + sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, + sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#endif + + ExpectIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer, + sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_read_early_data(serverSsl, NULL, + sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1, + &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, + sizeof(earlyDataBuffer), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer, + sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer, + sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, + sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#endif +#endif + +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA) + ExpectIntLT(SSL_get_early_data_status(NULL), 0); +#endif + + +#ifndef NO_WOLFSSL_SERVER + wolfSSL_free(serverSsl); + wolfSSL_CTX_free(serverCtx); +#endif +#ifndef NO_WOLFSSL_CLIENT + wolfSSL_free(clientSsl); + wolfSSL_CTX_free(clientCtx); +#endif + +#ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_SERVER + wolfSSL_free(serverTls12Ssl); + wolfSSL_CTX_free(serverTls12Ctx); +#endif +#ifndef NO_WOLFSSL_CLIENT + wolfSSL_free(clientTls12Ssl); + wolfSSL_CTX_free(clientTls12Ctx); +#endif +#endif +#endif /* WOLFSSL_TLS13 */ + + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \ + !defined(NO_WOLFSSL_SERVER) && defined(HAVE_ECC) && \ + defined(BUILD_TLS_AES_128_GCM_SHA256) && \ + defined(BUILD_TLS_AES_256_GCM_SHA384) +/* Called when writing. */ +static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + (void)ssl; + (void)buf; + (void)sz; + (void)ctx; + + /* Force error return from wolfSSL_accept_TLSv13(). */ + return WANT_WRITE; +} +/* Called when reading. */ +static int CsRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx; + int len = (int)msg->length; + + (void)ssl; + (void)sz; + + /* Pass back as much of message as will fit in buffer. */ + if (len > sz) + len = sz; + XMEMCPY(buf, msg->buffer, len); + /* Move over returned data. */ + msg->buffer += len; + msg->length -= len; + + /* Amount actually copied. */ + return len; +} +#endif + +int test_tls13_cipher_suites(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \ + !defined(NO_WOLFSSL_SERVER) && defined(HAVE_ECC) && \ + defined(BUILD_TLS_AES_128_GCM_SHA256) && \ + defined(BUILD_TLS_AES_256_GCM_SHA384) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL *ssl = NULL; + int i; + byte clientHello[] = { + 0x16, 0x03, 0x03, 0x01, 0x9b, 0x01, 0x00, 0x01, + 0x97, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe, + 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55, + 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8, + 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c, + 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b, + 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda, + 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + /* Cipher suites: 0x13, 0x01 = TLS13-AES128-GCM-SHA256, twice. */ + 0x13, 0x01, + 0x13, 0x01, 0x01, 0x00, 0x01, 0x4a, 0x00, 0x2d, + 0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x33, 0x00, + 0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, + 0x90, 0xfc, 0xe2, 0x97, 0x05, 0x7c, 0xb5, 0x23, + 0x5d, 0x5f, 0x5b, 0xcd, 0x0c, 0x1e, 0xe0, 0xe9, + 0xab, 0x38, 0x6b, 0x1e, 0x20, 0x5c, 0x1c, 0x90, + 0x2a, 0x9e, 0x68, 0x8e, 0x70, 0x05, 0x10, 0xa8, + 0x02, 0x1b, 0xf9, 0x5c, 0xef, 0xc9, 0xaf, 0xca, + 0x1a, 0x3b, 0x16, 0x8b, 0xe4, 0x1b, 0x3c, 0x15, + 0xb8, 0x0d, 0xbd, 0xaf, 0x62, 0x8d, 0xa7, 0x13, + 0xa0, 0x7c, 0xe0, 0x59, 0x0c, 0x4f, 0x8a, 0x6d, + 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04, 0x00, + 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x03, 0x05, + 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, 0x08, + 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, + 0x09, 0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03, + 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00, + 0x02, 0x00, 0x17, 0x00, 0x16, 0x00, 0x00, 0x00, + 0x23, 0x00, 0x00, 0x00, 0x29, 0x00, 0xb9, 0x00, + 0x94, 0x00, 0x8e, 0x0f, 0x12, 0xfa, 0x84, 0x1f, + 0x76, 0x94, 0xd7, 0x09, 0x5e, 0xad, 0x08, 0x51, + 0xb6, 0x80, 0x28, 0x31, 0x8b, 0xfd, 0xc6, 0xbd, + 0x9e, 0xf5, 0x3b, 0x4d, 0x02, 0xbe, 0x1d, 0x73, + 0xea, 0x13, 0x68, 0x00, 0x4c, 0xfd, 0x3d, 0x48, + 0x51, 0xf9, 0x06, 0xbb, 0x92, 0xed, 0x42, 0x9f, + 0x7f, 0x2c, 0x73, 0x9f, 0xd9, 0xb4, 0xef, 0x05, + 0x26, 0x5b, 0x60, 0x5c, 0x0a, 0xfc, 0xa3, 0xbd, + 0x2d, 0x2d, 0x8b, 0xf9, 0xaa, 0x5c, 0x96, 0x3a, + 0xf2, 0xec, 0xfa, 0xe5, 0x57, 0x2e, 0x87, 0xbe, + 0x27, 0xc5, 0x3d, 0x4f, 0x5d, 0xdd, 0xde, 0x1c, + 0x1b, 0xb3, 0xcc, 0x27, 0x27, 0x57, 0x5a, 0xd9, + 0xea, 0x99, 0x27, 0x23, 0xa6, 0x0e, 0xea, 0x9c, + 0x0d, 0x85, 0xcb, 0x72, 0xeb, 0xd7, 0x93, 0xe3, + 0xfe, 0xf7, 0x5c, 0xc5, 0x5b, 0x75, 0x8c, 0x47, + 0x0a, 0x0e, 0xc4, 0x1a, 0xda, 0xef, 0x75, 0xe5, + 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0xfb, 0x92, 0xce, 0xaa, 0x00, 0x21, 0x20, + 0xcb, 0x73, 0x25, 0x80, 0x46, 0x78, 0x4f, 0xe5, + 0x34, 0xf6, 0x91, 0x13, 0x7f, 0xc8, 0x8d, 0xdc, + 0x81, 0x04, 0xb7, 0x0d, 0x49, 0x85, 0x2e, 0x12, + 0x7a, 0x07, 0x23, 0xe9, 0x13, 0xa4, 0x6d, 0x8c + }; + WOLFSSL_BUFFER_INFO msg; + /* Offset into ClientHello message data of first cipher suite. */ + const int csOff = 78; + /* Server cipher list. */ + const char* serverCs = "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256"; + /* Suite list with duplicates. */ + const char* dupCs = "TLS13-AES128-GCM-SHA256:" + "TLS13-AES128-GCM-SHA256:" + "TLS13-AES256-GCM-SHA384:" + "TLS13-AES256-GCM-SHA384:" + "TLS13-AES128-GCM-SHA256"; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) + const byte dupCsBytes[] = { TLS13_BYTE, TLS_AES_256_GCM_SHA384, + TLS13_BYTE, TLS_AES_256_GCM_SHA384, + TLS13_BYTE, TLS_AES_128_GCM_SHA256, + TLS13_BYTE, TLS_AES_128_GCM_SHA256, + TLS13_BYTE, TLS_AES_256_GCM_SHA384 }; +#endif + + /* Set up wolfSSL context. */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, + WOLFSSL_FILETYPE_PEM)); + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, CsRecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, CsSend); + + /* Test cipher suite list with many copies of a cipher suite. */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientHello; + msg.length = (unsigned int)sizeof(clientHello); + wolfSSL_SetIOReadCtx(ssl, &msg); + /* Force server to have as many occurrences of same cipher suite as + * possible. */ + if (ssl != NULL) { + Suites* suites = (Suites*)WOLFSSL_SUITES(ssl); + suites->suiteSz = WOLFSSL_MAX_SUITE_SZ; + for (i = 0; i < suites->suiteSz; i += 2) { + suites->suites[i + 0] = TLS13_BYTE; + suites->suites[i + 1] = TLS_AES_128_GCM_SHA256; + } + } + /* Test multiple occurrences of same cipher suite. */ + ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + wolfSSL_free(ssl); + ssl = NULL; + + /* Set client order opposite to server order: + * TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384 */ + clientHello[csOff + 0] = TLS13_BYTE; + clientHello[csOff + 1] = TLS_AES_128_GCM_SHA256; + clientHello[csOff + 2] = TLS13_BYTE; + clientHello[csOff + 3] = TLS_AES_256_GCM_SHA384; + + /* Test server order negotiation. */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientHello; + msg.length = (unsigned int)sizeof(clientHello); + wolfSSL_SetIOReadCtx(ssl, &msg); + /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */ + ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS); + /* Negotiate cipher suites in server order: TLS13-AES256-GCM-SHA384 */ + ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + /* Check refined order - server order. */ + ExpectIntEQ(ssl->suites->suiteSz, 4); + ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE); + ExpectIntEQ(ssl->suites->suites[1], TLS_AES_256_GCM_SHA384); + ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE); + ExpectIntEQ(ssl->suites->suites[3], TLS_AES_128_GCM_SHA256); + wolfSSL_free(ssl); + ssl = NULL; + + /* Test client order negotiation. */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientHello; + msg.length = (unsigned int)sizeof(clientHello); + wolfSSL_SetIOReadCtx(ssl, &msg); + /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */ + ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseClientSuites(ssl), 0); + /* Negotiate cipher suites in client order: TLS13-AES128-GCM-SHA256 */ + ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + /* Check refined order - client order. */ + ExpectIntEQ(ssl->suites->suiteSz, 4); + ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE); + ExpectIntEQ(ssl->suites->suites[1], TLS_AES_128_GCM_SHA256); + ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE); + ExpectIntEQ(ssl->suites->suites[3], TLS_AES_256_GCM_SHA384); + wolfSSL_free(ssl); + ssl = NULL; + + /* Check duplicate detection is working. */ + ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, dupCs), WOLFSSL_SUCCESS); + ExpectIntEQ(ctx->suites->suiteSz, 4); + ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE); + ExpectIntEQ(ctx->suites->suites[1], TLS_AES_128_GCM_SHA256); + ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE); + ExpectIntEQ(ctx->suites->suites[3], TLS_AES_256_GCM_SHA384); + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) + ExpectIntEQ(wolfSSL_CTX_set_cipher_list_bytes(ctx, dupCsBytes, + sizeof(dupCsBytes)), WOLFSSL_SUCCESS); + ExpectIntEQ(ctx->suites->suiteSz, 4); + ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE); + ExpectIntEQ(ctx->suites->suites[1], TLS_AES_256_GCM_SHA384); + ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE); + ExpectIntEQ(ctx->suites->suites[3], TLS_AES_128_GCM_SHA256); +#endif + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + + +#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\ + && !defined(NO_PSK) +static unsigned int test_tls13_bad_psk_binder_client_cb(WOLFSSL* ssl, + const char* hint, char* identity, unsigned int id_max_len, + unsigned char* key, unsigned int key_max_len) +{ + (void)ssl; + (void)hint; + (void)key_max_len; + + /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ + XSTRNCPY(identity, "Client_identity", id_max_len); + + key[0] = 0x20; + return 1; +} + +static unsigned int test_tls13_bad_psk_binder_server_cb(WOLFSSL* ssl, + const char* id, unsigned char* key, unsigned int key_max_len) +{ + (void)ssl; + (void)id; + (void)key_max_len; + /* zero means error */ + key[0] = 0x10; + return 1; +} +#endif + +int test_tls13_bad_psk_binder(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\ + && !defined(NO_PSK) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_ALERT_HISTORY h; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + + wolfSSL_set_psk_client_callback(ssl_c, test_tls13_bad_psk_binder_client_cb); + wolfSSL_set_psk_server_callback(ssl_s, test_tls13_bad_psk_binder_server_cb); + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ( wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WC_NO_ERR_TRACE(BAD_BINDER)); + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WC_NO_ERR_TRACE(FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_rx.code, illegal_parameter); + ExpectIntEQ(h.last_rx.level, alert_fatal); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + + +#if defined(HAVE_RPK) && !defined(NO_TLS) + +#define svrRpkCertFile "./certs/rpk/server-cert-rpk.der" +#define clntRpkCertFile "./certs/rpk/client-cert-rpk.der" + +#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13) +static int