api.c 1.9 MB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038150391504015041150421504315044150451504615047150481504915050150511505215053150541505515056150571505815059150601506115062150631506415065150661506715068150691507015071150721507315074150751507615077150781507915080150811508215083150841508515086150871508815089150901509115092150931509415095150961509715098150991510015101151021510315104151051510615107151081510915110151111511215113151141511515116151171511815119151201512115122151231512415125151261512715128151291513015131151321513315134151351513615137151381513915140151411514215143151441514515146151471514815149151501515115152151531515415155151561515715158151591516015161151621516315164151651516615167151681516915170151711517215173151741517515176151771517815179151801518115182151831518415185151861518715188151891519015191151921519315194151951519615197151981519915200152011520215203152041520515206152071520815209152101521115212152131521415215152161521715218152191522015221152221522315224152251522615227152281522915230152311523215233152341523515236152371523815239152401524115242152431524415245152461524715248152491525015251152521525315254152551525615257152581525915260152611526215263152641526515266152671526815269152701527115272152731527415275152761527715278152791528015281152821528315284152851528615287152881528915290152911529215293152941529515296152971529815299153001530115302153031530415305153061530715308153091531015311153121531315314153151531615317153181531915320153211532215323153241532515326153271532815329153301533115332153331533415335153361533715338153391534015341153421534315344153451534615347153481534915350153511535215353153541535515356153571535815359153601536115362153631536415365153661536715368153691537015371153721537315374153751537615377153781537915380153811538215383153841538515386153871538815389153901539115392153931539415395153961539715398153991540015401154021540315404154051540615407154081540915410154111541215413154141541515416154171541815419154201542115422154231542415425154261542715428154291543015431154321543315434154351543615437154381543915440154411544215443154441544515446154471544815449154501545115452154531545415455154561545715458154591546015461154621546315464154651546615467154681546915470154711547215473154741547515476154771547815479154801548115482154831548415485154861548715488154891549015491154921549315494154951549615497154981549915500155011550215503155041550515506155071550815509155101551115512155131551415515155161551715518155191552015521155221552315524155251552615527155281552915530155311553215533155341553515536155371553815539155401554115542155431554415545155461554715548155491555015551155521555315554155551555615557155581555915560155611556215563155641556515566155671556815569155701557115572155731557415575155761557715578155791558015581155821558315584155851558615587155881558915590155911559215593155941559515596155971559815599156001560115602156031560415605156061560715608156091561015611156121561315614156151561615617156181561915620156211562215623156241562515626156271562815629156301563115632156331563415635156361563715638156391564015641156421564315644156451564615647156481564915650156511565215653156541565515656156571565815659156601566115662156631566415665156661566715668156691567015671156721567315674156751567615677156781567915680156811568215683156841568515686156871568815689156901569115692156931569415695156961569715698156991570015701157021570315704157051570615707157081570915710157111571215713157141571515716157171571815719157201572115722157231572415725157261572715728157291573015731157321573315734157351573615737157381573915740157411574215743157441574515746157471574815749157501575115752157531575415755157561575715758157591576015761157621576315764157651576615767157681576915770157711577215773157741577515776157771577815779157801578115782157831578415785157861578715788157891579015791157921579315794157951579615797157981579915800158011580215803158041580515806158071580815809158101581115812158131581415815158161581715818158191582015821158221582315824158251582615827158281582915830158311583215833158341583515836158371583815839158401584115842158431584415845158461584715848158491585015851158521585315854158551585615857158581585915860158611586215863158641586515866158671586815869158701587115872158731587415875158761587715878158791588015881158821588315884158851588615887158881588915890158911589215893158941589515896158971589815899159001590115902159031590415905159061590715908159091591015911159121591315914159151591615917159181591915920159211592215923159241592515926159271592815929159301593115932159331593415935159361593715938159391594015941159421594315944159451594615947159481594915950159511595215953159541595515956159571595815959159601596115962159631596415965159661596715968159691597015971159721597315974159751597615977159781597915980159811598215983159841598515986159871598815989159901599115992159931599415995159961599715998159991600016001160021600316004160051600616007160081600916010160111601216013160141601516016160171601816019160201602116022160231602416025160261602716028160291603016031160321603316034160351603616037160381603916040160411604216043160441604516046160471604816049160501605116052160531605416055160561605716058160591606016061160621606316064160651606616067160681606916070160711607216073160741607516076160771607816079160801608116082160831608416085160861608716088160891609016091160921609316094160951609616097160981609916100161011610216103161041610516106161071610816109161101611116112161131611416115161161611716118161191612016121161221612316124161251612616127161281612916130161311613216133161341613516136161371613816139161401614116142161431614416145161461614716148161491615016151161521615316154161551615616157161581615916160161611616216163161641616516166161671616816169161701617116172161731617416175161761617716178161791618016181161821618316184161851618616187161881618916190161911619216193161941619516196161971619816199162001620116202162031620416205162061620716208162091621016211162121621316214162151621616217162181621916220162211622216223162241622516226162271622816229162301623116232162331623416235162361623716238162391624016241162421624316244162451624616247162481624916250162511625216253162541625516256162571625816259162601626116262162631626416265162661626716268162691627016271162721627316274162751627616277162781627916280162811628216283162841628516286162871628816289162901629116292162931629416295162961629716298162991630016301163021630316304163051630616307163081630916310163111631216313163141631516316163171631816319163201632116322163231632416325163261632716328163291633016331163321633316334163351633616337163381633916340163411634216343163441634516346163471634816349163501635116352163531635416355163561635716358163591636016361163621636316364163651636616367163681636916370163711637216373163741637516376163771637816379163801638116382163831638416385163861638716388163891639016391163921639316394163951639616397163981639916400164011640216403164041640516406164071640816409164101641116412164131641416415164161641716418164191642016421164221642316424164251642616427164281642916430164311643216433164341643516436164371643816439164401644116442164431644416445164461644716448164491645016451164521645316454164551645616457164581645916460164611646216463164641646516466164671646816469164701647116472164731647416475164761647716478164791648016481164821648316484164851648616487164881648916490164911649216493164941649516496164971649816499165001650116502165031650416505165061650716508165091651016511165121651316514165151651616517165181651916520165211652216523165241652516526165271652816529165301653116532165331653416535165361653716538165391654016541165421654316544165451654616547165481654916550165511655216553165541655516556165571655816559165601656116562165631656416565165661656716568165691657016571165721657316574165751657616577165781657916580165811658216583165841658516586165871658816589165901659116592165931659416595165961659716598165991660016601166021660316604166051660616607166081660916610166111661216613166141661516616166171661816619166201662116622166231662416625166261662716628166291663016631166321663316634166351663616637166381663916640166411664216643166441664516646166471664816649166501665116652166531665416655166561665716658166591666016661166621666316664166651666616667166681666916670166711667216673166741667516676166771667816679166801668116682166831668416685166861668716688166891669016691166921669316694166951669616697166981669916700167011670216703167041670516706167071670816709167101671116712167131671416715167161671716718167191672016721167221672316724167251672616727167281672916730167311673216733167341673516736167371673816739167401674116742167431674416745167461674716748167491675016751167521675316754167551675616757167581675916760167611676216763167641676516766167671676816769167701677116772167731677416775167761677716778167791678016781167821678316784167851678616787167881678916790167911679216793167941679516796167971679816799168001680116802168031680416805168061680716808168091681016811168121681316814168151681616817168181681916820168211682216823168241682516826168271682816829168301683116832168331683416835168361683716838168391684016841168421684316844168451684616847168481684916850168511685216853168541685516856168571685816859168601686116862168631686416865168661686716868168691687016871168721687316874168751687616877168781687916880168811688216883168841688516886168871688816889168901689116892168931689416895168961689716898168991690016901169021690316904169051690616907169081690916910169111691216913169141691516916169171691816919169201692116922169231692416925169261692716928169291693016931169321693316934169351693616937169381693916940169411694216943169441694516946169471694816949169501695116952169531695416955169561695716958169591696016961169621696316964169651696616967169681696916970169711697216973169741697516976169771697816979169801698116982169831698416985169861698716988169891699016991169921699316994169951699616997169981699917000170011700217003170041700517006170071700817009170101701117012170131701417015170161701717018170191702017021170221702317024170251702617027170281702917030170311703217033170341703517036170371703817039170401704117042170431704417045170461704717048170491705017051170521705317054170551705617057170581705917060170611706217063170641706517066170671706817069170701707117072170731707417075170761707717078170791708017081170821708317084170851708617087170881708917090170911709217093170941709517096170971709817099171001710117102171031710417105171061710717108171091711017111171121711317114171151711617117171181711917120171211712217123171241712517126171271712817129171301713117132171331713417135171361713717138171391714017141171421714317144171451714617147171481714917150171511715217153171541715517156171571715817159171601716117162171631716417165171661716717168171691717017171171721717317174171751717617177171781717917180171811718217183171841718517186171871718817189171901719117192171931719417195171961719717198171991720017201172021720317204172051720617207172081720917210172111721217213172141721517216172171721817219172201722117222172231722417225172261722717228172291723017231172321723317234172351723617237172381723917240172411724217243172441724517246172471724817249172501725117252172531725417255172561725717258172591726017261172621726317264172651726617267172681726917270172711727217273172741727517276172771727817279172801728117282172831728417285172861728717288172891729017291172921729317294172951729617297172981729917300173011730217303173041730517306173071730817309173101731117312173131731417315173161731717318173191732017321173221732317324173251732617327173281732917330173311733217333173341733517336173371733817339173401734117342173431734417345173461734717348173491735017351173521735317354173551735617357173581735917360173611736217363173641736517366173671736817369173701737117372173731737417375173761737717378173791738017381173821738317384173851738617387173881738917390173911739217393173941739517396173971739817399174001740117402174031740417405174061740717408174091741017411174121741317414174151741617417174181741917420174211742217423174241742517426174271742817429174301743117432174331743417435174361743717438174391744017441174421744317444174451744617447174481744917450174511745217453174541745517456174571745817459174601746117462174631746417465174661746717468174691747017471174721747317474174751747617477174781747917480174811748217483174841748517486174871748817489174901749117492174931749417495174961749717498174991750017501175021750317504175051750617507175081750917510175111751217513175141751517516175171751817519175201752117522175231752417525175261752717528175291753017531175321753317534175351753617537175381753917540175411754217543175441754517546175471754817549175501755117552175531755417555175561755717558175591756017561175621756317564175651756617567175681756917570175711757217573175741757517576175771757817579175801758117582175831758417585175861758717588175891759017591175921759317594175951759617597175981759917600176011760217603176041760517606176071760817609176101761117612176131761417615176161761717618176191762017621176221762317624176251762617627176281762917630176311763217633176341763517636176371763817639176401764117642176431764417645176461764717648176491765017651176521765317654176551765617657176581765917660176611766217663176641766517666176671766817669176701767117672176731767417675176761767717678176791768017681176821768317684176851768617687176881768917690176911769217693176941769517696176971769817699177001770117702177031770417705177061770717708177091771017711177121771317714177151771617717177181771917720177211772217723177241772517726177271772817729177301773117732177331773417735177361773717738177391774017741177421774317744177451774617747177481774917750177511775217753177541775517756177571775817759177601776117762177631776417765177661776717768177691777017771177721777317774177751777617777177781777917780177811778217783177841778517786177871778817789177901779117792177931779417795177961779717798177991780017801178021780317804178051780617807178081780917810178111781217813178141781517816178171781817819178201782117822178231782417825178261782717828178291783017831178321783317834178351783617837178381783917840178411784217843178441784517846178471784817849178501785117852178531785417855178561785717858178591786017861178621786317864178651786617867178681786917870178711787217873178741787517876178771787817879178801788117882178831788417885178861788717888178891789017891178921789317894178951789617897178981789917900179011790217903179041790517906179071790817909179101791117912179131791417915179161791717918179191792017921179221792317924179251792617927179281792917930179311793217933179341793517936179371793817939179401794117942179431794417945179461794717948179491795017951179521795317954179551795617957179581795917960179611796217963179641796517966179671796817969179701797117972179731797417975179761797717978179791798017981179821798317984179851798617987179881798917990179911799217993179941799517996179971799817999180001800118002180031800418005180061800718008180091801018011180121801318014180151801618017180181801918020180211802218023180241802518026180271802818029180301803118032180331803418035180361803718038180391804018041180421804318044180451804618047180481804918050180511805218053180541805518056180571805818059180601806118062180631806418065180661806718068180691807018071180721807318074180751807618077180781807918080180811808218083180841808518086180871808818089180901809118092180931809418095180961809718098180991810018101181021810318104181051810618107181081810918110181111811218113181141811518116181171811818119181201812118122181231812418125181261812718128181291813018131181321813318134181351813618137181381813918140181411814218143181441814518146181471814818149181501815118152181531815418155181561815718158181591816018161181621816318164181651816618167181681816918170181711817218173181741817518176181771817818179181801818118182181831818418185181861818718188181891819018191181921819318194181951819618197181981819918200182011820218203182041820518206182071820818209182101821118212182131821418215182161821718218182191822018221182221822318224182251822618227182281822918230182311823218233182341823518236182371823818239182401824118242182431824418245182461824718248182491825018251182521825318254182551825618257182581825918260182611826218263182641826518266182671826818269182701827118272182731827418275182761827718278182791828018281182821828318284182851828618287182881828918290182911829218293182941829518296182971829818299183001830118302183031830418305183061830718308183091831018311183121831318314183151831618317183181831918320183211832218323183241832518326183271832818329183301833118332183331833418335183361833718338183391834018341183421834318344183451834618347183481834918350183511835218353183541835518356183571835818359183601836118362183631836418365183661836718368183691837018371183721837318374183751837618377183781837918380183811838218383183841838518386183871838818389183901839118392183931839418395183961839718398183991840018401184021840318404184051840618407184081840918410184111841218413184141841518416184171841818419184201842118422184231842418425184261842718428184291843018431184321843318434184351843618437184381843918440184411844218443184441844518446184471844818449184501845118452184531845418455184561845718458184591846018461184621846318464184651846618467184681846918470184711847218473184741847518476184771847818479184801848118482184831848418485184861848718488184891849018491184921849318494184951849618497184981849918500185011850218503185041850518506185071850818509185101851118512185131851418515185161851718518185191852018521185221852318524185251852618527185281852918530185311853218533185341853518536185371853818539185401854118542185431854418545185461854718548185491855018551185521855318554185551855618557185581855918560185611856218563185641856518566185671856818569185701857118572185731857418575185761857718578185791858018581185821858318584185851858618587185881858918590185911859218593185941859518596185971859818599186001860118602186031860418605186061860718608186091861018611186121861318614186151861618617186181861918620186211862218623186241862518626186271862818629186301863118632186331863418635186361863718638186391864018641186421864318644186451864618647186481864918650186511865218653186541865518656186571865818659186601866118662186631866418665186661866718668186691867018671186721867318674186751867618677186781867918680186811868218683186841868518686186871868818689186901869118692186931869418695186961869718698186991870018701187021870318704187051870618707187081870918710187111871218713187141871518716187171871818719187201872118722187231872418725187261872718728187291873018731187321873318734187351873618737187381873918740187411874218743187441874518746187471874818749187501875118752187531875418755187561875718758187591876018761187621876318764187651876618767187681876918770187711877218773187741877518776187771877818779187801878118782187831878418785187861878718788187891879018791187921879318794187951879618797187981879918800188011880218803188041880518806188071880818809188101881118812188131881418815188161881718818188191882018821188221882318824188251882618827188281882918830188311883218833188341883518836188371883818839188401884118842188431884418845188461884718848188491885018851188521885318854188551885618857188581885918860188611886218863188641886518866188671886818869188701887118872188731887418875188761887718878188791888018881188821888318884188851888618887188881888918890188911889218893188941889518896188971889818899189001890118902189031890418905189061890718908189091891018911189121891318914189151891618917189181891918920189211892218923189241892518926189271892818929189301893118932189331893418935189361893718938189391894018941189421894318944189451894618947189481894918950189511895218953189541895518956189571895818959189601896118962189631896418965189661896718968189691897018971189721897318974189751897618977189781897918980189811898218983189841898518986189871898818989189901899118992189931899418995189961899718998189991900019001190021900319004190051900619007190081900919010190111901219013190141901519016190171901819019190201902119022190231902419025190261902719028190291903019031190321903319034190351903619037190381903919040190411904219043190441904519046190471904819049190501905119052190531905419055190561905719058190591906019061190621906319064190651906619067190681906919070190711907219073190741907519076190771907819079190801908119082190831908419085190861908719088190891909019091190921909319094190951909619097190981909919100191011910219103191041910519106191071910819109191101911119112191131911419115191161911719118191191912019121191221912319124191251912619127191281912919130191311913219133191341913519136191371913819139191401914119142191431914419145191461914719148191491915019151191521915319154191551915619157191581915919160191611916219163191641916519166191671916819169191701917119172191731917419175191761917719178191791918019181191821918319184191851918619187191881918919190191911919219193191941919519196191971919819199192001920119202192031920419205192061920719208192091921019211192121921319214192151921619217192181921919220192211922219223192241922519226192271922819229192301923119232192331923419235192361923719238192391924019241192421924319244192451924619247192481924919250192511925219253192541925519256192571925819259192601926119262192631926419265192661926719268192691927019271192721927319274192751927619277192781927919280192811928219283192841928519286192871928819289192901929119292192931929419295192961929719298192991930019301193021930319304193051930619307193081930919310193111931219313193141931519316193171931819319193201932119322193231932419325193261932719328193291933019331193321933319334193351933619337193381933919340193411934219343193441934519346193471934819349193501935119352193531935419355193561935719358193591936019361193621936319364193651936619367193681936919370193711937219373193741937519376193771937819379193801938119382193831938419385193861938719388193891939019391193921939319394193951939619397193981939919400194011940219403194041940519406194071940819409194101941119412194131941419415194161941719418194191942019421194221942319424194251942619427194281942919430194311943219433194341943519436194371943819439194401944119442194431944419445194461944719448194491945019451194521945319454194551945619457194581945919460194611946219463194641946519466194671946819469194701947119472194731947419475194761947719478194791948019481194821948319484194851948619487194881948919490194911949219493194941949519496194971949819499195001950119502195031950419505195061950719508195091951019511195121951319514195151951619517195181951919520195211952219523195241952519526195271952819529195301953119532195331953419535195361953719538195391954019541195421954319544195451954619547195481954919550195511955219553195541955519556195571955819559195601956119562195631956419565195661956719568195691957019571195721957319574195751957619577195781957919580195811958219583195841958519586195871958819589195901959119592195931959419595195961959719598195991960019601196021960319604196051960619607196081960919610196111961219613196141961519616196171961819619196201962119622196231962419625196261962719628196291963019631196321963319634196351963619637196381963919640196411964219643196441964519646196471964819649196501965119652196531965419655196561965719658196591966019661196621966319664196651966619667196681966919670196711967219673196741967519676196771967819679196801968119682196831968419685196861968719688196891969019691196921969319694196951969619697196981969919700197011970219703197041970519706197071970819709197101971119712197131971419715197161971719718197191972019721197221972319724197251972619727197281972919730197311973219733197341973519736197371973819739197401974119742197431974419745197461974719748197491975019751197521975319754197551975619757197581975919760197611976219763197641976519766197671976819769197701977119772197731977419775197761977719778197791978019781197821978319784197851978619787197881978919790197911979219793197941979519796197971979819799198001980119802198031980419805198061980719808198091981019811198121981319814198151981619817198181981919820198211982219823198241982519826198271982819829198301983119832198331983419835198361983719838198391984019841198421984319844198451984619847198481984919850198511985219853198541985519856198571985819859198601986119862198631986419865198661986719868198691987019871198721987319874198751987619877198781987919880198811988219883198841988519886198871988819889198901989119892198931989419895198961989719898198991990019901199021990319904199051990619907199081990919910199111991219913199141991519916199171991819919199201992119922199231992419925199261992719928199291993019931199321993319934199351993619937199381993919940199411994219943199441994519946199471994819949199501995119952199531995419955199561995719958199591996019961199621996319964199651996619967199681996919970199711997219973199741997519976199771997819979199801998119982199831998419985199861998719988199891999019991199921999319994199951999619997199981999920000200012000220003200042000520006200072000820009200102001120012200132001420015200162001720018200192002020021200222002320024200252002620027200282002920030200312003220033200342003520036200372003820039200402004120042200432004420045200462004720048200492005020051200522005320054200552005620057200582005920060200612006220063200642006520066200672006820069200702007120072200732007420075200762007720078200792008020081200822008320084200852008620087200882008920090200912009220093200942009520096200972009820099201002010120102201032010420105201062010720108201092011020111201122011320114201152011620117201182011920120201212012220123201242012520126201272012820129201302013120132201332013420135201362013720138201392014020141201422014320144201452014620147201482014920150201512015220153201542015520156201572015820159201602016120162201632016420165201662016720168201692017020171201722017320174201752017620177201782017920180201812018220183201842018520186201872018820189201902019120192201932019420195201962019720198201992020020201202022020320204202052020620207202082020920210202112021220213202142021520216202172021820219202202022120222202232022420225202262022720228202292023020231202322023320234202352023620237202382023920240202412024220243202442024520246202472024820249202502025120252202532025420255202562025720258202592026020261202622026320264202652026620267202682026920270202712027220273202742027520276202772027820279202802028120282202832028420285202862028720288202892029020291202922029320294202952029620297202982029920300203012030220303203042030520306203072030820309203102031120312203132031420315203162031720318203192032020321203222032320324203252032620327203282032920330203312033220333203342033520336203372033820339203402034120342203432034420345203462034720348203492035020351203522035320354203552035620357203582035920360203612036220363203642036520366203672036820369203702037120372203732037420375203762037720378203792038020381203822038320384203852038620387203882038920390203912039220393203942039520396203972039820399204002040120402204032040420405204062040720408204092041020411204122041320414204152041620417204182041920420204212042220423204242042520426204272042820429204302043120432204332043420435204362043720438204392044020441204422044320444204452044620447204482044920450204512045220453204542045520456204572045820459204602046120462204632046420465204662046720468204692047020471204722047320474204752047620477204782047920480204812048220483204842048520486204872048820489204902049120492204932049420495204962049720498204992050020501205022050320504205052050620507205082050920510205112051220513205142051520516205172051820519205202052120522205232052420525205262052720528205292053020531205322053320534205352053620537205382053920540205412054220543205442054520546205472054820549205502055120552205532055420555205562055720558205592056020561205622056320564205652056620567205682056920570205712057220573205742057520576205772057820579205802058120582205832058420585205862058720588205892059020591205922059320594205952059620597205982059920600206012060220603206042060520606206072060820609206102061120612206132061420615206162061720618206192062020621206222062320624206252062620627206282062920630206312063220633206342063520636206372063820639206402064120642206432064420645206462064720648206492065020651206522065320654206552065620657206582065920660206612066220663206642066520666206672066820669206702067120672206732067420675206762067720678206792068020681206822068320684206852068620687206882068920690206912069220693206942069520696206972069820699207002070120702207032070420705207062070720708207092071020711207122071320714207152071620717207182071920720207212072220723207242072520726207272072820729207302073120732207332073420735207362073720738207392074020741207422074320744207452074620747207482074920750207512075220753207542075520756207572075820759207602076120762207632076420765207662076720768207692077020771207722077320774207752077620777207782077920780207812078220783207842078520786207872078820789207902079120792207932079420795207962079720798207992080020801208022080320804208052080620807208082080920810208112081220813208142081520816208172081820819208202082120822208232082420825208262082720828208292083020831208322083320834208352083620837208382083920840208412084220843208442084520846208472084820849208502085120852208532085420855208562085720858208592086020861208622086320864208652086620867208682086920870208712087220873208742087520876208772087820879208802088120882208832088420885208862088720888208892089020891208922089320894208952089620897208982089920900209012090220903209042090520906209072090820909209102091120912209132091420915209162091720918209192092020921209222092320924209252092620927209282092920930209312093220933209342093520936209372093820939209402094120942209432094420945209462094720948209492095020951209522095320954209552095620957209582095920960209612096220963209642096520966209672096820969209702097120972209732097420975209762097720978209792098020981209822098320984209852098620987209882098920990209912099220993209942099520996209972099820999210002100121002210032100421005210062100721008210092101021011210122101321014210152101621017210182101921020210212102221023210242102521026210272102821029210302103121032210332103421035210362103721038210392104021041210422104321044210452104621047210482104921050210512105221053210542105521056210572105821059210602106121062210632106421065210662106721068210692107021071210722107321074210752107621077210782107921080210812108221083210842108521086210872108821089210902109121092210932109421095210962109721098210992110021101211022110321104211052110621107211082110921110211112111221113211142111521116211172111821119211202112121122211232112421125211262112721128211292113021131211322113321134211352113621137211382113921140211412114221143211442114521146211472114821149211502115121152211532115421155211562115721158211592116021161211622116321164211652116621167211682116921170211712117221173211742117521176211772117821179211802118121182211832118421185211862118721188211892119021191211922119321194211952119621197211982119921200212012120221203212042120521206212072120821209212102121121212212132121421215212162121721218212192122021221212222122321224212252122621227212282122921230212312123221233212342123521236212372123821239212402124121242212432124421245212462124721248212492125021251212522125321254212552125621257212582125921260212612126221263212642126521266212672126821269212702127121272212732127421275212762127721278212792128021281212822128321284212852128621287212882128921290212912129221293212942129521296212972129821299213002130121302213032130421305213062130721308213092131021311213122131321314213152131621317213182131921320213212132221323213242132521326213272132821329213302133121332213332133421335213362133721338213392134021341213422134321344213452134621347213482134921350213512135221353213542135521356213572135821359213602136121362213632136421365213662136721368213692137021371213722137321374213752137621377213782137921380213812138221383213842138521386213872138821389213902139121392213932139421395213962139721398213992140021401214022140321404214052140621407214082140921410214112141221413214142141521416214172141821419214202142121422214232142421425214262142721428214292143021431214322143321434214352143621437214382143921440214412144221443214442144521446214472144821449214502145121452214532145421455214562145721458214592146021461214622146321464214652146621467214682146921470214712147221473214742147521476214772147821479214802148121482214832148421485214862148721488214892149021491214922149321494214952149621497214982149921500215012150221503215042150521506215072150821509215102151121512215132151421515215162151721518215192152021521215222152321524215252152621527215282152921530215312153221533215342153521536215372153821539215402154121542215432154421545215462154721548215492155021551215522155321554215552155621557215582155921560215612156221563215642156521566215672156821569215702157121572215732157421575215762157721578215792158021581215822158321584215852158621587215882158921590215912159221593215942159521596215972159821599216002160121602216032160421605216062160721608216092161021611216122161321614216152161621617216182161921620216212162221623216242162521626216272162821629216302163121632216332163421635216362163721638216392164021641216422164321644216452164621647216482164921650216512165221653216542165521656216572165821659216602166121662216632166421665216662166721668216692167021671216722167321674216752167621677216782167921680216812168221683216842168521686216872168821689216902169121692216932169421695216962169721698216992170021701217022170321704217052170621707217082170921710217112171221713217142171521716217172171821719217202172121722217232172421725217262172721728217292173021731217322173321734217352173621737217382173921740217412174221743217442174521746217472174821749217502175121752217532175421755217562175721758217592176021761217622176321764217652176621767217682176921770217712177221773217742177521776217772177821779217802178121782217832178421785217862178721788217892179021791217922179321794217952179621797217982179921800218012180221803218042180521806218072180821809218102181121812218132181421815218162181721818218192182021821218222182321824218252182621827218282182921830218312183221833218342183521836218372183821839218402184121842218432184421845218462184721848218492185021851218522185321854218552185621857218582185921860218612186221863218642186521866218672186821869218702187121872218732187421875218762187721878218792188021881218822188321884218852188621887218882188921890218912189221893218942189521896218972189821899219002190121902219032190421905219062190721908219092191021911219122191321914219152191621917219182191921920219212192221923219242192521926219272192821929219302193121932219332193421935219362193721938219392194021941219422194321944219452194621947219482194921950219512195221953219542195521956219572195821959219602196121962219632196421965219662196721968219692197021971219722197321974219752197621977219782197921980219812198221983219842198521986219872198821989219902199121992219932199421995219962199721998219992200022001220022200322004220052200622007220082200922010220112201222013220142201522016220172201822019220202202122022220232202422025220262202722028220292203022031220322203322034220352203622037220382203922040220412204222043220442204522046220472204822049220502205122052220532205422055220562205722058220592206022061220622206322064220652206622067220682206922070220712207222073220742207522076220772207822079220802208122082220832208422085220862208722088220892209022091220922209322094220952209622097220982209922100221012210222103221042210522106221072210822109221102211122112221132211422115221162211722118221192212022121221222212322124221252212622127221282212922130221312213222133221342213522136221372213822139221402214122142221432214422145221462214722148221492215022151221522215322154221552215622157221582215922160221612216222163221642216522166221672216822169221702217122172221732217422175221762217722178221792218022181221822218322184221852218622187221882218922190221912219222193221942219522196221972219822199222002220122202222032220422205222062220722208222092221022211222122221322214222152221622217222182221922220222212222222223222242222522226222272222822229222302223122232222332223422235222362223722238222392224022241222422224322244222452224622247222482224922250222512225222253222542225522256222572225822259222602226122262222632226422265222662226722268222692227022271222722227322274222752227622277222782227922280222812228222283222842228522286222872228822289222902229122292222932229422295222962229722298222992230022301223022230322304223052230622307223082230922310223112231222313223142231522316223172231822319223202232122322223232232422325223262232722328223292233022331223322233322334223352233622337223382233922340223412234222343223442234522346223472234822349223502235122352223532235422355223562235722358223592236022361223622236322364223652236622367223682236922370223712237222373223742237522376223772237822379223802238122382223832238422385223862238722388223892239022391223922239322394223952239622397223982239922400224012240222403224042240522406224072240822409224102241122412224132241422415224162241722418224192242022421224222242322424224252242622427224282242922430224312243222433224342243522436224372243822439224402244122442224432244422445224462244722448224492245022451224522245322454224552245622457224582245922460224612246222463224642246522466224672246822469224702247122472224732247422475224762247722478224792248022481224822248322484224852248622487224882248922490224912249222493224942249522496224972249822499225002250122502225032250422505225062250722508225092251022511225122251322514225152251622517225182251922520225212252222523225242252522526225272252822529225302253122532225332253422535225362253722538225392254022541225422254322544225452254622547225482254922550225512255222553225542255522556225572255822559225602256122562225632256422565225662256722568225692257022571225722257322574225752257622577225782257922580225812258222583225842258522586225872258822589225902259122592225932259422595225962259722598225992260022601226022260322604226052260622607226082260922610226112261222613226142261522616226172261822619226202262122622226232262422625226262262722628226292263022631226322263322634226352263622637226382263922640226412264222643226442264522646226472264822649226502265122652226532265422655226562265722658226592266022661226622266322664226652266622667226682266922670226712267222673226742267522676226772267822679226802268122682226832268422685226862268722688226892269022691226922269322694226952269622697226982269922700227012270222703227042270522706227072270822709227102271122712227132271422715227162271722718227192272022721227222272322724227252272622727227282272922730227312273222733227342273522736227372273822739227402274122742227432274422745227462274722748227492275022751227522275322754227552275622757227582275922760227612276222763227642276522766227672276822769227702277122772227732277422775227762277722778227792278022781227822278322784227852278622787227882278922790227912279222793227942279522796227972279822799228002280122802228032280422805228062280722808228092281022811228122281322814228152281622817228182281922820228212282222823228242282522826228272282822829228302283122832228332283422835228362283722838228392284022841228422284322844228452284622847228482284922850228512285222853228542285522856228572285822859228602286122862228632286422865228662286722868228692287022871228722287322874228752287622877228782287922880228812288222883228842288522886228872288822889228902289122892228932289422895228962289722898228992290022901229022290322904229052290622907229082290922910229112291222913229142291522916229172291822919229202292122922229232292422925229262292722928229292293022931229322293322934229352293622937229382293922940229412294222943229442294522946229472294822949229502295122952229532295422955229562295722958229592296022961229622296322964229652296622967229682296922970229712297222973229742297522976229772297822979229802298122982229832298422985229862298722988229892299022991229922299322994229952299622997229982299923000230012300223003230042300523006230072300823009230102301123012230132301423015230162301723018230192302023021230222302323024230252302623027230282302923030230312303223033230342303523036230372303823039230402304123042230432304423045230462304723048230492305023051230522305323054230552305623057230582305923060230612306223063230642306523066230672306823069230702307123072230732307423075230762307723078230792308023081230822308323084230852308623087230882308923090230912309223093230942309523096230972309823099231002310123102231032310423105231062310723108231092311023111231122311323114231152311623117231182311923120231212312223123231242312523126231272312823129231302313123132231332313423135231362313723138231392314023141231422314323144231452314623147231482314923150231512315223153231542315523156231572315823159231602316123162231632316423165231662316723168231692317023171231722317323174231752317623177231782317923180231812318223183231842318523186231872318823189231902319123192231932319423195231962319723198231992320023201232022320323204232052320623207232082320923210232112321223213232142321523216232172321823219232202322123222232232322423225232262322723228232292323023231232322323323234232352323623237232382323923240232412324223243232442324523246232472324823249232502325123252232532325423255232562325723258232592326023261232622326323264232652326623267232682326923270232712327223273232742327523276232772327823279232802328123282232832328423285232862328723288232892329023291232922329323294232952329623297232982329923300233012330223303233042330523306233072330823309233102331123312233132331423315233162331723318233192332023321233222332323324233252332623327233282332923330233312333223333233342333523336233372333823339233402334123342233432334423345233462334723348233492335023351233522335323354233552335623357233582335923360233612336223363233642336523366233672336823369233702337123372233732337423375233762337723378233792338023381233822338323384233852338623387233882338923390233912339223393233942339523396233972339823399234002340123402234032340423405234062340723408234092341023411234122341323414234152341623417234182341923420234212342223423234242342523426234272342823429234302343123432234332343423435234362343723438234392344023441234422344323444234452344623447234482344923450234512345223453234542345523456234572345823459234602346123462234632346423465234662346723468234692347023471234722347323474234752347623477234782347923480234812348223483234842348523486234872348823489234902349123492234932349423495234962349723498234992350023501235022350323504235052350623507235082350923510235112351223513235142351523516235172351823519235202352123522235232352423525235262352723528235292353023531235322353323534235352353623537235382353923540235412354223543235442354523546235472354823549235502355123552235532355423555235562355723558235592356023561235622356323564235652356623567235682356923570235712357223573235742357523576235772357823579235802358123582235832358423585235862358723588235892359023591235922359323594235952359623597235982359923600236012360223603236042360523606236072360823609236102361123612236132361423615236162361723618236192362023621236222362323624236252362623627236282362923630236312363223633236342363523636236372363823639236402364123642236432364423645236462364723648236492365023651236522365323654236552365623657236582365923660236612366223663236642366523666236672366823669236702367123672236732367423675236762367723678236792368023681236822368323684236852368623687236882368923690236912369223693236942369523696236972369823699237002370123702237032370423705237062370723708237092371023711237122371323714237152371623717237182371923720237212372223723237242372523726237272372823729237302373123732237332373423735237362373723738237392374023741237422374323744237452374623747237482374923750237512375223753237542375523756237572375823759237602376123762237632376423765237662376723768237692377023771237722377323774237752377623777237782377923780237812378223783237842378523786237872378823789237902379123792237932379423795237962379723798237992380023801238022380323804238052380623807238082380923810238112381223813238142381523816238172381823819238202382123822238232382423825238262382723828238292383023831238322383323834238352383623837238382383923840238412384223843238442384523846238472384823849238502385123852238532385423855238562385723858238592386023861238622386323864238652386623867238682386923870238712387223873238742387523876238772387823879238802388123882238832388423885238862388723888238892389023891238922389323894238952389623897238982389923900239012390223903239042390523906239072390823909239102391123912239132391423915239162391723918239192392023921239222392323924239252392623927239282392923930239312393223933239342393523936239372393823939239402394123942239432394423945239462394723948239492395023951239522395323954239552395623957239582395923960239612396223963239642396523966239672396823969239702397123972239732397423975239762397723978239792398023981239822398323984239852398623987239882398923990239912399223993239942399523996239972399823999240002400124002240032400424005240062400724008240092401024011240122401324014240152401624017240182401924020240212402224023240242402524026240272402824029240302403124032240332403424035240362403724038240392404024041240422404324044240452404624047240482404924050240512405224053240542405524056240572405824059240602406124062240632406424065240662406724068240692407024071240722407324074240752407624077240782407924080240812408224083240842408524086240872408824089240902409124092240932409424095240962409724098240992410024101241022410324104241052410624107241082410924110241112411224113241142411524116241172411824119241202412124122241232412424125241262412724128241292413024131241322413324134241352413624137241382413924140241412414224143241442414524146241472414824149241502415124152241532415424155241562415724158241592416024161241622416324164241652416624167241682416924170241712417224173241742417524176241772417824179241802418124182241832418424185241862418724188241892419024191241922419324194241952419624197241982419924200242012420224203242042420524206242072420824209242102421124212242132421424215242162421724218242192422024221242222422324224242252422624227242282422924230242312423224233242342423524236242372423824239242402424124242242432424424245242462424724248242492425024251242522425324254242552425624257242582425924260242612426224263242642426524266242672426824269242702427124272242732427424275242762427724278242792428024281242822428324284242852428624287242882428924290242912429224293242942429524296242972429824299243002430124302243032430424305243062430724308243092431024311243122431324314243152431624317243182431924320243212432224323243242432524326243272432824329243302433124332243332433424335243362433724338243392434024341243422434324344243452434624347243482434924350243512435224353243542435524356243572435824359243602436124362243632436424365243662436724368243692437024371243722437324374243752437624377243782437924380243812438224383243842438524386243872438824389243902439124392243932439424395243962439724398243992440024401244022440324404244052440624407244082440924410244112441224413244142441524416244172441824419244202442124422244232442424425244262442724428244292443024431244322443324434244352443624437244382443924440244412444224443244442444524446244472444824449244502445124452244532445424455244562445724458244592446024461244622446324464244652446624467244682446924470244712447224473244742447524476244772447824479244802448124482244832448424485244862448724488244892449024491244922449324494244952449624497244982449924500245012450224503245042450524506245072450824509245102451124512245132451424515245162451724518245192452024521245222452324524245252452624527245282452924530245312453224533245342453524536245372453824539245402454124542245432454424545245462454724548245492455024551245522455324554245552455624557245582455924560245612456224563245642456524566245672456824569245702457124572245732457424575245762457724578245792458024581245822458324584245852458624587245882458924590245912459224593245942459524596245972459824599246002460124602246032460424605246062460724608246092461024611246122461324614246152461624617246182461924620246212462224623246242462524626246272462824629246302463124632246332463424635246362463724638246392464024641246422464324644246452464624647246482464924650246512465224653246542465524656246572465824659246602466124662246632466424665246662466724668246692467024671246722467324674246752467624677246782467924680246812468224683246842468524686246872468824689246902469124692246932469424695246962469724698246992470024701247022470324704247052470624707247082470924710247112471224713247142471524716247172471824719247202472124722247232472424725247262472724728247292473024731247322473324734247352473624737247382473924740247412474224743247442474524746247472474824749247502475124752247532475424755247562475724758247592476024761247622476324764247652476624767247682476924770247712477224773247742477524776247772477824779247802478124782247832478424785247862478724788247892479024791247922479324794247952479624797247982479924800248012480224803248042480524806248072480824809248102481124812248132481424815248162481724818248192482024821248222482324824248252482624827248282482924830248312483224833248342483524836248372483824839248402484124842248432484424845248462484724848248492485024851248522485324854248552485624857248582485924860248612486224863248642486524866248672486824869248702487124872248732487424875248762487724878248792488024881248822488324884248852488624887248882488924890248912489224893248942489524896248972489824899249002490124902249032490424905249062490724908249092491024911249122491324914249152491624917249182491924920249212492224923249242492524926249272492824929249302493124932249332493424935249362493724938249392494024941249422494324944249452494624947249482494924950249512495224953249542495524956249572495824959249602496124962249632496424965249662496724968249692497024971249722497324974249752497624977249782497924980249812498224983249842498524986249872498824989249902499124992249932499424995249962499724998249992500025001250022500325004250052500625007250082500925010250112501225013250142501525016250172501825019250202502125022250232502425025250262502725028250292503025031250322503325034250352503625037250382503925040250412504225043250442504525046250472504825049250502505125052250532505425055250562505725058250592506025061250622506325064250652506625067250682506925070250712507225073250742507525076250772507825079250802508125082250832508425085250862508725088250892509025091250922509325094250952509625097250982509925100251012510225103251042510525106251072510825109251102511125112251132511425115251162511725118251192512025121251222512325124251252512625127251282512925130251312513225133251342513525136251372513825139251402514125142251432514425145251462514725148251492515025151251522515325154251552515625157251582515925160251612516225163251642516525166251672516825169251702517125172251732517425175251762517725178251792518025181251822518325184251852518625187251882518925190251912519225193251942519525196251972519825199252002520125202252032520425205252062520725208252092521025211252122521325214252152521625217252182521925220252212522225223252242522525226252272522825229252302523125232252332523425235252362523725238252392524025241252422524325244252452524625247252482524925250252512525225253252542525525256252572525825259252602526125262252632526425265252662526725268252692527025271252722527325274252752527625277252782527925280252812528225283252842528525286252872528825289252902529125292252932529425295252962529725298252992530025301253022530325304253052530625307253082530925310253112531225313253142531525316253172531825319253202532125322253232532425325253262532725328253292533025331253322533325334253352533625337253382533925340253412534225343253442534525346253472534825349253502535125352253532535425355253562535725358253592536025361253622536325364253652536625367253682536925370253712537225373253742537525376253772537825379253802538125382253832538425385253862538725388253892539025391253922539325394253952539625397253982539925400254012540225403254042540525406254072540825409254102541125412254132541425415254162541725418254192542025421254222542325424254252542625427254282542925430254312543225433254342543525436254372543825439254402544125442254432544425445254462544725448254492545025451254522545325454254552545625457254582545925460254612546225463254642546525466254672546825469254702547125472254732547425475254762547725478254792548025481254822548325484254852548625487254882548925490254912549225493254942549525496254972549825499255002550125502255032550425505255062550725508255092551025511255122551325514255152551625517255182551925520255212552225523255242552525526255272552825529255302553125532255332553425535255362553725538255392554025541255422554325544255452554625547255482554925550255512555225553255542555525556255572555825559255602556125562255632556425565255662556725568255692557025571255722557325574255752557625577255782557925580255812558225583255842558525586255872558825589255902559125592255932559425595255962559725598255992560025601256022560325604256052560625607256082560925610256112561225613256142561525616256172561825619256202562125622256232562425625256262562725628256292563025631256322563325634256352563625637256382563925640256412564225643256442564525646256472564825649256502565125652256532565425655256562565725658256592566025661256622566325664256652566625667256682566925670256712567225673256742567525676256772567825679256802568125682256832568425685256862568725688256892569025691256922569325694256952569625697256982569925700257012570225703257042570525706257072570825709257102571125712257132571425715257162571725718257192572025721257222572325724257252572625727257282572925730257312573225733257342573525736257372573825739257402574125742257432574425745257462574725748257492575025751257522575325754257552575625757257582575925760257612576225763257642576525766257672576825769257702577125772257732577425775257762577725778257792578025781257822578325784257852578625787257882578925790257912579225793257942579525796257972579825799258002580125802258032580425805258062580725808258092581025811258122581325814258152581625817258182581925820258212582225823258242582525826258272582825829258302583125832258332583425835258362583725838258392584025841258422584325844258452584625847258482584925850258512585225853258542585525856258572585825859258602586125862258632586425865258662586725868258692587025871258722587325874258752587625877258782587925880258812588225883258842588525886258872588825889258902589125892258932589425895258962589725898258992590025901259022590325904259052590625907259082590925910259112591225913259142591525916259172591825919259202592125922259232592425925259262592725928259292593025931259322593325934259352593625937259382593925940259412594225943259442594525946259472594825949259502595125952259532595425955259562595725958259592596025961259622596325964259652596625967259682596925970259712597225973259742597525976259772597825979259802598125982259832598425985259862598725988259892599025991259922599325994259952599625997259982599926000260012600226003260042600526006260072600826009260102601126012260132601426015260162601726018260192602026021260222602326024260252602626027260282602926030260312603226033260342603526036260372603826039260402604126042260432604426045260462604726048260492605026051260522605326054260552605626057260582605926060260612606226063260642606526066260672606826069260702607126072260732607426075260762607726078260792608026081260822608326084260852608626087260882608926090260912609226093260942609526096260972609826099261002610126102261032610426105261062610726108261092611026111261122611326114261152611626117261182611926120261212612226123261242612526126261272612826129261302613126132261332613426135261362613726138261392614026141261422614326144261452614626147261482614926150261512615226153261542615526156261572615826159261602616126162261632616426165261662616726168261692617026171261722617326174261752617626177261782617926180261812618226183261842618526186261872618826189261902619126192261932619426195261962619726198261992620026201262022620326204262052620626207262082620926210262112621226213262142621526216262172621826219262202622126222262232622426225262262622726228262292623026231262322623326234262352623626237262382623926240262412624226243262442624526246262472624826249262502625126252262532625426255262562625726258262592626026261262622626326264262652626626267262682626926270262712627226273262742627526276262772627826279262802628126282262832628426285262862628726288262892629026291262922629326294262952629626297262982629926300263012630226303263042630526306263072630826309263102631126312263132631426315263162631726318263192632026321263222632326324263252632626327263282632926330263312633226333263342633526336263372633826339263402634126342263432634426345263462634726348263492635026351263522635326354263552635626357263582635926360263612636226363263642636526366263672636826369263702637126372263732637426375263762637726378263792638026381263822638326384263852638626387263882638926390263912639226393263942639526396263972639826399264002640126402264032640426405264062640726408264092641026411264122641326414264152641626417264182641926420264212642226423264242642526426264272642826429264302643126432264332643426435264362643726438264392644026441264422644326444264452644626447264482644926450264512645226453264542645526456264572645826459264602646126462264632646426465264662646726468264692647026471264722647326474264752647626477264782647926480264812648226483264842648526486264872648826489264902649126492264932649426495264962649726498264992650026501265022650326504265052650626507265082650926510265112651226513265142651526516265172651826519265202652126522265232652426525265262652726528265292653026531265322653326534265352653626537265382653926540265412654226543265442654526546265472654826549265502655126552265532655426555265562655726558265592656026561265622656326564265652656626567265682656926570265712657226573265742657526576265772657826579265802658126582265832658426585265862658726588265892659026591265922659326594265952659626597265982659926600266012660226603266042660526606266072660826609266102661126612266132661426615266162661726618266192662026621266222662326624266252662626627266282662926630266312663226633266342663526636266372663826639266402664126642266432664426645266462664726648266492665026651266522665326654266552665626657266582665926660266612666226663266642666526666266672666826669266702667126672266732667426675266762667726678266792668026681266822668326684266852668626687266882668926690266912669226693266942669526696266972669826699267002670126702267032670426705267062670726708267092671026711267122671326714267152671626717267182671926720267212672226723267242672526726267272672826729267302673126732267332673426735267362673726738267392674026741267422674326744267452674626747267482674926750267512675226753267542675526756267572675826759267602676126762267632676426765267662676726768267692677026771267722677326774267752677626777267782677926780267812678226783267842678526786267872678826789267902679126792267932679426795267962679726798267992680026801268022680326804268052680626807268082680926810268112681226813268142681526816268172681826819268202682126822268232682426825268262682726828268292683026831268322683326834268352683626837268382683926840268412684226843268442684526846268472684826849268502685126852268532685426855268562685726858268592686026861268622686326864268652686626867268682686926870268712687226873268742687526876268772687826879268802688126882268832688426885268862688726888268892689026891268922689326894268952689626897268982689926900269012690226903269042690526906269072690826909269102691126912269132691426915269162691726918269192692026921269222692326924269252692626927269282692926930269312693226933269342693526936269372693826939269402694126942269432694426945269462694726948269492695026951269522695326954269552695626957269582695926960269612696226963269642696526966269672696826969269702697126972269732697426975269762697726978269792698026981269822698326984269852698626987269882698926990269912699226993269942699526996269972699826999270002700127002270032700427005270062700727008270092701027011270122701327014270152701627017270182701927020270212702227023270242702527026270272702827029270302703127032270332703427035270362703727038270392704027041270422704327044270452704627047270482704927050270512705227053270542705527056270572705827059270602706127062270632706427065270662706727068270692707027071270722707327074270752707627077270782707927080270812708227083270842708527086270872708827089270902709127092270932709427095270962709727098270992710027101271022710327104271052710627107271082710927110271112711227113271142711527116271172711827119271202712127122271232712427125271262712727128271292713027131271322713327134271352713627137271382713927140271412714227143271442714527146271472714827149271502715127152271532715427155271562715727158271592716027161271622716327164271652716627167271682716927170271712717227173271742717527176271772717827179271802718127182271832718427185271862718727188271892719027191271922719327194271952719627197271982719927200272012720227203272042720527206272072720827209272102721127212272132721427215272162721727218272192722027221272222722327224272252722627227272282722927230272312723227233272342723527236272372723827239272402724127242272432724427245272462724727248272492725027251272522725327254272552725627257272582725927260272612726227263272642726527266272672726827269272702727127272272732727427275272762727727278272792728027281272822728327284272852728627287272882728927290272912729227293272942729527296272972729827299273002730127302273032730427305273062730727308273092731027311273122731327314273152731627317273182731927320273212732227323273242732527326273272732827329273302733127332273332733427335273362733727338273392734027341273422734327344273452734627347273482734927350273512735227353273542735527356273572735827359273602736127362273632736427365273662736727368273692737027371273722737327374273752737627377273782737927380273812738227383273842738527386273872738827389273902739127392273932739427395273962739727398273992740027401274022740327404274052740627407274082740927410274112741227413274142741527416274172741827419274202742127422274232742427425274262742727428274292743027431274322743327434274352743627437274382743927440274412744227443274442744527446274472744827449274502745127452274532745427455274562745727458274592746027461274622746327464274652746627467274682746927470274712747227473274742747527476274772747827479274802748127482274832748427485274862748727488274892749027491274922749327494274952749627497274982749927500275012750227503275042750527506275072750827509275102751127512275132751427515275162751727518275192752027521275222752327524275252752627527275282752927530275312753227533275342753527536275372753827539275402754127542275432754427545275462754727548275492755027551275522755327554275552755627557275582755927560275612756227563275642756527566275672756827569275702757127572275732757427575275762757727578275792758027581275822758327584275852758627587275882758927590275912759227593275942759527596275972759827599276002760127602276032760427605276062760727608276092761027611276122761327614276152761627617276182761927620276212762227623276242762527626276272762827629276302763127632276332763427635276362763727638276392764027641276422764327644276452764627647276482764927650276512765227653276542765527656276572765827659276602766127662276632766427665276662766727668276692767027671276722767327674276752767627677276782767927680276812768227683276842768527686276872768827689276902769127692276932769427695276962769727698276992770027701277022770327704277052770627707277082770927710277112771227713277142771527716277172771827719277202772127722277232772427725277262772727728277292773027731277322773327734277352773627737277382773927740277412774227743277442774527746277472774827749277502775127752277532775427755277562775727758277592776027761277622776327764277652776627767277682776927770277712777227773277742777527776277772777827779277802778127782277832778427785277862778727788277892779027791277922779327794277952779627797277982779927800278012780227803278042780527806278072780827809278102781127812278132781427815278162781727818278192782027821278222782327824278252782627827278282782927830278312783227833278342783527836278372783827839278402784127842278432784427845278462784727848278492785027851278522785327854278552785627857278582785927860278612786227863278642786527866278672786827869278702787127872278732787427875278762787727878278792788027881278822788327884278852788627887278882788927890278912789227893278942789527896278972789827899279002790127902279032790427905279062790727908279092791027911279122791327914279152791627917279182791927920279212792227923279242792527926279272792827929279302793127932279332793427935279362793727938279392794027941279422794327944279452794627947279482794927950279512795227953279542795527956279572795827959279602796127962279632796427965279662796727968279692797027971279722797327974279752797627977279782797927980279812798227983279842798527986279872798827989279902799127992279932799427995279962799727998279992800028001280022800328004280052800628007280082800928010280112801228013280142801528016280172801828019280202802128022280232802428025280262802728028280292803028031280322803328034280352803628037280382803928040280412804228043280442804528046280472804828049280502805128052280532805428055280562805728058280592806028061280622806328064280652806628067280682806928070280712807228073280742807528076280772807828079280802808128082280832808428085280862808728088280892809028091280922809328094280952809628097280982809928100281012810228103281042810528106281072810828109281102811128112281132811428115281162811728118281192812028121281222812328124281252812628127281282812928130281312813228133281342813528136281372813828139281402814128142281432814428145281462814728148281492815028151281522815328154281552815628157281582815928160281612816228163281642816528166281672816828169281702817128172281732817428175281762817728178281792818028181281822818328184281852818628187281882818928190281912819228193281942819528196281972819828199282002820128202282032820428205282062820728208282092821028211282122821328214282152821628217282182821928220282212822228223282242822528226282272822828229282302823128232282332823428235282362823728238282392824028241282422824328244282452824628247282482824928250282512825228253282542825528256282572825828259282602826128262282632826428265282662826728268282692827028271282722827328274282752827628277282782827928280282812828228283282842828528286282872828828289282902829128292282932829428295282962829728298282992830028301283022830328304283052830628307283082830928310283112831228313283142831528316283172831828319283202832128322283232832428325283262832728328283292833028331283322833328334283352833628337283382833928340283412834228343283442834528346283472834828349283502835128352283532835428355283562835728358283592836028361283622836328364283652836628367283682836928370283712837228373283742837528376283772837828379283802838128382283832838428385283862838728388283892839028391283922839328394283952839628397283982839928400284012840228403284042840528406284072840828409284102841128412284132841428415284162841728418284192842028421284222842328424284252842628427284282842928430284312843228433284342843528436284372843828439284402844128442284432844428445284462844728448284492845028451284522845328454284552845628457284582845928460284612846228463284642846528466284672846828469284702847128472284732847428475284762847728478284792848028481284822848328484284852848628487284882848928490284912849228493284942849528496284972849828499285002850128502285032850428505285062850728508285092851028511285122851328514285152851628517285182851928520285212852228523285242852528526285272852828529285302853128532285332853428535285362853728538285392854028541285422854328544285452854628547285482854928550285512855228553285542855528556285572855828559285602856128562285632856428565285662856728568285692857028571285722857328574285752857628577285782857928580285812858228583285842858528586285872858828589285902859128592285932859428595285962859728598285992860028601286022860328604286052860628607286082860928610286112861228613286142861528616286172861828619286202862128622286232862428625286262862728628286292863028631286322863328634286352863628637286382863928640286412864228643286442864528646286472864828649286502865128652286532865428655286562865728658286592866028661286622866328664286652866628667286682866928670286712867228673286742867528676286772867828679286802868128682286832868428685286862868728688286892869028691286922869328694286952869628697286982869928700287012870228703287042870528706287072870828709287102871128712287132871428715287162871728718287192872028721287222872328724287252872628727287282872928730287312873228733287342873528736287372873828739287402874128742287432874428745287462874728748287492875028751287522875328754287552875628757287582875928760287612876228763287642876528766287672876828769287702877128772287732877428775287762877728778287792878028781287822878328784287852878628787287882878928790287912879228793287942879528796287972879828799288002880128802288032880428805288062880728808288092881028811288122881328814288152881628817288182881928820288212882228823288242882528826288272882828829288302883128832288332883428835288362883728838288392884028841288422884328844288452884628847288482884928850288512885228853288542885528856288572885828859288602886128862288632886428865288662886728868288692887028871288722887328874288752887628877288782887928880288812888228883288842888528886288872888828889288902889128892288932889428895288962889728898288992890028901289022890328904289052890628907289082890928910289112891228913289142891528916289172891828919289202892128922289232892428925289262892728928289292893028931289322893328934289352893628937289382893928940289412894228943289442894528946289472894828949289502895128952289532895428955289562895728958289592896028961289622896328964289652896628967289682896928970289712897228973289742897528976289772897828979289802898128982289832898428985289862898728988289892899028991289922899328994289952899628997289982899929000290012900229003290042900529006290072900829009290102901129012290132901429015290162901729018290192902029021290222902329024290252902629027290282902929030290312903229033290342903529036290372903829039290402904129042290432904429045290462904729048290492905029051290522905329054290552905629057290582905929060290612906229063290642906529066290672906829069290702907129072290732907429075290762907729078290792908029081290822908329084290852908629087290882908929090290912909229093290942909529096290972909829099291002910129102291032910429105291062910729108291092911029111291122911329114291152911629117291182911929120291212912229123291242912529126291272912829129291302913129132291332913429135291362913729138291392914029141291422914329144291452914629147291482914929150291512915229153291542915529156291572915829159291602916129162291632916429165291662916729168291692917029171291722917329174291752917629177291782917929180291812918229183291842918529186291872918829189291902919129192291932919429195291962919729198291992920029201292022920329204292052920629207292082920929210292112921229213292142921529216292172921829219292202922129222292232922429225292262922729228292292923029231292322923329234292352923629237292382923929240292412924229243292442924529246292472924829249292502925129252292532925429255292562925729258292592926029261292622926329264292652926629267292682926929270292712927229273292742927529276292772927829279292802928129282292832928429285292862928729288292892929029291292922929329294292952929629297292982929929300293012930229303293042930529306293072930829309293102931129312293132931429315293162931729318293192932029321293222932329324293252932629327293282932929330293312933229333293342933529336293372933829339293402934129342293432934429345293462934729348293492935029351293522935329354293552935629357293582935929360293612936229363293642936529366293672936829369293702937129372293732937429375293762937729378293792938029381293822938329384293852938629387293882938929390293912939229393293942939529396293972939829399294002940129402294032940429405294062940729408294092941029411294122941329414294152941629417294182941929420294212942229423294242942529426294272942829429294302943129432294332943429435294362943729438294392944029441294422944329444294452944629447294482944929450294512945229453294542945529456294572945829459294602946129462294632946429465294662946729468294692947029471294722947329474294752947629477294782947929480294812948229483294842948529486294872948829489294902949129492294932949429495294962949729498294992950029501295022950329504295052950629507295082950929510295112951229513295142951529516295172951829519295202952129522295232952429525295262952729528295292953029531295322953329534295352953629537295382953929540295412954229543295442954529546295472954829549295502955129552295532955429555295562955729558295592956029561295622956329564295652956629567295682956929570295712957229573295742957529576295772957829579295802958129582295832958429585295862958729588295892959029591295922959329594295952959629597295982959929600296012960229603296042960529606296072960829609296102961129612296132961429615296162961729618296192962029621296222962329624296252962629627296282962929630296312963229633296342963529636296372963829639296402964129642296432964429645296462964729648296492965029651296522965329654296552965629657296582965929660296612966229663296642966529666296672966829669296702967129672296732967429675296762967729678296792968029681296822968329684296852968629687296882968929690296912969229693296942969529696296972969829699297002970129702297032970429705297062970729708297092971029711297122971329714297152971629717297182971929720297212972229723297242972529726297272972829729297302973129732297332973429735297362973729738297392974029741297422974329744297452974629747297482974929750297512975229753297542975529756297572975829759297602976129762297632976429765297662976729768297692977029771297722977329774297752977629777297782977929780297812978229783297842978529786297872978829789297902979129792297932979429795297962979729798297992980029801298022980329804298052980629807298082980929810298112981229813298142981529816298172981829819298202982129822298232982429825298262982729828298292983029831298322983329834298352983629837298382983929840298412984229843298442984529846298472984829849298502985129852298532985429855298562985729858298592986029861298622986329864298652986629867298682986929870298712987229873298742987529876298772987829879298802988129882298832988429885298862988729888298892989029891298922989329894298952989629897298982989929900299012990229903299042990529906299072990829909299102991129912299132991429915299162991729918299192992029921299222992329924299252992629927299282992929930299312993229933299342993529936299372993829939299402994129942299432994429945299462994729948299492995029951299522995329954299552995629957299582995929960299612996229963299642996529966299672996829969299702997129972299732997429975299762997729978299792998029981299822998329984299852998629987299882998929990299912999229993299942999529996299972999829999300003000130002300033000430005300063000730008300093001030011300123001330014300153001630017300183001930020300213002230023300243002530026300273002830029300303003130032300333003430035300363003730038300393004030041300423004330044300453004630047300483004930050300513005230053300543005530056300573005830059300603006130062300633006430065300663006730068300693007030071300723007330074300753007630077300783007930080300813008230083300843008530086300873008830089300903009130092300933009430095300963009730098300993010030101301023010330104301053010630107301083010930110301113011230113301143011530116301173011830119301203012130122301233012430125301263012730128301293013030131301323013330134301353013630137301383013930140301413014230143301443014530146301473014830149301503015130152301533015430155301563015730158301593016030161301623016330164301653016630167301683016930170301713017230173301743017530176301773017830179301803018130182301833018430185301863018730188301893019030191301923019330194301953019630197301983019930200302013020230203302043020530206302073020830209302103021130212302133021430215302163021730218302193022030221302223022330224302253022630227302283022930230302313023230233302343023530236302373023830239302403024130242302433024430245302463024730248302493025030251302523025330254302553025630257302583025930260302613026230263302643026530266302673026830269302703027130272302733027430275302763027730278302793028030281302823028330284302853028630287302883028930290302913029230293302943029530296302973029830299303003030130302303033030430305303063030730308303093031030311303123031330314303153031630317303183031930320303213032230323303243032530326303273032830329303303033130332303333033430335303363033730338303393034030341303423034330344303453034630347303483034930350303513035230353303543035530356303573035830359303603036130362303633036430365303663036730368303693037030371303723037330374303753037630377303783037930380303813038230383303843038530386303873038830389303903039130392303933039430395303963039730398303993040030401304023040330404304053040630407304083040930410304113041230413304143041530416304173041830419304203042130422304233042430425304263042730428304293043030431304323043330434304353043630437304383043930440304413044230443304443044530446304473044830449304503045130452304533045430455304563045730458304593046030461304623046330464304653046630467304683046930470304713047230473304743047530476304773047830479304803048130482304833048430485304863048730488304893049030491304923049330494304953049630497304983049930500305013050230503305043050530506305073050830509305103051130512305133051430515305163051730518305193052030521305223052330524305253052630527305283052930530305313053230533305343053530536305373053830539305403054130542305433054430545305463054730548305493055030551305523055330554305553055630557305583055930560305613056230563305643056530566305673056830569305703057130572305733057430575305763057730578305793058030581305823058330584305853058630587305883058930590305913059230593305943059530596305973059830599306003060130602306033060430605306063060730608306093061030611306123061330614306153061630617306183061930620306213062230623306243062530626306273062830629306303063130632306333063430635306363063730638306393064030641306423064330644306453064630647306483064930650306513065230653306543065530656306573065830659306603066130662306633066430665306663066730668306693067030671306723067330674306753067630677306783067930680306813068230683306843068530686306873068830689306903069130692306933069430695306963069730698306993070030701307023070330704307053070630707307083070930710307113071230713307143071530716307173071830719307203072130722307233072430725307263072730728307293073030731307323073330734307353073630737307383073930740307413074230743307443074530746307473074830749307503075130752307533075430755307563075730758307593076030761307623076330764307653076630767307683076930770307713077230773307743077530776307773077830779307803078130782307833078430785307863078730788307893079030791307923079330794307953079630797307983079930800308013080230803308043080530806308073080830809308103081130812308133081430815308163081730818308193082030821308223082330824308253082630827308283082930830308313083230833308343083530836308373083830839308403084130842308433084430845308463084730848308493085030851308523085330854308553085630857308583085930860308613086230863308643086530866308673086830869308703087130872308733087430875308763087730878308793088030881308823088330884308853088630887308883088930890308913089230893308943089530896308973089830899309003090130902309033090430905309063090730908309093091030911309123091330914309153091630917309183091930920309213092230923309243092530926309273092830929309303093130932309333093430935309363093730938309393094030941309423094330944309453094630947309483094930950309513095230953309543095530956309573095830959309603096130962309633096430965309663096730968309693097030971309723097330974309753097630977309783097930980309813098230983309843098530986309873098830989309903099130992309933099430995309963099730998309993100031001310023100331004310053100631007310083100931010310113101231013310143101531016310173101831019310203102131022310233102431025310263102731028310293103031031310323103331034310353103631037310383103931040310413104231043310443104531046310473104831049310503105131052310533105431055310563105731058310593106031061310623106331064310653106631067310683106931070310713107231073310743107531076310773107831079310803108131082310833108431085310863108731088310893109031091310923109331094310953109631097310983109931100311013110231103311043110531106311073110831109311103111131112311133111431115311163111731118311193112031121311223112331124311253112631127311283112931130311313113231133311343113531136311373113831139311403114131142311433114431145311463114731148311493115031151311523115331154311553115631157311583115931160311613116231163311643116531166311673116831169311703117131172311733117431175311763117731178311793118031181311823118331184311853118631187311883118931190311913119231193311943119531196311973119831199312003120131202312033120431205312063120731208312093121031211312123121331214312153121631217312183121931220312213122231223312243122531226312273122831229312303123131232312333123431235312363123731238312393124031241312423124331244312453124631247312483124931250312513125231253312543125531256312573125831259312603126131262312633126431265312663126731268312693127031271312723127331274312753127631277312783127931280312813128231283312843128531286312873128831289312903129131292312933129431295312963129731298312993130031301313023130331304313053130631307313083130931310313113131231313313143131531316313173131831319313203132131322313233132431325313263132731328313293133031331313323133331334313353133631337313383133931340313413134231343313443134531346313473134831349313503135131352313533135431355313563135731358313593136031361313623136331364313653136631367313683136931370313713137231373313743137531376313773137831379313803138131382313833138431385313863138731388313893139031391313923139331394313953139631397313983139931400314013140231403314043140531406314073140831409314103141131412314133141431415314163141731418314193142031421314223142331424314253142631427314283142931430314313143231433314343143531436314373143831439314403144131442314433144431445314463144731448314493145031451314523145331454314553145631457314583145931460314613146231463314643146531466314673146831469314703147131472314733147431475314763147731478314793148031481314823148331484314853148631487314883148931490314913149231493314943149531496314973149831499315003150131502315033150431505315063150731508315093151031511315123151331514315153151631517315183151931520315213152231523315243152531526315273152831529315303153131532315333153431535315363153731538315393154031541315423154331544315453154631547315483154931550315513155231553315543155531556315573155831559315603156131562315633156431565315663156731568315693157031571315723157331574315753157631577315783157931580315813158231583315843158531586315873158831589315903159131592315933159431595315963159731598315993160031601316023160331604316053160631607316083160931610316113161231613316143161531616316173161831619316203162131622316233162431625316263162731628316293163031631316323163331634316353163631637316383163931640316413164231643316443164531646316473164831649316503165131652316533165431655316563165731658316593166031661316623166331664316653166631667316683166931670316713167231673316743167531676316773167831679316803168131682316833168431685316863168731688316893169031691316923169331694316953169631697316983169931700317013170231703317043170531706317073170831709317103171131712317133171431715317163171731718317193172031721317223172331724317253172631727317283172931730317313173231733317343173531736317373173831739317403174131742317433174431745317463174731748317493175031751317523175331754317553175631757317583175931760317613176231763317643176531766317673176831769317703177131772317733177431775317763177731778317793178031781317823178331784317853178631787317883178931790317913179231793317943179531796317973179831799318003180131802318033180431805318063180731808318093181031811318123181331814318153181631817318183181931820318213182231823318243182531826318273182831829318303183131832318333183431835318363183731838318393184031841318423184331844318453184631847318483184931850318513185231853318543185531856318573185831859318603186131862318633186431865318663186731868318693187031871318723187331874318753187631877318783187931880318813188231883318843188531886318873188831889318903189131892318933189431895318963189731898318993190031901319023190331904319053190631907319083190931910319113191231913319143191531916319173191831919319203192131922319233192431925319263192731928319293193031931319323193331934319353193631937319383193931940319413194231943319443194531946319473194831949319503195131952319533195431955319563195731958319593196031961319623196331964319653196631967319683196931970319713197231973319743197531976319773197831979319803198131982319833198431985319863198731988319893199031991319923199331994319953199631997319983199932000320013200232003320043200532006320073200832009320103201132012320133201432015320163201732018320193202032021320223202332024320253202632027320283202932030320313203232033320343203532036320373203832039320403204132042320433204432045320463204732048320493205032051320523205332054320553205632057320583205932060320613206232063320643206532066320673206832069320703207132072320733207432075320763207732078320793208032081320823208332084320853208632087320883208932090320913209232093320943209532096320973209832099321003210132102321033210432105321063210732108321093211032111321123211332114321153211632117321183211932120321213212232123321243212532126321273212832129321303213132132321333213432135321363213732138321393214032141321423214332144321453214632147321483214932150321513215232153321543215532156321573215832159321603216132162321633216432165321663216732168321693217032171321723217332174321753217632177321783217932180321813218232183321843218532186321873218832189321903219132192321933219432195321963219732198321993220032201322023220332204322053220632207322083220932210322113221232213322143221532216322173221832219322203222132222322233222432225322263222732228322293223032231322323223332234322353223632237322383223932240322413224232243322443224532246322473224832249322503225132252322533225432255322563225732258322593226032261322623226332264322653226632267322683226932270322713227232273322743227532276322773227832279322803228132282322833228432285322863228732288322893229032291322923229332294322953229632297322983229932300323013230232303323043230532306323073230832309323103231132312323133231432315323163231732318323193232032321323223232332324323253232632327323283232932330323313233232333323343233532336323373233832339323403234132342323433234432345323463234732348323493235032351323523235332354323553235632357323583235932360323613236232363323643236532366323673236832369323703237132372323733237432375323763237732378323793238032381323823238332384323853238632387323883238932390323913239232393323943239532396323973239832399324003240132402324033240432405324063240732408324093241032411324123241332414324153241632417324183241932420324213242232423324243242532426324273242832429324303243132432324333243432435324363243732438324393244032441324423244332444324453244632447324483244932450324513245232453324543245532456324573245832459324603246132462324633246432465324663246732468324693247032471324723247332474324753247632477324783247932480324813248232483324843248532486324873248832489324903249132492324933249432495324963249732498324993250032501325023250332504325053250632507325083250932510325113251232513325143251532516325173251832519325203252132522325233252432525325263252732528325293253032531325323253332534325353253632537325383253932540325413254232543325443254532546325473254832549325503255132552325533255432555325563255732558325593256032561325623256332564325653256632567325683256932570325713257232573325743257532576325773257832579325803258132582325833258432585325863258732588325893259032591325923259332594325953259632597325983259932600326013260232603326043260532606326073260832609326103261132612326133261432615326163261732618326193262032621326223262332624326253262632627326283262932630326313263232633326343263532636326373263832639326403264132642326433264432645326463264732648326493265032651326523265332654326553265632657326583265932660326613266232663326643266532666326673266832669326703267132672326733267432675326763267732678326793268032681326823268332684326853268632687326883268932690326913269232693326943269532696326973269832699327003270132702327033270432705327063270732708327093271032711327123271332714327153271632717327183271932720327213272232723327243272532726327273272832729327303273132732327333273432735327363273732738327393274032741327423274332744327453274632747327483274932750327513275232753327543275532756327573275832759327603276132762327633276432765327663276732768327693277032771327723277332774327753277632777327783277932780327813278232783327843278532786327873278832789327903279132792327933279432795327963279732798327993280032801328023280332804328053280632807328083280932810328113281232813328143281532816328173281832819328203282132822328233282432825328263282732828328293283032831328323283332834328353283632837328383283932840328413284232843328443284532846328473284832849328503285132852328533285432855328563285732858328593286032861328623286332864328653286632867328683286932870328713287232873328743287532876328773287832879328803288132882328833288432885328863288732888328893289032891328923289332894328953289632897328983289932900329013290232903329043290532906329073290832909329103291132912329133291432915329163291732918329193292032921329223292332924329253292632927329283292932930329313293232933329343293532936329373293832939329403294132942329433294432945329463294732948329493295032951329523295332954329553295632957329583295932960329613296232963329643296532966329673296832969329703297132972329733297432975329763297732978329793298032981329823298332984329853298632987329883298932990329913299232993329943299532996329973299832999330003300133002330033300433005330063300733008330093301033011330123301333014330153301633017330183301933020330213302233023330243302533026330273302833029330303303133032330333303433035330363303733038330393304033041330423304333044330453304633047330483304933050330513305233053330543305533056330573305833059330603306133062330633306433065330663306733068330693307033071330723307333074330753307633077330783307933080330813308233083330843308533086330873308833089330903309133092330933309433095330963309733098330993310033101331023310333104331053310633107331083310933110331113311233113331143311533116331173311833119331203312133122331233312433125331263312733128331293313033131331323313333134331353313633137331383313933140331413314233143331443314533146331473314833149331503315133152331533315433155331563315733158331593316033161331623316333164331653316633167331683316933170331713317233173331743317533176331773317833179331803318133182331833318433185331863318733188331893319033191331923319333194331953319633197331983319933200332013320233203332043320533206332073320833209332103321133212332133321433215332163321733218332193322033221332223322333224332253322633227332283322933230332313323233233332343323533236332373323833239332403324133242332433324433245332463324733248332493325033251332523325333254332553325633257332583325933260332613326233263332643326533266332673326833269332703327133272332733327433275332763327733278332793328033281332823328333284332853328633287332883328933290332913329233293332943329533296332973329833299333003330133302333033330433305333063330733308333093331033311333123331333314333153331633317333183331933320333213332233323333243332533326333273332833329333303333133332333333333433335333363333733338333393334033341333423334333344333453334633347333483334933350333513335233353333543335533356333573335833359333603336133362333633336433365333663336733368333693337033371333723337333374333753337633377333783337933380333813338233383333843338533386333873338833389333903339133392333933339433395333963339733398333993340033401334023340333404334053340633407334083340933410334113341233413334143341533416334173341833419334203342133422334233342433425334263342733428334293343033431334323343333434334353343633437334383343933440334413344233443334443344533446334473344833449334503345133452334533345433455334563345733458334593346033461334623346333464334653346633467334683346933470334713347233473334743347533476334773347833479334803348133482334833348433485334863348733488334893349033491334923349333494334953349633497334983349933500335013350233503335043350533506335073350833509335103351133512335133351433515335163351733518335193352033521335223352333524335253352633527335283352933530335313353233533335343353533536335373353833539335403354133542335433354433545335463354733548335493355033551335523355333554335553355633557335583355933560335613356233563335643356533566335673356833569335703357133572335733357433575335763357733578335793358033581335823358333584335853358633587335883358933590335913359233593335943359533596335973359833599336003360133602336033360433605336063360733608336093361033611336123361333614336153361633617336183361933620336213362233623336243362533626336273362833629336303363133632336333363433635336363363733638336393364033641336423364333644336453364633647336483364933650336513365233653336543365533656336573365833659336603366133662336633366433665336663366733668336693367033671336723367333674336753367633677336783367933680336813368233683336843368533686336873368833689336903369133692336933369433695336963369733698336993370033701337023370333704337053370633707337083370933710337113371233713337143371533716337173371833719337203372133722337233372433725337263372733728337293373033731337323373333734337353373633737337383373933740337413374233743337443374533746337473374833749337503375133752337533375433755337563375733758337593376033761337623376333764337653376633767337683376933770337713377233773337743377533776337773377833779337803378133782337833378433785337863378733788337893379033791337923379333794337953379633797337983379933800338013380233803338043380533806338073380833809338103381133812338133381433815338163381733818338193382033821338223382333824338253382633827338283382933830338313383233833338343383533836338373383833839338403384133842338433384433845338463384733848338493385033851338523385333854338553385633857338583385933860338613386233863338643386533866338673386833869338703387133872338733387433875338763387733878338793388033881338823388333884338853388633887338883388933890338913389233893338943389533896338973389833899339003390133902339033390433905339063390733908339093391033911339123391333914339153391633917339183391933920339213392233923339243392533926339273392833929339303393133932339333393433935339363393733938339393394033941339423394333944339453394633947339483394933950339513395233953339543395533956339573395833959339603396133962339633396433965339663396733968339693397033971339723397333974339753397633977339783397933980339813398233983339843398533986339873398833989339903399133992339933399433995339963399733998339993400034001340023400334004340053400634007340083400934010340113401234013340143401534016340173401834019340203402134022340233402434025340263402734028340293403034031340323403334034340353403634037340383403934040340413404234043340443404534046340473404834049340503405134052340533405434055340563405734058340593406034061340623406334064340653406634067340683406934070340713407234073340743407534076340773407834079340803408134082340833408434085340863408734088340893409034091340923409334094340953409634097340983409934100341013410234103341043410534106341073410834109341103411134112341133411434115341163411734118341193412034121341223412334124341253412634127341283412934130341313413234133341343413534136341373413834139341403414134142341433414434145341463414734148341493415034151341523415334154341553415634157341583415934160341613416234163341643416534166341673416834169341703417134172341733417434175341763417734178341793418034181341823418334184341853418634187341883418934190341913419234193341943419534196341973419834199342003420134202342033420434205342063420734208342093421034211342123421334214342153421634217342183421934220342213422234223342243422534226342273422834229342303423134232342333423434235342363423734238342393424034241342423424334244342453424634247342483424934250342513425234253342543425534256342573425834259342603426134262342633426434265342663426734268342693427034271342723427334274342753427634277342783427934280342813428234283342843428534286342873428834289342903429134292342933429434295342963429734298342993430034301343023430334304343053430634307343083430934310343113431234313343143431534316343173431834319343203432134322343233432434325343263432734328343293433034331343323433334334343353433634337343383433934340343413434234343343443434534346343473434834349343503435134352343533435434355343563435734358343593436034361343623436334364343653436634367343683436934370343713437234373343743437534376343773437834379343803438134382343833438434385343863438734388343893439034391343923439334394343953439634397343983439934400344013440234403344043440534406344073440834409344103441134412344133441434415344163441734418344193442034421344223442334424344253442634427344283442934430344313443234433344343443534436344373443834439344403444134442344433444434445344463444734448344493445034451344523445334454344553445634457344583445934460344613446234463344643446534466344673446834469344703447134472344733447434475344763447734478344793448034481344823448334484344853448634487344883448934490344913449234493344943449534496344973449834499345003450134502345033450434505345063450734508345093451034511345123451334514345153451634517345183451934520345213452234523345243452534526345273452834529345303453134532345333453434535345363453734538345393454034541345423454334544345453454634547345483454934550345513455234553345543455534556345573455834559345603456134562345633456434565345663456734568345693457034571345723457334574345753457634577345783457934580345813458234583345843458534586345873458834589345903459134592345933459434595345963459734598345993460034601346023460334604346053460634607346083460934610346113461234613346143461534616346173461834619346203462134622346233462434625346263462734628346293463034631346323463334634346353463634637346383463934640346413464234643346443464534646346473464834649346503465134652346533465434655346563465734658346593466034661346623466334664346653466634667346683466934670346713467234673346743467534676346773467834679346803468134682346833468434685346863468734688346893469034691346923469334694346953469634697346983469934700347013470234703347043470534706347073470834709347103471134712347133471434715347163471734718347193472034721347223472334724347253472634727347283472934730347313473234733347343473534736347373473834739347403474134742347433474434745347463474734748347493475034751347523475334754347553475634757347583475934760347613476234763347643476534766347673476834769347703477134772347733477434775347763477734778347793478034781347823478334784347853478634787347883478934790347913479234793347943479534796347973479834799348003480134802348033480434805348063480734808348093481034811348123481334814348153481634817348183481934820348213482234823348243482534826348273482834829348303483134832348333483434835348363483734838348393484034841348423484334844348453484634847348483484934850348513485234853348543485534856348573485834859348603486134862348633486434865348663486734868348693487034871348723487334874348753487634877348783487934880348813488234883348843488534886348873488834889348903489134892348933489434895348963489734898348993490034901349023490334904349053490634907349083490934910349113491234913349143491534916349173491834919349203492134922349233492434925349263492734928349293493034931349323493334934349353493634937349383493934940349413494234943349443494534946349473494834949349503495134952349533495434955349563495734958349593496034961349623496334964349653496634967349683496934970349713497234973349743497534976349773497834979349803498134982349833498434985349863498734988349893499034991349923499334994349953499634997349983499935000350013500235003350043500535006350073500835009350103501135012350133501435015350163501735018350193502035021350223502335024350253502635027350283502935030350313503235033350343503535036350373503835039350403504135042350433504435045350463504735048350493505035051350523505335054350553505635057350583505935060350613506235063350643506535066350673506835069350703507135072350733507435075350763507735078350793508035081350823508335084350853508635087350883508935090350913509235093350943509535096350973509835099351003510135102351033510435105351063510735108351093511035111351123511335114351153511635117351183511935120351213512235123351243512535126351273512835129351303513135132351333513435135351363513735138351393514035141351423514335144351453514635147351483514935150351513515235153351543515535156351573515835159351603516135162351633516435165351663516735168351693517035171351723517335174351753517635177351783517935180351813518235183351843518535186351873518835189351903519135192351933519435195351963519735198351993520035201352023520335204352053520635207352083520935210352113521235213352143521535216352173521835219352203522135222352233522435225352263522735228352293523035231352323523335234352353523635237352383523935240352413524235243352443524535246352473524835249352503525135252352533525435255352563525735258352593526035261352623526335264352653526635267352683526935270352713527235273352743527535276352773527835279352803528135282352833528435285352863528735288352893529035291352923529335294352953529635297352983529935300353013530235303353043530535306353073530835309353103531135312353133531435315353163531735318353193532035321353223532335324353253532635327353283532935330353313533235333353343533535336353373533835339353403534135342353433534435345353463534735348353493535035351353523535335354353553535635357353583535935360353613536235363353643536535366353673536835369353703537135372353733537435375353763537735378353793538035381353823538335384353853538635387353883538935390353913539235393353943539535396353973539835399354003540135402354033540435405354063540735408354093541035411354123541335414354153541635417354183541935420354213542235423354243542535426354273542835429354303543135432354333543435435354363543735438354393544035441354423544335444354453544635447354483544935450354513545235453354543545535456354573545835459354603546135462354633546435465354663546735468354693547035471354723547335474354753547635477354783547935480354813548235483354843548535486354873548835489354903549135492354933549435495354963549735498354993550035501355023550335504355053550635507355083550935510355113551235513355143551535516355173551835519355203552135522355233552435525355263552735528355293553035531355323553335534355353553635537355383553935540355413554235543355443554535546355473554835549355503555135552355533555435555355563555735558355593556035561355623556335564355653556635567355683556935570355713557235573355743557535576355773557835579355803558135582355833558435585355863558735588355893559035591355923559335594355953559635597355983559935600356013560235603356043560535606356073560835609356103561135612356133561435615356163561735618356193562035621356223562335624356253562635627356283562935630356313563235633356343563535636356373563835639356403564135642356433564435645356463564735648356493565035651356523565335654356553565635657356583565935660356613566235663356643566535666356673566835669356703567135672356733567435675356763567735678356793568035681356823568335684356853568635687356883568935690356913569235693356943569535696356973569835699357003570135702357033570435705357063570735708357093571035711357123571335714357153571635717357183571935720357213572235723357243572535726357273572835729357303573135732357333573435735357363573735738357393574035741357423574335744357453574635747357483574935750357513575235753357543575535756357573575835759357603576135762357633576435765357663576735768357693577035771357723577335774357753577635777357783577935780357813578235783357843578535786357873578835789357903579135792357933579435795357963579735798357993580035801358023580335804358053580635807358083580935810358113581235813358143581535816358173581835819358203582135822358233582435825358263582735828358293583035831358323583335834358353583635837358383583935840358413584235843358443584535846358473584835849358503585135852358533585435855358563585735858358593586035861358623586335864358653586635867358683586935870358713587235873358743587535876358773587835879358803588135882358833588435885358863588735888358893589035891358923589335894358953589635897358983589935900359013590235903359043590535906359073590835909359103591135912359133591435915359163591735918359193592035921359223592335924359253592635927359283592935930359313593235933359343593535936359373593835939359403594135942359433594435945359463594735948359493595035951359523595335954359553595635957359583595935960359613596235963359643596535966359673596835969359703597135972359733597435975359763597735978359793598035981359823598335984359853598635987359883598935990359913599235993359943599535996359973599835999360003600136002360033600436005360063600736008360093601036011360123601336014360153601636017360183601936020360213602236023360243602536026360273602836029360303603136032360333603436035360363603736038360393604036041360423604336044360453604636047360483604936050360513605236053360543605536056360573605836059360603606136062360633606436065360663606736068360693607036071360723607336074360753607636077360783607936080360813608236083360843608536086360873608836089360903609136092360933609436095360963609736098360993610036101361023610336104361053610636107361083610936110361113611236113361143611536116361173611836119361203612136122361233612436125361263612736128361293613036131361323613336134361353613636137361383613936140361413614236143361443614536146361473614836149361503615136152361533615436155361563615736158361593616036161361623616336164361653616636167361683616936170361713617236173361743617536176361773617836179361803618136182361833618436185361863618736188361893619036191361923619336194361953619636197361983619936200362013620236203362043620536206362073620836209362103621136212362133621436215362163621736218362193622036221362223622336224362253622636227362283622936230362313623236233362343623536236362373623836239362403624136242362433624436245362463624736248362493625036251362523625336254362553625636257362583625936260362613626236263362643626536266362673626836269362703627136272362733627436275362763627736278362793628036281362823628336284362853628636287362883628936290362913629236293362943629536296362973629836299363003630136302363033630436305363063630736308363093631036311363123631336314363153631636317363183631936320363213632236323363243632536326363273632836329363303633136332363333633436335363363633736338363393634036341363423634336344363453634636347363483634936350363513635236353363543635536356363573635836359363603636136362363633636436365363663636736368363693637036371363723637336374363753637636377363783637936380363813638236383363843638536386363873638836389363903639136392363933639436395363963639736398363993640036401364023640336404364053640636407364083640936410364113641236413364143641536416364173641836419364203642136422364233642436425364263642736428364293643036431364323643336434364353643636437364383643936440364413644236443364443644536446364473644836449364503645136452364533645436455364563645736458364593646036461364623646336464364653646636467364683646936470364713647236473364743647536476364773647836479364803648136482364833648436485364863648736488364893649036491364923649336494364953649636497364983649936500365013650236503365043650536506365073650836509365103651136512365133651436515365163651736518365193652036521365223652336524365253652636527365283652936530365313653236533365343653536536365373653836539365403654136542365433654436545365463654736548365493655036551365523655336554365553655636557365583655936560365613656236563365643656536566365673656836569365703657136572365733657436575365763657736578365793658036581365823658336584365853658636587365883658936590365913659236593365943659536596365973659836599366003660136602366033660436605366063660736608366093661036611366123661336614366153661636617366183661936620366213662236623366243662536626366273662836629366303663136632366333663436635366363663736638366393664036641366423664336644366453664636647366483664936650366513665236653366543665536656366573665836659366603666136662366633666436665366663666736668366693667036671366723667336674366753667636677366783667936680366813668236683366843668536686366873668836689366903669136692366933669436695366963669736698366993670036701367023670336704367053670636707367083670936710367113671236713367143671536716367173671836719367203672136722367233672436725367263672736728367293673036731367323673336734367353673636737367383673936740367413674236743367443674536746367473674836749367503675136752367533675436755367563675736758367593676036761367623676336764367653676636767367683676936770367713677236773367743677536776367773677836779367803678136782367833678436785367863678736788367893679036791367923679336794367953679636797367983679936800368013680236803368043680536806368073680836809368103681136812368133681436815368163681736818368193682036821368223682336824368253682636827368283682936830368313683236833368343683536836368373683836839368403684136842368433684436845368463684736848368493685036851368523685336854368553685636857368583685936860368613686236863368643686536866368673686836869368703687136872368733687436875368763687736878368793688036881368823688336884368853688636887368883688936890368913689236893368943689536896368973689836899369003690136902369033690436905369063690736908369093691036911369123691336914369153691636917369183691936920369213692236923369243692536926369273692836929369303693136932369333693436935369363693736938369393694036941369423694336944369453694636947369483694936950369513695236953369543695536956369573695836959369603696136962369633696436965369663696736968369693697036971369723697336974369753697636977369783697936980369813698236983369843698536986369873698836989369903699136992369933699436995369963699736998369993700037001370023700337004370053700637007370083700937010370113701237013370143701537016370173701837019370203702137022370233702437025370263702737028370293703037031370323703337034370353703637037370383703937040370413704237043370443704537046370473704837049370503705137052370533705437055370563705737058370593706037061370623706337064370653706637067370683706937070370713707237073370743707537076370773707837079370803708137082370833708437085370863708737088370893709037091370923709337094370953709637097370983709937100371013710237103371043710537106371073710837109371103711137112371133711437115371163711737118371193712037121371223712337124371253712637127371283712937130371313713237133371343713537136371373713837139371403714137142371433714437145371463714737148371493715037151371523715337154371553715637157371583715937160371613716237163371643716537166371673716837169371703717137172371733717437175371763717737178371793718037181371823718337184371853718637187371883718937190371913719237193371943719537196371973719837199372003720137202372033720437205372063720737208372093721037211372123721337214372153721637217372183721937220372213722237223372243722537226372273722837229372303723137232372333723437235372363723737238372393724037241372423724337244372453724637247372483724937250372513725237253372543725537256372573725837259372603726137262372633726437265372663726737268372693727037271372723727337274372753727637277372783727937280372813728237283372843728537286372873728837289372903729137292372933729437295372963729737298372993730037301373023730337304373053730637307373083730937310373113731237313373143731537316373173731837319373203732137322373233732437325373263732737328373293733037331373323733337334373353733637337373383733937340373413734237343373443734537346373473734837349373503735137352373533735437355373563735737358373593736037361373623736337364373653736637367373683736937370373713737237373373743737537376373773737837379373803738137382373833738437385373863738737388373893739037391373923739337394373953739637397373983739937400374013740237403374043740537406374073740837409374103741137412374133741437415374163741737418374193742037421374223742337424374253742637427374283742937430374313743237433374343743537436374373743837439374403744137442374433744437445374463744737448374493745037451374523745337454374553745637457374583745937460374613746237463374643746537466374673746837469374703747137472374733747437475374763747737478374793748037481374823748337484374853748637487374883748937490374913749237493374943749537496374973749837499375003750137502375033750437505375063750737508375093751037511375123751337514375153751637517375183751937520375213752237523375243752537526375273752837529375303753137532375333753437535375363753737538375393754037541375423754337544375453754637547375483754937550375513755237553375543755537556375573755837559375603756137562375633756437565375663756737568375693757037571375723757337574375753757637577375783757937580375813758237583375843758537586375873758837589375903759137592375933759437595375963759737598375993760037601376023760337604376053760637607376083760937610376113761237613376143761537616376173761837619376203762137622376233762437625376263762737628376293763037631376323763337634376353763637637376383763937640376413764237643376443764537646376473764837649376503765137652376533765437655376563765737658376593766037661376623766337664376653766637667376683766937670376713767237673376743767537676376773767837679376803768137682376833768437685376863768737688376893769037691376923769337694376953769637697376983769937700377013770237703377043770537706377073770837709377103771137712377133771437715377163771737718377193772037721377223772337724377253772637727377283772937730377313773237733377343773537736377373773837739377403774137742377433774437745377463774737748377493775037751377523775337754377553775637757377583775937760377613776237763377643776537766377673776837769377703777137772377733777437775377763777737778377793778037781377823778337784377853778637787377883778937790377913779237793377943779537796377973779837799378003780137802378033780437805378063780737808378093781037811378123781337814378153781637817378183781937820378213782237823378243782537826378273782837829378303783137832378333783437835378363783737838378393784037841378423784337844378453784637847378483784937850378513785237853378543785537856378573785837859378603786137862378633786437865378663786737868378693787037871378723787337874378753787637877378783787937880378813788237883378843788537886378873788837889378903789137892378933789437895378963789737898378993790037901379023790337904379053790637907379083790937910379113791237913379143791537916379173791837919379203792137922379233792437925379263792737928379293793037931379323793337934379353793637937379383793937940379413794237943379443794537946379473794837949379503795137952379533795437955379563795737958379593796037961379623796337964379653796637967379683796937970379713797237973379743797537976379773797837979379803798137982379833798437985379863798737988379893799037991379923799337994379953799637997379983799938000380013800238003380043800538006380073800838009380103801138012380133801438015380163801738018380193802038021380223802338024380253802638027380283802938030380313803238033380343803538036380373803838039380403804138042380433804438045380463804738048380493805038051380523805338054380553805638057380583805938060380613806238063380643806538066380673806838069380703807138072380733807438075380763807738078380793808038081380823808338084380853808638087380883808938090380913809238093380943809538096380973809838099381003810138102381033810438105381063810738108381093811038111381123811338114381153811638117381183811938120381213812238123381243812538126381273812838129381303813138132381333813438135381363813738138381393814038141381423814338144381453814638147381483814938150381513815238153381543815538156381573815838159381603816138162381633816438165381663816738168381693817038171381723817338174381753817638177381783817938180381813818238183381843818538186381873818838189381903819138192381933819438195381963819738198381993820038201382023820338204382053820638207382083820938210382113821238213382143821538216382173821838219382203822138222382233822438225382263822738228382293823038231382323823338234382353823638237382383823938240382413824238243382443824538246382473824838249382503825138252382533825438255382563825738258382593826038261382623826338264382653826638267382683826938270382713827238273382743827538276382773827838279382803828138282382833828438285382863828738288382893829038291382923829338294382953829638297382983829938300383013830238303383043830538306383073830838309383103831138312383133831438315383163831738318383193832038321383223832338324383253832638327383283832938330383313833238333383343833538336383373833838339383403834138342383433834438345383463834738348383493835038351383523835338354383553835638357383583835938360383613836238363383643836538366383673836838369383703837138372383733837438375383763837738378383793838038381383823838338384383853838638387383883838938390383913839238393383943839538396383973839838399384003840138402384033840438405384063840738408384093841038411384123841338414384153841638417384183841938420384213842238423384243842538426384273842838429384303843138432384333843438435384363843738438384393844038441384423844338444384453844638447384483844938450384513845238453384543845538456384573845838459384603846138462384633846438465384663846738468384693847038471384723847338474384753847638477384783847938480384813848238483384843848538486384873848838489384903849138492384933849438495384963849738498384993850038501385023850338504385053850638507385083850938510385113851238513385143851538516385173851838519385203852138522385233852438525385263852738528385293853038531385323853338534385353853638537385383853938540385413854238543385443854538546385473854838549385503855138552385533855438555385563855738558385593856038561385623856338564385653856638567385683856938570385713857238573385743857538576385773857838579385803858138582385833858438585385863858738588385893859038591385923859338594385953859638597385983859938600386013860238603386043860538606386073860838609386103861138612386133861438615386163861738618386193862038621386223862338624386253862638627386283862938630386313863238633386343863538636386373863838639386403864138642386433864438645386463864738648386493865038651386523865338654386553865638657386583865938660386613866238663386643866538666386673866838669386703867138672386733867438675386763867738678386793868038681386823868338684386853868638687386883868938690386913869238693386943869538696386973869838699387003870138702387033870438705387063870738708387093871038711387123871338714387153871638717387183871938720387213872238723387243872538726387273872838729387303873138732387333873438735387363873738738387393874038741387423874338744387453874638747387483874938750387513875238753387543875538756387573875838759387603876138762387633876438765387663876738768387693877038771387723877338774387753877638777387783877938780387813878238783387843878538786387873878838789387903879138792387933879438795387963879738798387993880038801388023880338804388053880638807388083880938810388113881238813388143881538816388173881838819388203882138822388233882438825388263882738828388293883038831388323883338834388353883638837388383883938840388413884238843388443884538846388473884838849388503885138852388533885438855388563885738858388593886038861388623886338864388653886638867388683886938870388713887238873388743887538876388773887838879388803888138882388833888438885388863888738888388893889038891388923889338894388953889638897388983889938900389013890238903389043890538906389073890838909389103891138912389133891438915389163891738918389193892038921389223892338924389253892638927389283892938930389313893238933389343893538936389373893838939389403894138942389433894438945389463894738948389493895038951389523895338954389553895638957389583895938960389613896238963389643896538966389673896838969389703897138972389733897438975389763897738978389793898038981389823898338984389853898638987389883898938990389913899238993389943899538996389973899838999390003900139002390033900439005390063900739008390093901039011390123901339014390153901639017390183901939020390213902239023390243902539026390273902839029390303903139032390333903439035390363903739038390393904039041390423904339044390453904639047390483904939050390513905239053390543905539056390573905839059390603906139062390633906439065390663906739068390693907039071390723907339074390753907639077390783907939080390813908239083390843908539086390873908839089390903909139092390933909439095390963909739098390993910039101391023910339104391053910639107391083910939110391113911239113391143911539116391173911839119391203912139122391233912439125391263912739128391293913039131391323913339134391353913639137391383913939140391413914239143391443914539146391473914839149391503915139152391533915439155391563915739158391593916039161391623916339164391653916639167391683916939170391713917239173391743917539176391773917839179391803918139182391833918439185391863918739188391893919039191391923919339194391953919639197391983919939200392013920239203392043920539206392073920839209392103921139212392133921439215392163921739218392193922039221392223922339224392253922639227392283922939230392313923239233392343923539236392373923839239392403924139242392433924439245392463924739248392493925039251392523925339254392553925639257392583925939260392613926239263392643926539266392673926839269392703927139272392733927439275392763927739278392793928039281392823928339284392853928639287392883928939290392913929239293392943929539296392973929839299393003930139302393033930439305393063930739308393093931039311393123931339314393153931639317393183931939320393213932239323393243932539326393273932839329393303933139332393333933439335393363933739338393393934039341393423934339344393453934639347393483934939350393513935239353393543935539356393573935839359393603936139362393633936439365393663936739368393693937039371393723937339374393753937639377393783937939380393813938239383393843938539386393873938839389393903939139392393933939439395393963939739398393993940039401394023940339404394053940639407394083940939410394113941239413394143941539416394173941839419394203942139422394233942439425394263942739428394293943039431394323943339434394353943639437394383943939440394413944239443394443944539446394473944839449394503945139452394533945439455394563945739458394593946039461394623946339464394653946639467394683946939470394713947239473394743947539476394773947839479394803948139482394833948439485394863948739488394893949039491394923949339494394953949639497394983949939500395013950239503395043950539506395073950839509395103951139512395133951439515395163951739518395193952039521395223952339524395253952639527395283952939530395313953239533395343953539536395373953839539395403954139542395433954439545395463954739548395493955039551395523955339554395553955639557395583955939560395613956239563395643956539566395673956839569395703957139572395733957439575395763957739578395793958039581395823958339584395853958639587395883958939590395913959239593395943959539596395973959839599396003960139602396033960439605396063960739608396093961039611396123961339614396153961639617396183961939620396213962239623396243962539626396273962839629396303963139632396333963439635396363963739638396393964039641396423964339644396453964639647396483964939650396513965239653396543965539656396573965839659396603966139662396633966439665396663966739668396693967039671396723967339674396753967639677396783967939680396813968239683396843968539686396873968839689396903969139692396933969439695396963969739698396993970039701397023970339704397053970639707397083970939710397113971239713397143971539716397173971839719397203972139722397233972439725397263972739728397293973039731397323973339734397353973639737397383973939740397413974239743397443974539746397473974839749397503975139752397533975439755397563975739758397593976039761397623976339764397653976639767397683976939770397713977239773397743977539776397773977839779397803978139782397833978439785397863978739788397893979039791397923979339794397953979639797397983979939800398013980239803398043980539806398073980839809398103981139812398133981439815398163981739818398193982039821398223982339824398253982639827398283982939830398313983239833398343983539836398373983839839398403984139842398433984439845398463984739848398493985039851398523985339854398553985639857398583985939860398613986239863398643986539866398673986839869398703987139872398733987439875398763987739878398793988039881398823988339884398853988639887398883988939890398913989239893398943989539896398973989839899399003990139902399033990439905399063990739908399093991039911399123991339914399153991639917399183991939920399213992239923399243992539926399273992839929399303993139932399333993439935399363993739938399393994039941399423994339944399453994639947399483994939950399513995239953399543995539956399573995839959399603996139962399633996439965399663996739968399693997039971399723997339974399753997639977399783997939980399813998239983399843998539986399873998839989399903999139992399933999439995399963999739998399994000040001400024000340004400054000640007400084000940010400114001240013400144001540016400174001840019400204002140022400234002440025400264002740028400294003040031400324003340034400354003640037400384003940040400414004240043400444004540046400474004840049400504005140052400534005440055400564005740058400594006040061400624006340064400654006640067400684006940070400714007240073400744007540076400774007840079400804008140082400834008440085400864008740088400894009040091400924009340094400954009640097400984009940100401014010240103401044010540106401074010840109401104011140112401134011440115401164011740118401194012040121401224012340124401254012640127401284012940130401314013240133401344013540136401374013840139401404014140142401434014440145401464014740148401494015040151401524015340154401554015640157401584015940160401614016240163401644016540166401674016840169401704017140172401734017440175401764017740178401794018040181401824018340184401854018640187401884018940190401914019240193401944019540196401974019840199402004020140202402034020440205402064020740208402094021040211402124021340214402154021640217402184021940220402214022240223402244022540226402274022840229402304023140232402334023440235402364023740238402394024040241402424024340244402454024640247402484024940250402514025240253402544025540256402574025840259402604026140262402634026440265402664026740268402694027040271402724027340274402754027640277402784027940280402814028240283402844028540286402874028840289402904029140292402934029440295402964029740298402994030040301403024030340304403054030640307403084030940310403114031240313403144031540316403174031840319403204032140322403234032440325403264032740328403294033040331403324033340334403354033640337403384033940340403414034240343403444034540346403474034840349403504035140352403534035440355403564035740358403594036040361403624036340364403654036640367403684036940370403714037240373403744037540376403774037840379403804038140382403834038440385403864038740388403894039040391403924039340394403954039640397403984039940400404014040240403404044040540406404074040840409404104041140412404134041440415404164041740418404194042040421404224042340424404254042640427404284042940430404314043240433404344043540436404374043840439404404044140442404434044440445404464044740448404494045040451404524045340454404554045640457404584045940460404614046240463404644046540466404674046840469404704047140472404734047440475404764047740478404794048040481404824048340484404854048640487404884048940490404914049240493404944049540496404974049840499405004050140502405034050440505405064050740508405094051040511405124051340514405154051640517405184051940520405214052240523405244052540526405274052840529405304053140532405334053440535405364053740538405394054040541405424054340544405454054640547405484054940550405514055240553405544055540556405574055840559405604056140562405634056440565405664056740568405694057040571405724057340574405754057640577405784057940580405814058240583405844058540586405874058840589405904059140592405934059440595405964059740598405994060040601406024060340604406054060640607406084060940610406114061240613406144061540616406174061840619406204062140622406234062440625406264062740628406294063040631406324063340634406354063640637406384063940640406414064240643406444064540646406474064840649406504065140652406534065440655406564065740658406594066040661406624066340664406654066640667406684066940670406714067240673406744067540676406774067840679406804068140682406834068440685406864068740688406894069040691406924069340694406954069640697406984069940700407014070240703407044070540706407074070840709407104071140712407134071440715407164071740718407194072040721407224072340724407254072640727407284072940730407314073240733407344073540736407374073840739407404074140742407434074440745407464074740748407494075040751407524075340754407554075640757407584075940760407614076240763407644076540766407674076840769407704077140772407734077440775407764077740778407794078040781407824078340784407854078640787407884078940790407914079240793407944079540796407974079840799408004080140802408034080440805408064080740808408094081040811408124081340814408154081640817408184081940820408214082240823408244082540826408274082840829408304083140832408334083440835408364083740838408394084040841408424084340844408454084640847408484084940850408514085240853408544085540856408574085840859408604086140862408634086440865408664086740868408694087040871408724087340874408754087640877408784087940880408814088240883408844088540886408874088840889408904089140892408934089440895408964089740898408994090040901409024090340904409054090640907409084090940910409114091240913409144091540916409174091840919409204092140922409234092440925409264092740928409294093040931409324093340934409354093640937409384093940940409414094240943409444094540946409474094840949409504095140952409534095440955409564095740958409594096040961409624096340964409654096640967409684096940970409714097240973409744097540976409774097840979409804098140982409834098440985409864098740988409894099040991409924099340994409954099640997409984099941000410014100241003410044100541006410074100841009410104101141012410134101441015410164101741018410194102041021410224102341024410254102641027410284102941030410314103241033410344103541036410374103841039410404104141042410434104441045410464104741048410494105041051410524105341054410554105641057410584105941060410614106241063410644106541066410674106841069410704107141072410734107441075410764107741078410794108041081410824108341084410854108641087410884108941090410914109241093410944109541096410974109841099411004110141102411034110441105411064110741108411094111041111411124111341114411154111641117411184111941120411214112241123411244112541126411274112841129411304113141132411334113441135411364113741138411394114041141411424114341144411454114641147411484114941150411514115241153411544115541156411574115841159411604116141162411634116441165411664116741168411694117041171411724117341174411754117641177411784117941180411814118241183411844118541186411874118841189411904119141192411934119441195411964119741198411994120041201412024120341204412054120641207412084120941210412114121241213412144121541216412174121841219412204122141222412234122441225412264122741228412294123041231412324123341234412354123641237412384123941240412414124241243412444124541246412474124841249412504125141252412534125441255412564125741258412594126041261412624126341264412654126641267412684126941270412714127241273412744127541276412774127841279412804128141282412834128441285412864128741288412894129041291412924129341294412954129641297412984129941300413014130241303413044130541306413074130841309413104131141312413134131441315413164131741318413194132041321413224132341324413254132641327413284132941330413314133241333413344133541336413374133841339413404134141342413434134441345413464134741348413494135041351413524135341354413554135641357413584135941360413614136241363413644136541366413674136841369413704137141372413734137441375413764137741378413794138041381413824138341384413854138641387413884138941390413914139241393413944139541396413974139841399414004140141402414034140441405414064140741408414094141041411414124141341414414154141641417414184141941420414214142241423414244142541426414274142841429414304143141432414334143441435414364143741438414394144041441414424144341444414454144641447414484144941450414514145241453414544145541456414574145841459414604146141462414634146441465414664146741468414694147041471414724147341474414754147641477414784147941480414814148241483414844148541486414874148841489414904149141492414934149441495414964149741498414994150041501415024150341504415054150641507415084150941510415114151241513415144151541516415174151841519415204152141522415234152441525415264152741528415294153041531415324153341534415354153641537415384153941540415414154241543415444154541546415474154841549415504155141552415534155441555415564155741558415594156041561415624156341564415654156641567415684156941570415714157241573415744157541576415774157841579415804158141582415834158441585415864158741588415894159041591415924159341594415954159641597415984159941600416014160241603416044160541606416074160841609416104161141612416134161441615416164161741618416194162041621416224162341624416254162641627416284162941630416314163241633416344163541636416374163841639416404164141642416434164441645416464164741648416494165041651416524165341654416554165641657416584165941660416614166241663416644166541666416674166841669416704167141672416734167441675416764167741678416794168041681416824168341684416854168641687416884168941690416914169241693416944169541696416974169841699417004170141702417034170441705417064170741708417094171041711417124171341714417154171641717417184171941720417214172241723417244172541726417274172841729417304173141732417334173441735417364173741738417394174041741417424174341744417454174641747417484174941750417514175241753417544175541756417574175841759417604176141762417634176441765417664176741768417694177041771417724177341774417754177641777417784177941780417814178241783417844178541786417874178841789417904179141792417934179441795417964179741798417994180041801418024180341804418054180641807418084180941810418114181241813418144181541816418174181841819418204182141822418234182441825418264182741828418294183041831418324183341834418354183641837418384183941840418414184241843418444184541846418474184841849418504185141852418534185441855418564185741858418594186041861418624186341864418654186641867418684186941870418714187241873418744187541876418774187841879418804188141882418834188441885418864188741888418894189041891418924189341894418954189641897418984189941900419014190241903419044190541906419074190841909419104191141912419134191441915419164191741918419194192041921419224192341924419254192641927419284192941930419314193241933419344193541936419374193841939419404194141942419434194441945419464194741948419494195041951419524195341954419554195641957419584195941960419614196241963419644196541966419674196841969419704197141972419734197441975419764197741978419794198041981419824198341984419854198641987419884198941990419914199241993419944199541996419974199841999420004200142002420034200442005420064200742008420094201042011420124201342014420154201642017420184201942020420214202242023420244202542026420274202842029420304203142032420334203442035420364203742038420394204042041420424204342044420454204642047420484204942050420514205242053420544205542056420574205842059420604206142062420634206442065420664206742068420694207042071420724207342074420754207642077420784207942080420814208242083420844208542086420874208842089420904209142092420934209442095420964209742098420994210042101421024210342104421054210642107421084210942110421114211242113421144211542116421174211842119421204212142122421234212442125421264212742128421294213042131421324213342134421354213642137421384213942140421414214242143421444214542146421474214842149421504215142152421534215442155421564215742158421594216042161421624216342164421654216642167421684216942170421714217242173421744217542176421774217842179421804218142182421834218442185421864218742188421894219042191421924219342194421954219642197421984219942200422014220242203422044220542206422074220842209422104221142212422134221442215422164221742218422194222042221422224222342224422254222642227422284222942230422314223242233422344223542236422374223842239422404224142242422434224442245422464224742248422494225042251422524225342254422554225642257422584225942260422614226242263422644226542266422674226842269422704227142272422734227442275422764227742278422794228042281422824228342284422854228642287422884228942290422914229242293422944229542296422974229842299423004230142302423034230442305423064230742308423094231042311423124231342314423154231642317423184231942320423214232242323423244232542326423274232842329423304233142332423334233442335423364233742338423394234042341423424234342344423454234642347423484234942350423514235242353423544235542356423574235842359423604236142362423634236442365423664236742368423694237042371423724237342374423754237642377423784237942380423814238242383423844238542386423874238842389423904239142392423934239442395423964239742398423994240042401424024240342404424054240642407424084240942410424114241242413424144241542416424174241842419424204242142422424234242442425424264242742428424294243042431424324243342434424354243642437424384243942440424414244242443424444244542446424474244842449424504245142452424534245442455424564245742458424594246042461424624246342464424654246642467424684246942470424714247242473424744247542476424774247842479424804248142482424834248442485424864248742488424894249042491424924249342494424954249642497424984249942500425014250242503425044250542506425074250842509425104251142512425134251442515425164251742518425194252042521425224252342524425254252642527425284252942530425314253242533425344253542536425374253842539425404254142542425434254442545425464254742548425494255042551425524255342554425554255642557425584255942560425614256242563425644256542566425674256842569425704257142572425734257442575425764257742578425794258042581425824258342584425854258642587425884258942590425914259242593425944259542596425974259842599426004260142602426034260442605426064260742608426094261042611426124261342614426154261642617426184261942620426214262242623426244262542626426274262842629426304263142632426334263442635426364263742638426394264042641426424264342644426454264642647426484264942650426514265242653426544265542656426574265842659426604266142662426634266442665426664266742668426694267042671426724267342674426754267642677426784267942680426814268242683426844268542686426874268842689426904269142692426934269442695426964269742698426994270042701427024270342704427054270642707427084270942710427114271242713427144271542716427174271842719427204272142722427234272442725427264272742728427294273042731427324273342734427354273642737427384273942740427414274242743427444274542746427474274842749427504275142752427534275442755427564275742758427594276042761427624276342764427654276642767427684276942770427714277242773427744277542776427774277842779427804278142782427834278442785427864278742788427894279042791427924279342794427954279642797427984279942800428014280242803428044280542806428074280842809428104281142812428134281442815428164281742818428194282042821428224282342824428254282642827428284282942830428314283242833428344283542836428374283842839428404284142842428434284442845428464284742848428494285042851428524285342854428554285642857428584285942860428614286242863428644286542866428674286842869428704287142872428734287442875428764287742878428794288042881428824288342884428854288642887428884288942890428914289242893428944289542896428974289842899429004290142902429034290442905429064290742908429094291042911429124291342914429154291642917429184291942920429214292242923429244292542926429274292842929429304293142932429334293442935429364293742938429394294042941429424294342944429454294642947429484294942950429514295242953429544295542956429574295842959429604296142962429634296442965429664296742968429694297042971429724297342974429754297642977429784297942980429814298242983429844298542986429874298842989429904299142992429934299442995429964299742998429994300043001430024300343004430054300643007430084300943010430114301243013430144301543016430174301843019430204302143022430234302443025430264302743028430294303043031430324303343034430354303643037430384303943040430414304243043430444304543046430474304843049430504305143052430534305443055430564305743058430594306043061430624306343064430654306643067430684306943070430714307243073430744307543076430774307843079430804308143082430834308443085430864308743088430894309043091430924309343094430954309643097430984309943100431014310243103431044310543106431074310843109431104311143112431134311443115431164311743118431194312043121431224312343124431254312643127431284312943130431314313243133431344313543136431374313843139431404314143142431434314443145431464314743148431494315043151431524315343154431554315643157431584315943160431614316243163431644316543166431674316843169431704317143172431734317443175431764317743178431794318043181431824318343184431854318643187431884318943190431914319243193431944319543196431974319843199432004320143202432034320443205432064320743208432094321043211432124321343214432154321643217432184321943220432214322243223432244322543226432274322843229432304323143232432334323443235432364323743238432394324043241432424324343244432454324643247432484324943250432514325243253432544325543256432574325843259432604326143262432634326443265432664326743268432694327043271432724327343274432754327643277432784327943280432814328243283432844328543286432874328843289432904329143292432934329443295432964329743298432994330043301433024330343304433054330643307433084330943310433114331243313433144331543316433174331843319433204332143322433234332443325433264332743328433294333043331433324333343334433354333643337433384333943340433414334243343433444334543346433474334843349433504335143352433534335443355433564335743358433594336043361433624336343364433654336643367433684336943370433714337243373433744337543376433774337843379433804338143382433834338443385433864338743388433894339043391433924339343394433954339643397433984339943400434014340243403434044340543406434074340843409434104341143412434134341443415434164341743418434194342043421434224342343424434254342643427434284342943430434314343243433434344343543436434374343843439434404344143442434434344443445434464344743448434494345043451434524345343454434554345643457434584345943460434614346243463434644346543466434674346843469434704347143472434734347443475434764347743478434794348043481434824348343484434854348643487434884348943490434914349243493434944349543496434974349843499435004350143502435034350443505435064350743508435094351043511435124351343514435154351643517435184351943520435214352243523435244352543526435274352843529435304353143532435334353443535435364353743538435394354043541435424354343544435454354643547435484354943550435514355243553435544355543556435574355843559435604356143562435634356443565435664356743568435694357043571435724357343574435754357643577435784357943580435814358243583435844358543586435874358843589435904359143592435934359443595435964359743598435994360043601436024360343604436054360643607436084360943610436114361243613436144361543616436174361843619436204362143622436234362443625436264362743628436294363043631436324363343634436354363643637436384363943640436414364243643436444364543646436474364843649436504365143652436534365443655436564365743658436594366043661436624366343664436654366643667436684366943670436714367243673436744367543676436774367843679436804368143682436834368443685436864368743688436894369043691436924369343694436954369643697436984369943700437014370243703437044370543706437074370843709437104371143712437134371443715437164371743718437194372043721437224372343724437254372643727437284372943730437314373243733437344373543736437374373843739437404374143742437434374443745437464374743748437494375043751437524375343754437554375643757437584375943760437614376243763437644376543766437674376843769437704377143772437734377443775437764377743778437794378043781437824378343784437854378643787437884378943790437914379243793437944379543796437974379843799438004380143802438034380443805438064380743808438094381043811438124381343814438154381643817438184381943820438214382243823438244382543826438274382843829438304383143832438334383443835438364383743838438394384043841438424384343844438454384643847438484384943850438514385243853438544385543856438574385843859438604386143862438634386443865438664386743868438694387043871438724387343874438754387643877438784387943880438814388243883438844388543886438874388843889438904389143892438934389443895438964389743898438994390043901439024390343904439054390643907439084390943910439114391243913439144391543916439174391843919439204392143922439234392443925439264392743928439294393043931439324393343934439354393643937439384393943940439414394243943439444394543946439474394843949439504395143952439534395443955439564395743958439594396043961439624396343964439654396643967439684396943970439714397243973439744397543976439774397843979439804398143982439834398443985439864398743988439894399043991439924399343994439954399643997439984399944000440014400244003440044400544006440074400844009440104401144012440134401444015440164401744018440194402044021440224402344024440254402644027440284402944030440314403244033440344403544036440374403844039440404404144042440434404444045440464404744048440494405044051440524405344054440554405644057440584405944060440614406244063440644406544066440674406844069440704407144072440734407444075440764407744078440794408044081440824408344084440854408644087440884408944090440914409244093440944409544096440974409844099441004410144102441034410444105441064410744108441094411044111441124411344114441154411644117441184411944120441214412244123441244412544126441274412844129441304413144132441334413444135441364413744138441394414044141441424414344144441454414644147441484414944150441514415244153441544415544156441574415844159441604416144162441634416444165441664416744168441694417044171441724417344174441754417644177441784417944180441814418244183441844418544186441874418844189441904419144192441934419444195441964419744198441994420044201442024420344204442054420644207442084420944210442114421244213442144421544216442174421844219442204422144222442234422444225442264422744228442294423044231442324423344234442354423644237442384423944240442414424244243442444424544246442474424844249442504425144252442534425444255442564425744258442594426044261442624426344264442654426644267442684426944270442714427244273442744427544276442774427844279442804428144282442834428444285442864428744288442894429044291442924429344294442954429644297442984429944300443014430244303443044430544306443074430844309443104431144312443134431444315443164431744318443194432044321443224432344324443254432644327443284432944330443314433244333443344433544336443374433844339443404434144342443434434444345443464434744348443494435044351443524435344354443554435644357443584435944360443614436244363443644436544366443674436844369443704437144372443734437444375443764437744378443794438044381443824438344384443854438644387443884438944390443914439244393443944439544396443974439844399444004440144402444034440444405444064440744408444094441044411444124441344414444154441644417444184441944420444214442244423444244442544426444274442844429444304443144432444334443444435444364443744438444394444044441444424444344444444454444644447444484444944450444514445244453444544445544456444574445844459444604446144462444634446444465444664446744468444694447044471444724447344474444754447644477444784447944480444814448244483444844448544486444874448844489444904449144492444934449444495444964449744498444994450044501445024450344504445054450644507445084450944510445114451244513445144451544516445174451844519445204452144522445234452444525445264452744528445294453044531445324453344534445354453644537445384453944540445414454244543445444454544546445474454844549445504455144552445534455444555445564455744558445594456044561445624456344564445654456644567445684456944570445714457244573445744457544576445774457844579445804458144582445834458444585445864458744588445894459044591445924459344594445954459644597445984459944600446014460244603446044460544606446074460844609446104461144612446134461444615446164461744618446194462044621446224462344624446254462644627446284462944630446314463244633446344463544636446374463844639446404464144642446434464444645446464464744648446494465044651446524465344654446554465644657446584465944660446614466244663446644466544666446674466844669446704467144672446734467444675446764467744678446794468044681446824468344684446854468644687446884468944690446914469244693446944469544696446974469844699447004470144702447034470444705447064470744708447094471044711447124471344714447154471644717447184471944720447214472244723447244472544726447274472844729447304473144732447334473444735447364473744738447394474044741447424474344744447454474644747447484474944750447514475244753447544475544756447574475844759447604476144762447634476444765447664476744768447694477044771447724477344774447754477644777447784477944780447814478244783447844478544786447874478844789447904479144792447934479444795447964479744798447994480044801448024480344804448054480644807448084480944810448114481244813448144481544816448174481844819448204482144822448234482444825448264482744828448294483044831448324483344834448354483644837448384483944840448414484244843448444484544846448474484844849448504485144852448534485444855448564485744858448594486044861448624486344864448654486644867448684486944870448714487244873448744487544876448774487844879448804488144882448834488444885448864488744888448894489044891448924489344894448954489644897448984489944900449014490244903449044490544906449074490844909449104491144912449134491444915449164491744918449194492044921449224492344924449254492644927449284492944930449314493244933449344493544936449374493844939449404494144942449434494444945449464494744948449494495044951449524495344954449554495644957449584495944960449614496244963449644496544966449674496844969449704497144972449734497444975449764497744978449794498044981449824498344984449854498644987449884498944990449914499244993449944499544996449974499844999450004500145002450034500445005450064500745008450094501045011450124501345014450154501645017450184501945020450214502245023450244502545026450274502845029450304503145032450334503445035450364503745038450394504045041450424504345044450454504645047450484504945050450514505245053450544505545056450574505845059450604506145062450634506445065450664506745068450694507045071450724507345074450754507645077450784507945080450814508245083450844508545086450874508845089450904509145092450934509445095450964509745098450994510045101451024510345104451054510645107451084510945110451114511245113451144511545116451174511845119451204512145122451234512445125451264512745128451294513045131451324513345134451354513645137451384513945140451414514245143451444514545146451474514845149451504515145152451534515445155451564515745158451594516045161451624516345164451654516645167451684516945170451714517245173451744517545176451774517845179451804518145182451834518445185451864518745188451894519045191451924519345194451954519645197451984519945200452014520245203452044520545206452074520845209452104521145212452134521445215452164521745218452194522045221452224522345224452254522645227452284522945230452314523245233452344523545236452374523845239452404524145242452434524445245452464524745248452494525045251452524525345254452554525645257452584525945260452614526245263452644526545266452674526845269452704527145272452734527445275452764527745278452794528045281452824528345284452854528645287452884528945290452914529245293452944529545296452974529845299453004530145302453034530445305453064530745308453094531045311453124531345314453154531645317453184531945320453214532245323453244532545326453274532845329453304533145332453334533445335453364533745338453394534045341453424534345344453454534645347453484534945350453514535245353453544535545356453574535845359453604536145362453634536445365453664536745368453694537045371453724537345374453754537645377453784537945380453814538245383453844538545386453874538845389453904539145392453934539445395453964539745398453994540045401454024540345404454054540645407454084540945410454114541245413454144541545416454174541845419454204542145422454234542445425454264542745428454294543045431454324543345434454354543645437454384543945440454414544245443454444544545446454474544845449454504545145452454534545445455454564545745458454594546045461454624546345464454654546645467454684546945470454714547245473454744547545476454774547845479454804548145482454834548445485454864548745488454894549045491454924549345494454954549645497454984549945500455014550245503455044550545506455074550845509455104551145512455134551445515455164551745518455194552045521455224552345524455254552645527455284552945530455314553245533455344553545536455374553845539455404554145542455434554445545455464554745548455494555045551455524555345554455554555645557455584555945560455614556245563455644556545566455674556845569455704557145572455734557445575455764557745578455794558045581455824558345584455854558645587455884558945590455914559245593455944559545596455974559845599456004560145602456034560445605456064560745608456094561045611456124561345614456154561645617456184561945620456214562245623456244562545626456274562845629456304563145632456334563445635456364563745638456394564045641456424564345644456454564645647456484564945650456514565245653456544565545656456574565845659456604566145662456634566445665456664566745668456694567045671456724567345674456754567645677456784567945680456814568245683456844568545686456874568845689456904569145692456934569445695456964569745698456994570045701457024570345704457054570645707457084570945710457114571245713457144571545716457174571845719457204572145722457234572445725457264572745728457294573045731457324573345734457354573645737457384573945740457414574245743457444574545746457474574845749457504575145752457534575445755457564575745758457594576045761457624576345764457654576645767457684576945770457714577245773457744577545776457774577845779457804578145782457834578445785457864578745788457894579045791457924579345794457954579645797457984579945800458014580245803458044580545806458074580845809458104581145812458134581445815458164581745818458194582045821458224582345824458254582645827458284582945830458314583245833458344583545836458374583845839458404584145842458434584445845458464584745848458494585045851458524585345854458554585645857458584585945860458614586245863458644586545866458674586845869458704587145872458734587445875458764587745878458794588045881458824588345884458854588645887458884588945890458914589245893458944589545896458974589845899459004590145902459034590445905459064590745908459094591045911459124591345914459154591645917459184591945920459214592245923459244592545926459274592845929459304593145932459334593445935459364593745938459394594045941459424594345944459454594645947459484594945950459514595245953459544595545956459574595845959459604596145962459634596445965459664596745968459694597045971459724597345974459754597645977459784597945980459814598245983459844598545986459874598845989459904599145992459934599445995459964599745998459994600046001460024600346004460054600646007460084600946010460114601246013460144601546016460174601846019460204602146022460234602446025460264602746028460294603046031460324603346034460354603646037460384603946040460414604246043460444604546046460474604846049460504605146052460534605446055460564605746058460594606046061460624606346064460654606646067460684606946070460714607246073460744607546076460774607846079460804608146082460834608446085460864608746088460894609046091460924609346094460954609646097460984609946100461014610246103461044610546106461074610846109461104611146112461134611446115461164611746118461194612046121461224612346124461254612646127461284612946130461314613246133461344613546136461374613846139461404614146142461434614446145461464614746148461494615046151461524615346154461554615646157461584615946160461614616246163461644616546166461674616846169461704617146172461734617446175461764617746178461794618046181461824618346184461854618646187461884618946190461914619246193461944619546196461974619846199462004620146202462034620446205462064620746208462094621046211462124621346214462154621646217462184621946220462214622246223462244622546226462274622846229462304623146232462334623446235462364623746238462394624046241462424624346244462454624646247462484624946250462514625246253462544625546256462574625846259462604626146262462634626446265462664626746268462694627046271462724627346274462754627646277462784627946280462814628246283462844628546286462874628846289462904629146292462934629446295462964629746298462994630046301463024630346304463054630646307463084630946310463114631246313463144631546316463174631846319463204632146322463234632446325463264632746328463294633046331463324633346334463354633646337463384633946340463414634246343463444634546346463474634846349463504635146352463534635446355463564635746358463594636046361463624636346364463654636646367463684636946370463714637246373463744637546376463774637846379463804638146382463834638446385463864638746388463894639046391463924639346394463954639646397463984639946400464014640246403464044640546406464074640846409464104641146412464134641446415464164641746418464194642046421464224642346424464254642646427464284642946430464314643246433464344643546436464374643846439464404644146442464434644446445464464644746448464494645046451464524645346454464554645646457464584645946460464614646246463464644646546466464674646846469464704647146472464734647446475464764647746478464794648046481464824648346484464854648646487464884648946490464914649246493464944649546496464974649846499465004650146502465034650446505465064650746508465094651046511465124651346514465154651646517465184651946520465214652246523465244652546526465274652846529465304653146532465334653446535465364653746538465394654046541465424654346544465454654646547465484654946550465514655246553465544655546556465574655846559465604656146562465634656446565465664656746568465694657046571465724657346574465754657646577465784657946580465814658246583465844658546586465874658846589465904659146592465934659446595465964659746598465994660046601466024660346604466054660646607466084660946610466114661246613466144661546616466174661846619466204662146622466234662446625466264662746628466294663046631466324663346634466354663646637466384663946640466414664246643466444664546646466474664846649466504665146652466534665446655466564665746658466594666046661466624666346664466654666646667466684666946670466714667246673466744667546676466774667846679466804668146682466834668446685466864668746688466894669046691466924669346694466954669646697466984669946700467014670246703467044670546706467074670846709467104671146712467134671446715467164671746718467194672046721467224672346724467254672646727467284672946730467314673246733467344673546736467374673846739467404674146742467434674446745467464674746748467494675046751467524675346754467554675646757467584675946760467614676246763467644676546766467674676846769467704677146772467734677446775467764677746778467794678046781467824678346784467854678646787467884678946790467914679246793467944679546796467974679846799468004680146802468034680446805468064680746808468094681046811468124681346814468154681646817468184681946820468214682246823468244682546826468274682846829468304683146832468334683446835468364683746838468394684046841468424684346844468454684646847468484684946850468514685246853468544685546856468574685846859468604686146862468634686446865468664686746868468694687046871468724687346874468754687646877468784687946880468814688246883468844688546886468874688846889468904689146892468934689446895468964689746898468994690046901469024690346904469054690646907469084690946910469114691246913469144691546916469174691846919469204692146922469234692446925469264692746928469294693046931469324693346934469354693646937469384693946940469414694246943469444694546946469474694846949469504695146952469534695446955469564695746958469594696046961469624696346964469654696646967469684696946970469714697246973469744697546976469774697846979469804698146982469834698446985469864698746988469894699046991469924699346994469954699646997469984699947000470014700247003470044700547006470074700847009470104701147012470134701447015470164701747018470194702047021470224702347024470254702647027470284702947030470314703247033470344703547036470374703847039470404704147042470434704447045470464704747048470494705047051470524705347054470554705647057470584705947060470614706247063470644706547066470674706847069470704707147072470734707447075470764707747078470794708047081470824708347084470854708647087470884708947090470914709247093470944709547096470974709847099471004710147102471034710447105471064710747108471094711047111471124711347114471154711647117471184711947120471214712247123471244712547126471274712847129471304713147132471334713447135471364713747138471394714047141471424714347144471454714647147471484714947150471514715247153471544715547156471574715847159471604716147162471634716447165471664716747168471694717047171471724717347174471754717647177471784717947180471814718247183471844718547186471874718847189471904719147192471934719447195471964719747198471994720047201472024720347204472054720647207472084720947210472114721247213472144721547216472174721847219472204722147222472234722447225472264722747228472294723047231472324723347234472354723647237472384723947240472414724247243472444724547246472474724847249472504725147252472534725447255472564725747258472594726047261472624726347264472654726647267472684726947270472714727247273472744727547276472774727847279472804728147282472834728447285472864728747288472894729047291472924729347294472954729647297472984729947300473014730247303473044730547306473074730847309473104731147312473134731447315473164731747318473194732047321473224732347324473254732647327473284732947330473314733247333473344733547336473374733847339473404734147342473434734447345473464734747348473494735047351473524735347354473554735647357473584735947360473614736247363473644736547366473674736847369473704737147372473734737447375473764737747378473794738047381473824738347384473854738647387473884738947390473914739247393473944739547396473974739847399474004740147402474034740447405474064740747408474094741047411474124741347414474154741647417474184741947420474214742247423474244742547426474274742847429474304743147432474334743447435474364743747438474394744047441474424744347444474454744647447474484744947450474514745247453474544745547456474574745847459474604746147462474634746447465474664746747468474694747047471474724747347474474754747647477474784747947480474814748247483474844748547486474874748847489474904749147492474934749447495474964749747498474994750047501475024750347504475054750647507475084750947510475114751247513475144751547516475174751847519475204752147522475234752447525475264752747528475294753047531475324753347534475354753647537475384753947540475414754247543475444754547546475474754847549475504755147552475534755447555475564755747558475594756047561475624756347564475654756647567475684756947570475714757247573475744757547576475774757847579475804758147582475834758447585475864758747588475894759047591475924759347594475954759647597475984759947600476014760247603476044760547606476074760847609476104761147612476134761447615476164761747618476194762047621476224762347624476254762647627476284762947630476314763247633476344763547636476374763847639476404764147642476434764447645476464764747648476494765047651476524765347654476554765647657476584765947660476614766247663476644766547666476674766847669476704767147672476734767447675476764767747678476794768047681476824768347684476854768647687476884768947690476914769247693476944769547696476974769847699477004770147702477034770447705477064770747708477094771047711477124771347714477154771647717477184771947720477214772247723477244772547726477274772847729477304773147732477334773447735477364773747738477394774047741477424774347744477454774647747477484774947750477514775247753477544775547756477574775847759477604776147762477634776447765477664776747768477694777047771477724777347774477754777647777477784777947780477814778247783477844778547786477874778847789477904779147792477934779447795477964779747798477994780047801478024780347804478054780647807478084780947810478114781247813478144781547816478174781847819478204782147822478234782447825478264782747828478294783047831478324783347834478354783647837478384783947840478414784247843478444784547846478474784847849478504785147852478534785447855478564785747858478594786047861478624786347864478654786647867478684786947870478714787247873478744787547876478774787847879478804788147882478834788447885478864788747888478894789047891478924789347894478954789647897478984789947900479014790247903479044790547906479074790847909479104791147912479134791447915479164791747918479194792047921479224792347924479254792647927479284792947930479314793247933479344793547936479374793847939479404794147942479434794447945479464794747948479494795047951479524795347954479554795647957479584795947960479614796247963479644796547966479674796847969479704797147972479734797447975479764797747978479794798047981479824798347984479854798647987479884798947990479914799247993479944799547996479974799847999480004800148002480034800448005480064800748008480094801048011480124801348014480154801648017480184801948020480214802248023480244802548026480274802848029480304803148032480334803448035480364803748038480394804048041480424804348044480454804648047480484804948050480514805248053480544805548056480574805848059480604806148062480634806448065480664806748068480694807048071480724807348074480754807648077480784807948080480814808248083480844808548086480874808848089480904809148092480934809448095480964809748098480994810048101481024810348104481054810648107481084810948110481114811248113481144811548116481174811848119481204812148122481234812448125481264812748128481294813048131481324813348134481354813648137481384813948140481414814248143481444814548146481474814848149481504815148152481534815448155481564815748158481594816048161481624816348164481654816648167481684816948170481714817248173481744817548176481774817848179481804818148182481834818448185481864818748188481894819048191481924819348194481954819648197481984819948200482014820248203482044820548206482074820848209482104821148212482134821448215482164821748218482194822048221482224822348224482254822648227482284822948230482314823248233482344823548236482374823848239482404824148242482434824448245482464824748248482494825048251482524825348254482554825648257482584825948260482614826248263482644826548266482674826848269482704827148272482734827448275482764827748278482794828048281482824828348284482854828648287482884828948290482914829248293482944829548296482974829848299483004830148302483034830448305483064830748308483094831048311483124831348314483154831648317483184831948320483214832248323483244832548326483274832848329483304833148332483334833448335483364833748338483394834048341483424834348344483454834648347483484834948350483514835248353483544835548356483574835848359483604836148362483634836448365483664836748368483694837048371483724837348374483754837648377483784837948380483814838248383483844838548386483874838848389483904839148392483934839448395483964839748398483994840048401484024840348404484054840648407484084840948410484114841248413484144841548416484174841848419484204842148422484234842448425484264842748428484294843048431484324843348434484354843648437484384843948440484414844248443484444844548446484474844848449484504845148452484534845448455484564845748458484594846048461484624846348464484654846648467484684846948470484714847248473484744847548476484774847848479484804848148482484834848448485484864848748488484894849048491484924849348494484954849648497484984849948500485014850248503485044850548506485074850848509485104851148512485134851448515485164851748518485194852048521485224852348524485254852648527485284852948530485314853248533485344853548536485374853848539485404854148542485434854448545485464854748548485494855048551485524855348554485554855648557485584855948560485614856248563485644856548566485674856848569485704857148572485734857448575485764857748578485794858048581485824858348584485854858648587485884858948590485914859248593485944859548596485974859848599486004860148602486034860448605486064860748608486094861048611486124861348614486154861648617486184861948620486214862248623486244862548626486274862848629486304863148632486334863448635486364863748638486394864048641486424864348644486454864648647486484864948650486514865248653486544865548656486574865848659486604866148662486634866448665486664866748668486694867048671486724867348674486754867648677486784867948680486814868248683486844868548686486874868848689486904869148692486934869448695486964869748698486994870048701487024870348704487054870648707487084870948710487114871248713487144871548716487174871848719487204872148722487234872448725487264872748728487294873048731487324873348734487354873648737487384873948740487414874248743487444874548746487474874848749487504875148752487534875448755487564875748758487594876048761487624876348764487654876648767487684876948770487714877248773487744877548776487774877848779487804878148782487834878448785487864878748788487894879048791487924879348794487954879648797487984879948800488014880248803488044880548806488074880848809488104881148812488134881448815488164881748818488194882048821488224882348824488254882648827488284882948830488314883248833488344883548836488374883848839488404884148842488434884448845488464884748848488494885048851488524885348854488554885648857488584885948860488614886248863488644886548866488674886848869488704887148872488734887448875488764887748878488794888048881488824888348884488854888648887488884888948890488914889248893488944889548896488974889848899489004890148902489034890448905489064890748908489094891048911489124891348914489154891648917489184891948920489214892248923489244892548926489274892848929489304893148932489334893448935489364893748938489394894048941489424894348944489454894648947489484894948950489514895248953489544895548956489574895848959489604896148962489634896448965489664896748968489694897048971489724897348974489754897648977489784897948980489814898248983489844898548986489874898848989489904899148992489934899448995489964899748998489994900049001490024900349004490054900649007490084900949010490114901249013490144901549016490174901849019490204902149022490234902449025490264902749028490294903049031490324903349034490354903649037490384903949040490414904249043490444904549046490474904849049490504905149052490534905449055490564905749058490594906049061490624906349064490654906649067490684906949070490714907249073490744907549076490774907849079490804908149082490834908449085490864908749088490894909049091490924909349094490954909649097490984909949100491014910249103491044910549106491074910849109491104911149112491134911449115491164911749118491194912049121491224912349124491254912649127491284912949130491314913249133491344913549136491374913849139491404914149142491434914449145491464914749148491494915049151491524915349154491554915649157491584915949160491614916249163491644916549166491674916849169491704917149172491734917449175491764917749178491794918049181491824918349184491854918649187491884918949190491914919249193491944919549196491974919849199492004920149202492034920449205492064920749208492094921049211492124921349214492154921649217492184921949220492214922249223492244922549226492274922849229492304923149232492334923449235492364923749238492394924049241492424924349244492454924649247492484924949250492514925249253492544925549256492574925849259492604926149262492634926449265492664926749268492694927049271492724927349274492754927649277492784927949280492814928249283492844928549286492874928849289492904929149292492934929449295492964929749298492994930049301493024930349304493054930649307493084930949310493114931249313493144931549316493174931849319493204932149322493234932449325493264932749328493294933049331493324933349334493354933649337493384933949340493414934249343493444934549346493474934849349493504935149352493534935449355493564935749358493594936049361493624936349364493654936649367493684936949370493714937249373493744937549376493774937849379493804938149382493834938449385493864938749388493894939049391493924939349394493954939649397493984939949400494014940249403494044940549406494074940849409494104941149412494134941449415494164941749418494194942049421494224942349424494254942649427494284942949430494314943249433494344943549436494374943849439494404944149442494434944449445494464944749448494494945049451494524945349454494554945649457494584945949460494614946249463494644946549466494674946849469494704947149472494734947449475494764947749478494794948049481494824948349484494854948649487494884948949490494914949249493494944949549496494974949849499495004950149502495034950449505495064950749508495094951049511495124951349514495154951649517495184951949520495214952249523495244952549526495274952849529495304953149532495334953449535495364953749538495394954049541495424954349544495454954649547495484954949550495514955249553495544955549556495574955849559495604956149562495634956449565495664956749568495694957049571495724957349574495754957649577495784957949580495814958249583495844958549586495874958849589495904959149592495934959449595495964959749598495994960049601496024960349604496054960649607496084960949610496114961249613496144961549616496174961849619496204962149622496234962449625496264962749628496294963049631496324963349634496354963649637496384963949640496414964249643496444964549646496474964849649496504965149652496534965449655496564965749658496594966049661496624966349664496654966649667496684966949670496714967249673496744967549676496774967849679496804968149682496834968449685496864968749688496894969049691496924969349694496954969649697496984969949700497014970249703497044970549706497074970849709497104971149712497134971449715497164971749718497194972049721497224972349724497254972649727497284972949730497314973249733497344973549736497374973849739497404974149742497434974449745497464974749748497494975049751497524975349754497554975649757497584975949760497614976249763497644976549766497674976849769497704977149772497734977449775497764977749778497794978049781497824978349784497854978649787497884978949790497914979249793497944979549796497974979849799498004980149802498034980449805498064980749808498094981049811498124981349814498154981649817498184981949820498214982249823498244982549826498274982849829498304983149832498334983449835498364983749838498394984049841498424984349844498454984649847498484984949850498514985249853498544985549856498574985849859498604986149862498634986449865498664986749868498694987049871498724987349874498754987649877498784987949880498814988249883498844988549886498874988849889498904989149892498934989449895498964989749898498994990049901499024990349904499054990649907499084990949910499114991249913499144991549916499174991849919499204992149922499234992449925499264992749928499294993049931499324993349934499354993649937499384993949940499414994249943499444994549946499474994849949499504995149952499534995449955499564995749958499594996049961499624996349964499654996649967499684996949970499714997249973499744997549976499774997849979499804998149982499834998449985499864998749988499894999049991499924999349994499954999649997499984999950000500015000250003500045000550006500075000850009500105001150012500135001450015500165001750018500195002050021500225002350024500255002650027500285002950030500315003250033500345003550036500375003850039500405004150042500435004450045500465004750048500495005050051500525005350054500555005650057500585005950060500615006250063500645006550066500675006850069500705007150072500735007450075500765007750078500795008050081500825008350084500855008650087500885008950090500915009250093500945009550096500975009850099501005010150102501035010450105501065010750108501095011050111501125011350114501155011650117501185011950120501215012250123501245012550126501275012850129501305013150132501335013450135501365013750138501395014050141501425014350144501455014650147501485014950150501515015250153501545015550156501575015850159501605016150162501635016450165501665016750168501695017050171501725017350174501755017650177501785017950180501815018250183501845018550186501875018850189501905019150192501935019450195501965019750198501995020050201502025020350204502055020650207502085020950210502115021250213502145021550216502175021850219502205022150222502235022450225502265022750228502295023050231502325023350234502355023650237502385023950240502415024250243502445024550246502475024850249502505025150252502535025450255502565025750258502595026050261502625026350264502655026650267502685026950270502715027250273502745027550276502775027850279502805028150282502835028450285502865028750288502895029050291502925029350294502955029650297502985029950300503015030250303503045030550306503075030850309503105031150312503135031450315503165031750318503195032050321503225032350324503255032650327503285032950330503315033250333503345033550336503375033850339503405034150342503435034450345503465034750348503495035050351503525035350354503555035650357503585035950360503615036250363503645036550366503675036850369503705037150372503735037450375503765037750378503795038050381503825038350384503855038650387503885038950390503915039250393503945039550396503975039850399504005040150402504035040450405504065040750408504095041050411504125041350414504155041650417504185041950420504215042250423504245042550426504275042850429504305043150432504335043450435504365043750438504395044050441504425044350444504455044650447504485044950450504515045250453504545045550456504575045850459504605046150462504635046450465504665046750468504695047050471504725047350474504755047650477504785047950480504815048250483504845048550486504875048850489504905049150492504935049450495504965049750498504995050050501505025050350504505055050650507505085050950510505115051250513505145051550516505175051850519505205052150522505235052450525505265052750528505295053050531505325053350534505355053650537505385053950540505415054250543505445054550546505475054850549505505055150552505535055450555505565055750558505595056050561505625056350564505655056650567505685056950570505715057250573505745057550576505775057850579505805058150582505835058450585505865058750588505895059050591505925059350594505955059650597505985059950600506015060250603506045060550606506075060850609506105061150612506135061450615506165061750618506195062050621506225062350624506255062650627506285062950630506315063250633506345063550636506375063850639506405064150642506435064450645506465064750648506495065050651506525065350654506555065650657506585065950660506615066250663506645066550666506675066850669506705067150672506735067450675506765067750678506795068050681506825068350684506855068650687506885068950690506915069250693506945069550696506975069850699507005070150702507035070450705507065070750708507095071050711507125071350714507155071650717507185071950720507215072250723507245072550726507275072850729507305073150732507335073450735507365073750738507395074050741507425074350744507455074650747507485074950750507515075250753507545075550756507575075850759507605076150762507635076450765507665076750768507695077050771507725077350774507755077650777507785077950780507815078250783507845078550786507875078850789507905079150792507935079450795507965079750798507995080050801508025080350804508055080650807508085080950810508115081250813508145081550816508175081850819508205082150822508235082450825508265082750828508295083050831508325083350834508355083650837508385083950840508415084250843508445084550846508475084850849508505085150852508535085450855508565085750858508595086050861508625086350864508655086650867508685086950870508715087250873508745087550876508775087850879508805088150882508835088450885508865088750888508895089050891508925089350894508955089650897508985089950900509015090250903509045090550906509075090850909509105091150912509135091450915509165091750918509195092050921509225092350924509255092650927509285092950930509315093250933509345093550936509375093850939509405094150942509435094450945509465094750948509495095050951509525095350954509555095650957509585095950960509615096250963509645096550966509675096850969509705097