MyRpkVerifyCb(int mode, WOLFSSL_X509_STORE_CTX* strctx) +{ + int ret = WOLFSSL_SUCCESS; + (void)mode; + (void)strctx; + WOLFSSL_ENTER("MyRpkVerifyCb"); + return ret; +} +#endif /* WOLFSSL_ALWAYS_VERIFY_CB && WOLFSSL_TLS13 */ + +static WC_INLINE int test_rpk_memio_setup( + struct test_memio_ctx *ctx, + WOLFSSL_CTX **ctx_c, + WOLFSSL_CTX **ctx_s, + WOLFSSL **ssl_c, + WOLFSSL **ssl_s, + method_provider method_c, + method_provider method_s, + const char* certfile_c, int fmt_cc, /* client cert file path and format */ + const char* certfile_s, int fmt_cs, /* server cert file path and format */ + const char* pkey_c, int fmt_kc, /* client private key and format */ + const char* pkey_s, int fmt_ks /* server private key and format */ + ) +{ + int ret; + if (ctx_c != NULL && *ctx_c == NULL) { + *ctx_c = wolfSSL_CTX_new(method_c()); + if (*ctx_c == NULL) { + return -1; + } + wolfSSL_CTX_set_verify(*ctx_c, WOLFSSL_VERIFY_PEER, NULL); + + ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb); + wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb); + + ret = wolfSSL_CTX_use_certificate_file(*ctx_c, certfile_c, fmt_cc); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_c, pkey_c, fmt_kc); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + } + + if (ctx_s != NULL && *ctx_s == NULL) { + *ctx_s = wolfSSL_CTX_new(method_s()); + if (*ctx_s == NULL) { + return -1; + } + wolfSSL_CTX_set_verify(*ctx_s, WOLFSSL_VERIFY_PEER, NULL); + + ret = wolfSSL_CTX_load_verify_locations(*ctx_s, cliCertFile, 0); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + + ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, pkey_s, fmt_ks); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + ret = wolfSSL_CTX_use_certificate_file(*ctx_s, certfile_s, fmt_cs); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb); + wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb); + if (ctx->s_ciphers != NULL) { + ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + } + } + + if (ctx_c != NULL && ssl_c != NULL) { + *ssl_c = wolfSSL_new(*ctx_c); + if (*ssl_c == NULL) { + return -1; + } + wolfSSL_SetIOWriteCtx(*ssl_c, ctx); + wolfSSL_SetIOReadCtx(*ssl_c, ctx); + } + if (ctx_s != NULL && ssl_s != NULL) { + *ssl_s = wolfSSL_new(*ctx_s); + if (*ssl_s == NULL) { + return -1; + } + wolfSSL_SetIOWriteCtx(*ssl_s, ctx); + wolfSSL_SetIOReadCtx(*ssl_s, ctx); +#if !defined(NO_DH) + SetDH(*ssl_s); +#endif + } + + return 0; +} +#endif /* HAVE_RPK && !NO_TLS */ + + +int test_tls13_rpk_handshake(void) +{ + EXPECT_DECLS; +#if defined(HAVE_RPK) && (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)) +#ifdef WOLFSSL_TLS13 + int ret = 0; +#endif + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + int err; + char certType_c[MAX_CLIENT_CERT_TYPE_CNT]; + char certType_s[MAX_CLIENT_CERT_TYPE_CNT]; + int typeCnt_c; + int typeCnt_s; + int tp = 0; +#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13) + int isServer; +#endif + + (void)err; + (void)typeCnt_c; + (void)typeCnt_s; + (void)certType_c; + (void)certType_s; + +#ifndef WOLFSSL_NO_TLS12 + /* TLS1.2 + * Both client and server load x509 cert and start handshaking. + * Check no negotiation occurred. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, + cliCertFile, WOLFSSL_FILETYPE_PEM, + svrCertFile, WOLFSSL_FILETYPE_PEM, + cliKeyFile, WOLFSSL_FILETYPE_PEM, + svrKeyFile, WOLFSSL_FILETYPE_PEM) + , 0); + + + /* set client certificate type in client end */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + /* both client and server do not call client/server_cert_type APIs, + * expecting default settings works and no negotiation performed. + */ + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* confirm no negotiation occurred */ + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN); + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + (void)typeCnt_c; + (void)typeCnt_s; + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; +#endif + +#ifdef WOLFSSL_TLS13 + /* Both client and server load x509 cert and start handshaking. + * Check no negotiation occurred. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + cliCertFile, WOLFSSL_FILETYPE_PEM, + svrCertFile, WOLFSSL_FILETYPE_PEM, + cliKeyFile, WOLFSSL_FILETYPE_PEM, + svrKeyFile, WOLFSSL_FILETYPE_PEM ) + , 0); + + /* set client certificate type in client end */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + /* both client and server do not call client/server_cert_type APIs, + * expecting default settings works and no negotiation performed. + */ + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* confirm no negotiation occurred */ + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + (void)typeCnt_c; + (void)typeCnt_s; + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + + + /* Both client and server load RPK cert and start handshaking. + * Confirm negotiated cert types match as expected. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, + svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, + cliKeyFile, WOLFSSL_FILETYPE_PEM, + svrKeyFile, WOLFSSL_FILETYPE_PEM ) + , 0); + + /* set client certificate type in client end */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in client end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* set client certificate type in server end */ + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in server end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; +#endif + + +#ifndef WOLFSSL_NO_TLS12 + /* TLS1.2 + * Both client and server load RPK cert and start handshaking. + * Confirm negotiated cert types match as expected. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, + clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, + svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, + cliKeyFile, WOLFSSL_FILETYPE_PEM, + svrKeyFile, WOLFSSL_FILETYPE_PEM ) + , 0); + + /* set client certificate type in client end */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in client end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* set client certificate type in server end */ + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in server end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) + return TEST_FAIL; + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; +#endif + + +#ifdef WOLFSSL_TLS13 + /* Both client and server load x509 cert. + * Have client call set_client_cert_type with both RPK and x509. + * This doesn't makes client add client cert type extension to ClientHello, + * since it does not load RPK cert actually. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + cliCertFile, WOLFSSL_FILETYPE_PEM, + svrCertFile, WOLFSSL_FILETYPE_PEM, + cliKeyFile, WOLFSSL_FILETYPE_PEM, + svrKeyFile, WOLFSSL_FILETYPE_PEM ) + , 0); + + /* set client certificate type in client end + * + * client indicates both RPK and x509 certs are available but loaded RPK + * cert only. It does not have client add client-cert-type extension in CH. + */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* client indicates both RPK and x509 certs are acceptable */ + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* server indicates both RPK and x509 certs are acceptable */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* server should indicate only RPK cert is available */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = -1; + typeCnt_s = 1; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) + return TEST_FAIL; + + /* Negotiation for client-cert-type should NOT happen. Therefore -1 should + * be returned as cert type. + */ + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + + + /* Have client load RPK cert and have server load x509 cert. + * Check the negotiation result from both ends. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, + svrCertFile, WOLFSSL_FILETYPE_PEM, + cliKeyFile, WOLFSSL_FILETYPE_PEM, + svrKeyFile, WOLFSSL_FILETYPE_PEM ) + , 0); + + /* have client tell to use RPK cert */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = -1; + typeCnt_c = 1; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* have client tell to accept both RPK and x509 cert */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* have server accept to both RPK and x509 cert */ + certType_c[0] = WOLFSSL_CERT_TYPE_X509; + certType_c[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_c = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* does not call wolfSSL_set_server_cert_type intentionally in sesrver + * end, expecting the default setting works. + */ + + + if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) + return TEST_FAIL; + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + + + /* Have both client and server load RPK cert, however, have server + * indicate its cert type x509. + * Client is expected to detect the cert type mismatch then to send alert + * with "unsupported_certificate". + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, + svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, /* server sends RPK cert */ + cliKeyFile, WOLFSSL_FILETYPE_PEM, + svrKeyFile, WOLFSSL_FILETYPE_PEM ) + , 0); + + /* have client tell to use RPK cert */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = -1; + typeCnt_c = 1; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* have client tell to accept both RPK and x509 cert */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* have server accept to both RPK and x509 cert */ + certType_c[0] = WOLFSSL_CERT_TYPE_X509; + certType_c[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_c = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* have server tell to use x509 cert intentionally. This will bring + * certificate type mismatch in client side. + */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = -1; + typeCnt_s = 1; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* expect client detect cert type mismatch then send Alert */ + ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); + if (ret != -1) + return TEST_FAIL; + + ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), + WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE)); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + + + /* Have client load x509 cert and server load RPK cert, + * however, have client indicate its cert type RPK. + * Server is expected to detect the cert type mismatch then to send alert + * with "unsupported_certificate". + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + cliCertFile, WOLFSSL_FILETYPE_PEM, + svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, + cliKeyFile, WOLFSSL_FILETYPE_PEM, + svrKeyFile, WOLFSSL_FILETYPE_PEM ) + , 0); + + /* have client tell to use RPK cert intentionally */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = -1; + typeCnt_c = 1; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* have client tell to accept both RPK and x509 cert */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* have server accept to both RPK and x509 cert */ + certType_c[0] = WOLFSSL_CERT_TYPE_X509; + certType_c[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_c = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* have server tell to use x509 cert intentionally. This will bring + * certificate type mismatch in client side. + */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = -1; + typeCnt_s = 1; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); + + /* expect server detect cert type mismatch then send Alert */ + ExpectIntNE(ret, 0); + err = wolfSSL_get_error(ssl_c, ret); + ExpectIntEQ(err, WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE)); + + /* client did not load RPK cert actually, so negotiation did not happen */ + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + /* client did not load RPK cert actually, so negotiation did not happen */ + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + + +#if defined(WOLFSSL_ALWAYS_VERIFY_CB) + /* Both client and server load RPK cert and set certificate verify + * callbacks then start handshaking. + * Confirm both side can refer the peer's cert. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, + svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, + cliKeyFile, WOLFSSL_FILETYPE_PEM, + svrKeyFile, WOLFSSL_FILETYPE_PEM ) + , 0); + + /* set client certificate type in client end */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in client end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* set client certificate type in server end */ + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in server end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* set certificate verify callback to both client and server */ + isServer = 0; + wolfSSL_SetCertCbCtx(ssl_c, &isServer); + wolfSSL_set_verify(ssl_c, SSL_VERIFY_PEER, MyRpkVerifyCb); + + isServer = 1; + wolfSSL_SetCertCbCtx(ssl_c, &isServer); + wolfSSL_set_verify(ssl_s, SSL_VERIFY_PEER, MyRpkVerifyCb); + + ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); + if (ret != 0) + return TEST_FAIL; + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; +#endif /* WOLFSSL_ALWAYS_VERIFY_CB */ +#endif /* WOLFSSL_TLS13 */ + +#endif /* HAVE_RPK && (!WOLFSSL_NO_TLS12 || WOLFSSL_TLS13) */ + return EXPECT_RESULT(); +} + + +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_HAVE_MLKEM) +static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx) +{ +#ifdef WOLFSSL_MLKEM_KYBER + int group = WOLFSSL_KYBER_LEVEL5; +#else + int group = WOLFSSL_ML_KEM_1024; +#endif + AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS); +} + +static void test_tls13_pq_groups_on_result(WOLFSSL* ssl) +{ +#ifdef WOLFSSL_MLKEM_KYBER + AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5"); +#else + AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024"); +#endif +} +#endif + +int test_tls13_pq_groups(void) +{ + EXPECT_DECLS; +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_HAVE_MLKEM) + callback_functions func_cb_client; + callback_functions func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); + XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); + + func_cb_client.method = wolfTLSv1_3_client_method; + func_cb_server.method = wolfTLSv1_3_server_method; + func_cb_client.ctx_ready = test_tls13_pq_groups_ctx_ready; + func_cb_client.on_result = test_tls13_pq_groups_on_result; + func_cb_server.on_result = test_tls13_pq_groups_on_result; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS); + ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +int test_tls13_early_data(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_EARLY_DATA) && defined(HAVE_SESSION_TICKET) + int written = 0; + int read = 0; + size_t i; + int splitEarlyData; + char msg[] = "This is early data"; + char msg2[] = "This is client data"; + char msg3[] = "This is server data"; + char msg4[] = "This is server immediate data"; + char msgBuf[50]; + struct { + method_provider client_meth; + method_provider server_meth; + const char* tls_version; + int isUdp; + } params[] = { +#ifdef WOLFSSL_TLS13 + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + "TLS 1.3", 0 }, +#endif +#ifdef WOLFSSL_DTLS13 + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + "DTLS 1.3", 1 }, +#endif + }; + + for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) { + for (splitEarlyData = 0; splitEarlyData < 2; splitEarlyData++) { + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + WOLFSSL_SESSION *sess = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + fprintf(stderr, "\tEarly data with %s\n", params[i].tls_version); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, params[i].client_meth, params[i].server_meth), 0); + + /* Get a ticket so that we can do 0-RTT on the next connection */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + /* Make sure we read the ticket */ + ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(sess = wolfSSL_get1_session(ssl_c)); + + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, params[i].client_meth, params[i].server_meth), 0); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS); +#ifdef WOLFSSL_DTLS13 + if (params[i].isUdp) { + wolfSSL_SetLoggingPrefix("server"); +#ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME + ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), + WOLFSSL_SUCCESS); +#else + /* Let's test this but we generally don't recommend turning off + * the cookie exchange */ + ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS); +#endif + } +#endif + + /* Test 0-RTT data */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg), + &written), sizeof(msg)); + ExpectIntEQ(written, sizeof(msg)); + + if (splitEarlyData) { + ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg), + &written), sizeof(msg)); + ExpectIntEQ(written, sizeof(msg)); + } + + /* Read first 0-RTT data (if split otherwise entire data) */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf), + &read), sizeof(msg)); + ExpectIntEQ(read, sizeof(msg)); + ExpectStrEQ(msg, msgBuf); + + /* Test 0.5-RTT data */ + ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4)); + + if (splitEarlyData) { + /* Read second 0-RTT data */ + ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, + sizeof(msgBuf), &read), sizeof(msg)); + ExpectIntEQ(read, sizeof(msg)); + ExpectStrEQ(msg, msgBuf); + } + + if (params[i].isUdp) { + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), + WC_NO_ERR_TRACE(APP_DATA_READY)); + + /* Read server 0.5-RTT data */ + ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), + sizeof(msg4)); + ExpectStrEQ(msg4, msgBuf); + + /* Complete handshake */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), + WOLFSSL_ERROR_WANT_READ); + /* Use wolfSSL_is_init_finished to check if handshake is + * complete. Normally a user would loop until it is true but + * here we control both sides so we just assert the expected + * value. wolfSSL_read_early_data does not provide handshake + * status to us with non-blocking IO and we can't use + * wolfSSL_accept as TLS layer may return ZERO_RETURN due to + * early data parsing logic. */ + wolfSSL_SetLoggingPrefix("server"); + ExpectFalse(wolfSSL_is_init_finished(ssl_s)); + ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, + sizeof(msgBuf), &read), 0); + ExpectIntEQ(read, 0); + ExpectTrue(wolfSSL_is_init_finished(ssl_s)); + + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + } + else { + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + + wolfSSL_SetLoggingPrefix("server"); + ExpectFalse(wolfSSL_is_init_finished(ssl_s)); + ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, + sizeof(msgBuf), &read), 0); + ExpectIntEQ(read, 0); + ExpectTrue(wolfSSL_is_init_finished(ssl_s)); + + /* Read server 0.5-RTT data */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), + sizeof(msg4)); + ExpectStrEQ(msg4, msgBuf); + } + + /* Test bi-directional write */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2)); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), + sizeof(msg2)); + ExpectStrEQ(msg2, msgBuf); + ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3)); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), + sizeof(msg3)); + ExpectStrEQ(msg3, msgBuf); + + wolfSSL_SetLoggingPrefix(NULL); + ExpectTrue(wolfSSL_session_reused(ssl_c)); + ExpectTrue(wolfSSL_session_reused(ssl_s)); + + wolfSSL_SESSION_free(sess); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } + } +#endif + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_tls13.h b/tests/api/test_tls13.h new file mode 100644 index 0000000000..10997ab398 --- /dev/null +++ b/tests/api/test_tls13.h @@ -0,0 +1,42 @@ +/* test_tls13.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_TLS13_H +#define WOLFCRYPT_TEST_TLS13_H + +#include + +int test_tls13_apis(void); +int test_tls13_cipher_suites(void); +int test_tls13_bad_psk_binder(void); +int test_tls13_rpk_handshake(void); +int test_tls13_pq_groups(void); +int test_tls13_early_data(void); + +#define TEST_TLS13_DECLS \ + TEST_DECL_GROUP("tls13", test_tls13_apis), \ + TEST_DECL_GROUP("tls13", test_tls13_cipher_suites), \ + TEST_DECL_GROUP("tls13", test_tls13_bad_psk_binder), \ + TEST_DECL_GROUP("tls13", test_tls13_rpk_handshake), \ + TEST_DECL_GROUP("tls13", test_tls13_pq_groups), \ + TEST_DECL_GROUP("tls13", test_tls13_early_data) + +#endif /* WOLFCRYPT_TEST_TLS13_H */ From fa61187f2e375bfb3f2eef1cc5515e6c8341bcd1 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 25 Aug 2025 21:59:32 -0500 Subject: [PATCH 08/95] linuxkm/module_hooks.c: in IntelRDseed64_r(), burn buf after each use to protect against info leakage. --- linuxkm/module_hooks.c | 1 + 1 file changed, 1 insertion(+) diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 3a1dadcc71..4f082cb8f5 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -323,6 +323,7 @@ static WC_INLINE int IntelRDseed64_r(word64* rnd) WC_SANITIZE_DISABLE(); *rnd ^= buf; /* deliberately retain any garbage passed in the dest buffer. */ WC_SANITIZE_ENABLE(); + buf = 0; } return 0; } From 5934c1eecedc0f4776993e008dc0e2203a59d774 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 13 Aug 2025 20:10:48 +0200 Subject: [PATCH 09/95] Fix test_wolfSSL_tls_export - Add TLS_EXPORT_OPT_SZ_4 to specify previous option size - Actually pick up failures in the tests and propagate them to the top level - Tests v4 and v5 sessions Fixes https://github.com/wolfSSL/wolfssl/issues/9081 and https://github.com/wolfSSL/wolfssl/pull/9082 --- src/internal.c | 2 +- tests/api.c | 122 ++++++++++++++++++++++++++++++++------------- wolfssl/internal.h | 3 +- 3 files changed, 89 insertions(+), 38 deletions(-) diff --git a/src/internal.c b/src/internal.c index b817bbfa83..ca749e5f72 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1911,7 +1911,7 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf, optSz = DTLS_EXPORT_OPT_SZ_4; } else { - optSz = TLS_EXPORT_OPT_SZ; + optSz = TLS_EXPORT_OPT_SZ_4; } break; diff --git a/tests/api.c b/tests/api.c index dac4590cd1..0d38f35a28 100644 --- a/tests/api.c +++ b/tests/api.c @@ -10955,7 +10955,7 @@ static int test_wolfSSL_dtls_export(void) #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) #ifdef WOLFSSL_TLS13 -static const byte canned_client_tls13_session[] = { +static const byte canned_client_tls13_session_v4[] = { 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00, 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01, @@ -10994,6 +10994,33 @@ static const byte canned_client_tls13_session[] = { 0x00, 0x03 }; +static const byte canned_client_tls13_session_v5[] = { + 0xa7, 0xa5, 0x01, 0x19, 0x00, 0x42, 0x00, 0x00, 0x01, 0x00, 0x00, 0x80, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1c, 0x01, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x01, 0x0a, 0x0f, 0x10, + 0x01, 0x02, 0x09, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x04, + 