150972509735097450975509765097750978509795098050981509825098350984509855098650987509885098950990509915099250993509945099550996509975099850999510005100151002510035100451005510065100751008510095101051011510125101351014510155101651017510185101951020510215102251023510245102551026510275102851029510305103151032510335103451035510365103751038510395104051041510425104351044510455104651047510485104951050510515105251053510545105551056510575105851059510605106151062510635106451065510665106751068510695107051071510725107351074510755107651077510785107951080510815108251083510845108551086510875108851089510905109151092510935109451095510965109751098510995110051101511025110351104511055110651107511085110951110511115111251113511145111551116511175111851119511205112151122511235112451125511265112751128511295113051131511325113351134511355113651137511385113951140511415114251143511445114551146511475114851149511505115151152511535115451155511565115751158511595116051161511625116351164511655116651167511685116951170511715117251173511745117551176511775117851179511805118151182511835118451185511865118751188511895119051191511925119351194511955119651197511985119951200512015120251203512045120551206512075120851209512105121151212512135121451215512165121751218512195122051221512225122351224512255122651227512285122951230512315123251233512345123551236512375123851239512405124151242512435124451245512465124751248512495125051251512525125351254512555125651257512585125951260512615126251263512645126551266512675126851269512705127151272512735127451275512765127751278512795128051281512825128351284512855128651287512885128951290512915129251293512945129551296512975129851299513005130151302513035130451305513065130751308513095131051311513125131351314513155131651317513185131951320513215132251323513245132551326513275132851329513305133151332513335133451335513365133751338513395134051341513425134351344513455134651347513485134951350513515135251353513545135551356513575135851359513605136151362513635136451365513665136751368513695137051371513725137351374513755137651377513785137951380513815138251383513845138551386513875138851389513905139151392513935139451395513965139751398513995140051401514025140351404514055140651407514085140951410514115141251413514145141551416514175141851419514205142151422514235142451425514265142751428514295143051431514325143351434514355143651437514385143951440514415144251443514445144551446514475144851449514505145151452514535145451455514565145751458514595146051461514625146351464514655146651467514685146951470514715147251473514745147551476514775147851479514805148151482514835148451485514865148751488514895149051491514925149351494514955149651497514985149951500515015150251503515045150551506515075150851509515105151151512515135151451515515165151751518515195152051521515225152351524515255152651527515285152951530515315153251533515345153551536515375153851539515405154151542515435154451545515465154751548515495155051551515525155351554515555155651557515585155951560515615156251563515645156551566515675156851569515705157151572515735157451575515765157751578515795158051581515825158351584515855158651587515885158951590515915159251593515945159551596515975159851599516005160151602516035160451605516065160751608516095161051611516125161351614516155161651617516185161951620516215162251623516245162551626516275162851629516305163151632516335163451635516365163751638516395164051641516425164351644516455164651647516485164951650516515165251653516545165551656516575165851659516605166151662516635166451665516665166751668516695167051671516725167351674516755167651677516785167951680516815168251683516845168551686516875168851689516905169151692516935169451695516965169751698516995170051701517025170351704517055170651707517085170951710517115171251713517145171551716517175171851719517205172151722517235172451725517265172751728517295173051731517325173351734517355173651737517385173951740517415174251743517445174551746517475174851749517505175151752517535175451755517565175751758517595176051761517625176351764517655176651767517685176951770517715177251773517745177551776517775177851779517805178151782517835178451785517865178751788517895179051791517925179351794517955179651797517985179951800518015180251803518045180551806518075180851809518105181151812518135181451815518165181751818518195182051821518225182351824518255182651827518285182951830518315183251833518345183551836518375183851839518405184151842518435184451845518465184751848518495185051851518525185351854518555185651857518585185951860518615186251863518645186551866518675186851869518705187151872518735187451875518765187751878518795188051881518825188351884518855188651887518885188951890518915189251893518945189551896518975189851899519005190151902519035190451905519065190751908519095191051911519125191351914519155191651917519185191951920519215192251923519245192551926519275192851929519305193151932519335193451935519365193751938519395194051941519425194351944519455194651947519485194951950519515195251953519545195551956519575195851959519605196151962519635196451965519665196751968519695197051971519725197351974519755197651977519785197951980519815198251983519845198551986519875198851989519905199151992519935199451995519965199751998519995200052001520025200352004520055200652007520085200952010520115201252013520145201552016520175201852019520205202152022520235202452025520265202752028520295203052031520325203352034520355203652037520385203952040520415204252043520445204552046520475204852049520505205152052520535205452055520565205752058520595206052061520625206352064520655206652067520685206952070520715207252073520745207552076520775207852079520805208152082520835208452085520865208752088520895209052091520925209352094520955209652097520985209952100521015210252103521045210552106521075210852109521105211152112521135211452115521165211752118521195212052121521225212352124521255212652127521285212952130521315213252133521345213552136521375213852139521405214152142521435214452145521465214752148521495215052151521525215352154521555215652157521585215952160521615216252163521645216552166521675216852169521705217152172521735217452175521765217752178521795218052181521825218352184521855218652187521885218952190521915219252193521945219552196521975219852199522005220152202522035220452205522065220752208522095221052211522125221352214522155221652217522185221952220522215222252223522245222552226522275222852229522305223152232522335223452235522365223752238522395224052241522425224352244522455224652247522485224952250522515225252253522545225552256522575225852259522605226152262522635226452265522665226752268522695227052271522725227352274522755227652277522785227952280522815228252283522845228552286522875228852289522905229152292522935229452295522965229752298522995230052301523025230352304523055230652307523085230952310523115231252313523145231552316523175231852319523205232152322523235232452325523265232752328523295233052331523325233352334523355233652337523385233952340523415234252343523445234552346523475234852349523505235152352523535235452355523565235752358523595236052361523625236352364523655236652367523685236952370523715237252373523745237552376523775237852379523805238152382523835238452385523865238752388523895239052391523925239352394523955239652397523985239952400524015240252403524045240552406524075240852409524105241152412524135241452415524165241752418524195242052421524225242352424524255242652427524285242952430524315243252433524345243552436524375243852439524405244152442524435244452445524465244752448524495245052451524525245352454524555245652457524585245952460524615246252463524645246552466524675246852469524705247152472524735247452475524765247752478524795248052481524825248352484524855248652487524885248952490524915249252493524945249552496524975249852499525005250152502525035250452505525065250752508525095251052511525125251352514525155251652517525185251952520525215252252523525245252552526525275252852529525305253152532525335253452535525365253752538525395254052541525425254352544525455254652547525485254952550525515255252553525545255552556525575255852559525605256152562525635256452565525665256752568525695257052571525725257352574525755257652577525785257952580525815258252583525845258552586525875258852589525905259152592525935259452595525965259752598525995260052601526025260352604526055260652607526085260952610526115261252613526145261552616526175261852619526205262152622526235262452625526265262752628526295263052631526325263352634526355263652637526385263952640526415264252643526445264552646526475264852649526505265152652526535265452655526565265752658526595266052661526625266352664526655266652667526685266952670526715267252673526745267552676526775267852679526805268152682526835268452685526865268752688526895269052691526925269352694526955269652697526985269952700527015270252703527045270552706527075270852709527105271152712527135271452715527165271752718527195272052721527225272352724527255272652727527285272952730527315273252733527345273552736527375273852739527405274152742527435274452745527465274752748527495275052751527525275352754527555275652757527585275952760527615276252763527645276552766527675276852769527705277152772527735277452775527765277752778527795278052781527825278352784527855278652787527885278952790527915279252793527945279552796527975279852799528005280152802528035280452805528065280752808528095281052811528125281352814528155281652817528185281952820528215282252823528245282552826528275282852829528305283152832528335283452835528365283752838528395284052841528425284352844528455284652847528485284952850528515285252853528545285552856528575285852859528605286152862528635286452865528665286752868528695287052871528725287352874528755287652877528785287952880528815288252883528845288552886528875288852889528905289152892528935289452895528965289752898528995290052901529025290352904529055290652907529085290952910529115291252913529145291552916529175291852919529205292152922529235292452925529265292752928529295293052931529325293352934529355293652937529385293952940529415294252943529445294552946529475294852949529505295152952529535295452955529565295752958529595296052961529625296352964529655296652967529685296952970529715297252973529745297552976529775297852979529805298152982529835298452985529865298752988529895299052991529925299352994529955299652997529985299953000530015300253003530045300553006530075300853009530105301153012530135301453015530165301753018530195302053021530225302353024530255302653027530285302953030530315303253033530345303553036530375303853039530405304153042530435304453045530465304753048530495305053051530525305353054530555305653057530585305953060530615306253063530645306553066530675306853069530705307153072530735307453075530765307753078530795308053081530825308353084530855308653087530885308953090530915309253093530945309553096530975309853099531005310153102531035310453105531065310753108531095311053111531125311353114531155311653117531185311953120531215312253123531245312553126531275312853129531305313153132531335313453135531365313753138531395314053141531425314353144531455314653147531485314953150531515315253153531545315553156531575315853159531605316153162531635316453165531665316753168531695317053171531725317353174531755317653177531785317953180531815318253183531845318553186531875318853189531905319153192531935319453195531965319753198531995320053201532025320353204532055320653207532085320953210532115321253213532145321553216532175321853219532205322153222532235322453225532265322753228532295323053231532325323353234532355323653237532385323953240532415324253243532445324553246532475324853249532505325153252532535325453255532565325753258532595326053261532625326353264532655326653267532685326953270532715327253273532745327553276532775327853279532805328153282532835328453285532865328753288532895329053291532925329353294532955329653297532985329953300533015330253303533045330553306533075330853309533105331153312533135331453315533165331753318533195332053321533225332353324533255332653327533285332953330533315333253333533345333553336533375333853339533405334153342533435334453345533465334753348533495335053351533525335353354533555335653357533585335953360533615336253363533645336553366533675336853369533705337153372533735337453375533765337753378533795338053381533825338353384533855338653387533885338953390533915339253393533945339553396533975339853399534005340153402534035340453405534065340753408534095341053411534125341353414534155341653417534185341953420534215342253423534245342553426534275342853429534305343153432534335343453435534365343753438534395344053441534425344353444534455344653447534485344953450534515345253453534545345553456534575345853459534605346153462534635346453465534665346753468534695347053471534725347353474534755347653477534785347953480534815348253483534845348553486534875348853489534905349153492534935349453495534965349753498534995350053501535025350353504535055350653507535085350953510535115351253513535145351553516535175351853519535205352153522535235352453525535265352753528535295353053531535325353353534535355353653537535385353953540535415354253543535445354553546535475354853549535505355153552535535355453555535565355753558535595356053561535625356353564535655356653567535685356953570535715357253573535745357553576535775357853579535805358153582535835358453585535865358753588535895359053591535925359353594535955359653597535985359953600536015360253603536045360553606536075360853609536105361153612536135361453615536165361753618536195362053621536225362353624536255362653627536285362953630536315363253633536345363553636536375363853639536405364153642536435364453645536465364753648536495365053651536525365353654536555365653657536585365953660536615366253663536645366553666536675366853669536705367153672536735367453675536765367753678536795368053681536825368353684536855368653687536885368953690536915369253693536945369553696536975369853699537005370153702537035370453705537065370753708537095371053711537125371353714537155371653717537185371953720537215372253723537245372553726537275372853729537305373153732537335373453735537365373753738537395374053741537425374353744537455374653747537485374953750537515375253753537545375553756537575375853759537605376153762537635376453765537665376753768537695377053771537725377353774537755377653777537785377953780537815378253783537845378553786537875378853789537905379153792537935379453795537965379753798537995380053801538025380353804538055380653807538085380953810538115381253813538145381553816538175381853819538205382153822538235382453825538265382753828538295383053831538325383353834538355383653837538385383953840538415384253843538445384553846538475384853849538505385153852538535385453855538565385753858538595386053861538625386353864538655386653867538685386953870538715387253873538745387553876538775387853879538805388153882538835388453885538865388753888538895389053891538925389353894538955389653897538985389953900539015390253903539045390553906539075390853909539105391153912539135391453915539165391753918539195392053921539225392353924539255392653927539285392953930539315393253933539345393553936539375393853939539405394153942539435394453945539465394753948539495395053951539525395353954539555395653957539585395953960539615396253963539645396553966539675396853969539705397153972539735397453975539765397753978539795398053981539825398353984539855398653987539885398953990539915399253993539945399553996539975399853999540005400154002540035400454005540065400754008540095401054011540125401354014540155401654017540185401954020540215402254023540245402554026540275402854029540305403154032540335403454035540365403754038540395404054041540425404354044540455404654047540485404954050540515405254053540545405554056540575405854059540605406154062540635406454065540665406754068540695407054071540725407354074540755407654077540785407954080540815408254083540845408554086540875408854089540905409154092540935409454095540965409754098540995410054101541025410354104541055410654107541085410954110541115411254113541145411554116541175411854119541205412154122541235412454125541265412754128541295413054131541325413354134541355413654137541385413954140541415414254143541445414554146541475414854149541505415154152541535415454155541565415754158541595416054161541625416354164541655416654167541685416954170541715417254173541745417554176541775417854179541805418154182541835418454185541865418754188541895419054191541925419354194541955419654197541985419954200542015420254203542045420554206542075420854209542105421154212542135421454215542165421754218542195422054221542225422354224542255422654227542285422954230542315423254233542345423554236542375423854239542405424154242542435424454245542465424754248542495425054251542525425354254542555425654257542585425954260542615426254263542645426554266542675426854269542705427154272542735427454275542765427754278542795428054281542825428354284542855428654287542885428954290542915429254293542945429554296542975429854299543005430154302543035430454305543065430754308543095431054311543125431354314543155431654317543185431954320543215432254323543245432554326543275432854329543305433154332543335433454335543365433754338543395434054341543425434354344543455434654347543485434954350543515435254353543545435554356543575435854359543605436154362543635436454365543665436754368543695437054371543725437354374543755437654377543785437954380543815438254383543845438554386543875438854389543905439154392543935439454395543965439754398543995440054401544025440354404544055440654407544085440954410544115441254413544145441554416544175441854419544205442154422544235442454425544265442754428544295443054431544325443354434544355443654437544385443954440544415444254443544445444554446544475444854449544505445154452544535445454455544565445754458544595446054461544625446354464544655446654467544685446954470544715447254473544745447554476544775447854479544805448154482544835448454485544865448754488544895449054491544925449354494544955449654497544985449954500545015450254503545045450554506545075450854509545105451154512545135451454515545165451754518545195452054521545225452354524545255452654527545285452954530545315453254533545345453554536545375453854539545405454154542545435454454545545465454754548545495455054551545525455354554545555455654557545585455954560545615456254563545645456554566545675456854569545705457154572545735457454575545765457754578545795458054581545825458354584545855458654587545885458954590545915459254593545945459554596545975459854599546005460154602546035460454605546065460754608546095461054611546125461354614546155461654617546185461954620546215462254623546245462554626546275462854629546305463154632546335463454635546365463754638546395464054641546425464354644546455464654647546485464954650546515465254653546545465554656546575465854659546605466154662546635466454665546665466754668546695467054671546725467354674546755467654677546785467954680546815468254683546845468554686546875468854689546905469154692546935469454695546965469754698546995470054701547025470354704547055470654707547085470954710547115471254713547145471554716547175471854719547205472154722547235472454725547265472754728547295473054731547325473354734547355473654737547385473954740547415474254743547445474554746547475474854749547505475154752547535475454755547565475754758547595476054761547625476354764547655476654767547685476954770547715477254773547745477554776547775477854779547805478154782547835478454785547865478754788547895479054791547925479354794547955479654797547985479954800548015480254803548045480554806548075480854809548105481154812548135481454815548165481754818548195482054821548225482354824548255482654827548285482954830548315483254833548345483554836548375483854839548405484154842548435484454845548465484754848548495485054851548525485354854548555485654857548585485954860548615486254863548645486554866548675486854869548705487154872548735487454875548765487754878548795488054881548825488354884548855488654887548885488954890548915489254893548945489554896548975489854899549005490154902549035490454905549065490754908549095491054911549125491354914549155491654917549185491954920549215492254923549245492554926549275492854929549305493154932549335493454935549365493754938549395494054941549425494354944549455494654947549485494954950549515495254953549545495554956549575495854959549605496154962549635496454965549665496754968549695497054971549725497354974549755497654977549785497954980549815498254983549845498554986549875498854989549905499154992549935499454995549965499754998549995500055001550025500355004550055500655007550085500955010550115501255013550145501555016550175501855019550205502155022550235502455025550265502755028550295503055031550325503355034550355503655037550385503955040550415504255043550445504555046550475504855049550505505155052550535505455055550565505755058550595506055061550625506355064550655506655067550685506955070550715507255073550745507555076550775507855079550805508155082550835508455085550865508755088550895509055091550925509355094550955509655097550985509955100551015510255103551045510555106551075510855109551105511155112551135511455115551165511755118551195512055121551225512355124551255512655127551285512955130551315513255133551345513555136551375513855139551405514155142551435514455145551465514755148551495515055151551525515355154551555515655157551585515955160551615516255163551645516555166551675516855169551705517155172551735517455175551765517755178551795518055181551825518355184551855518655187551885518955190551915519255193551945519555196551975519855199552005520155202552035520455205552065520755208552095521055211552125521355214552155521655217552185521955220552215522255223552245522555226552275522855229552305523155232552335523455235552365523755238552395524055241552425524355244552455524655247552485524955250552515525255253552545525555256552575525855259552605526155262552635526455265552665526755268552695527055271552725527355274552755527655277552785527955280552815528255283552845528555286552875528855289552905529155292552935529455295552965529755298552995530055301553025530355304553055530655307553085530955310553115531255313553145531555316553175531855319553205532155322553235532455325553265532755328553295533055331553325533355334553355533655337553385533955340553415534255343553445534555346553475534855349553505535155352553535535455355553565535755358553595536055361553625536355364553655536655367553685536955370553715537255373553745537555376553775537855379553805538155382553835538455385553865538755388553895539055391553925539355394553955539655397553985539955400554015540255403554045540555406554075540855409554105541155412554135541455415554165541755418554195542055421554225542355424554255542655427554285542955430554315543255433554345543555436554375543855439554405544155442554435544455445554465544755448554495545055451554525545355454554555545655457554585545955460554615546255463554645546555466554675546855469554705547155472554735547455475554765547755478554795548055481554825548355484554855548655487554885548955490554915549255493554945549555496554975549855499555005550155502555035550455505555065550755508555095551055511555125551355514555155551655517555185551955520555215552255523555245552555526555275552855529555305553155532555335553455535555365553755538555395554055541555425554355544555455554655547555485554955550555515555255553555545555555556555575555855559555605556155562555635556455565555665556755568555695557055571555725557355574555755557655577555785557955580555815558255583555845558555586555875558855589555905559155592555935559455595555965559755598555995560055601556025560355604556055560655607556085560955610556115561255613556145561555616556175561855619556205562155622556235562455625556265562755628556295563055631556325563355634556355563655637556385563955640556415564255643556445564555646556475564855649556505565155652556535565455655556565565755658556595566055661556625566355664556655566655667556685566955670556715567255673556745567555676556775567855679556805568155682556835568455685556865568755688556895569055691556925569355694556955569655697556985569955700557015570255703557045570555706557075570855709557105571155712557135571455715557165571755718557195572055721557225572355724557255572655727557285572955730557315573255733557345573555736557375573855739557405574155742557435574455745557465574755748557495575055751557525575355754557555575655757557585575955760557615576255763557645576555766557675576855769557705577155772557735577455775557765577755778557795578055781557825578355784557855578655787557885578955790557915579255793557945579555796557975579855799558005580155802558035580455805558065580755808558095581055811558125581355814558155581655817558185581955820558215582255823558245582555826558275582855829558305583155832558335583455835558365583755838558395584055841558425584355844558455584655847558485584955850558515585255853558545585555856558575585855859558605586155862558635586455865558665586755868558695587055871558725587355874558755587655877558785587955880558815588255883558845588555886558875588855889558905589155892558935589455895558965589755898558995590055901559025590355904559055590655907559085590955910559115591255913559145591555916559175591855919559205592155922559235592455925559265592755928559295593055931559325593355934559355593655937559385593955940559415594255943559445594555946559475594855949559505595155952559535595455955559565595755958559595596055961559625596355964559655596655967559685596955970559715597255973559745597555976559775597855979559805598155982559835598455985559865598755988559895599055991559925599355994559955599655997559985599956000560015600256003560045600556006560075600856009560105601156012560135601456015560165601756018560195602056021560225602356024560255602656027560285602956030560315603256033560345603556036560375603856039560405604156042560435604456045560465604756048560495605056051560525605356054560555605656057560585605956060560615606256063560645606556066560675606856069560705607156072560735607456075560765607756078560795608056081560825608356084560855608656087560885608956090560915609256093560945609556096560975609856099561005610156102561035610456105561065610756108561095611056111561125611356114561155611656117561185611956120561215612256123561245612556126561275612856129561305613156132561335613456135561365613756138561395614056141561425614356144561455614656147561485614956150561515615256153561545615556156561575615856159561605616156162561635616456165561665616756168561695617056171561725617356174561755617656177561785617956180561815618256183561845618556186561875618856189561905619156192561935619456195561965619756198561995620056201562025620356204562055620656207562085620956210562115621256213562145621556216562175621856219562205622156222562235622456225562265622756228562295623056231562325623356234562355623656237562385623956240562415624256243562445624556246562475624856249562505625156252562535625456255562565625756258562595626056261562625626356264562655626656267562685626956270562715627256273562745627556276562775627856279562805628156282562835628456285562865628756288562895629056291562925629356294562955629656297562985629956300563015630256303563045630556306563075630856309563105631156312563135631456315563165631756318563195632056321563225632356324563255632656327563285632956330563315633256333563345633556336563375633856339563405634156342563435634456345563465634756348563495635056351563525635356354563555635656357563585635956360563615636256363563645636556366563675636856369563705637156372563735637456375563765637756378563795638056381563825638356384563855638656387563885638956390563915639256393563945639556396563975639856399564005640156402564035640456405564065640756408564095641056411564125641356414564155641656417564185641956420564215642256423564245642556426564275642856429564305643156432564335643456435564365643756438564395644056441564425644356444564455644656447564485644956450564515645256453564545645556456564575645856459564605646156462564635646456465564665646756468564695647056471564725647356474564755647656477564785647956480564815648256483564845648556486564875648856489564905649156492564935649456495564965649756498564995650056501565025650356504565055650656507565085650956510565115651256513565145651556516565175651856519565205652156522565235652456525565265652756528565295653056531565325653356534565355653656537565385653956540565415654256543565445654556546565475654856549565505655156552565535655456555565565655756558565595656056561565625656356564565655656656567565685656956570565715657256573565745657556576565775657856579565805658156582565835658456585565865658756588565895659056591565925659356594565955659656597565985659956600566015660256603566045660556606566075660856609566105661156612566135661456615566165661756618566195662056621566225662356624566255662656627566285662956630566315663256633566345663556636566375663856639566405664156642566435664456645566465664756648566495665056651566525665356654566555665656657566585665956660566615666256663566645666556666566675666856669566705667156672566735667456675566765667756678566795668056681566825668356684566855668656687566885668956690566915669256693566945669556696566975669856699567005670156702567035670456705567065670756708567095671056711567125671356714567155671656717567185671956720567215672256723567245672556726567275672856729567305673156732567335673456735567365673756738567395674056741567425674356744567455674656747567485674956750567515675256753567545675556756567575675856759567605676156762567635676456765567665676756768567695677056771567725677356774567755677656777567785677956780567815678256783567845678556786567875678856789567905679156792567935679456795567965679756798567995680056801568025680356804568055680656807568085680956810568115681256813568145681556816568175681856819568205682156822568235682456825568265682756828568295683056831568325683356834568355683656837568385683956840568415684256843568445684556846568475684856849568505685156852568535685456855568565685756858568595686056861568625686356864568655686656867568685686956870568715687256873568745687556876568775687856879568805688156882568835688456885568865688756888568895689056891568925689356894568955689656897568985689956900569015690256903569045690556906569075690856909569105691156912569135691456915569165691756918569195692056921569225692356924569255692656927569285692956930569315693256933569345693556936569375693856939569405694156942569435694456945569465694756948569495695056951569525695356954569555695656957569585695956960569615696256963569645696556966569675696856969569705697156972569735697456975569765697756978569795698056981569825698356984569855698656987569885698956990569915699256993569945699556996569975699856999570005700157002570035700457005570065700757008570095701057011570125701357014570155701657017570185701957020570215702257023570245702557026570275702857029570305703157032570335703457035570365703757038570395704057041570425704357044570455704657047570485704957050570515705257053570545705557056570575705857059570605706157062570635706457065570665706757068570695707057071570725707357074570755707657077570785707957080570815708257083570845708557086570875708857089570905709157092570935709457095570965709757098570995710057101571025710357104571055710657107571085710957110571115711257113571145711557116571175711857119571205712157122571235712457125571265712757128571295713057131571325713357134571355713657137571385713957140571415714257143571445714557146571475714857149571505715157152571535715457155571565715757158571595716057161571625716357164571655716657167571685716957170571715717257173571745717557176571775717857179571805718157182571835718457185571865718757188571895719057191571925719357194571955719657197571985719957200572015720257203572045720557206572075720857209572105721157212572135721457215572165721757218572195722057221572225722357224572255722657227572285722957230572315723257233572345723557236572375723857239572405724157242572435724457245572465724757248572495725057251572525725357254572555725657257572585725957260572615726257263572645726557266572675726857269572705727157272572735727457275572765727757278572795728057281572825728357284572855728657287572885728957290572915729257293572945729557296572975729857299573005730157302573035730457305573065730757308573095731057311573125731357314573155731657317573185731957320573215732257323573245732557326573275732857329573305733157332573335733457335573365733757338573395734057341573425734357344573455734657347573485734957350573515735257353573545735557356573575735857359573605736157362573635736457365573665736757368573695737057371573725737357374573755737657377573785737957380573815738257383573845738557386573875738857389573905739157392573935739457395573965739757398573995740057401574025740357404574055740657407574085740957410574115741257413574145741557416574175741857419574205742157422574235742457425574265742757428574295743057431574325743357434574355743657437574385743957440574415744257443574445744557446574475744857449574505745157452574535745457455574565745757458574595746057461574625746357464574655746657467574685746957470574715747257473574745747557476574775747857479574805748157482574835748457485574865748757488574895749057491574925749357494574955749657497574985749957500575015750257503575045750557506575075750857509575105751157512575135751457515575165751757518575195752057521575225752357524575255752657527575285752957530575315753257533575345753557536575375753857539575405754157542575435754457545575465754757548575495755057551575525755357554575555755657557575585755957560575615756257563575645756557566575675756857569575705757157572575735757457575575765757757578575795758057581575825758357584575855758657587575885758957590575915759257593575945759557596575975759857599576005760157602576035760457605576065760757608576095761057611576125761357614576155761657617576185761957620576215762257623576245762557626576275762857629576305763157632576335763457635576365763757638576395764057641576425764357644576455764657647576485764957650576515765257653576545765557656576575765857659576605766157662576635766457665576665766757668576695767057671576725767357674576755767657677576785767957680576815768257683576845768557686576875768857689576905769157692576935769457695576965769757698576995770057701577025770357704577055770657707577085770957710577115771257713577145771557716577175771857719577205772157722577235772457725577265772757728577295773057731577325773357734577355773657737577385773957740577415774257743577445774557746577475774857749577505775157752577535775457755577565775757758577595776057761577625776357764577655776657767577685776957770577715777257773577745777557776577775777857779577805778157782577835778457785577865778757788577895779057791577925779357794577955779657797577985779957800578015780257803578045780557806578075780857809578105781157812578135781457815578165781757818578195782057821578225782357824578255782657827578285782957830578315783257833578345783557836578375783857839578405784157842578435784457845578465784757848578495785057851578525785357854578555785657857578585785957860578615786257863578645786557866578675786857869578705787157872578735787457875578765787757878578795788057881578825788357884578855788657887578885788957890578915789257893578945789557896578975789857899579005790157902579035790457905579065790757908579095791057911579125791357914579155791657917579185791957920579215792257923579245792557926579275792857929579305793157932579335793457935579365793757938579395794057941579425794357944579455794657947579485794957950579515795257953579545795557956579575795857959579605796157962579635796457965579665796757968579695797057971579725797357974579755797657977579785797957980579815798257983579845798557986579875798857989579905799157992579935799457995579965799757998579995800058001580025800358004580055800658007580085800958010580115801258013580145801558016580175801858019580205802158022580235802458025580265802758028580295803058031580325803358034580355803658037580385803958040580415804258043580445804558046580475804858049580505805158052580535805458055580565805758058580595806058061580625806358064580655806658067580685806958070580715807258073580745807558076580775807858079580805808158082580835808458085580865808758088580895809058091580925809358094580955809658097580985809958100581015810258103581045810558106581075810858109581105811158112581135811458115581165811758118581195812058121581225812358124581255812658127581285812958130581315813258133581345813558136581375813858139581405814158142581435814458145581465814758148581495815058151581525815358154581555815658157581585815958160581615816258163581645816558166581675816858169581705817158172581735817458175581765817758178581795818058181581825818358184581855818658187581885818958190581915819258193581945819558196581975819858199582005820158202582035820458205582065820758208582095821058211582125821358214582155821658217582185821958220582215822258223582245822558226582275822858229582305823158232582335823458235582365823758238582395824058241582425824358244582455824658247582485824958250582515825258253582545825558256582575825858259582605826158262582635826458265582665826758268582695827058271582725827358274582755827658277582785827958280582815828258283582845828558286582875828858289582905829158292582935829458295582965829758298582995830058301583025830358304583055830658307583085830958310583115831258313583145831558316583175831858319583205832158322583235832458325583265832758328583295833058331583325833358334583355833658337583385833958340583415834258343583445834558346583475834858349583505835158352583535835458355583565835758358583595836058361583625836358364583655836658367583685836958370583715837258373583745837558376583775837858379583805838158382583835838458385583865838758388583895839058391583925839358394583955839658397583985839958400584015840258403584045840558406584075840858409584105841158412584135841458415584165841758418584195842058421584225842358424584255842658427584285842958430584315843258433584345843558436584375843858439584405844158442584435844458445584465844758448584495845058451584525845358454584555845658457584585845958460584615846258463584645846558466584675846858469584705847158472584735847458475584765847758478584795848058481584825848358484584855848658487584885848958490584915849258493584945849558496584975849858499585005850158502585035850458505585065850758508585095851058511585125851358514585155851658517585185851958520585215852258523585245852558526585275852858529585305853158532585335853458535585365853758538585395854058541585425854358544585455854658547585485854958550585515855258553585545855558556585575855858559585605856158562585635856458565585665856758568585695857058571585725857358574585755857658577585785857958580585815858258583585845858558586585875858858589585905859158592585935859458595585965859758598585995860058601586025860358604586055860658607586085860958610586115861258613586145861558616586175861858619586205862158622586235862458625586265862758628586295863058631586325863358634586355863658637586385863958640586415864258643586445864558646586475864858649586505865158652586535865458655586565865758658586595866058661586625866358664586655866658667586685866958670586715867258673586745867558676586775867858679586805868158682586835868458685586865868758688586895869058691586925869358694586955869658697586985869958700587015870258703587045870558706587075870858709587105871158712587135871458715587165871758718587195872058721587225872358724587255872658727587285872958730587315873258733587345873558736587375873858739587405874158742587435874458745587465874758748587495875058751587525875358754587555875658757587585875958760587615876258763587645876558766587675876858769587705877158772587735877458775587765877758778587795878058781587825878358784587855878658787587885878958790587915879258793587945879558796587975879858799588005880158802588035880458805588065880758808588095881058811588125881358814588155881658817588185881958820588215882258823588245882558826588275882858829588305883158832588335883458835588365883758838588395884058841588425884358844588455884658847588485884958850588515885258853588545885558856588575885858859588605886158862588635886458865588665886758868588695887058871588725887358874588755887658877588785887958880588815888258883588845888558886588875888858889588905889158892588935889458895588965889758898588995890058901589025890358904589055890658907589085890958910589115891258913589145891558916589175891858919589205892158922589235892458925589265892758928589295893058931589325893358934589355893658937589385893958940589415894258943589445894558946589475894858949589505895158952589535895458955589565895758958589595896058961589625896358964589655896658967589685896958970589715897258973589745897558976589775897858979589805898158982589835898458985589865898758988589895899058991589925899358994589955899658997589985899959000590015900259003590045900559006590075900859009590105901159012590135901459015590165901759018590195902059021590225902359024590255902659027590285902959030590315903259033590345903559036590375903859039590405904159042590435904459045590465904759048590495905059051590525905359054590555905659057590585905959060590615906259063590645906559066590675906859069590705907159072590735907459075590765907759078590795908059081590825908359084590855908659087590885908959090590915909259093590945909559096590975909859099591005910159102591035910459105591065910759108591095911059111591125911359114591155911659117591185911959120591215912259123591245912559126591275912859129591305913159132591335913459135591365913759138591395914059141591425914359144591455914659147591485914959150591515915259153591545915559156591575915859159591605916159162591635916459165591665916759168591695917059171591725917359174591755917659177591785917959180591815918259183591845918559186591875918859189591905919159192591935919459195591965919759198591995920059201592025920359204592055920659207592085920959210592115921259213592145921559216592175921859219592205922159222592235922459225592265922759228592295923059231592325923359234592355923659237592385923959240592415924259243592445924559246592475924859249592505925159252592535925459255592565925759258592595926059261592625926359264592655926659267592685926959270592715927259273592745927559276592775927859279592805928159282592835928459285592865928759288592895929059291592925929359294592955929659297592985929959300593015930259303593045930559306593075930859309593105931159312593135931459315593165931759318593195932059321593225932359324593255932659327593285932959330593315933259333593345933559336593375933859339593405934159342593435934459345593465934759348593495935059351593525935359354593555935659357593585935959360593615936259363593645936559366593675936859369593705937159372593735937459375593765937759378593795938059381593825938359384593855938659387593885938959390593915939259393593945939559396593975939859399594005940159402594035940459405594065940759408594095941059411594125941359414594155941659417594185941959420594215942259423594245942559426594275942859429594305943159432594335943459435594365943759438594395944059441594425944359444594455944659447594485944959450594515945259453594545945559456594575945859459594605946159462594635946459465594665946759468594695947059471594725947359474594755947659477594785947959480594815948259483594845948559486594875948859489594905949159492594935949459495594965949759498594995950059501595025950359504595055950659507595085950959510595115951259513595145951559516595175951859519595205952159522595235952459525595265952759528595295953059531595325953359534595355953659537595385953959540595415954259543595445954559546595475954859549595505955159552595535955459555595565955759558595595956059561595625956359564595655956659567595685956959570595715957259573595745957559576595775957859579595805958159582595835958459585595865958759588595895959059591595925959359594595955959659597595985959959600596015960259603596045960559606596075960859609596105961159612596135961459615596165961759618596195962059621596225962359624596255962659627596285962959630596315963259633596345963559636596375963859639596405964159642596435964459645596465964759648596495965059651596525965359654596555965659657596585965959660596615966259663596645966559666596675966859669596705967159672596735967459675596765967759678596795968059681596825968359684596855968659687596885968959690596915969259693596945969559696596975969859699597005970159702597035970459705597065970759708597095971059711597125971359714597155971659717597185971959720597215972259723597245972559726597275972859729597305973159732597335973459735597365973759738597395974059741597425974359744597455974659747597485974959750597515975259753597545975559756597575975859759597605976159762597635976459765597665976759768597695977059771597725977359774597755977659777597785977959780597815978259783597845978559786597875978859789597905979159792597935979459795597965979759798597995980059801598025980359804598055980659807598085980959810598115981259813598145981559816598175981859819598205982159822598235982459825598265982759828598295983059831598325983359834598355983659837598385983959840598415984259843598445984559846598475984859849598505985159852598535985459855598565985759858598595986059861598625986359864598655986659867598685986959870598715987259873598745987559876598775987859879598805988159882598835988459885598865988759888598895989059891598925989359894598955989659897598985989959900599015990259903599045990559906599075990859909599105991159912599135991459915599165991759918599195992059921599225992359924599255992659927599285992959930599315993259933599345993559936599375993859939599405994159942599435994459945599465994759948599495995059951599525995359954599555995659957599585995959960599615996259963599645996559966599675996859969599705997159972599735997459975599765997759978599795998059981599825998359984599855998659987599885998959990599915999259993599945999559996599975999859999600006000160002600036000460005600066000760008600096001060011600126001360014600156001660017600186001960020600216002260023600246002560026600276002860029600306003160032600336003460035600366003760038600396004060041600426004360044600456004660047600486004960050600516005260053600546005560056600576005860059600606006160062600636006460065600666006760068600696007060071600726007360074600756007660077600786007960080600816008260083600846008560086600876008860089600906009160092600936009460095600966009760098600996010060101601026010360104601056010660107601086010960110601116011260113601146011560116601176011860119601206012160122601236012460125601266012760128601296013060131601326013360134601356013660137601386013960140601416014260143601446014560146601476014860149601506015160152601536015460155601566015760158601596016060161601626016360164601656016660167601686016960170601716017260173601746017560176601776017860179601806018160182601836018460185601866018760188601896019060191601926019360194601956019660197601986019960200602016020260203602046020560206602076020860209602106021160212602136021460215602166021760218602196022060221602226022360224602256022660227602286022960230602316023260233602346023560236602376023860239602406024160242602436024460245602466024760248602496025060251602526025360254602556025660257602586025960260602616026260263602646026560266602676026860269602706027160272602736027460275602766027760278602796028060281602826028360284602856028660287602886028960290602916029260293602946029560296602976029860299603006030160302603036030460305603066030760308603096031060311603126031360314603156031660317603186031960320603216032260323603246032560326603276032860329603306033160332603336033460335603366033760338603396034060341603426034360344603456034660347603486034960350603516035260353603546035560356603576035860359603606036160362603636036460365603666036760368603696037060371603726037360374603756037660377603786037960380603816038260383603846038560386603876038860389603906039160392603936039460395603966039760398603996040060401604026040360404604056040660407604086040960410604116041260413604146041560416604176041860419604206042160422604236042460425604266042760428604296043060431604326043360434604356043660437604386043960440604416044260443604446044560446604476044860449604506045160452604536045460455604566045760458604596046060461604626046360464604656046660467604686046960470604716047260473604746047560476604776047860479604806048160482604836048460485604866048760488604896049060491604926049360494604956049660497604986049960500605016050260503605046050560506605076050860509605106051160512605136051460515605166051760518605196052060521605226052360524605256052660527605286052960530605316053260533605346053560536605376053860539605406054160542605436054460545605466054760548605496055060551605526055360554605556055660557605586055960560605616056260563605646056560566605676056860569605706057160572605736057460575605766057760578605796058060581605826058360584605856058660587605886058960590605916059260593605946059560596605976059860599606006060160602606036060460605606066060760608606096061060611606126061360614606156061660617606186061960620606216062260623606246062560626606276062860629606306063160632606336063460635606366063760638606396064060641606426064360644606456064660647606486064960650606516065260653606546065560656606576065860659606606066160662606636066460665606666066760668606696067060671606726067360674606756067660677606786067960680606816068260683606846068560686606876068860689606906069160692606936069460695606966069760698606996070060701607026070360704607056070660707607086070960710607116071260713607146071560716607176071860719607206072160722607236072460725607266072760728607296073060731607326073360734607356073660737607386073960740607416074260743607446074560746607476074860749607506075160752607536075460755607566075760758607596076060761607626076360764607656076660767607686076960770607716077260773607746077560776607776077860779607806078160782607836078460785607866078760788607896079060791607926079360794607956079660797607986079960800608016080260803608046080560806608076080860809608106081160812608136081460815608166081760818608196082060821608226082360824608256082660827608286082960830608316083260833608346083560836608376083860839608406084160842608436084460845608466084760848608496085060851608526085360854608556085660857608586085960860608616086260863608646086560866608676086860869608706087160872608736087460875608766087760878608796088060881608826088360884608856088660887608886088960890608916089260893608946089560896608976089860899609006090160902609036090460905609066090760908609096091060911609126091360914609156091660917609186091960920609216092260923609246092560926609276092860929609306093160932609336093460935609366093760938609396094060941609426094360944609456094660947609486094960950609516095260953609546095560956609576095860959609606096160962609636096460965609666096760968609696097060971609726097360974609756097660977609786097960980609816098260983609846098560986609876098860989609906099160992609936099460995609966099760998609996100061001610026100361004610056100661007610086100961010610116101261013610146101561016610176101861019610206102161022610236102461025610266102761028610296103061031610326103361034610356103661037610386103961040610416104261043610446104561046610476104861049610506105161052610536105461055610566105761058610596106061061610626106361064610656106661067610686106961070610716107261073610746107561076610776107861079610806108161082610836108461085610866108761088610896109061091610926109361094610956109661097610986109961100611016110261103611046110561106611076110861109611106111161112611136111461115611166111761118611196112061121611226112361124611256112661127611286112961130611316113261133611346113561136611376113861139611406114161142611436114461145611466114761148611496115061151611526115361154611556115661157611586115961160611616116261163611646116561166611676116861169611706117161172611736117461175611766117761178611796118061181611826118361184611856118661187611886118961190611916119261193611946119561196611976119861199612006120161202612036120461205612066120761208612096121061211612126121361214612156121661217612186121961220612216122261223612246122561226612276122861229612306123161232612336123461235612366123761238612396124061241612426124361244612456124661247612486124961250612516125261253612546125561256612576125861259612606126161262612636126461265612666126761268612696127061271612726127361274612756127661277612786127961280612816128261283612846128561286612876128861289612906129161292612936129461295612966129761298612996130061301613026130361304613056130661307613086130961310613116131261313613146131561316613176131861319613206132161322613236132461325613266132761328613296133061331613326133361334613356133661337613386133961340613416134261343613446134561346613476134861349613506135161352613536135461355613566135761358613596136061361613626136361364613656136661367613686136961370613716137261373613746137561376613776137861379613806138161382613836138461385613866138761388613896139061391613926139361394613956139661397613986139961400614016140261403614046140561406614076140861409614106141161412
  1. /* api.c API unit tests
  2. *
  3. * Copyright (C) 2006-2023 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. /* For AES-CBC, input lengths can optionally be validated to be a
  22. * multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS,
  23. * also available via the configure option --enable-aescbc-length-checks.
  24. */
  25. /*----------------------------------------------------------------------------*
  26. | Includes
  27. *----------------------------------------------------------------------------*/
  28. #ifdef HAVE_CONFIG_H
  29. #include <config.h>
  30. #endif
  31. #include <wolfssl/wolfcrypt/settings.h>
  32. #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
  33. #ifndef FOURK_BUF
  34. #define FOURK_BUF 4096
  35. #endif
  36. #ifndef TWOK_BUF
  37. #define TWOK_BUF 2048
  38. #endif
  39. #ifndef ONEK_BUF
  40. #define ONEK_BUF 1024
  41. #endif
  42. #if defined(WOLFSSL_STATIC_MEMORY)
  43. #include <wolfssl/wolfcrypt/memory.h>
  44. #endif /* WOLFSSL_STATIC_MEMORY */
  45. #ifndef HEAP_HINT
  46. #define HEAP_HINT NULL
  47. #endif /* WOLFSSL_STAIC_MEMORY */
  48. #ifdef WOLFSSL_ASNC_CRYPT
  49. #include <wolfssl/wolfcrypt/async.h>
  50. #endif
  51. #ifdef HAVE_ECC
  52. #include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
  53. #ifndef ECC_ASN963_MAX_BUF_SZ
  54. #define ECC_ASN963_MAX_BUF_SZ 133
  55. #endif
  56. #ifndef ECC_PRIV_KEY_BUF
  57. #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */
  58. #endif
  59. /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */
  60. /* logic to choose right key ECC size */
  61. #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
  62. #define KEY14 14
  63. #else
  64. #define KEY14 32
  65. #endif
  66. #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
  67. #define KEY16 16
  68. #else
  69. #define KEY16 32
  70. #endif
  71. #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
  72. #define KEY20 20
  73. #else
  74. #define KEY20 32
  75. #endif
  76. #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
  77. #define KEY24 24
  78. #else
  79. #define KEY24 32
  80. #endif
  81. #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
  82. #define KEY28 28
  83. #else
  84. #define KEY28 32
  85. #endif
  86. #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
  87. #define KEY30 30
  88. #else
  89. #define KEY30 32
  90. #endif
  91. #define KEY32 32
  92. #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
  93. #define KEY40 40
  94. #else
  95. #define KEY40 32
  96. #endif
  97. #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
  98. #define KEY48 48
  99. #else
  100. #define KEY48 32
  101. #endif
  102. #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
  103. #define KEY64 64
  104. #else
  105. #define KEY64 32
  106. #endif
  107. #if !defined(HAVE_COMP_KEY)
  108. #if !defined(NOCOMP)
  109. #define NOCOMP 0
  110. #endif
  111. #else
  112. #if !defined(COMP)
  113. #define COMP 1
  114. #endif
  115. #endif
  116. #if !defined(DER_SZ)
  117. #define DER_SZ(ks) ((ks) * 2 + 1)
  118. #endif
  119. #endif
  120. #ifndef NO_ASN
  121. #include <wolfssl/wolfcrypt/asn_public.h>
  122. #endif
  123. #include <wolfssl/error-ssl.h>
  124. #include <stdlib.h>
  125. #include <wolfssl/ssl.h> /* compatibility layer */
  126. #include <wolfssl/test.h>
  127. #include <tests/unit.h>
  128. #include "examples/server/server.h"
  129. /* for testing compatibility layer callbacks */
  130. #ifndef NO_MD5
  131. #include <wolfssl/wolfcrypt/md5.h>
  132. #endif
  133. #ifndef NO_SHA
  134. #include <wolfssl/wolfcrypt/sha.h>
  135. #endif
  136. #ifndef NO_SHA256
  137. #include <wolfssl/wolfcrypt/sha256.h>
  138. #endif
  139. #ifdef WOLFSSL_SHA512
  140. #include <wolfssl/wolfcrypt/sha512.h>
  141. #endif
  142. #ifdef WOLFSSL_SHA384
  143. #include <wolfssl/wolfcrypt/sha512.h>
  144. #endif
  145. #ifdef WOLFSSL_SHA3
  146. #include <wolfssl/wolfcrypt/sha3.h>
  147. #ifndef HEAP_HINT
  148. #define HEAP_HINT NULL
  149. #endif
  150. #endif
  151. #ifndef NO_AES
  152. #include <wolfssl/wolfcrypt/aes.h>
  153. #ifdef HAVE_AES_DECRYPT
  154. #include <wolfssl/wolfcrypt/wc_encrypt.h>
  155. #endif
  156. #endif
  157. #ifdef WOLFSSL_RIPEMD
  158. #include <wolfssl/wolfcrypt/ripemd.h>
  159. #endif
  160. #ifndef NO_DES3
  161. #include <wolfssl/wolfcrypt/des3.h>
  162. #include <wolfssl/wolfcrypt/wc_encrypt.h>
  163. #endif
  164. #ifdef WC_RC2
  165. #include <wolfssl/wolfcrypt/rc2.h>
  166. #endif
  167. #ifndef NO_HMAC
  168. #include <wolfssl/wolfcrypt/hmac.h>
  169. #endif
  170. #ifdef HAVE_CHACHA
  171. #include <wolfssl/wolfcrypt/chacha.h>
  172. #endif
  173. #ifdef HAVE_POLY1305
  174. #include <wolfssl/wolfcrypt/poly1305.h>
  175. #endif
  176. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  177. #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
  178. #endif
  179. #ifdef HAVE_CAMELLIA
  180. #include <wolfssl/wolfcrypt/camellia.h>
  181. #endif
  182. #ifndef NO_RC4
  183. #include <wolfssl/wolfcrypt/arc4.h>
  184. #endif
  185. #ifdef HAVE_BLAKE2
  186. #include <wolfssl/wolfcrypt/blake2.h>
  187. #endif
  188. #include <wolfssl/wolfcrypt/hash.h>
  189. #ifndef NO_RSA
  190. #include <wolfssl/wolfcrypt/rsa.h>
  191. #define FOURK_BUF 4096
  192. #define GEN_BUF 294
  193. #ifndef USER_CRYPTO_ERROR
  194. #define USER_CRYPTO_ERROR (-101) /* error returned by IPP lib. */
  195. #endif
  196. #endif
  197. #ifndef NO_SIG_WRAPPER
  198. #include <wolfssl/wolfcrypt/signature.h>
  199. #endif
  200. #ifdef HAVE_AESCCM
  201. #include <wolfssl/wolfcrypt/aes.h>
  202. #endif
  203. #ifdef HAVE_PKCS7
  204. #include <wolfssl/wolfcrypt/pkcs7.h>
  205. #include <wolfssl/wolfcrypt/asn.h>
  206. #ifdef HAVE_LIBZ
  207. #include <wolfssl/wolfcrypt/compress.h>
  208. #endif
  209. #endif
  210. #ifdef WOLFSSL_SMALL_CERT_VERIFY
  211. #include <wolfssl/wolfcrypt/asn.h>
  212. #endif
  213. #ifndef NO_DSA
  214. #include <wolfssl/wolfcrypt/dsa.h>
  215. #ifndef ONEK_BUF
  216. #define ONEK_BUF 1024
  217. #endif
  218. #ifndef TWOK_BUF
  219. #define TWOK_BUF 2048
  220. #endif
  221. #ifndef FOURK_BUF
  222. #define FOURK_BUF 4096
  223. #endif
  224. #ifndef DSA_SIG_SIZE
  225. #define DSA_SIG_SIZE 40
  226. #endif
  227. #ifndef MAX_DSA_PARAM_SIZE
  228. #define MAX_DSA_PARAM_SIZE 256
  229. #endif
  230. #endif
  231. #ifdef WOLFSSL_CMAC
  232. #include <wolfssl/wolfcrypt/cmac.h>
  233. #endif
  234. #ifdef HAVE_ED25519
  235. #include <wolfssl/wolfcrypt/ed25519.h>
  236. #endif
  237. #ifdef HAVE_CURVE25519
  238. #include <wolfssl/wolfcrypt/curve25519.h>
  239. #endif
  240. #ifdef HAVE_ED448
  241. #include <wolfssl/wolfcrypt/ed448.h>
  242. #endif
  243. #ifdef HAVE_CURVE448
  244. #include <wolfssl/wolfcrypt/curve448.h>
  245. #endif
  246. #ifdef HAVE_PKCS12
  247. #include <wolfssl/wolfcrypt/pkcs12.h>
  248. #endif
  249. #include <wolfssl/wolfcrypt/logging.h>
  250. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL))
  251. #include <wolfssl/openssl/ssl.h>
  252. #ifndef NO_ASN
  253. /* for ASN_COMMON_NAME DN_tags enum */
  254. #include <wolfssl/wolfcrypt/asn.h>
  255. #endif
  256. #ifdef HAVE_OCSP
  257. #include <wolfssl/openssl/ocsp.h>
  258. #endif
  259. #endif
  260. #ifdef OPENSSL_EXTRA
  261. #include <wolfssl/openssl/cmac.h>
  262. #include <wolfssl/openssl/x509v3.h>
  263. #include <wolfssl/openssl/asn1.h>
  264. #include <wolfssl/openssl/crypto.h>
  265. #include <wolfssl/openssl/pkcs12.h>
  266. #include <wolfssl/openssl/evp.h>
  267. #include <wolfssl/openssl/dh.h>
  268. #include <wolfssl/openssl/bn.h>
  269. #include <wolfssl/openssl/buffer.h>
  270. #include <wolfssl/openssl/pem.h>
  271. #include <wolfssl/openssl/ec.h>
  272. #include <wolfssl/openssl/engine.h>
  273. #include <wolfssl/openssl/hmac.h>
  274. #include <wolfssl/openssl/objects.h>
  275. #include <wolfssl/openssl/rand.h>
  276. #include <wolfssl/openssl/modes.h>
  277. #include <wolfssl/openssl/fips_rand.h>
  278. #include <wolfssl/openssl/kdf.h>
  279. #ifdef OPENSSL_ALL
  280. #include <wolfssl/openssl/txt_db.h>
  281. #include <wolfssl/openssl/lhash.h>
  282. #endif
  283. #ifndef NO_AES
  284. #include <wolfssl/openssl/aes.h>
  285. #endif
  286. #ifndef NO_DES3
  287. #include <wolfssl/openssl/des.h>
  288. #endif
  289. #ifdef HAVE_ECC
  290. #include <wolfssl/openssl/ecdsa.h>
  291. #endif
  292. #ifdef HAVE_PKCS7
  293. #include <wolfssl/openssl/pkcs7.h>
  294. #endif
  295. #ifdef HAVE_ED25519
  296. #include <wolfssl/openssl/ed25519.h>
  297. #endif
  298. #ifdef HAVE_ED448
  299. #include <wolfssl/openssl/ed448.h>
  300. #endif
  301. #endif /* OPENSSL_EXTRA */
  302. #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
  303. && !defined(NO_SHA256) && !defined(RC_NO_RNG)
  304. #include <wolfssl/wolfcrypt/srp.h>
  305. #endif
  306. #if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
  307. defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
  308. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) || \
  309. defined(WOLFSSL_TEST_STATIC_BUILD) || defined(WOLFSSL_DTLS) || \
  310. defined(HAVE_ECH)
  311. /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
  312. * for setting authKeyIdSrc in WOLFSSL_X509, or testing DTLS sequence
  313. * number tracking */
  314. #include "wolfssl/internal.h"
  315. #endif
  316. /* force enable test buffers */
  317. #ifndef USE_CERT_BUFFERS_2048
  318. #define USE_CERT_BUFFERS_2048
  319. #endif
  320. #ifndef USE_CERT_BUFFERS_256
  321. #define USE_CERT_BUFFERS_256
  322. #endif
  323. #include <wolfssl/certs_test.h>
  324. typedef struct testVector {
  325. const char* input;
  326. const char* output;
  327. size_t inLen;
  328. size_t outLen;
  329. } testVector;
  330. #if defined(HAVE_PKCS7)
  331. typedef struct {
  332. const byte* content;
  333. word32 contentSz;
  334. int contentOID;
  335. int encryptOID;
  336. int keyWrapOID;
  337. int keyAgreeOID;
  338. byte* cert;
  339. size_t certSz;
  340. byte* privateKey;
  341. word32 privateKeySz;
  342. } pkcs7EnvelopedVector;
  343. #ifndef NO_PKCS7_ENCRYPTED_DATA
  344. typedef struct {
  345. const byte* content;
  346. word32 contentSz;
  347. int contentOID;
  348. int encryptOID;
  349. byte* encryptionKey;
  350. word32 encryptionKeySz;
  351. } pkcs7EncryptedVector;
  352. #endif
  353. #endif /* HAVE_PKCS7 */
  354. /*----------------------------------------------------------------------------*
  355. | Constants
  356. *----------------------------------------------------------------------------*/
  357. /* Test result constants and macros. */
  358. /* Test succeeded. */
  359. #define TEST_SUCCESS (1)
  360. /* Test failed. */
  361. #define TEST_FAIL (0)
  362. /* Test skipped - not run. */
  363. #define TEST_SKIPPED (-7777)
  364. /* Returns the result based on whether check is true.
  365. *
  366. * @param [in] check Condition for success.
  367. * @return When condition is true: TEST_SUCCESS.
  368. * @return When condition is false: TEST_FAIL.
  369. */
  370. #ifdef DEBUG_WOLFSSL_VERBOSE
  371. #define XSTRINGIFY(s) STRINGIFY(s)
  372. #define STRINGIFY(s) #s
  373. #define TEST_RES_CHECK(check) ({ \
  374. int _ret = (check) ? TEST_SUCCESS : TEST_FAIL; \
  375. if (_ret == TEST_FAIL) { \
  376. fprintf(stderr, " check \"%s\" at %d ", \
  377. XSTRINGIFY(check), __LINE__); \
  378. } \
  379. _ret; })
  380. #else
  381. #define TEST_RES_CHECK(check) \
  382. ((check) ? TEST_SUCCESS : TEST_FAIL)
  383. #endif /* DEBUG_WOLFSSL_VERBOSE */
  384. #define TEST_STRING "Everyone gets Friday off."
  385. #define TEST_STRING_SZ 25
  386. #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
  387. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
  388. #define TEST_RSA_BITS 1024
  389. #else
  390. #define TEST_RSA_BITS 2048
  391. #endif
  392. #define TEST_RSA_BYTES (TEST_RSA_BITS/8)
  393. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  394. (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
  395. static const char* bogusFile =
  396. #ifdef _WIN32
  397. "NUL"
  398. #else
  399. "/dev/null"
  400. #endif
  401. ;
  402. #endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */
  403. enum {
  404. TESTING_RSA = 1,
  405. TESTING_ECC = 2
  406. };
  407. #ifdef WOLFSSL_QNX_CAAM
  408. #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
  409. static int testDevId = WOLFSSL_CAAM_DEVID;
  410. #else
  411. static int testDevId = INVALID_DEVID;
  412. #endif
  413. /*----------------------------------------------------------------------------*
  414. | Setup
  415. *----------------------------------------------------------------------------*/
  416. static int test_wolfSSL_Init(void)
  417. {
  418. int result;
  419. result = wolfSSL_Init();
  420. result = TEST_RES_CHECK(result == WOLFSSL_SUCCESS);
  421. return result;
  422. }
  423. static int test_wolfSSL_Cleanup(void)
  424. {
  425. int result;
  426. result = wolfSSL_Cleanup();
  427. result = TEST_RES_CHECK(result == WOLFSSL_SUCCESS);
  428. return result;
  429. }
  430. /* Initialize the wolfCrypt state.
  431. * POST: 0 success.
  432. */
  433. static int test_wolfCrypt_Init(void)
  434. {
  435. int result;
  436. result = wolfCrypt_Init();
  437. result = TEST_RES_CHECK(result == 0);
  438. return result;
  439. } /* END test_wolfCrypt_Init */
  440. static int test_wolfCrypt_Cleanup(void)
  441. {
  442. int result;
  443. result = wolfCrypt_Cleanup();
  444. result = TEST_RES_CHECK(result == 0);
  445. return result;
  446. }
  447. /*----------------------------------------------------------------------------*
  448. | Platform dependent function test
  449. *----------------------------------------------------------------------------*/
  450. static int test_fileAccess(void)
  451. {
  452. int res = TEST_SKIPPED;
  453. #if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM)
  454. const char *fname[] = {
  455. svrCertFile, svrKeyFile, caCertFile,
  456. eccCertFile, eccKeyFile, eccRsaCertFile,
  457. cliCertFile, cliCertDerFile, cliKeyFile,
  458. dhParamFile,
  459. cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile,
  460. cliEdCertFile, cliEdKeyFile, caEdCertFile,
  461. NULL
  462. };
  463. const char derfile[] = "./certs/server-cert.der";
  464. XFILE f;
  465. size_t sz;
  466. byte *buff;
  467. int i;
  468. AssertTrue(XFOPEN("badfilename", "rb") == XBADFILE);
  469. for (i=0; fname[i] != NULL ; i++) {
  470. AssertTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE);
  471. XFCLOSE(f);
  472. }
  473. AssertTrue((f = XFOPEN(derfile, "rb")) != XBADFILE);
  474. AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
  475. sz = (size_t) XFTELL(f);
  476. XREWIND(f);
  477. AssertTrue(sz == sizeof_server_cert_der_2048);
  478. AssertTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL) ;
  479. AssertTrue(XFREAD(buff, 1, sz, f) == sz);
  480. XMEMCMP(server_cert_der_2048, buff, sz);
  481. res = TEST_RES_CHECK(1);
  482. #endif
  483. return res;
  484. }
  485. /*----------------------------------------------------------------------------*
  486. | Method Allocators
  487. *----------------------------------------------------------------------------*/
  488. static int test_wolfSSL_Method_Allocators(void)
  489. {
  490. #define TEST_METHOD_ALLOCATOR(allocator, condition) \
  491. do { \
  492. WOLFSSL_METHOD *method; \
  493. condition(method = allocator()); \
  494. XFREE(method, 0, DYNAMIC_TYPE_METHOD); \
  495. } while(0)
  496. #define TEST_VALID_METHOD_ALLOCATOR(a) \
  497. TEST_METHOD_ALLOCATOR(a, AssertNotNull)
  498. #define TEST_INVALID_METHOD_ALLOCATOR(a) \
  499. TEST_METHOD_ALLOCATOR(a, AssertNull)
  500. #ifndef NO_OLD_TLS
  501. #ifdef WOLFSSL_ALLOW_SSLV3
  502. #ifndef NO_WOLFSSL_SERVER
  503. TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
  504. #endif
  505. #ifndef NO_WOLFSSL_CLIENT
  506. TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
  507. #endif
  508. #endif
  509. #ifdef WOLFSSL_ALLOW_TLSV10
  510. #ifndef NO_WOLFSSL_SERVER
  511. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
  512. #endif
  513. #ifndef NO_WOLFSSL_CLIENT
  514. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
  515. #endif
  516. #endif
  517. #ifndef NO_WOLFSSL_SERVER
  518. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
  519. #endif
  520. #ifndef NO_WOLFSSL_CLIENT
  521. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method);
  522. #endif
  523. #endif /* !NO_OLD_TLS */
  524. #ifndef WOLFSSL_NO_TLS12
  525. #ifndef NO_WOLFSSL_SERVER
  526. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method);
  527. #endif
  528. #ifndef NO_WOLFSSL_CLIENT
  529. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method);
  530. #endif
  531. #endif /* !WOLFSSL_NO_TLS12 */
  532. #ifdef WOLFSSL_TLS13
  533. #ifndef NO_WOLFSSL_SERVER
  534. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method);
  535. #endif
  536. #ifndef NO_WOLFSSL_CLIENT
  537. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method);
  538. #endif
  539. #endif /* WOLFSSL_TLS13 */
  540. #ifndef NO_WOLFSSL_SERVER
  541. TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method);
  542. #endif
  543. #ifndef NO_WOLFSSL_CLIENT
  544. TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method);
  545. #endif
  546. #ifdef WOLFSSL_DTLS
  547. #ifndef NO_OLD_TLS
  548. #ifndef NO_WOLFSSL_SERVER
  549. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
  550. #endif
  551. #ifndef NO_WOLFSSL_CLIENT
  552. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
  553. #endif
  554. #endif
  555. #ifndef WOLFSSL_NO_TLS12
  556. #ifndef NO_WOLFSSL_SERVER
  557. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method);
  558. #endif
  559. #ifndef NO_WOLFSSL_CLIENT
  560. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method);
  561. #endif
  562. #endif
  563. #endif /* WOLFSSL_DTLS */
  564. #if !defined(NO_OLD_TLS) && defined(OPENSSL_EXTRA)
  565. /* Stubs */
  566. #ifndef NO_WOLFSSL_SERVER
  567. TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_server_method);
  568. #endif
  569. #ifndef NO_WOLFSSL_CLIENT
  570. TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_client_method);
  571. #endif
  572. #endif
  573. /* Test Either Method (client or server) */
  574. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  575. TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_method);
  576. #ifndef NO_OLD_TLS
  577. #ifdef WOLFSSL_ALLOW_TLSV10
  578. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_method);
  579. #endif
  580. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_method);
  581. #endif /* !NO_OLD_TLS */
  582. #ifndef WOLFSSL_NO_TLS12
  583. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_method);
  584. #endif /* !WOLFSSL_NO_TLS12 */
  585. #ifdef WOLFSSL_TLS13
  586. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_method);
  587. #endif /* WOLFSSL_TLS13 */
  588. #ifdef WOLFSSL_DTLS
  589. TEST_VALID_METHOD_ALLOCATOR(wolfDTLS_method);
  590. #ifndef NO_OLD_TLS
  591. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_method);
  592. #endif /* !NO_OLD_TLS */
  593. #ifndef WOLFSSL_NO_TLS12
  594. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method);
  595. #endif /* !WOLFSSL_NO_TLS12 */
  596. #endif /* WOLFSSL_DTLS */
  597. #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
  598. return TEST_SUCCESS;
  599. }
  600. /*----------------------------------------------------------------------------*
  601. | Context
  602. *----------------------------------------------------------------------------*/
  603. #ifndef NO_WOLFSSL_SERVER
  604. static int test_wolfSSL_CTX_new(void)
  605. {
  606. WOLFSSL_CTX *ctx;
  607. WOLFSSL_METHOD* method;
  608. AssertNull(ctx = wolfSSL_CTX_new(NULL));
  609. AssertNotNull(method = wolfSSLv23_server_method());
  610. AssertNotNull(ctx = wolfSSL_CTX_new(method));
  611. wolfSSL_CTX_free(ctx);
  612. return TEST_RES_CHECK(1);
  613. }
  614. #endif
  615. #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
  616. (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM)
  617. static int test_for_double_Free(void)
  618. {
  619. WOLFSSL_CTX* ctx;
  620. WOLFSSL* ssl;
  621. int skipTest = 0;
  622. const char* testCertFile;
  623. const char* testKeyFile;
  624. char optionsCiphers[] = "RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA"
  625. ":NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM"
  626. "-SHA384:DHE-PSK-AES128-GCM-SHA256:PSK-AES256-GCM-SHA384:PSK-AES128-GCM-SHA256:"
  627. "DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:PSK-AES256-CBC-SHA384:PSK-"
  628. "AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:DHE-PSK-AES128-CCM:DHE"
  629. "-PSK-AES256-CCM:PSK-AES128-CCM:PSK-AES256-CCM:PSK-AES128-CCM-8:PSK-AES256-CCM-"
  630. "8:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-"
  631. "NULL-SHA:AES128-CCM-8:AES256-CCM-8:ECDHE-ECDSA-"
  632. "AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-RSA-AES128-"
  633. "SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-R"
  634. "SA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA"
  635. ":AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDH-"
  636. "RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA"
  637. ":ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3"
  638. "-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES"
  639. "256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E"
  640. "CDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA25"
  641. "6:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GC"
  642. "M-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMEL"
  643. "LIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DH"
  644. "E-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECD"
  645. "H-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECD"
  646. "SA-AES256-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDHE-RSA-CHA"
  647. "CHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-R"
  648. "SA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-PO"
  649. "LY1305-OLD:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-A"
  650. "ES128-CBC-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHA"
  651. "CHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-S"
  652. "HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-"
  653. "8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384";
  654. /* OpenVPN uses a "blacklist" method to specify which ciphers NOT to use */
  655. #ifdef OPENSSL_EXTRA
  656. char openvpnCiphers[] = "DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:"
  657. "!SRP:!kRSA:!aNULL:!eNULL";
  658. #endif
  659. #ifndef NO_RSA
  660. testCertFile = svrCertFile;
  661. testKeyFile = svrKeyFile;
  662. #elif defined(HAVE_ECC)
  663. testCertFile = eccCertFile;
  664. testKeyFile = eccKeyFile;
  665. #else
  666. skipTest = 1;
  667. #endif
  668. if (skipTest != 1) {
  669. #ifndef NO_WOLFSSL_SERVER
  670. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  671. AssertNotNull(ctx);
  672. #else
  673. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  674. AssertNotNull(ctx);
  675. #endif
  676. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
  677. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
  678. ssl = wolfSSL_new(ctx);
  679. AssertNotNull(ssl);
  680. /* First test freeing SSL, then CTX */
  681. wolfSSL_free(ssl);
  682. wolfSSL_CTX_free(ctx);
  683. #ifndef NO_WOLFSSL_CLIENT
  684. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  685. AssertNotNull(ctx);
  686. #else
  687. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  688. AssertNotNull(ctx);
  689. #endif
  690. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
  691. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
  692. ssl = wolfSSL_new(ctx);
  693. AssertNotNull(ssl);
  694. /* Next test freeing CTX then SSL */
  695. wolfSSL_CTX_free(ctx);
  696. wolfSSL_free(ssl);
  697. #ifndef NO_WOLFSSL_SERVER
  698. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  699. AssertNotNull(ctx);
  700. #else
  701. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  702. AssertNotNull(ctx);
  703. #endif
  704. /* Test setting ciphers at ctx level */
  705. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
  706. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
  707. AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers));
  708. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \
  709. defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
  710. /* only update TLSv13 suites */
  711. AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384"));
  712. #endif
  713. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
  714. !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \
  715. defined(WOLFSSL_AES_128) && !defined(NO_RSA)
  716. /* only update pre-TLSv13 suites */
  717. AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256"));
  718. #endif
  719. #ifdef OPENSSL_EXTRA
  720. AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, openvpnCiphers));
  721. #endif
  722. AssertNotNull(ssl = wolfSSL_new(ctx));
  723. wolfSSL_CTX_free(ctx);
  724. wolfSSL_free(ssl);
  725. #ifndef NO_WOLFSSL_CLIENT
  726. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  727. AssertNotNull(ctx);
  728. #else
  729. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  730. AssertNotNull(ctx);
  731. #endif
  732. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
  733. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
  734. ssl = wolfSSL_new(ctx);
  735. AssertNotNull(ssl);
  736. /* test setting ciphers at SSL level */
  737. AssertTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers));
  738. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \
  739. defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
  740. /* only update TLSv13 suites */
  741. AssertTrue(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384"));
  742. #endif
  743. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
  744. !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \
  745. defined(WOLFSSL_AES_128) && !defined(NO_RSA)
  746. /* only update pre-TLSv13 suites */
  747. AssertTrue(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256"));
  748. #endif
  749. wolfSSL_CTX_free(ctx);
  750. wolfSSL_free(ssl);
  751. }
  752. return TEST_RES_CHECK(1);
  753. }
  754. #endif
  755. static int test_wolfSSL_CTX_set_cipher_list_bytes(void)
  756. {
  757. int res = TEST_SKIPPED;
  758. #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)) && \
  759. (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
  760. (!defined(NO_RSA) || defined(HAVE_ECC))
  761. const char* testCertFile;
  762. const char* testKeyFile;
  763. WOLFSSL_CTX* ctx;
  764. WOLFSSL* ssl;
  765. const byte cipherList[] =
  766. {
  767. /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x16,
  768. /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x39,
  769. /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x33,
  770. /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ 0xC0, 0x34,
  771. /* TLS_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x35,
  772. /* TLS_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x2F,
  773. /* TLS_RSA_WITH_NULL_MD5 */ 0xC0, 0x01,
  774. /* TLS_RSA_WITH_NULL_SHA */ 0xC0, 0x02,
  775. /* TLS_PSK_WITH_AES_256_CBC_SHA */ 0xC0, 0x8d,
  776. /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0xae,
  777. /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ 0xC0, 0xaf,
  778. /* TLS_PSK_WITH_AES_128_CBC_SHA */ 0xC0, 0x8c,
  779. /* TLS_PSK_WITH_NULL_SHA256 */ 0xC0, 0xb0,
  780. /* TLS_PSK_WITH_NULL_SHA384 */ 0xC0, 0xb1,
  781. /* TLS_PSK_WITH_NULL_SHA */ 0xC0, 0x2c,
  782. /* SSL_RSA_WITH_RC4_128_SHA */ 0xC0, 0x05,
  783. /* SSL_RSA_WITH_RC4_128_MD5 */ 0xC0, 0x04,
  784. /* SSL_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0A,
  785. /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
  786. /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x14,
  787. /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x13,
  788. /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0A,
  789. /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x09,
  790. /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ 0xC0, 0x11,
  791. /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x07,
  792. /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x12,
  793. /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x08,
  794. /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x27,
  795. /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256*/ 0xC0, 0x23,
  796. /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x28,
  797. /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384*/ 0xC0, 0x24,
  798. /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ 0xC0, 0x06,
  799. /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */ 0xC0, 0x3a,
  800. /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x37,
  801. /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
  802. /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0F,
  803. /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x0E,
  804. /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x05,
  805. /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x04,
  806. /* TLS_ECDH_RSA_WITH_RC4_128_SHA */ 0xC0, 0x0C,
  807. /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x02,
  808. /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0D,
  809. /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x03,
  810. /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x29,
  811. /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x25,
  812. /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x2A,
  813. /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x26,
  814. /* WDM_WITH_NULL_SHA256 */ 0x00, 0xFE, /* wolfSSL DTLS Multicast */
  815. /* SHA256 */
  816. /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x6b,
  817. /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x67,
  818. /* TLS_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x3d,
  819. /* TLS_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x3c,
  820. /* TLS_RSA_WITH_NULL_SHA256 */ 0x00, 0x3b,
  821. /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ 0x00, 0xb2,
  822. /* TLS_DHE_PSK_WITH_NULL_SHA256 */ 0x00, 0xb4,
  823. /* SHA384 */
  824. /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ 0x00, 0xb3,
  825. /* TLS_DHE_PSK_WITH_NULL_SHA384 */ 0x00, 0xb5,
  826. /* AES-GCM */
  827. /* TLS_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9c,
  828. /* TLS_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9d,
  829. /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9e,
  830. /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9f,
  831. /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa7,
  832. /* TLS_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xa8,
  833. /* TLS_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa9,
  834. /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xaa,
  835. /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xab,
  836. /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
  837. /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2b,
  838. /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2c,
  839. /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2d,
  840. /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2e,
  841. /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2f,
  842. /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x30,
  843. /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x31,
  844. /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x32,
  845. /* AES-CCM, first byte is 0xC0 but isn't ECC,
  846. * also, in some of the other AES-CCM suites
  847. * there will be second byte number conflicts
  848. * with non-ECC AES-GCM */
  849. /* TLS_RSA_WITH_AES_128_CCM_8 */ 0xC0, 0xa0,
  850. /* TLS_RSA_WITH_AES_256_CCM_8 */ 0xC0, 0xa1,
  851. /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */ 0xC0, 0xac,
  852. /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ 0xC0, 0xae,
  853. /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */ 0xC0, 0xaf,
  854. /* TLS_PSK_WITH_AES_128_CCM */ 0xC0, 0xa4,
  855. /* TLS_PSK_WITH_AES_256_CCM */ 0xC0, 0xa5,
  856. /* TLS_PSK_WITH_AES_128_CCM_8 */ 0xC0, 0xa8,
  857. /* TLS_PSK_WITH_AES_256_CCM_8 */ 0xC0, 0xa9,
  858. /* TLS_DHE_PSK_WITH_AES_128_CCM */ 0xC0, 0xa6,
  859. /* TLS_DHE_PSK_WITH_AES_256_CCM */ 0xC0, 0xa7,
  860. /* Camellia */
  861. /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x41,
  862. /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x84,
  863. /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xba,
  864. /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc0,
  865. /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x45,
  866. /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x88,
  867. /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xbe,
  868. /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc4,
  869. /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
  870. /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa8,
  871. /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa9,
  872. /* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xaa,
  873. /* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xac,
  874. /* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xab,
  875. /* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xad,
  876. /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
  877. /* TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x13,
  878. /* TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x14,
  879. /* TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x15,
  880. /* ECDHE_PSK RFC8442, first byte is 0xD0 (ECDHE_PSK_BYTE) */
  881. /* TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ 0xD0, 0x01,
  882. /* TLS v1.3 cipher suites */
  883. /* TLS_AES_128_GCM_SHA256 */ 0x13, 0x01,
  884. /* TLS_AES_256_GCM_SHA384 */ 0x13, 0x02,
  885. /* TLS_CHACHA20_POLY1305_SHA256 */ 0x13, 0x03,
  886. /* TLS_AES_128_CCM_SHA256 */ 0x13, 0x04,
  887. /* TLS_AES_128_CCM_8_SHA256 */ 0x13, 0x05,
  888. /* TLS v1.3 Integrity only cipher suites - 0xC0 (ECC) first byte */
  889. /* TLS_SHA256_SHA256 */ 0xC0, 0xB4,
  890. /* TLS_SHA384_SHA384 */ 0xC0, 0xB5
  891. };
  892. #ifndef NO_RSA
  893. testCertFile = svrCertFile;
  894. testKeyFile = svrKeyFile;
  895. #elif defined(HAVE_ECC)
  896. testCertFile = eccCertFile;
  897. testKeyFile = eccKeyFile;
  898. #endif
  899. #ifndef NO_WOLFSSL_SERVER
  900. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  901. AssertNotNull(ctx);
  902. #else
  903. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  904. AssertNotNull(ctx);
  905. #endif
  906. AssertTrue(wolfSSL_CTX_set_cipher_list_bytes(ctx, &cipherList[0U],
  907. sizeof(cipherList)));
  908. wolfSSL_CTX_free(ctx);
  909. #ifndef NO_WOLFSSL_SERVER
  910. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  911. AssertNotNull(ctx);
  912. #else
  913. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  914. AssertNotNull(ctx);
  915. #endif
  916. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
  917. WOLFSSL_FILETYPE_PEM));
  918. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
  919. WOLFSSL_FILETYPE_PEM));
  920. ssl = wolfSSL_new(ctx);
  921. AssertNotNull(ssl);
  922. AssertTrue(wolfSSL_set_cipher_list_bytes(ssl, &cipherList[0U],
  923. sizeof(cipherList)));
  924. wolfSSL_free(ssl);
  925. wolfSSL_CTX_free(ctx);
  926. res = TEST_RES_CHECK(1);
  927. #endif /* (OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES) &&
  928. (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) && (!NO_RSA || HAVE_ECC) */
  929. return res;
  930. }
  931. static int test_wolfSSL_CTX_use_certificate_file(void)
  932. {
  933. int res = TEST_SKIPPED;
  934. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
  935. WOLFSSL_CTX *ctx;
  936. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  937. /* invalid context */
  938. AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile,
  939. WOLFSSL_FILETYPE_PEM));
  940. /* invalid cert file */
  941. AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
  942. WOLFSSL_FILETYPE_PEM));
  943. /* invalid cert type */
  944. AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999));
  945. #ifdef NO_RSA
  946. /* rsa needed */
  947. AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,WOLFSSL_FILETYPE_PEM));
  948. #else
  949. /* success */
  950. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  951. #endif
  952. wolfSSL_CTX_free(ctx);
  953. res = TEST_RES_CHECK(1);
  954. #endif
  955. return res;
  956. }
  957. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
  958. static int test_wolfSSL_CTX_use_certificate_ASN1(void)
  959. {
  960. int res = TEST_SKIPPED;
  961. #if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN)
  962. WOLFSSL_CTX* ctx;
  963. int ret;
  964. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  965. ret = SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048,
  966. server_cert_der_2048);
  967. wolfSSL_CTX_free(ctx);
  968. res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS);
  969. #endif
  970. return res;
  971. }
  972. #endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */
  973. /* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
  974. * context using buffer.
  975. * PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
  976. * --enable-testcert flag.
  977. */
  978. static int test_wolfSSL_CTX_use_certificate_buffer(void)
  979. {
  980. int res = TEST_SKIPPED;
  981. #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
  982. !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
  983. WOLFSSL_CTX* ctx;
  984. int ret;
  985. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  986. ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
  987. sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1);
  988. wolfSSL_CTX_free(ctx);
  989. res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS);
  990. #endif
  991. return res;
  992. } /*END test_wolfSSL_CTX_use_certificate_buffer*/
  993. static int test_wolfSSL_CTX_use_PrivateKey_file(void)
  994. {
  995. int res = TEST_SKIPPED;
  996. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
  997. WOLFSSL_CTX *ctx;
  998. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  999. /* invalid context */
  1000. AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile,
  1001. WOLFSSL_FILETYPE_PEM));
  1002. /* invalid key file */
  1003. AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
  1004. WOLFSSL_FILETYPE_PEM));
  1005. /* invalid key type */
  1006. AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999));
  1007. /* success */
  1008. #ifdef NO_RSA
  1009. /* rsa needed */
  1010. AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  1011. #else
  1012. /* success */
  1013. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  1014. #endif
  1015. wolfSSL_CTX_free(ctx);
  1016. res = TEST_RES_CHECK(1);
  1017. #endif
  1018. return res;
  1019. }
  1020. /* test both file and buffer versions along with unloading trusted peer certs */
  1021. static int test_wolfSSL_CTX_trust_peer_cert(void)
  1022. {
  1023. int res = TEST_SKIPPED;
  1024. #if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \
  1025. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
  1026. WOLFSSL_CTX *ctx;
  1027. WOLFSSL* ssl;
  1028. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  1029. AssertNotNull(ssl = wolfSSL_new(ctx));
  1030. #if !defined(NO_FILESYSTEM)
  1031. /* invalid file */
  1032. AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, NULL,
  1033. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  1034. AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile,
  1035. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  1036. AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile,
  1037. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1038. /* success */
  1039. AssertIntEQ(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile,
  1040. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  1041. /* unload cert */
  1042. AssertIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS);
  1043. AssertIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS);
  1044. /* invalid file */
  1045. AssertIntNE(wolfSSL_trust_peer_cert(ssl, NULL,
  1046. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  1047. AssertIntNE(wolfSSL_trust_peer_cert(ssl, bogusFile,
  1048. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  1049. AssertIntNE(wolfSSL_trust_peer_cert(ssl, cliCertFile,
  1050. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1051. /* success */
  1052. AssertIntEQ(wolfSSL_trust_peer_cert(ssl, cliCertFile,
  1053. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  1054. #ifdef WOLFSSL_LOCAL_X509_STORE
  1055. /* unload cert */
  1056. AssertIntNE(wolfSSL_Unload_trust_peers(NULL), WOLFSSL_SUCCESS);
  1057. AssertIntEQ(wolfSSL_Unload_trust_peers(ssl), WOLFSSL_SUCCESS);
  1058. #endif
  1059. #endif
  1060. /* Test of loading certs from buffers */
  1061. /* invalid buffer */
  1062. AssertIntNE(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1,
  1063. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1064. /* success */
  1065. #ifdef USE_CERT_BUFFERS_1024
  1066. AssertIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024,
  1067. sizeof_client_cert_der_1024, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1068. #endif
  1069. #ifdef USE_CERT_BUFFERS_2048
  1070. AssertIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048,
  1071. sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1072. #endif
  1073. /* unload cert */
  1074. AssertIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS);
  1075. AssertIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS);
  1076. wolfSSL_free(ssl);
  1077. wolfSSL_CTX_free(ctx);
  1078. res = TEST_RES_CHECK(1);
  1079. #endif
  1080. return res;
  1081. }
  1082. static int test_wolfSSL_CTX_load_verify_locations(void)
  1083. {
  1084. int res = TEST_SKIPPED;
  1085. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT)
  1086. WOLFSSL_CTX *ctx;
  1087. #ifndef NO_RSA
  1088. WOLFSSL_CERT_MANAGER* cm;
  1089. #ifdef PERSIST_CERT_CACHE
  1090. int cacheSz;
  1091. #endif
  1092. #endif
  1093. #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
  1094. const char* load_certs_path = "./certs/external";
  1095. const char* load_no_certs_path = "./examples";
  1096. const char* load_expired_path = "./certs/test/expired";
  1097. #endif
  1098. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  1099. /* invalid arguments */
  1100. AssertIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), WOLFSSL_FAILURE);
  1101. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE);
  1102. /* invalid ca file */
  1103. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL),
  1104. WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE));
  1105. #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \
  1106. (defined(WOLFSSL_QT) && \
  1107. !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR))
  1108. /* invalid path */
  1109. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile),
  1110. WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE));
  1111. #endif
  1112. /* load ca cert */
  1113. #ifdef NO_RSA
  1114. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
  1115. WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE));
  1116. #else /* Skip the following test without RSA certs. */
  1117. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
  1118. #ifdef PERSIST_CERT_CACHE
  1119. /* Get cert cache size */
  1120. cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx);
  1121. #endif
  1122. /* Test unloading CA's */
  1123. AssertIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);
  1124. #ifdef PERSIST_CERT_CACHE
  1125. /* Verify no certs (result is less than cacheSz) */
  1126. AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
  1127. #endif
  1128. /* load ca cert again */
  1129. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
  1130. /* Test getting CERT_MANAGER */
  1131. AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx));
  1132. /* Test unloading CA's using CM */
  1133. AssertIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
  1134. #ifdef PERSIST_CERT_CACHE
  1135. /* Verify no certs (result is less than cacheSz) */
  1136. AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
  1137. #endif
  1138. #endif
  1139. #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
  1140. /* Test loading CA certificates using a path */
  1141. #ifdef NO_RSA
  1142. /* failure here okay since certs in external directory are RSA */
  1143. AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
  1144. WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
  1145. #else
  1146. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
  1147. WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
  1148. #endif
  1149. /* Test loading path with no files */
  1150. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_no_certs_path,
  1151. WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);
  1152. /* Test loading expired CA certificates */
  1153. #ifdef NO_RSA
  1154. AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
  1155. WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
  1156. WOLFSSL_SUCCESS);
  1157. #else
  1158. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
  1159. WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
  1160. WOLFSSL_SUCCESS);
  1161. #endif
  1162. /* Test loading CA certificates and ignoring all errors */
  1163. #ifdef NO_RSA
  1164. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
  1165. WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
  1166. #else
  1167. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
  1168. WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
  1169. #endif
  1170. #endif
  1171. wolfSSL_CTX_free(ctx);
  1172. res = TEST_RES_CHECK(1);
  1173. #endif
  1174. return res;
  1175. }
  1176. static int test_wolfSSL_CTX_load_system_CA_certs(void)
  1177. {
  1178. int res = TEST_SKIPPED;
  1179. #if defined(WOLFSSL_SYS_CA_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \
  1180. (!defined(NO_RSA) || defined(HAVE_ECC))
  1181. WOLFSSL_CTX* ctx;
  1182. byte dirValid = 0;
  1183. int ret = 0;
  1184. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  1185. if (ctx == NULL) {
  1186. fprintf(stderr, "wolfSSL_CTX_new failed.\n");
  1187. ret = -1;
  1188. }
  1189. if (ret == 0) {
  1190. #if defined(USE_WINDOWS_API) || defined(__APPLE__)
  1191. dirValid = 1;
  1192. #else
  1193. word32 numDirs;
  1194. const char** caDirs = wolfSSL_get_system_CA_dirs(&numDirs);
  1195. if (caDirs == NULL || numDirs == 0) {
  1196. fprintf(stderr, "wolfSSL_get_system_CA_dirs failed.\n");
  1197. ret = -1;
  1198. }
  1199. else {
  1200. ReadDirCtx dirCtx;
  1201. word32 i;
  1202. for (i = 0; i < numDirs; ++i) {
  1203. if (wc_ReadDirFirst(&dirCtx, caDirs[i], NULL) == 0) {
  1204. /* Directory isn't empty. */
  1205. dirValid = 1;
  1206. wc_ReadDirClose(&dirCtx);
  1207. break;
  1208. }
  1209. }
  1210. }
  1211. #endif
  1212. }
  1213. /*
  1214. * If the directory isn't empty, we should be able to load CA
  1215. * certs from it. On Windows/Mac, we assume the CA cert stores are
  1216. * usable.
  1217. */
  1218. if (ret == 0 && dirValid && wolfSSL_CTX_load_system_CA_certs(ctx) !=
  1219. WOLFSSL_SUCCESS) {
  1220. fprintf(stderr, "wolfSSL_CTX_load_system_CA_certs failed.\n");
  1221. ret = -1;
  1222. }
  1223. #ifdef OPENSSL_EXTRA
  1224. if (ret == 0 &&
  1225. wolfSSL_CTX_set_default_verify_paths(ctx) != WOLFSSL_SUCCESS) {
  1226. fprintf(stderr, "wolfSSL_CTX_set_default_verify_paths failed.\n");
  1227. ret = -1;
  1228. }
  1229. #endif /* OPENSSL_EXTRA */
  1230. wolfSSL_CTX_free(ctx);
  1231. res = TEST_RES_CHECK(ret == 0);
  1232. #endif /* WOLFSSL_SYS_CA_CERTS && !NO_WOLFSSL_CLIENT */
  1233. return res;
  1234. }
  1235. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  1236. static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type)
  1237. {
  1238. int ret;
  1239. WOLFSSL_CERT_MANAGER* cm;
  1240. cm = wolfSSL_CertManagerNew();
  1241. if (cm == NULL) {
  1242. fprintf(stderr, "test_cm_load_ca failed\n");
  1243. return -1;
  1244. }
  1245. ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);
  1246. wolfSSL_CertManagerFree(cm);
  1247. return ret;
  1248. }
  1249. static int test_cm_load_ca_file(const char* ca_cert_file)
  1250. {
  1251. int ret = 0;
  1252. byte* cert_buf = NULL;
  1253. size_t cert_sz = 0;
  1254. #if defined(WOLFSSL_PEM_TO_DER)
  1255. DerBuffer* pDer = NULL;
  1256. #endif
  1257. ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
  1258. if (ret == 0) {
  1259. /* normal test */
  1260. ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM);
  1261. if (ret == WOLFSSL_SUCCESS) {
  1262. /* test including null terminator in length */
  1263. byte* tmp = (byte*)realloc(cert_buf, cert_sz+1);
  1264. if (tmp == NULL) {
  1265. ret = MEMORY_E;
  1266. }
  1267. else {
  1268. cert_buf = tmp;
  1269. cert_buf[cert_sz] = '\0';
  1270. ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1,
  1271. WOLFSSL_FILETYPE_PEM);
  1272. }
  1273. }
  1274. #if defined(WOLFSSL_PEM_TO_DER)
  1275. if (ret == WOLFSSL_SUCCESS) {
  1276. /* test loading DER */
  1277. ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
  1278. if (ret == 0 && pDer != NULL) {
  1279. ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
  1280. WOLFSSL_FILETYPE_ASN1);
  1281. wc_FreeDer(&pDer);
  1282. }
  1283. }
  1284. #endif
  1285. }
  1286. free(cert_buf);
  1287. return ret;
  1288. }
  1289. static int test_cm_load_ca_buffer_ex(const byte* cert_buf, size_t cert_sz,
  1290. int file_type, word32 flags)
  1291. {
  1292. int ret;
  1293. WOLFSSL_CERT_MANAGER* cm;
  1294. cm = wolfSSL_CertManagerNew();
  1295. if (cm == NULL) {
  1296. fprintf(stderr, "test_cm_load_ca failed\n");
  1297. return -1;
  1298. }
  1299. ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, cert_sz, file_type,
  1300. 0, flags);
  1301. wolfSSL_CertManagerFree(cm);
  1302. return ret;
  1303. }
  1304. static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags)
  1305. {
  1306. int ret = 0;
  1307. byte* cert_buf = NULL;
  1308. size_t cert_sz = 0;
  1309. #if defined(WOLFSSL_PEM_TO_DER)
  1310. DerBuffer* pDer = NULL;
  1311. #endif
  1312. ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
  1313. if (ret == 0) {
  1314. /* normal test */
  1315. ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz,
  1316. WOLFSSL_FILETYPE_PEM, flags);
  1317. if (ret == WOLFSSL_SUCCESS) {
  1318. /* test including null terminator in length */
  1319. byte* tmp = (byte*)realloc(cert_buf, cert_sz+1);
  1320. if (tmp == NULL) {
  1321. ret = MEMORY_E;
  1322. }
  1323. else {
  1324. cert_buf = tmp;
  1325. cert_buf[cert_sz] = '\0';
  1326. ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz+1,
  1327. WOLFSSL_FILETYPE_PEM, flags);
  1328. }
  1329. }
  1330. #if defined(WOLFSSL_PEM_TO_DER)
  1331. if (ret == WOLFSSL_SUCCESS) {
  1332. /* test loading DER */
  1333. ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
  1334. if (ret == 0 && pDer != NULL) {
  1335. ret = test_cm_load_ca_buffer_ex(pDer->buffer, pDer->length,
  1336. WOLFSSL_FILETYPE_ASN1, flags);
  1337. wc_FreeDer(&pDer);
  1338. }
  1339. }
  1340. #endif
  1341. }
  1342. free(cert_buf);
  1343. return ret;
  1344. }
  1345. #endif /* !NO_FILESYSTEM && !NO_CERTS */
  1346. static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
  1347. {
  1348. int res = TEST_SKIPPED;
  1349. #if defined(HAVE_OCSP) && !defined(NO_RSA)
  1350. /* Need one of these for wolfSSL_OCSP_REQUEST_new. */
  1351. #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
  1352. defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
  1353. defined(HAVE_LIGHTY)
  1354. WOLFSSL_CERT_MANAGER* cm = NULL;
  1355. /* Raw OCSP response bytes captured using the following setup:
  1356. * - Run responder with
  1357. * openssl ocsp -port 9999 -ndays 9999
  1358. * -index certs/ocsp/index-intermediate1-ca-issued-certs.txt
  1359. * -rsigner certs/ocsp/ocsp-responder-cert.pem
  1360. * -rkey certs/ocsp/ocsp-responder-key.pem
  1361. * -CA certs/ocsp/intermediate1-ca-cert.pem
  1362. * - Run client with
  1363. * openssl ocsp -host 127.0.0.1:9999 -respout resp.out
  1364. * -issuer certs/ocsp/intermediate1-ca-cert.pem
  1365. * -cert certs/ocsp/server1-cert.pem
  1366. * -CAfile certs/ocsp/root-ca-cert.pem -noverify
  1367. * - Copy raw response from Wireshark.
  1368. */
  1369. byte response[] = {
  1370. 0x30, 0x82, 0x07, 0x40, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x39, 0x30, 0x82, 0x07, 0x35, 0x06,
  1371. 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, 0x07, 0x26, 0x30, 0x82,
  1372. 0x07, 0x22, 0x30, 0x82, 0x01, 0x40, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09,
  1373. 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
  1374. 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
  1375. 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
  1376. 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
  1377. 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67,
  1378. 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
  1379. 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20,
  1380. 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
  1381. 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
  1382. 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31,
  1383. 0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0x30, 0x64, 0x30, 0x62, 0x30,
  1384. 0x3a, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x71, 0x4d,
  1385. 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18,
  1386. 0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2,
  1387. 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32,
  1388. 0x30, 0x32, 0x31, 0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0xa0, 0x11,
  1389. 0x18, 0x0f, 0x32, 0x30, 0x34, 0x38, 0x30, 0x39, 0x31, 0x37, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30,
  1390. 0x5a, 0xa1, 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
  1391. 0x01, 0x02, 0x04, 0x12, 0x04, 0x10, 0x38, 0x31, 0x60, 0x99, 0xc8, 0x05, 0x09, 0x68, 0x1c, 0x33,
  1392. 0x49, 0xea, 0x45, 0x26, 0x2f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
  1393. 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4d, 0x58, 0xcc, 0x69, 0x42, 0xe2,
  1394. 0x9e, 0x64, 0xf6, 0x57, 0xce, 0xcb, 0x5f, 0x14, 0xaf, 0x08, 0x6c, 0xc1, 0x52, 0x7a, 0x40, 0x0a,
  1395. 0xfd, 0xb6, 0xce, 0xbb, 0x40, 0xf4, 0xb9, 0xa5, 0x88, 0xc7, 0xf3, 0x42, 0x9f, 0xa9, 0x94, 0xbe,
  1396. 0x6e, 0x7e, 0x09, 0x30, 0x9d, 0x0e, 0x10, 0x6f, 0x9c, 0xd9, 0x4c, 0x71, 0x81, 0x41, 0x64, 0x95,
  1397. 0xf5, 0x85, 0x77, 0x94, 0x81, 0x61, 0x88, 0xc8, 0x0b, 0x50, 0xbb, 0x37, 0xc8, 0x86, 0x76, 0xd8,
  1398. 0xa2, 0xed, 0x66, 0x34, 0xfb, 0xe4, 0xe7, 0x09, 0x8c, 0xf5, 0xb5, 0x85, 0xd0, 0x4b, 0xb5, 0xe6,
  1399. 0x23, 0x62, 0xc3, 0xd0, 0xef, 0xf7, 0x42, 0x89, 0x02, 0x80, 0x64, 0xc9, 0xed, 0xdd, 0x7c, 0x8f,
  1400. 0x0d, 0xe7, 0x43, 0x9b, 0x88, 0x1f, 0xb0, 0xfd, 0x24, 0x01, 0xc7, 0x55, 0xc3, 0x73, 0x12, 0x84,
  1401. 0x09, 0x7c, 0x57, 0xa8, 0x5d, 0xab, 0x75, 0x29, 0x5c, 0x36, 0x97, 0x64, 0x40, 0x0b, 0x55, 0x34,
  1402. 0x0a, 0x5d, 0xb1, 0x1b, 0x61, 0x1b, 0xdc, 0xe5, 0x89, 0xdd, 0x92, 0x62, 0x57, 0xa7, 0x52, 0xb4,
  1403. 0x38, 0x9a, 0x48, 0xc8, 0x3a, 0x14, 0xde, 0x69, 0x42, 0xe9, 0x37, 0xa4, 0xe7, 0x2d, 0x00, 0xa7,
  1404. 0x0b, 0x29, 0x18, 0xd5, 0xce, 0xd9, 0x0d, 0xdd, 0xfe, 0xae, 0x86, 0xb3, 0x32, 0x1c, 0xc9, 0x33,
  1405. 0xb0, 0x2b, 0xb7, 0x3c, 0x0d, 0x43, 0xd8, 0x6c, 0xf2, 0xb7, 0xcd, 0x7b, 0xd5, 0x7d, 0xf0, 0xde,
  1406. 0x34, 0x9f, 0x6d, 0x83, 0xb9, 0xd5, 0xed, 0xe3, 0xda, 0x96, 0x40, 0x9e, 0xd6, 0xa6, 0xfd, 0x70,
  1407. 0x80, 0x70, 0x87, 0x61, 0x0f, 0xc5, 0x9f, 0x75, 0xfe, 0x11, 0x78, 0x34, 0xc9, 0x42, 0x16, 0x73,
  1408. 0x46, 0x7b, 0x05, 0x53, 0x28, 0x43, 0xbe, 0xee, 0x88, 0x67, 0x1d, 0xcc, 0x74, 0xa7, 0xb6, 0x58,
  1409. 0x7b, 0x29, 0x68, 0x40, 0xcf, 0xce, 0x7b, 0x19, 0x33, 0x68, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82,
  1410. 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
  1411. 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
  1412. 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
  1413. 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
  1414. 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
  1415. 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
  1416. 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
  1417. 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
  1418. 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53,
  1419. 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
  1420. 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
  1421. 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32,
  1422. 0x31, 0x30, 0x32, 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x33,
  1423. 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b,
  1424. 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
  1425. 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e,
  1426. 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
  1427. 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c,
  1428. 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
  1429. 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03,
  1430. 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53,
  1431. 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06,
  1432. 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
  1433. 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22,
  1434. 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
  1435. 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23,
  1436. 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85,
  1437. 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63,
  1438. 0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41,
  1439. 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b,
  1440. 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8,
  1441. 0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce,
  1442. 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a,
  1443. 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2,
  1444. 0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a,
  1445. 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb,
  1446. 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab,
  1447. 0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11,
  1448. 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b,
  1449. 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14,
  1450. 0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3,
  1451. 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01,
  1452. 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d,
  1453. 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
  1454. 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46,
  1455. 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30,
  1456. 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
  1457. 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81,
  1458. 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
  1459. 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
  1460. 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65,
  1461. 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07,
  1462. 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
  1463. 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30,
  1464. 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20,
  1465. 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
  1466. 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c,
  1467. 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55,
  1468. 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09,
  1469. 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
  1470. 0x82, 0x01, 0x01, 0x00, 0x07, 0xca, 0xa6, 0xa1, 0x9f, 0xbf, 0xaf, 0x92, 0x41, 0x35, 0x66, 0x51,
  1471. 0xac, 0xbc, 0x2c, 0xec, 0xe7, 0x8d, 0x65, 0x7e, 0xe9, 0x40, 0xfe, 0x5a, 0xab, 0x8a, 0x1d, 0x3d,
  1472. 0x13, 0xdb, 0xb4, 0x43, 0x2c, 0x9a, 0x36, 0x98, 0x21, 0xa5, 0xe8, 0xca, 0xa9, 0x4d, 0xfc, 0xe3,
  1473. 0xf7, 0x45, 0x88, 0xcd, 0x33, 0xbf, 0x8a, 0x62, 0x10, 0x2f, 0xb2, 0xb7, 0x04, 0xef, 0x26, 0x43,
  1474. 0x51, 0x1d, 0x43, 0x62, 0x7d, 0x1e, 0x50, 0xc8, 0xd5, 0x98, 0x94, 0x71, 0x8f, 0x3b, 0x23, 0x26,
  1475. 0xf1, 0x71, 0x8e, 0x1e, 0x3d, 0x3f, 0x21, 0xfd, 0xb7, 0x2d, 0x65, 0xe4, 0x07, 0x65, 0xac, 0x3c,
  1476. 0xfc, 0xc0, 0x47, 0xa9, 0x32, 0xf6, 0xda, 0x26, 0x93, 0x10, 0xb2, 0xd1, 0x6d, 0xc8, 0x81, 0x31,
  1477. 0x7c, 0xb0, 0x6b, 0xc5, 0x22, 0x8d, 0xb3, 0xfa, 0xbe, 0x82, 0xea, 0x41, 0x42, 0xc4, 0xc0, 0xef,
  1478. 0xe3, 0x84, 0x0f, 0x6f, 0x9a, 0x03, 0x63, 0xb3, 0x30, 0xe0, 0x31, 0x81, 0x2a, 0x16, 0xb3, 0x47,
  1479. 0xd9, 0x5b, 0x38, 0x93, 0x07, 0xd0, 0x6e, 0x79, 0x52, 0x2c, 0xe5, 0x50, 0x84, 0x79, 0x10, 0xe7,
  1480. 0xf6, 0x31, 0x7a, 0x3e, 0x48, 0xa2, 0x38, 0x21, 0x90, 0x7a, 0xf2, 0x5f, 0x48, 0xa4, 0x46, 0x93,
  1481. 0x87, 0xdd, 0x5c, 0x83, 0x64, 0xea, 0xb5, 0x99, 0xa2, 0xe9, 0x01, 0x40, 0xfe, 0xf0, 0x48, 0x66,
  1482. 0x4f, 0x96, 0xf7, 0x83, 0x52, 0xf8, 0x6d, 0xf8, 0x5f, 0xed, 0x0c, 0xbb, 0xbe, 0xd0, 0x69, 0x10,
  1483. 0x4b, 0x99, 0x8f, 0xf8, 0x61, 0x53, 0x9d, 0x12, 0xca, 0x86, 0xaa, 0xb1, 0x80, 0xb4, 0xa6, 0xc1,
  1484. 0xcb, 0xb7, 0x48, 0xf7, 0x9f, 0x55, 0xb4, 0x6e, 0xab, 0xd3, 0xa1, 0xaa, 0x4b, 0xa7, 0x21, 0x6e,
  1485. 0x16, 0x7f, 0xad, 0xbb, 0xea, 0x0f, 0x41, 0x80, 0x9b, 0x7f, 0xd6, 0x46, 0xa2, 0xc0, 0x61, 0x72,
  1486. 0x59, 0x59, 0xa0, 0x07
  1487. };
  1488. OcspEntry entry[1];
  1489. CertStatus status[1];
  1490. OcspRequest* request;
  1491. byte serial[] = {0x05};
  1492. byte issuerHash[] = {0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04};
  1493. byte issuerKeyHash[] = {0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e};
  1494. XMEMSET(entry, 0, sizeof(OcspEntry));
  1495. XMEMSET(status, 0, sizeof(CertStatus));
  1496. AssertNotNull(request = wolfSSL_OCSP_REQUEST_new());
  1497. request->serial = (byte*)XMALLOC(sizeof(serial), NULL,
  1498. DYNAMIC_TYPE_OCSP_REQUEST);
  1499. AssertNotNull(request->serial);
  1500. request->serialSz = sizeof(serial);
  1501. XMEMCPY(request->serial, serial, sizeof(serial));
  1502. XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash));
  1503. XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash));
  1504. AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
  1505. AssertIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS);
  1506. AssertIntEQ(wolfSSL_CertManagerLoadCA(cm,
  1507. "./certs/ocsp/intermediate1-ca-cert.pem", NULL), WOLFSSL_SUCCESS);
  1508. /* Response should be valid. */
  1509. AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, response,
  1510. sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS);
  1511. /* Flip a byte in the request serial number, response should be invalid
  1512. * now. */
  1513. request->serial[0] ^= request->serial[0];
  1514. AssertIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, response,
  1515. sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS);
  1516. wolfSSL_OCSP_REQUEST_free(request);
  1517. wolfSSL_CertManagerFree(cm);
  1518. res = TEST_RES_CHECK(1);
  1519. #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
  1520. * WOLFSSL_APACHE_HTTPD || HAVE_LIGHTY */
  1521. #endif /* HAVE_OCSP */
  1522. return res;
  1523. }
  1524. static int test_wolfSSL_CheckOCSPResponse(void)
  1525. {
  1526. int result = TEST_SKIPPED;
  1527. #if defined(HAVE_OCSP) && !defined(NO_RSA) && defined(OPENSSL_ALL)
  1528. const char* responseFile = "./certs/ocsp/test-response.der";
  1529. const char* responseMultiFile = "./certs/ocsp/test-multi-response.der";
  1530. const char* responseNoInternFile = "./certs/ocsp/test-response-nointern.der";
  1531. const char* caFile = "./certs/ocsp/root-ca-cert.pem";
  1532. OcspResponse* res = NULL;
  1533. byte data[4096];
  1534. const unsigned char* pt;
  1535. int dataSz;
  1536. XFILE f;
  1537. WOLFSSL_OCSP_BASICRESP* bs;
  1538. WOLFSSL_X509_STORE* st;
  1539. WOLFSSL_X509* issuer;
  1540. f = XFOPEN(responseFile, "rb");
  1541. AssertTrue(f != XBADFILE);
  1542. dataSz = (word32)XFREAD(data, 1, sizeof(data), f);
  1543. AssertIntGT(dataSz, 0);
  1544. XFCLOSE(f);
  1545. pt = data;
  1546. res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz);
  1547. AssertNotNull(res);
  1548. issuer = wolfSSL_X509_load_certificate_file(caFile, SSL_FILETYPE_PEM);
  1549. AssertNotNull(issuer);
  1550. st = wolfSSL_X509_STORE_new();
  1551. AssertNotNull(st);
  1552. AssertIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS);
  1553. bs = wolfSSL_OCSP_response_get1_basic(res);
  1554. AssertNotNull(bs);
  1555. AssertIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), WOLFSSL_SUCCESS);
  1556. wolfSSL_OCSP_BASICRESP_free(bs);
  1557. wolfSSL_OCSP_RESPONSE_free(res);
  1558. wolfSSL_X509_STORE_free(st);
  1559. wolfSSL_X509_free(issuer);
  1560. /* check loading a response with optional certs */
  1561. f = XFOPEN(responseNoInternFile, "rb");
  1562. AssertTrue(f != XBADFILE);
  1563. dataSz = (word32)XFREAD(data, 1, sizeof(data), f);
  1564. AssertIntGT(dataSz, 0);
  1565. XFCLOSE(f);
  1566. pt = data;
  1567. res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz);
  1568. AssertNotNull(res);
  1569. wolfSSL_OCSP_RESPONSE_free(res);
  1570. /* check loading a response with multiple certs */
  1571. {
  1572. WOLFSSL_CERT_MANAGER* cm = NULL;
  1573. OcspEntry *entry;
  1574. CertStatus* status;
  1575. OcspRequest* request;
  1576. byte serial1[] = {0x01};
  1577. byte serial[] = {0x02};
  1578. byte issuerHash[] = {
  1579. 0x44, 0xA8, 0xDB, 0xD1, 0xBC, 0x97, 0x0A, 0x83,
  1580. 0x3B, 0x5B, 0x31, 0x9A, 0x4C, 0xB8, 0xD2, 0x52,
  1581. 0x37, 0x15, 0x8A, 0x88
  1582. };
  1583. byte issuerKeyHash[] = {
  1584. 0x73, 0xB0, 0x1C, 0xA4, 0x2F, 0x82, 0xCB, 0xCF,
  1585. 0x47, 0xA5, 0x38, 0xD7, 0xB0, 0x04, 0x82, 0x3A,
  1586. 0x7E, 0x72, 0x15, 0x21
  1587. };
  1588. entry = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL,
  1589. DYNAMIC_TYPE_OPENSSL);
  1590. AssertNotNull(entry);
  1591. status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
  1592. DYNAMIC_TYPE_OPENSSL);
  1593. AssertNotNull(status);
  1594. XMEMSET(entry, 0, sizeof(OcspEntry));
  1595. XMEMSET(status, 0, sizeof(CertStatus));
  1596. AssertNotNull(request = wolfSSL_OCSP_REQUEST_new());
  1597. request->serial = (byte*)XMALLOC(sizeof(serial), NULL,
  1598. DYNAMIC_TYPE_OCSP_REQUEST);
  1599. AssertNotNull(request->serial);
  1600. request->serialSz = sizeof(serial);
  1601. XMEMCPY(request->serial, serial, sizeof(serial));
  1602. XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash));
  1603. XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash));
  1604. AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
  1605. AssertIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS);
  1606. AssertIntEQ(wolfSSL_CertManagerLoadCA(cm, caFile, NULL),
  1607. WOLFSSL_SUCCESS);
  1608. f = XFOPEN(responseMultiFile, "rb");
  1609. AssertTrue(f != XBADFILE);
  1610. dataSz = (word32)XFREAD(data, 1, sizeof(data), f);
  1611. AssertIntGT(dataSz, 0);
  1612. XFCLOSE(f);
  1613. AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
  1614. dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS);
  1615. AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
  1616. dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS);
  1617. AssertNotNull(entry->status);
  1618. XMEMCPY(request->serial, serial1, sizeof(serial1));
  1619. AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
  1620. dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS);
  1621. /* store both status's in the entry to check that "next" is not
  1622. * overwritten */
  1623. status->next = entry->status;
  1624. entry->status = status;
  1625. XMEMCPY(request->serial, serial, sizeof(serial));
  1626. AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
  1627. dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS);
  1628. AssertNotNull(entry->status->next);
  1629. /* compare the status found */
  1630. AssertIntEQ(status->serialSz, entry->status->serialSz);
  1631. AssertIntEQ(XMEMCMP(status->serial, entry->status->serial,
  1632. status->serialSz), 0);
  1633. wolfSSL_OCSP_CERTID_free(entry);
  1634. wolfSSL_OCSP_REQUEST_free(request);
  1635. wolfSSL_CertManagerFree(cm);
  1636. }
  1637. #if defined(WC_RSA_PSS)
  1638. {
  1639. const char* responsePssFile = "./certs/ocsp/test-response-rsapss.der";
  1640. /* check loading a response with RSA-PSS signature */
  1641. f = XFOPEN(responsePssFile, "rb");
  1642. AssertTrue(f != XBADFILE);
  1643. dataSz = (word32)XFREAD(data, 1, sizeof(data), f);
  1644. AssertIntGT(dataSz, 0);
  1645. XFCLOSE(f);
  1646. pt = data;
  1647. res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz);
  1648. AssertNotNull(res);
  1649. /* try to verify the response */
  1650. issuer = wolfSSL_X509_load_certificate_file(caFile, SSL_FILETYPE_PEM);
  1651. AssertNotNull(issuer);
  1652. st = wolfSSL_X509_STORE_new();
  1653. AssertNotNull(st);
  1654. AssertIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS);
  1655. bs = wolfSSL_OCSP_response_get1_basic(res);
  1656. AssertNotNull(bs);
  1657. AssertIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), WOLFSSL_SUCCESS);
  1658. wolfSSL_OCSP_BASICRESP_free(bs);
  1659. wolfSSL_OCSP_RESPONSE_free(res);
  1660. wolfSSL_X509_STORE_free(st);
  1661. wolfSSL_X509_free(issuer);
  1662. }
  1663. #endif
  1664. result = TEST_RES_CHECK(1);
  1665. #endif /* HAVE_OCSP */
  1666. return result;
  1667. }
  1668. static int test_wolfSSL_CertManagerLoadCABuffer(void)
  1669. {
  1670. int res = TEST_SKIPPED;
  1671. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  1672. const char* ca_cert = "./certs/ca-cert.pem";
  1673. const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
  1674. int ret;
  1675. ret = test_cm_load_ca_file(ca_cert);
  1676. #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
  1677. AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
  1678. #elif defined(NO_RSA)
  1679. AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
  1680. #else
  1681. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  1682. #endif
  1683. ret = test_cm_load_ca_file(ca_expired_cert);
  1684. #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
  1685. AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
  1686. res = TEST_RES_CHECK(ret == WOLFSSL_FATAL_ERROR);
  1687. #elif defined(NO_RSA)
  1688. AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
  1689. res = TEST_RES_CHECK(ret == ASN_UNKNOWN_OID_E);
  1690. #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
  1691. !defined(OPENSSL_COMPATIBLE_DEFAULTS)
  1692. AssertIntEQ(ret, ASN_AFTER_DATE_E);
  1693. res = TEST_RES_CHECK(ret == ASN_AFTER_DATE_E);
  1694. #else
  1695. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  1696. res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS);
  1697. #endif
  1698. #endif
  1699. return res;
  1700. }
  1701. static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
  1702. {
  1703. int res = TEST_SKIPPED;
  1704. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  1705. const char* ca_cert = "./certs/ca-cert.pem";
  1706. const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
  1707. int ret;
  1708. ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE);
  1709. #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
  1710. AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
  1711. #elif defined(NO_RSA)
  1712. AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
  1713. #else
  1714. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  1715. #endif
  1716. ret = test_cm_load_ca_file_ex(ca_expired_cert,
  1717. WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY);
  1718. #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
  1719. AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
  1720. res = TEST_RES_CHECK(ret == WOLFSSL_FATAL_ERROR);
  1721. #elif defined(NO_RSA)
  1722. AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
  1723. res = TEST_RES_CHECK(ret == ASN_UNKNOWN_OID_E);
  1724. #else
  1725. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  1726. res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS);
  1727. #endif
  1728. #endif
  1729. return res;
  1730. }
  1731. static int test_wolfSSL_CertManagerGetCerts(void)
  1732. {
  1733. int res = TEST_SKIPPED;
  1734. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  1735. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
  1736. defined(WOLFSSL_SIGNER_DER_CERT)
  1737. WOLFSSL_CERT_MANAGER* cm = NULL;
  1738. WOLFSSL_STACK* sk = NULL;
  1739. X509* x509 = NULL;
  1740. X509* cert1 = NULL;
  1741. FILE* file1 = NULL;
  1742. #ifdef DEBUG_WOLFSSL_VERBOSE
  1743. WOLFSSL_BIO* bio = NULL;
  1744. #endif
  1745. int i = 0;
  1746. int ret = 0;
  1747. const byte* der;
  1748. int derSz = 0;
  1749. AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
  1750. AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
  1751. fclose(file1);
  1752. AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
  1753. AssertNull(sk = wolfSSL_CertManagerGetCerts(cm));
  1754. AssertNotNull(der = wolfSSL_X509_get_der(cert1, &derSz));
  1755. ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1);
  1756. #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
  1757. /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT
  1758. * and full OpenSSL compatibility */
  1759. AssertIntEQ(ret, ASN_SELF_SIGNED_E);
  1760. #else
  1761. AssertIntEQ(ret, ASN_NO_SIGNER_E);
  1762. #endif
  1763. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
  1764. "./certs/ca-cert.pem", NULL));
  1765. AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm));
  1766. for (i = 0; i < sk_X509_num(sk); i++) {
  1767. x509 = sk_X509_value(sk, i);
  1768. AssertIntEQ(0, wolfSSL_X509_cmp(x509, cert1));
  1769. #ifdef DEBUG_WOLFSSL_VERBOSE
  1770. bio = BIO_new(wolfSSL_BIO_s_file());
  1771. if (bio != NULL) {
  1772. BIO_set_fp(bio, stderr, BIO_NOCLOSE);
  1773. X509_print(bio, x509);
  1774. BIO_free(bio);
  1775. }
  1776. #endif /* DEBUG_WOLFSSL_VERBOSE */
  1777. }
  1778. wolfSSL_X509_free(cert1);
  1779. sk_X509_pop_free(sk, NULL);
  1780. wolfSSL_CertManagerFree(cm);
  1781. res = TEST_RES_CHECK(1);
  1782. #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  1783. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
  1784. defined(WOLFSSL_SIGNER_DER_CERT) */
  1785. return res;
  1786. }
  1787. static int test_wolfSSL_CertManagerSetVerify(void)
  1788. {
  1789. int res = TEST_SKIPPED;
  1790. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  1791. !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
  1792. (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
  1793. int ret = 0;
  1794. WOLFSSL_CERT_MANAGER* cm;
  1795. int tmp = myVerifyAction;
  1796. const char* ca_cert = "./certs/ca-cert.pem";
  1797. const char* expiredCert = "./certs/test/expired/expired-cert.pem";
  1798. cm = wolfSSL_CertManagerNew();
  1799. AssertNotNull(cm);
  1800. wolfSSL_CertManagerSetVerify(cm, myVerify);
  1801. ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL);
  1802. #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
  1803. AssertIntEQ(ret, -1);
  1804. #else
  1805. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  1806. #endif
  1807. /* Use the test CB that always accepts certs */
  1808. myVerifyAction = VERIFY_OVERRIDE_ERROR;
  1809. ret = wolfSSL_CertManagerVerify(cm, expiredCert, WOLFSSL_FILETYPE_PEM);
  1810. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  1811. #ifdef WOLFSSL_ALWAYS_VERIFY_CB
  1812. {
  1813. const char* verifyCert = "./certs/server-cert.pem";
  1814. /* Use the test CB that always fails certs */
  1815. myVerifyAction = VERIFY_FORCE_FAIL;
  1816. ret = wolfSSL_CertManagerVerify(cm, verifyCert, WOLFSSL_FILETYPE_PEM);
  1817. AssertIntEQ(ret, VERIFY_CERT_ERROR);
  1818. }
  1819. #endif
  1820. wolfSSL_CertManagerFree(cm);
  1821. myVerifyAction = tmp;
  1822. res = TEST_RES_CHECK(1);
  1823. #endif
  1824. return res;
  1825. }
  1826. #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  1827. defined(DEBUG_UNIT_TEST_CERTS)
  1828. /* Used when debugging name constraint tests. Not static to allow use in
  1829. * multiple locations with complex define guards. */
  1830. void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName)
  1831. {
  1832. BIO* out = BIO_new_file(fileName, "wb");
  1833. if (out != NULL) {
  1834. PEM_write_bio_X509(out, x509);
  1835. BIO_free(out);
  1836. }
  1837. }
  1838. void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName)
  1839. {
  1840. BIO* out = BIO_new_file(fileName, "wb");
  1841. if (out != NULL) {
  1842. BIO_write(out, der, derSz);
  1843. BIO_free(out);
  1844. }
  1845. }
  1846. #else
  1847. #define DEBUG_WRITE_CERT_X509(x509, fileName)
  1848. #define DEBUG_WRITE_DER(der, derSz, fileName)
  1849. #endif
  1850. static int test_wolfSSL_CertManagerNameConstraint(void)
  1851. {
  1852. int res = TEST_SKIPPED;
  1853. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  1854. !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
  1855. defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
  1856. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
  1857. !defined(NO_SHA256)
  1858. WOLFSSL_CERT_MANAGER* cm;
  1859. WOLFSSL_EVP_PKEY *priv;
  1860. WOLFSSL_X509_NAME* name;
  1861. const char* ca_cert = "./certs/test/cert-ext-nc.der";
  1862. const char* server_cert = "./certs/test/server-goodcn.pem";
  1863. int i = 0;
  1864. static const byte extNameConsOid[] = {85, 29, 30};
  1865. RsaKey key;
  1866. WC_RNG rng;
  1867. byte *der;
  1868. int derSz;
  1869. word32 idx = 0;
  1870. byte *pt;
  1871. WOLFSSL_X509 *x509, *ca;
  1872. wc_InitRng(&rng);
  1873. /* load in CA private key for signing */
  1874. AssertIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, testDevId), 0);
  1875. AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
  1876. sizeof_server_key_der_2048), 0);
  1877. /* get ca certificate then alter it */
  1878. AssertNotNull(der =
  1879. (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  1880. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert,
  1881. WOLFSSL_FILETYPE_ASN1));
  1882. AssertNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
  1883. XMEMCPY(der, pt, derSz);
  1884. /* find the name constraint extension and alter it */
  1885. pt = der;
  1886. for (i = 0; i < derSz - 3; i++) {
  1887. if (XMEMCMP(pt, extNameConsOid, 3) == 0) {
  1888. pt += 3;
  1889. break;
  1890. }
  1891. pt++;
  1892. }
  1893. AssertIntNE(i, derSz - 3); /* did not find OID if this case is hit */
  1894. /* go to the length value and set it to 0 */
  1895. while (i < derSz && *pt != 0x81) {
  1896. pt++;
  1897. i++;
  1898. }
  1899. AssertIntNE(i, derSz); /* did not place to alter */
  1900. pt++;
  1901. *pt = 0x00;
  1902. /* resign the altered certificate */
  1903. AssertIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der,
  1904. FOURK_BUF, &key, NULL, &rng)), 0);
  1905. AssertNotNull(cm = wolfSSL_CertManagerNew());
  1906. AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
  1907. WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
  1908. wolfSSL_CertManagerFree(cm);
  1909. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1910. wolfSSL_X509_free(x509);
  1911. wc_FreeRsaKey(&key);
  1912. wc_FreeRng(&rng);
  1913. /* add email alt name to satisfy constraint */
  1914. pt = (byte*)server_key_der_2048;
  1915. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  1916. (const unsigned char**)&pt, sizeof_server_key_der_2048));
  1917. AssertNotNull(cm = wolfSSL_CertManagerNew());
  1918. AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
  1919. WOLFSSL_FILETYPE_ASN1));
  1920. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
  1921. DEBUG_WRITE_DER(der, derSz, "ca.der");
  1922. AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
  1923. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1924. /* Good cert test with proper alt email name */
  1925. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  1926. WOLFSSL_FILETYPE_PEM));
  1927. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  1928. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  1929. AssertNotNull(name = X509_NAME_new());
  1930. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  1931. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  1932. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  1933. (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
  1934. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
  1935. (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
  1936. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  1937. X509_NAME_free(name);
  1938. wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
  1939. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  1940. DEBUG_WRITE_CERT_X509(x509, "good-cert.pem");
  1941. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  1942. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  1943. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1944. wolfSSL_X509_free(x509);
  1945. /* Cert with bad alt name list */
  1946. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  1947. WOLFSSL_FILETYPE_PEM));
  1948. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  1949. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  1950. AssertNotNull(name = X509_NAME_new());
  1951. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  1952. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  1953. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  1954. (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
  1955. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
  1956. (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
  1957. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  1958. X509_NAME_free(name);
  1959. wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE);
  1960. wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
  1961. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  1962. DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
  1963. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  1964. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  1965. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  1966. wolfSSL_CertManagerFree(cm);
  1967. wolfSSL_X509_free(x509);
  1968. wolfSSL_X509_free(ca);
  1969. wolfSSL_EVP_PKEY_free(priv);
  1970. res = TEST_RES_CHECK(1);
  1971. #endif
  1972. return res;
  1973. }
  1974. static int test_wolfSSL_CertManagerNameConstraint2(void)
  1975. {
  1976. int res = TEST_SKIPPED;
  1977. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  1978. !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
  1979. defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
  1980. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES)
  1981. const char* ca_cert = "./certs/test/cert-ext-ndir.der";
  1982. const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der";
  1983. const char* server_cert = "./certs/server-cert.pem";
  1984. WOLFSSL_CERT_MANAGER* cm;
  1985. WOLFSSL_X509 *x509, *ca;
  1986. const unsigned char *der;
  1987. const unsigned char *pt;
  1988. WOLFSSL_EVP_PKEY *priv;
  1989. WOLFSSL_X509_NAME* name;
  1990. int derSz;
  1991. /* C=US*/
  1992. char altName[] = {
  1993. 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
  1994. 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53
  1995. };
  1996. /* C=ID */
  1997. char altNameFail[] = {
  1998. 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
  1999. 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x44
  2000. };
  2001. /* C=US ST=California*/
  2002. char altNameExc[] = {
  2003. 0x30, 0x22,
  2004. 0x31, 0x0B,
  2005. 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
  2006. 0x31, 0x13,
  2007. 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A,
  2008. 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61
  2009. };
  2010. /* load in CA private key for signing */
  2011. pt = ca_key_der_2048;
  2012. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
  2013. sizeof_ca_key_der_2048));
  2014. AssertNotNull(cm = wolfSSL_CertManagerNew());
  2015. AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
  2016. WOLFSSL_FILETYPE_ASN1));
  2017. AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
  2018. AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
  2019. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2020. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2021. WOLFSSL_FILETYPE_PEM));
  2022. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2023. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2024. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
  2025. wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
  2026. #else
  2027. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  2028. #endif
  2029. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  2030. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2031. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2032. /* add in matching DIR alt name and resign */
  2033. wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
  2034. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
  2035. wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
  2036. #else
  2037. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  2038. #endif
  2039. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  2040. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2041. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2042. wolfSSL_X509_free(x509);
  2043. /* check verify fail */
  2044. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2045. WOLFSSL_FILETYPE_PEM));
  2046. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2047. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2048. /* add in miss matching DIR alt name and resign */
  2049. wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
  2050. ASN_DIR_TYPE);
  2051. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
  2052. wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
  2053. #else
  2054. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  2055. #endif
  2056. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  2057. #ifndef WOLFSSL_NO_ASN_STRICT
  2058. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2059. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  2060. #else
  2061. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2062. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2063. #endif
  2064. /* check that it still fails if one bad altname and one good altname is in
  2065. * the certificate */
  2066. wolfSSL_X509_free(x509);
  2067. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2068. WOLFSSL_FILETYPE_PEM));
  2069. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2070. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2071. wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
  2072. wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
  2073. ASN_DIR_TYPE);
  2074. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
  2075. wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
  2076. #else
  2077. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  2078. #endif
  2079. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  2080. #ifndef WOLFSSL_NO_ASN_STRICT
  2081. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2082. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  2083. #else
  2084. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2085. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2086. #endif
  2087. /* check it fails with switching position of bad altname */
  2088. wolfSSL_X509_free(x509);
  2089. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2090. WOLFSSL_FILETYPE_PEM));
  2091. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2092. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2093. wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
  2094. ASN_DIR_TYPE);
  2095. wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
  2096. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
  2097. wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
  2098. #else
  2099. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  2100. #endif
  2101. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  2102. #ifndef WOLFSSL_NO_ASN_STRICT
  2103. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2104. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  2105. #else
  2106. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2107. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2108. #endif
  2109. wolfSSL_CertManagerFree(cm);
  2110. wolfSSL_X509_free(x509);
  2111. wolfSSL_X509_free(ca);
  2112. /* now test with excluded name constraint */
  2113. AssertNotNull(cm = wolfSSL_CertManagerNew());
  2114. AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2,
  2115. WOLFSSL_FILETYPE_ASN1));
  2116. AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
  2117. AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
  2118. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2119. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2120. WOLFSSL_FILETYPE_PEM));
  2121. wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc),
  2122. ASN_DIR_TYPE);
  2123. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2124. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2125. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
  2126. wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
  2127. #else
  2128. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  2129. #endif
  2130. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  2131. #ifndef WOLFSSL_NO_ASN_STRICT
  2132. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2133. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  2134. #else
  2135. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2136. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2137. #endif
  2138. wolfSSL_CertManagerFree(cm);
  2139. wolfSSL_X509_free(x509);
  2140. wolfSSL_X509_free(ca);
  2141. wolfSSL_EVP_PKEY_free(priv);
  2142. res = TEST_RES_CHECK(1);
  2143. #endif
  2144. return res;
  2145. }
  2146. static int test_wolfSSL_CertManagerNameConstraint3(void)
  2147. {
  2148. int res = TEST_SKIPPED;
  2149. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  2150. !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
  2151. defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
  2152. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
  2153. !defined(NO_SHA256)
  2154. WOLFSSL_CERT_MANAGER* cm;
  2155. WOLFSSL_EVP_PKEY *priv;
  2156. WOLFSSL_X509_NAME* name;
  2157. const char* ca_cert = "./certs/test/cert-ext-mnc.der";
  2158. const char* server_cert = "./certs/test/server-goodcn.pem";
  2159. byte *der;
  2160. int derSz;
  2161. byte *pt;
  2162. WOLFSSL_X509 *x509, *ca;
  2163. pt = (byte*)server_key_der_2048;
  2164. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  2165. (const unsigned char**)&pt, sizeof_server_key_der_2048));
  2166. AssertNotNull(cm = wolfSSL_CertManagerNew());
  2167. AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
  2168. WOLFSSL_FILETYPE_ASN1));
  2169. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
  2170. DEBUG_WRITE_DER(der, derSz, "ca.der");
  2171. AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
  2172. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2173. /* check satisfying .wolfssl.com constraint passes */
  2174. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2175. WOLFSSL_FILETYPE_PEM));
  2176. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2177. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2178. AssertNotNull(name = X509_NAME_new());
  2179. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2180. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2181. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  2182. (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
  2183. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
  2184. (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
  2185. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2186. X509_NAME_free(name);
  2187. wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
  2188. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2189. DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem");
  2190. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2191. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2192. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2193. wolfSSL_X509_free(x509);
  2194. /* check satisfying .random.com constraint passes */
  2195. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2196. WOLFSSL_FILETYPE_PEM));
  2197. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2198. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2199. AssertNotNull(name = X509_NAME_new());
  2200. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2201. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2202. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  2203. (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
  2204. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
  2205. (byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS);
  2206. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2207. X509_NAME_free(name);
  2208. wolfSSL_X509_add_altname(x509, "wolfssl@info.example.com", ASN_RFC822_TYPE);
  2209. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2210. DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem");
  2211. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2212. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2213. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2214. wolfSSL_X509_free(x509);
  2215. /* check fail case when neither constraint is matched */
  2216. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2217. WOLFSSL_FILETYPE_PEM));
  2218. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2219. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2220. AssertNotNull(name = X509_NAME_new());
  2221. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2222. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2223. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  2224. (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
  2225. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
  2226. (byte*)"support@info.com", 16, -1, 0), SSL_SUCCESS);
  2227. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2228. X509_NAME_free(name);
  2229. wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE);
  2230. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2231. DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
  2232. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2233. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2234. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  2235. wolfSSL_CertManagerFree(cm);
  2236. wolfSSL_X509_free(x509);
  2237. wolfSSL_X509_free(ca);
  2238. wolfSSL_EVP_PKEY_free(priv);
  2239. res = TEST_RES_CHECK(1);
  2240. #endif
  2241. return res;
  2242. }
  2243. static int test_wolfSSL_CertManagerNameConstraint4(void)
  2244. {
  2245. int res = TEST_SKIPPED;
  2246. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  2247. !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
  2248. defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
  2249. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
  2250. !defined(NO_SHA256)
  2251. WOLFSSL_CERT_MANAGER* cm;
  2252. WOLFSSL_EVP_PKEY *priv;
  2253. WOLFSSL_X509_NAME* name;
  2254. const char* ca_cert = "./certs/test/cert-ext-ncdns.der";
  2255. const char* server_cert = "./certs/test/server-goodcn.pem";
  2256. byte *der;
  2257. int derSz;
  2258. byte *pt;
  2259. WOLFSSL_X509 *x509, *ca;
  2260. pt = (byte*)server_key_der_2048;
  2261. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  2262. (const unsigned char**)&pt, sizeof_server_key_der_2048));
  2263. AssertNotNull(cm = wolfSSL_CertManagerNew());
  2264. AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
  2265. WOLFSSL_FILETYPE_ASN1));
  2266. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
  2267. DEBUG_WRITE_DER(der, derSz, "ca.der");
  2268. AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
  2269. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2270. /* check satisfying wolfssl.com constraint passes */
  2271. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2272. WOLFSSL_FILETYPE_PEM));
  2273. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2274. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2275. AssertNotNull(name = X509_NAME_new());
  2276. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2277. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2278. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  2279. (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
  2280. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2281. X509_NAME_free(name);
  2282. wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
  2283. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2284. DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem");
  2285. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2286. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2287. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2288. wolfSSL_X509_free(x509);
  2289. /* check satisfying example.com constraint passes */
  2290. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2291. WOLFSSL_FILETYPE_PEM));
  2292. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2293. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2294. AssertNotNull(name = X509_NAME_new());
  2295. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2296. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2297. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  2298. (byte*)"example.com", 11, -1, 0), SSL_SUCCESS);
  2299. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2300. X509_NAME_free(name);
  2301. wolfSSL_X509_add_altname(x509, "www.example.com", ASN_DNS_TYPE);
  2302. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2303. DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem");
  2304. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2305. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2306. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2307. wolfSSL_X509_free(x509);
  2308. /* check satisfying wolfssl.com constraint passes with list of DNS's */
  2309. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2310. WOLFSSL_FILETYPE_PEM));
  2311. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2312. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2313. AssertNotNull(name = X509_NAME_new());
  2314. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2315. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2316. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  2317. (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
  2318. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2319. X509_NAME_free(name);
  2320. wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
  2321. wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE);
  2322. wolfSSL_X509_add_altname(x509, "extra.wolfssl.com", ASN_DNS_TYPE);
  2323. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2324. DEBUG_WRITE_CERT_X509(x509, "good-multiple-constraint-cert.pem");
  2325. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2326. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2327. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2328. wolfSSL_X509_free(x509);
  2329. /* check fail when one DNS in the list is bad */
  2330. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2331. WOLFSSL_FILETYPE_PEM));
  2332. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2333. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2334. AssertNotNull(name = X509_NAME_new());
  2335. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2336. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2337. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  2338. (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
  2339. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2340. X509_NAME_free(name);
  2341. wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
  2342. wolfSSL_X509_add_altname(x509, "www.nomatch.com", ASN_DNS_TYPE);
  2343. wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE);
  2344. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2345. DEBUG_WRITE_CERT_X509(x509, "bad-multiple-constraint-cert.pem");
  2346. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2347. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2348. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  2349. wolfSSL_X509_free(x509);
  2350. /* check fail case when neither constraint is matched */
  2351. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2352. WOLFSSL_FILETYPE_PEM));
  2353. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2354. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2355. AssertNotNull(name = X509_NAME_new());
  2356. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2357. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2358. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  2359. (byte*)"common", 6, -1, 0), SSL_SUCCESS);
  2360. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2361. X509_NAME_free(name);
  2362. wolfSSL_X509_add_altname(x509, "www.random.com", ASN_DNS_TYPE);
  2363. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2364. DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
  2365. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2366. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2367. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  2368. wolfSSL_CertManagerFree(cm);
  2369. wolfSSL_X509_free(x509);
  2370. wolfSSL_X509_free(ca);
  2371. wolfSSL_EVP_PKEY_free(priv);
  2372. res = TEST_RES_CHECK(1);
  2373. #endif
  2374. return res;
  2375. }
  2376. static int test_wolfSSL_CertManagerNameConstraint5(void)
  2377. {
  2378. int res = TEST_SKIPPED;
  2379. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  2380. !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
  2381. defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
  2382. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
  2383. !defined(NO_SHA256)
  2384. WOLFSSL_CERT_MANAGER* cm;
  2385. WOLFSSL_EVP_PKEY *priv;
  2386. WOLFSSL_X509_NAME* name;
  2387. const char* ca_cert = "./certs/test/cert-ext-ncmixed.der";
  2388. const char* server_cert = "./certs/test/server-goodcn.pem";
  2389. byte *der;
  2390. int derSz;
  2391. byte *pt;
  2392. WOLFSSL_X509 *x509, *ca;
  2393. pt = (byte*)server_key_der_2048;
  2394. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  2395. (const unsigned char**)&pt, sizeof_server_key_der_2048));
  2396. AssertNotNull(cm = wolfSSL_CertManagerNew());
  2397. AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
  2398. WOLFSSL_FILETYPE_ASN1));
  2399. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
  2400. DEBUG_WRITE_DER(der, derSz, "ca.der");
  2401. AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
  2402. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2403. /* check satisfying wolfssl.com constraint passes */
  2404. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2405. WOLFSSL_FILETYPE_PEM));
  2406. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2407. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2408. AssertNotNull(name = X509_NAME_new());
  2409. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2410. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2411. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  2412. (byte*)"example", 7, -1, 0), SSL_SUCCESS);
  2413. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2414. X509_NAME_free(name);
  2415. wolfSSL_X509_add_altname(x509, "good.example", ASN_DNS_TYPE);
  2416. wolfSSL_X509_add_altname(x509, "facts@into.wolfssl.com", ASN_RFC822_TYPE);
  2417. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2418. DEBUG_WRITE_CERT_X509(x509, "good-cert.pem");
  2419. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2420. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2421. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2422. wolfSSL_X509_free(x509);
  2423. /* fail with DNS check because of common name */
  2424. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2425. WOLFSSL_FILETYPE_PEM));
  2426. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2427. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2428. AssertNotNull(name = X509_NAME_new());
  2429. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2430. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2431. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  2432. (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
  2433. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2434. X509_NAME_free(name);
  2435. wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
  2436. wolfSSL_X509_add_altname(x509, "facts@wolfssl.com", ASN_RFC822_TYPE);
  2437. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2438. DEBUG_WRITE_CERT_X509(x509, "bad-cn-cert.pem");
  2439. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2440. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2441. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  2442. wolfSSL_X509_free(x509);
  2443. /* fail on permitted DNS name constraint */
  2444. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2445. WOLFSSL_FILETYPE_PEM));
  2446. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2447. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2448. AssertNotNull(name = X509_NAME_new());
  2449. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2450. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2451. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2452. X509_NAME_free(name);
  2453. wolfSSL_X509_add_altname(x509, "www.example", ASN_DNS_TYPE);
  2454. wolfSSL_X509_add_altname(x509, "www.wolfssl", ASN_DNS_TYPE);
  2455. wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE);
  2456. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2457. DEBUG_WRITE_CERT_X509(x509, "bad-1st-constraint-cert.pem");
  2458. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2459. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2460. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  2461. wolfSSL_X509_free(x509);
  2462. /* fail on permitted email name constraint */
  2463. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2464. WOLFSSL_FILETYPE_PEM));
  2465. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2466. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2467. AssertNotNull(name = X509_NAME_new());
  2468. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2469. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2470. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2471. X509_NAME_free(name);
  2472. wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
  2473. wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE);
  2474. wolfSSL_X509_add_altname(x509, "info@example.com", ASN_RFC822_TYPE);
  2475. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2476. DEBUG_WRITE_CERT_X509(x509, "bad-2nd-constraint-cert.pem");
  2477. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2478. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2479. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  2480. wolfSSL_X509_free(x509);
  2481. /* success with empty email name */
  2482. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  2483. WOLFSSL_FILETYPE_PEM));
  2484. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  2485. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  2486. AssertNotNull(name = X509_NAME_new());
  2487. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  2488. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  2489. AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  2490. X509_NAME_free(name);
  2491. wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
  2492. AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
  2493. DEBUG_WRITE_CERT_X509(x509, "good-missing-constraint-cert.pem");
  2494. AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
  2495. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  2496. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2497. wolfSSL_X509_free(x509);
  2498. wolfSSL_CertManagerFree(cm);
  2499. wolfSSL_X509_free(ca);
  2500. wolfSSL_EVP_PKEY_free(priv);
  2501. res = TEST_RES_CHECK(1);
  2502. #endif
  2503. return res;
  2504. }
  2505. static int test_wolfSSL_FPKI(void)
  2506. {
  2507. int res = TEST_SKIPPED;
  2508. #if defined(WOLFSSL_FPKI) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  2509. XFILE f;
  2510. const char* fpkiCert = "./certs/fpki-cert.der";
  2511. DecodedCert cert;
  2512. byte buf[4096];
  2513. byte* uuid;
  2514. byte* fascn;
  2515. word32 fascnSz;
  2516. word32 uuidSz;
  2517. int bytes;
  2518. f = XFOPEN(fpkiCert, "rb");
  2519. AssertTrue((f != XBADFILE));
  2520. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  2521. XFCLOSE(f);
  2522. wc_InitDecodedCert(&cert, buf, bytes, NULL);
  2523. AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
  2524. AssertIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), LENGTH_ONLY_E) ;
  2525. fascn = (byte*)XMALLOC(fascnSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  2526. AssertNotNull(fascn);
  2527. AssertIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0);
  2528. XFREE(fascn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  2529. AssertIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), LENGTH_ONLY_E);
  2530. uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  2531. AssertNotNull(uuid);
  2532. AssertIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0);
  2533. XFREE(uuid, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  2534. wc_FreeDecodedCert(&cert);
  2535. res = TEST_RES_CHECK(1);
  2536. #endif
  2537. return res;
  2538. }
  2539. /* use RID in confuncture with other names to test parsing of unknown other
  2540. * names */
  2541. static int test_wolfSSL_OtherName(void)
  2542. {
  2543. int res = TEST_SKIPPED;
  2544. #if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  2545. XFILE f;
  2546. const char* ridCert = "./certs/rid-cert.der";
  2547. DecodedCert cert;
  2548. byte buf[4096];
  2549. int bytes;
  2550. f = XFOPEN(ridCert, "rb");
  2551. AssertTrue((f != XBADFILE));
  2552. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  2553. XFCLOSE(f);
  2554. wc_InitDecodedCert(&cert, buf, bytes, NULL);
  2555. AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
  2556. wc_FreeDecodedCert(&cert);
  2557. res = TEST_RES_CHECK(1);
  2558. #endif
  2559. return res;
  2560. }
  2561. static int test_wolfSSL_CertRsaPss(void)
  2562. {
  2563. int res = TEST_SKIPPED;
  2564. /* FIPS v2 and below don't support long salts. */
  2565. #if !defined(NO_RSA) && defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && \
  2566. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
  2567. (HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \
  2568. (defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2)))
  2569. XFILE f;
  2570. const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der";
  2571. const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem";
  2572. #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \
  2573. RSA_MAX_SIZE >= 3072
  2574. const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der";
  2575. #endif
  2576. #if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072
  2577. const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.pem";
  2578. #endif
  2579. DecodedCert cert;
  2580. byte buf[4096];
  2581. int bytes;
  2582. WOLFSSL_CERT_MANAGER* cm;
  2583. cm = wolfSSL_CertManagerNew();
  2584. AssertNotNull(cm);
  2585. AssertIntEQ(WOLFSSL_SUCCESS,
  2586. wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha256Cert, NULL));
  2587. #if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072
  2588. AssertIntEQ(WOLFSSL_SUCCESS,
  2589. wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha384Cert, NULL));
  2590. #endif
  2591. f = XFOPEN(rsaPssSha256Cert, "rb");
  2592. AssertTrue((f != XBADFILE));
  2593. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  2594. XFCLOSE(f);
  2595. wc_InitDecodedCert(&cert, buf, bytes, NULL);
  2596. AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
  2597. wc_FreeDecodedCert(&cert);
  2598. #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \
  2599. RSA_MAX_SIZE >= 3072
  2600. f = XFOPEN(rsaPssSha384Cert, "rb");
  2601. AssertTrue((f != XBADFILE));
  2602. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  2603. XFCLOSE(f);
  2604. wc_InitDecodedCert(&cert, buf, bytes, NULL);
  2605. AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
  2606. wc_FreeDecodedCert(&cert);
  2607. #endif
  2608. wolfSSL_CertManagerFree(cm);
  2609. res = TEST_RES_CHECK(1);
  2610. #endif
  2611. return res;
  2612. }
  2613. static int test_wolfSSL_CertManagerCRL(void)
  2614. {
  2615. int res = TEST_SKIPPED;
  2616. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
  2617. !defined(NO_RSA)
  2618. const char* ca_cert = "./certs/ca-cert.pem";
  2619. const char* crl1 = "./certs/crl/crl.pem";
  2620. const char* crl2 = "./certs/crl/crl2.pem";
  2621. WOLFSSL_CERT_MANAGER* cm = NULL;
  2622. AssertNotNull(cm = wolfSSL_CertManagerNew());
  2623. AssertIntEQ(WOLFSSL_SUCCESS,
  2624. wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
  2625. AssertIntEQ(WOLFSSL_SUCCESS,
  2626. wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
  2627. AssertIntEQ(WOLFSSL_SUCCESS,
  2628. wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0));
  2629. wolfSSL_CertManagerFreeCRL(cm);
  2630. AssertIntEQ(WOLFSSL_SUCCESS,
  2631. wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
  2632. AssertIntEQ(WOLFSSL_SUCCESS,
  2633. wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
  2634. wolfSSL_CertManagerFree(cm);
  2635. res = TEST_RES_CHECK(1);
  2636. #endif
  2637. return res;
  2638. }
  2639. static int test_wolfSSL_CTX_load_verify_locations_ex(void)
  2640. {
  2641. int res = TEST_SKIPPED;
  2642. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  2643. !defined(NO_WOLFSSL_CLIENT)
  2644. WOLFSSL_CTX* ctx;
  2645. const char* ca_cert = "./certs/ca-cert.pem";
  2646. const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
  2647. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  2648. AssertNotNull(ctx);
  2649. /* test good CA */
  2650. AssertTrue(WOLFSSL_SUCCESS ==
  2651. wolfSSL_CTX_load_verify_locations_ex(ctx, ca_cert, NULL,
  2652. WOLFSSL_LOAD_FLAG_NONE));
  2653. /* test expired CA */
  2654. #ifndef OPENSSL_COMPATIBLE_DEFAULTS
  2655. AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
  2656. WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
  2657. #else
  2658. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
  2659. WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
  2660. #endif
  2661. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
  2662. WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);
  2663. wolfSSL_CTX_free(ctx);
  2664. res = TEST_RES_CHECK(1);
  2665. #endif
  2666. return res;
  2667. }
  2668. static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
  2669. {
  2670. int res = TEST_SKIPPED;
  2671. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  2672. defined(USE_CERT_BUFFERS_2048)
  2673. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  2674. WOLFSSL_CTX* ctx;
  2675. const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der";
  2676. byte ca_expired_cert[TWOK_BUF];
  2677. word32 sizeof_ca_expired_cert;
  2678. XFILE fp;
  2679. #ifndef NO_WOLFSSL_CLIENT
  2680. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  2681. #else
  2682. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  2683. #endif
  2684. AssertNotNull(ctx);
  2685. /* test good CA */
  2686. AssertTrue(WOLFSSL_SUCCESS ==
  2687. wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048,
  2688. sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0,
  2689. WOLFSSL_LOAD_FLAG_NONE));
  2690. /* load expired CA */
  2691. XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert));
  2692. fp = XFOPEN(ca_expired_cert_file, "rb");
  2693. AssertTrue(fp != XBADFILE);
  2694. sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1,
  2695. sizeof(ca_expired_cert), fp);
  2696. XFCLOSE(fp);
  2697. /* test expired CA failure */
  2698. #ifndef OPENSSL_COMPATIBLE_DEFAULTS
  2699. AssertIntNE(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
  2700. sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
  2701. WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
  2702. #else
  2703. AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
  2704. sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
  2705. WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
  2706. #endif
  2707. /* test expired CA success */
  2708. AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
  2709. sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
  2710. WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);
  2711. wolfSSL_CTX_free(ctx);
  2712. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  2713. res = TEST_RES_CHECK(1);
  2714. #endif
  2715. return res;
  2716. }
  2717. static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
  2718. {
  2719. int res = TEST_SKIPPED;
  2720. #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \
  2721. defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) && \
  2722. (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
  2723. WOLFSSL_CTX* ctx;
  2724. #ifndef NO_WOLFSSL_CLIENT
  2725. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  2726. #else
  2727. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  2728. #endif
  2729. AssertTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_chain_buffer_format(
  2730. ctx, ca_cert_chain_der, sizeof_ca_cert_chain_der,
  2731. WOLFSSL_FILETYPE_ASN1));
  2732. wolfSSL_CTX_free(ctx);
  2733. res = TEST_RES_CHECK(1);
  2734. #endif
  2735. return res;
  2736. }
  2737. static int test_wolfSSL_CTX_add1_chain_cert(void)
  2738. {
  2739. int res = TEST_SKIPPED;
  2740. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \
  2741. defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
  2742. WOLFSSL_CTX* ctx;
  2743. WOLFSSL* ssl;
  2744. const char *certChain[] = {
  2745. "./certs/intermediate/client-int-cert.pem",
  2746. "./certs/intermediate/ca-int2-cert.pem",
  2747. "./certs/intermediate/ca-int-cert.pem",
  2748. "./certs/ca-cert.pem",
  2749. NULL
  2750. };
  2751. const char** cert;
  2752. WOLFSSL_X509* x509;
  2753. WOLF_STACK_OF(X509)* chain = NULL;
  2754. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  2755. AssertNotNull(ssl = wolfSSL_new(ctx));
  2756. for (cert = certChain; *cert != NULL; cert++) {
  2757. x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM);
  2758. AssertNotNull(x509);
  2759. AssertIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1);
  2760. X509_free(x509);
  2761. }
  2762. for (cert = certChain; *cert != NULL; cert++) {
  2763. x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM);
  2764. AssertNotNull(x509);
  2765. AssertIntEQ(SSL_add1_chain_cert(ssl, x509), 1);
  2766. X509_free(x509);
  2767. }
  2768. AssertIntEQ(SSL_CTX_get0_chain_certs(ctx, &chain), 1);
  2769. AssertIntEQ(sk_X509_num(chain), 3);
  2770. AssertIntEQ(SSL_get0_chain_certs(ssl, &chain), 1);
  2771. AssertIntEQ(sk_X509_num(chain), 3);
  2772. SSL_free(ssl);
  2773. SSL_CTX_free(ctx);
  2774. res = TEST_RES_CHECK(1);
  2775. #endif
  2776. return res;
  2777. }
  2778. static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
  2779. {
  2780. int res = TEST_SKIPPED;
  2781. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  2782. (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
  2783. const char* server_chain_der = "./certs/server-cert-chain.der";
  2784. const char* client_single_pem = "./certs/client-cert.pem";
  2785. WOLFSSL_CTX* ctx;
  2786. int ret = 0;
  2787. (void)server_chain_der;
  2788. (void)client_single_pem;
  2789. (void)ctx;
  2790. #ifndef NO_WOLFSSL_CLIENT
  2791. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  2792. AssertNotNull(ctx);
  2793. #else
  2794. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  2795. AssertNotNull(ctx);
  2796. #endif
  2797. AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
  2798. server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2799. AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
  2800. client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  2801. wolfSSL_CTX_free(ctx);
  2802. res = TEST_RES_CHECK(ret == 0);
  2803. #endif
  2804. return res;
  2805. }
  2806. static int test_wolfSSL_CTX_SetTmpDH_file(void)
  2807. {
  2808. int res = TEST_SKIPPED;
  2809. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
  2810. (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
  2811. WOLFSSL_CTX *ctx;
  2812. (void)ctx;
  2813. #ifndef NO_WOLFSSL_CLIENT
  2814. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  2815. #else
  2816. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  2817. #endif
  2818. /* invalid context */
  2819. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL,
  2820. dhParamFile, WOLFSSL_FILETYPE_PEM));
  2821. /* invalid dhParamFile file */
  2822. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
  2823. NULL, WOLFSSL_FILETYPE_PEM));
  2824. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
  2825. bogusFile, WOLFSSL_FILETYPE_PEM));
  2826. /* success */
  2827. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
  2828. WOLFSSL_FILETYPE_PEM));
  2829. wolfSSL_CTX_free(ctx);
  2830. res = TEST_RES_CHECK(1);
  2831. #endif
  2832. return res;
  2833. }
  2834. static int test_wolfSSL_CTX_SetTmpDH_buffer(void)
  2835. {
  2836. int res = TEST_SKIPPED;
  2837. #if !defined(NO_CERTS) && !defined(NO_DH) && \
  2838. (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
  2839. WOLFSSL_CTX *ctx;
  2840. (void)ctx;
  2841. #ifndef NO_WOLFSSL_CLIENT
  2842. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  2843. #else
  2844. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  2845. #endif
  2846. /* invalid context */
  2847. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, dh_key_der_2048,
  2848. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  2849. /* invalid dhParamFile file */
  2850. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL,
  2851. 0, WOLFSSL_FILETYPE_ASN1));
  2852. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048,
  2853. sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  2854. /* success */
  2855. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
  2856. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  2857. wolfSSL_CTX_free(ctx);
  2858. res = TEST_RES_CHECK(1);
  2859. #endif
  2860. return res;
  2861. }
  2862. static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
  2863. {
  2864. int res = TEST_SKIPPED;
  2865. #if !defined(NO_CERTS) && !defined(NO_DH) && \
  2866. (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
  2867. WOLFSSL_CTX *ctx;
  2868. (void)ctx;
  2869. #ifndef NO_WOLFSSL_CLIENT
  2870. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  2871. AssertNotNull(ctx);
  2872. #else
  2873. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  2874. AssertNotNull(ctx);
  2875. #endif
  2876. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
  2877. AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
  2878. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  2879. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048));
  2880. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
  2881. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  2882. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
  2883. AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
  2884. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  2885. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048));
  2886. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
  2887. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  2888. wolfSSL_CTX_free(ctx);
  2889. res = TEST_RES_CHECK(1);
  2890. #endif
  2891. return res;
  2892. }
  2893. static int test_wolfSSL_CTX_der_load_verify_locations(void)
  2894. {
  2895. int res = TEST_SKIPPED;
  2896. #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_DER_LOAD) && \
  2897. (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
  2898. WOLFSSL_CTX* ctx = NULL;
  2899. const char* derCert = "./certs/server-cert.der";
  2900. const char* nullPath = NULL;
  2901. const char* invalidPath = "./certs/this-cert-does-not-exist.der";
  2902. const char* emptyPath = "";
  2903. /* der load Case 1 ctx NULL */
  2904. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
  2905. WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
  2906. #ifndef NO_WOLFSSL_CLIENT
  2907. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  2908. #else
  2909. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  2910. #endif
  2911. /* Case 2 filePath NULL */
  2912. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath,
  2913. WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
  2914. /* Case 3 invalid format */
  2915. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
  2916. WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
  2917. /* Case 4 filePath not valid */
  2918. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath,
  2919. WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
  2920. /* Case 5 filePath empty */
  2921. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath,
  2922. WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
  2923. #ifndef NO_RSA
  2924. /* Case 6 success case */
  2925. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
  2926. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  2927. #endif
  2928. wolfSSL_CTX_free(ctx);
  2929. res = TEST_RES_CHECK(1);
  2930. #endif
  2931. return res;
  2932. }
  2933. static int test_wolfSSL_CTX_enable_disable(void)
  2934. {
  2935. int res = TEST_SKIPPED;
  2936. #ifndef NO_CERTS
  2937. WOLFSSL_CTX* ctx = NULL;
  2938. #ifdef HAVE_CRL
  2939. AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG);
  2940. AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG);
  2941. #endif
  2942. #ifdef HAVE_OCSP
  2943. AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG);
  2944. AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG);
  2945. #endif
  2946. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
  2947. defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  2948. AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG);
  2949. AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG);
  2950. AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG);
  2951. AssertIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG);
  2952. #endif
  2953. #ifndef NO_WOLFSSL_CLIENT
  2954. #ifdef HAVE_EXTENDED_MASTER
  2955. AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG);
  2956. #endif
  2957. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  2958. AssertNotNull(ctx);
  2959. #ifdef HAVE_EXTENDED_MASTER
  2960. AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS);
  2961. #endif
  2962. #elif !defined(NO_WOLFSSL_SERVER)
  2963. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  2964. #else
  2965. return TEST_SUCCESS;
  2966. #endif
  2967. #ifdef HAVE_CRL
  2968. AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS);
  2969. AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS);
  2970. #endif
  2971. #ifdef HAVE_OCSP
  2972. AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS);
  2973. AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE),
  2974. WOLFSSL_SUCCESS);
  2975. AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE),
  2976. WOLFSSL_SUCCESS);
  2977. AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL),
  2978. WOLFSSL_SUCCESS);
  2979. #endif
  2980. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
  2981. defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  2982. AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS);
  2983. AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS);
  2984. AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
  2985. AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
  2986. #endif
  2987. wolfSSL_CTX_free(ctx);
  2988. res = TEST_RES_CHECK(1);
  2989. #endif /* NO_CERTS */
  2990. return res;
  2991. }
  2992. static int test_wolfSSL_CTX_ticket_API(void)
  2993. {
  2994. int res = TEST_SKIPPED;
  2995. #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
  2996. WOLFSSL_CTX* ctx = NULL;
  2997. void *userCtx = (void*)"this is my ctx";
  2998. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  2999. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(ctx, userCtx));
  3000. AssertTrue(userCtx == wolfSSL_CTX_get_TicketEncCtx(ctx));
  3001. wolfSSL_CTX_free(ctx);
  3002. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx));
  3003. AssertNull(wolfSSL_CTX_get_TicketEncCtx(NULL));
  3004. res = TEST_RES_CHECK(1);
  3005. #endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */
  3006. return res;
  3007. }
  3008. static int test_wolfSSL_set_minmax_proto_version(void)
  3009. {
  3010. int res = TEST_SKIPPED;
  3011. #ifdef OPENSSL_EXTRA
  3012. WOLFSSL_CTX *ctx;
  3013. WOLFSSL *ssl;
  3014. int ret;
  3015. (void)ret;
  3016. (void)ssl;
  3017. #ifndef NO_WOLFSSL_CLIENT
  3018. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  3019. AssertNotNull(ssl = wolfSSL_new(ctx));
  3020. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
  3021. AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
  3022. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
  3023. AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
  3024. AssertIntEQ(wolfSSL_set_min_proto_version(NULL, 0), SSL_FAILURE);
  3025. AssertIntEQ(wolfSSL_set_min_proto_version(ssl, 0), SSL_SUCCESS);
  3026. AssertIntEQ(wolfSSL_set_max_proto_version(NULL, 0), SSL_FAILURE);
  3027. AssertIntEQ(wolfSSL_set_max_proto_version(ssl, 0), SSL_SUCCESS);
  3028. wolfSSL_free(ssl);
  3029. wolfSSL_CTX_free(ctx);
  3030. #endif
  3031. #ifndef NO_WOLFSSL_SERVER
  3032. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  3033. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
  3034. AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
  3035. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
  3036. AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
  3037. wolfSSL_CTX_free(ctx);
  3038. #endif
  3039. res = TEST_RES_CHECK(1);
  3040. #endif
  3041. return res;
  3042. }
  3043. /*----------------------------------------------------------------------------*
  3044. | SSL
  3045. *----------------------------------------------------------------------------*/
  3046. static int test_server_wolfSSL_new(void)
  3047. {
  3048. int res = TEST_SKIPPED;
  3049. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  3050. !defined(NO_WOLFSSL_SERVER)
  3051. WOLFSSL_CTX *ctx;
  3052. WOLFSSL_CTX *ctx_nocert;
  3053. WOLFSSL *ssl;
  3054. AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  3055. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  3056. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  3057. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  3058. /* invalid context */
  3059. AssertNull(ssl = wolfSSL_new(NULL));
  3060. #if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT) && !defined(OPENSSL_EXTRA)
  3061. AssertNull(ssl = wolfSSL_new(ctx_nocert));
  3062. #endif
  3063. /* success */
  3064. AssertNotNull(ssl = wolfSSL_new(ctx));
  3065. wolfSSL_free(ssl);
  3066. wolfSSL_CTX_free(ctx);
  3067. wolfSSL_CTX_free(ctx_nocert);
  3068. res = TEST_RES_CHECK(1);
  3069. #endif
  3070. return res;
  3071. }
  3072. static int test_client_wolfSSL_new(void)
  3073. {
  3074. int res = TEST_SKIPPED;
  3075. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  3076. !defined(NO_WOLFSSL_CLIENT)
  3077. WOLFSSL_CTX *ctx;
  3078. WOLFSSL_CTX *ctx_nocert;
  3079. WOLFSSL *ssl;
  3080. AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  3081. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  3082. AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  3083. /* invalid context */
  3084. AssertNull(ssl = wolfSSL_new(NULL));
  3085. /* success */
  3086. AssertNotNull(ssl = wolfSSL_new(ctx_nocert));
  3087. wolfSSL_free(ssl);
  3088. /* success */
  3089. AssertNotNull(ssl = wolfSSL_new(ctx));
  3090. wolfSSL_free(ssl);
  3091. wolfSSL_CTX_free(ctx);
  3092. wolfSSL_CTX_free(ctx_nocert);
  3093. res = TEST_RES_CHECK(1);
  3094. #endif
  3095. return res;
  3096. }
  3097. static int test_wolfSSL_SetTmpDH_file(void)
  3098. {
  3099. int res = TEST_SKIPPED;
  3100. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
  3101. !defined(NO_WOLFSSL_SERVER)
  3102. WOLFSSL_CTX *ctx;
  3103. WOLFSSL *ssl;
  3104. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  3105. #ifndef NO_RSA
  3106. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  3107. WOLFSSL_FILETYPE_PEM));
  3108. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  3109. WOLFSSL_FILETYPE_PEM));
  3110. #elif defined(HAVE_ECC)
  3111. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
  3112. WOLFSSL_FILETYPE_PEM));
  3113. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
  3114. WOLFSSL_FILETYPE_PEM));
  3115. #elif defined(HAVE_ED25519)
  3116. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile,
  3117. WOLFSSL_FILETYPE_PEM));
  3118. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
  3119. WOLFSSL_FILETYPE_PEM));
  3120. #elif defined(HAVE_ED448)
  3121. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile,
  3122. WOLFSSL_FILETYPE_PEM));
  3123. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
  3124. WOLFSSL_FILETYPE_PEM));
  3125. #endif
  3126. AssertNotNull(ssl = wolfSSL_new(ctx));
  3127. /* invalid ssl */
  3128. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL,
  3129. dhParamFile, WOLFSSL_FILETYPE_PEM));
  3130. /* invalid dhParamFile file */
  3131. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
  3132. NULL, WOLFSSL_FILETYPE_PEM));
  3133. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
  3134. bogusFile, WOLFSSL_FILETYPE_PEM));
  3135. /* success */
  3136. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile,
  3137. WOLFSSL_FILETYPE_PEM));
  3138. wolfSSL_free(ssl);
  3139. wolfSSL_CTX_free(ctx);
  3140. res = TEST_RES_CHECK(1);
  3141. #endif
  3142. return res;
  3143. }
  3144. static int test_wolfSSL_SetTmpDH_buffer(void)
  3145. {
  3146. int res = TEST_SKIPPED;
  3147. #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
  3148. WOLFSSL_CTX *ctx;
  3149. WOLFSSL *ssl;
  3150. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  3151. AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
  3152. sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
  3153. AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
  3154. sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3155. AssertNotNull(ssl = wolfSSL_new(ctx));
  3156. /* invalid ssl */
  3157. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048,
  3158. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3159. /* invalid dhParamFile file */
  3160. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL,
  3161. 0, WOLFSSL_FILETYPE_ASN1));
  3162. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048,
  3163. sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3164. /* success */
  3165. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
  3166. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3167. wolfSSL_free(ssl);
  3168. wolfSSL_CTX_free(ctx);
  3169. res = TEST_RES_CHECK(1);
  3170. #endif
  3171. return res;
  3172. }
  3173. static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
  3174. {
  3175. int res = TEST_SKIPPED;
  3176. #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
  3177. WOLFSSL_CTX *ctx, *ctx2;
  3178. WOLFSSL *ssl, *ssl2;
  3179. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  3180. AssertNotNull(ctx);
  3181. AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
  3182. sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
  3183. AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
  3184. sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3185. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
  3186. ssl = wolfSSL_new(ctx);
  3187. AssertNotNull(ssl);
  3188. ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method());
  3189. AssertNotNull(ctx2);
  3190. AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048,
  3191. sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
  3192. AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048,
  3193. sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3194. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
  3195. ssl2 = wolfSSL_new(ctx2);
  3196. AssertNotNull(ssl2);
  3197. AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
  3198. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3199. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048));
  3200. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
  3201. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3202. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072));
  3203. AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
  3204. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3205. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
  3206. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3207. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048));
  3208. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
  3209. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3210. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024));
  3211. AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
  3212. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  3213. wolfSSL_free(ssl2);
  3214. wolfSSL_CTX_free(ctx2);
  3215. wolfSSL_free(ssl);
  3216. wolfSSL_CTX_free(ctx);
  3217. res = TEST_RES_CHECK(1);
  3218. #endif
  3219. return res;
  3220. }
  3221. /* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
  3222. * allowed.