0x00, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, + 0x00, 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4f, 0x18, 0xd8, 0xc1, 0x24, + 0xd8, 0xbb, 0x17, 0x9e, 0x31, 0xa3, 0xf8, 0xa7, 0x3c, 0xba, 0xec, 0xfa, + 0xb4, 0x7f, 0xc5, 0x78, 0xeb, 0x6d, 0xe3, 0x2b, 0x7b, 0x94, 0xbe, 0x20, + 0x11, 0x7e, 0x17, 0x10, 0xa7, 0x10, 0x19, 0xec, 0x62, 0xcc, 0xbe, 0xf5, + 0x01, 0x35, 0x3c, 0xea, 0xef, 0x44, 0x3c, 0x40, 0xa2, 0xbc, 0x18, 0x43, + 0xa1, 0xa1, 0x65, 0x5c, 0x48, 0xe2, 0xf9, 0x38, 0xeb, 0x11, 0x10, 0x72, + 0x7c, 0x78, 0x22, 0x13, 0x3b, 0x19, 0x40, 0xf0, 0x73, 0xbe, 0x96, 0x14, + 0x78, 0x26, 0xb9, 0x6b, 0x2e, 0x72, 0x22, 0x0d, 0x90, 0x94, 0xdd, 0x78, + 0x77, 0xfc, 0x0c, 0x2e, 0x63, 0x6e, 0xf0, 0x0c, 0x35, 0x41, 0xcd, 0xf3, + 0x49, 0x31, 0x08, 0xd0, 0x6f, 0x02, 0x3d, 0xc1, 0xd3, 0xb7, 0xee, 0x3a, + 0xa0, 0x8e, 0xa1, 0x4d, 0xc3, 0x2e, 0x5e, 0x06, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x0c, 0x35, 0x41, 0xcd, 0xf3, 0x49, 0x31, 0x08, + 0xd0, 0x6f, 0x02, 0x3d, 0xc1, 0xd3, 0xb7, 0xee, 0x3a, 0xa0, 0x8e, 0xa1, + 0x4d, 0xc3, 0x2e, 0x5e, 0x06, 0x00, 0x10, 0x00, 0x10, 0x00, 0x0c, 0x00, + 0x10, 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20, 0x28, 0x00, 0x00, + 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 +}; + static const byte canned_server_tls13_session[] = { 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00, 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, @@ -11034,7 +11061,7 @@ static const byte canned_server_tls13_session[] = { }; #endif /* WOLFSSL_TLS13 */ -static const byte canned_client_session[] = { +static const byte canned_client_session_v4[] = { 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01, @@ -11078,6 +11105,36 @@ static const byte canned_client_session[] = { 0x00, 0x03 }; +static const byte canned_client_session_v5[] = { + 0xa7, 0xa5, 0x01, 0x41, 0x00, 0x42, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x27, 0x0a, 0x0d, 0x10, + 0x01, 0x01, 0x0a, 0x00, 0x05, 0x00, 0x01, 0x01, 0x01, 0x01, 0x03, 0x03, + 0x00, 0xbf, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, + 0x00, 0x0a, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6d, 0x97, 0x15, 0x6e, + 0x52, 0x27, 0xd6, 0x1d, 0x1d, 0xf5, 0x0d, 0x59, 0xa5, 0xac, 0x2e, 0x8c, + 0x0e, 0xcb, 0x26, 0x1e, 0xe2, 0xce, 0xbb, 0xce, 0xe1, 0x7d, 0xd7, 0xef, + 0xa5, 0x44, 0x80, 0x2a, 0xde, 0xbb, 0x75, 0xb0, 0x1d, 0x75, 0x17, 0x20, + 0x4c, 0x08, 0x05, 0x1b, 0xba, 0x60, 0x1f, 0x6c, 0x91, 0x8c, 0xaa, 0xbb, + 0xe5, 0xa3, 0x0b, 0x12, 0x3e, 0xc0, 0x35, 0x43, 0x1d, 0xe2, 0x10, 0xe2, + 0x02, 0x92, 0x4b, 0x8f, 0x05, 0xa9, 0x4b, 0xcc, 0x90, 0xc3, 0x0e, 0xc2, + 0x0f, 0xe9, 0x33, 0x85, 0x9b, 0x3c, 0x19, 0x21, 0xd5, 0x62, 0xe5, 0xe1, + 0x17, 0x8f, 0x8c, 0x19, 0x52, 0xd8, 0x59, 0x10, 0x2d, 0x20, 0x6f, 0xba, + 0xc1, 0x1c, 0xd1, 0x82, 0xc7, 0x32, 0x1b, 0xbb, 0xcc, 0x30, 0x03, 0xd7, + 0x3a, 0xc8, 0x18, 0xed, 0x58, 0xc8, 0x11, 0xfe, 0x71, 0x9c, 0x71, 0xd8, + 0x6b, 0xe0, 0x25, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00, 0x06, + 0x01, 0x04, 0x08, 0x01, 0x20, 0x28, 0x00, 0x09, 0xe1, 0x50, 0x70, 0x02, + 0x2f, 0x7e, 0xda, 0xbd, 0x40, 0xc5, 0x58, 0x87, 0xce, 0x43, 0xf3, 0xc5, + 0x8f, 0xa1, 0x59, 0x93, 0xef, 0x7e, 0xd3, 0xd0, 0xb5, 0x87, 0x1d, 0x81, + 0x54, 0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 +}; + static const byte canned_server_session[] = { 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, @@ -11123,7 +11180,6 @@ static const byte canned_server_session[] = { 0x00, 0x04 }; - static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args) { SOCKET_T sockfd = 0; @@ -11263,7 +11319,9 @@ static void load_tls13_canned_server(WOLFSSL* ssl) /* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ -static int test_wolfSSL_tls_export_run(int v) +static int test_wolfSSL_tls_export_run(method_provider server_method, + method_provider client_method, ssl_callback ssl_ready, + const byte* clientSession, int clientSessionSz, int cmpSess) { EXPECT_DECLS; SOCKET_T sockfd = 0; @@ -11273,8 +11331,6 @@ static int test_wolfSSL_tls_export_run(int v) char reply[1024]; word32 replySz; int msgSz = (int)XSTRLEN(msg); - const byte* clientSession = NULL; - int clientSessionSz = 0; tcp_ready ready; func_args server_args; @@ -11294,29 +11350,9 @@ static int test_wolfSSL_tls_export_run(int v) XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); - switch (v) { - case WOLFSSL_TLSV1_2: - server_cbf.method = wolfTLSv1_2_server_method; - server_cbf.ssl_ready = load_tls12_canned_server; - - /* setup the client side */ - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); - wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"); - clientSession = canned_client_session; - clientSessionSz = sizeof(canned_client_session); - break; - #ifdef WOLFSSL_TLS13 - case WOLFSSL_TLSV1_3: - server_cbf.method = wolfTLSv1_3_server_method; - server_cbf.ssl_ready = load_tls13_canned_server; - - /* setup the client side */ - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); - clientSession = canned_client_tls13_session; - clientSessionSz = sizeof(canned_client_tls13_session); - break; - #endif - } + server_cbf.method = server_method; + server_cbf.ssl_ready = ssl_ready; + ExpectNotNull(ctx = wolfSSL_CTX_new(client_method())); server_args.callbacks = &server_cbf; server_args.signal = &ready; @@ -11335,8 +11371,11 @@ static int test_wolfSSL_tls_export_run(int v) replySz = sizeof(reply); ExpectIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0); #if !defined(NO_PSK) && defined(HAVE_ANON) - /* index 20 has is setting if PSK was on and 49 is if anon is allowed */ - ExpectIntEQ(XMEMCMP(reply, clientSession, replySz), 0); + if (cmpSess) { + /* index 20 has is setting if PSK was on and 49 is if anon is allowed */ + ExpectIntEQ(replySz, clientSessionSz); + ExpectBufEQ(reply, clientSession, replySz); + } #endif wolfSSL_set_fd(ssl, sockfd); @@ -11372,16 +11411,27 @@ static int test_wolfSSL_tls_export_run(int v) static int test_wolfSSL_tls_export(void) { - int res = TEST_SKIPPED; + EXPECT_DECLS; #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) - test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_2_server_method, + wolfTLSv1_2_client_method, load_tls12_canned_server, + canned_client_session_v4, sizeof(canned_client_session_v4), 0)); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_2_server_method, + wolfTLSv1_2_client_method, load_tls12_canned_server, + canned_client_session_v5, sizeof(canned_client_session_v5), 1)); #ifdef WOLFSSL_TLS13 - test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_3_server_method, + wolfTLSv1_3_client_method, load_tls13_canned_server, + canned_client_tls13_session_v4, sizeof(canned_client_tls13_session_v4), + 0)); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_3_server_method, + wolfTLSv1_3_client_method, load_tls13_canned_server, + canned_client_tls13_session_v5, sizeof(canned_client_tls13_session_v5), + 1)); #endif - res = TEST_RES_CHECK(1); #endif - return res; + return EXPECT_RESULT(); } /*----------------------------------------------------------------------------* diff --git a/wolfssl/internal.h b/wolfssl/internal.h index f9ed298f3d..9a74454311 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1713,7 +1713,8 @@ enum Misc { TLS_EXPORT_PRO = 167,/* wolfSSL protocol for serialized TLS */ DTLS_EXPORT_OPT_SZ = 62, /* amount of bytes used from Options */ DTLS_EXPORT_OPT_SZ_4 = 61, /* amount of bytes used from Options */ - TLS_EXPORT_OPT_SZ = 65, /* amount of bytes used from Options */ + TLS_EXPORT_OPT_SZ = 66, /* amount of bytes used from Options */ + TLS_EXPORT_OPT_SZ_4 = 65, /* amount of bytes used from Options */ DTLS_EXPORT_OPT_SZ_3 = 60, /* amount of bytes used from Options */ DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), /* max amount of bytes used from Keys */ From d26b2811e02521d39b5bc2eb3c18bf77c0c781c0 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 26 Aug 2025 16:40:17 +0200 Subject: [PATCH 10/95] test_wolfSSL_tls_export_run: silence unused cmpSess warning --- tests/api.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/api.c b/tests/api.c index 0d38f35a28..5714ed0fa7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -11341,6 +11341,8 @@ static int test_wolfSSL_tls_export_run(method_provider server_method, fdOpenSession(Task_self()); #endif + (void)cmpSess; + InitTcpReady(&ready); #if defined(USE_WINDOWS_API) From 79a75d1ef2cd4d85ba453242a549aa5c029aff2a Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 26 Aug 2025 11:07:40 -0500 Subject: [PATCH 11/95] linuxkm/module_hooks.c: in wc_linuxkm_normalize_relocations(), allow non-text relocations 1 byte outside the destination segment, and when DEBUG_LINUXKM_PIE_SUPPORT, tally the relocation counts by segment for final info report; linuxkm/module_hooks.c and linuxkm/linuxkm_wc_port.h: tweak gating on wc_linuxkm_normalize_relocations() and related -- ifdef HAVE_LINUXKM_PIE_SUPPORT, not ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE -- for consistency+clarity. --- linuxkm/linuxkm_wc_port.h | 18 ++++---- linuxkm/module_hooks.c | 95 ++++++++++++++++++++++++++++----------- 2 files changed, 78 insertions(+), 35 deletions(-) diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 7d2d2d3a42..197b9176a2 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -653,14 +653,7 @@ #error "compiling -fPIE requires PIE redirect table." #endif - #ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE - -#ifdef CONFIG_MIPS - #undef __ARCH_MEMCMP_NO_REDIRECT - #undef memcmp - extern int memcmp(const void *s1, const void *s2, size_t n); -#endif - + #ifdef HAVE_LINUXKM_PIE_SUPPORT extern const u8 __wc_text_start[], __wc_text_end[], @@ -677,6 +670,15 @@ size_t text_in_len, u8 *text_out, ssize_t *cur_index_p); + #endif /* HAVE_LINUXKM_PIE_SUPPORT */ + + #ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE + +#ifdef CONFIG_MIPS + #undef __ARCH_MEMCMP_NO_REDIRECT + #undef memcmp + extern int memcmp(const void *s1, const void *s2, size_t n); +#endif struct wolfssl_linuxkm_pie_redirect_table { typeof(wc_linuxkm_normalize_relocations) *wc_linuxkm_normalize_relocations; diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 3a1dadcc71..f3634318cd 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -108,6 +108,9 @@ static unsigned int hash_span(char *start, char *end) { return sum; } +static int total_text_r = 0, total_rodata_r = 0, total_rwdata_r = 0, + total_bss_r = 0, total_other_r = 0; + #endif /* DEBUG_LINUXKM_PIE_SUPPORT */ #ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE @@ -433,6 +436,16 @@ static int wolfssl_init(void) rodata_hash, pie_rodata_end-pie_rodata_start, pie_text_start < pie_rodata_start ? '+' : '-', pie_text_start < pie_rodata_start ? pie_rodata_start - pie_text_start : pie_text_start - pie_rodata_start); + pr_info("wolfCrypt segments: text=%x-%x, rodata=%x-%x, " + "rwdata=%x-%x, bss=%x-%x\n", + (unsigned)(uintptr_t)__wc_text_start, + (unsigned)(uintptr_t)__wc_text_end, + (unsigned)(uintptr_t)__wc_rodata_start, + (unsigned)(uintptr_t)__wc_rodata_end, + (unsigned)(uintptr_t)__wc_rwdata_start, + (unsigned)(uintptr_t)__wc_rwdata_end, + (unsigned)(uintptr_t)__wc_bss_start, + (unsigned)(uintptr_t)__wc_bss_end); } #endif /* HAVE_LINUXKM_PIE_SUPPORT && DEBUG_LINUXKM_PIE_SUPPORT */ @@ -443,7 +456,19 @@ static int wolfssl_init(void) pr_err("ERROR: wolfCrypt_SetCb_fips() failed: %s\n", wc_GetErrorString(ret)); return -ECANCELED; } + +#if