  3223. * POST: return 1 on success.
  3224. */
  3225. static int test_wolfSSL_SetMinVersion(void)
  3226. {
  3227. int res = TEST_SKIPPED;
  3228. #ifndef NO_WOLFSSL_CLIENT
  3229. int failFlag = WOLFSSL_SUCCESS;
  3230. WOLFSSL_CTX* ctx;
  3231. WOLFSSL* ssl;
  3232. int itr;
  3233. #ifndef NO_OLD_TLS
  3234. const int versions[] = {
  3235. #ifdef WOLFSSL_ALLOW_TLSV10
  3236. WOLFSSL_TLSV1,
  3237. #endif
  3238. WOLFSSL_TLSV1_1,
  3239. WOLFSSL_TLSV1_2};
  3240. #elif !defined(WOLFSSL_NO_TLS12)
  3241. const int versions[] = { WOLFSSL_TLSV1_2 };
  3242. #else
  3243. const int versions[] = { WOLFSSL_TLSV1_3 };
  3244. #endif
  3245. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  3246. ssl = wolfSSL_new(ctx);
  3247. for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++) {
  3248. if (wolfSSL_SetMinVersion(ssl, *(versions + itr)) != WOLFSSL_SUCCESS) {
  3249. failFlag = WOLFSSL_FAILURE;
  3250. }
  3251. }
  3252. wolfSSL_free(ssl);
  3253. wolfSSL_CTX_free(ctx);
  3254. res = TEST_RES_CHECK(failFlag == WOLFSSL_SUCCESS);
  3255. #endif
  3256. return res;
  3257. } /* END test_wolfSSL_SetMinVersion */
  3258. /*----------------------------------------------------------------------------*
  3259. | EC
  3260. *----------------------------------------------------------------------------*/
  3261. /* Test function for EC_POINT_new, EC_POINT_mul, EC_POINT_free,
  3262. EC_GROUP_new_by_curve_name, EC_GROUP_order_bits
  3263. */
  3264. #ifdef OPENSSL_EXTRA
  3265. static int test_wolfSSL_EC(void)
  3266. {
  3267. int res = TEST_SKIPPED;
  3268. #if !defined(WOLFSSL_SP_MATH) && \
  3269. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
  3270. #if defined(HAVE_ECC)
  3271. BN_CTX *ctx;
  3272. EC_GROUP *group;
  3273. EC_GROUP *group2;
  3274. EC_POINT *Gxy, *new_point, *set_point;
  3275. BIGNUM *k = NULL, *Gx = NULL, *Gy = NULL, *Gz = NULL;
  3276. BIGNUM *X, *Y;
  3277. BIGNUM *set_point_bn;
  3278. char* hexStr;
  3279. int group_bits;
  3280. const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD17AF381913FF7A96314EA47055EA0FD0";
  3281. /* NISTP256R1 Gx/Gy */
  3282. const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
  3283. const char* kGy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";
  3284. #ifndef HAVE_SELFTEST
  3285. EC_POINT *tmp;
  3286. size_t bin_len;
  3287. unsigned char* buf = NULL;
  3288. const char* uncompG = "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";
  3289. const unsigned char binUncompG[] = {
  3290. 0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
  3291. 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
  3292. 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
  3293. 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
  3294. 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
  3295. 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
  3296. };
  3297. #ifdef HAVE_COMP_KEY
  3298. const char* compG = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
  3299. const unsigned char binCompG[] = {
  3300. 0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
  3301. 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
  3302. 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
  3303. };
  3304. #endif
  3305. #endif
  3306. AssertNotNull(ctx = BN_CTX_new());
  3307. AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
  3308. AssertNotNull(group2 = EC_GROUP_dup(group));
  3309. AssertIntEQ((group_bits = EC_GROUP_order_bits(group)), 256);
  3310. AssertNotNull(Gxy = EC_POINT_new(group));
  3311. AssertNotNull(new_point = EC_POINT_new(group));
  3312. AssertNotNull(set_point = EC_POINT_new(group));
  3313. AssertNotNull(X = BN_new());
  3314. AssertNotNull(Y = BN_new());
  3315. AssertNotNull(set_point_bn = BN_new());
  3316. /* load test values */
  3317. AssertIntEQ(BN_hex2bn(&k, kTest), WOLFSSL_SUCCESS);
  3318. AssertIntEQ(BN_hex2bn(&Gx, kGx), WOLFSSL_SUCCESS);
  3319. AssertIntEQ(BN_hex2bn(&Gy, kGy), WOLFSSL_SUCCESS);
  3320. AssertIntEQ(BN_hex2bn(&Gz, "1"), WOLFSSL_SUCCESS);
  3321. /* populate coordinates for input point */
  3322. Gxy->X = Gx;
  3323. Gxy->Y = Gy;
  3324. Gxy->Z = Gz;
  3325. #ifndef HAVE_SELFTEST
  3326. /* perform point multiplication */
  3327. AssertIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), WOLFSSL_SUCCESS);
  3328. AssertIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), WOLFSSL_SUCCESS);
  3329. AssertIntEQ(BN_is_zero(new_point->X), 0);
  3330. AssertIntEQ(BN_is_zero(new_point->Y), 0);
  3331. AssertIntEQ(BN_is_zero(new_point->Z), 0);
  3332. AssertIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), WOLFSSL_SUCCESS);
  3333. AssertIntEQ(BN_is_zero(new_point->X), 0);
  3334. AssertIntEQ(BN_is_zero(new_point->Y), 0);
  3335. AssertIntEQ(BN_is_zero(new_point->Z), 0);
  3336. AssertIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), WOLFSSL_SUCCESS);
  3337. AssertIntEQ(BN_is_zero(new_point->X), 0);
  3338. AssertIntEQ(BN_is_zero(new_point->Y), 0);
  3339. AssertIntEQ(BN_is_zero(new_point->Z), 0);
  3340. #else
  3341. AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy, ctx), WOLFSSL_SUCCESS);
  3342. AssertIntEQ(BN_is_zero(new_point->X), 0);
  3343. AssertIntEQ(BN_is_zero(new_point->Y), 0);
  3344. AssertIntEQ(BN_is_zero(new_point->Z), 0);
  3345. #endif
  3346. /* check if point X coordinate is zero */
  3347. AssertIntEQ(BN_is_zero(new_point->X), 0);
  3348. #ifdef USE_ECC_B_PARAM
  3349. AssertIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1);
  3350. #endif /* USE_ECC_B_PARAM */
  3351. /* Force non-affine coordinates */
  3352. AssertIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
  3353. (WOLFSSL_BIGNUM*)BN_value_one()), 1);
  3354. new_point->inSet = 0;
  3355. /* extract the coordinates from point */
  3356. AssertIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, ctx), WOLFSSL_SUCCESS);
  3357. /* check if point X coordinate is zero */
  3358. AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);
  3359. /* set the same X and Y points in another object */
  3360. AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y, ctx), WOLFSSL_SUCCESS);
  3361. /* compare points as they should be the same */
  3362. AssertIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0);
  3363. /* Test copying */
  3364. AssertIntEQ(EC_POINT_copy(new_point, set_point), 1);
  3365. /* Test inverting */
  3366. AssertIntEQ(EC_POINT_invert(group, new_point, ctx), 1);
  3367. AssertPtrEq(EC_POINT_point2bn(group, set_point, POINT_CONVERSION_UNCOMPRESSED,
  3368. set_point_bn, ctx), set_point_bn);
  3369. /* check bn2hex */
  3370. hexStr = BN_bn2hex(k);
  3371. AssertStrEQ(hexStr, kTest);
  3372. #if !defined(NO_FILESYSTEM) && defined(XFPRINTF)
  3373. BN_print_fp(stderr, k);
  3374. fprintf(stderr, "\n");
  3375. #endif
  3376. XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
  3377. hexStr = BN_bn2hex(Gx);
  3378. AssertStrEQ(hexStr, kGx);
  3379. #if !defined(NO_FILESYSTEM) && defined(XFPRINTF)
  3380. BN_print_fp(stderr, Gx);
  3381. fprintf(stderr, "\n");
  3382. #endif
  3383. XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
  3384. hexStr = BN_bn2hex(Gy);
  3385. AssertStrEQ(hexStr, kGy);
  3386. #if !defined(NO_FILESYSTEM) && defined(XFPRINTF)
  3387. BN_print_fp(stderr, Gy);
  3388. fprintf(stderr, "\n");
  3389. #endif
  3390. XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
  3391. #ifndef HAVE_SELFTEST
  3392. hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx);
  3393. AssertStrEQ(hexStr, uncompG);
  3394. XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
  3395. #ifdef HAVE_COMP_KEY
  3396. hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx);
  3397. AssertStrEQ(hexStr, compG);
  3398. XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
  3399. #endif
  3400. bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx);
  3401. AssertIntEQ(bin_len, sizeof(binUncompG));
  3402. AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
  3403. AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, buf,
  3404. bin_len, ctx), bin_len);
  3405. AssertIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
  3406. XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
  3407. #ifdef HAVE_COMP_KEY
  3408. bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx);
  3409. AssertIntEQ(bin_len, sizeof(binCompG));
  3410. AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
  3411. AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf,
  3412. bin_len, ctx), bin_len);
  3413. AssertIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0);
  3414. XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
  3415. #endif
  3416. AssertNotNull(tmp = EC_POINT_new(group));
  3417. AssertIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG), ctx), 1);
  3418. AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
  3419. EC_POINT_free(tmp);
  3420. #ifdef HAVE_COMP_KEY
  3421. AssertNotNull(tmp = EC_POINT_new(group));
  3422. AssertIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx), 1);
  3423. AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
  3424. EC_POINT_free(tmp);
  3425. #endif
  3426. #endif
  3427. /* test BN_mod_add */
  3428. AssertIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
  3429. (WOLFSSL_BIGNUM*)BN_value_one(),
  3430. (WOLFSSL_BIGNUM*)BN_value_one(), NULL), 1);
  3431. AssertIntEQ(BN_is_zero(new_point->Z), 1);
  3432. /* cleanup */
  3433. BN_free(X);
  3434. BN_free(Y);
  3435. BN_free(k);
  3436. BN_free(set_point_bn);
  3437. EC_POINT_free(new_point);
  3438. EC_POINT_free(set_point);
  3439. EC_POINT_free(Gxy);
  3440. EC_GROUP_free(group);
  3441. EC_GROUP_free(group2);
  3442. BN_CTX_free(ctx);
  3443. res = TEST_RES_CHECK(1);
  3444. #endif /* HAVE_ECC */
  3445. #endif /* OPENSSL_EXTRA && !WOLFSSL_SP_MATH && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
  3446. return res;
  3447. }
  3448. #endif /* OPENSSL_EXTRA */
  3449. #ifndef NO_BIO
  3450. static int test_wolfSSL_PEM_read_bio_ECPKParameters(void)
  3451. {
  3452. int res = TEST_SKIPPED;
  3453. #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
  3454. EC_GROUP *group;
  3455. BIO* bio;
  3456. AssertNotNull(bio = BIO_new(BIO_s_file()));
  3457. AssertIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS);
  3458. AssertNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
  3459. AssertIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
  3460. EC_GROUP_free(group);
  3461. BIO_free(bio);
  3462. res = TEST_RES_CHECK(1);
  3463. #endif /* HAVE_ECC */
  3464. return res;
  3465. }
  3466. #endif /* !NO_BIO */
  3467. # if defined(OPENSSL_EXTRA)
  3468. static int test_wolfSSL_ECDSA_SIG(void)
  3469. {
  3470. int res = TEST_SKIPPED;
  3471. #ifdef HAVE_ECC
  3472. WOLFSSL_ECDSA_SIG* sig = NULL;
  3473. WOLFSSL_ECDSA_SIG* sig2 = NULL;
  3474. const unsigned char* cp;
  3475. unsigned char* p;
  3476. unsigned char outSig[8];
  3477. unsigned char sigData[8] =
  3478. { 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
  3479. sig = wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData));
  3480. AssertNull(sig);
  3481. cp = sigData;
  3482. AssertNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData))));
  3483. AssertIntEQ((cp == sigData + 8), 1);
  3484. cp = sigData;
  3485. AssertNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData)));
  3486. AssertNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData))));
  3487. AssertIntEQ((sig == sig2), 1);
  3488. cp = outSig;
  3489. p = outSig;
  3490. AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0);
  3491. AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0);
  3492. AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8);
  3493. AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData));
  3494. AssertIntEQ((p == outSig + 8), 1);
  3495. AssertIntEQ(XMEMCMP(sigData, outSig, 8), 0);
  3496. wolfSSL_ECDSA_SIG_free(sig);
  3497. res = TEST_RES_CHECK(1);
  3498. #endif /* HAVE_ECC */
  3499. return res;
  3500. }
  3501. static int test_EC_i2d(void)
  3502. {
  3503. int res = TEST_SKIPPED;
  3504. #if defined(HAVE_ECC) && !defined(HAVE_FIPS)
  3505. EC_KEY *key;
  3506. EC_KEY *copy;
  3507. int len;
  3508. unsigned char *buf = NULL;
  3509. const unsigned char *tmp = NULL;
  3510. AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
  3511. AssertIntEQ(EC_KEY_generate_key(key), 1);
  3512. AssertIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0);
  3513. AssertIntEQ(i2d_EC_PUBKEY(key, &buf), len);
  3514. XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  3515. buf = NULL;
  3516. AssertIntGT((len = i2d_ECPrivateKey(key, NULL)), 0);
  3517. AssertIntEQ(i2d_ECPrivateKey(key, &buf), len);
  3518. tmp = buf;
  3519. AssertNotNull(d2i_ECPrivateKey(&copy, &tmp, len));
  3520. XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  3521. buf = NULL;
  3522. AssertIntGT((len = i2o_ECPublicKey(key, &buf)), 0);
  3523. tmp = buf;
  3524. AssertNotNull(o2i_ECPublicKey(&copy, &tmp, len));
  3525. AssertIntEQ(EC_KEY_check_key(key), 1);
  3526. XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
  3527. EC_KEY_free(key);
  3528. EC_KEY_free(copy);
  3529. res = TEST_RES_CHECK(1);
  3530. #endif /* HAVE_ECC */
  3531. return res;
  3532. }
  3533. static int test_ECDSA_size_sign(void)
  3534. {
  3535. int res = TEST_SKIPPED;
  3536. #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  3537. EC_KEY *key;
  3538. int id;
  3539. byte hash[WC_MAX_DIGEST_SIZE];
  3540. byte sig[ECC_MAX_SIG_SIZE];
  3541. unsigned int sigSz = sizeof(sig);
  3542. XMEMSET(hash, 123, sizeof(hash));
  3543. id = wc_ecc_get_curve_id_from_name("SECP256R1");
  3544. AssertIntEQ(id, ECC_SECP256R1);
  3545. AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
  3546. AssertIntEQ(EC_KEY_generate_key(key), 1);
  3547. AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
  3548. AssertIntGE(ECDSA_size(key), sigSz);
  3549. AssertIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1);
  3550. EC_KEY_free(key);
  3551. res = TEST_RES_CHECK(1);
  3552. #endif /* HAVE_ECC && !NO_ECC256 && !NO_ECC_SECP */
  3553. return res;
  3554. }
  3555. static int test_ED25519(void)
  3556. {
  3557. int res = TEST_SKIPPED;
  3558. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
  3559. defined(WOLFSSL_KEY_GEN)
  3560. byte priv[ED25519_PRV_KEY_SIZE];
  3561. unsigned int privSz = (unsigned int)sizeof(priv);
  3562. byte pub[ED25519_PUB_KEY_SIZE];
  3563. unsigned int pubSz = (unsigned int)sizeof(pub);
  3564. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
  3565. const char* msg = TEST_STRING;
  3566. unsigned int msglen = (unsigned int)TEST_STRING_SZ;
  3567. byte sig[ED25519_SIG_SIZE];
  3568. unsigned int sigSz = (unsigned int)sizeof(sig);
  3569. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
  3570. AssertIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz),
  3571. WOLFSSL_SUCCESS);
  3572. AssertIntEQ(privSz, ED25519_PRV_KEY_SIZE);
  3573. AssertIntEQ(pubSz, ED25519_PUB_KEY_SIZE);
  3574. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
  3575. AssertIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
  3576. &sigSz), WOLFSSL_SUCCESS);
  3577. AssertIntEQ(sigSz, ED25519_SIG_SIZE);
  3578. #ifdef HAVE_ED25519_VERIFY
  3579. AssertIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
  3580. sigSz), WOLFSSL_SUCCESS);
  3581. #endif /* HAVE_ED25519_VERIFY */
  3582. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
  3583. res = TEST_RES_CHECK(1);
  3584. #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */
  3585. return res;
  3586. }
  3587. static int test_ED448(void)
  3588. {
  3589. int res = TEST_SKIPPED;
  3590. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
  3591. defined(WOLFSSL_KEY_GEN)
  3592. byte priv[ED448_PRV_KEY_SIZE];
  3593. unsigned int privSz = (unsigned int)sizeof(priv);
  3594. byte pub[ED448_PUB_KEY_SIZE];
  3595. unsigned int pubSz = (unsigned int)sizeof(pub);
  3596. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
  3597. const char* msg = TEST_STRING;
  3598. unsigned int msglen = (unsigned int)TEST_STRING_SZ;
  3599. byte sig[ED448_SIG_SIZE];
  3600. unsigned int sigSz = (unsigned int)sizeof(sig);
  3601. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
  3602. AssertIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz),
  3603. WOLFSSL_SUCCESS);
  3604. AssertIntEQ(privSz, ED448_PRV_KEY_SIZE);
  3605. AssertIntEQ(pubSz, ED448_PUB_KEY_SIZE);
  3606. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
  3607. AssertIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
  3608. &sigSz), WOLFSSL_SUCCESS);
  3609. AssertIntEQ(sigSz, ED448_SIG_SIZE);
  3610. #ifdef HAVE_ED448_VERIFY
  3611. AssertIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
  3612. sigSz), WOLFSSL_SUCCESS);
  3613. #endif /* HAVE_ED448_VERIFY */
  3614. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
  3615. res = TEST_RES_CHECK(1);
  3616. #endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */
  3617. return res;
  3618. }
  3619. #endif /* OPENSSL_EXTRA */
  3620. #include <wolfssl/openssl/pem.h>
  3621. /*----------------------------------------------------------------------------*
  3622. | EVP
  3623. *----------------------------------------------------------------------------*/
  3624. static int test_wolfSSL_EVP_PKEY_print_public(void)
  3625. {
  3626. int res = TEST_SKIPPED;
  3627. #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
  3628. WOLFSSL_BIO* rbio = NULL;
  3629. WOLFSSL_BIO* wbio = NULL;
  3630. WOLFSSL_EVP_PKEY* pkey = NULL;
  3631. char line[256] = { 0 };
  3632. char line1[256] = { 0 };
  3633. int i;
  3634. /* test error cases */
  3635. AssertIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L);
  3636. /*
  3637. * test RSA public key print
  3638. * in this test, pass '3' for indent
  3639. */
  3640. #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024)
  3641. rbio = BIO_new_mem_buf( client_keypub_der_1024,
  3642. sizeof_client_keypub_der_1024);
  3643. AssertNotNull(rbio);
  3644. wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
  3645. AssertNotNull(pkey);
  3646. wbio = BIO_new(BIO_s_mem());
  3647. AssertNotNull(wbio);
  3648. AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1);
  3649. BIO_gets(wbio, line, sizeof(line));
  3650. strcpy(line1, " RSA Public-Key: (1024 bit)\n");
  3651. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3652. BIO_gets(wbio, line, sizeof(line));
  3653. strcpy(line1, " Modulus:\n");
  3654. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3655. BIO_gets(wbio, line, sizeof(line));
  3656. strcpy(line1, " 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n");
  3657. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3658. /* skip to the end of modulus element*/
  3659. for (i = 0; i < 8 ;i++) {
  3660. BIO_gets(wbio, line, sizeof(line));
  3661. }
  3662. BIO_gets(wbio, line, sizeof(line));
  3663. strcpy(line1, " Exponent: 65537 (0x010001)\n");
  3664. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3665. /* should reach EOF */
  3666. AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
  3667. EVP_PKEY_free(pkey);
  3668. pkey = NULL;
  3669. BIO_free(rbio);
  3670. BIO_free(wbio);
  3671. rbio = NULL;
  3672. wbio = NULL;
  3673. #endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/
  3674. /*
  3675. * test DSA public key print
  3676. */
  3677. #if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048)
  3678. rbio = BIO_new_mem_buf( dsa_pub_key_der_2048,
  3679. sizeof_dsa_pub_key_der_2048);
  3680. AssertNotNull(rbio);
  3681. wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
  3682. AssertNotNull(pkey);
  3683. wbio = BIO_new(BIO_s_mem());
  3684. AssertNotNull(wbio);
  3685. AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);
  3686. BIO_gets(wbio, line, sizeof(line));
  3687. strcpy(line1, "DSA Public-Key: (2048 bit)\n");
  3688. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3689. BIO_gets(wbio, line, sizeof(line));
  3690. strcpy(line1, "pub:\n");
  3691. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3692. BIO_gets(wbio, line, sizeof(line));
  3693. strcpy(line1,
  3694. " 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n");
  3695. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3696. /* skip to the end of pub element*/
  3697. for (i = 0; i < 17 ;i++) {
  3698. BIO_gets(wbio, line, sizeof(line));
  3699. }
  3700. BIO_gets(wbio, line, sizeof(line));
  3701. strcpy(line1, "P:\n");
  3702. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3703. /* skip to the end of P element*/
  3704. for (i = 0; i < 18 ;i++) {
  3705. BIO_gets(wbio, line, sizeof(line));
  3706. }
  3707. BIO_gets(wbio, line, sizeof(line));
  3708. strcpy(line1, "Q:\n");
  3709. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3710. /* skip to the end of Q element*/
  3711. for (i = 0; i < 3 ;i++) {
  3712. BIO_gets(wbio, line, sizeof(line));
  3713. }
  3714. BIO_gets(wbio, line, sizeof(line));
  3715. strcpy(line1, "G:\n");
  3716. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3717. /* skip to the end of G element*/
  3718. for (i = 0; i < 18 ;i++) {
  3719. BIO_gets(wbio, line, sizeof(line));
  3720. }
  3721. /* should reach EOF */
  3722. AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
  3723. EVP_PKEY_free(pkey);
  3724. pkey = NULL;
  3725. BIO_free(rbio);
  3726. BIO_free(wbio);
  3727. rbio = NULL;
  3728. wbio = NULL;
  3729. #endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */
  3730. /*
  3731. * test ECC public key print
  3732. */
  3733. #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  3734. rbio = BIO_new_mem_buf( ecc_clikeypub_der_256,
  3735. sizeof_ecc_clikeypub_der_256);
  3736. AssertNotNull(rbio);
  3737. wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
  3738. AssertNotNull(pkey);
  3739. wbio = BIO_new(BIO_s_mem());
  3740. AssertNotNull(wbio);
  3741. AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);
  3742. BIO_gets(wbio, line, sizeof(line));
  3743. strcpy(line1, "Public-Key: (256 bit)\n");
  3744. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3745. BIO_gets(wbio, line, sizeof(line));
  3746. strcpy(line1, "pub:\n");
  3747. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3748. BIO_gets(wbio, line, sizeof(line));
  3749. strcpy(line1,
  3750. " 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n");
  3751. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3752. /* skip to the end of pub element*/
  3753. for (i = 0; i < 4 ;i++) {
  3754. BIO_gets(wbio, line, sizeof(line));
  3755. }
  3756. BIO_gets(wbio, line, sizeof(line));
  3757. strcpy(line1, "ASN1 OID: prime256v1\n");
  3758. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3759. BIO_gets(wbio, line, sizeof(line));
  3760. strcpy(line1, "NIST CURVE: P-256\n");
  3761. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3762. /* should reach EOF */
  3763. AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
  3764. EVP_PKEY_free(pkey);
  3765. pkey = NULL;
  3766. BIO_free(rbio);
  3767. BIO_free(wbio);
  3768. rbio = NULL;
  3769. wbio = NULL;
  3770. #endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */
  3771. /*
  3772. * test DH public key print
  3773. */
  3774. #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)
  3775. rbio = BIO_new_mem_buf( dh_pub_key_der_2048,
  3776. sizeof_dh_pub_key_der_2048);
  3777. AssertNotNull(rbio);
  3778. wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
  3779. AssertNotNull(pkey);
  3780. wbio = BIO_new(BIO_s_mem());
  3781. AssertNotNull(wbio);
  3782. AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);
  3783. BIO_gets(wbio, line, sizeof(line));
  3784. strcpy(line1, "DH Public-Key: (2048 bit)\n");
  3785. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3786. BIO_gets(wbio, line, sizeof(line));
  3787. strcpy(line1, "public-key:\n");
  3788. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3789. BIO_gets(wbio, line, sizeof(line));
  3790. strcpy(line1,
  3791. " 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n");
  3792. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3793. /* skip to the end of public-key element*/
  3794. for (i = 0; i < 17 ;i++) {
  3795. BIO_gets(wbio, line, sizeof(line));
  3796. }
  3797. BIO_gets(wbio, line, sizeof(line));
  3798. strcpy(line1, "prime:\n");
  3799. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3800. BIO_gets(wbio, line, sizeof(line));
  3801. strcpy(line1,
  3802. " 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n");
  3803. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3804. /* skip to the end of prime element*/
  3805. for (i = 0; i < 17 ;i++) {
  3806. BIO_gets(wbio, line, sizeof(line));
  3807. }
  3808. BIO_gets(wbio, line, sizeof(line));
  3809. strcpy(line1, "generator: 2 (0x02)\n");
  3810. AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
  3811. /* should reach EOF */
  3812. AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
  3813. EVP_PKEY_free(pkey);
  3814. pkey = NULL;
  3815. BIO_free(rbio);
  3816. BIO_free(wbio);
  3817. rbio = NULL;
  3818. wbio = NULL;
  3819. #endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */
  3820. /* to prevent "unused variable" warning */
  3821. (void)pkey;
  3822. (void)wbio;
  3823. (void)rbio;
  3824. (void)line;
  3825. (void)line1;
  3826. (void)i;
  3827. res = TEST_RES_CHECK(1);
  3828. #endif /* OPENSSL_EXTRA */
  3829. return res;
  3830. }
  3831. /* Test functions for base64 encode/decode */
  3832. static int test_wolfSSL_EVP_ENCODE_CTX_new(void)
  3833. {
  3834. int res = TEST_SKIPPED;
  3835. #if defined(OPENSSL_EXTRA) && \
  3836. ( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE))
  3837. EVP_ENCODE_CTX* ctx = NULL;
  3838. AssertNotNull( ctx = EVP_ENCODE_CTX_new());
  3839. AssertIntEQ( ctx->remaining,0);
  3840. AssertIntEQ( ctx->data[0],0);
  3841. AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
  3842. EVP_ENCODE_CTX_free(ctx);
  3843. res = TEST_RES_CHECK(1);
  3844. #endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/
  3845. return res;
  3846. }
  3847. static int test_wolfSSL_EVP_ENCODE_CTX_free(void)
  3848. {
  3849. int res = TEST_SKIPPED;
  3850. #if defined(OPENSSL_EXTRA) && \
  3851. ( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE))
  3852. EVP_ENCODE_CTX* ctx = NULL;
  3853. AssertNotNull( ctx = EVP_ENCODE_CTX_new());
  3854. EVP_ENCODE_CTX_free(ctx);
  3855. res = TEST_RES_CHECK(1);
  3856. #endif /*OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/
  3857. return res;
  3858. }
  3859. static int test_wolfSSL_EVP_EncodeInit(void)
  3860. {
  3861. int res = TEST_SKIPPED;
  3862. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
  3863. EVP_ENCODE_CTX* ctx = NULL;
  3864. AssertNotNull( ctx = EVP_ENCODE_CTX_new());
  3865. AssertIntEQ( ctx->remaining,0);
  3866. AssertIntEQ( ctx->data[0],0);
  3867. AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
  3868. /* make ctx dirty */
  3869. ctx->remaining = 10;
  3870. XMEMSET( ctx->data, 0x77, sizeof(ctx->data));
  3871. EVP_EncodeInit(ctx);
  3872. AssertIntEQ( ctx->remaining,0);
  3873. AssertIntEQ( ctx->data[0],0);
  3874. AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
  3875. EVP_ENCODE_CTX_free(ctx);
  3876. res = TEST_RES_CHECK(1);
  3877. #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
  3878. return res;
  3879. }
  3880. static int test_wolfSSL_EVP_EncodeUpdate(void)
  3881. {
  3882. int res = TEST_SKIPPED;
  3883. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
  3884. int outl;
  3885. int total;
  3886. const unsigned char plain0[] = {"Th"};
  3887. const unsigned char plain1[] = {"This is a base64 encodeing test."};
  3888. const unsigned char plain2[] = {"This is additional data."};
  3889. const unsigned char enc0[] = {"VGg=\n"};
  3890. /* expected encoded result for the first output 64 chars plus trailing LF*/
  3891. const unsigned char enc1[] = {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\n"};
  3892. const unsigned char enc2[] =
  3893. {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\nYWwgZGF0YS4=\n"};
  3894. unsigned char encOutBuff[300];
  3895. EVP_ENCODE_CTX* ctx = NULL;
  3896. AssertNotNull( ctx = EVP_ENCODE_CTX_new());
  3897. EVP_EncodeInit(ctx);
  3898. /* illegal parameter test */
  3899. AssertIntEQ(
  3900. EVP_EncodeUpdate(
  3901. NULL, /* pass NULL as ctx */
  3902. encOutBuff,
  3903. &outl,
  3904. plain1,
  3905. sizeof(plain1)-1),
  3906. 0 /* expected result code 0: fail */
  3907. );
  3908. AssertIntEQ(
  3909. EVP_EncodeUpdate(
  3910. ctx,
  3911. NULL, /* pass NULL as out buff */
  3912. &outl,
  3913. plain1,
  3914. sizeof(plain1)-1),
  3915. 0 /* expected result code 0: fail */
  3916. );
  3917. AssertIntEQ(
  3918. EVP_EncodeUpdate(
  3919. ctx,
  3920. encOutBuff,
  3921. NULL, /* pass NULL as outl */
  3922. plain1,
  3923. sizeof(plain1)-1),
  3924. 0 /* expected result code 0: fail */
  3925. );
  3926. AssertIntEQ(
  3927. EVP_EncodeUpdate(
  3928. ctx,
  3929. encOutBuff,
  3930. &outl,
  3931. NULL, /* pass NULL as in */
  3932. sizeof(plain1)-1),
  3933. 0 /* expected result code 0: fail */
  3934. );
  3935. AssertIntEQ(EVP_EncodeBlock(NULL, NULL, 0), -1);
  3936. /* meaningless parameter test */
  3937. AssertIntEQ(
  3938. EVP_EncodeUpdate(
  3939. ctx,
  3940. encOutBuff,
  3941. &outl,
  3942. plain1,
  3943. 0), /* pass zero input */
  3944. 1 /* expected result code 1: success */
  3945. );
  3946. /* very small data encoding test */
  3947. EVP_EncodeInit(ctx);
  3948. AssertIntEQ(
  3949. EVP_EncodeUpdate(
  3950. ctx,
  3951. encOutBuff,
  3952. &outl,
  3953. plain0,
  3954. sizeof(plain0)-1),
  3955. 1 /* expected result code 1: success */
  3956. );
  3957. AssertIntEQ(outl,0);
  3958. EVP_EncodeFinal(
  3959. ctx,
  3960. encOutBuff + outl,
  3961. &outl);
  3962. AssertIntEQ( outl, sizeof(enc0)-1);
  3963. AssertIntEQ(
  3964. XSTRNCMP(
  3965. (const char*)encOutBuff,
  3966. (const char*)enc0,sizeof(enc0) ),
  3967. 0);
  3968. XMEMSET( encOutBuff,0, sizeof(encOutBuff));
  3969. AssertIntEQ(EVP_EncodeBlock(encOutBuff, plain0, sizeof(plain0)-1),
  3970. sizeof(enc0)-1);
  3971. AssertIntEQ(
  3972. XSTRNCMP(
  3973. (const char*)encOutBuff,
  3974. (const char*)enc0,sizeof(enc0) ),
  3975. 0);
  3976. /* pass small size( < 48bytes ) input, then make sure they are not
  3977. * encoded and just stored in ctx
  3978. */
  3979. EVP_EncodeInit(ctx);
  3980. total = 0;
  3981. outl = 0;
  3982. XMEMSET( encOutBuff,0, sizeof(encOutBuff));
  3983. AssertIntEQ(
  3984. EVP_EncodeUpdate(
  3985. ctx,
  3986. encOutBuff, /* buffer for output */
  3987. &outl, /* size of output */
  3988. plain1, /* input */
  3989. sizeof(plain1)-1), /* size of input */
  3990. 1); /* expected result code 1:success */
  3991. total += outl;
  3992. AssertIntEQ(outl, 0); /* no output expected */
  3993. AssertIntEQ(ctx->remaining, sizeof(plain1) -1);
  3994. AssertTrue(
  3995. XSTRNCMP((const char*)(ctx->data),
  3996. (const char*)plain1,
  3997. ctx->remaining) ==0 );
  3998. AssertTrue(encOutBuff[0] == 0);
  3999. /* call wolfSSL_EVP_EncodeUpdate again to make it encode
  4000. * the stored data and the new input together
  4001. */
  4002. AssertIntEQ(
  4003. EVP_EncodeUpdate(
  4004. ctx,
  4005. encOutBuff + outl, /* buffer for output */
  4006. &outl, /* size of output */
  4007. plain2, /* additional input */
  4008. sizeof(plain2) -1), /* size of additional input */
  4009. 1); /* expected result code 1:success */
  4010. total += outl;
  4011. AssertIntNE(outl, 0); /* some output is expected this time*/
  4012. AssertIntEQ(outl, BASE64_ENCODE_RESULT_BLOCK_SIZE +1); /* 64 bytes and LF */
  4013. AssertIntEQ(
  4014. XSTRNCMP((const char*)encOutBuff,(const char*)enc1,sizeof(enc1) ),0);
  4015. /* call wolfSSL_EVP_EncodeFinal to flush all the unprocessed input */
  4016. EVP_EncodeFinal(
  4017. ctx,
  4018. encOutBuff + outl,
  4019. &outl);
  4020. total += outl;
  4021. AssertIntNE(total,0);
  4022. AssertIntNE(outl,0);
  4023. AssertIntEQ(XSTRNCMP(
  4024. (const char*)encOutBuff,(const char*)enc2,sizeof(enc2) ),0);
  4025. /* test with illeagal parameters */
  4026. outl = 1;
  4027. EVP_EncodeFinal(NULL, encOutBuff + outl, &outl);
  4028. AssertIntEQ(outl, 0);
  4029. outl = 1;
  4030. EVP_EncodeFinal(ctx, NULL, &outl);
  4031. AssertIntEQ(outl, 0);
  4032. EVP_EncodeFinal(ctx, encOutBuff + outl, NULL);
  4033. EVP_EncodeFinal(NULL, NULL, NULL);
  4034. EVP_ENCODE_CTX_free(ctx);
  4035. res = TEST_RES_CHECK(1);
  4036. #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
  4037. return res;
  4038. }
  4039. static int test_wolfSSL_EVP_EncodeFinal(void)
  4040. {
  4041. int res = TEST_SKIPPED;
  4042. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
  4043. /* tests for wolfSSL_EVP_EncodeFinal are included in
  4044. * test_wolfSSL_EVP_EncodeUpdate
  4045. */
  4046. res = TEST_RES_CHECK(1);
  4047. #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
  4048. return res;
  4049. }
  4050. static int test_wolfSSL_EVP_DecodeInit(void)
  4051. {
  4052. int res = TEST_SKIPPED;
  4053. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
  4054. EVP_ENCODE_CTX* ctx = NULL;
  4055. AssertNotNull( ctx = EVP_ENCODE_CTX_new());
  4056. AssertIntEQ( ctx->remaining,0);
  4057. AssertIntEQ( ctx->data[0],0);
  4058. AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
  4059. /* make ctx dirty */
  4060. ctx->remaining = 10;
  4061. XMEMSET( ctx->data, 0x77, sizeof(ctx->data));
  4062. EVP_DecodeInit(ctx);
  4063. AssertIntEQ( ctx->remaining,0);
  4064. AssertIntEQ( ctx->data[0],0);
  4065. AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
  4066. EVP_ENCODE_CTX_free(ctx);
  4067. res = TEST_RES_CHECK(1);
  4068. #endif /* OPENSSL && WOLFSSL_BASE_DECODE */
  4069. return res;
  4070. }
  4071. static int test_wolfSSL_EVP_DecodeUpdate(void)
  4072. {
  4073. int res = TEST_SKIPPED;
  4074. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
  4075. int outl;
  4076. unsigned char decOutBuff[300];
  4077. EVP_ENCODE_CTX* ctx;
  4078. static const unsigned char enc1[] =
  4079. {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"};
  4080. /* const unsigned char plain1[] =
  4081. {"This is a base64 decoding test."} */
  4082. ctx = EVP_ENCODE_CTX_new();
  4083. EVP_DecodeInit(ctx);
  4084. /* illegal parameter tests */
  4085. /* pass NULL as ctx */
  4086. AssertIntEQ(
  4087. EVP_DecodeUpdate(
  4088. NULL, /* pass NULL as ctx */
  4089. decOutBuff,
  4090. &outl,
  4091. enc1,
  4092. sizeof(enc1)-1),
  4093. -1 /* expected result code -1: fail */
  4094. );
  4095. AssertIntEQ( outl, 0);
  4096. /* pass NULL as output */
  4097. AssertIntEQ(
  4098. EVP_DecodeUpdate(
  4099. ctx,
  4100. NULL, /* pass NULL as out buff */
  4101. &outl,
  4102. enc1,
  4103. sizeof(enc1)-1),
  4104. -1 /* expected result code -1: fail */
  4105. );
  4106. AssertIntEQ( outl, 0);
  4107. /* pass NULL as outl */
  4108. AssertIntEQ(
  4109. EVP_DecodeUpdate(
  4110. ctx,
  4111. decOutBuff,
  4112. NULL, /* pass NULL as outl */
  4113. enc1,
  4114. sizeof(enc1)-1),
  4115. -1 /* expected result code -1: fail */
  4116. );
  4117. /* pass NULL as input */
  4118. AssertIntEQ(
  4119. EVP_DecodeUpdate(
  4120. ctx,
  4121. decOutBuff,
  4122. &outl,
  4123. NULL, /* pass NULL as in */
  4124. sizeof(enc1)-1),
  4125. -1 /* expected result code -1: fail */
  4126. );
  4127. AssertIntEQ( outl, 0);
  4128. AssertIntEQ(EVP_DecodeBlock(NULL, NULL, 0), -1);
  4129. /* pass zero length input */
  4130. AssertIntEQ(
  4131. EVP_DecodeUpdate(
  4132. ctx,
  4133. decOutBuff,
  4134. &outl,
  4135. enc1,
  4136. 0), /* pass zero as input len */
  4137. 1 /* expected result code 1: success */
  4138. );
  4139. /* decode correct base64 string */
  4140. {
  4141. static const unsigned char enc2[] =
  4142. {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"};
  4143. static const unsigned char plain2[] =
  4144. {"This is a base64 decoding test."};
  4145. EVP_EncodeInit(ctx);
  4146. AssertIntEQ(
  4147. EVP_DecodeUpdate(
  4148. ctx,
  4149. decOutBuff,
  4150. &outl,
  4151. enc2,
  4152. sizeof(enc2)-1),
  4153. 0 /* expected result code 0: success */
  4154. );
  4155. AssertIntEQ(outl,sizeof(plain2) -1);
  4156. AssertIntEQ(
  4157. EVP_DecodeFinal(
  4158. ctx,
  4159. decOutBuff + outl,
  4160. &outl),
  4161. 1 /* expected result code 1: success */
  4162. );
  4163. AssertIntEQ(outl, 0); /* expected DecodeFinal outout no data */
  4164. AssertIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff,
  4165. sizeof(plain2) -1 ),0);
  4166. AssertIntEQ(EVP_DecodeBlock(decOutBuff, enc2, sizeof(enc2)),
  4167. sizeof(plain2)-1);
  4168. AssertIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff,
  4169. sizeof(plain2) -1 ),0);
  4170. }
  4171. /* decode correct base64 string which does not have '\n' in its last*/
  4172. {
  4173. static const unsigned char enc3[] =
  4174. {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg=="}; /* 44 chars */
  4175. static const unsigned char plain3[] =
  4176. {"This is a base64 decoding test."}; /* 31 chars */
  4177. EVP_EncodeInit(ctx);
  4178. AssertIntEQ(
  4179. EVP_DecodeUpdate(
  4180. ctx,
  4181. decOutBuff,
  4182. &outl,
  4183. enc3,
  4184. sizeof(enc3)-1),
  4185. 0 /* expected result code 0: success */
  4186. );
  4187. AssertIntEQ(outl,sizeof(plain3)-1); /* 31 chars should be output */
  4188. AssertIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff,
  4189. sizeof(plain3) -1 ),0);
  4190. AssertIntEQ(
  4191. EVP_DecodeFinal(
  4192. ctx,
  4193. decOutBuff + outl,
  4194. &outl),
  4195. 1 /* expected result code 1: success */
  4196. );
  4197. AssertIntEQ(outl,0 );
  4198. AssertIntEQ(EVP_DecodeBlock(decOutBuff, enc3, sizeof(enc3)-1),
  4199. sizeof(plain3)-1);
  4200. AssertIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff,
  4201. sizeof(plain3) -1 ),0);
  4202. }
  4203. /* decode string which has a padding char ('=') in the illegal position*/
  4204. {
  4205. static const unsigned char enc4[] =
  4206. {"VGhpcyBpcyBhIGJhc2U2N=CBkZWNvZGluZyB0ZXN0Lg==\n"};
  4207. EVP_EncodeInit(ctx);
  4208. AssertIntEQ(
  4209. EVP_DecodeUpdate(
  4210. ctx,
  4211. decOutBuff,
  4212. &outl,
  4213. enc4,
  4214. sizeof(enc4)-1),
  4215. -1 /* expected result code -1: error */
  4216. );
  4217. AssertIntEQ(outl,0);
  4218. AssertIntEQ(EVP_DecodeBlock(decOutBuff, enc4, sizeof(enc4)-1), -1);
  4219. }
  4220. /* small data decode test */
  4221. {
  4222. static const unsigned char enc00[] = {"VG"};
  4223. static const unsigned char enc01[] = {"g=\n"};
  4224. static const unsigned char plain4[] = {"Th"};
  4225. EVP_EncodeInit(ctx);
  4226. AssertIntEQ(
  4227. EVP_DecodeUpdate(
  4228. ctx,
  4229. decOutBuff,
  4230. &outl,
  4231. enc00,
  4232. sizeof(enc00)-1),
  4233. 1 /* expected result code 1: success */
  4234. );
  4235. AssertIntEQ(outl,0);
  4236. AssertIntEQ(
  4237. EVP_DecodeUpdate(
  4238. ctx,
  4239. decOutBuff + outl,
  4240. &outl,
  4241. enc01,
  4242. sizeof(enc01)-1),
  4243. 0 /* expected result code 0: success */
  4244. );
  4245. AssertIntEQ(outl,sizeof(plain4)-1);
  4246. /* test with illegal parameters */
  4247. AssertIntEQ(EVP_DecodeFinal(NULL,decOutBuff + outl,&outl), -1);
  4248. AssertIntEQ(EVP_DecodeFinal(ctx,NULL,&outl), -1);
  4249. AssertIntEQ(EVP_DecodeFinal(ctx,decOutBuff + outl, NULL), -1);
  4250. AssertIntEQ(EVP_DecodeFinal(NULL,NULL, NULL), -1);
  4251. EVP_DecodeFinal(
  4252. ctx,
  4253. decOutBuff + outl,
  4254. &outl);
  4255. AssertIntEQ( outl, 0);
  4256. AssertIntEQ(
  4257. XSTRNCMP(
  4258. (const char*)decOutBuff,
  4259. (const char*)plain4,sizeof(plain4)-1 ),
  4260. 0);
  4261. }
  4262. EVP_ENCODE_CTX_free(ctx);
  4263. res = TEST_RES_CHECK(1);
  4264. #endif /* OPENSSL && WOLFSSL_BASE_DECODE */
  4265. return res;
  4266. }
  4267. static int test_wolfSSL_EVP_DecodeFinal(void)
  4268. {
  4269. int res = TEST_SKIPPED;
  4270. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
  4271. /* tests for wolfSSL_EVP_DecodeFinal are included in
  4272. * test_wolfSSL_EVP_DecodeUpdate
  4273. */
  4274. res = TEST_RES_CHECK(1);
  4275. #endif /* OPENSSL && WOLFSSL_BASE_DECODE */
  4276. return res;
  4277. }
  4278. /* Test function for wolfSSL_EVP_get_cipherbynid.
  4279. */
  4280. #ifdef OPENSSL_EXTRA
  4281. static int test_wolfSSL_EVP_get_cipherbynid(void)
  4282. {
  4283. #ifndef NO_AES
  4284. const WOLFSSL_EVP_CIPHER* c;
  4285. c = wolfSSL_EVP_get_cipherbynid(419);
  4286. #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
  4287. defined(WOLFSSL_AES_128)
  4288. AssertNotNull(c);
  4289. AssertNotNull(strcmp("EVP_AES_128_CBC", c));
  4290. #else
  4291. AssertNull(c);
  4292. #endif
  4293. c = wolfSSL_EVP_get_cipherbynid(423);
  4294. #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
  4295. defined(WOLFSSL_AES_192)
  4296. AssertNotNull(c);
  4297. AssertNotNull(strcmp("EVP_AES_192_CBC", c));
  4298. #else
  4299. AssertNull(c);
  4300. #endif
  4301. c = wolfSSL_EVP_get_cipherbynid(427);
  4302. #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
  4303. defined(WOLFSSL_AES_256)
  4304. AssertNotNull(c);
  4305. AssertNotNull(strcmp("EVP_AES_256_CBC", c));
  4306. #else
  4307. AssertNull(c);
  4308. #endif
  4309. c = wolfSSL_EVP_get_cipherbynid(904);
  4310. #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
  4311. AssertNotNull(c);
  4312. AssertNotNull(strcmp("EVP_AES_128_CTR", c));
  4313. #else
  4314. AssertNull(c);
  4315. #endif
  4316. c = wolfSSL_EVP_get_cipherbynid(905);
  4317. #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192)
  4318. AssertNotNull(c);
  4319. AssertNotNull(strcmp("EVP_AES_192_CTR", c));
  4320. #else
  4321. AssertNull(c);
  4322. #endif
  4323. c = wolfSSL_EVP_get_cipherbynid(906);
  4324. #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
  4325. AssertNotNull(c);
  4326. AssertNotNull(strcmp("EVP_AES_256_CTR", c));
  4327. #else
  4328. AssertNull(c);
  4329. #endif
  4330. c = wolfSSL_EVP_get_cipherbynid(418);
  4331. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128)
  4332. AssertNotNull(c);
  4333. AssertNotNull(strcmp("EVP_AES_128_ECB", c));
  4334. #else
  4335. AssertNull(c);
  4336. #endif
  4337. c = wolfSSL_EVP_get_cipherbynid(422);
  4338. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192)
  4339. AssertNotNull(c);
  4340. AssertNotNull(strcmp("EVP_AES_192_ECB", c));
  4341. #else
  4342. AssertNull(c);
  4343. #endif
  4344. c = wolfSSL_EVP_get_cipherbynid(426);
  4345. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
  4346. AssertNotNull(c);
  4347. AssertNotNull(strcmp("EVP_AES_256_ECB", c));
  4348. #else
  4349. AssertNull(c);
  4350. #endif
  4351. #endif /* !NO_AES */
  4352. #ifndef NO_DES3
  4353. AssertNotNull(strcmp("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31)));
  4354. #ifdef WOLFSSL_DES_ECB
  4355. AssertNotNull(strcmp("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29)));
  4356. #endif
  4357. AssertNotNull(strcmp("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44)));
  4358. #ifdef WOLFSSL_DES_ECB
  4359. AssertNotNull(strcmp("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33)));
  4360. #endif
  4361. #endif /* !NO_DES3 */
  4362. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  4363. AssertNotNull(strcmp("EVP_CHACHA20_POLY13O5", EVP_get_cipherbynid(1018)));
  4364. #endif
  4365. /* test for nid is out of range */
  4366. AssertNull(wolfSSL_EVP_get_cipherbynid(1));
  4367. return TEST_RES_CHECK(1);
  4368. }
  4369. static int test_wolfSSL_EVP_CIPHER_CTX(void)
  4370. {
  4371. int res = TEST_SKIPPED;
  4372. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  4373. EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  4374. const EVP_CIPHER *init = EVP_aes_128_cbc();
  4375. const EVP_CIPHER *test;
  4376. byte key[AES_BLOCK_SIZE] = {0};
  4377. byte iv[AES_BLOCK_SIZE] = {0};
  4378. AssertNotNull(ctx);
  4379. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  4380. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  4381. test = EVP_CIPHER_CTX_cipher(ctx);
  4382. AssertTrue(init == test);
  4383. AssertIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);
  4384. AssertIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS);
  4385. AssertIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE);
  4386. EVP_CIPHER_CTX_free(ctx);
  4387. /* test EVP_CIPHER_CTX_cleanup with NULL */
  4388. AssertIntEQ(EVP_CIPHER_CTX_cleanup(NULL), WOLFSSL_SUCCESS);
  4389. res = TEST_RES_CHECK(1);
  4390. #endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */
  4391. return res;
  4392. }
  4393. #endif /* OPENSSL_EXTRA */
  4394. /*----------------------------------------------------------------------------*
  4395. | IO
  4396. *----------------------------------------------------------------------------*/
  4397. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  4398. !defined(NO_RSA) && !defined(SINGLE_THREADED) && \
  4399. !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
  4400. #define HAVE_IO_TESTS_DEPENDENCIES
  4401. #endif
  4402. /* helper functions */
  4403. #ifdef HAVE_IO_TESTS_DEPENDENCIES
  4404. #ifdef WOLFSSL_SESSION_EXPORT
  4405. #ifdef WOLFSSL_DTLS
  4406. /* set up function for sending session information */
  4407. static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx)
  4408. {
  4409. WOLFSSL_CTX* ctx = NULL;
  4410. WOLFSSL* ssl = NULL;
  4411. AssertNotNull(inSsl);
  4412. AssertNotNull(buf);
  4413. AssertIntNE(0, sz);
  4414. /* Set ctx to DTLS 1.2 */
  4415. ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
  4416. AssertNotNull(ctx);
  4417. ssl = wolfSSL_new(ctx);
  4418. AssertNotNull(ssl);
  4419. AssertIntGE(wolfSSL_dtls_import(ssl, buf, sz), 0);
  4420. wolfSSL_free(ssl);
  4421. wolfSSL_CTX_free(ctx);
  4422. (void)userCtx;
  4423. return 0;
  4424. }
  4425. #endif
  4426. /* returns negative value on fail and positive (including 0) on success */
  4427. static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
  4428. {
  4429. int ret, err, loop_count, count, timeout = 10;
  4430. char msg[] = "I hear you fa shizzle!";
  4431. char input[1024];
  4432. loop_count = ((func_args*)args)->argc;
  4433. #ifdef WOLFSSL_ASYNC_CRYPT
  4434. err = 0; /* Reset error */
  4435. #endif
  4436. do {
  4437. #ifdef WOLFSSL_ASYNC_CRYPT
  4438. if (err == WC_PENDING_E) {
  4439. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  4440. if (ret < 0) { break; } else if (ret == 0) { continue; }
  4441. }
  4442. #endif
  4443. ret = wolfSSL_accept(ssl);
  4444. err = wolfSSL_get_error(ssl, 0);
  4445. if (err == WOLFSSL_ERROR_WANT_READ ||
  4446. err == WOLFSSL_ERROR_WANT_WRITE) {
  4447. int select_ret;
  4448. err = WC_PENDING_E;
  4449. select_ret = tcp_select(*sockfd, timeout);
  4450. if (select_ret == TEST_TIMEOUT) {
  4451. return WOLFSSL_FATAL_ERROR;
  4452. }
  4453. }
  4454. } while (err == WC_PENDING_E);
  4455. if (ret != WOLFSSL_SUCCESS) {
  4456. char buff[WOLFSSL_MAX_ERROR_SZ];
  4457. fprintf(stderr, "error = %d, %s\n", err,
  4458. wolfSSL_ERR_error_string(err, buff));
  4459. return ret;
  4460. }
  4461. for (count = 0; count < loop_count; count++) {
  4462. int select_ret;
  4463. select_ret = tcp_select(*sockfd, timeout);
  4464. if (select_ret == TEST_TIMEOUT) {
  4465. ret = WOLFSSL_FATAL_ERROR;
  4466. break;
  4467. }
  4468. do {
  4469. ret = wolfSSL_read(ssl, input, sizeof(input)-1);
  4470. if (ret > 0) {
  4471. input[ret] = '\0';
  4472. fprintf(stderr, "Client message: %s\n", input);
  4473. }
  4474. } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
  4475. do {
  4476. if ((ret = wolfSSL_write(ssl, msg, sizeof(msg))) != sizeof(msg)) {
  4477. return WOLFSSL_FATAL_ERROR;
  4478. }
  4479. err = wolfSSL_get_error(ssl, ret);
  4480. } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
  4481. }
  4482. return ret;
  4483. }
  4484. #endif /* WOLFSSL_SESSION_EXPORT */
  4485. /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
  4486. #if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \
  4487. defined(HAVE_AES_CBC)
  4488. typedef struct openssl_key_ctx {
  4489. byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */
  4490. byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */
  4491. byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */
  4492. byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */
  4493. } openssl_key_ctx;
  4494. static THREAD_LS_T openssl_key_ctx myOpenSSLKey_ctx;
  4495. static THREAD_LS_T WC_RNG myOpenSSLKey_rng;
  4496. static WC_INLINE int OpenSSLTicketInit(void)
  4497. {
  4498. int ret = wc_InitRng(&myOpenSSLKey_rng);
  4499. if (ret != 0) return ret;
  4500. ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.name,
  4501. sizeof(myOpenSSLKey_ctx.name));
  4502. if (ret != 0) return ret;
  4503. ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.key,
  4504. sizeof(myOpenSSLKey_ctx.key));
  4505. if (ret != 0) return ret;
  4506. ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.hmacKey,
  4507. sizeof(myOpenSSLKey_ctx.hmacKey));
  4508. if (ret != 0) return ret;
  4509. ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.iv,
  4510. sizeof(myOpenSSLKey_ctx.iv));
  4511. if (ret != 0) return ret;
  4512. return 0;
  4513. }
  4514. static WC_INLINE int myTicketEncCbOpenSSL(WOLFSSL* ssl,
  4515. byte name[WOLFSSL_TICKET_NAME_SZ],
  4516. byte iv[WOLFSSL_TICKET_IV_SZ],
  4517. WOLFSSL_EVP_CIPHER_CTX *ectx,
  4518. WOLFSSL_HMAC_CTX *hctx, int enc) {
  4519. (void)ssl;
  4520. if (enc) {
  4521. XMEMCPY(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name));
  4522. XMEMCPY(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv));
  4523. }
  4524. else if (XMEMCMP(name, myOpenSSLKey_ctx.name,
  4525. sizeof(myOpenSSLKey_ctx.name)) != 0 ||
  4526. XMEMCMP(iv, myOpenSSLKey_ctx.iv,
  4527. sizeof(myOpenSSLKey_ctx.iv)) != 0) {
  4528. return 0;
  4529. }
  4530. HMAC_Init_ex(hctx, myOpenSSLKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL);
  4531. if (enc)
  4532. EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
  4533. else
  4534. EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
  4535. return 1;
  4536. }
  4537. static WC_INLINE void OpenSSLTicketCleanup(void)
  4538. {
  4539. wc_FreeRng(&myOpenSSLKey_rng);
  4540. }
  4541. #endif
  4542. #ifdef WOLFSSL_HAVE_TLS_UNIQUE
  4543. #ifdef WC_SHA512_DIGEST_SIZE
  4544. #define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE
  4545. #else
  4546. #define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE
  4547. #endif
  4548. byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */
  4549. byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */
  4550. byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */
  4551. byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */
  4552. #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
  4553. static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
  4554. {
  4555. SOCKET_T sockfd = 0;
  4556. SOCKET_T clientfd = 0;
  4557. word16 port;
  4558. callback_functions* cbf;
  4559. WOLFSSL_CTX* ctx = 0;
  4560. WOLFSSL* ssl = 0;
  4561. func_args* opts = (func_args*)args;
  4562. char msg[] = "I hear you fa shizzle!";
  4563. char input[1024];
  4564. int idx;
  4565. int ret, err = 0;
  4566. int sharedCtx = 0;
  4567. int doUdp = 0;
  4568. SOCKADDR_IN_T cliAddr;
  4569. socklen_t cliLen;
  4570. #ifdef WOLFSSL_HAVE_TLS_UNIQUE
  4571. size_t msg_len = 0;
  4572. #endif
  4573. #ifdef WOLFSSL_TIRTOS
  4574. fdOpenSession(Task_self());
  4575. #endif
  4576. opts->return_code = TEST_FAIL;
  4577. cbf = opts->callbacks;
  4578. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  4579. if (cbf != NULL && cbf->ctx) {
  4580. ctx = cbf->ctx;
  4581. sharedCtx = 1;
  4582. }
  4583. else
  4584. #endif
  4585. {
  4586. WOLFSSL_METHOD* method = NULL;
  4587. if (cbf != NULL && cbf->method != NULL) {
  4588. method = cbf->method();
  4589. }
  4590. else {
  4591. method = wolfSSLv23_server_method();
  4592. }
  4593. ctx = wolfSSL_CTX_new(method);
  4594. }
  4595. if (ctx == NULL) {
  4596. goto done;
  4597. }
  4598. if (cbf == NULL || !cbf->ticNoInit) {
  4599. #if defined(HAVE_SESSION_TICKET) && \
  4600. ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
  4601. #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
  4602. OpenSSLTicketInit();
  4603. wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL);
  4604. #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
  4605. TicketInit();
  4606. wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
  4607. #endif
  4608. #endif
  4609. }
  4610. #if defined(USE_WINDOWS_API)
  4611. port = opts->signal->port;
  4612. #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
  4613. !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
  4614. /* Let tcp_listen assign port */
  4615. port = 0;
  4616. #else
  4617. /* Use default port */
  4618. port = wolfSSLPort;
  4619. #endif
  4620. if (cbf != NULL)
  4621. doUdp = cbf->doUdp;
  4622. /* do it here to detect failure */
  4623. tcp_accept(
  4624. &sockfd, &clientfd, opts, port, 0, doUdp, 0, 0, 1, 0, 0);
  4625. if (doUdp) {
  4626. cliLen = sizeof(cliAddr);
  4627. idx = (int)recvfrom(sockfd, input, sizeof(input), MSG_PEEK,
  4628. (struct sockaddr*)&cliAddr, &cliLen);
  4629. AssertIntGT(idx, 0);
  4630. }
  4631. else {
  4632. CloseSocket(sockfd);
  4633. }
  4634. wolfSSL_CTX_set_verify(ctx,
  4635. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
  4636. #ifdef WOLFSSL_ENCRYPTED_KEYS
  4637. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  4638. #endif
  4639. if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
  4640. != WOLFSSL_SUCCESS) {
  4641. /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
  4642. goto done;
  4643. }
  4644. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  4645. if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  4646. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4647. #else
  4648. if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  4649. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4650. #endif
  4651. /*err_sys("can't load server cert chain file, "
  4652. "Please run from wolfSSL home dir");*/
  4653. goto done;
  4654. }
  4655. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  4656. if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  4657. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4658. #else
  4659. if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  4660. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4661. #endif
  4662. /*err_sys("can't load server key file, "
  4663. "Please run from wolfSSL home dir");*/
  4664. goto done;
  4665. }
  4666. /* call ctx setup callback */
  4667. if (cbf != NULL && cbf->ctx_ready != NULL) {
  4668. cbf->ctx_ready(ctx);
  4669. }
  4670. ssl = wolfSSL_new(ctx);
  4671. if (ssl == NULL) {
  4672. goto done;
  4673. }
  4674. if (doUdp) {
  4675. err = wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
  4676. if (err != WOLFSSL_SUCCESS)
  4677. goto done;
  4678. }
  4679. #ifdef WOLFSSL_SESSION_EXPORT
  4680. /* only add in more complex nonblocking case with session export tests */
  4681. if (args && opts->argc > 0) {
  4682. /* set as nonblock and time out for waiting on read/write */
  4683. tcp_set_nonblocking(&clientfd);
  4684. wolfSSL_dtls_set_using_nonblock(ssl, 1);
  4685. }
  4686. #endif
  4687. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  4688. if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
  4689. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4690. #else
  4691. if (wolfSSL_use_certificate_file(ssl, svrCertFile,
  4692. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4693. #endif
  4694. /*err_sys("can't load server cert chain file, "
  4695. "Please run from wolfSSL home dir");*/
  4696. goto done;
  4697. }
  4698. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  4699. if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
  4700. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4701. #else
  4702. if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
  4703. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4704. #endif
  4705. /*err_sys("can't load server key file, "
  4706. "Please run from wolfSSL home dir");*/
  4707. goto done;
  4708. }
  4709. if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
  4710. /*err_sys("SSL_set_fd failed");*/
  4711. goto done;
  4712. }
  4713. #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
  4714. wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  4715. #elif !defined(NO_DH)
  4716. SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
  4717. #endif
  4718. /* call ssl setup callback */
  4719. if (cbf != NULL && cbf->ssl_ready != NULL) {
  4720. cbf->ssl_ready(ssl);
  4721. }
  4722. #ifdef WOLFSSL_SESSION_EXPORT
  4723. /* only add in more complex nonblocking case with session export tests */
  4724. if (opts->argc > 0) {
  4725. ret = nonblocking_accept_read(args, ssl, &clientfd);
  4726. if (ret >= 0) {
  4727. opts->return_code = TEST_SUCCESS;
  4728. }
  4729. #ifdef WOLFSSL_TIRTOS
  4730. Task_yield();
  4731. #endif
  4732. goto done;
  4733. }
  4734. #endif
  4735. #ifdef WOLFSSL_ASYNC_CRYPT
  4736. err = 0; /* Reset error */
  4737. #endif
  4738. do {
  4739. #ifdef WOLFSSL_ASYNC_CRYPT
  4740. if (err == WC_PENDING_E) {
  4741. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  4742. if (ret < 0) { break; } else if (ret == 0) { continue; }
  4743. }
  4744. #endif
  4745. ret = wolfSSL_accept(ssl);
  4746. err = wolfSSL_get_error(ssl, 0);
  4747. } while (err == WC_PENDING_E);
  4748. if (ret != WOLFSSL_SUCCESS) {
  4749. char buff[WOLFSSL_MAX_ERROR_SZ];
  4750. fprintf(stderr, "error = %d, %s\n", err,
  4751. wolfSSL_ERR_error_string(err, buff));
  4752. /*err_sys("SSL_accept failed");*/
  4753. goto done;
  4754. }
  4755. #ifdef WOLFSSL_HAVE_TLS_UNIQUE
  4756. XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
  4757. msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE);
  4758. AssertIntGE(msg_len, 0);
  4759. XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
  4760. msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE);
  4761. AssertIntGE(msg_len, 0);
  4762. #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
  4763. idx = wolfSSL_read(ssl, input, sizeof(input)-1);
  4764. if (idx > 0) {
  4765. input[idx] = '\0';
  4766. fprintf(stderr, "Client message: %s\n", input);
  4767. }
  4768. if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
  4769. /*err_sys("SSL_write failed");*/
  4770. #ifdef WOLFSSL_TIRTOS
  4771. return;
  4772. #else
  4773. return 0;
  4774. #endif
  4775. }
  4776. if (cbf != NULL && cbf->on_result != NULL)
  4777. cbf->on_result(ssl);
  4778. #ifdef WOLFSSL_TIRTOS
  4779. Task_yield();
  4780. #endif
  4781. opts->return_code = TEST_SUCCESS;
  4782. done:
  4783. if (cbf != NULL)
  4784. cbf->last_err = err;
  4785. wolfSSL_shutdown(ssl);
  4786. wolfSSL_free(ssl);
  4787. if (!sharedCtx)
  4788. wolfSSL_CTX_free(ctx);
  4789. CloseSocket(clientfd);
  4790. #ifdef WOLFSSL_TIRTOS
  4791. fdCloseSession(Task_self());
  4792. #endif
  4793. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  4794. && defined(HAVE_THREAD_LS)
  4795. wc_ecc_fp_free(); /* free per thread cache */
  4796. #endif
  4797. if (cbf == NULL || !cbf->ticNoInit) {
  4798. #if defined(HAVE_SESSION_TICKET) && \
  4799. ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
  4800. #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
  4801. OpenSSLTicketCleanup();
  4802. #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
  4803. TicketCleanup();
  4804. #endif
  4805. #endif
  4806. }
  4807. #ifndef WOLFSSL_TIRTOS
  4808. return 0;
  4809. #endif
  4810. }
  4811. #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
  4812. static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
  4813. {
  4814. SOCKET_T sockfd = 0;
  4815. SOCKET_T clientfd = 0;
  4816. word16 port;
  4817. callback_functions* cbf;
  4818. WOLFSSL_CTX* ctx = 0;
  4819. WOLFSSL* ssl = 0;
  4820. char msg[] = "I hear you fa shizzle!";
  4821. char input[1024];
  4822. int idx;
  4823. int ret, err = 0;
  4824. int sharedCtx = 0;
  4825. int loop_count = ((func_args*)args)->argc;
  4826. int count = 0;
  4827. #ifdef WOLFSSL_TIRTOS
  4828. fdOpenSession(Task_self());
  4829. #endif
  4830. ((func_args*)args)->return_code = TEST_FAIL;
  4831. cbf = ((func_args*)args)->callbacks;
  4832. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  4833. if (cbf != NULL && cbf->ctx) {
  4834. ctx = cbf->ctx;
  4835. sharedCtx = 1;
  4836. }
  4837. else
  4838. #endif
  4839. {
  4840. WOLFSSL_METHOD* method = NULL;
  4841. if (cbf != NULL && cbf->method != NULL) {
  4842. method = cbf->method();
  4843. }
  4844. else {
  4845. method = wolfSSLv23_server_method();
  4846. }
  4847. ctx = wolfSSL_CTX_new(method);
  4848. }
  4849. #if defined(USE_WINDOWS_API)
  4850. port = ((func_args*)args)->signal->port;
  4851. #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
  4852. !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
  4853. /* Let tcp_listen assign port */
  4854. port = 0;
  4855. #else
  4856. /* Use default port */
  4857. port = wolfSSLPort;
  4858. #endif
  4859. wolfSSL_CTX_set_verify(ctx,
  4860. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
  4861. #ifdef WOLFSSL_ENCRYPTED_KEYS
  4862. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  4863. #endif
  4864. if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
  4865. != WOLFSSL_SUCCESS) {
  4866. /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
  4867. goto done;
  4868. }
  4869. if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  4870. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4871. /*err_sys("can't load server cert chain file, "
  4872. "Please run from wolfSSL home dir");*/
  4873. goto done;
  4874. }
  4875. if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  4876. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4877. /*err_sys("can't load server key file, "
  4878. "Please run from wolfSSL home dir");*/
  4879. goto done;
  4880. }
  4881. /* call ctx setup callback */
  4882. if (cbf != NULL && cbf->ctx_ready != NULL) {
  4883. cbf->ctx_ready(ctx);
  4884. }
  4885. while (count != loop_count) {
  4886. ssl = wolfSSL_new(ctx);
  4887. if (ssl == NULL) {
  4888. goto done;
  4889. }
  4890. if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
  4891. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4892. /*err_sys("can't load server cert chain file, "
  4893. "Please run from wolfSSL home dir");*/
  4894. goto done;
  4895. }
  4896. if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
  4897. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  4898. /*err_sys("can't load server key file, "
  4899. "Please run from wolfSSL home dir");*/
  4900. goto done;
  4901. }
  4902. #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
  4903. wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  4904. #elif !defined(NO_DH)
  4905. SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
  4906. #endif
  4907. /* call ssl setup callback */
  4908. if (cbf != NULL && cbf->ssl_ready != NULL) {
  4909. cbf->ssl_ready(ssl);
  4910. }
  4911. /* do it here to detect failure */
  4912. tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
  4913. CloseSocket(sockfd);
  4914. if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
  4915. /*err_sys("SSL_set_fd failed");*/
  4916. goto done;
  4917. }
  4918. #ifdef WOLFSSL_ASYNC_CRYPT
  4919. err = 0; /* Reset error */
  4920. #endif
  4921. do {
  4922. #ifdef WOLFSSL_ASYNC_CRYPT
  4923. if (err == WC_PENDING_E) {
  4924. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  4925. if (ret < 0) { break; } else if (ret == 0) { continue; }
  4926. }
  4927. #endif
  4928. ret = wolfSSL_accept(ssl);
  4929. err = wolfSSL_get_error(ssl, 0);
  4930. } while (err == WC_PENDING_E);
  4931. if (ret != WOLFSSL_SUCCESS) {
  4932. char buff[WOLFSSL_MAX_ERROR_SZ];
  4933. fprintf(stderr, "error = %d, %s\n", err,
  4934. wolfSSL_ERR_error_string(err, buff));
  4935. /*err_sys("SSL_accept failed");*/
  4936. goto done;
  4937. }
  4938. idx = wolfSSL_read(ssl, input, sizeof(input)-1);
  4939. if (idx > 0) {
  4940. input[idx] = '\0';
  4941. fprintf(stderr, "Client message: %s\n", input);
  4942. }
  4943. if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
  4944. /*err_sys("SSL_write failed");*/
  4945. #ifdef WOLFSSL_TIRTOS
  4946. return;
  4947. #else
  4948. return 0;
  4949. #endif
  4950. }
  4951. /* free ssl for this connection */
  4952. wolfSSL_shutdown(ssl);
  4953. wolfSSL_free(ssl); ssl = NULL;
  4954. CloseSocket(clientfd);
  4955. count++;
  4956. }
  4957. #ifdef WOLFSSL_TIRTOS
  4958. Task_yield();
  4959. #endif
  4960. ((func_args*)args)->return_code = TEST_SUCCESS;
  4961. done:
  4962. if (ssl != NULL) {
  4963. wolfSSL_shutdown(ssl);
  4964. wolfSSL_free(ssl);
  4965. }
  4966. if (!sharedCtx)
  4967. wolfSSL_CTX_free(ctx);
  4968. CloseSocket(clientfd);
  4969. #ifdef WOLFSSL_TIRTOS
  4970. fdCloseSession(Task_self());
  4971. #endif
  4972. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  4973. && defined(HAVE_THREAD_LS)
  4974. wc_ecc_fp_free(); /* free per thread cache */
  4975. #endif
  4976. #ifndef WOLFSSL_TIRTOS
  4977. return 0;
  4978. #endif
  4979. }
  4980. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
  4981. typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
  4982. static int test_client_nofail(void* args, cbType cb)
  4983. {
  4984. #if !defined(NO_WOLFSSL_CLIENT)
  4985. SOCKET_T sockfd = 0;
  4986. callback_functions* cbf;
  4987. WOLFSSL_CTX* ctx = 0;
  4988. WOLFSSL* ssl = 0;
  4989. WOLFSSL_CIPHER* cipher;
  4990. char msg[64] = "hello wolfssl!";
  4991. char reply[1024];
  4992. int input;
  4993. int msgSz = (int)XSTRLEN(msg);
  4994. int ret, err = 0;
  4995. int cipherSuite;
  4996. int sharedCtx = 0;
  4997. int doUdp = 0;
  4998. const char* cipherName1, *cipherName2;
  4999. #ifdef WOLFSSL_TIRTOS
  5000. fdOpenSession(Task_self());
  5001. #endif
  5002. ((func_args*)args)->return_code = TEST_FAIL;
  5003. cbf = ((func_args*)args)->callbacks;
  5004. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  5005. if (cbf != NULL && cbf->ctx) {
  5006. ctx = cbf->ctx;
  5007. sharedCtx = cbf->isSharedCtx;
  5008. }
  5009. else
  5010. #endif
  5011. {
  5012. WOLFSSL_METHOD* method = NULL;
  5013. if (cbf != NULL && cbf->method != NULL) {
  5014. method = cbf->method();
  5015. }
  5016. else {
  5017. method = wolfSSLv23_client_method();
  5018. }
  5019. ctx = wolfSSL_CTX_new(method);
  5020. }
  5021. if (cbf != NULL)
  5022. doUdp = cbf->doUdp;
  5023. #ifdef WOLFSSL_ENCRYPTED_KEYS
  5024. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  5025. #endif
  5026. /* Do connect here so server detects failures */
  5027. tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
  5028. doUdp, 0, NULL);
  5029. /* Connect the socket so that we don't have to set the peer later on */
  5030. if (doUdp)
  5031. udp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port);
  5032. if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
  5033. {
  5034. /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
  5035. goto done;
  5036. }
  5037. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  5038. if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  5039. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5040. #else
  5041. if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  5042. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5043. #endif
  5044. /*err_sys("can't load client cert file, "
  5045. "Please run from wolfSSL home dir");*/
  5046. goto done;
  5047. }
  5048. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  5049. if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  5050. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5051. #else
  5052. if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  5053. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5054. #endif
  5055. /*err_sys("can't load client key file, "
  5056. "Please run from wolfSSL home dir");*/
  5057. goto done;
  5058. }
  5059. /* call ctx setup callback */
  5060. if (cbf != NULL && cbf->ctx_ready != NULL) {
  5061. cbf->ctx_ready(ctx);
  5062. }
  5063. ssl = wolfSSL_new(ctx);
  5064. if (ssl == NULL) {
  5065. goto done;
  5066. }
  5067. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  5068. if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
  5069. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5070. #else
  5071. if (wolfSSL_use_certificate_file(ssl, cliCertFile,
  5072. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5073. #endif
  5074. /*err_sys("can't load client cert file, "
  5075. "Please run from wolfSSL home dir");*/
  5076. goto done;
  5077. }
  5078. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  5079. if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
  5080. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5081. #else
  5082. if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
  5083. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5084. #endif
  5085. /*err_sys("can't load client key file, "
  5086. "Please run from wolfSSL home dir");*/
  5087. goto done;
  5088. }
  5089. if (!doUdp) {
  5090. if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
  5091. /*err_sys("SSL_set_fd failed");*/
  5092. goto done;
  5093. }
  5094. }
  5095. else {
  5096. #ifdef WOLFSSL_DTLS
  5097. if (wolfSSL_set_dtls_fd_connected(ssl, sockfd) != WOLFSSL_SUCCESS) {
  5098. /*err_sys("SSL_set_fd failed");*/
  5099. goto done;
  5100. }
  5101. #else
  5102. goto done;
  5103. #endif
  5104. }
  5105. /* call ssl setup callback */
  5106. if (cbf != NULL && cbf->ssl_ready != NULL) {
  5107. cbf->ssl_ready(ssl);
  5108. }
  5109. #ifdef WOLFSSL_ASYNC_CRYPT
  5110. err = 0; /* Reset error */
  5111. #endif
  5112. do {
  5113. #ifdef WOLFSSL_ASYNC_CRYPT
  5114. if (err == WC_PENDING_E) {
  5115. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  5116. if (ret < 0) { break; } else if (ret == 0) { continue; }
  5117. }
  5118. #endif
  5119. ret = wolfSSL_connect(ssl);
  5120. err = wolfSSL_get_error(ssl, 0);
  5121. } while (err == WC_PENDING_E);
  5122. if (ret != WOLFSSL_SUCCESS) {
  5123. char buff[WOLFSSL_MAX_ERROR_SZ];
  5124. fprintf(stderr, "error = %d, %s\n", err,
  5125. wolfSSL_ERR_error_string(err, buff));
  5126. /*err_sys("SSL_connect failed");*/
  5127. goto done;
  5128. }
  5129. /* test the various get cipher methods */
  5130. /* Internal cipher suite names */
  5131. cipherSuite = wolfSSL_get_current_cipher_suite(ssl);
  5132. cipherName1 = wolfSSL_get_cipher_name(ssl);
  5133. cipherName2 = wolfSSL_get_cipher_name_from_suite(
  5134. (cipherSuite >> 8), cipherSuite & 0xFF);
  5135. AssertStrEQ(cipherName1, cipherName2);
  5136. /* IANA Cipher Suites Names */
  5137. /* Unless WOLFSSL_CIPHER_INTERNALNAME or NO_ERROR_STRINGS,
  5138. then it's the internal cipher suite name */
  5139. cipher = wolfSSL_get_current_cipher(ssl);
  5140. cipherName1 = wolfSSL_CIPHER_get_name(cipher);
  5141. cipherName2 = wolfSSL_get_cipher(ssl);
  5142. AssertStrEQ(cipherName1, cipherName2);
  5143. #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
  5144. !defined(WOLFSSL_QT)
  5145. cipherName1 = wolfSSL_get_cipher_name_iana_from_suite(
  5146. (cipherSuite >> 8), cipherSuite & 0xFF);
  5147. AssertStrEQ(cipherName1, cipherName2);
  5148. #endif
  5149. if (cb != NULL)
  5150. (cb)(ctx, ssl);
  5151. if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
  5152. /*err_sys("SSL_write failed");*/
  5153. goto done;
  5154. }
  5155. input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
  5156. if (input > 0) {
  5157. reply[input] = '\0';
  5158. fprintf(stderr, "Server response: %s\n", reply);
  5159. }
  5160. if (cbf != NULL && cbf->on_result != NULL)
  5161. cbf->on_result(ssl);
  5162. ((func_args*)args)->return_code = TEST_SUCCESS;
  5163. done:
  5164. if (cbf != NULL)
  5165. cbf->last_err = err;
  5166. wolfSSL_free(ssl);
  5167. if (!sharedCtx)
  5168. wolfSSL_CTX_free(ctx);
  5169. CloseSocket(sockfd);
  5170. #ifdef WOLFSSL_TIRTOS
  5171. fdCloseSession(Task_self());
  5172. #endif
  5173. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  5174. && defined(HAVE_THREAD_LS)
  5175. wc_ecc_fp_free(); /* free per thread cache */
  5176. #endif
  5177. #else
  5178. (void)args;
  5179. (void)cb;
  5180. #endif /* !NO_WOLFSSL_CLIENT */
  5181. return 0;
  5182. }
  5183. void test_wolfSSL_client_server_nofail(callback_functions* client_cb,
  5184. callback_functions* server_cb)
  5185. {
  5186. func_args client_args;
  5187. func_args server_args;
  5188. tcp_ready ready;
  5189. THREAD_TYPE serverThread;
  5190. XMEMSET(&client_args, 0, sizeof(func_args));
  5191. XMEMSET(&server_args, 0, sizeof(func_args));
  5192. #ifdef WOLFSSL_TIRTOS
  5193. fdOpenSession(Task_self());
  5194. #endif
  5195. StartTCP();
  5196. InitTcpReady(&ready);
  5197. #if defined(USE_WINDOWS_API)
  5198. /* use RNG to get random port if using windows */
  5199. ready.port = GetRandomPort();
  5200. #endif
  5201. server_args.signal = &ready;
  5202. server_args.callbacks = server_cb;
  5203. client_args.signal = &ready;
  5204. client_args.callbacks = client_cb;
  5205. start_thread(test_server_nofail, &server_args, &serverThread);
  5206. wait_tcp_ready(&server_args);
  5207. test_client_nofail(&client_args, NULL);
  5208. join_thread(serverThread);
  5209. client_cb->return_code = client_args.return_code;
  5210. server_cb->return_code = server_args.return_code;
  5211. FreeTcpReady(&ready);
  5212. #ifdef WOLFSSL_TIRTOS
  5213. fdOpenSession(Task_self());
  5214. #endif
  5215. }
  5216. #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
  5217. !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT)
  5218. static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args)
  5219. {
  5220. SOCKET_T sockfd = 0;
  5221. callback_functions* cbf;
  5222. WOLFSSL_CTX* ctx = 0;
  5223. WOLFSSL* ssl = 0;
  5224. WOLFSSL_SESSION* session = NULL;
  5225. char msg[64] = "hello wolfssl!";
  5226. char reply[1024];
  5227. int input;
  5228. int msgSz = (int)XSTRLEN(msg);
  5229. int ret, err = 0;
  5230. int sharedCtx = 0;
  5231. #ifdef WOLFSSL_TIRTOS
  5232. fdOpenSession(Task_self());
  5233. #endif
  5234. ((func_args*)args)->return_code = TEST_FAIL;
  5235. cbf = ((func_args*)args)->callbacks;
  5236. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  5237. if (cbf != NULL && cbf->ctx) {
  5238. ctx = cbf->ctx;
  5239. sharedCtx = 1;
  5240. }
  5241. else
  5242. #endif
  5243. {
  5244. WOLFSSL_METHOD* method = NULL;
  5245. if (cbf != NULL && cbf->method != NULL) {
  5246. method = cbf->method();
  5247. }
  5248. else {
  5249. method = wolfSSLv23_client_method();
  5250. }
  5251. ctx = wolfSSL_CTX_new(method);
  5252. }
  5253. #ifdef WOLFSSL_ENCRYPTED_KEYS
  5254. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  5255. #endif
  5256. /* Do connect here so server detects failures */
  5257. tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
  5258. 0, 0, NULL);
  5259. if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
  5260. {
  5261. /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
  5262. goto done;
  5263. }
  5264. if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  5265. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5266. /*err_sys("can't load client cert file, "
  5267. "Please run from wolfSSL home dir");*/
  5268. goto done;
  5269. }
  5270. if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  5271. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5272. /*err_sys("can't load client key file, "
  5273. "Please run from wolfSSL home dir");*/
  5274. goto done;
  5275. }
  5276. /* call ctx setup callback */
  5277. if (cbf != NULL && cbf->ctx_ready != NULL) {
  5278. cbf->ctx_ready(ctx);
  5279. }
  5280. ssl = wolfSSL_new(ctx);
  5281. if (ssl == NULL) {
  5282. goto done;
  5283. }
  5284. /* keep handshakre resources for re-using WOLFSSL obj */
  5285. wolfSSL_KeepArrays(ssl);
  5286. if (wolfSSL_KeepHandshakeResources(ssl)) {
  5287. /* err_sys("SSL_KeepHandshakeResources failed"); */
  5288. goto done;
  5289. }
  5290. if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
  5291. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5292. /*err_sys("can't load client cert file, "
  5293. "Please run from wolfSSL home dir");*/
  5294. goto done;
  5295. }
  5296. if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
  5297. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5298. /*err_sys("can't load client key file, "
  5299. "Please run from wolfSSL home dir");*/
  5300. goto done;
  5301. }
  5302. if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
  5303. /*err_sys("SSL_set_fd failed");*/
  5304. goto done;
  5305. }
  5306. /* call ssl setup callback */
  5307. if (cbf != NULL && cbf->ssl_ready != NULL) {
  5308. cbf->ssl_ready(ssl);
  5309. }
  5310. #ifdef WOLFSSL_ASYNC_CRYPT
  5311. err = 0; /* Reset error */
  5312. #endif
  5313. do {
  5314. #ifdef WOLFSSL_ASYNC_CRYPT
  5315. if (err == WC_PENDING_E) {
  5316. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  5317. if (ret < 0) { break; } else if (ret == 0) { continue; }
  5318. }
  5319. #endif
  5320. ret = wolfSSL_connect(ssl);
  5321. err = wolfSSL_get_error(ssl, 0);
  5322. } while (err == WC_PENDING_E);
  5323. if (ret != WOLFSSL_SUCCESS) {
  5324. char buff[WOLFSSL_MAX_ERROR_SZ];
  5325. fprintf(stderr, "error = %d, %s\n", err,
  5326. wolfSSL_ERR_error_string(err, buff));
  5327. /*err_sys("SSL_connect failed");*/
  5328. goto done;
  5329. }
  5330. /* Build first session */
  5331. if (cb != NULL)
  5332. ((cbType)cb)(ctx, ssl);
  5333. if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
  5334. /*err_sys("SSL_write failed");*/
  5335. goto done;
  5336. }
  5337. input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
  5338. if (input > 0) {
  5339. reply[input] = '\0';
  5340. fprintf(stderr, "Server response: %s\n", reply);
  5341. }
  5342. /* Session Resumption by re-using WOLFSSL object */
  5343. wolfSSL_set_quiet_shutdown(ssl, 1);
  5344. if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) {
  5345. /* err_sys ("SSL shutdown failed"); */
  5346. goto done;
  5347. }
  5348. session = wolfSSL_get1_session(ssl);
  5349. if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) {
  5350. /* err_sys ("SSL_clear failed"); */
  5351. goto done;
  5352. }
  5353. wolfSSL_set_session(ssl, session);
  5354. wolfSSL_SESSION_free(session);
  5355. session = NULL;
  5356. /* close socket once */
  5357. CloseSocket(sockfd);
  5358. sockfd = 0;
  5359. /* wait until server ready */
  5360. wait_tcp_ready((func_args*)server_args);
  5361. fprintf(stderr, "session resumption\n");
  5362. /* Do re-connect */
  5363. tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
  5364. 0, 0, NULL);
  5365. if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
  5366. /*err_sys("SSL_set_fd failed");*/
  5367. goto done;
  5368. }
  5369. #ifdef WOLFSSL_ASYNC_CRYPT
  5370. err = 0; /* Reset error */
  5371. #endif
  5372. do {
  5373. #ifdef WOLFSSL_ASYNC_CRYPT
  5374. if (err == WC_PENDING_E) {
  5375. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  5376. if (ret < 0) { break; } else if (ret == 0) { continue; }
  5377. }
  5378. #endif
  5379. ret = wolfSSL_connect(ssl);
  5380. err = wolfSSL_get_error(ssl, 0);
  5381. } while (err == WC_PENDING_E);
  5382. if (ret != WOLFSSL_SUCCESS) {
  5383. char buff[WOLFSSL_MAX_ERROR_SZ];
  5384. fprintf(stderr, "error = %d, %s\n", err,
  5385. wolfSSL_ERR_error_string(err, buff));
  5386. /*err_sys("SSL_connect failed");*/
  5387. goto done;
  5388. }
  5389. /* Build first session */
  5390. if (cb != NULL)
  5391. ((cbType)cb)(ctx, ssl);
  5392. if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
  5393. /*err_sys("SSL_write failed");*/
  5394. goto done;
  5395. }
  5396. input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
  5397. if (input > 0) {
  5398. reply[input] = '\0';
  5399. fprintf(stderr, "Server response: %s\n", reply);
  5400. }
  5401. ((func_args*)args)->return_code = TEST_SUCCESS;
  5402. done:
  5403. wolfSSL_free(ssl);
  5404. if (!sharedCtx)
  5405. wolfSSL_CTX_free(ctx);
  5406. CloseSocket(sockfd);
  5407. #ifdef WOLFSSL_TIRTOS
  5408. fdCloseSession(Task_self());
  5409. #endif
  5410. return;
  5411. }
  5412. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) &&
  5413. !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) */
  5414. static int test_client_verifyDepth(void* args)
  5415. {
  5416. #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT)
  5417. SOCKET_T sockfd = 0;
  5418. callback_functions* cbf;
  5419. WOLFSSL_CTX* ctx = 0;
  5420. WOLFSSL* ssl = 0;
  5421. char msg[64] = "hello wolfssl!";
  5422. char reply[1024];
  5423. int input;
  5424. int msgSz = (int)XSTRLEN(msg);
  5425. int ret, err = 0;
  5426. int verify_depth = ((func_args*)args)->argc;
  5427. ((func_args*)args)->return_code = TEST_FAIL;
  5428. cbf = ((func_args*)args)->callbacks;
  5429. {
  5430. WOLFSSL_METHOD* method = NULL;
  5431. if (cbf != NULL && cbf->method != NULL) {
  5432. method = cbf->method();
  5433. }
  5434. else {
  5435. method = wolfSSLv23_client_method();
  5436. }
  5437. ctx = wolfSSL_CTX_new(method);
  5438. }
  5439. /* Do connect here so server detects failures */
  5440. tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
  5441. 0, 0, NULL);
  5442. if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)
  5443. != WOLFSSL_SUCCESS)
  5444. {
  5445. /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
  5446. goto done;
  5447. }
  5448. if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  5449. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5450. /*err_sys("can't load client cert file, "
  5451. "Please run from wolfSSL home dir");*/
  5452. goto done;
  5453. }
  5454. if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  5455. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  5456. /*err_sys("can't load client key file, "
  5457. "Please run from wolfSSL home dir");*/
  5458. goto done;
  5459. }
  5460. SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
  5461. /* set verify depth */
  5462. if (verify_depth == 0) {
  5463. myVerifyAction = VERIFY_OVERRIDE_ERROR;
  5464. SSL_CTX_set_verify_depth(ctx, verify_depth);
  5465. }
  5466. else if (verify_depth == -1) {
  5467. myVerifyAction = VERIFY_USE_PREVERFIY;
  5468. SSL_CTX_set_verify_depth(ctx, 0);
  5469. }
  5470. else if (verify_depth > 0) {
  5471. myVerifyAction = VERIFY_USE_PREVERFIY;
  5472. SSL_CTX_set_verify_depth(ctx, verify_depth);
  5473. }
  5474. ssl = wolfSSL_new(ctx);
  5475. if (ssl == NULL) {
  5476. goto done;
  5477. }
  5478. if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
  5479. /*err_sys("SSL_set_fd failed");*/
  5480. goto done;
  5481. }
  5482. #ifdef WOLFSSL_ASYNC_CRYPT
  5483. err = 0; /* Reset error */
  5484. #endif
  5485. do {
  5486. #ifdef WOLFSSL_ASYNC_CRYPT
  5487. if (err == WC_PENDING_E) {
  5488. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  5489. if (ret < 0) { break; } else if (ret == 0) { continue; }
  5490. }
  5491. #endif
  5492. ret = wolfSSL_connect(ssl);
  5493. err = wolfSSL_get_error(ssl, 0);
  5494. } while (err == WC_PENDING_E);
  5495. if (ret != WOLFSSL_SUCCESS) {
  5496. char buff[WOLFSSL_MAX_ERROR_SZ];
  5497. fprintf(stderr, "error = %d, %s\n", err,
  5498. wolfSSL_ERR_error_string(err, buff));
  5499. goto done;
  5500. }
  5501. if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
  5502. goto done;
  5503. }
  5504. input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
  5505. if (input > 0) {
  5506. reply[input] = '\0';
  5507. fprintf(stderr, "Server response: %s\n", reply);
  5508. }
  5509. ((func_args*)args)->return_code = TEST_SUCCESS;
  5510. done:
  5511. wolfSSL_free(ssl);
  5512. wolfSSL_CTX_free(ctx);
  5513. CloseSocket(sockfd);
  5514. #else
  5515. (void)args;
  5516. #endif /* defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) */
  5517. return 0;
  5518. }
  5519. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
  5520. defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && \
  5521. defined(HAVE_ALPN) && defined(HAVE_SNI) && \
  5522. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_BIO)
  5523. #define HAVE_ALPN_PROTOS_SUPPORT
  5524. #endif
  5525. /* Generic TLS client / server with callbacks for API unit tests
  5526. * Used by SNI / ALPN / crypto callback helper functions */
  5527. #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  5528. (defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLF_CRYPTO_CB) || \
  5529. defined(HAVE_ALPN_PROTOS_SUPPORT)) || defined(WOLFSSL_STATIC_MEMORY)
  5530. #define ENABLE_TLS_CALLBACK_TEST
  5531. #endif
  5532. #if defined(ENABLE_TLS_CALLBACK_TEST) || \
  5533. (defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT))
  5534. /* TLS server for API unit testing - generic */
  5535. static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
  5536. {
  5537. callback_functions* callbacks = ((func_args*)args)->callbacks;
  5538. WOLFSSL_CTX* ctx = NULL;
  5539. WOLFSSL* ssl = NULL;
  5540. SOCKET_T sfd = 0;
  5541. SOCKET_T cfd = 0;
  5542. word16 port;
  5543. char msg[] = "I hear you fa shizzle!";
  5544. int len = (int) XSTRLEN(msg);
  5545. char input[1024];
  5546. int idx;
  5547. int ret, err = 0;
  5548. ((func_args*)args)->return_code = TEST_FAIL;
  5549. #ifdef WOLFSSL_STATIC_MEMORY
  5550. if (callbacks->method_ex != NULL && callbacks->mem != NULL &&
  5551. callbacks->memSz > 0) {
  5552. ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex,
  5553. callbacks->mem, callbacks->memSz, 0, 1);
  5554. if (ret != WOLFSSL_SUCCESS) {
  5555. fprintf(stderr, "CTX static new failed %d\n", ret);
  5556. return 0;
  5557. }
  5558. }
  5559. #else
  5560. if (ctx == NULL) {
  5561. ctx = wolfSSL_CTX_new(callbacks->method());
  5562. }
  5563. if (ctx == NULL) {
  5564. fprintf(stderr, "CTX new failed\n");
  5565. return 0;
  5566. }
  5567. #endif
  5568. /* set defaults */
  5569. if (callbacks->caPemFile == NULL)
  5570. callbacks->caPemFile = cliCertFile;
  5571. if (callbacks->certPemFile == NULL)
  5572. callbacks->certPemFile = svrCertFile;
  5573. if (callbacks->keyPemFile == NULL)
  5574. callbacks->keyPemFile = svrKeyFile;
  5575. #ifdef WOLFSSL_TIRTOS
  5576. fdOpenSession(Task_self());
  5577. #endif
  5578. wolfSSL_CTX_SetDevId(ctx, callbacks->devId);
  5579. #if defined(USE_WINDOWS_API)
  5580. port = ((func_args*)args)->signal->port;
  5581. #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
  5582. !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
  5583. /* Let tcp_listen assign port */
  5584. port = 0;
  5585. #else
  5586. /* Use default port */
  5587. port = wolfSSLPort;
  5588. #endif
  5589. wolfSSL_CTX_set_verify(ctx,
  5590. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
  5591. #ifdef WOLFSSL_ENCRYPTED_KEYS
  5592. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  5593. #endif
  5594. #if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS)
  5595. if (callbacks->method == wolfDTLSv1_2_server_method) {
  5596. AssertIntEQ(WOLFSSL_SUCCESS,
  5597. wolfSSL_CTX_dtls_set_export(ctx, test_export));
  5598. }
  5599. #endif
  5600. AssertIntEQ(WOLFSSL_SUCCESS,
  5601. wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0));
  5602. AssertIntEQ(WOLFSSL_SUCCESS,
  5603. wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
  5604. WOLFSSL_FILETYPE_PEM));
  5605. AssertIntEQ(WOLFSSL_SUCCESS,
  5606. wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
  5607. WOLFSSL_FILETYPE_PEM));
  5608. if (callbacks->ctx_ready)
  5609. callbacks->ctx_ready(ctx);
  5610. ssl = wolfSSL_new(ctx);
  5611. if (ssl == NULL) {
  5612. fprintf(stderr, "SSL new failed\n");
  5613. wolfSSL_CTX_free(ctx);
  5614. return 0;
  5615. }
  5616. if (wolfSSL_dtls(ssl)) {
  5617. SOCKADDR_IN_T cliAddr;
  5618. socklen_t cliLen;
  5619. cliLen = sizeof(cliAddr);
  5620. tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0, 0, 0);
  5621. idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK,
  5622. (struct sockaddr*)&cliAddr, &cliLen);
  5623. AssertIntGT(idx, 0);
  5624. wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
  5625. }
  5626. else {
  5627. tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
  5628. CloseSocket(sfd);
  5629. }
  5630. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
  5631. if (callbacks->loadToSSL) {
  5632. wolfSSL_SetDevId(ssl, callbacks->devId);
  5633. AssertIntEQ(WOLFSSL_SUCCESS,
  5634. wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
  5635. WOLFSSL_FILETYPE_PEM));
  5636. AssertIntEQ(WOLFSSL_SUCCESS,
  5637. wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
  5638. WOLFSSL_FILETYPE_PEM));
  5639. }
  5640. #ifdef NO_PSK
  5641. #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
  5642. wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  5643. #elif !defined(NO_DH)
  5644. SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
  5645. #endif
  5646. #endif
  5647. if (callbacks->ssl_ready)
  5648. callbacks->ssl_ready(ssl);
  5649. #ifdef WOLFSSL_ASYNC_CRYPT
  5650. err = 0; /* Reset error */
  5651. #endif
  5652. do {
  5653. #ifdef WOLFSSL_ASYNC_CRYPT
  5654. if (err == WC_PENDING_E) {
  5655. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  5656. if (ret < 0) { break; } else if (ret == 0) { continue; }
  5657. }
  5658. #endif
  5659. ret = wolfSSL_accept(ssl);
  5660. err = wolfSSL_get_error(ssl, ret);
  5661. } while (err == WC_PENDING_E);
  5662. if (ret != WOLFSSL_SUCCESS) {
  5663. char buff[WOLFSSL_MAX_ERROR_SZ];
  5664. fprintf(stderr, "accept error = %d, %s\n", err,
  5665. wolfSSL_ERR_error_string(err, buff));
  5666. /*err_sys("SSL_accept failed");*/
  5667. }
  5668. else {
  5669. #ifdef WOLFSSL_ASYNC_CRYPT
  5670. err = 0; /* Reset error */
  5671. #endif
  5672. do {
  5673. #ifdef WOLFSSL_ASYNC_CRYPT
  5674. if (err == WC_PENDING_E) {
  5675. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  5676. if (ret < 0) { break; } else if (ret == 0) { continue; }
  5677. }
  5678. #endif
  5679. idx = wolfSSL_read(ssl, input, sizeof(input)-1);
  5680. err = wolfSSL_get_error(ssl, idx);
  5681. } while (err == WC_PENDING_E);
  5682. if (idx > 0) {
  5683. input[idx] = 0;
  5684. fprintf(stderr, "Client message: %s\n", input);
  5685. }
  5686. #ifdef WOLFSSL_ASYNC_CRYPT
  5687. err = 0; /* Reset error */
  5688. #endif
  5689. do {
  5690. #ifdef WOLFSSL_ASYNC_CRYPT
  5691. if (err == WC_PENDING_E) {
  5692. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  5693. if (ret < 0) { break; } else if (ret == 0) { continue; }
  5694. }
  5695. #endif
  5696. ret = wolfSSL_write(ssl, msg, len);
  5697. err = wolfSSL_get_error(ssl, ret);
  5698. } while (err == WC_PENDING_E);
  5699. AssertIntEQ(len, ret);
  5700. #if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL) && \
  5701. defined(WOLFSSL_DTLS)
  5702. if (wolfSSL_dtls(ssl)) {
  5703. byte* import;
  5704. word32 sz;
  5705. wolfSSL_dtls_export(ssl, NULL, &sz);
  5706. import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  5707. AssertNotNull(import);
  5708. idx = wolfSSL_dtls_export(ssl, import, &sz);
  5709. AssertIntGE(idx, 0);
  5710. AssertIntGE(wolfSSL_dtls_import(ssl, import, idx), 0);
  5711. XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  5712. }
  5713. #endif
  5714. #ifdef WOLFSSL_TIRTOS
  5715. Task_yield();
  5716. #endif
  5717. ((func_args*)args)->return_code = TEST_SUCCESS;
  5718. }
  5719. if (callbacks->on_result)
  5720. callbacks->on_result(ssl);
  5721. wolfSSL_shutdown(ssl);
  5722. wolfSSL_free(ssl);
  5723. wolfSSL_CTX_free(ctx);
  5724. CloseSocket(cfd);
  5725. #ifdef WOLFSSL_TIRTOS
  5726. fdCloseSession(Task_self());
  5727. #endif
  5728. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  5729. && defined(HAVE_THREAD_LS)
  5730. wc_ecc_fp_free(); /* free per thread cache */
  5731. #endif
  5732. #ifndef WOLFSSL_TIRTOS
  5733. return 0;
  5734. #endif
  5735. }
  5736. /* TLS Client for API unit testing - generic */
  5737. static void run_wolfssl_client(void* args)
  5738. {
  5739. callback_functions* callbacks = ((func_args*)args)->callbacks;
  5740. WOLFSSL_CTX* ctx = NULL;
  5741. WOLFSSL* ssl = NULL;
  5742. SOCKET_T sfd = 0;
  5743. char msg[] = "hello wolfssl server!";
  5744. int len = (int) XSTRLEN(msg);
  5745. char input[1024];
  5746. int ret, err = 0;
  5747. ((func_args*)args)->return_code = TEST_FAIL;
  5748. /* set defaults */
  5749. if (callbacks->caPemFile == NULL)
  5750. callbacks->caPemFile = caCertFile;
  5751. if (callbacks->certPemFile == NULL)
  5752. callbacks->certPemFile = cliCertFile;
  5753. if (callbacks->keyPemFile == NULL)
  5754. callbacks->keyPemFile = cliKeyFile;
  5755. #ifdef WOLFSSL_STATIC_MEMORY
  5756. if (callbacks->method_ex != NULL && callbacks->mem != NULL &&
  5757. callbacks->memSz > 0) {
  5758. ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex,
  5759. callbacks->mem, callbacks->memSz, 0, 1);
  5760. if (ret != WOLFSSL_SUCCESS) {
  5761. fprintf(stderr, "CTX static new failed %d\n", ret);
  5762. return;
  5763. }
  5764. }
  5765. #else
  5766. if (ctx == NULL) {
  5767. ctx = wolfSSL_CTX_new(callbacks->method());
  5768. }
  5769. if (ctx == NULL) {
  5770. fprintf(stderr, "CTX new failed\n");
  5771. return;
  5772. }
  5773. #endif
  5774. #ifdef WOLFSSL_TIRTOS
  5775. fdOpenSession(Task_self());
  5776. #endif
  5777. if (!callbacks->loadToSSL) {
  5778. wolfSSL_CTX_SetDevId(ctx, callbacks->devId);
  5779. }
  5780. #ifdef WOLFSSL_ENCRYPTED_KEYS
  5781. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  5782. #endif
  5783. AssertIntEQ(WOLFSSL_SUCCESS,
  5784. wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0));
  5785. if (!callbacks->loadToSSL) {
  5786. AssertIntEQ(WOLFSSL_SUCCESS,
  5787. wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
  5788. WOLFSSL_FILETYPE_PEM));
  5789. AssertIntEQ(WOLFSSL_SUCCESS,
  5790. wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
  5791. WOLFSSL_FILETYPE_PEM));
  5792. }
  5793. if (callbacks->ctx_ready)
  5794. callbacks->ctx_ready(ctx);
  5795. ssl = wolfSSL_new(ctx);
  5796. if (wolfSSL_dtls(ssl)) {
  5797. tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
  5798. 1, 0, ssl);
  5799. }
  5800. else {
  5801. tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
  5802. 0, 0, ssl);
  5803. }
  5804. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
  5805. if (callbacks->loadToSSL) {
  5806. wolfSSL_SetDevId(ssl, callbacks->devId);
  5807. AssertIntEQ(WOLFSSL_SUCCESS,
  5808. wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
  5809. WOLFSSL_FILETYPE_PEM));
  5810. AssertIntEQ(WOLFSSL_SUCCESS,
  5811. wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
  5812. WOLFSSL_FILETYPE_PEM));
  5813. }
  5814. if (callbacks->ssl_ready)
  5815. callbacks->ssl_ready(ssl);
  5816. #ifdef WOLFSSL_ASYNC_CRYPT
  5817. err = 0; /* Reset error */
  5818. #endif
  5819. do {
  5820. #ifdef WOLFSSL_ASYNC_CRYPT
  5821. if (err == WC_PENDING_E) {
  5822. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  5823. if (ret < 0) { break; } else if (ret == 0) { continue; }
  5824. }
  5825. #endif
  5826. ret = wolfSSL_connect(ssl);
  5827. err = wolfSSL_get_error(ssl, ret);
  5828. } while (err == WC_PENDING_E);
  5829. if (ret != WOLFSSL_SUCCESS) {
  5830. char buff[WOLFSSL_MAX_ERROR_SZ];
  5831. fprintf(stderr, "error = %d, %s\n", err,
  5832. wolfSSL_ERR_error_string(err, buff));
  5833. /*err_sys("SSL_connect failed");*/
  5834. }
  5835. else {
  5836. #ifdef WOLFSSL_ASYNC_CRYPT
  5837. err = 0; /* Reset error */
  5838. #endif
  5839. do {
  5840. #ifdef WOLFSSL_ASYNC_CRYPT
  5841. if (err == WC_PENDING_E) {
  5842. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  5843. if (ret < 0) { break; } else if (ret == 0) { continue; }
  5844. }
  5845. #endif
  5846. ret = wolfSSL_write(ssl, msg, len);
  5847. err = wolfSSL_get_error(ssl, ret);
  5848. } while (err == WC_PENDING_E);
  5849. AssertIntEQ(len, ret);
  5850. #ifdef WOLFSSL_ASYNC_CRYPT
  5851. err = 0; /* Reset error */
  5852. #endif
  5853. do {
  5854. #ifdef WOLFSSL_ASYNC_CRYPT
  5855. if (err == WC_PENDING_E) {
  5856. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  5857. if (ret < 0) { break; } else if (ret == 0) { continue; }
  5858. }
  5859. #endif
  5860. ret = wolfSSL_read(ssl, input, sizeof(input)-1);
  5861. err = wolfSSL_get_error(ssl, ret);
  5862. } while (err == WC_PENDING_E);
  5863. if (ret > 0) {
  5864. input[ret] = '\0'; /* null term */
  5865. fprintf(stderr, "Server response: %s\n", input);
  5866. }
  5867. ((func_args*)args)->return_code = TEST_SUCCESS;
  5868. }
  5869. if (callbacks->on_result)
  5870. callbacks->on_result(ssl);
  5871. wolfSSL_free(ssl);
  5872. wolfSSL_CTX_free(ctx);
  5873. CloseSocket(sfd);
  5874. #ifdef WOLFSSL_TIRTOS
  5875. fdCloseSession(Task_self());
  5876. #endif
  5877. }
  5878. #endif /* ENABLE_TLS_CALLBACK_TEST */
  5879. static int test_wolfSSL_read_write(void)
  5880. {
  5881. /* The unit testing for read and write shall happen simultaneously, since
  5882. * one can't do anything with one without the other. (Except for a failure
  5883. * test case.) This function will call all the others that will set up,
  5884. * execute, and report their test findings.
  5885. *
  5886. * Set up the success case first. This function will become the template
  5887. * for the other tests. This should eventually be renamed
  5888. *
  5889. * The success case isn't interesting, how can this fail?
  5890. * - Do not give the client context a CA certificate. The connect should
  5891. * fail. Do not need server for this?
  5892. * - Using NULL for the ssl object on server. Do not need client for this.
  5893. * - Using NULL for the ssl object on client. Do not need server for this.
  5894. * - Good ssl objects for client and server. Client write() without server
  5895. * read().
  5896. * - Good ssl objects for client and server. Server write() without client
  5897. * read().
  5898. * - Forgetting the password callback?
  5899. */
  5900. tcp_ready ready;
  5901. func_args client_args;
  5902. func_args server_args;
  5903. THREAD_TYPE serverThread;
  5904. XMEMSET(&client_args, 0, sizeof(func_args));
  5905. XMEMSET(&server_args, 0, sizeof(func_args));
  5906. #ifdef WOLFSSL_TIRTOS
  5907. fdOpenSession(Task_self());
  5908. #endif
  5909. StartTCP();
  5910. InitTcpReady(&ready);
  5911. #if defined(USE_WINDOWS_API)
  5912. /* use RNG to get random port if using windows */
  5913. ready.port = GetRandomPort();
  5914. #endif
  5915. server_args.signal = &ready;
  5916. client_args.signal = &ready;
  5917. start_thread(test_server_nofail, &server_args, &serverThread);
  5918. wait_tcp_ready(&server_args);
  5919. test_client_nofail(&client_args, NULL);
  5920. join_thread(serverThread);
  5921. AssertTrue(client_args.return_code);
  5922. AssertTrue(server_args.return_code);
  5923. FreeTcpReady(&ready);
  5924. #ifdef WOLFSSL_TIRTOS
  5925. fdOpenSession(Task_self());
  5926. #endif
  5927. return TEST_RES_CHECK(1);
  5928. }
  5929. static int test_wolfSSL_reuse_WOLFSSLobj(void)
  5930. {
  5931. int res = TEST_SKIPPED;
  5932. #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
  5933. !defined(WOLFSSL_TLS13)
  5934. /* The unit test for session resumption by re-using WOLFSSL object.
  5935. * WOLFSSL object is not cleared after first session. It re-use the obeject
  5936. * for second connection.
  5937. */
  5938. tcp_ready ready;
  5939. func_args client_args;
  5940. func_args server_args;
  5941. THREAD_TYPE serverThread;
  5942. XMEMSET(&client_args, 0, sizeof(func_args));
  5943. XMEMSET(&server_args, 0, sizeof(func_args));
  5944. #ifdef WOLFSSL_TIRTOS
  5945. fdOpenSession(Task_self());
  5946. #endif
  5947. StartTCP();
  5948. InitTcpReady(&ready);
  5949. #if defined(USE_WINDOWS_API)
  5950. /* use RNG to get random port if using windows */
  5951. ready.port = GetRandomPort();
  5952. #endif
  5953. server_args.signal = &ready;
  5954. client_args.signal = &ready;
  5955. /* the var is used for loop number */
  5956. server_args.argc = 2;
  5957. start_thread(test_server_loop, &server_args, &serverThread);
  5958. wait_tcp_ready(&server_args);
  5959. test_client_reuse_WOLFSSLobj(&client_args, NULL, &server_args);
  5960. join_thread(serverThread);
  5961. AssertTrue(client_args.return_code);
  5962. AssertTrue(server_args.return_code);
  5963. FreeTcpReady(&ready);
  5964. #ifdef WOLFSSL_TIRTOS
  5965. fdOpenSession(Task_self());
  5966. #endif
  5967. res = TEST_RES_CHECK(1);
  5968. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
  5969. return res;
  5970. }
  5971. static int test_wolfSSL_CTX_verifyDepth_ServerClient(void)
  5972. {
  5973. int res = TEST_SKIPPED;
  5974. #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT)
  5975. /* This unit test is to check set verify Depth */
  5976. tcp_ready ready;
  5977. func_args client_args;
  5978. func_args server_args;
  5979. THREAD_TYPE serverThread;
  5980. callback_functions client_cbf;
  5981. XMEMSET(&client_args, 0, sizeof(func_args));
  5982. XMEMSET(&server_args, 0, sizeof(func_args));
  5983. XMEMSET(&client_cbf, 0, sizeof(callback_functions));
  5984. #ifdef WOLFSSL_TLS13
  5985. client_cbf.method = wolfTLSv1_3_client_method;
  5986. #endif /* WOLFSSL_TLS13 */
  5987. client_args.callbacks = &client_cbf;
  5988. StartTCP();
  5989. InitTcpReady(&ready);
  5990. #if defined(USE_WINDOWS_API)
  5991. /* use RNG to get random port if using windows */
  5992. ready.port = GetRandomPort();
  5993. #endif
  5994. server_args.signal = &ready;
  5995. client_args.signal = &ready;
  5996. /* the var is used for loop number */
  5997. server_args.argc = 1;
  5998. /* test case 1 verify depth is equal to peer chain */
  5999. {
  6000. start_thread(test_server_nofail, &server_args, &serverThread);
  6001. wait_tcp_ready(&server_args);
  6002. /* the var is used for verify depth */
  6003. client_args.argc = 2;
  6004. test_client_verifyDepth(&client_args);
  6005. join_thread(serverThread);
  6006. AssertIntEQ(client_args.return_code, TEST_SUCCESS);
  6007. AssertIntEQ(server_args.return_code, TEST_SUCCESS);
  6008. }
  6009. /* test case 2
  6010. * verify depth is zero, number of peer's chain is 2.
  6011. * verify result becomes MAX_CHAIN_ERROR, but it is overridden in
  6012. * callback.
  6013. */
  6014. /* the var is used for verify depth 0 and VERIFY_OVERRIDE_ERROR */
  6015. {
  6016. start_thread(test_server_nofail, &server_args, &serverThread);
  6017. wait_tcp_ready(&server_args);
  6018. client_args.argc = 0;
  6019. test_client_verifyDepth(&client_args);
  6020. join_thread(serverThread);
  6021. AssertIntEQ(client_args.return_code, TEST_SUCCESS);
  6022. AssertIntEQ(server_args.return_code, TEST_SUCCESS);
  6023. }
  6024. /* test case 3
  6025. * verify depth is zero, number of peer's chain is 2
  6026. * verify result becomes MAX_CHAIN_ERRO. call-back returns failure.
  6027. * therefore, handshake becomes failure.