defined(HAVE_LINUXKM_PIE_SUPPORT) && defined(DEBUG_LINUXKM_PIE_SUPPORT) + total_text_r = total_rodata_r = total_rwdata_r = total_bss_r = + total_other_r = 0; +#endif + fipsEntry(); + +#if defined(HAVE_LINUXKM_PIE_SUPPORT) && defined(DEBUG_LINUXKM_PIE_SUPPORT) + pr_info("relocation normalizations: text=%d, rodata=%d, rwdata=%d, bss=%d, other=%d\n", + total_text_r, total_rodata_r, total_rwdata_r, total_bss_r, total_other_r); +#endif + ret = wolfCrypt_GetStatus_fips(); if (ret != 0) { pr_err("ERROR: wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret)); @@ -638,20 +663,7 @@ MODULE_AUTHOR("https://www.wolfssl.com/"); MODULE_DESCRIPTION("libwolfssl cryptographic and protocol facilities"); MODULE_VERSION(LIBWOLFSSL_VERSION_STRING); -#ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE - -/* get_current() is an inline or macro, depending on the target -- sidestep the whole issue with a wrapper func. */ -static struct task_struct *my_get_current_thread(void) { - return get_current(); -} - -/* preempt_count() is an inline function in arch/x86/include/asm/preempt.h that - * accesses __preempt_count, which is an int array declared with - * DECLARE_PER_CPU_CACHE_HOT. - */ -static int my_preempt_count(void) { - return preempt_count(); -} +#ifdef HAVE_LINUXKM_PIE_SUPPORT #include "linuxkm/wc_linuxkm_pie_reloc_tab.c" @@ -773,35 +785,40 @@ ssize_t wc_linuxkm_normalize_relocations( #endif continue; } - else if ((abs_ptr >= (uintptr_t)__wc_rodata_start) && - (abs_ptr <= (uintptr_t)__wc_rodata_end)) + /* for the rodata, rwdata, and bss segments, recognize dest addrs one + * byte outside the segment -- the compiler occasionally generates + * these, e.g. __wc_rwdata_start - 1 in DoInCoreCheck() in kernel 6.1 + * build of FIPS v5. + */ + else if ((abs_ptr >= (uintptr_t)__wc_rodata_start - 1) && + (abs_ptr <= (uintptr_t)__wc_rodata_end + 1)) { #ifdef DEBUG_LINUXKM_PIE_SUPPORT ++n_rodata_r; #endif - reloc_buf -= (int)((uintptr_t)__wc_rodata_start - + reloc_buf -= (int)((uintptr_t)__wc_rodata_start - 1 - (uintptr_t)__wc_text_start); - reloc_buf |= WC_RODATA_TAG; + reloc_buf ^= WC_RODATA_TAG; } - else if ((abs_ptr >= (uintptr_t)__wc_rwdata_start) && - (abs_ptr <= (uintptr_t)__wc_rwdata_end)) + else if ((abs_ptr >= (uintptr_t)__wc_rwdata_start - 1) && + (abs_ptr <= (uintptr_t)__wc_rwdata_end + 1)) { #ifdef DEBUG_LINUXKM_PIE_SUPPORT ++n_rwdata_r; #endif - reloc_buf -= (int)((uintptr_t)__wc_rwdata_start - + reloc_buf -= (int)((uintptr_t)__wc_rwdata_start - 1 - (uintptr_t)__wc_text_start); - reloc_buf |= WC_RWDATA_TAG; + reloc_buf ^= WC_RWDATA_TAG; } - else if ((abs_ptr >= (uintptr_t)__wc_bss_start) && - (abs_ptr <= (uintptr_t)__wc_bss_end)) + else if ((abs_ptr >= (uintptr_t)__wc_bss_start - 1) && + (abs_ptr <= (uintptr_t)__wc_bss_end + 1)) { #ifdef DEBUG_LINUXKM_PIE_SUPPORT ++n_bss_r; #endif - reloc_buf -= (int)((uintptr_t)__wc_bss_start - + reloc_buf -= (int)((uintptr_t)__wc_bss_start - 1 - (uintptr_t)__wc_text_start); - reloc_buf |= WC_BSS_TAG; + reloc_buf ^= WC_BSS_TAG; } else { /* relocation referring to non-wolfcrypt segment -- these can only @@ -833,6 +850,12 @@ ssize_t wc_linuxkm_normalize_relocations( } #ifdef DEBUG_LINUXKM_PIE_SUPPORT + total_text_r += n_text_r; + total_rodata_r += n_rodata_r; + total_rwdata_r += n_rwdata_r; + total_bss_r += n_bss_r; + total_other_r += n_other_r; + if (n_other_r > 0) pr_notice("text_in=%x relocs=%d/%d/%d/%d/%d ret = %zu\n", (unsigned)(uintptr_t)text_in, n_text_r, n_rodata_r, @@ -846,6 +869,25 @@ ssize_t wc_linuxkm_normalize_relocations( return text_in_len; } +#endif /* HAVE_LINUXKM_PIE_SUPPORT */ + +#ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE + +/* get_current() is an inline or macro, depending on the target -- sidestep the + * whole issue with a wrapper func. + */ +static struct task_struct *my_get_current_thread(void) { + return get_current(); +} + +/* preempt_count() is an inline function in arch/x86/include/asm/preempt.h that + * accesses __preempt_count, which is an int array declared with + * DECLARE_PER_CPU_CACHE_HOT. + */ +static int my_preempt_count(void) { + return preempt_count(); +} + static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { memset( &wolfssl_linuxkm_pie_redirect_table, @@ -1130,7 +1172,6 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { #endif /* USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */ - #ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE #include From 797c1d00ace5a73d30f0bdc77a5ed86b81ea6a90 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 26 Aug 2025 14:38:23 -0700 Subject: [PATCH 12/95] Fix workflow for latest ESP-IDF for espressif examples --- .../ESP-IDF/examples/template/CMakeLists.txt | 23 +++++++++++++++++++ .../examples/wolfssl_benchmark/CMakeLists.txt | 23 +++++++++++++++++++ .../examples/wolfssl_client/CMakeLists.txt | 23 +++++++++++++++++++ .../examples/wolfssl_server/CMakeLists.txt | 23 +++++++++++++++++++ .../examples/wolfssl_test/CMakeLists.txt | 23 +++++++++++++++++++ .../src/port/Espressif/esp_sdk_mem_lib.c | 12 ++++++++++ 6 files changed, 127 insertions(+) diff --git a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt index 61110a1507..feacf8c429 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt @@ -7,6 +7,19 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}") cmake_minimum_required(VERSION 3.16) +# For the main project using ESP-IDF version 6 or greater. +# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered +# So we'll allow long calls with the `-mlongcalls` compiler option for all components. +if(IDF_VERSION_MAJOR GREATER_EQUAL 6) + if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3") + message(STATUS "Adding mlongcalls") + add_compile_options(-mlongcalls) + add_link_options(-mlongcalls) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlongcalls") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mlongcalls") + endif() +endif() + # Optional no watchdog typically used for test & benchmark if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1") @@ -144,5 +157,15 @@ endif() include($ENV{IDF_PATH}/tools/cmake/project.cmake) +# Once the project is loaded, next check for ESP-IDF version 6 or greater. +# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered +# So we'll allow long calls with the `-mlongcalls` compiler option for all components. +if(IDF_VERSION_MAJOR GREATER_EQUAL 6) + if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3") + message(STATUS "mlongcalls for all components") + idf_build_set_property(COMPILE_OPTIONS "-mlongcalls" APPEND) + endif() +endif() + project(wolfssl_template) message(STATUS "end project") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt index 17437542ec..dcbd07ec52 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt @@ -7,6 +7,19 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}") cmake_minimum_required(VERSION 3.16) +# For the main project using ESP-IDF version 6 or greater. +# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered +# So we'll allow long calls with the `-mlongcalls` compiler option for all components. +if(IDF_VERSION_MAJOR GREATER_EQUAL 6) + if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3") + message(STATUS "Adding mlongcalls") + add_compile_options(-mlongcalls) + add_link_options(-mlongcalls) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlongcalls") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mlongcalls") + endif() +endif() + # Optional no watchdog typically used for test & benchmark if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1") @@ -144,5 +157,15 @@ endif() include($ENV{IDF_PATH}/tools/cmake/project.cmake) +# Once the project is loaded, next check for ESP-IDF version 6 or greater. +# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered +# So we'll allow long calls with the `-mlongcalls` compiler option for all components. +if(IDF_VERSION_MAJOR GREATER_EQUAL 6) + if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3") + message(STATUS "mlongcalls for all components") + idf_build_set_property(COMPILE_OPTIONS "-mlongcalls" APPEND) + endif() +endif() + project(wolfssl_benchmark) message(STATUS "end project") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt index f9b3bbfd07..caa597d16e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt @@ -7,6 +7,19 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}") cmake_minimum_required(VERSION 3.16) +# For the main project using ESP-IDF version 6 or greater. +# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered +# So we'll allow long calls with the `-mlongcalls` compiler option for all components. +if(IDF_VERSION_MAJOR GREATER_EQUAL 6) + if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3") + message(STATUS "Adding mlongcalls") + add_compile_options(-mlongcalls) + add_link_options(-mlongcalls) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlongcalls") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mlongcalls") + endif() +endif() + # Optional no watchdog typically used for test & benchmark if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1") @@ -144,5 +157,15 @@ endif() include($ENV{IDF_PATH}/tools/cmake/project.cmake) +# Once the project is loaded, next check for ESP-IDF version 6 or greater. +# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered +# So we'll allow long calls with the `-mlongcalls` compiler option for all components. +if(IDF_VERSION_MAJOR GREATER_EQUAL 6) + if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3") + message(STATUS "mlongcalls for all components") + idf_build_set_property(COMPILE_OPTIONS "-mlongcalls" APPEND) + endif() +endif() + project(wolfssl_client) message(STATUS "end project") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt index a61aed3f06..477b3be8b0 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt @@ -7,6 +7,19 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}") cmake_minimum_required(VERSION 3.16) +# For the main project using ESP-IDF version 6 or greater. +# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered +# So we'll allow long calls with the `-mlongcalls` compiler option for all components. +if(IDF_VERSION_MAJOR GREATER_EQUAL 6) + if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3") + message(STATUS "Adding mlongcalls") + add_compile_options(-mlongcalls) + add_link_options(-mlongcalls) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlongcalls") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mlongcalls") + endif() +endif() + # Optional no watchdog typically used for test & benchmark if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1") @@ -144,5 +157,15 @@ endif() include($ENV{IDF_PATH}/tools/cmake/project.cmake) +# Once the project is loaded, next check for ESP-IDF version 6 or greater. +# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered +# So we'll allow long calls with the `-mlongcalls` compiler option for all components. +if(IDF_VERSION_MAJOR GREATER_EQUAL 6) + if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3") + message(STATUS "mlongcalls for all components") + idf_build_set_property(COMPILE_OPTIONS "-mlongcalls" APPEND) + endif() +endif() + project(wolfssl_server) message(STATUS "end project") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt index 2090c8ae83..ac32187d88 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt @@ -7,6 +7,19 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}") cmake_minimum_required(VERSION 3.16) +# For the main project using ESP-IDF version 6 or greater. +# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered +# So we'll allow long calls with the `-mlongcalls` compiler option for all components. +if(IDF_VERSION_MAJOR GREATER_EQUAL 6) + if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3") + message(STATUS "Adding mlongcalls") + add_compile_options(-mlongcalls) + add_link_options(-mlongcalls) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlongcalls") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mlongcalls") + endif() +endif() + # Optional no watchdog typically used for test & benchmark if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1") @@ -144,5 +157,15 @@ endif() include($ENV{IDF_PATH}/tools/cmake/project.cmake) +# Once the project is loaded, next check for ESP-IDF version 6 or greater. +# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered +# So we'll allow long calls with the `-mlongcalls` compiler option for all components. +if(IDF_VERSION_MAJOR GREATER_EQUAL 6) + if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3") + message(STATUS "mlongcalls for all components") + idf_build_set_property(COMPILE_OPTIONS "-mlongcalls" APPEND) + endif() +endif() + project(wolfssl_test) message(STATUS "end project") diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c index 727a12f896..8478e57a04 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c @@ -119,6 +119,9 @@ extern wc_ptr_t _heap_end[]; #define IRAMF2_START ((void*)(0x4010C000)) #define IRAMF2_END ((void*)(0x4010C000 + 0x4000)) +#if defined(ESP_IDF_VERSION) && (ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0)) + /* Skipping for ESP-IDF v6.0 */ +#else enum sdk_memory_segment { /* Ensure this list exactly matches order in sdk_memory_segment_text */ @@ -187,10 +190,14 @@ int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end) } return ESP_OK; } +#endif /* Show all known linker memory segment names, starting & ending addresses. */ int sdk_init_meminfo(void) { +#if defined(ESP_IDF_VERSION) && (ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0)) + ESP_LOGI(TAG, "sdk_init_meminfo not available for ESP-IDF V6.0"); +#else void* sample_heap_var; int sample_stack_var = 0; @@ -238,6 +245,7 @@ int sdk_init_meminfo(void) sdk_var_whereis("sample_heap_var", sample_heap_var); free(sample_heap_var); } +#endif return ESP_OK; } @@ -245,6 +253,9 @@ int sdk_init_meminfo(void) esp_err_t sdk_var_whereis(const char* v_name, void* v) { esp_err_t ret = ESP_FAIL; +#if defined(ESP_IDF_VERSION) && (ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0)) + ESP_LOGI(TAG, "sdk_var_whereis not available for ESP-IDF V6.0"); +#else for (enum sdk_memory_segment m = 0 ;m < SDK_MEMORY_SEGMENT_COUNT; m++) { if (v >= sdk_memory_segment_start[m] && @@ -257,6 +268,7 @@ esp_err_t sdk_var_whereis(const char* v_name, void* v) } } } +#endif if (ret == ESP_FAIL) { ESP_LOGW(TAG, "%s not found in known memory map: %p", v_name, v); From 4ff6f5f10c0ef1bee08b007f369ca60970838561 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 27 Aug 2025 10:14:39 +1000 Subject: [PATCH 13/95] ML-KEM/Kyber: fix out of bouds read Decompose 5-bit values: Don't read 15 bytes when only have 10 bytes available. --- .wolfssl_known_macro_extras | 1 + wolfcrypt/src/wc_mlkem_asm.S | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 95ef25b0a7..6a8f6ab7c4 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -206,6 +206,7 @@ ENABLE_SECURE_SOCKETS_LOGS ESP32 ESP8266 ESP_ENABLE_WOLFSSH +ESP_IDF_VERSION ESP_IDF_VERSION_MAJOR ESP_IDF_VERSION_MINOR ESP_PLATFORM diff --git a/wolfcrypt/src/wc_mlkem_asm.S b/wolfcrypt/src/wc_mlkem_asm.S index f3ef6b3147..bb36fe9281 100644 --- a/wolfcrypt/src/wc_mlkem_asm.S +++ b/wolfcrypt/src/wc_mlkem_asm.S @@ -15779,7 +15779,10 @@ _mlkem_decompress_5_avx2: vpmullw %ymm4, %ymm0, %ymm0 vpmulhrsw %ymm1, %ymm0, %ymm0 vmovdqu %ymm0, 448(%rdi) - vbroadcasti128 150(%rsi), %ymm0 + vmovq 150(%rsi), %xmm0 + movzxw 158(%rsi), %rdx + vpinsrq $0x01, %rdx, %xmm0, %xmm0 + vinserti128 $0x01, %xmm0, %ymm0, %ymm0 vpshufb %ymm2, %ymm0, %ymm0 vpand %ymm3, %ymm0, %ymm0 vpmullw %ymm4, %ymm0, %ymm0 From 934364b8e12b1501651b86bea9aa1d4a0b1ebd2a Mon Sep 17 00:00:00 2001 From: effbiae Date: Wed, 27 Aug 2025 15:35:17 +1000 Subject: [PATCH 14/95] wolfSSL_read_ex returns {0,1} --- src/ssl.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 5ed5a526c0..794e5991e6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3368,7 +3368,7 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz) } -/* returns 0 on failure and on no read */ +/* returns 0 on failure and 1 on read */ int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd) { int ret; @@ -3388,8 +3388,7 @@ int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd) *rd = (size_t)ret; } - if (ret <= 0) ret = 0; - return ret; + return ret > 0 ? 1 : 0; } #ifdef WOLFSSL_MULTICAST From e25bd603ed03910c39c57d5004b63ecf6c0b2ef8 Mon Sep 17 00:00:00 2001 From: Kareem Date: Wed, 27 Aug 2025 11:53:22 -0700 Subject: [PATCH 15/95] Fix building with --coding=no/WOLFSSL_PEM_TO_DER undefined. --- src/ssl_certman.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ssl_certman.c b/src/ssl_certman.c index 16f93cecc3..8bd3a2f689 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -600,6 +600,9 @@ int wolfSSL_CertManagerLoadCABufferType(WOLFSSL_CERT_MANAGER* cm, ret = WOLFSSL_FATAL_ERROR; } else { if (format == WOLFSSL_FILETYPE_PEM) { + #ifndef WOLFSSL_PEM_TO_DER + ret = NOT_COMPILED_IN; + #else ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, NULL, NULL); if (!ret) { /* Replace buffer pointer and size with DER buffer. */ @@ -610,6 +613,7 @@ int wolfSSL_CertManagerLoadCABufferType(WOLFSSL_CERT_MANAGER* cm, WOLFSSL_ERROR(ret); ret = WOLFSSL_FATAL_ERROR; } + #endif } if (ret == WOLFSSL_SUCCESS) { From 87f99ea82484209900ac4ac898dc93e53884dd92 Mon Sep 17 00:00:00 2001 From: Kareem Date: Wed, 27 Aug 2025 12:02:25 -0700 Subject: [PATCH 16/95] Add test case for --enable-coding=no. --- .github/workflows/os-check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index bce6b70880..4501387f72 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -59,6 +59,7 @@ jobs: '--enable-lms=small,verify-only --enable-xmss=small,verify-only', '--disable-sys-ca-certs', '--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ', + '--enable-coding=no', ] name: make check if: github.repository_owner == 'wolfssl' From 1ad8b2897aaa28257a7a4e0acfca134b50a30a3d Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 27 Aug 2025 13:58:09 -0600 Subject: [PATCH 17/95] Force zero with bufferSize instead of length. add void prototype to definitions --- src/internal.c | 2 +- wolfcrypt/src/memory.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index b817bbfa83..f534d06d58 100644 --- a/src/internal.c +++ b/src/internal.c @@ -11004,7 +11004,7 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree) } ForceZero(ssl->buffers.inputBuffer.buffer, - ssl->buffers.inputBuffer.length); + ssl->buffers.inputBuffer.bufferSize); XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer; diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 3bd5fc185e..c2f8b2630c 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -212,7 +212,7 @@ static wolfSSL_Mutex zeroMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(zeroMutex); /* Initialize the table of addresses and the mutex. */ -void wc_MemZero_Init() +void wc_MemZero_Init(void) { /* Clear the table to more easily see what is valid. */ XMEMSET(memZero, 0, sizeof(memZero)); @@ -226,7 +226,7 @@ void wc_MemZero_Init() /* Free the mutex and check we have not any uncheck addresses. */ -void wc_MemZero_Free() +void wc_MemZero_Free(void) { /* Free mutex. */ #ifndef WOLFSSL_MUTEX_INITIALIZER From 11942e774cc58b982eef252c499b8cae2d1b327b Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 27 Aug 2025 15:04:10 -0600 Subject: [PATCH 18/95] do not abort MEM_ZERO check if TEST_ALWAYS_RUN_TO_END is defined --- wolfcrypt/src/memory.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index c2f8b2630c..ae57c5f674 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -302,7 +302,9 @@ void wc_MemZero_Check(void* addr, size_t len) fprintf(stderr, "\n[MEM_ZERO] %s:%p + %ld is not zero\n", memZero[i].name, memZero[i].addr, j); fprintf(stderr, "[MEM_ZERO] Checking %p:%ld\n", addr, len); + #ifndef TEST_ALWAYS_RUN_TO_END abort(); + #endif } } /* Update next index to write to. */ From 8b1422a8695cdfcbed59e5c38945a30a21c5de0c Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 27 Aug 2025 15:10:51 -0600 Subject: [PATCH 19/95] add configuration for WOLFSSL_MEM_CHECK_ZERO --- .github/workflows/os-check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index bce6b70880..94d38f3cfd 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -59,6 +59,7 @@ jobs: '--enable-lms=small,verify-only --enable-xmss=small,verify-only', '--disable-sys-ca-certs', '--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ', + '--enable-all CFLAGS="-DWOLFSSL_CHECK_MEM_ZERO"', ] name: make check if: github.repository_owner == 'wolfssl' From ccf8eebc5f1020533ab317cdc9633cc7d5165316 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 26 Aug 2025 14:02:27 -0600 Subject: [PATCH 20/95] update for cpuid atomic refactor --- wolfcrypt/src/cpuid.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/cpuid.c b/wolfcrypt/src/cpuid.c index 73b3a29254..5c3e333ffe 100644 --- a/wolfcrypt/src/cpuid.c +++ b/wolfcrypt/src/cpuid.c @@ -41,17 +41,21 @@ */ void cpuid_set_flags(void) { - if (!cpuid_check) { - cpuid_flags |= CPUID_AVX1; - cpuid_flags |= CPUID_AVX2; - cpuid_flags |= CPUID_BMI2; - cpuid_flags |= CPUID_RDSEED; - cpuid_flags |= CPUID_AESNI; - cpuid_flags |= CPUID_ADX; - cpuid_flags |= CPUID_MOVBE; - cpuid_flags |= CPUID_BMI1; + if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) { + cpuid_flags_t new_cpuid_flags = 0, + old_cpuid_flags = WC_CPUID_INITIALIZER; - cpuid_check = 1; + new_cpuid_flags |= CPUID_AVX1; + new_cpuid_flags |= CPUID_AVX2; + new_cpuid_flags |= CPUID_BMI2; + new_cpuid_flags |= CPUID_RDSEED; + new_cpuid_flags |= CPUID_AESNI; + new_cpuid_flags |= CPUID_ADX; + new_cpuid_flags |= CPUID_MOVBE; + new_cpuid_flags |= CPUID_BMI1; + + (void)wolfSSL_Atomic_Uint_CompareExchange + (&cpuid_flags, &old_cpuid_flags, new_cpuid_flags); } } From 9774e4959f7499695cc9bd5895e5f673ee053cc8 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 26 Aug 2025 14:05:50 -0600 Subject: [PATCH 21/95] change sgx script to create options.h if none exists --- IDE/LINUX-SGX/build.