  6028. */
  6029. /* the var is used for verify depth 0 and VERIFY_USE_PREVERFIY */
  6030. {
  6031. start_thread(test_server_nofail, &server_args, &serverThread);
  6032. wait_tcp_ready(&server_args);
  6033. client_args.argc = -1;
  6034. test_client_verifyDepth(&client_args);
  6035. join_thread(serverThread);
  6036. AssertIntEQ(client_args.return_code, TEST_SUCCESS);
  6037. AssertIntEQ(server_args.return_code, TEST_SUCCESS);
  6038. }
  6039. FreeTcpReady(&ready);
  6040. res = TEST_RES_CHECK(1);
  6041. #else
  6042. (void)test_client_verifyDepth;
  6043. #endif /* (OPENSSL_EXTRA) && !(WOLFSSL_TIRTOS) && (NO_WOLFSSL_CLIENT) */
  6044. return res;
  6045. }
  6046. static int test_wolfSSL_CTX_set_cipher_list(void)
  6047. {
  6048. int res = TEST_SKIPPED;
  6049. #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  6050. !defined(WOLFSSL_TIRTOS) && !defined(NO_AES) && !defined(WOLFSSL_NO_TLS12) \
  6051. && !defined(NO_SHA256)
  6052. WOLFSSL_CTX* ctx;
  6053. WOLFSSL_CTX* ctxClient;
  6054. WOLFSSL* sslClient;
  6055. tcp_ready ready;
  6056. func_args client_args;
  6057. func_args server_args;
  6058. callback_functions client_cb;
  6059. callback_functions server_cb;
  6060. THREAD_TYPE serverThread;
  6061. XMEMSET(&client_args, 0, sizeof(func_args));
  6062. XMEMSET(&server_args, 0, sizeof(func_args));
  6063. StartTCP();
  6064. InitTcpReady(&ready);
  6065. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  6066. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  6067. AssertNotNull((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())));
  6068. AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "DEFAULT:!NULL"));
  6069. AssertIntEQ(WOLFSSL_SUCCESS,
  6070. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  6071. AssertIntEQ(WOLFSSL_SUCCESS,
  6072. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  6073. AssertIntEQ(WOLFSSL_SUCCESS,
  6074. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  6075. AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method())));
  6076. AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE-RSA-AES128-SHA256"));
  6077. client_cb.ctx = ctxClient;
  6078. server_cb.ctx = ctx;
  6079. /* we are responsible for free'ing WOLFSSL_CTX */
  6080. server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
  6081. server_args.signal = &ready;
  6082. server_args.callbacks = &server_cb;
  6083. client_args.signal = &ready;
  6084. client_args.callbacks = &client_cb;
  6085. client_args.return_code = TEST_FAIL;
  6086. start_thread(test_server_nofail, &server_args, &serverThread);
  6087. wait_tcp_ready(&server_args);
  6088. test_client_nofail(&client_args, NULL);
  6089. join_thread(serverThread);
  6090. wolfSSL_CTX_free(client_cb.ctx);
  6091. wolfSSL_CTX_free(server_cb.ctx);
  6092. AssertIntEQ(server_args.return_code, TEST_SUCCESS);
  6093. FreeTcpReady(&ready);
  6094. /* check with cipher string that has '+' */
  6095. AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method())));
  6096. AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM"));
  6097. AssertNotNull((sslClient = wolfSSL_new(ctxClient)));
  6098. /* check for the existance of an ECDHE ECDSA cipher suite */
  6099. {
  6100. int i = 0;
  6101. int found = 0;
  6102. const char* suite;
  6103. WOLF_STACK_OF(WOLFSSL_CIPHER)* sk;
  6104. WOLFSSL_CIPHER* current;
  6105. AssertNotNull((sk = wolfSSL_get_ciphers_compat(sslClient)));
  6106. do {
  6107. current = wolfSSL_sk_SSL_CIPHER_value(sk, i++);
  6108. if (current) {
  6109. suite = wolfSSL_CIPHER_get_name(current);
  6110. if (suite && XSTRSTR(suite, "ECDSA")) {
  6111. found = 1;
  6112. break;
  6113. }
  6114. }
  6115. } while (current);
  6116. AssertIntEQ(found, 1);
  6117. }
  6118. wolfSSL_free(sslClient);
  6119. wolfSSL_CTX_free(ctxClient);
  6120. res = TEST_RES_CHECK(1);
  6121. #endif
  6122. return res;
  6123. }
  6124. static int test_client_get_finished(void* args, cbType cb)
  6125. {
  6126. #if defined(WOLFSSL_HAVE_TLS_UNIQUE) && !defined(NO_WOLFSSL_CLIENT)
  6127. SOCKET_T sockfd = 0;
  6128. callback_functions* cbf;
  6129. WOLFSSL_CTX* ctx = 0;
  6130. WOLFSSL* ssl = 0;
  6131. char msg[64] = "hello wolfssl!";
  6132. char reply[1024];
  6133. int msgSz = (int)XSTRLEN(msg);
  6134. int ret, err = 0;
  6135. WOLFSSL_METHOD* method = NULL;
  6136. size_t msg_len = 0;
  6137. (void) args;
  6138. (void) cb;
  6139. ((func_args*)args)->return_code = TEST_FAIL;
  6140. cbf = ((func_args*)args)->callbacks;
  6141. if (cbf != NULL && cbf->method != NULL) {
  6142. method = cbf->method();
  6143. }
  6144. else {
  6145. method = wolfSSLv23_client_method();
  6146. }
  6147. ctx = wolfSSL_CTX_new(method);
  6148. /* Do connect here so server detects failures */
  6149. tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
  6150. 0, 0, NULL);
  6151. if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
  6152. {
  6153. /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
  6154. goto done;
  6155. }
  6156. if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  6157. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  6158. goto done;
  6159. }
  6160. if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  6161. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  6162. goto done;
  6163. }
  6164. /* call ctx setup callback */
  6165. if (cbf != NULL && cbf->ctx_ready != NULL) {
  6166. cbf->ctx_ready(ctx);
  6167. }
  6168. ssl = wolfSSL_new(ctx);
  6169. if (ssl == NULL) {
  6170. goto done;
  6171. }
  6172. if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
  6173. goto done;
  6174. }
  6175. /* call ssl setup callback */
  6176. if (cbf != NULL && cbf->ssl_ready != NULL) {
  6177. cbf->ssl_ready(ssl);
  6178. }
  6179. #ifdef WOLFSSL_ASYNC_CRYPT
  6180. err = 0; /* Reset error */
  6181. #endif
  6182. do {
  6183. #ifdef WOLFSSL_ASYNC_CRYPT
  6184. if (err == WC_PENDING_E) {
  6185. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  6186. if (ret < 0) { break; } else if (ret == 0) { continue; }
  6187. }
  6188. #endif
  6189. ret = wolfSSL_connect(ssl);
  6190. err = wolfSSL_get_error(ssl, 0);
  6191. } while (err == WC_PENDING_E);
  6192. if (ret != WOLFSSL_SUCCESS) {
  6193. char buff[WOLFSSL_MAX_ERROR_SZ];
  6194. fprintf(stderr, "error = %d, %s\n", err,
  6195. wolfSSL_ERR_error_string(err, buff));
  6196. goto done;
  6197. }
  6198. /* get_finished test */
  6199. /* 1. get own sent message */
  6200. XMEMSET(client_side_msg1, 0, MD_MAX_SIZE);
  6201. msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE);
  6202. AssertIntGE(msg_len, 0);
  6203. /* 2. get peer message */
  6204. XMEMSET(client_side_msg2, 0, MD_MAX_SIZE);
  6205. msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE);
  6206. AssertIntGE(msg_len, 0);
  6207. if (cb != NULL)
  6208. (cb)(ctx, ssl);
  6209. #ifdef WOLFSSL_ASYNC_CRYPT
  6210. err = 0; /* Reset error */
  6211. #endif
  6212. do {
  6213. #ifdef WOLFSSL_ASYNC_CRYPT
  6214. if (err == WC_PENDING_E) {
  6215. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  6216. if (ret < 0) { break; } else if (ret == 0) { continue; }
  6217. }
  6218. #endif
  6219. ret = wolfSSL_write(ssl, msg, msgSz);
  6220. err = wolfSSL_get_error(ssl, 0);
  6221. } while (err == WC_PENDING_E);
  6222. if (ret != msgSz) {
  6223. /*err_sys("SSL_write failed");*/
  6224. goto done;
  6225. }
  6226. #ifdef WOLFSSL_ASYNC_CRYPT
  6227. err = 0; /* Reset error */
  6228. #endif
  6229. do {
  6230. #ifdef WOLFSSL_ASYNC_CRYPT
  6231. if (err == WC_PENDING_E) {
  6232. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  6233. if (ret < 0) { break; } else if (ret == 0) { continue; }
  6234. }
  6235. #endif
  6236. ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
  6237. err = wolfSSL_get_error(ssl, 0);
  6238. } while (err == WC_PENDING_E);
  6239. if (ret > 0) {
  6240. reply[ret] = '\0';
  6241. fprintf(stderr, "Server response: %s\n", reply);
  6242. }
  6243. ((func_args*)args)->return_code = TEST_SUCCESS;
  6244. done:
  6245. wolfSSL_free(ssl);
  6246. wolfSSL_CTX_free(ctx);
  6247. CloseSocket(sockfd);
  6248. #else
  6249. (void)args;
  6250. (void)cb;
  6251. #endif /* WOLFSSL_HAVE_TLS_UNIQUE && !NO_WOLFSSL_CLIENT */
  6252. return 0;
  6253. }
  6254. static int test_wolfSSL_get_finished(void)
  6255. {
  6256. int res = TEST_SKIPPED;
  6257. #if !defined(NO_RSA) && defined(WOLFSSL_HAVE_TLS_UNIQUE)
  6258. tcp_ready ready;
  6259. func_args client_args;
  6260. func_args server_args;
  6261. THREAD_TYPE serverThread;
  6262. XMEMSET(&client_args, 0, sizeof(func_args));
  6263. XMEMSET(&server_args, 0, sizeof(func_args));
  6264. StartTCP();
  6265. InitTcpReady(&ready);
  6266. #if defined(USE_WINDOWS_API)
  6267. /* use RNG to get random port if using windows */
  6268. ready.port = GetRandomPort();
  6269. #endif
  6270. server_args.signal = &ready;
  6271. client_args.signal = &ready;
  6272. start_thread(test_server_nofail, &server_args, &serverThread);
  6273. wait_tcp_ready(&server_args);
  6274. test_client_get_finished(&client_args, NULL);
  6275. join_thread(serverThread);
  6276. AssertTrue(client_args.return_code);
  6277. AssertTrue(server_args.return_code);
  6278. /* test received msg vs sent msg */
  6279. AssertIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE));
  6280. AssertIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE));
  6281. FreeTcpReady(&ready);
  6282. res = TEST_RES_CHECK(1);
  6283. #else
  6284. (void)test_client_get_finished;
  6285. #endif /* !NO_RSA && WOLFSSL_HAVE_TLS_UNIQUE */
  6286. return res;
  6287. }
  6288. #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
  6289. !defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \
  6290. !defined(NO_SESSION_CACHE)
  6291. /* Sessions to restore/store */
  6292. static WOLFSSL_SESSION* test_wolfSSL_CTX_add_session_client_sess;
  6293. static WOLFSSL_SESSION* test_wolfSSL_CTX_add_session_server_sess;
  6294. static WOLFSSL_CTX* test_wolfSSL_CTX_add_session_server_ctx;
  6295. static void test_wolfSSL_CTX_add_session_ctx_ready(WOLFSSL_CTX* ctx)
  6296. {
  6297. /* Don't store sessions. Lookup is still enabled. */
  6298. AssertIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx,
  6299. WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS);
  6300. #ifdef OPENSSL_EXTRA
  6301. AssertIntEQ(wolfSSL_CTX_get_session_cache_mode(ctx) &
  6302. WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE,
  6303. WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE);
  6304. #endif
  6305. /* Require both peers to provide certs */
  6306. wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
  6307. }
  6308. static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl)
  6309. {
  6310. WOLFSSL_SESSION** sess;
  6311. if (wolfSSL_is_server(ssl))
  6312. sess = &test_wolfSSL_CTX_add_session_server_sess;
  6313. else
  6314. sess = &test_wolfSSL_CTX_add_session_client_sess;
  6315. if (*sess == NULL) {
  6316. #ifdef NO_SESSION_CACHE_REF
  6317. AssertNotNull(*sess = wolfSSL_get1_session(ssl));
  6318. #else
  6319. /* Test for backwards compatibility */
  6320. if (wolfSSL_is_server(ssl)) {
  6321. AssertNotNull(*sess = wolfSSL_get1_session(ssl));
  6322. }
  6323. else {
  6324. AssertNotNull(*sess = wolfSSL_get_session(ssl));
  6325. }
  6326. #endif
  6327. /* Now save the session in the internal store to make it available
  6328. * for lookup. For TLS 1.3, we can't save the session without
  6329. * WOLFSSL_TICKET_HAVE_ID because there is no way to retrieve the
  6330. * session from cache. */
  6331. if (wolfSSL_is_server(ssl)
  6332. #ifndef WOLFSSL_TICKET_HAVE_ID
  6333. && wolfSSL_version(ssl) != TLS1_3_VERSION
  6334. #endif
  6335. )
  6336. AssertIntEQ(wolfSSL_CTX_add_session(wolfSSL_get_SSL_CTX(ssl),
  6337. *sess), WOLFSSL_SUCCESS);
  6338. }
  6339. else {
  6340. /* If we have a session retrieved then remaining connections should be
  6341. * resuming on that session */
  6342. AssertIntEQ(wolfSSL_session_reused(ssl), 1);
  6343. }
  6344. /* Save CTX to be able to decrypt tickets */
  6345. if (wolfSSL_is_server(ssl) &&
  6346. test_wolfSSL_CTX_add_session_server_ctx == NULL) {
  6347. AssertNotNull(test_wolfSSL_CTX_add_session_server_ctx
  6348. = wolfSSL_get_SSL_CTX(ssl));
  6349. AssertIntEQ(wolfSSL_CTX_up_ref(wolfSSL_get_SSL_CTX(ssl)),
  6350. WOLFSSL_SUCCESS);
  6351. }
  6352. #ifdef SESSION_CERTS
  6353. #ifndef WOLFSSL_TICKET_HAVE_ID
  6354. if (wolfSSL_version(ssl) != TLS1_3_VERSION &&
  6355. wolfSSL_session_reused(ssl))
  6356. #endif
  6357. {
  6358. /* With WOLFSSL_TICKET_HAVE_ID the peer certs should be available
  6359. * for all connections. TLS 1.3 only has tickets so if we don't
  6360. * include the session id in the ticket then the certificates
  6361. * will not be available on resumption. */
  6362. WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
  6363. AssertNotNull(peer);
  6364. wolfSSL_X509_free(peer);
  6365. AssertNotNull(wolfSSL_SESSION_get_peer_chain(*sess));
  6366. #ifdef OPENSSL_EXTRA
  6367. AssertNotNull(SSL_SESSION_get0_peer(*sess));
  6368. #endif
  6369. }
  6370. #endif /* SESSION_CERTS */
  6371. }
  6372. static void test_wolfSSL_CTX_add_session_ssl_ready(WOLFSSL* ssl)
  6373. {
  6374. /* Set the session to reuse for the client */
  6375. AssertIntEQ(wolfSSL_set_session(ssl,
  6376. test_wolfSSL_CTX_add_session_client_sess), WOLFSSL_SUCCESS);
  6377. }
  6378. #endif
  6379. static int test_wolfSSL_CTX_add_session(void)
  6380. {
  6381. int res = TEST_SKIPPED;
  6382. #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
  6383. !defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \
  6384. !defined(NO_SESSION_CACHE)
  6385. tcp_ready ready;
  6386. func_args client_args;
  6387. func_args server_args;
  6388. THREAD_TYPE serverThread;
  6389. callback_functions client_cb;
  6390. callback_functions server_cb;
  6391. method_provider methods[][2] = {
  6392. #if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
  6393. !defined(NO_DES3))
  6394. /* Without AES there are almost no ciphersuites available. This leads
  6395. * to no ciphersuites being available and an error. */
  6396. { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method },
  6397. #endif
  6398. #ifndef WOLFSSL_NO_TLS12
  6399. { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method },
  6400. #endif
  6401. /* Needs the default ticket callback since it is tied to the
  6402. * connection context and this makes it easy to carry over the ticket
  6403. * crypto context between connections */
  6404. #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
  6405. defined(HAVE_SESSION_TICKET)
  6406. { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method },
  6407. #endif
  6408. };
  6409. const size_t methodsLen = sizeof(methods)/sizeof(*methods);
  6410. size_t i, j;
  6411. for (i = 0; i < methodsLen; i++) {
  6412. /* First run creates a connection while the second+ run will attempt
  6413. * to resume the connection. The trick is that the internal cache
  6414. * is turned off. wolfSSL_CTX_add_session should put the session in
  6415. * the cache anyway. */
  6416. test_wolfSSL_CTX_add_session_client_sess = NULL;
  6417. test_wolfSSL_CTX_add_session_server_sess = NULL;
  6418. test_wolfSSL_CTX_add_session_server_ctx = NULL;
  6419. for (j = 0; j < 5; j++) {
  6420. #ifdef WOLFSSL_TIRTOS
  6421. fdOpenSession(Task_self());
  6422. #endif
  6423. StartTCP();
  6424. InitTcpReady(&ready);
  6425. XMEMSET(&client_args, 0, sizeof(func_args));
  6426. XMEMSET(&server_args, 0, sizeof(func_args));
  6427. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  6428. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  6429. client_cb.method = methods[i][0];
  6430. server_cb.method = methods[i][1];
  6431. server_args.signal = &ready;
  6432. server_args.callbacks = &server_cb;
  6433. client_args.signal = &ready;
  6434. client_args.callbacks = &client_cb;
  6435. if (test_wolfSSL_CTX_add_session_server_ctx != NULL) {
  6436. server_cb.ctx = test_wolfSSL_CTX_add_session_server_ctx;
  6437. server_cb.isSharedCtx = 1;
  6438. }
  6439. server_cb.ctx_ready = test_wolfSSL_CTX_add_session_ctx_ready;
  6440. client_cb.ctx_ready = test_wolfSSL_CTX_add_session_ctx_ready;
  6441. if (j != 0)
  6442. client_cb.ssl_ready = test_wolfSSL_CTX_add_session_ssl_ready;
  6443. server_cb.on_result = test_wolfSSL_CTX_add_session_on_result;
  6444. client_cb.on_result = test_wolfSSL_CTX_add_session_on_result;
  6445. server_cb.ticNoInit = 1; /* Use default builtin */
  6446. start_thread(test_server_nofail, &server_args, &serverThread);
  6447. wait_tcp_ready(&server_args);
  6448. test_client_nofail(&client_args, NULL);
  6449. join_thread(serverThread);
  6450. AssertTrue(client_args.return_code);
  6451. AssertTrue(server_args.return_code);
  6452. FreeTcpReady(&ready);
  6453. }
  6454. wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_client_sess);
  6455. wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_server_sess);
  6456. wolfSSL_CTX_free(test_wolfSSL_CTX_add_session_server_ctx);
  6457. }
  6458. res = TEST_RES_CHECK(1);
  6459. #endif
  6460. return res;
  6461. }
  6462. #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
  6463. /* canned export of a session using older version 3 */
  6464. static unsigned char version_3[] = {
  6465. 0xA5, 0xA3, 0x01, 0x88, 0x00, 0x3c, 0x00, 0x01,
  6466. 0x00, 0x00, 0x00, 0x80, 0x0C, 0x00, 0x00, 0x00,
  6467. 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
  6468. 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00,
  6469. 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  6470. 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6471. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x30,
  6472. 0x05, 0x09, 0x0A, 0x01, 0x01, 0x00, 0x0D, 0x05,
  6473. 0xFE, 0xFD, 0x01, 0x25, 0x00, 0x00, 0x00, 0x00,
  6474. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6475. 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
  6476. 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00,
  6477. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6478. 0x00, 0x06, 0x00, 0x05, 0x00, 0x06, 0x00, 0x00,
  6479. 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
  6480. 0x00, 0x06, 0x00, 0x01, 0x00, 0x07, 0x00, 0x00,
  6481. 0x00, 0x30, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01,
  6482. 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
  6483. 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3F,
  6484. 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
  6485. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6486. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6487. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6488. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6489. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6490. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6491. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6492. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6493. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6494. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6495. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6496. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x05,
  6497. 0x12, 0xCF, 0x22, 0xA1, 0x9F, 0x1C, 0x39, 0x1D,
  6498. 0x31, 0x11, 0x12, 0x1D, 0x11, 0x18, 0x0D, 0x0B,
  6499. 0xF3, 0xE1, 0x4D, 0xDC, 0xB1, 0xF1, 0x39, 0x98,
  6500. 0x91, 0x6C, 0x48, 0xE5, 0xED, 0x11, 0x12, 0xA0,
  6501. 0x00, 0xF2, 0x25, 0x4C, 0x09, 0x26, 0xD1, 0x74,
  6502. 0xDF, 0x23, 0x40, 0x15, 0x6A, 0x42, 0x2A, 0x26,
  6503. 0xA5, 0xAC, 0x56, 0xD5, 0x4A, 0x20, 0xB7, 0xE9,
  6504. 0xEF, 0xEB, 0xAF, 0xA8, 0x1E, 0x23, 0x7C, 0x04,
  6505. 0xAA, 0xA1, 0x6D, 0x92, 0x79, 0x7B, 0xFA, 0x80,
  6506. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
  6507. 0x0C, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00,
  6508. 0x00, 0x00, 0x00, 0x00, 0x00, 0xAA, 0xA1, 0x6D,
  6509. 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6510. 0x00, 0x00, 0x10, 0x00, 0x20, 0x00, 0x04, 0x00,
  6511. 0x10, 0x00, 0x10, 0x08, 0x02, 0x05, 0x08, 0x01,
  6512. 0x30, 0x28, 0x00, 0x00, 0x0F, 0x00, 0x02, 0x00,
  6513. 0x09, 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30,
  6514. 0x2E, 0x31, 0xED, 0x4F
  6515. };
  6516. #endif /* defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) */
  6517. static int test_wolfSSL_dtls_export(void)
  6518. {
  6519. int res = TEST_SKIPPED;
  6520. #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
  6521. tcp_ready ready;
  6522. func_args client_args;
  6523. func_args server_args;
  6524. THREAD_TYPE serverThread;
  6525. callback_functions server_cbf;
  6526. callback_functions client_cbf;
  6527. #ifdef WOLFSSL_TIRTOS
  6528. fdOpenSession(Task_self());
  6529. #endif
  6530. InitTcpReady(&ready);
  6531. #if defined(USE_WINDOWS_API)
  6532. /* use RNG to get random port if using windows */
  6533. ready.port = GetRandomPort();
  6534. #endif
  6535. /* set using dtls */
  6536. XMEMSET(&client_args, 0, sizeof(func_args));
  6537. XMEMSET(&server_args, 0, sizeof(func_args));
  6538. XMEMSET(&server_cbf, 0, sizeof(callback_functions));
  6539. XMEMSET(&client_cbf, 0, sizeof(callback_functions));
  6540. server_cbf.method = wolfDTLSv1_2_server_method;
  6541. client_cbf.method = wolfDTLSv1_2_client_method;
  6542. server_args.callbacks = &server_cbf;
  6543. client_args.callbacks = &client_cbf;
  6544. server_args.signal = &ready;
  6545. client_args.signal = &ready;
  6546. start_thread(run_wolfssl_server, &server_args, &serverThread);
  6547. wait_tcp_ready(&server_args);
  6548. run_wolfssl_client(&client_args);
  6549. join_thread(serverThread);
  6550. AssertTrue(client_args.return_code);
  6551. AssertTrue(server_args.return_code);
  6552. FreeTcpReady(&ready);
  6553. #ifdef WOLFSSL_TIRTOS
  6554. fdOpenSession(Task_self());
  6555. #endif
  6556. {
  6557. SOCKET_T sockfd = 0;
  6558. WOLFSSL_CTX* ctx;
  6559. WOLFSSL* ssl;
  6560. char msg[64] = "hello wolfssl!";
  6561. char reply[1024];
  6562. int msgSz = (int)XSTRLEN(msg);
  6563. byte *session, *window;
  6564. unsigned int sessionSz, windowSz;
  6565. #ifndef TEST_IPV6
  6566. struct sockaddr_in peerAddr;
  6567. #else
  6568. struct sockaddr_in6 peerAddr;
  6569. #endif /* TEST_IPV6 */
  6570. int i;
  6571. /* Set ctx to DTLS 1.2 */
  6572. AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
  6573. AssertNotNull(ssl = wolfSSL_new(ctx));
  6574. /* test importing version 3 */
  6575. AssertIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
  6576. /* test importing bad length and bad version */
  6577. version_3[2] += 1;
  6578. AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
  6579. version_3[2] -= 1; version_3[1] = 0XA0;
  6580. AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
  6581. wolfSSL_free(ssl);
  6582. wolfSSL_CTX_free(ctx);
  6583. /* check storing client state after connection and storing window only */
  6584. #ifdef WOLFSSL_TIRTOS
  6585. fdOpenSession(Task_self());
  6586. #endif
  6587. InitTcpReady(&ready);
  6588. #if defined(USE_WINDOWS_API)
  6589. /* use RNG to get random port if using windows */
  6590. ready.port = GetRandomPort();
  6591. #endif
  6592. /* set using dtls */
  6593. XMEMSET(&server_args, 0, sizeof(func_args));
  6594. XMEMSET(&server_cbf, 0, sizeof(callback_functions));
  6595. server_cbf.method = wolfDTLSv1_2_server_method;
  6596. server_cbf.doUdp = 1;
  6597. server_args.callbacks = &server_cbf;
  6598. server_args.argc = 3; /* set loop_count to 3 */
  6599. server_args.signal = &ready;
  6600. start_thread(test_server_nofail, &server_args, &serverThread);
  6601. wait_tcp_ready(&server_args);
  6602. /* create and connect with client */
  6603. AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()));
  6604. AssertIntEQ(WOLFSSL_SUCCESS,
  6605. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  6606. AssertIntEQ(WOLFSSL_SUCCESS,
  6607. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  6608. AssertIntEQ(WOLFSSL_SUCCESS,
  6609. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  6610. tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 1, 0, NULL);
  6611. AssertNotNull(ssl = wolfSSL_new(ctx));
  6612. AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
  6613. /* store server information connected too */
  6614. XMEMSET(&peerAddr, 0, sizeof(peerAddr));
  6615. #ifndef TEST_IPV6
  6616. peerAddr.sin_family = AF_INET;
  6617. AssertIntEQ(XINET_PTON(AF_INET, wolfSSLIP, &peerAddr.sin_addr),1);
  6618. peerAddr.sin_port = XHTONS(server_args.signal->port);
  6619. #else
  6620. peerAddr.sin6_family = AF_INET6;
  6621. AssertIntEQ(
  6622. XINET_PTON(AF_INET6, wolfSSLIP, &peerAddr.sin6_addr),1);
  6623. peerAddr.sin6_port = XHTONS(server_args.signal->port);
  6624. #endif
  6625. AssertIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)),
  6626. WOLFSSL_SUCCESS);
  6627. AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
  6628. AssertIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0);
  6629. session = (byte*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  6630. AssertIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0);
  6631. AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
  6632. AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
  6633. AssertIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0);
  6634. window = (byte*)XMALLOC(windowSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  6635. AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
  6636. wolfSSL_free(ssl);
  6637. for (i = 1; i < server_args.argc; i++) {
  6638. /* restore state */
  6639. AssertNotNull(ssl = wolfSSL_new(ctx));
  6640. AssertIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0);
  6641. AssertIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0);
  6642. AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
  6643. AssertIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)),
  6644. WOLFSSL_SUCCESS);
  6645. AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
  6646. AssertIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
  6647. AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
  6648. wolfSSL_free(ssl);
  6649. }
  6650. XFREE(session, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  6651. XFREE(window, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  6652. wolfSSL_CTX_free(ctx);
  6653. fprintf(stderr, "done and waiting for server\n");
  6654. join_thread(serverThread);
  6655. AssertIntEQ(server_args.return_code, TEST_SUCCESS);
  6656. FreeTcpReady(&ready);
  6657. #ifdef WOLFSSL_TIRTOS
  6658. fdOpenSession(Task_self());
  6659. #endif
  6660. }
  6661. res = TEST_RES_CHECK(1);
  6662. #endif
  6663. return res;
  6664. }
  6665. #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
  6666. #ifdef WOLFSSL_TLS13
  6667. static const byte canned_client_tls13_session[] = {
  6668. 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00,
  6669. 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
  6670. 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01,
  6671. 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
  6672. 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
  6673. 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
  6674. 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
  6675. 0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x09, 0x00,
  6676. 0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
  6677. 0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6678. 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6679. 0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, 0x00,
  6680. 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
  6681. 0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
  6682. 0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
  6683. 0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
  6684. 0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
  6685. 0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
  6686. 0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
  6687. 0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
  6688. 0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
  6689. 0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
  6690. 0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
  6691. 0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
  6692. 0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
  6693. 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
  6694. 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
  6695. 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
  6696. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
  6697. 0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0,
  6698. 0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A,
  6699. 0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06,
  6700. 0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
  6701. 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
  6702. 0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
  6703. 0x00, 0x03
  6704. };
  6705. static const byte canned_server_tls13_session[] = {
  6706. 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00,
  6707. 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
  6708. 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x00,
  6709. 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
  6710. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6711. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
  6712. 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
  6713. 0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x00, 0x0F,
  6714. 0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
  6715. 0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6716. 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6717. 0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
  6718. 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
  6719. 0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
  6720. 0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
  6721. 0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
  6722. 0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
  6723. 0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
  6724. 0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
  6725. 0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
  6726. 0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
  6727. 0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
  6728. 0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
  6729. 0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
  6730. 0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
  6731. 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
  6732. 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
  6733. 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
  6734. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
  6735. 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D,
  6736. 0xC3, 0x2E, 0x5E, 0x06, 0x35, 0x41, 0xCD, 0xF3,
  6737. 0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1,
  6738. 0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
  6739. 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
  6740. 0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
  6741. 0x00, 0x04
  6742. };
  6743. #endif /* WOLFSSL_TLS13 */
  6744. static const byte canned_client_session[] = {
  6745. 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
  6746. 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
  6747. 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01,
  6748. 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
  6749. 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
  6750. 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6751. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0,
  6752. 0x27, 0x0A, 0x0D, 0x10, 0x01, 0x01, 0x0A, 0x00,
  6753. 0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00,
  6754. 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6755. 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6756. 0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00,
  6757. 0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D,
  6758. 0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D,
  6759. 0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E,
  6760. 0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1,
  6761. 0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE,
  6762. 0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C,
  6763. 0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91,
  6764. 0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E,
  6765. 0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02,
  6766. 0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90,
  6767. 0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B,
  6768. 0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17,
  6769. 0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D,
  6770. 0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7,
  6771. 0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A,
  6772. 0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71,
  6773. 0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00,
  6774. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
  6775. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6776. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6777. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6778. 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10,
  6779. 0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20,
  6780. 0x28, 0x00, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F,
  6781. 0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE,
  6782. 0x43, 0xF3, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF,
  6783. 0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54,
  6784. 0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
  6785. 0x00, 0x03
  6786. };
  6787. static const byte canned_server_session[] = {
  6788. 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
  6789. 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
  6790. 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
  6791. 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
  6792. 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  6793. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6794. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0,
  6795. 0x27, 0x08, 0x0F, 0x10, 0x01, 0x01, 0x00, 0x11,
  6796. 0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00,
  6797. 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6798. 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6799. 0x02, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
  6800. 0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D,
  6801. 0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D,
  6802. 0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E,
  6803. 0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1,
  6804. 0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE,
  6805. 0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C,
  6806. 0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91,
  6807. 0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E,
  6808. 0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02,
  6809. 0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90,
  6810. 0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B,
  6811. 0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17,
  6812. 0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D,
  6813. 0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7,
  6814. 0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A,
  6815. 0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71,
  6816. 0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00,
  6817. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
  6818. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6819. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6820. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  6821. 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10,
  6822. 0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20,
  6823. 0x28, 0x00, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF,
  6824. 0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54,
  6825. 0x14, 0x63, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F,
  6826. 0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE,
  6827. 0x43, 0xF3, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
  6828. 0x00, 0x04
  6829. };
  6830. static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args)
  6831. {
  6832. SOCKET_T sockfd = 0;
  6833. SOCKET_T clientfd = 0;
  6834. word16 port;
  6835. callback_functions* cbf;
  6836. WOLFSSL_CTX* ctx = 0;
  6837. WOLFSSL* ssl = 0;
  6838. char msg[] = "I hear you fa shizzle!";
  6839. char input[1024];
  6840. int idx;
  6841. #ifdef WOLFSSL_TIRTOS
  6842. fdOpenSession(Task_self());
  6843. #endif
  6844. ((func_args*)args)->return_code = TEST_FAIL;
  6845. cbf = ((func_args*)args)->callbacks;
  6846. {
  6847. WOLFSSL_METHOD* method = NULL;
  6848. if (cbf != NULL && cbf->method != NULL) {
  6849. method = cbf->method();
  6850. }
  6851. else {
  6852. method = wolfTLSv1_2_server_method();
  6853. }
  6854. ctx = wolfSSL_CTX_new(method);
  6855. }
  6856. if (ctx == NULL) {
  6857. goto done;
  6858. }
  6859. wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
  6860. #if defined(USE_WINDOWS_API)
  6861. port = ((func_args*)args)->signal->port;
  6862. #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
  6863. !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
  6864. /* Let tcp_listen assign port */
  6865. port = 0;
  6866. #else
  6867. /* Use default port */
  6868. port = wolfSSLPort;
  6869. #endif
  6870. /* do it here to detect failure */
  6871. tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
  6872. CloseSocket(sockfd);
  6873. /* call ctx setup callback */
  6874. if (cbf != NULL && cbf->ctx_ready != NULL) {
  6875. cbf->ctx_ready(ctx);
  6876. }
  6877. ssl = wolfSSL_new(ctx);
  6878. if (ssl == NULL) {
  6879. goto done;
  6880. }
  6881. wolfSSL_set_fd(ssl, clientfd);
  6882. /* call ssl setup callback */
  6883. if (cbf != NULL && cbf->ssl_ready != NULL) {
  6884. cbf->ssl_ready(ssl);
  6885. }
  6886. idx = wolfSSL_read(ssl, input, sizeof(input)-1);
  6887. if (idx > 0) {
  6888. input[idx] = '\0';
  6889. fprintf(stderr, "Client message export/import: %s\n", input);
  6890. }
  6891. else {
  6892. fprintf(stderr, "ret = %d error = %d\n", idx,
  6893. wolfSSL_get_error(ssl, idx));
  6894. goto done;
  6895. }
  6896. if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
  6897. /*err_sys("SSL_write failed");*/
  6898. #ifdef WOLFSSL_TIRTOS
  6899. return;
  6900. #else
  6901. return 0;
  6902. #endif
  6903. }
  6904. #ifdef WOLFSSL_TIRTOS
  6905. Task_yield();
  6906. #endif
  6907. ((func_args*)args)->return_code = TEST_SUCCESS;
  6908. done:
  6909. wolfSSL_shutdown(ssl);
  6910. wolfSSL_free(ssl);
  6911. wolfSSL_CTX_free(ctx);
  6912. CloseSocket(clientfd);
  6913. #ifdef WOLFSSL_TIRTOS
  6914. fdCloseSession(Task_self());
  6915. #endif
  6916. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  6917. && defined(HAVE_THREAD_LS)
  6918. wc_ecc_fp_free(); /* free per thread cache */
  6919. #endif
  6920. #if defined(HAVE_SESSION_TICKET) && \
  6921. ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
  6922. #if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM)
  6923. OpenSSLTicketCleanup();
  6924. #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
  6925. TicketCleanup();
  6926. #endif
  6927. #endif
  6928. #ifndef WOLFSSL_TIRTOS
  6929. return 0;
  6930. #endif
  6931. }
  6932. static void load_tls12_canned_server(WOLFSSL* ssl)
  6933. {
  6934. int clientfd = wolfSSL_get_fd(ssl);
  6935. AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_session,
  6936. sizeof(canned_server_session)), sizeof(canned_server_session));
  6937. wolfSSL_set_fd(ssl, clientfd);
  6938. }
  6939. #ifdef WOLFSSL_TLS13
  6940. static void load_tls13_canned_server(WOLFSSL* ssl)
  6941. {
  6942. int clientfd = wolfSSL_get_fd(ssl);
  6943. AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_tls13_session,
  6944. sizeof(canned_server_tls13_session)),
  6945. sizeof(canned_server_tls13_session));
  6946. wolfSSL_set_fd(ssl, clientfd);
  6947. }
  6948. #endif
  6949. /* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
  6950. static int test_wolfSSL_tls_export_run(int v)
  6951. {
  6952. SOCKET_T sockfd = 0;
  6953. WOLFSSL_CTX* ctx = 0;
  6954. WOLFSSL* ssl = 0;
  6955. char msg[64] = "hello wolfssl!";
  6956. char reply[1024];
  6957. word32 replySz;
  6958. int msgSz = (int)XSTRLEN(msg);
  6959. const byte* clientSession = NULL;
  6960. int clientSessionSz = 0;
  6961. tcp_ready ready;
  6962. func_args server_args;
  6963. THREAD_TYPE serverThread;
  6964. callback_functions server_cbf;
  6965. #ifdef WOLFSSL_TIRTOS
  6966. fdOpenSession(Task_self());
  6967. #endif
  6968. InitTcpReady(&ready);
  6969. #if defined(USE_WINDOWS_API)
  6970. /* use RNG to get random port if using windows */
  6971. ready.port = GetRandomPort();
  6972. #endif
  6973. XMEMSET(&server_args, 0, sizeof(func_args));
  6974. XMEMSET(&server_cbf, 0, sizeof(callback_functions));
  6975. switch (v) {
  6976. case WOLFSSL_TLSV1_2:
  6977. server_cbf.method = wolfTLSv1_2_server_method;
  6978. server_cbf.ssl_ready = load_tls12_canned_server;
  6979. /* setup the client side */
  6980. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
  6981. wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
  6982. clientSession = canned_client_session;
  6983. clientSessionSz = sizeof(canned_client_session);
  6984. break;
  6985. #ifdef WOLFSSL_TLS13
  6986. case WOLFSSL_TLSV1_3:
  6987. server_cbf.method = wolfTLSv1_3_server_method;
  6988. server_cbf.ssl_ready = load_tls13_canned_server;
  6989. /* setup the client side */
  6990. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
  6991. clientSession = canned_client_tls13_session;
  6992. clientSessionSz = sizeof(canned_client_tls13_session);
  6993. break;
  6994. #endif
  6995. }
  6996. server_args.callbacks = &server_cbf;
  6997. server_args.signal = &ready;
  6998. start_thread(tls_export_server, &server_args, &serverThread);
  6999. wait_tcp_ready(&server_args);
  7000. #ifdef WOLFSSL_TIRTOS
  7001. fdOpenSession(Task_self());
  7002. #endif
  7003. AssertNotNull(ssl = wolfSSL_new(ctx));
  7004. tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
  7005. AssertIntEQ(wolfSSL_tls_import(ssl, clientSession, clientSessionSz),
  7006. clientSessionSz);
  7007. replySz = sizeof(reply);
  7008. AssertIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0);
  7009. #if !defined(NO_PSK) && defined(HAVE_ANON)
  7010. /* index 20 has is setting if PSK was on and 49 is if anon is allowed */
  7011. AssertIntEQ(XMEMCMP(reply, clientSession, replySz), 0);
  7012. #endif
  7013. wolfSSL_set_fd(ssl, sockfd);
  7014. AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
  7015. AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)-1), 0);
  7016. wolfSSL_free(ssl);
  7017. wolfSSL_CTX_free(ctx);
  7018. CloseSocket(sockfd);
  7019. #ifdef WOLFSSL_TIRTOS
  7020. fdCloseSession(Task_self());
  7021. #endif
  7022. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  7023. && defined(HAVE_THREAD_LS)
  7024. wc_ecc_fp_free(); /* free per thread cache */
  7025. #endif
  7026. join_thread(serverThread);
  7027. AssertIntEQ(server_args.return_code, TEST_SUCCESS);
  7028. FreeTcpReady(&ready);
  7029. #ifdef WOLFSSL_TIRTOS
  7030. fdOpenSession(Task_self());
  7031. #endif
  7032. return TEST_RES_CHECK(1);
  7033. }
  7034. #endif
  7035. static int test_wolfSSL_tls_export(void)
  7036. {
  7037. int res = TEST_SKIPPED;
  7038. #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
  7039. test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2);
  7040. #ifdef WOLFSSL_TLS13
  7041. test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3);
  7042. #endif
  7043. res = TEST_RES_CHECK(1);
  7044. #endif
  7045. return res;
  7046. }
  7047. /*----------------------------------------------------------------------------*
  7048. | TLS extensions tests
  7049. *----------------------------------------------------------------------------*/
  7050. #ifdef ENABLE_TLS_CALLBACK_TEST
  7051. /* Connection test runner - generic */
  7052. static void test_wolfSSL_client_server(callback_functions* client_callbacks,
  7053. callback_functions* server_callbacks)
  7054. {
  7055. tcp_ready ready;
  7056. func_args client_args;
  7057. func_args server_args;
  7058. THREAD_TYPE serverThread;
  7059. XMEMSET(&client_args, 0, sizeof(func_args));
  7060. XMEMSET(&server_args, 0, sizeof(func_args));
  7061. StartTCP();
  7062. client_args.callbacks = client_callbacks;
  7063. server_args.callbacks = server_callbacks;
  7064. #ifdef WOLFSSL_TIRTOS
  7065. fdOpenSession(Task_self());
  7066. #endif
  7067. /* RUN Server side */
  7068. InitTcpReady(&ready);
  7069. #if defined(USE_WINDOWS_API)
  7070. /* use RNG to get random port if using windows */
  7071. ready.port = GetRandomPort();
  7072. #endif
  7073. server_args.signal = &ready;
  7074. client_args.signal = &ready;
  7075. start_thread(run_wolfssl_server, &server_args, &serverThread);
  7076. wait_tcp_ready(&server_args);
  7077. /* RUN Client side */
  7078. run_wolfssl_client(&client_args);
  7079. join_thread(serverThread);
  7080. FreeTcpReady(&ready);
  7081. #ifdef WOLFSSL_TIRTOS
  7082. fdCloseSession(Task_self());
  7083. #endif
  7084. client_callbacks->return_code = client_args.return_code;
  7085. server_callbacks->return_code = server_args.return_code;
  7086. }
  7087. #endif /* ENABLE_TLS_CALLBACK_TEST */
  7088. #ifdef HAVE_SNI
  7089. static int test_wolfSSL_UseSNI_params(void)
  7090. {
  7091. int res = TEST_SKIPPED;
  7092. #if !defined(NO_WOLFSSL_CLIENT)
  7093. WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  7094. WOLFSSL *ssl = wolfSSL_new(ctx);
  7095. AssertNotNull(ctx);
  7096. AssertNotNull(ssl);
  7097. /* invalid [ctx|ssl] */
  7098. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
  7099. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3));
  7100. /* invalid type */
  7101. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
  7102. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3));
  7103. /* invalid data */
  7104. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3));
  7105. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3));
  7106. /* success case */
  7107. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3));
  7108. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3));
  7109. wolfSSL_free(ssl);
  7110. wolfSSL_CTX_free(ctx);
  7111. res = TEST_RES_CHECK(1);
  7112. #endif /* !NO_WOLFSSL_CLIENT */
  7113. return res;
  7114. }
  7115. /* BEGIN of connection tests callbacks */
  7116. static void use_SNI_at_ctx(WOLFSSL_CTX* ctx)
  7117. {
  7118. AssertIntEQ(WOLFSSL_SUCCESS,
  7119. wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
  7120. }
  7121. static void use_SNI_at_ssl(WOLFSSL* ssl)
  7122. {
  7123. AssertIntEQ(WOLFSSL_SUCCESS,
  7124. wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
  7125. }
  7126. static void different_SNI_at_ssl(WOLFSSL* ssl)
  7127. {
  7128. AssertIntEQ(WOLFSSL_SUCCESS,
  7129. wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15));
  7130. }
  7131. static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl)
  7132. {
  7133. use_SNI_at_ssl(ssl);
  7134. wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
  7135. WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
  7136. }
  7137. static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl)
  7138. {
  7139. use_SNI_at_ssl(ssl);
  7140. wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
  7141. WOLFSSL_SNI_ANSWER_ON_MISMATCH);
  7142. }
  7143. static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
  7144. {
  7145. use_SNI_at_ctx(ctx);
  7146. wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
  7147. WOLFSSL_SNI_ABORT_ON_ABSENCE);
  7148. }
  7149. static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl)
  7150. {
  7151. use_SNI_at_ssl(ssl);
  7152. wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
  7153. WOLFSSL_SNI_ABORT_ON_ABSENCE);
  7154. }
  7155. static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
  7156. {
  7157. use_SNI_at_ctx(ctx);
  7158. wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
  7159. WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE);
  7160. }
  7161. static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
  7162. {
  7163. AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
  7164. }
  7165. static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
  7166. {
  7167. AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
  7168. }
  7169. static void verify_SNI_no_matching(WOLFSSL* ssl)
  7170. {
  7171. byte type = WOLFSSL_SNI_HOST_NAME;
  7172. void* request = (void*) &type; /* to be overwritten */
  7173. AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
  7174. AssertNotNull(request);
  7175. AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, &request));
  7176. AssertNull(request);
  7177. }
  7178. static void verify_SNI_real_matching(WOLFSSL* ssl)
  7179. {
  7180. byte type = WOLFSSL_SNI_HOST_NAME;
  7181. void* request = NULL;
  7182. AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type));
  7183. AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, &request));
  7184. AssertNotNull(request);
  7185. AssertStrEQ("www.wolfssl.com", (char*)request);
  7186. }
  7187. static void verify_SNI_fake_matching(WOLFSSL* ssl)
  7188. {
  7189. byte type = WOLFSSL_SNI_HOST_NAME;
  7190. void* request = NULL;
  7191. AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type));
  7192. AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, &request));
  7193. AssertNotNull(request);
  7194. AssertStrEQ("ww2.wolfssl.com", (char*)request);
  7195. }
  7196. static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
  7197. {
  7198. AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
  7199. }
  7200. /* END of connection tests callbacks */
  7201. static int test_wolfSSL_UseSNI_connection(void)
  7202. {
  7203. int res = TEST_SKIPPED;
  7204. #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
  7205. callback_functions client_cb;
  7206. callback_functions server_cb;
  7207. size_t i;
  7208. struct {
  7209. method_provider client_meth;
  7210. method_provider server_meth;
  7211. } methods[] = {
  7212. #if defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_TLS13)
  7213. {wolfSSLv23_client_method, wolfSSLv23_server_method},
  7214. #endif
  7215. #ifndef WOLFSSL_NO_TLS12
  7216. {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method},
  7217. #endif
  7218. #ifdef WOLFSSL_TLS13
  7219. {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method},
  7220. #endif
  7221. };
  7222. for (i = 0; i < (sizeof(methods)/sizeof(*methods)); i++) {
  7223. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  7224. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  7225. client_cb.method = methods[i].client_meth;
  7226. server_cb.method = methods[i].server_meth;
  7227. client_cb.devId = testDevId;
  7228. server_cb.devId = testDevId;
  7229. /* success case at ctx */
  7230. printf("success case at ctx\n");
  7231. client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
  7232. server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
  7233. test_wolfSSL_client_server(&client_cb, &server_cb);
  7234. /* success case at ssl */
  7235. printf("success case at ssl\n");
  7236. client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching;
  7237. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching;
  7238. test_wolfSSL_client_server(&client_cb, &server_cb);
  7239. /* default mismatch behavior */
  7240. printf("default mismatch behavior\n");
  7241. client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client;
  7242. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_UNKNOWN_SNI_on_server;
  7243. test_wolfSSL_client_server(&client_cb, &server_cb);
  7244. /* continue on mismatch */
  7245. printf("continue on mismatch\n");
  7246. client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
  7247. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching;
  7248. test_wolfSSL_client_server(&client_cb, &server_cb);
  7249. /* fake answer on mismatch */
  7250. printf("fake answer on mismatch\n");
  7251. client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
  7252. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching;
  7253. test_wolfSSL_client_server(&client_cb, &server_cb);
  7254. /* sni abort - success */
  7255. printf("sni abort - success\n");
  7256. client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
  7257. server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
  7258. test_wolfSSL_client_server(&client_cb, &server_cb);
  7259. /* sni abort - abort when absent (ctx) */
  7260. printf("sni abort - abort when absent (ctx)\n");
  7261. client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client;
  7262. server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server;
  7263. test_wolfSSL_client_server(&client_cb, &server_cb);
  7264. /* sni abort - abort when absent (ssl) */
  7265. printf("sni abort - abort when absent (ssl)\n");
  7266. client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client;
  7267. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server;
  7268. test_wolfSSL_client_server(&client_cb, &server_cb);
  7269. /* sni abort - success when overwritten */
  7270. printf("sni abort - success when overwritten\n");
  7271. client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
  7272. server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching;
  7273. test_wolfSSL_client_server(&client_cb, &server_cb);
  7274. /* sni abort - success when allowing mismatches */
  7275. printf("sni abort - success when allowing mismatches\n");
  7276. client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
  7277. server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching;
  7278. test_wolfSSL_client_server(&client_cb, &server_cb);
  7279. }
  7280. res = TEST_RES_CHECK(1);
  7281. #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
  7282. return res;
  7283. }
  7284. static int test_wolfSSL_SNI_GetFromBuffer(void)
  7285. {
  7286. byte buff[] = { /* www.paypal.com */
  7287. 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c,
  7288. 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca,
  7289. 0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5,
  7290. 0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b,
  7291. 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
  7292. 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21,
  7293. 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77,
  7294. 0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00,
  7295. 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
  7296. };
  7297. byte buff2[] = { /* api.textmate.org */
  7298. 0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52,
  7299. 0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b,
  7300. 0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f,
  7301. 0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff,
  7302. 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08,
  7303. 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12,
  7304. 0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04,
  7305. 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d,
  7306. 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35,
  7307. 0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16,
  7308. 0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b,
  7309. 0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b,
  7310. 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69,
  7311. 0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72,
  7312. 0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00,
  7313. 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00,
  7314. 0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03
  7315. };
  7316. byte buff3[] = { /* no sni extension */
  7317. 0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea,
  7318. 0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c,
  7319. 0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4,
  7320. 0x1e, 0xbb, 0xdf, 0x9d, 0x39, 0xf0, 0x65, 0x00, 0x00, 0x16, 0x00, 0x6b,
  7321. 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
  7322. 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x0a,
  7323. 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
  7324. };
  7325. byte buff4[] = { /* last extension has zero size */
  7326. 0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00,
  7327. 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
  7328. 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
  7329. 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
  7330. 0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
  7331. 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11,
  7332. 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35,
  7333. 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01,
  7334. 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00,
  7335. 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
  7336. 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06,
  7337. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f,
  7338. 0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
  7339. 0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
  7340. 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02,
  7341. 0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00,
  7342. 0x12, 0x00, 0x00
  7343. };
  7344. byte buff5[] = { /* SSL v2.0 client hello */
  7345. 0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00,
  7346. /* dummy bytes bellow, just to pass size check */
  7347. 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
  7348. 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
  7349. 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
  7350. };
  7351. byte result[32] = {0};
  7352. word32 length = 32;
  7353. AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4),
  7354. 0, result, &length));
  7355. AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3),
  7356. 0, result, &length));
  7357. AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
  7358. 1, result, &length));
  7359. AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
  7360. 0, result, &length));
  7361. buff[0] = 0x16;
  7362. AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
  7363. 0, result, &length));
  7364. buff[1] = 0x03;
  7365. AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff,
  7366. sizeof(buff), 0, result, &length));
  7367. buff[2] = 0x03;
  7368. AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff,
  7369. sizeof(buff), 0, result, &length));
  7370. buff[4] = 0x64;
  7371. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
  7372. 0, result, &length));
  7373. result[length] = 0;
  7374. AssertStrEQ("www.paypal.com", (const char*) result);
  7375. length = 32;
  7376. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
  7377. 0, result, &length));
  7378. result[length] = 0;
  7379. AssertStrEQ("api.textmate.org", (const char*) result);
  7380. /* SSL v2.0 tests */
  7381. AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5,
  7382. sizeof(buff5), 0, result, &length));
  7383. buff5[2] = 0x02;
  7384. AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
  7385. sizeof(buff5), 0, result, &length));
  7386. buff5[2] = 0x01; buff5[6] = 0x08;
  7387. AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
  7388. sizeof(buff5), 0, result, &length));
  7389. buff5[6] = 0x09; buff5[8] = 0x01;
  7390. AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
  7391. sizeof(buff5), 0, result, &length));
  7392. return TEST_RES_CHECK(1);
  7393. }
  7394. #endif /* HAVE_SNI */
  7395. #endif /* HAVE_IO_TESTS_DEPENDENCIES */
  7396. static int test_wolfSSL_UseTrustedCA(void)
  7397. {
  7398. int res = TEST_SKIPPED;
  7399. #if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
  7400. && !defined(NO_RSA)
  7401. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  7402. WOLFSSL_CTX *ctx;
  7403. WOLFSSL *ssl;
  7404. byte id[20];
  7405. #ifndef NO_WOLFSSL_SERVER
  7406. AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())));
  7407. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  7408. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  7409. #else
  7410. AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())));
  7411. #endif
  7412. AssertNotNull((ssl = wolfSSL_new(ctx)));
  7413. XMEMSET(id, 0, sizeof(id));
  7414. /* error cases */
  7415. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0));
  7416. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  7417. WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0));
  7418. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  7419. WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0));
  7420. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  7421. WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5));
  7422. #ifdef NO_SHA
  7423. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  7424. WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
  7425. #endif
  7426. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  7427. WOLFSSL_TRUSTED_CA_X509_NAME, id, 0));
  7428. /* success cases */
  7429. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  7430. WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0));
  7431. #ifndef NO_SHA
  7432. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  7433. WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
  7434. #endif
  7435. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  7436. WOLFSSL_TRUSTED_CA_X509_NAME, id, 5));
  7437. wolfSSL_free(ssl);
  7438. wolfSSL_CTX_free(ctx);
  7439. res = TEST_RES_CHECK(1);
  7440. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  7441. #endif /* HAVE_TRUSTED_CA */
  7442. return res;
  7443. }
  7444. static int test_wolfSSL_UseMaxFragment(void)
  7445. {
  7446. int res = TEST_SKIPPED;
  7447. #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \
  7448. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  7449. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  7450. #ifndef NO_WOLFSSL_SERVER
  7451. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  7452. #else
  7453. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  7454. #endif
  7455. WOLFSSL *ssl;
  7456. #ifdef OPENSSL_EXTRA
  7457. int (*UseMaxFragment)(SSL *s, uint8_t mode);
  7458. int (*CTX_UseMaxFragment)(SSL_CTX *c, uint8_t mode);
  7459. #else
  7460. int (*UseMaxFragment)(WOLFSSL *s, unsigned char mode);
  7461. int (*CTX_UseMaxFragment)(WOLFSSL_CTX *c, unsigned char mode);
  7462. #endif
  7463. #ifndef NO_WOLFSSL_SERVER
  7464. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  7465. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  7466. #endif
  7467. AssertNotNull(ctx);
  7468. ssl = wolfSSL_new(ctx);
  7469. AssertNotNull(ssl);
  7470. #ifdef OPENSSL_EXTRA
  7471. CTX_UseMaxFragment = SSL_CTX_set_tlsext_max_fragment_length;
  7472. UseMaxFragment = SSL_set_tlsext_max_fragment_length;
  7473. #else
  7474. UseMaxFragment = wolfSSL_UseMaxFragment;
  7475. CTX_UseMaxFragment = wolfSSL_CTX_UseMaxFragment;
  7476. #endif
  7477. /* error cases */
  7478. AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9));
  7479. AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment( NULL, WOLFSSL_MFL_2_9));
  7480. AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1));
  7481. AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1));
  7482. AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1));
  7483. AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1));
  7484. /* success case */
  7485. #ifdef OPENSSL_EXTRA
  7486. AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8));
  7487. #else
  7488. AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8));
  7489. #endif
  7490. AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9));
  7491. AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10));
  7492. AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11));
  7493. AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12));
  7494. #ifdef OPENSSL_EXTRA
  7495. AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
  7496. AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_8));
  7497. #else
  7498. AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
  7499. AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_8));
  7500. #endif
  7501. AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_9));
  7502. AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_10));
  7503. AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_11));
  7504. AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_12));
  7505. #ifdef OPENSSL_EXTRA
  7506. AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
  7507. #else
  7508. AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
  7509. #endif
  7510. wolfSSL_free(ssl);
  7511. wolfSSL_CTX_free(ctx);
  7512. res = TEST_RES_CHECK(1);
  7513. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  7514. #endif
  7515. return res;
  7516. }
  7517. static int test_wolfSSL_UseTruncatedHMAC(void)
  7518. {
  7519. int res = TEST_SKIPPED;
  7520. #if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \
  7521. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  7522. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  7523. #ifndef NO_WOLFSSL_SERVER
  7524. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  7525. #else
  7526. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  7527. #endif
  7528. WOLFSSL *ssl;
  7529. AssertNotNull(ctx);
  7530. #ifndef NO_WOLFSSL_SERVER
  7531. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  7532. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  7533. #endif
  7534. ssl = wolfSSL_new(ctx);
  7535. AssertNotNull(ssl);
  7536. /* error cases */
  7537. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL));
  7538. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL));
  7539. /* success case */
  7540. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx));
  7541. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl));
  7542. wolfSSL_free(ssl);
  7543. wolfSSL_CTX_free(ctx);
  7544. res = TEST_RES_CHECK(1);
  7545. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  7546. #endif
  7547. return res;
  7548. }
  7549. static int test_wolfSSL_UseSupportedCurve(void)
  7550. {
  7551. int res = TEST_SKIPPED;
  7552. #if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
  7553. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  7554. WOLFSSL *ssl = wolfSSL_new(ctx);
  7555. AssertNotNull(ctx);
  7556. AssertNotNull(ssl);
  7557. /* error cases */
  7558. AssertIntNE(WOLFSSL_SUCCESS,
  7559. wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
  7560. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0));
  7561. AssertIntNE(WOLFSSL_SUCCESS,
  7562. wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
  7563. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0));
  7564. /* success case */
  7565. AssertIntEQ(WOLFSSL_SUCCESS,
  7566. wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1));
  7567. AssertIntEQ(WOLFSSL_SUCCESS,
  7568. wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1));
  7569. wolfSSL_free(ssl);
  7570. wolfSSL_CTX_free(ctx);
  7571. res = TEST_RES_CHECK(1);
  7572. #endif
  7573. return res;
  7574. }
  7575. #if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES)
  7576. static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl)
  7577. {
  7578. AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0));
  7579. }
  7580. static void use_ALPN_all(WOLFSSL* ssl)
  7581. {
  7582. /* http/1.1,spdy/1,spdy/2,spdy/3 */
  7583. char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
  7584. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
  7585. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
  7586. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
  7587. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
  7588. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  7589. }
  7590. static void use_ALPN_all_continue(WOLFSSL* ssl)
  7591. {
  7592. /* http/1.1,spdy/1,spdy/2,spdy/3 */
  7593. char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
  7594. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
  7595. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
  7596. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
  7597. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
  7598. WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
  7599. }
  7600. static void use_ALPN_one(WOLFSSL* ssl)
  7601. {
  7602. /* spdy/2 */
  7603. char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
  7604. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
  7605. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  7606. }
  7607. static void use_ALPN_unknown(WOLFSSL* ssl)
  7608. {
  7609. /* http/2.0 */
  7610. char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
  7611. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
  7612. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  7613. }
  7614. static void use_ALPN_unknown_continue(WOLFSSL* ssl)
  7615. {
  7616. /* http/2.0 */
  7617. char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
  7618. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
  7619. WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
  7620. }
  7621. static void verify_ALPN_not_matching_spdy3(WOLFSSL* ssl)
  7622. {
  7623. /* spdy/3 */
  7624. char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
  7625. char *proto = NULL;
  7626. word16 protoSz = 0;
  7627. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
  7628. /* check value */
  7629. AssertIntNE(1, sizeof(nego_proto) == protoSz);
  7630. if (proto) {
  7631. AssertIntNE(0, XMEMCMP(nego_proto, proto, sizeof(nego_proto)));
  7632. }
  7633. }
  7634. static void verify_ALPN_not_matching_continue(WOLFSSL* ssl)
  7635. {
  7636. char *proto = NULL;
  7637. word16 protoSz = 0;
  7638. AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND,
  7639. wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
  7640. /* check value */
  7641. AssertIntEQ(1, (0 == protoSz));
  7642. AssertIntEQ(1, (NULL == proto));
  7643. }
  7644. static void verify_ALPN_matching_http1(WOLFSSL* ssl)
  7645. {
  7646. /* http/1.1 */
  7647. char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
  7648. char *proto;
  7649. word16 protoSz = 0;
  7650. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
  7651. /* check value */
  7652. AssertIntEQ(1, sizeof(nego_proto) == protoSz);
  7653. AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
  7654. }
  7655. static void verify_ALPN_matching_spdy2(WOLFSSL* ssl)
  7656. {
  7657. /* spdy/2 */
  7658. char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
  7659. char *proto;
  7660. word16 protoSz = 0;
  7661. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
  7662. /* check value */
  7663. AssertIntEQ(1, sizeof(nego_proto) == protoSz);
  7664. AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
  7665. }
  7666. static void verify_ALPN_client_list(WOLFSSL* ssl)
  7667. {
  7668. /* http/1.1,spdy/1,spdy/2,spdy/3 */
  7669. char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
  7670. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
  7671. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
  7672. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
  7673. char *clist = NULL;
  7674. word16 clistSz = 0;
  7675. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetPeerProtocol(ssl, &clist,
  7676. &clistSz));
  7677. /* check value */
  7678. AssertIntEQ(1, sizeof(alpn_list) == clistSz);
  7679. AssertIntEQ(0, XMEMCMP(alpn_list, clist, clistSz));
  7680. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_FreePeerProtocol(ssl, &clist));
  7681. }
  7682. static int test_wolfSSL_UseALPN_connection(void)
  7683. {
  7684. int res = TEST_SKIPPED;
  7685. #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
  7686. callback_functions client_cb;
  7687. callback_functions server_cb;
  7688. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  7689. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  7690. client_cb.method = wolfSSLv23_client_method;
  7691. server_cb.method = wolfSSLv23_server_method;
  7692. client_cb.devId = testDevId;
  7693. server_cb.devId = testDevId;
  7694. /* success case same list */
  7695. client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
  7696. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_http1;
  7697. test_wolfSSL_client_server(&client_cb, &server_cb);
  7698. /* success case only one for server */
  7699. client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
  7700. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_matching_spdy2;
  7701. test_wolfSSL_client_server(&client_cb, &server_cb);
  7702. /* success case only one for client */
  7703. client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_one; client_cb.on_result = NULL;
  7704. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_spdy2;
  7705. test_wolfSSL_client_server(&client_cb, &server_cb);
  7706. /* success case none for client */
  7707. client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
  7708. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = NULL;
  7709. test_wolfSSL_client_server(&client_cb, &server_cb);
  7710. /* success case mismatch behavior but option 'continue' set */
  7711. client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all_continue; client_cb.on_result = verify_ALPN_not_matching_continue;
  7712. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown_continue; server_cb.on_result = NULL;
  7713. test_wolfSSL_client_server(&client_cb, &server_cb);
  7714. /* success case read protocol send by client */
  7715. client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
  7716. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_client_list;
  7717. test_wolfSSL_client_server(&client_cb, &server_cb);
  7718. /* mismatch behavior with same list
  7719. * the first and only this one must be taken */
  7720. client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
  7721. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_not_matching_spdy3;
  7722. test_wolfSSL_client_server(&client_cb, &server_cb);
  7723. /* default mismatch behavior */
  7724. client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
  7725. server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown; server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client;
  7726. test_wolfSSL_client_server(&client_cb, &server_cb);
  7727. res = TEST_RES_CHECK(1);
  7728. #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
  7729. return res;
  7730. }
  7731. static int test_wolfSSL_UseALPN_params(void)
  7732. {
  7733. int res = TEST_SKIPPED;
  7734. #ifndef NO_WOLFSSL_CLIENT
  7735. /* "http/1.1" */
  7736. char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
  7737. /* "spdy/1" */
  7738. char spdy1[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x31};
  7739. /* "spdy/2" */
  7740. char spdy2[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
  7741. /* "spdy/3" */
  7742. char spdy3[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
  7743. char buff[256];
  7744. word32 idx;
  7745. WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  7746. WOLFSSL *ssl = wolfSSL_new(ctx);
  7747. AssertNotNull(ctx);
  7748. AssertNotNull(ssl);
  7749. /* error cases */
  7750. AssertIntNE(WOLFSSL_SUCCESS,
  7751. wolfSSL_UseALPN(NULL, http1, sizeof(http1),
  7752. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  7753. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0,
  7754. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  7755. /* success case */
  7756. /* http1 only */
  7757. AssertIntEQ(WOLFSSL_SUCCESS,
  7758. wolfSSL_UseALPN(ssl, http1, sizeof(http1),
  7759. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  7760. /* http1, spdy1 */
  7761. XMEMCPY(buff, http1, sizeof(http1));
  7762. idx = sizeof(http1);
  7763. buff[idx++] = ',';
  7764. XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
  7765. idx += sizeof(spdy1);
  7766. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
  7767. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  7768. /* http1, spdy2, spdy1 */
  7769. XMEMCPY(buff, http1, sizeof(http1));
  7770. idx = sizeof(http1);
  7771. buff[idx++] = ',';
  7772. XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
  7773. idx += sizeof(spdy2);
  7774. buff[idx++] = ',';
  7775. XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
  7776. idx += sizeof(spdy1);
  7777. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
  7778. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  7779. /* spdy3, http1, spdy2, spdy1 */
  7780. XMEMCPY(buff, spdy3, sizeof(spdy3));
  7781. idx = sizeof(spdy3);
  7782. buff[idx++] = ',';
  7783. XMEMCPY(buff+idx, http1, sizeof(http1));
  7784. idx += sizeof(http1);
  7785. buff[idx++] = ',';
  7786. XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
  7787. idx += sizeof(spdy2);
  7788. buff[idx++] = ',';
  7789. XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
  7790. idx += sizeof(spdy1);
  7791. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
  7792. WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
  7793. wolfSSL_free(ssl);
  7794. wolfSSL_CTX_free(ctx);
  7795. res = TEST_RES_CHECK(1);
  7796. #endif
  7797. return res;
  7798. }
  7799. #endif /* HAVE_ALPN */
  7800. #ifdef HAVE_ALPN_PROTOS_SUPPORT
  7801. static void CTX_set_alpn_protos(SSL_CTX *ctx)
  7802. {
  7803. unsigned char p[] = {
  7804. 8, 'h', 't', 't', 'p', '/', '1', '.', '1',
  7805. 6, 's', 'p', 'd', 'y', '/', '2',
  7806. 6, 's', 'p', 'd', 'y', '/', '1',
  7807. };
  7808. unsigned char p_len = sizeof(p);
  7809. int ret;
  7810. ret = SSL_CTX_set_alpn_protos(ctx, p, p_len);
  7811. #ifdef WOLFSSL_ERROR_CODE_OPENSSL
  7812. AssertIntEQ(ret, 0);
  7813. #else
  7814. AssertIntEQ(ret, SSL_SUCCESS);
  7815. #endif
  7816. }
  7817. static void set_alpn_protos(SSL* ssl)
  7818. {
  7819. unsigned char p[] = {
  7820. 6, 's', 'p', 'd', 'y', '/', '3',
  7821. 8, 'h', 't', 't', 'p', '/', '1', '.', '1',
  7822. 6, 's', 'p', 'd', 'y', '/', '2',
  7823. 6, 's', 'p', 'd', 'y', '/', '1',
  7824. };
  7825. unsigned char p_len = sizeof(p);
  7826. int ret;
  7827. ret = SSL_set_alpn_protos(ssl, p, p_len);
  7828. #ifdef WOLFSSL_ERROR_CODE_OPENSSL
  7829. AssertIntEQ(ret, 0);
  7830. #else
  7831. AssertIntEQ(ret, SSL_SUCCESS);
  7832. #endif
  7833. }
  7834. static void verify_alpn_matching_spdy3(WOLFSSL* ssl)
  7835. {
  7836. /* "spdy/3" */
  7837. char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
  7838. const unsigned char *proto;
  7839. unsigned int protoSz = 0;
  7840. SSL_get0_alpn_selected(ssl, &proto, &protoSz);
  7841. /* check value */
  7842. AssertIntEQ(1, sizeof(nego_proto) == protoSz);
  7843. AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
  7844. }
  7845. static void verify_alpn_matching_http1(WOLFSSL* ssl)
  7846. {
  7847. /* "http/1.1" */
  7848. char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
  7849. const unsigned char *proto;
  7850. unsigned int protoSz = 0;
  7851. SSL_get0_alpn_selected(ssl, &proto, &protoSz);
  7852. /* check value */
  7853. AssertIntEQ(1, sizeof(nego_proto) == protoSz);
  7854. AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
  7855. }
  7856. static int test_wolfSSL_set_alpn_protos(void)
  7857. {
  7858. int res = TEST_SKIPPED;
  7859. #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
  7860. callback_functions client_cb;
  7861. callback_functions server_cb;
  7862. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  7863. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  7864. client_cb.method = wolfSSLv23_client_method;
  7865. server_cb.method = wolfSSLv23_server_method;
  7866. client_cb.devId = testDevId;
  7867. server_cb.devId = testDevId;
  7868. /* use CTX_alpn_protos */
  7869. client_cb.ctx_ready = CTX_set_alpn_protos; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
  7870. server_cb.ctx_ready = CTX_set_alpn_protos; server_cb.ssl_ready = NULL; server_cb.on_result = verify_alpn_matching_http1;
  7871. test_wolfSSL_client_server(&client_cb, &server_cb);
  7872. /* use set_alpn_protos */
  7873. client_cb.ctx_ready = NULL; client_cb.ssl_ready = set_alpn_protos; client_cb.on_result = NULL;
  7874. server_cb.ctx_ready = NULL; server_cb.ssl_ready = set_alpn_protos; server_cb.on_result = verify_alpn_matching_spdy3;
  7875. test_wolfSSL_client_server(&client_cb, &server_cb);
  7876. res = TEST_RES_CHECK(1);
  7877. #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
  7878. return res;
  7879. }
  7880. #endif /* HAVE_ALPN_PROTOS_SUPPORT */
  7881. static int test_wolfSSL_DisableExtendedMasterSecret(void)
  7882. {
  7883. int res = TEST_SKIPPED;
  7884. #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
  7885. WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  7886. WOLFSSL *ssl = wolfSSL_new(ctx);
  7887. AssertNotNull(ctx);
  7888. AssertNotNull(ssl);
  7889. /* error cases */
  7890. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
  7891. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));
  7892. /* success cases */
  7893. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
  7894. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));
  7895. wolfSSL_free(ssl);
  7896. wolfSSL_CTX_free(ctx);
  7897. res = TEST_RES_CHECK(1);
  7898. #endif
  7899. return res;
  7900. }
  7901. static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void)
  7902. {
  7903. int res = TEST_SKIPPED;
  7904. #if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT)
  7905. WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  7906. WOLFSSL *ssl = wolfSSL_new(ctx);
  7907. AssertNotNull(ctx);
  7908. AssertNotNull(ssl);
  7909. /* error cases */
  7910. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL));
  7911. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL));
  7912. /* success cases */
  7913. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx));
  7914. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl));
  7915. wolfSSL_free(ssl);
  7916. wolfSSL_CTX_free(ctx);
  7917. res = TEST_RES_CHECK(1);
  7918. #endif
  7919. return res;
  7920. }
  7921. #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_SERVER) && \
  7922. (!defined(NO_RSA) || defined(HAVE_ECC))
  7923. /* Called when writing. */
  7924. static int DummySend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
  7925. {
  7926. (void)ssl;
  7927. (void)buf;
  7928. (void)sz;
  7929. (void)ctx;
  7930. /* Force error return from wolfSSL_accept_TLSv13(). */
  7931. return WANT_WRITE;
  7932. }
  7933. /* Called when reading. */
  7934. static int BufferInfoRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
  7935. {
  7936. WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx;
  7937. int len = (int)msg->length;
  7938. (void)ssl;
  7939. (void)sz;
  7940. /* Pass back as much of message as will fit in buffer. */
  7941. if (len > sz)
  7942. len = sz;
  7943. XMEMCPY(buf, msg->buffer, len);
  7944. /* Move over returned data. */
  7945. msg->buffer += len;
  7946. msg->length -= len;
  7947. /* Amount actually copied. */
  7948. return len;
  7949. }
  7950. #endif
  7951. /* Test the detection of duplicate known TLS extensions.
  7952. * Specifically in a ClientHello.