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/IDE/LINUX-SGX/build.sh b/IDE/LINUX-SGX/build.sh index 8e98b002bd..3177655295 100755 --- a/IDE/LINUX-SGX/build.sh +++ b/IDE/LINUX-SGX/build.sh @@ -5,6 +5,11 @@ CFLAGS_NEW="-DDEBUG_WOLFSSL -I/usr/lib/gcc/x86_64-linux-gnu/$(gcc -dumpversion)/ export CFLAGS="${CFLAGS} ${CFLAGS_NEW}" echo ${CFLAGS} +# create an empty options.h file if none exist +if [ ! -f ../../wolfssl/options.h ]; then + touch ../../wolfssl/options.h +fi + NEW_INCLUDE_PATH="$C_INCLUDE_PATH:/usr/lib/gcc/x86_64-linux-gnu/$(gcc -dumpversion)/include" export C_INCLUDE_PATH="$NEW_INCLUDE_PATH" From f7c7ac275a6364a8598f192a4b52a02aca4e3ec4 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 28 Aug 2025 11:02:45 -0500 Subject: [PATCH 22/95] linuxkm/linuxkm_wc_port.h and linuxkm/x86_vector_register_glue.c: refactor wc_save_vector_registers_x86() and wc_restore_vector_registers_x86() to allow recursive WC_SVR_FLAG_INHIBIT while already in a vector save context; linuxkm/lkcapi_sha_glue.c: in get_drbg() and put_drbg(), DISABLE_VECTOR_REGISTERS()...REENABLE_VECTOR_REGISTERS() if tfm == crypto_default_rng. --- .wolfssl_known_macro_extras | 1 - linuxkm/linuxkm_wc_port.h | 10 ++++---- linuxkm/lkcapi_sha_glue.c | 30 +++++++++++++---------- linuxkm/x86_vector_register_glue.c | 38 +++++++++++++++++++++--------- 4 files changed, 50 insertions(+), 29 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 6a8f6ab7c4..2c68d0b003 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -661,7 +661,6 @@ WOLFSSL_CAAM_BLACK_KEY_SM WOLFSSL_CAAM_NO_BLACK_KEY WOLFSSL_CALLBACKS WOLFSSL_CHECK_DESKEY -WOLFSSL_CHECK_MEM_ZERO WOLFSSL_CHIBIOS WOLFSSL_CLANG_TIDY WOLFSSL_CLIENT_EXAMPLE diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 197b9176a2..14f8ae6936 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -469,7 +469,7 @@ extern void free_wolfcrypt_linuxkm_fpu_states(void); WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void); WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags); - WOLFSSL_API void wc_restore_vector_registers_x86(void); + WOLFSSL_API void wc_restore_vector_registers_x86(enum wc_svr_flags flags); #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #include @@ -505,14 +505,14 @@ #endif #endif #ifndef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() wc_restore_vector_registers_x86() + #define RESTORE_VECTOR_REGISTERS() wc_restore_vector_registers_x86(WC_SVR_FLAG_NONE) #endif #ifndef DISABLE_VECTOR_REGISTERS #define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT) #endif #ifndef REENABLE_VECTOR_REGISTERS - #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86() + #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86(WC_SVR_FLAG_INHIBIT) #endif #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64)) @@ -1217,12 +1217,12 @@ #if defined(CONFIG_X86) WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void); WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags); - WOLFSSL_API void wc_restore_vector_registers_x86(void); + WOLFSSL_API void wc_restore_vector_registers_x86(enum wc_svr_flags flags); #ifndef DISABLE_VECTOR_REGISTERS #define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT) #endif #ifndef REENABLE_VECTOR_REGISTERS - #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86() + #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86(WC_SVR_FLAG_INHIBIT) #endif #else /* !CONFIG_X86 */ #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture. diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index 0e73dd981c..584ebc3f30 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -968,6 +968,7 @@ struct wc_linuxkm_drbg_ctx { struct wc_rng_inst { wolfSSL_Atomic_Int lock; WC_RNG rng; + int disabled_vec_ops; } *rngs; /* one per CPU ID */ }; @@ -1089,8 +1090,14 @@ static inline struct wc_rng_inst *get_drbg(struct crypto_rng *tfm) { for (;;) { int expected = 0; - if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, new_lock_value, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) - return &ctx->rngs[n]; + if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, new_lock_value, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) { + struct wc_rng_inst *drbg = &ctx->rngs[n]; + if (tfm == crypto_default_rng) + drbg->disabled_vec_ops = (DISABLE_VECTOR_REGISTERS() == 0); + else + drbg->disabled_vec_ops = 0; + return drbg; + } ++n; if (n >= (int)ctx->n_rngs) n = 0; @@ -1108,8 +1115,11 @@ static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, in for (;;) { int expected = 0; - if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) - return &ctx->rngs[n]; + if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) { + struct wc_rng_inst *drbg = &ctx->rngs[n]; + drbg->disabled_vec_ops = 0; + return drbg; + } if (can_sleep) { if (signal_pending(current)) return NULL; @@ -1127,6 +1137,10 @@ static inline void put_drbg(struct wc_rng_inst *drbg) { (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) int migration_disabled = (drbg->lock == 2); #endif + if (drbg->disabled_vec_ops) { + REENABLE_VECTOR_REGISTERS(); + drbg->disabled_vec_ops = 0; + } __atomic_store_n(&(drbg->lock),0,__ATOMIC_RELEASE); #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) @@ -1140,7 +1154,6 @@ static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm, u8 *dst, unsigned int dlen) { int ret, retried = 0; - int need_fpu_restore; struct wc_rng_inst *drbg = get_drbg(tfm); if (! drbg) { @@ -1148,11 +1161,6 @@ static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm, return -EFAULT; } - /* for the default RNG, make sure we don't cache an underlying SHA256 - * method that uses vector insns (forbidden from irq handlers). - */ - need_fpu_restore = (tfm == crypto_default_rng) ? (DISABLE_VECTOR_REGISTERS() == 0) : 0; - retry: if (slen > 0) { @@ -1186,8 +1194,6 @@ retry: out: - if (need_fpu_restore) - REENABLE_VECTOR_REGISTERS(); put_drbg(drbg); return ret; diff --git a/linuxkm/x86_vector_register_glue.c b/linuxkm/x86_vector_register_glue.c index 159162cd13..5ec17acfd4 100644 --- a/linuxkm/x86_vector_register_glue.c +++ b/linuxkm/x86_vector_register_glue.c @@ -346,7 +346,14 @@ WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags) /* allow for nested calls */ if (pstate && (pstate->fpu_state != 0U)) { - if (unlikely(pstate->fpu_state & WC_FPU_INHIBITED_FLAG)) { + if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK) + == WC_FPU_COUNT_MASK)) + { + pr_err("ERROR: wc_save_vector_registers_x86 recursion register overflow for " + "pid %d on CPU %d.\n", pstate->pid, raw_smp_processor_id()); + return BAD_STATE_E; + } + if (pstate->fpu_state & WC_FPU_INHIBITED_FLAG) { if (flags & WC_SVR_FLAG_INHIBIT) { /* allow recursive inhibit calls as long as the whole stack of * them is inhibiting. @@ -357,15 +364,12 @@ WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags) else return WC_ACCEL_INHIBIT_E; } - if (unlikely(flags & WC_SVR_FLAG_INHIBIT)) - return BAD_STATE_E; - if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK) - == WC_FPU_COUNT_MASK)) - { - pr_err("ERROR: wc_save_vector_registers_x86 recursion register overflow for " - "pid %d on CPU %d.\n", pstate->pid, raw_smp_processor_id()); - return BAD_STATE_E; - } else { + if (flags & WC_SVR_FLAG_INHIBIT) { + ++pstate->fpu_state; + pstate->fpu_state |= WC_FPU_INHIBITED_FLAG; + return 0; + } + else { ++pstate->fpu_state; return 0; } @@ -475,7 +479,7 @@ WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags) __builtin_unreachable(); } -void wc_restore_vector_registers_x86(void) +void wc_restore_vector_registers_x86(enum wc_svr_flags flags) { struct wc_thread_fpu_count_ent *pstate; @@ -494,6 +498,14 @@ void wc_restore_vector_registers_x86(void) } if ((--pstate->fpu_state & WC_FPU_COUNT_MASK) > 0U) { + if (flags & WC_SVR_FLAG_INHIBIT) { + if (pstate->fpu_state & WC_FPU_INHIBITED_FLAG) + pstate->fpu_state &= ~WC_FPU_INHIBITED_FLAG; + else + VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called by pid %d on CPU %d " + "with _INHIBIT flag but saved state isn't _INHIBITED_.\n", task_pid_nr(current), + raw_smp_processor_id()); + } return; } @@ -505,6 +517,10 @@ void wc_restore_vector_registers_x86(void) #endif local_bh_enable(); } else if (unlikely(pstate->fpu_state & WC_FPU_INHIBITED_FLAG)) { + if (unlikely(! (flags & WC_SVR_FLAG_INHIBIT))) + VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called by pid %d on CPU %d " + "without _INHIBIT flag but saved state is _INHIBITED_.\n", task_pid_nr(current), + raw_smp_processor_id()); pstate->fpu_state = 0U; wc_linuxkm_fpu_state_release(pstate); local_bh_enable(); From 44c403f4c7672bbd5f6cfed88f4cd71d4d1db163 Mon Sep 17 00:00:00 2001 From: effbiae Date: Fri, 29 Aug 2025 12:32:26 +1000 Subject: [PATCH 23/95] replace (f)printf with WOLFSSL_DEBUG_PRINTF --- wolfcrypt/src/logging.c | 35 +++++++++++---------------------- wolfssl/wolfcrypt/error-crypt.h | 20 +++++-------------- wolfssl/wolfcrypt/logging.h | 12 ++++------- 3 files changed, 20 insertions(+), 47 deletions(-) diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index a9f18b5e5b..68729fe6d1 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -253,7 +253,8 @@ void WOLFSSL_START(int funcNum) if (funcNum < WC_FUNC_COUNT) { double now = current_time(0) * 1000.0; #ifdef WOLFSSL_FUNC_TIME_LOG - fprintf(stderr, "%17.3f: START - %s\n", now, wc_func_name[funcNum]); + WOLFSSL_DEBUG_PRINTF("%17.3f: START - %s\n", + now, wc_func_name[funcNum]); #endif wc_func_start[funcNum] = now; } @@ -265,7 +266,8 @@ void WOLFSSL_END(int funcNum) double now = current_time(0) * 1000.0; wc_func_time[funcNum] += now - wc_func_start[funcNum]; #ifdef WOLFSSL_FUNC_TIME_LOG - fprintf(stderr, "%17.3f: END - %s\n", now, wc_func_name[funcNum]); + WOLFSSL_DEBUG_PRINTF("%17.3f: END - %s\n", + now, wc_func_name[funcNum]); #endif } } @@ -278,11 +280,11 @@ void WOLFSSL_TIME(int count) for (i = 0; i < WC_FUNC_COUNT; i++) { if (wc_func_time[i] > 0) { avg = wc_func_time[i] / count; - fprintf(stderr, "%8.3f ms: %s\n", avg, wc_func_name[i]); + WOLFSSL_DEBUG_PRINTF("%8.3f ms: %s\n", avg, wc_func_name[i]); total += avg; } } - fprintf(stderr, "%8.3f ms\n", total); + WOLFSSL_DEBUG_PRINTF("%8.3f ms\n", total); } #endif @@ -1850,36 +1852,21 @@ static int backtrace_callback(void *data, uintptr_t pc, const char *filename, *(int *)data = 1; return 0; } -#ifdef NO_STDIO_FILESYSTEM - printf(" #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc, - function, filename, lineno); -#else - fprintf(stderr, " #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc, - function, filename, lineno); -#endif + WOLFSSL_DEBUG_PRINTF(" #%d %p in %s %s:%d\n", (*(int *)data)++, + (void *)pc, function, filename, lineno); return 0; } static void backtrace_error(void *data, const char *msg, int errnum) { (void)data; -#ifdef NO_STDIO_FILESYSTEM - printf("ERR TRACE: error %d while backtracing: %s", errnum, msg); -#else - fprintf(stderr, "ERR TRACE: error %d while backtracing: %s", errnum, msg); -#endif + WOLFSSL_DEBUG_PRINTF("ERR TRACE: error %d while backtracing: %s", + errnum, msg); } static void backtrace_creation_error(void *data, const char *msg, int errnum) { (void)data; -#ifdef NO_STDIO_FILESYSTEM - printf("ERR TRACE: internal error %d " + WOLFSSL_DEBUG_PRINTF("ERR TRACE: internal error %d " "while initializing backtrace facility: %s", errnum, msg); - printf("ERR TRACE: internal error " - "while initializing backtrace facility"); -#else - fprintf(stderr, "ERR TRACE: internal error %d " - "while initializing backtrace facility: %s", errnum, msg); -#endif } static int backtrace_init(struct backtrace_state **backtrace_state) { diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 74e441c6a8..dad2f64ff4 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -349,22 +349,12 @@ WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error); #endif #endif #ifndef WC_ERR_TRACE - #ifdef NO_STDIO_FILESYSTEM - #define WC_ERR_TRACE(label) \ - ( printf("ERR TRACE: %s L %d %s (%d)\n", \ - __FILE__, __LINE__, #label, label), \ - WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ - label \ + #define WC_ERR_TRACE(label) \ + ( WOLFSSL_DEBUG_PRINTF("ERR TRACE: %s L %d %s (%d)\n", \ + __FILE__, __LINE__, #label, label), \ + WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ + label \ ) - #else - #define WC_ERR_TRACE(label) \ - ( fprintf(stderr, \ - "ERR TRACE: %s L %d %s (%d)\n", \ - __FILE__, __LINE__, #label, label), \ - WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ - label \ - ) - #endif #endif #include #else diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index f7eec130d2..fe5adad66c 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -550,6 +550,8 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); #define WOLFSSL_DEBUG_PRINTF_FN printk #elif defined(WOLFSSL_RENESAS_RA6M4) #define WOLFSSL_DEBUG_PRINTF_FN myprintf +#elif defined(NO_STDIO_FILESYSTEM) + #define WOLFSSL_DEBUG_PRINTF_FN printf #else #define WOLFSSL_DEBUG_PRINTF_FN fprintf #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS stderr, @@ -561,14 +563,8 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); #if defined(WOLFSSL_DEBUG_PRINTF_FN) && !defined(WOLFSSL_DEBUG_PRINTF) #if defined(WOLF_NO_VARIADIC_MACROS) - #if defined(WOLFSSL_ESPIDF) - /* ESP-IDF supports variadic. Do not use WOLF_NO_VARIADIC_MACROS. - * This is only for WOLF_NO_VARIADIC_MACROS testing: */ - #define WOLFSSL_DEBUG_PRINTF(a) \ - WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS a) - #else - /* no variadic not defined for this platform */ - #endif + #define WOLFSSL_DEBUG_PRINTF(a) \ + WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS a) #else #define WOLFSSL_DEBUG_PRINTF(...) \ WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS __VA_ARGS__) From a0c8efdffecac230bcfbd2d12ee1d882f1d7c4b7 Mon Sep 17 00:00:00 2001 From: mgrojo Date: Sun, 10 Aug 2025 20:17:13 +0200 Subject: [PATCH 24/95] Ada: fix wrapping of `wolfSSL_ERR_error_string_n` Use unchecked conversion instead of type conversion to mimic C style conversion from int to unsigned long, avoiding the Ada overflow check that is raised when a negative value is converted to an unsigned type. --- wrapper/Ada/wolfssl.adb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/wrapper/Ada/wolfssl.adb b/wrapper/Ada/wolfssl.adb index 9bdd07afd7..2f7caba0b0 100644 --- a/wrapper/Ada/wolfssl.adb +++ b/wrapper/Ada/wolfssl.adb @@ -19,6 +19,7 @@ -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -- +with Ada.Unchecked_Conversion; pragma Warnings (Off, "* is an internal GNAT unit"); with GNAT.Sockets.Thin_Common; pragma Warnings (On, "* is an internal GNAT unit"); @@ -798,10 +799,15 @@ package body WolfSSL is S : String (1 .. Error_Message_Index'Last); B : Byte_Array (1 .. size_t (Error_Message_Index'Last)); C : Natural; + -- Use unchecked conversion instead of type conversion to mimic C style + -- conversion from int to unsigned long, avoiding the Ada overflow check. + function To_Unsigned_Long is new Ada.Unchecked_Conversion + (Source => long, + Target => unsigned_long); begin - WolfSSL_Error_String (Error => unsigned_long (Code), + WolfSSL_Error_String (Error => To_Unsigned_Long (long (Code)), Data => B, - Size => unsigned_long (B'Last)); + Size => To_Unsigned_Long (long (B'Last))); Interfaces.C.To_Ada (Item => B, Target => S, Count => C, From cdbad34284a34cd5828e3bdf38ae57bd8184a46f Mon Sep 17 00:00:00 2001 From: mgrojo Date: Sun, 10 Aug 2025 20:37:43 +0200 Subject: [PATCH 25/95] Ada: include use of `WolfSSL.Get_Error` in the example --- wrapper/Ada/tls_server.adb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/wrapper/Ada/tls_server.adb b/wrapper/Ada/tls_server.adb index 9cd30b9d34..64e4f988d1 100644 --- a/wrapper/Ada/tls_server.adb +++ b/wrapper/Ada/tls_server.adb @@ -346,6 +346,14 @@ package body Tls_Server with SPARK_Mode is WolfSSL.Create_WolfSSL (Context => Ctx, Ssl => Ssl); if not WolfSSL.Is_Valid (Ssl) then Put_Line ("ERROR: failed to create WOLFSSL object."); + declare + Error_Message : constant WolfSSL.Error_Message := + WolfSSL.Error (WolfSSL.Get_Error (Ssl, Result)); + begin + if Result = Success then + Put_Line (Error_Message.Text (1 .. Error_Message.Last)); + end if; + end; SPARK_Sockets.Close_Socket (L); if not DTLS then From 8ed1ce6a8b00fe53f515e76c23d584c751c59322 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 29 Aug 2025 14:42:48 -0500 Subject: [PATCH 26/95] wolfcrypt/src/wc_mlkem_asm.S: in _mlkem_decompress_5_avx2, use movzwq, not movzxw, for portability. --- wolfcrypt/src/wc_mlkem_asm.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/wc_mlkem_asm.S b/wolfcrypt/src/wc_mlkem_asm.S index bb36fe9281..752542aaf0 100644 --- a/wolfcrypt/src/wc_mlkem_asm.S +++ b/wolfcrypt/src/wc_mlkem_asm.S @@ -15780,7 +15780,7 @@ _mlkem_decompress_5_avx2: vpmulhrsw %ymm1, %ymm0, %ymm0 vmovdqu %ymm0, 448(%rdi) vmovq 150(%rsi), %xmm0 - movzxw 158(%rsi), %rdx + movzwq 158(%rsi), %rdx vpinsrq $0x01, %rdx, %xmm0, %xmm0 vinserti128 $0x01, %xmm0, %ymm0, %ymm0 vpshufb %ymm2, %ymm0, %ymm0 From 295a11d0f73d5456ae766056a5dd64f228a86490 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 30 Aug 2025 09:24:46 +0900 Subject: [PATCH 27/95] update Readme --- IDE/Renesas/e2studio/RA6M4/README.md | 88 +++++++++++++++------------- 1 file changed, 47 insertions(+), 41 deletions(-) diff --git a/IDE/Renesas/e2studio/RA6M4/README.md b/IDE/Renesas/e2studio/RA6M4/README.md index f53c0a1ed8..c576d8c1e2 100644 --- a/IDE/Renesas/e2studio/RA6M4/README.md +++ b/IDE/Renesas/e2studio/RA6M4/README.md @@ -24,29 +24,29 @@ The wolfssl Project Summary is listed below and is relevant for every project. |Board|EK-RA6M4| |Device|R7FA6M4AF3CFB| |Toolchain|GCC ARM Embedded| -|FSP Version|5.4.0| +|FSP Version|6.1.0| #### Selected software components |Components|Version| |:--|:--| -|Board Support Package Common Files|v5.4.0| -|Secure Cryptography Engine on RA6 Protected Mode|v5.4.0| -|I/O Port|v5.4.0| -|Arm CMSIS Version 5 - Core (M)|v6.1.0+fsp.5.4.0| -|RA6M4-EK Board Support Files|v5.4.0| -|Board support package for R7FA6M4AF3CFB|v5.4.0| -|Board support package for RA6M4 - Events|v5.4.0| -|Board support package for RA6M4|v5.4.0| -|Board support package for RA6M4 - FSP Data|v5.4.0| -|FreeRTOS|v10.6.1+fsp.5.4.0| -|FreeRTOS - Memory Management - Heap 4|v10.6.1+fsp.5.4.0| -|r_ether to FreeRTOS+TCP Wrapper|v5.4.0| -|Ethernet|v5.4.0| -|Ethernet PHY|v5.4.0| -|FreeRTOS+TCP|v4.0.0+fsp.5.4.0| -|FreeRTOS - Buffer Allocation 2|v4.0.0+fsp.5.4.0| -|FreeRTOS Port|v5.4.0| +|Board Support Package Common Files|v6.1.0| +|Secure Cryptography Engine on RA6 Protected Mode|v6.1.0| +|I/O Port|v6.1.0| +|Arm CMSIS Version 5 - Core (M)|v6.1.0+fsp.6.1.0| +|RA6M4-EK Board Support Files|v6.1.0| +|Board support package for R7FA6M4AF3CFB|v6.1.0| +|Board support package for RA6M4 - Events|v6.1.0| +|Board support package for RA6M4|v6.1.0| +|Board support package for RA6M4 - FSP Data|v6.1.0| +|FreeRTOS|v11.1.0+fsp.6.1.0| +|FreeRTOS - Memory Management - Heap 4|v11.1.0+fsp.6.1.0| +|r_ether to FreeRTOS+TCP Wrapper|v6.1.0| +|Ethernet|v6.1.0| +|Ethernet PHY|v6.1.0| +|FreeRTOS+TCP|v4.3.3+fsp.6.1.0| +|FreeRTOS - Buffer Allocation 2|v4.3.3+fsp.6.1.0| +|FreeRTOS Port|v6.1.0| ## Setup Steps and Build wolfSSL Library @@ -58,10 +58,11 @@ The wolfssl Project Summary is listed below and is relevant for every project. 2.) Create a `dummy_library` Static Library. -+ Click File->New->`RA C/C++ Project`. -+ Select `EK-RA6M4` from Drop-down list. -+ Check `Static Library`. -+ Select FreeRTOS from RTOS selection. Click Next. ++ Click File->New->`RA C/C++ Project`. Select `EK-RA6M4` from Drop-down list. ++ Select `Flat(Non-TrustZone) Project`. Click Next. ++ Select `None`. Click Next. ++ Check `Static Library`. Click Next. ++ Select `FreeRTOS` from RTOS selection. Click Next. + Check `FreeRTOS minimal - Static Allocation`. Click Finish. + Open Smart Configurator by clicking configuration.xml in the project + Go to `BSP` tab and increase Heap Size under `RA Common` on Properties page, e.g. 0x1000 @@ -82,7 +83,8 @@ The wolfssl Project Summary is listed below and is relevant for every project. + Add `Heap 4` stack to sce_tst_thread from `New Stack` -> `RTOS` -> `FreeRTOS Heap 4` + Add `FreeRTOS + TCP` stack to sce_tst_thread from `New Stack` -> `Networking` -> `FreeRTOS+TCP` and set properties - ++ Add Ethernet Driver by clicking `Add Ethernet Driver` element and select `New` -> `Ethernet(r_ether)` ++ Increase Heap size of `RA Common`. Go to `BSP` tab and inclease `RA Common` -> `Heap size (bytes)` to 0x2000 |Property|Value| |:--|:--| |Network Events call vApplicationIPNetworkEventHook|Disable| @@ -97,15 +99,15 @@ The wolfssl Project Summary is listed below and is relevant for every project. 4.) Create a 'dummy_application' Renesas RA C Project Using RA Library. -+ Click File->New->`RA C/C++ Project`. -+ Select `EK-RA6M4` from Drop-down list. -+ Check `Executable Using an RA Static Library`. -+ Select FreeRTOS from RTOS selection. Click Finish. ++ Click File->New->`RA C/C++ Project`. Select `EK-RA6M4` from Drop-down list. Click Next. ++ Select `Flat(Non-TrustZone) Project`. Click Next ++ Select `None`. Click Next ++ Check `Executable Using an RA Static Library`. Select FreeRTOS from RTOS selection. Click Finish. + Enter `dummy_application` as the project name. Click Next. -+ Under `RA library project`, select `wolfSSL_RA6M4`. -+ Click Finish. ++ Under `RA library project`, select `wolfSSL_RA6M4`. Click Finish. + Copy the following folder and file at `dummy_application` to `test_RA6M4`\ script/\ + Debug/\ src/sce_tst_thread_entry.c + Add `sce_test()` call under /* TODO: add your own code here */ line at sce_tst_thread_entry.c @@ -131,29 +133,33 @@ The wolfssl Project Summary is listed below and is relevant for every project. + To place RTT block specific area, you can add the following line to `fsp.ld`: ``` - .bss : + __ram_from_flash$$ : { - . = ALIGN(4); - __bss_start__ = .; - *(.bss*) - *(COMMON) - KEEP(*(.rtt_block)) /* <-- for SEGGER_RTT control block */ - . = ALIGN(4); - __bss_end__ = .; - } > RAM + __ram_from_flash$$Base = .;__ram_from_flash$$Load = LOADADDR(__ram_from_flash$$); + /* section.ram.from_flash */ + *(.ram_from_flash) + /* section.ram.code_from_flash */ + *(.txt.rtt_block) /* <-- for SEGGER_RTT control block */ + *(.ram_code_from_flash) + *(.data*) + *(vtable) + __ram_from_flash$$Limit = .; + }> RAM AT > FLASH ``` Also, adding the following line to `SEGGER_RTT.c`: ``` -SEGGER_RTT_CB _SEGGER_RTT __attribute__((section(".rtt_block"))); +SEGGER_RTT_CB _SEGGER_RTT __attribute__((section(".txt.rtt_block"))); ``` As the result, you can find the following similar line in the map file. e.g. [test_RA6M4.map] ``` - .rtt_block 0x20023648 0xa8 ./src/SEGGER_RTT/SEGGER_RTT.o - 0x20023648 _SEGGER_RTT + *(.txt.rtt_block) + .txt.rtt_block + 0x20000000 0xa8 ./src/SEGGER_RTT/SEGGER_RTT.o + 0x20000000 _SEGGER_RTT ```` you can specify "RTT control block" to 0x20023648 by Address OR From e2fe74502f509e181419d0cfe6689528374f1526 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 30 Aug 2025 09:28:09 +0900 Subject: [PATCH 28/95] Add wolfSSL/Debug folder as include - remove BSP_WarmStart() due to duplicate --- IDE/Renesas/e2studio/RA6M4/test/.cproject | 1 + IDE/Renesas/e2studio/RA6M4/test/src/test_main.c | 13 ------------- 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/IDE/Renesas/e2studio/RA6M4/test/.cproject b/IDE/Renesas/e2studio/RA6M4/test/.cproject index 11ea166457..57bd1be4e9 100644 --- a/IDE/Renesas/e2studio/RA6M4/test/.cproject +++ b/IDE/Renesas/e2studio/RA6M4/test/.cproject @@ -87,6 +87,7 @@