  7953. */
  7954. static int test_tls_ext_duplicate(void)
  7955. {
  7956. int res = TEST_SKIPPED;
  7957. #if !defined(NO_WOLFSSL_SERVER) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \
  7958. !defined(NO_FILESYSTEM)
  7959. const unsigned char clientHelloDupTlsExt[] = {
  7960. 0x16, 0x03, 0x03, 0x00, 0x6a, 0x01, 0x00, 0x00,
  7961. 0x66, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe,
  7962. 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55,
  7963. 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8,
  7964. 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c,
  7965. 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b,
  7966. 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda,
  7967. 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00,
  7968. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  7969. 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x13, 0x01,
  7970. 0x00, 0x9e, 0x01, 0x00,
  7971. /* Extensions - duplicate signature algorithms. */
  7972. 0x00, 0x19, 0x00, 0x0d,
  7973. 0x00, 0x04, 0x00, 0x02, 0x04, 0x01, 0x00, 0x0d,
  7974. 0x00, 0x04, 0x00, 0x02, 0x04, 0x01,
  7975. /* Supported Versions extension for TLS 1.3. */
  7976. 0x00, 0x2b,
  7977. 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03
  7978. };
  7979. WOLFSSL_BUFFER_INFO msg;
  7980. const char* testCertFile;
  7981. const char* testKeyFile;
  7982. WOLFSSL_CTX *ctx;
  7983. WOLFSSL *ssl;
  7984. #ifndef NO_RSA
  7985. testCertFile = svrCertFile;
  7986. testKeyFile = svrKeyFile;
  7987. #elif defined(HAVE_ECC)
  7988. testCertFile = eccCertFile;
  7989. testKeyFile = eccKeyFile;
  7990. #endif
  7991. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  7992. AssertNotNull(ctx);
  7993. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
  7994. WOLFSSL_FILETYPE_PEM));
  7995. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
  7996. WOLFSSL_FILETYPE_PEM));
  7997. /* Read from 'msg'. */
  7998. wolfSSL_SetIORecv(ctx, BufferInfoRecv);
  7999. /* No where to send to - dummy sender. */
  8000. wolfSSL_SetIOSend(ctx, DummySend);
  8001. ssl = wolfSSL_new(ctx);
  8002. AssertNotNull(ssl);
  8003. msg.buffer = (unsigned char*)clientHelloDupTlsExt;
  8004. msg.length = (unsigned int)sizeof(clientHelloDupTlsExt);
  8005. wolfSSL_SetIOReadCtx(ssl, &msg);
  8006. AssertIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
  8007. AssertIntEQ(wolfSSL_get_error(ssl, 0), DUPLICATE_TLS_EXT_E);
  8008. wolfSSL_free(ssl);
  8009. wolfSSL_CTX_free(ctx);
  8010. res = TEST_RES_CHECK(1);
  8011. #endif
  8012. return res;
  8013. }
  8014. /*----------------------------------------------------------------------------*
  8015. | X509 Tests
  8016. *----------------------------------------------------------------------------*/
  8017. static int test_wolfSSL_X509_NAME_get_entry(void)
  8018. {
  8019. int res = TEST_SKIPPED;
  8020. #if !defined(NO_CERTS) && !defined(NO_RSA)
  8021. #if defined(OPENSSL_ALL) || \
  8022. (defined(OPENSSL_EXTRA) && \
  8023. (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)))
  8024. /* use openssl like name to test mapping */
  8025. X509_NAME_ENTRY* ne;
  8026. X509_NAME* name;
  8027. X509* x509;
  8028. #ifndef NO_FILESYSTEM
  8029. ASN1_STRING* asn;
  8030. char* subCN = NULL;
  8031. #endif
  8032. int idx;
  8033. ASN1_OBJECT *object = NULL;
  8034. #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \
  8035. defined(WOLFSSL_NGINX)
  8036. #ifndef NO_BIO
  8037. BIO* bio;
  8038. #endif
  8039. #endif
  8040. #ifndef NO_FILESYSTEM
  8041. x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  8042. WOLFSSL_FILETYPE_PEM);
  8043. AssertNotNull(x509);
  8044. name = X509_get_subject_name(x509);
  8045. idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
  8046. AssertIntGE(idx, 0);
  8047. ne = X509_NAME_get_entry(name, idx);
  8048. AssertNotNull(ne);
  8049. asn = X509_NAME_ENTRY_get_data(ne);
  8050. AssertNotNull(asn);
  8051. subCN = (char*)ASN1_STRING_data(asn);
  8052. AssertNotNull(subCN);
  8053. wolfSSL_FreeX509(x509);
  8054. #endif
  8055. x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  8056. WOLFSSL_FILETYPE_PEM);
  8057. AssertNotNull(x509);
  8058. name = X509_get_subject_name(x509);
  8059. idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
  8060. AssertIntGE(idx, 0);
  8061. #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \
  8062. defined(WOLFSSL_NGINX)
  8063. #ifndef NO_BIO
  8064. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  8065. AssertIntEQ(X509_NAME_print_ex(bio, name, 4,
  8066. (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
  8067. AssertIntEQ(X509_NAME_print_ex_fp(stderr, name, 4,
  8068. (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
  8069. BIO_free(bio);
  8070. #endif
  8071. #endif
  8072. ne = X509_NAME_get_entry(name, idx);
  8073. AssertNotNull(ne);
  8074. AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
  8075. wolfSSL_FreeX509(x509);
  8076. res = TEST_RES_CHECK(1);
  8077. #endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */
  8078. #endif /* !NO_CERTS && !NO_RSA */
  8079. return res;
  8080. }
  8081. /* Testing functions dealing with PKCS12 parsing out X509 certs */
  8082. static int test_wolfSSL_PKCS12(void)
  8083. {
  8084. int res = TEST_SKIPPED;
  8085. /* .p12 file is encrypted with DES3 */
  8086. #ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes
  8087. * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit)
  8088. * Password Key
  8089. */
  8090. #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
  8091. !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
  8092. !defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO)
  8093. byte buf[6000];
  8094. char file[] = "./certs/test-servercert.p12";
  8095. char order[] = "./certs/ecc-rsa-server.p12";
  8096. #ifdef WC_RC2
  8097. char rc2p12[] = "./certs/test-servercert-rc2.p12";
  8098. #endif
  8099. char pass[] = "a password";
  8100. const char goodPsw[] = "wolfSSL test";
  8101. const char badPsw[] = "bad";
  8102. #ifdef HAVE_ECC
  8103. WOLFSSL_X509_NAME* subject;
  8104. WOLFSSL_X509 *x509;
  8105. #endif
  8106. XFILE f;
  8107. int bytes, ret, goodPswLen, badPswLen;
  8108. WOLFSSL_BIO *bio;
  8109. WOLFSSL_EVP_PKEY *pkey;
  8110. WC_PKCS12 *pkcs12;
  8111. WC_PKCS12 *pkcs12_2;
  8112. WOLFSSL_X509 *cert;
  8113. WOLFSSL_X509 *tmp;
  8114. WOLF_STACK_OF(WOLFSSL_X509) *ca;
  8115. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
  8116. || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
  8117. WOLFSSL_CTX *ctx;
  8118. WOLFSSL *ssl;
  8119. WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL;
  8120. #endif
  8121. f = XFOPEN(file, "rb");
  8122. AssertTrue((f != XBADFILE));
  8123. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  8124. XFCLOSE(f);
  8125. goodPswLen = (int)XSTRLEN(goodPsw);
  8126. badPswLen = (int)XSTRLEN(badPsw);
  8127. bio = BIO_new_mem_buf((void*)buf, bytes);
  8128. AssertNotNull(bio);
  8129. pkcs12 = d2i_PKCS12_bio(bio, NULL);
  8130. AssertNotNull(pkcs12);
  8131. PKCS12_free(pkcs12);
  8132. AssertIntEQ(BIO_write(bio, buf, bytes), bytes); /* d2i consumes BIO */
  8133. d2i_PKCS12_bio(bio, &pkcs12);
  8134. AssertNotNull(pkcs12);
  8135. BIO_free(bio);
  8136. /* check verify MAC directly */
  8137. ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen);
  8138. AssertIntEQ(ret, 1);
  8139. /* check verify MAC fail case directly */
  8140. ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen);
  8141. AssertIntEQ(ret, 0);
  8142. /* check verify MAC fail case */
  8143. ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
  8144. AssertIntEQ(ret, 0);
  8145. AssertNull(pkey);
  8146. AssertNull(cert);
  8147. /* check parse with no extra certs kept */
  8148. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
  8149. AssertIntEQ(ret, 1);
  8150. AssertNotNull(pkey);
  8151. AssertNotNull(cert);
  8152. wolfSSL_EVP_PKEY_free(pkey);
  8153. wolfSSL_X509_free(cert);
  8154. /* check parse with extra certs kept */
  8155. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
  8156. AssertIntEQ(ret, 1);
  8157. AssertNotNull(pkey);
  8158. AssertNotNull(cert);
  8159. AssertNotNull(ca);
  8160. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
  8161. || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
  8162. /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */
  8163. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  8164. #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
  8165. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  8166. #else
  8167. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  8168. #endif
  8169. /* Copy stack structure */
  8170. AssertNotNull(tmp_ca = X509_chain_up_ref(ca));
  8171. AssertIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1);
  8172. /* CTX now owns the tmp_ca stack structure */
  8173. tmp_ca = NULL;
  8174. AssertIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1);
  8175. AssertNotNull(tmp_ca);
  8176. AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca));
  8177. /* Check that the main cert is also set */
  8178. AssertNotNull(SSL_CTX_get0_certificate(ctx));
  8179. AssertNotNull(ssl = SSL_new(ctx));
  8180. AssertNotNull(SSL_get_certificate(ssl));
  8181. SSL_free(ssl);
  8182. SSL_CTX_free(ctx);
  8183. #endif
  8184. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  8185. /* should be 2 other certs on stack */
  8186. tmp = sk_X509_pop(ca);
  8187. AssertNotNull(tmp);
  8188. X509_free(tmp);
  8189. tmp = sk_X509_pop(ca);
  8190. AssertNotNull(tmp);
  8191. X509_free(tmp);
  8192. AssertNull(sk_X509_pop(ca));
  8193. EVP_PKEY_free(pkey);
  8194. X509_free(cert);
  8195. sk_X509_pop_free(ca, X509_free);
  8196. /* check PKCS12_create */
  8197. AssertNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0));
  8198. AssertIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
  8199. SSL_SUCCESS);
  8200. AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
  8201. -1, -1, 100, -1, 0)));
  8202. EVP_PKEY_free(pkey);
  8203. X509_free(cert);
  8204. sk_X509_pop_free(ca, NULL);
  8205. AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
  8206. SSL_SUCCESS);
  8207. PKCS12_free(pkcs12_2);
  8208. AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
  8209. NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
  8210. NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
  8211. 2000, 1, 0)));
  8212. EVP_PKEY_free(pkey);
  8213. X509_free(cert);
  8214. sk_X509_pop_free(ca, NULL);
  8215. /* convert to DER then back and parse */
  8216. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  8217. AssertIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS);
  8218. PKCS12_free(pkcs12_2);
  8219. AssertNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL));
  8220. BIO_free(bio);
  8221. AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
  8222. SSL_SUCCESS);
  8223. /* should be 2 other certs on stack */
  8224. tmp = sk_X509_pop(ca);
  8225. AssertNotNull(tmp);
  8226. X509_free(tmp);
  8227. tmp = sk_X509_pop(ca);
  8228. AssertNotNull(tmp);
  8229. X509_free(tmp);
  8230. AssertNull(sk_X509_pop(ca));
  8231. #ifndef NO_RC4
  8232. PKCS12_free(pkcs12_2);
  8233. AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL,
  8234. NID_pbe_WithSHA1And128BitRC4,
  8235. NID_pbe_WithSHA1And128BitRC4,
  8236. 2000, 1, 0)));
  8237. EVP_PKEY_free(pkey);
  8238. X509_free(cert);
  8239. sk_X509_pop_free(ca, NULL);
  8240. AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
  8241. SSL_SUCCESS);
  8242. #endif /* NO_RC4 */
  8243. EVP_PKEY_free(pkey);
  8244. X509_free(cert);
  8245. PKCS12_free(pkcs12);
  8246. PKCS12_free(pkcs12_2);
  8247. sk_X509_pop_free(ca, NULL);
  8248. #ifdef HAVE_ECC
  8249. /* test order of parsing */
  8250. f = XFOPEN(order, "rb");
  8251. AssertTrue(f != XBADFILE);
  8252. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  8253. XFCLOSE(f);
  8254. AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
  8255. AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
  8256. AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)),
  8257. WOLFSSL_SUCCESS);
  8258. /* check use of pkey after parse */
  8259. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
  8260. || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
  8261. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  8262. #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
  8263. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  8264. #else
  8265. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  8266. #endif
  8267. AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS);
  8268. SSL_CTX_free(ctx);
  8269. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  8270. #endif
  8271. AssertNotNull(pkey);
  8272. AssertNotNull(cert);
  8273. AssertNotNull(ca);
  8274. /* compare subject lines of certificates */
  8275. AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
  8276. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile,
  8277. SSL_FILETYPE_PEM));
  8278. AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
  8279. (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
  8280. X509_free(x509);
  8281. /* test expected fail case */
  8282. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
  8283. SSL_FILETYPE_PEM));
  8284. AssertIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
  8285. (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
  8286. X509_free(x509);
  8287. X509_free(cert);
  8288. /* get subject line from ca stack */
  8289. AssertNotNull(cert = sk_X509_pop(ca));
  8290. AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
  8291. /* compare subject from certificate in ca to expected */
  8292. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
  8293. SSL_FILETYPE_PEM));
  8294. AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
  8295. (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
  8296. EVP_PKEY_free(pkey);
  8297. X509_free(x509);
  8298. X509_free(cert);
  8299. BIO_free(bio);
  8300. PKCS12_free(pkcs12);
  8301. sk_X509_pop_free(ca, NULL); /* TEST d2i_PKCS12_fp */
  8302. /* test order of parsing */
  8303. f = XFOPEN(file, "rb");
  8304. AssertTrue(f != XBADFILE);
  8305. AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
  8306. XFCLOSE(f);
  8307. /* check verify MAC fail case */
  8308. ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
  8309. AssertIntEQ(ret, 0);
  8310. AssertNull(pkey);
  8311. AssertNull(cert);
  8312. /* check parse with no extra certs kept */
  8313. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
  8314. AssertIntEQ(ret, 1);
  8315. AssertNotNull(pkey);
  8316. AssertNotNull(cert);
  8317. wolfSSL_EVP_PKEY_free(pkey);
  8318. wolfSSL_X509_free(cert);
  8319. /* check parse with extra certs kept */
  8320. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
  8321. AssertIntEQ(ret, 1);
  8322. AssertNotNull(pkey);
  8323. AssertNotNull(cert);
  8324. AssertNotNull(ca);
  8325. wolfSSL_EVP_PKEY_free(pkey);
  8326. wolfSSL_X509_free(cert);
  8327. sk_X509_pop_free(ca, NULL);
  8328. PKCS12_free(pkcs12);
  8329. #endif /* HAVE_ECC */
  8330. #ifdef WC_RC2
  8331. /* test PKCS#12 with RC2 encryption */
  8332. f = XFOPEN(rc2p12, "rb");
  8333. AssertTrue(f != XBADFILE);
  8334. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  8335. XFCLOSE(f);
  8336. AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
  8337. AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
  8338. /* check verify MAC fail case */
  8339. ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
  8340. AssertIntEQ(ret, 0);
  8341. AssertNull(pkey);
  8342. AssertNull(cert);
  8343. /* check parse iwth not extra certs kept */
  8344. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
  8345. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  8346. AssertNotNull(pkey);
  8347. AssertNotNull(cert);
  8348. /* check parse with extra certs kept */
  8349. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
  8350. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  8351. AssertNotNull(pkey);
  8352. AssertNotNull(cert);
  8353. AssertNotNull(ca);
  8354. wolfSSL_EVP_PKEY_free(pkey);
  8355. wolfSSL_X509_free(cert);
  8356. sk_X509_pop_free(ca, NULL);
  8357. BIO_free(bio);
  8358. PKCS12_free(pkcs12);
  8359. #endif /* WC_RC2 */
  8360. /* Test i2d_PKCS12_bio */
  8361. f = XFOPEN(file, "rb");
  8362. AssertTrue((f != XBADFILE));
  8363. AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
  8364. XFCLOSE(f);
  8365. bio = BIO_new(BIO_s_mem());
  8366. AssertNotNull(bio);
  8367. ret = i2d_PKCS12_bio(bio, pkcs12);
  8368. AssertIntEQ(ret, 1);
  8369. ret = i2d_PKCS12_bio(NULL, pkcs12);
  8370. AssertIntEQ(ret, 0);
  8371. ret = i2d_PKCS12_bio(bio, NULL);
  8372. AssertIntEQ(ret, 0);
  8373. PKCS12_free(pkcs12);
  8374. BIO_free(bio);
  8375. (void)order;
  8376. res = TEST_RES_CHECK(1);
  8377. #endif /* OPENSSL_EXTRA */
  8378. #endif /* HAVE_FIPS */
  8379. return res;
  8380. }
  8381. #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
  8382. defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \
  8383. (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_MD5)
  8384. #define TEST_PKCS8_ENC
  8385. #endif
  8386. #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
  8387. && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
  8388. /* used to keep track if FailTestCallback was called */
  8389. static int failTestCallbackCalled = 0;
  8390. static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata)
  8391. {
  8392. (void)passwd;
  8393. (void)sz;
  8394. (void)rw;
  8395. (void)userdata;
  8396. /* mark called, test_wolfSSL_no_password_cb() will check and fail if set */
  8397. failTestCallbackCalled = 1;
  8398. return -1;
  8399. }
  8400. #endif
  8401. static int test_wolfSSL_no_password_cb(void)
  8402. {
  8403. int res = TEST_SKIPPED;
  8404. #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
  8405. && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
  8406. WOLFSSL_CTX* ctx;
  8407. byte buff[FOURK_BUF];
  8408. const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
  8409. const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
  8410. XFILE f;
  8411. int bytes;
  8412. #ifndef NO_WOLFSSL_CLIENT
  8413. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method()));
  8414. #else
  8415. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method()));
  8416. #endif
  8417. wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack);
  8418. AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE);
  8419. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  8420. XFCLOSE(f);
  8421. AssertIntLE(bytes, sizeof(buff));
  8422. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8423. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  8424. AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
  8425. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  8426. XFCLOSE(f);
  8427. AssertIntLE(bytes, sizeof(buff));
  8428. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8429. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  8430. wolfSSL_CTX_free(ctx);
  8431. if (failTestCallbackCalled != 0) {
  8432. Fail(("Password callback should not be called by default"),
  8433. ("Password callback was called without attempting "
  8434. "to first decipher private key without password."));
  8435. }
  8436. res = TEST_RES_CHECK(1);
  8437. #endif
  8438. return res;
  8439. }
  8440. #ifdef TEST_PKCS8_ENC
  8441. /* for PKCS8 test case */
  8442. static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
  8443. {
  8444. int flag = 0;
  8445. (void)rw;
  8446. if (userdata != NULL) {
  8447. flag = *((int*)userdata); /* user set data */
  8448. }
  8449. switch (flag) {
  8450. case 1: /* flag set for specific WOLFSSL_CTX structure, note userdata
  8451. * can be anything the user wishes to be passed to the callback
  8452. * associated with the WOLFSSL_CTX */
  8453. XSTRNCPY(passwd, "yassl123", sz);
  8454. return 8;
  8455. default:
  8456. return BAD_FUNC_ARG;
  8457. }
  8458. }
  8459. #endif /* TEST_PKCS8_ENC */
  8460. /* Testing functions dealing with PKCS8 */
  8461. static int test_wolfSSL_PKCS8(void)
  8462. {
  8463. int res = TEST_SKIPPED;
  8464. #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8)
  8465. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  8466. byte buff[FOURK_BUF];
  8467. byte der[FOURK_BUF];
  8468. #ifndef NO_RSA
  8469. const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem";
  8470. const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der";
  8471. #endif
  8472. const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
  8473. #ifdef HAVE_ECC
  8474. const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
  8475. #endif
  8476. XFILE f;
  8477. int bytes;
  8478. WOLFSSL_CTX* ctx;
  8479. #if defined(HAVE_ECC) && !defined(NO_CODING)
  8480. int ret;
  8481. ecc_key key;
  8482. word32 x = 0;
  8483. #endif
  8484. #ifdef TEST_PKCS8_ENC
  8485. #if !defined(NO_RSA) && !defined(NO_SHA)
  8486. const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem";
  8487. const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der";
  8488. #endif
  8489. #if defined(HAVE_ECC) && !defined(NO_SHA)
  8490. const char eccPkcs8EncPrivKeyPemFile[] = "./certs/ecc-keyPkcs8Enc.pem";
  8491. const char eccPkcs8EncPrivKeyDerFile[] = "./certs/ecc-keyPkcs8Enc.der";
  8492. #endif
  8493. int flag;
  8494. #endif
  8495. (void)der;
  8496. #ifndef NO_WOLFSSL_CLIENT
  8497. #ifndef WOLFSSL_NO_TLS12
  8498. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
  8499. #else
  8500. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
  8501. #endif
  8502. #else
  8503. #ifndef WOLFSSL_NO_TLS12
  8504. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()));
  8505. #else
  8506. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
  8507. #endif
  8508. #endif
  8509. #ifdef TEST_PKCS8_ENC
  8510. wolfSSL_CTX_set_default_passwd_cb(ctx, PKCS8TestCallBack);
  8511. wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag);
  8512. flag = 1; /* used by password callback as return code */
  8513. #if !defined(NO_RSA) && !defined(NO_SHA)
  8514. /* test loading PEM PKCS8 encrypted file */
  8515. f = XFOPEN(serverKeyPkcs8EncPemFile, "rb");
  8516. AssertTrue((f != XBADFILE));
  8517. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  8518. XFCLOSE(f);
  8519. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8520. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  8521. /* this next case should fail because of password callback return code */
  8522. flag = 0; /* used by password callback as return code */
  8523. AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8524. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  8525. /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
  8526. AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
  8527. "yassl123"), 0);
  8528. /* test that error value is returned with a bad password */
  8529. AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
  8530. "bad"), 0);
  8531. /* test loading PEM PKCS8 encrypted file */
  8532. f = XFOPEN(serverKeyPkcs8EncDerFile, "rb");
  8533. AssertTrue((f != XBADFILE));
  8534. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  8535. XFCLOSE(f);
  8536. flag = 1; /* used by password callback as return code */
  8537. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8538. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  8539. /* this next case should fail because of password callback return code */
  8540. flag = 0; /* used by password callback as return code */
  8541. AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8542. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  8543. #endif /* !NO_RSA && !NO_SHA */
  8544. #if defined(HAVE_ECC) && !defined(NO_SHA)
  8545. /* test loading PEM PKCS8 encrypted ECC Key file */
  8546. f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb");
  8547. AssertTrue((f != XBADFILE));
  8548. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  8549. XFCLOSE(f);
  8550. flag = 1; /* used by password callback as return code */
  8551. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8552. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  8553. /* this next case should fail because of password callback return code */
  8554. flag = 0; /* used by password callback as return code */
  8555. AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8556. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  8557. /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
  8558. AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
  8559. "yassl123"), 0);
  8560. /* test that error value is returned with a bad password */
  8561. AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
  8562. "bad"), 0);
  8563. /* test loading DER PKCS8 encrypted ECC Key file */
  8564. f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb");
  8565. AssertTrue((f != XBADFILE));
  8566. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  8567. XFCLOSE(f);
  8568. flag = 1; /* used by password callback as return code */
  8569. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8570. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  8571. /* this next case should fail because of password callback return code */
  8572. flag = 0; /* used by password callback as return code */
  8573. AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8574. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  8575. /* leave flag as "okay" */
  8576. flag = 1;
  8577. #endif /* HAVE_ECC && !NO_SHA */
  8578. #endif /* TEST_PKCS8_ENC */
  8579. #ifndef NO_RSA
  8580. /* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */
  8581. f = XFOPEN(serverKeyPkcs8DerFile, "rb");
  8582. AssertTrue((f != XBADFILE));
  8583. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  8584. XFCLOSE(f);
  8585. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8586. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  8587. /* test loading PEM PKCS8 private key file (not encrypted) */
  8588. f = XFOPEN(serverKeyPkcs8PemFile, "rb");
  8589. AssertTrue((f != XBADFILE));
  8590. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  8591. XFCLOSE(f);
  8592. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8593. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  8594. #endif /* !NO_RSA */
  8595. /* Test PKCS8 PEM ECC key no crypt */
  8596. f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb");
  8597. AssertTrue((f != XBADFILE));
  8598. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  8599. XFCLOSE(f);
  8600. #ifdef HAVE_ECC
  8601. /* Test PKCS8 PEM ECC key no crypt */
  8602. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8603. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  8604. #ifndef NO_CODING
  8605. /* decrypt PKCS8 PEM to key in DER format */
  8606. AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der,
  8607. (word32)sizeof(der), NULL)), 0);
  8608. ret = wc_ecc_init(&key);
  8609. if (ret == 0) {
  8610. ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes);
  8611. wc_ecc_free(&key);
  8612. }
  8613. AssertIntEQ(ret, 0);
  8614. #endif
  8615. /* Test PKCS8 DER ECC key no crypt */
  8616. f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb");
  8617. AssertTrue((f != XBADFILE));
  8618. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  8619. XFCLOSE(f);
  8620. /* Test using a PKCS8 ECC PEM */
  8621. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  8622. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  8623. #else
  8624. /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
  8625. AssertIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der,
  8626. (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
  8627. #endif /* HAVE_ECC */
  8628. wolfSSL_CTX_free(ctx);
  8629. res = TEST_RES_CHECK(1);
  8630. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  8631. #endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */
  8632. return res;
  8633. }
  8634. static int test_wolfSSL_PKCS8_ED25519(void)
  8635. {
  8636. int res = TEST_SKIPPED;
  8637. #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
  8638. defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \
  8639. defined(HAVE_ED25519_KEY_IMPORT)
  8640. const byte encPrivKey[] = \
  8641. "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
  8642. "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n"
  8643. "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n"
  8644. "OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n"
  8645. "2L9W4v7swXkV+X+a1ww=\n"
  8646. "-----END ENCRYPTED PRIVATE KEY-----\n";
  8647. const char password[] = "abcdefghijklmnopqrstuvwxyz";
  8648. byte der[FOURK_BUF];
  8649. WOLFSSL_CTX* ctx;
  8650. int bytes;
  8651. XMEMSET(der, 0, sizeof(der));
  8652. AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
  8653. (word32)sizeof(der), password)), 0);
  8654. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  8655. #ifndef NO_WOLFSSL_SERVER
  8656. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  8657. #else
  8658. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  8659. #endif
  8660. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
  8661. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  8662. wolfSSL_CTX_free(ctx);
  8663. res = TEST_RES_CHECK(1);
  8664. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  8665. #endif
  8666. return res;
  8667. }
  8668. static int test_wolfSSL_PKCS8_ED448(void)
  8669. {
  8670. int res = TEST_SKIPPED;
  8671. #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
  8672. defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \
  8673. defined(HAVE_ED448_KEY_IMPORT)
  8674. const byte encPrivKey[] = \
  8675. "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
  8676. "MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n"
  8677. "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFvCFWBBHBlJBsYleBJlJWcEUNC7\n"
  8678. "Tf5pZviT5Btar4D/MNg6BsQHSDf5KW4ix871EsgDY2Zz+euaoWspiMntz7gU+PQu\n"
  8679. "T/JJcbD2Ly8BbE3l5WHMifAQqNLxJBfXrHkfYtAo\n"
  8680. "-----END ENCRYPTED PRIVATE KEY-----\n";
  8681. const char password[] = "abcdefghijklmnopqrstuvwxyz";
  8682. byte der[FOURK_BUF];
  8683. WOLFSSL_CTX* ctx;
  8684. int bytes;
  8685. XMEMSET(der, 0, sizeof(der));
  8686. AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
  8687. (word32)sizeof(der), password)), 0);
  8688. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  8689. #ifndef NO_WOLFSSL_SERVER
  8690. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  8691. #else
  8692. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  8693. #endif
  8694. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
  8695. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  8696. wolfSSL_CTX_free(ctx);
  8697. res = TEST_RES_CHECK(1);
  8698. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  8699. #endif
  8700. return res;
  8701. }
  8702. /* Testing functions dealing with PKCS5 */
  8703. static int test_wolfSSL_PKCS5(void)
  8704. {
  8705. int res = TEST_SKIPPED;
  8706. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED)
  8707. #ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */
  8708. const char* passwd = "myfipsPa$$W0rd";
  8709. #else
  8710. const char *passwd = "pass1234";
  8711. #endif
  8712. const unsigned char *salt = (unsigned char *)"salt1234";
  8713. unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL,
  8714. DYNAMIC_TYPE_TMP_BUFFER);
  8715. int ret = 0;
  8716. AssertNotNull(out);
  8717. ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt,
  8718. (int)XSTRLEN((const char *) salt), 10,
  8719. WC_SHA_DIGEST_SIZE,out);
  8720. AssertIntEQ(ret, SSL_SUCCESS);
  8721. #ifdef WOLFSSL_SHA512
  8722. ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt,
  8723. (int)XSTRLEN((const char *) salt), 10,
  8724. wolfSSL_EVP_sha512(), WC_SHA_DIGEST_SIZE, out);
  8725. AssertIntEQ(ret, SSL_SUCCESS);
  8726. #endif
  8727. XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  8728. res = TEST_RES_CHECK(1);
  8729. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */
  8730. return res;
  8731. }
  8732. /* test parsing URI from certificate */
  8733. static int test_wolfSSL_URI(void)
  8734. {
  8735. int res = TEST_SKIPPED;
  8736. #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
  8737. && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
  8738. defined(OPENSSL_EXTRA))
  8739. WOLFSSL_X509* x509;
  8740. const char uri[] = "./certs/client-uri-cert.pem";
  8741. const char badUri[] = "./certs/client-relative-uri.pem";
  8742. x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM);
  8743. AssertNotNull(x509);
  8744. wolfSSL_FreeX509(x509);
  8745. x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM);
  8746. #if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT) \
  8747. && !defined(WOLFSSL_FPKI)
  8748. AssertNull(x509);
  8749. #else
  8750. AssertNotNull(x509);
  8751. wolfSSL_FreeX509(x509);
  8752. #endif
  8753. res = TEST_RES_CHECK(1);
  8754. #endif
  8755. return res;
  8756. }
  8757. static int test_wolfSSL_TBS(void)
  8758. {
  8759. int res = TEST_SKIPPED;
  8760. #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
  8761. && defined(OPENSSL_EXTRA)
  8762. WOLFSSL_X509* x509;
  8763. const unsigned char* tbs;
  8764. int tbsSz;
  8765. AssertNotNull(x509 =
  8766. wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));
  8767. AssertNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz));
  8768. AssertNull(tbs = wolfSSL_X509_get_tbs(x509, NULL));
  8769. AssertNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
  8770. AssertIntEQ(tbsSz, 1003);
  8771. wolfSSL_FreeX509(x509);
  8772. res = TEST_RES_CHECK(1);
  8773. #endif
  8774. return res;
  8775. }
  8776. static int test_wolfSSL_X509_verify(void)
  8777. {
  8778. int res = TEST_SKIPPED;
  8779. #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
  8780. && defined(OPENSSL_EXTRA)
  8781. WOLFSSL_X509* ca;
  8782. WOLFSSL_X509* serv;
  8783. WOLFSSL_EVP_PKEY* pkey;
  8784. unsigned char buf[2048];
  8785. const unsigned char* pt = NULL;
  8786. int bufSz;
  8787. AssertNotNull(ca =
  8788. wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));
  8789. AssertIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz),
  8790. WOLFSSL_SUCCESS);
  8791. AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz),
  8792. WOLFSSL_SUCCESS);
  8793. AssertIntEQ(bufSz, 294);
  8794. bufSz = 2048;
  8795. AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
  8796. WOLFSSL_SUCCESS);
  8797. AssertIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE);
  8798. AssertIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk);
  8799. AssertNotNull(serv =
  8800. wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM));
  8801. /* success case */
  8802. pt = buf;
  8803. AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
  8804. AssertIntEQ(i2d_PUBKEY(pkey, NULL), bufSz);
  8805. AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS);
  8806. wolfSSL_EVP_PKEY_free(pkey);
  8807. /* fail case */
  8808. bufSz = 2048;
  8809. AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz),
  8810. WOLFSSL_SUCCESS);
  8811. pt = buf;
  8812. AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
  8813. AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE);
  8814. AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
  8815. AssertIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR);
  8816. wolfSSL_EVP_PKEY_free(pkey);
  8817. wolfSSL_FreeX509(ca);
  8818. wolfSSL_FreeX509(serv);
  8819. res = TEST_RES_CHECK(1);
  8820. #endif
  8821. return res;
  8822. }
  8823. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  8824. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
  8825. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
  8826. defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
  8827. /* create certificate with version 2 */
  8828. static void test_set_x509_badversion(WOLFSSL_CTX* ctx)
  8829. {
  8830. WOLFSSL_X509 *x509, *x509v2;
  8831. WOLFSSL_EVP_PKEY *priv, *pub;
  8832. unsigned char *der = NULL, *key = NULL, *pt;
  8833. char *header, *name;
  8834. int derSz;
  8835. long keySz;
  8836. XFILE fp;
  8837. WOLFSSL_ASN1_TIME *notBefore, *notAfter;
  8838. time_t t;
  8839. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  8840. WOLFSSL_FILETYPE_PEM));
  8841. fp = XFOPEN(cliKeyFile, "rb");
  8842. AssertIntEQ(wolfSSL_PEM_read(fp, &name, &header, &key, &keySz),
  8843. WOLFSSL_SUCCESS);
  8844. XFCLOSE(fp);
  8845. pt = key;
  8846. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  8847. (const unsigned char**)&pt, keySz));
  8848. /* create the version 2 certificate */
  8849. AssertNotNull(x509v2 = X509_new());
  8850. AssertIntEQ(wolfSSL_X509_set_version(x509v2, 1), WOLFSSL_SUCCESS);
  8851. AssertIntEQ(wolfSSL_X509_set_subject_name(x509v2,
  8852. wolfSSL_X509_get_subject_name(x509)), WOLFSSL_SUCCESS);
  8853. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509v2,
  8854. wolfSSL_X509_get_issuer_name(x509)), WOLFSSL_SUCCESS);
  8855. AssertNotNull(pub = wolfSSL_X509_get_pubkey(x509));
  8856. AssertIntEQ(X509_set_pubkey(x509v2, pub), WOLFSSL_SUCCESS);
  8857. t = time(NULL);
  8858. AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
  8859. AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
  8860. AssertTrue(wolfSSL_X509_set_notBefore(x509v2, notBefore));
  8861. AssertTrue(wolfSSL_X509_set_notAfter(x509v2, notAfter));
  8862. AssertIntGT(wolfSSL_X509_sign(x509v2, priv, EVP_sha256()), 0);
  8863. derSz = wolfSSL_i2d_X509(x509v2, &der);
  8864. AssertIntGT(derSz, 0);
  8865. AssertIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
  8866. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  8867. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); /* TODO: Replace with API call */
  8868. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8869. XFREE(name, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8870. XFREE(header, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8871. wolfSSL_X509_free(x509);
  8872. wolfSSL_X509_free(x509v2);
  8873. wolfSSL_EVP_PKEY_free(priv);
  8874. wolfSSL_EVP_PKEY_free(pub);
  8875. wolfSSL_ASN1_TIME_free(notBefore);
  8876. wolfSSL_ASN1_TIME_free(notAfter);
  8877. }
  8878. /* override certificate version error */
  8879. static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store)
  8880. {
  8881. #ifndef OPENSSL_COMPATIBLE_DEFAULTS
  8882. AssertIntEQ(store->error, ASN_VERSION_E);
  8883. #else
  8884. AssertIntEQ(store->error, 0);
  8885. #endif
  8886. AssertIntEQ((int)wolfSSL_X509_get_version(store->current_cert), 1);
  8887. (void)preverify;
  8888. return 1;
  8889. }
  8890. /* set verify callback that will override bad certificate version */
  8891. static void test_set_override_x509(WOLFSSL_CTX* ctx)
  8892. {
  8893. wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, test_override_x509);
  8894. }
  8895. #endif
  8896. static int test_wolfSSL_X509_TLS_version(void)
  8897. {
  8898. int res = TEST_SKIPPED;
  8899. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  8900. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
  8901. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
  8902. defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
  8903. tcp_ready ready;
  8904. func_args server_args;
  8905. func_args client_args;
  8906. THREAD_TYPE serverThread;
  8907. callback_functions func_cb_client;
  8908. callback_functions func_cb_server;
  8909. /* test server rejects a client certificate that is not version 3 */
  8910. #ifdef WOLFSSL_TIRTOS
  8911. fdOpenSession(Task_self());
  8912. #endif
  8913. XMEMSET(&server_args, 0, sizeof(func_args));
  8914. XMEMSET(&client_args, 0, sizeof(func_args));
  8915. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  8916. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  8917. StartTCP();
  8918. InitTcpReady(&ready);
  8919. #if defined(USE_WINDOWS_API)
  8920. /* use RNG to get random port if using windows */
  8921. ready.port = GetRandomPort();
  8922. #endif
  8923. server_args.signal = &ready;
  8924. client_args.signal = &ready;
  8925. server_args.return_code = TEST_FAIL;
  8926. client_args.return_code = TEST_FAIL;
  8927. func_cb_client.ctx_ready = &test_set_x509_badversion;
  8928. #ifndef WOLFSSL_NO_TLS12
  8929. func_cb_client.method = wolfTLSv1_2_client_method;
  8930. #else
  8931. func_cb_client.method = wolfTLSv1_3_client_method;
  8932. #endif
  8933. client_args.callbacks = &func_cb_client;
  8934. #ifndef WOLFSSL_NO_TLS12
  8935. func_cb_server.method = wolfTLSv1_2_server_method;
  8936. #else
  8937. func_cb_server.method = wolfTLSv1_3_server_method;
  8938. #endif
  8939. server_args.callbacks = &func_cb_server;
  8940. start_thread(test_server_nofail, &server_args, &serverThread);
  8941. wait_tcp_ready(&server_args);
  8942. test_client_nofail(&client_args, NULL);
  8943. join_thread(serverThread);
  8944. #ifndef OPENSSL_COMPATIBLE_DEFAULTS
  8945. AssertIntEQ(client_args.return_code, TEST_FAIL);
  8946. AssertIntEQ(server_args.return_code, TEST_FAIL);
  8947. #else
  8948. AssertIntEQ(client_args.return_code, TEST_SUCCESS);
  8949. AssertIntEQ(server_args.return_code, TEST_SUCCESS);
  8950. #endif
  8951. FreeTcpReady(&ready);
  8952. #ifdef WOLFSSL_TIRTOS
  8953. fdCloseSession(Task_self());
  8954. #endif
  8955. /* Now re run but override the bad X509 version */
  8956. #ifdef WOLFSSL_TIRTOS
  8957. fdOpenSession(Task_self());
  8958. #endif
  8959. XMEMSET(&server_args, 0, sizeof(func_args));
  8960. XMEMSET(&client_args, 0, sizeof(func_args));
  8961. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  8962. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  8963. StartTCP();
  8964. InitTcpReady(&ready);
  8965. #if defined(USE_WINDOWS_API)
  8966. /* use RNG to get random port if using windows */
  8967. ready.port = GetRandomPort();
  8968. #endif
  8969. server_args.signal = &ready;
  8970. client_args.signal = &ready;
  8971. server_args.return_code = TEST_FAIL;
  8972. client_args.return_code = TEST_FAIL;
  8973. func_cb_client.ctx_ready = &test_set_x509_badversion;
  8974. func_cb_server.ctx_ready = &test_set_override_x509;
  8975. #ifndef WOLFSSL_NO_TLS12
  8976. func_cb_client.method = wolfTLSv1_2_client_method;
  8977. #else
  8978. func_cb_client.method = wolfTLSv1_3_client_method;
  8979. #endif
  8980. client_args.callbacks = &func_cb_client;
  8981. #ifndef WOLFSSL_NO_TLS12
  8982. func_cb_server.method = wolfTLSv1_2_server_method;
  8983. #else
  8984. func_cb_server.method = wolfTLSv1_3_server_method;
  8985. #endif
  8986. server_args.callbacks = &func_cb_server;
  8987. start_thread(test_server_nofail, &server_args, &serverThread);
  8988. wait_tcp_ready(&server_args);
  8989. test_client_nofail(&client_args, NULL);
  8990. join_thread(serverThread);
  8991. AssertIntEQ(client_args.return_code, TEST_SUCCESS);
  8992. AssertIntEQ(server_args.return_code, TEST_SUCCESS);
  8993. FreeTcpReady(&ready);
  8994. #ifdef WOLFSSL_TIRTOS
  8995. fdCloseSession(Task_self());
  8996. #endif
  8997. res = TEST_RES_CHECK(1);
  8998. #endif
  8999. return res;
  9000. }
  9001. /* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade
  9002. * version allowed.
  9003. * POST: 1 on success.
  9004. */
  9005. static int test_wolfSSL_CTX_SetMinVersion(void)
  9006. {
  9007. int res = TEST_SKIPPED;
  9008. #ifndef NO_WOLFSSL_CLIENT
  9009. int failFlag = WOLFSSL_SUCCESS;
  9010. WOLFSSL_CTX* ctx;
  9011. int itr;
  9012. #ifndef NO_OLD_TLS
  9013. const int versions[] = {
  9014. #ifdef WOLFSSL_ALLOW_TLSV10
  9015. WOLFSSL_TLSV1,
  9016. #endif
  9017. WOLFSSL_TLSV1_1,
  9018. WOLFSSL_TLSV1_2 };
  9019. #elif !defined(WOLFSSL_NO_TLS12)
  9020. const int versions[] = { WOLFSSL_TLSV1_2 };
  9021. #elif defined(WOLFSSL_TLS13)
  9022. const int versions[] = { WOLFSSL_TLSV1_3 };
  9023. #else
  9024. const int versions[0];
  9025. #endif
  9026. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  9027. for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++) {
  9028. if (wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr))
  9029. != WOLFSSL_SUCCESS) {
  9030. failFlag = WOLFSSL_FAILURE;
  9031. }
  9032. }
  9033. wolfSSL_CTX_free(ctx);
  9034. res = TEST_RES_CHECK(failFlag == WOLFSSL_SUCCESS);
  9035. #endif
  9036. return res;
  9037. } /* END test_wolfSSL_CTX_SetMinVersion */
  9038. /*----------------------------------------------------------------------------*
  9039. | OCSP Stapling
  9040. *----------------------------------------------------------------------------*/
  9041. /* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need
  9042. * need to contact the CA, lowering the cost of cert revocation checking.
  9043. * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
  9044. * POST: 1 returned for success.
  9045. */
  9046. static int test_wolfSSL_UseOCSPStapling(void)
  9047. {
  9048. int res = TEST_SKIPPED;
  9049. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \
  9050. !defined(NO_WOLFSSL_CLIENT)
  9051. int ret;
  9052. WOLFSSL_CTX* ctx;
  9053. WOLFSSL* ssl;
  9054. #ifndef NO_WOLFSSL_CLIENT
  9055. #ifndef WOLFSSL_NO_TLS12
  9056. ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
  9057. #else
  9058. ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
  9059. #endif
  9060. #else
  9061. #ifndef WOLFSSL_NO_TLS12
  9062. ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
  9063. #else
  9064. ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
  9065. #endif
  9066. #endif
  9067. ssl = wolfSSL_new(ctx);
  9068. ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
  9069. WOLFSSL_CSR2_OCSP_USE_NONCE);
  9070. wolfSSL_free(ssl);
  9071. wolfSSL_CTX_free(ctx);
  9072. res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS);
  9073. #endif
  9074. return res;
  9075. } /*END test_wolfSSL_UseOCSPStapling */
  9076. /* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 function. OCSP
  9077. * stapling eliminates the need to contact the CA and lowers cert revocation
  9078. * check.
  9079. * PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined.
  9080. */
  9081. static int test_wolfSSL_UseOCSPStaplingV2(void)
  9082. {
  9083. int res = TEST_SKIPPED;
  9084. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \
  9085. !defined(NO_WOLFSSL_CLIENT)
  9086. int ret;
  9087. WOLFSSL_CTX* ctx;
  9088. WOLFSSL* ssl;
  9089. #ifndef NO_WOLFSSL_CLIENT
  9090. #ifndef WOLFSSL_NO_TLS12
  9091. ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
  9092. #else
  9093. ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
  9094. #endif
  9095. #else
  9096. #ifndef WOLFSSL_NO_TLS12
  9097. ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
  9098. #else
  9099. ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
  9100. #endif
  9101. #endif
  9102. ssl = wolfSSL_new(ctx);
  9103. ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
  9104. WOLFSSL_CSR2_OCSP_USE_NONCE );
  9105. wolfSSL_free(ssl);
  9106. wolfSSL_CTX_free(ctx);
  9107. res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS);
  9108. #endif
  9109. return res;
  9110. } /*END test_wolfSSL_UseOCSPStaplingV2*/
  9111. /*----------------------------------------------------------------------------*
  9112. | Multicast Tests
  9113. *----------------------------------------------------------------------------*/
  9114. static int test_wolfSSL_mcast(void)
  9115. {
  9116. int res = TEST_SKIPPED;
  9117. #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \
  9118. (defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER))
  9119. WOLFSSL_CTX* ctx;
  9120. WOLFSSL* ssl;
  9121. int result;
  9122. byte preMasterSecret[512];
  9123. byte clientRandom[32];
  9124. byte serverRandom[32];
  9125. byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
  9126. byte buf[256];
  9127. word16 newId;
  9128. ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
  9129. AssertNotNull(ctx);
  9130. result = wolfSSL_CTX_mcast_set_member_id(ctx, 0);
  9131. AssertIntEQ(result, WOLFSSL_SUCCESS);
  9132. ssl = wolfSSL_new(ctx);
  9133. AssertNotNull(ssl);
  9134. XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret));
  9135. XMEMSET(clientRandom, 0xA5, sizeof(clientRandom));
  9136. XMEMSET(serverRandom, 0x5A, sizeof(serverRandom));
  9137. result = wolfSSL_set_secret(ssl, 23,
  9138. preMasterSecret, sizeof(preMasterSecret),
  9139. clientRandom, serverRandom, suite);
  9140. AssertIntEQ(result, WOLFSSL_SUCCESS);
  9141. result = wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf));
  9142. AssertIntLE(result, 0);
  9143. AssertIntLE(newId, 100);
  9144. wolfSSL_free(ssl);
  9145. wolfSSL_CTX_free(ctx);
  9146. res = TEST_RES_CHECK(1);
  9147. #endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST && (WOLFSSL_TLS13 ||
  9148. * WOLFSSL_SNIFFER) */
  9149. return res;
  9150. }
  9151. /*----------------------------------------------------------------------------*
  9152. | Wolfcrypt
  9153. *----------------------------------------------------------------------------*/
  9154. /*
  9155. * Unit test for the wc_InitBlake2b()
  9156. */
  9157. static int test_wc_InitBlake2b(void)
  9158. {
  9159. int res = TEST_SKIPPED;
  9160. #ifdef HAVE_BLAKE2
  9161. Blake2b blake;
  9162. int ret = 0;
  9163. /* Test good arg. */
  9164. ret = wc_InitBlake2b(&blake, 64);
  9165. if (ret != 0) {
  9166. ret = WOLFSSL_FATAL_ERROR;
  9167. }
  9168. /* Test bad arg. */
  9169. if (!ret) {
  9170. ret = wc_InitBlake2b(NULL, 64);
  9171. if (ret == 0) {
  9172. ret = WOLFSSL_FATAL_ERROR;
  9173. }
  9174. else {
  9175. ret = 0;
  9176. }
  9177. }
  9178. if (!ret) {
  9179. ret = wc_InitBlake2b(NULL, 128);
  9180. if (ret == 0) {
  9181. ret = WOLFSSL_FATAL_ERROR;
  9182. }
  9183. else {
  9184. ret = 0;
  9185. }
  9186. }
  9187. if (!ret) {
  9188. ret = wc_InitBlake2b(&blake, 128);
  9189. if (ret == 0) {
  9190. ret = WOLFSSL_FATAL_ERROR;
  9191. }
  9192. else {
  9193. ret = 0;
  9194. }
  9195. }
  9196. if (!ret) {
  9197. ret = wc_InitBlake2b(NULL, 0);
  9198. if (ret == 0) {
  9199. ret = WOLFSSL_FATAL_ERROR;
  9200. }
  9201. else {
  9202. ret = 0;
  9203. }
  9204. }
  9205. if (!ret) {
  9206. ret = wc_InitBlake2b(&blake, 0);
  9207. if (ret == 0) {
  9208. ret = WOLFSSL_FATAL_ERROR;
  9209. }
  9210. else {
  9211. ret = 0;
  9212. }
  9213. }
  9214. res = TEST_RES_CHECK(ret == 0);
  9215. #endif
  9216. return res;
  9217. } /*END test_wc_InitBlake2b*/
  9218. /*
  9219. * Unit test for the wc_InitBlake2b_WithKey()
  9220. */
  9221. static int test_wc_InitBlake2b_WithKey(void)
  9222. {
  9223. int res = TEST_SKIPPED;
  9224. #ifdef HAVE_BLAKE2
  9225. Blake2b blake;
  9226. word32 digestSz = BLAKE2B_KEYBYTES;
  9227. byte key[BLAKE2B_KEYBYTES];
  9228. word32 keylen = BLAKE2B_KEYBYTES;
  9229. int ret = 0;
  9230. XMEMSET(key, 0, sizeof(key));
  9231. /* Test good arg. */
  9232. ret = wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen);
  9233. if (ret != 0) {
  9234. ret = WOLFSSL_FATAL_ERROR;
  9235. }
  9236. /* Test bad args. */
  9237. if (ret == 0) {
  9238. ret = wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen);
  9239. if (ret == BAD_FUNC_ARG) {
  9240. ret = 0;
  9241. }
  9242. }
  9243. if (ret == 0) {
  9244. ret = wc_InitBlake2b_WithKey(&blake, digestSz, key, 256);
  9245. if (ret == BAD_FUNC_ARG) {
  9246. ret = 0;
  9247. }
  9248. }
  9249. if (ret == 0) {
  9250. ret = wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen);
  9251. }
  9252. res = TEST_RES_CHECK(ret == 0);
  9253. #endif
  9254. return res;
  9255. } /*END wc_InitBlake2b_WithKey*/
  9256. /*
  9257. * Unit test for the wc_InitBlake2s_WithKey()
  9258. */
  9259. static int test_wc_InitBlake2s_WithKey(void)
  9260. {
  9261. int res = TEST_SKIPPED;
  9262. #ifdef HAVE_BLAKE2S
  9263. Blake2s blake;
  9264. word32 digestSz = BLAKE2S_KEYBYTES;
  9265. byte *key = (byte*)"01234567890123456789012345678901";
  9266. word32 keylen = BLAKE2S_KEYBYTES;
  9267. int ret = 0;
  9268. /* Test good arg. */
  9269. ret = wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen);
  9270. if (ret != 0) {
  9271. ret = WOLFSSL_FATAL_ERROR;
  9272. }
  9273. /* Test bad args. */
  9274. if (ret == 0) {
  9275. ret = wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen);
  9276. if (ret == BAD_FUNC_ARG) {
  9277. ret = 0;
  9278. }
  9279. }
  9280. if (ret == 0) {
  9281. ret = wc_InitBlake2s_WithKey(&blake, digestSz, key, 256);
  9282. if (ret == BAD_FUNC_ARG) {
  9283. ret = 0;
  9284. }
  9285. }
  9286. if (ret == 0) {
  9287. ret = wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen);
  9288. }
  9289. res = TEST_RES_CHECK(ret == 0);
  9290. #endif
  9291. return res;
  9292. } /*END wc_InitBlake2s_WithKey*/
  9293. /*
  9294. * Unit test for the wc_InitMd5()
  9295. */
  9296. static int test_wc_InitMd5(void)
  9297. {
  9298. int res = TEST_SKIPPED;
  9299. #ifndef NO_MD5
  9300. wc_Md5 md5;
  9301. int ret;
  9302. int flag = 0;
  9303. /* Test good arg. */
  9304. ret = wc_InitMd5(&md5);
  9305. if (ret != 0) {
  9306. flag = WOLFSSL_FATAL_ERROR;
  9307. }
  9308. /* Test bad arg. */
  9309. if (!flag) {
  9310. ret = wc_InitMd5(NULL);
  9311. if (ret != BAD_FUNC_ARG) {
  9312. flag = WOLFSSL_FATAL_ERROR;
  9313. }
  9314. }
  9315. wc_Md5Free(&md5);
  9316. res = TEST_RES_CHECK(flag == 0);
  9317. #endif
  9318. return res;
  9319. } /* END test_wc_InitMd5 */
  9320. /*
  9321. * Testing wc_UpdateMd5()
  9322. */
  9323. static int test_wc_Md5Update(void)
  9324. {
  9325. int res = TEST_SKIPPED;
  9326. #ifndef NO_MD5
  9327. wc_Md5 md5;
  9328. byte hash[WC_MD5_DIGEST_SIZE];
  9329. testVector a, b, c;
  9330. int ret;
  9331. int flag = 0;
  9332. ret = wc_InitMd5(&md5);
  9333. if (ret != 0) {
  9334. flag = ret;
  9335. }
  9336. /* Input */
  9337. if (!flag) {
  9338. a.input = "a";
  9339. a.inLen = XSTRLEN(a.input);
  9340. ret = wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen);
  9341. if (ret != 0) {
  9342. flag = ret;
  9343. }
  9344. }
  9345. if (!flag) {
  9346. ret = wc_Md5Final(&md5, hash);
  9347. if (ret != 0) {
  9348. flag = ret;
  9349. }
  9350. }
  9351. /* Update input. */
  9352. if (!flag) {
  9353. a.input = "abc";
  9354. a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
  9355. "\x72";
  9356. a.inLen = XSTRLEN(a.input);
  9357. a.outLen = XSTRLEN(a.output);
  9358. ret = wc_Md5Update(&md5, (byte*) a.input, (word32) a.inLen);
  9359. if (ret != 0) {
  9360. flag = ret;
  9361. }
  9362. }
  9363. if (!flag) {
  9364. ret = wc_Md5Final(&md5, hash);
  9365. if (ret != 0) {
  9366. flag = ret;
  9367. }
  9368. }
  9369. if (!flag) {
  9370. if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
  9371. flag = WOLFSSL_FATAL_ERROR;
  9372. }
  9373. }
  9374. /*Pass in bad values. */
  9375. if (!flag) {
  9376. b.input = NULL;
  9377. b.inLen = 0;
  9378. ret = wc_Md5Update(&md5, (byte*)b.input, (word32)b.inLen);
  9379. if (ret != 0) {
  9380. flag = ret;
  9381. }
  9382. }
  9383. if (!flag) {
  9384. c.input = NULL;
  9385. c.inLen = WC_MD5_DIGEST_SIZE;
  9386. ret = wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen);
  9387. if (ret != BAD_FUNC_ARG) {
  9388. flag = WOLFSSL_FATAL_ERROR;
  9389. }
  9390. }
  9391. if (!flag) {
  9392. ret = wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen);
  9393. if (ret != BAD_FUNC_ARG) {
  9394. flag = WOLFSSL_FATAL_ERROR;
  9395. }
  9396. }
  9397. wc_Md5Free(&md5);
  9398. res = TEST_RES_CHECK(flag == 0);
  9399. #endif
  9400. return res;
  9401. } /* END test_wc_Md5Update() */
  9402. /*
  9403. * Unit test on wc_Md5Final() in wolfcrypt/src/md5.c
  9404. */
  9405. static int test_wc_Md5Final(void)
  9406. {
  9407. int res = TEST_SKIPPED;
  9408. #ifndef NO_MD5
  9409. /* Instantiate */
  9410. wc_Md5 md5;
  9411. byte* hash_test[3];
  9412. byte hash1[WC_MD5_DIGEST_SIZE];
  9413. byte hash2[2*WC_MD5_DIGEST_SIZE];
  9414. byte hash3[5*WC_MD5_DIGEST_SIZE];
  9415. int times, i, ret;
  9416. int flag = 0;
  9417. /* Initialize */
  9418. ret = wc_InitMd5(&md5);
  9419. if (ret != 0) {
  9420. flag = ret;
  9421. }
  9422. if (!flag) {
  9423. hash_test[0] = hash1;
  9424. hash_test[1] = hash2;
  9425. hash_test[2] = hash3;
  9426. }
  9427. times = sizeof(hash_test)/sizeof(byte*);
  9428. for (i = 0; i < times; i++) {
  9429. if (!flag) {
  9430. ret = wc_Md5Final(&md5, hash_test[i]);
  9431. if (ret != 0) {
  9432. flag = WOLFSSL_FATAL_ERROR;
  9433. }
  9434. }
  9435. }
  9436. /* Test bad args. */
  9437. if (!flag) {
  9438. ret = wc_Md5Final(NULL, NULL);
  9439. if (ret != BAD_FUNC_ARG) {
  9440. flag = WOLFSSL_FATAL_ERROR;
  9441. }
  9442. }
  9443. if (!flag) {
  9444. ret = wc_Md5Final(NULL, hash1);
  9445. if (ret != BAD_FUNC_ARG) {
  9446. flag = WOLFSSL_FATAL_ERROR;
  9447. }
  9448. }
  9449. if (!flag) {
  9450. ret = wc_Md5Final(&md5, NULL);
  9451. if (ret != BAD_FUNC_ARG) {
  9452. flag = WOLFSSL_FATAL_ERROR;
  9453. }
  9454. }
  9455. wc_Md5Free(&md5);
  9456. res = TEST_RES_CHECK(flag == 0);
  9457. #endif
  9458. return res;
  9459. }
  9460. /*
  9461. * Unit test for the wc_InitSha()
  9462. */
  9463. static int test_wc_InitSha(void)
  9464. {
  9465. int res = TEST_SKIPPED;
  9466. #ifndef NO_SHA
  9467. wc_Sha sha;
  9468. int ret;
  9469. int flag = 0;
  9470. /* Test good arg. */
  9471. ret = wc_InitSha(&sha);
  9472. if (ret != 0) {
  9473. flag = WOLFSSL_FATAL_ERROR;
  9474. }
  9475. /* Test bad arg. */
  9476. if (!flag) {
  9477. ret = wc_InitSha(NULL);
  9478. if (ret != BAD_FUNC_ARG) {
  9479. flag = WOLFSSL_FATAL_ERROR;
  9480. }
  9481. }
  9482. wc_ShaFree(&sha);
  9483. res = TEST_RES_CHECK(flag == 0);
  9484. #endif
  9485. return res;
  9486. } /* END test_wc_InitSha */
  9487. /*
  9488. * Tesing wc_ShaUpdate()
  9489. */
  9490. static int test_wc_ShaUpdate(void)
  9491. {
  9492. int res = TEST_SKIPPED;
  9493. #ifndef NO_SHA
  9494. wc_Sha sha;
  9495. byte hash[WC_SHA_DIGEST_SIZE];
  9496. testVector a, b, c;
  9497. int flag = 0;
  9498. int ret;
  9499. ret = wc_InitSha(&sha);
  9500. if (ret != 0) {
  9501. flag = ret;
  9502. }
  9503. /* Input. */
  9504. if (!flag) {
  9505. a.input = "a";
  9506. a.inLen = XSTRLEN(a.input);
  9507. ret = wc_ShaUpdate(&sha, NULL, 0);
  9508. if (ret != 0) {
  9509. flag = ret;
  9510. }
  9511. ret = wc_ShaUpdate(&sha, (byte*)a.input, 0);
  9512. if (ret != 0) {
  9513. flag = ret;
  9514. }
  9515. ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
  9516. if (ret != 0) {
  9517. flag = ret;
  9518. }
  9519. }
  9520. if (!flag) {
  9521. ret = wc_ShaFinal(&sha, hash);
  9522. if (ret != 0) {
  9523. flag = ret;
  9524. }
  9525. }
  9526. /* Update input. */
  9527. if (!flag) {
  9528. a.input = "abc";
  9529. a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
  9530. "\x6C\x9C\xD0\xD8\x9D";
  9531. a.inLen = XSTRLEN(a.input);
  9532. a.outLen = XSTRLEN(a.output);
  9533. ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
  9534. if (ret != 0) {
  9535. flag = ret;
  9536. }
  9537. }
  9538. if (!flag) {
  9539. ret = wc_ShaFinal(&sha, hash);
  9540. if (ret !=0) {
  9541. flag = ret;
  9542. }
  9543. }
  9544. if (!flag) {
  9545. if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
  9546. flag = WOLFSSL_FATAL_ERROR;
  9547. }
  9548. }
  9549. /* Try passing in bad values. */
  9550. if (!flag) {
  9551. b.input = NULL;
  9552. b.inLen = 0;
  9553. ret = wc_ShaUpdate(&sha, (byte*)b.input, (word32)b.inLen);
  9554. if (ret != 0) {
  9555. flag = ret;
  9556. }
  9557. }
  9558. if (!flag) {
  9559. c.input = NULL;
  9560. c.inLen = WC_SHA_DIGEST_SIZE;
  9561. ret = wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen);
  9562. if (ret != BAD_FUNC_ARG) {
  9563. flag = WOLFSSL_FATAL_ERROR;
  9564. }
  9565. }
  9566. if (!flag) {
  9567. ret = wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  9568. if (ret != BAD_FUNC_ARG) {
  9569. flag = WOLFSSL_FATAL_ERROR;
  9570. }
  9571. }
  9572. wc_ShaFree(&sha);
  9573. res = TEST_RES_CHECK(flag == 0);
  9574. #endif
  9575. return res;
  9576. } /* END test_wc_ShaUpdate() */
  9577. /*
  9578. * Unit test on wc_ShaFinal
  9579. */
  9580. static int test_wc_ShaFinal(void)
  9581. {
  9582. int res = TEST_SKIPPED;
  9583. #ifndef NO_SHA
  9584. wc_Sha sha;
  9585. byte* hash_test[3];
  9586. byte hash1[WC_SHA_DIGEST_SIZE];
  9587. byte hash2[2*WC_SHA_DIGEST_SIZE];
  9588. byte hash3[5*WC_SHA_DIGEST_SIZE];
  9589. int times, i, ret;
  9590. int flag = 0;
  9591. /*Initialize*/
  9592. ret = wc_InitSha(&sha);
  9593. if (ret) {
  9594. flag = ret;
  9595. }
  9596. if (!flag) {
  9597. hash_test[0] = hash1;
  9598. hash_test[1] = hash2;
  9599. hash_test[2] = hash3;
  9600. }
  9601. times = sizeof(hash_test)/sizeof(byte*);
  9602. for (i = 0; i < times; i++) {
  9603. if (!flag) {
  9604. ret = wc_ShaFinal(&sha, hash_test[i]);
  9605. if (ret != 0) {
  9606. flag = WOLFSSL_FATAL_ERROR;
  9607. }
  9608. }
  9609. }
  9610. /* Test bad args. */
  9611. if (!flag) {
  9612. ret = wc_ShaFinal(NULL, NULL);
  9613. if (ret != BAD_FUNC_ARG) {
  9614. flag = WOLFSSL_FATAL_ERROR;
  9615. }
  9616. }
  9617. if (!flag) {
  9618. ret = wc_ShaFinal(NULL, hash1);
  9619. if (ret != BAD_FUNC_ARG) {
  9620. flag = WOLFSSL_FATAL_ERROR;
  9621. }
  9622. }
  9623. if (!flag) {
  9624. ret = wc_ShaFinal(&sha, NULL);
  9625. if (ret != BAD_FUNC_ARG) {
  9626. flag = WOLFSSL_FATAL_ERROR;
  9627. }
  9628. }
  9629. wc_ShaFree(&sha);
  9630. res = TEST_RES_CHECK(flag == 0);
  9631. #endif
  9632. return res;
  9633. } /* END test_wc_ShaFinal */
  9634. /*
  9635. * Unit test for wc_InitSha256()
  9636. */
  9637. static int test_wc_InitSha256(void)
  9638. {
  9639. int res = TEST_SKIPPED;
  9640. #ifndef NO_SHA256
  9641. wc_Sha256 sha256;
  9642. int ret;
  9643. int flag = 0;
  9644. /* Test good arg. */
  9645. ret = wc_InitSha256(&sha256);
  9646. if (ret != 0) {
  9647. flag = WOLFSSL_FATAL_ERROR;
  9648. }
  9649. /* Test bad arg. */
  9650. if (!flag) {
  9651. ret = wc_InitSha256(NULL);
  9652. if (ret != BAD_FUNC_ARG) {
  9653. flag = WOLFSSL_FATAL_ERROR;
  9654. }
  9655. }
  9656. wc_Sha256Free(&sha256);
  9657. res = TEST_RES_CHECK(flag == 0);
  9658. #endif
  9659. return res;
  9660. } /* END test_wc_InitSha256 */
  9661. /*
  9662. * Unit test for wc_Sha256Update()
  9663. */
  9664. static int test_wc_Sha256Update(void)
  9665. {
  9666. int res = TEST_SKIPPED;
  9667. #ifndef NO_SHA256
  9668. wc_Sha256 sha256;
  9669. byte hash[WC_SHA256_DIGEST_SIZE];
  9670. testVector a, b, c;
  9671. int ret;
  9672. int flag = 0;
  9673. ret = wc_InitSha256(&sha256);
  9674. if (ret != 0) {
  9675. flag = ret;
  9676. }
  9677. /* Input. */
  9678. if (!flag) {
  9679. a.input = "a";
  9680. a.inLen = XSTRLEN(a.input);
  9681. ret = wc_Sha256Update(&sha256, NULL, 0);
  9682. if (ret != 0) {
  9683. flag = ret;
  9684. }
  9685. ret = wc_Sha256Update(&sha256, (byte*)a.input, 0);
  9686. if (ret != 0) {
  9687. flag = ret;
  9688. }
  9689. ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
  9690. if (ret != 0) {
  9691. flag = ret;
  9692. }
  9693. }
  9694. if (!flag) {
  9695. ret = wc_Sha256Final(&sha256, hash);
  9696. if (ret != 0) {
  9697. flag = ret;
  9698. }
  9699. }
  9700. /* Update input. */
  9701. if (!flag) {
  9702. a.input = "abc";
  9703. a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
  9704. "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
  9705. "\x15\xAD";
  9706. a.inLen = XSTRLEN(a.input);
  9707. a.outLen = XSTRLEN(a.output);
  9708. ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
  9709. if (ret != 0) {
  9710. flag = ret;
  9711. }
  9712. }
  9713. if (!flag) {
  9714. ret = wc_Sha256Final(&sha256, hash);
  9715. if (ret != 0) {
  9716. flag = ret;
  9717. }
  9718. }
  9719. if (!flag) {
  9720. if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
  9721. flag = WOLFSSL_FATAL_ERROR;
  9722. }
  9723. }
  9724. /* Try passing in bad values */
  9725. if (!flag) {
  9726. b.input = NULL;
  9727. b.inLen = 0;
  9728. ret = wc_Sha256Update(&sha256, (byte*)b.input, (word32)b.inLen);
  9729. if (ret != 0) {
  9730. flag = ret;
  9731. }
  9732. }
  9733. if (!flag) {
  9734. c.input = NULL;
  9735. c.inLen = WC_SHA256_DIGEST_SIZE;
  9736. ret = wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen);
  9737. if (ret != BAD_FUNC_ARG) {
  9738. flag = WOLFSSL_FATAL_ERROR;
  9739. }
  9740. }
  9741. if (!flag) {
  9742. ret = wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen);
  9743. if (ret != BAD_FUNC_ARG) {
  9744. flag = WOLFSSL_FATAL_ERROR;
  9745. }
  9746. }
  9747. wc_Sha256Free(&sha256);
  9748. res = TEST_RES_CHECK(flag == 0);
  9749. #endif
  9750. return res;
  9751. } /* END test_wc_Sha256Update */
  9752. /*
  9753. * Unit test function for wc_Sha256Final()
  9754. */
  9755. static int test_wc_Sha256Final(void)
  9756. {
  9757. int res = TEST_SKIPPED;
  9758. #ifndef NO_SHA256
  9759. wc_Sha256 sha256;
  9760. byte* hash_test[3];
  9761. byte hash1[WC_SHA256_DIGEST_SIZE];
  9762. byte hash2[2*WC_SHA256_DIGEST_SIZE];
  9763. byte hash3[5*WC_SHA256_DIGEST_SIZE];
  9764. int times, i, ret;
  9765. int flag = 0;
  9766. /* Initialize */
  9767. ret = wc_InitSha256(&sha256);
  9768. if (ret != 0) {
  9769. flag = ret;
  9770. }
  9771. if (!flag) {
  9772. hash_test[0] = hash1;
  9773. hash_test[1] = hash2;
  9774. hash_test[2] = hash3;
  9775. }
  9776. times = sizeof(hash_test) / sizeof(byte*);
  9777. for (i = 0; i < times; i++) {
  9778. if (!flag) {
  9779. ret = wc_Sha256Final(&sha256, hash_test[i]);
  9780. if (ret != 0) {
  9781. flag = WOLFSSL_FATAL_ERROR;
  9782. }
  9783. }
  9784. }
  9785. /* Test bad args. */
  9786. if (!flag ) {
  9787. ret = wc_Sha256Final(NULL, NULL);
  9788. if (ret != BAD_FUNC_ARG) {
  9789. flag = WOLFSSL_FATAL_ERROR;
  9790. }
  9791. }
  9792. if (!flag) {
  9793. ret = wc_Sha256Final(NULL, hash1);
  9794. if (ret != BAD_FUNC_ARG) {
  9795. flag = WOLFSSL_FATAL_ERROR;
  9796. }
  9797. }
  9798. if (!flag) {
  9799. ret = wc_Sha256Final(&sha256, NULL);
  9800. if (ret != BAD_FUNC_ARG) {
  9801. flag = WOLFSSL_FATAL_ERROR;
  9802. }
  9803. }
  9804. wc_Sha256Free(&sha256);
  9805. res = TEST_RES_CHECK(flag == 0);
  9806. #endif
  9807. return res;
  9808. } /* END test_wc_Sha256Final */
  9809. /*
  9810. * Unit test function for wc_Sha256FinalRaw()
  9811. */
  9812. static int test_wc_Sha256FinalRaw(void)
  9813. {
  9814. int res = TEST_SKIPPED;
  9815. #if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
  9816. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
  9817. !defined(WOLFSSL_NO_HASH_RAW)
  9818. wc_Sha256 sha256;
  9819. byte* hash_test[3];
  9820. byte hash1[WC_SHA256_DIGEST_SIZE];
  9821. byte hash2[2*WC_SHA256_DIGEST_SIZE];
  9822. byte hash3[5*WC_SHA256_DIGEST_SIZE];
  9823. int times, i, ret;
  9824. int flag = 0;
  9825. /* Initialize */
  9826. ret = wc_InitSha256(&sha256);
  9827. if (ret != 0) {
  9828. flag = ret;
  9829. }
  9830. if (!flag) {
  9831. hash_test[0] = hash1;
  9832. hash_test[1] = hash2;
  9833. hash_test[2] = hash3;
  9834. }
  9835. times = sizeof(hash_test) / sizeof(byte*);
  9836. for (i = 0; i < times; i++) {
  9837. if (!flag) {
  9838. ret = wc_Sha256FinalRaw(&sha256, hash_test[i]);
  9839. if (ret != 0) {
  9840. flag = WOLFSSL_FATAL_ERROR;
  9841. }
  9842. }
  9843. }
  9844. /* Test bad args. */
  9845. if (!flag) {
  9846. ret = wc_Sha256FinalRaw(NULL, NULL);
  9847. if (ret != BAD_FUNC_ARG) {
  9848. flag = WOLFSSL_FATAL_ERROR;
  9849. }
  9850. }
  9851. if (!flag) {
  9852. ret = wc_Sha256FinalRaw(NULL, hash1);
  9853. if (ret != BAD_FUNC_ARG) {
  9854. flag = WOLFSSL_FATAL_ERROR;
  9855. }
  9856. }
  9857. if (!flag) {
  9858. ret = wc_Sha256FinalRaw(&sha256, NULL);
  9859. if (ret != BAD_FUNC_ARG) {
  9860. flag = WOLFSSL_FATAL_ERROR;
  9861. }
  9862. }
  9863. wc_Sha256Free(&sha256);
  9864. res = TEST_RES_CHECK(flag == 0);
  9865. #endif
  9866. return res;
  9867. } /* END test_wc_Sha256FinalRaw */
  9868. /*
  9869. * Unit test function for wc_Sha256GetFlags()
  9870. */
  9871. static int test_wc_Sha256GetFlags(void)
  9872. {
  9873. int res = TEST_SKIPPED;
  9874. #if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS)
  9875. wc_Sha256 sha256;
  9876. word32 flags = 0;
  9877. int flag = 0;
  9878. /* Initialize */
  9879. flag = wc_InitSha256(&sha256);
  9880. if (flag == 0) {
  9881. flag = wc_Sha256GetFlags(&sha256, &flags);
  9882. }
  9883. if (flag == 0) {
  9884. if (flags & WC_HASH_FLAG_ISCOPY) {
  9885. flag = 0;
  9886. }
  9887. }
  9888. wc_Sha256Free(&sha256);
  9889. res = TEST_RES_CHECK(flag == 0);
  9890. #endif
  9891. return res;
  9892. } /* END test_wc_Sha256GetFlags */
  9893. /*
  9894. * Unit test function for wc_Sha256Free()
  9895. */
  9896. static int test_wc_Sha256Free(void)
  9897. {
  9898. int res = TEST_SKIPPED;
  9899. #ifndef NO_SHA256
  9900. wc_Sha256Free(NULL);
  9901. res = TEST_RES_CHECK(1);
  9902. #endif
  9903. return res;
  9904. } /* END test_wc_Sha256Free */
  9905. /*
  9906. * Unit test function for wc_Sha256GetHash()
  9907. */
  9908. static int test_wc_Sha256GetHash(void)
  9909. {
  9910. int res = TEST_SKIPPED;
  9911. #ifndef NO_SHA256
  9912. wc_Sha256 sha256;
  9913. byte hash1[WC_SHA256_DIGEST_SIZE];
  9914. int flag = 0;
  9915. /* Initialize */
  9916. flag = wc_InitSha256(&sha256);
  9917. if (flag == 0) {
  9918. flag = wc_Sha256GetHash(&sha256, hash1);
  9919. }
  9920. /*test bad arguments*/
  9921. if (flag == 0) {
  9922. flag = wc_Sha256GetHash(NULL, NULL);
  9923. if (flag == BAD_FUNC_ARG) {
  9924. flag = 0;
  9925. }
  9926. }
  9927. if (flag == 0) {
  9928. flag = wc_Sha256GetHash(NULL, hash1);
  9929. if (flag == BAD_FUNC_ARG) {
  9930. flag = 0;
  9931. }
  9932. }
  9933. if (flag == 0) {
  9934. flag = wc_Sha256GetHash(&sha256, NULL);
  9935. if (flag == BAD_FUNC_ARG) {
  9936. flag = 0;
  9937. }
  9938. }
  9939. wc_Sha256Free(&sha256);
  9940. res = TEST_RES_CHECK(flag == 0);
  9941. #endif
  9942. return res;
  9943. } /* END test_wc_Sha256GetHash */
  9944. /*
  9945. * Unit test function for wc_Sha256Copy()
  9946. */
  9947. static int test_wc_Sha256Copy(void)
  9948. {
  9949. int res = TEST_SKIPPED;
  9950. #ifndef NO_SHA256
  9951. wc_Sha256 sha256;
  9952. wc_Sha256 temp;
  9953. int flag = 0;
  9954. /* Initialize */
  9955. flag = wc_InitSha256(&sha256);
  9956. if (flag == 0) {
  9957. flag = wc_InitSha256(&temp);
  9958. }
  9959. if (flag == 0) {
  9960. flag = wc_Sha256Copy(&sha256, &temp);
  9961. }
  9962. /*test bad arguments*/
  9963. if (flag == 0) {
  9964. flag = wc_Sha256Copy(NULL, NULL);
  9965. if (flag == BAD_FUNC_ARG) {
  9966. flag = 0;
  9967. }
  9968. }
  9969. if (flag == 0) {
  9970. flag = wc_Sha256Copy(NULL, &temp);
  9971. if (flag == BAD_FUNC_ARG) {
  9972. flag = 0;
  9973. }
  9974. }
  9975. if (flag == 0) {
  9976. flag = wc_Sha256Copy(&sha256, NULL);
  9977. if (flag == BAD_FUNC_ARG) {
  9978. flag = 0;
  9979. }
  9980. }
  9981. wc_Sha256Free(&sha256);
  9982. wc_Sha256Free(&temp);
  9983. res = TEST_RES_CHECK(flag == 0);
  9984. #endif
  9985. return res;
  9986. } /* END test_wc_Sha256Copy */
  9987. /*
  9988. * Testing wc_InitSha512()
  9989. */
  9990. static int test_wc_InitSha512(void)
  9991. {
  9992. int res = TEST_SKIPPED;
  9993. #ifdef WOLFSSL_SHA512
  9994. wc_Sha512 sha512;
  9995. int ret;
  9996. int flag = 0;
  9997. /* Test good arg. */
  9998. ret = wc_InitSha512(&sha512);
  9999. if (ret != 0) {
  10000. flag = WOLFSSL_FATAL_ERROR;
  10001. }
  10002. /* Test bad arg. */
  10003. if (!flag) {
  10004. ret = wc_InitSha512(NULL);
  10005. if (ret != BAD_FUNC_ARG) {
  10006. flag = WOLFSSL_FATAL_ERROR;
  10007. }
  10008. }
  10009. wc_Sha512Free(&sha512);
  10010. res = TEST_RES_CHECK(flag == 0);
  10011. #endif
  10012. return res;
  10013. } /* END test_wc_InitSha512 */
  10014. /*
  10015. * wc_Sha512Update() test.
  10016. */
  10017. static int test_wc_Sha512Update(void)
  10018. {
  10019. int res = TEST_SKIPPED;
  10020. #ifdef WOLFSSL_SHA512
  10021. wc_Sha512 sha512;
  10022. byte hash[WC_SHA512_DIGEST_SIZE];
  10023. testVector a, b, c;
  10024. int ret;
  10025. int flag = 0;
  10026. ret = wc_InitSha512(&sha512);
  10027. if (ret != 0) {
  10028. flag = ret;
  10029. }
  10030. /* Input. */
  10031. if (!flag) {
  10032. a.input = "a";
  10033. a.inLen = XSTRLEN(a.input);
  10034. ret = wc_Sha512Update(&sha512, NULL, 0);
  10035. if (ret != 0) {
  10036. flag = ret;
  10037. }
  10038. ret = wc_Sha512Update(&sha512,(byte*)a.input, 0);
  10039. if (ret != 0) {
  10040. flag = ret;
  10041. }
  10042. ret = wc_Sha512Update(&sha512, (byte*)a.input, (word32)a.inLen);
  10043. if (ret != 0) {
  10044. flag = ret;
  10045. }
  10046. ret = wc_Sha512Final(&sha512, hash);
  10047. if (ret != 0) {
  10048. flag = ret;
  10049. }
  10050. }
  10051. /* Update input. */
  10052. if (!flag) {
  10053. a.input = "abc";
  10054. a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
  10055. "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b"
  10056. "\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c"
  10057. "\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a"
  10058. "\x9a\xc9\x4f\xa5\x4c\xa4\x9f";
  10059. a.inLen = XSTRLEN(a.input);
  10060. a.outLen = XSTRLEN(a.output);
  10061. ret = wc_Sha512Update(&sha512, (byte*) a.input, (word32) a.inLen);
  10062. if (ret != 0) {
  10063. flag = ret;
  10064. }
  10065. }
  10066. if (!flag) {
  10067. ret = wc_Sha512Final(&sha512, hash);
  10068. if (ret != 0) {
  10069. flag = ret;
  10070. }
  10071. }
  10072. if (!flag) {
  10073. if (XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE) != 0) {
  10074. flag = WOLFSSL_FATAL_ERROR;
  10075. }
  10076. }
  10077. /* Try passing in bad values */
  10078. if (!flag) {
  10079. b.input = NULL;
  10080. b.inLen = 0;
  10081. ret = wc_Sha512Update(&sha512, (byte*)b.input, (word32)b.inLen);
  10082. if (ret != 0) {
  10083. flag = ret;
  10084. }
  10085. }
  10086. if (!flag) {
  10087. c.input = NULL;
  10088. c.inLen = WC_SHA512_DIGEST_SIZE;
  10089. ret = wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen);
  10090. if (ret != BAD_FUNC_ARG) {
  10091. flag = WOLFSSL_FATAL_ERROR;
  10092. }
  10093. }
  10094. if (!flag) {
  10095. ret = wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen);
  10096. if (ret != BAD_FUNC_ARG) {
  10097. flag = WOLFSSL_FATAL_ERROR;
  10098. }
  10099. }
  10100. wc_Sha512Free(&sha512);
  10101. res = TEST_RES_CHECK(flag == 0);
  10102. #endif
  10103. return res;
  10104. } /* END test_wc_Sha512Update */
  10105. #ifdef WOLFSSL_SHA512
  10106. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
  10107. (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
  10108. /* Perfoms test for
  10109. * - wc_Sha512Final/wc_Sha512FinalRaw
  10110. * - wc_Sha512_224Final/wc_Sha512_224Final
  10111. * - wc_Sha512_256Final/wc_Sha512_256Final
  10112. * parameter:
  10113. * - type : must be one of WC_HASH_TYPE_SHA512, WC_HASH_TYPE_SHA512_224 or
  10114. * WC_HASH_TYPE_SHA512_256
  10115. * - isRaw: if is non-zero, xxxFinalRaw function will be tested
  10116. *return 0 on success
  10117. */
  10118. static int test_Sha512_Family_Final(int type, int isRaw)
  10119. {
  10120. wc_Sha512 sha512;
  10121. byte* hash_test[3];
  10122. byte hash1[WC_SHA512_DIGEST_SIZE];
  10123. byte hash2[2*WC_SHA512_DIGEST_SIZE];
  10124. byte hash3[5*WC_SHA512_DIGEST_SIZE];
  10125. int times, i, ret;
  10126. int(*initFp)(wc_Sha512*);
  10127. int(*finalFp)(wc_Sha512*, byte*);
  10128. void(*freeFp)(wc_Sha512*);
  10129. if (type == WC_HASH_TYPE_SHA512) {
  10130. initFp = wc_InitSha512;
  10131. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
  10132. !defined(WOLFSSL_NO_HASH_RAW)
  10133. finalFp = (isRaw)? wc_Sha512FinalRaw : wc_Sha512Final;
  10134. #else
  10135. finalFp = (isRaw)? NULL : wc_Sha512Final;
  10136. #endif
  10137. freeFp = wc_Sha512Free;
  10138. }
  10139. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10140. #if !defined(WOLFSSL_NOSHA512_224)
  10141. else if (type == WC_HASH_TYPE_SHA512_224) {
  10142. initFp = wc_InitSha512_224;
  10143. #if !defined(WOLFSSL_NO_HASH_RAW)
  10144. finalFp = (isRaw)? wc_Sha512_224FinalRaw : wc_Sha512_224Final;
  10145. #else
  10146. finalFp = (isRaw)? NULL : wc_Sha512_224Final;
  10147. #endif
  10148. freeFp = wc_Sha512_224Free;
  10149. }
  10150. #endif
  10151. #if !defined(WOLFSSL_NOSHA512_256)
  10152. else if (type == WC_HASH_TYPE_SHA512_256) {
  10153. initFp = wc_InitSha512_256;
  10154. #if !defined(WOLFSSL_NO_HASH_RAW)
  10155. finalFp = (isRaw)? wc_Sha512_256FinalRaw : wc_Sha512_256Final;
  10156. #else
  10157. finalFp = (isRaw)? NULL : wc_Sha512_256Final;
  10158. #endif
  10159. freeFp = wc_Sha512_256Free;
  10160. }
  10161. #endif
  10162. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10163. else
  10164. return TEST_FAIL;
  10165. /* Initialize */
  10166. ret = initFp(&sha512);
  10167. if (!ret) {
  10168. hash_test[0] = hash1;
  10169. hash_test[1] = hash2;
  10170. hash_test[2] = hash3;
  10171. }
  10172. times = sizeof(hash_test) / sizeof(byte *);
  10173. /* Good test args. */
  10174. for (i = 0; i < times && ret == 0; i++) {
  10175. ret = finalFp(&sha512, hash_test[i]);
  10176. }
  10177. /* Test bad args. */
  10178. if (!ret) {
  10179. if (finalFp(NULL, NULL) != BAD_FUNC_ARG) {
  10180. ret = WOLFSSL_FATAL_ERROR;
  10181. }
  10182. }
  10183. if (!ret) {
  10184. if (finalFp(NULL, hash1) != BAD_FUNC_ARG) {
  10185. ret = WOLFSSL_FATAL_ERROR;
  10186. }
  10187. }
  10188. if (!ret) {
  10189. if (finalFp(&sha512, NULL) != BAD_FUNC_ARG) {
  10190. ret = WOLFSSL_FATAL_ERROR;
  10191. }
  10192. }
  10193. freeFp(&sha512);
  10194. return ret;
  10195. }
  10196. #endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
  10197. (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
  10198. #endif /* WOLFSSL_SHA512 */
  10199. /*
  10200. * Unit test function for wc_Sha512Final()
  10201. */
  10202. static int test_wc_Sha512Final(void)
  10203. {
  10204. int res = TEST_SKIPPED;
  10205. #ifdef WOLFSSL_SHA512
  10206. wc_Sha512 sha512;
  10207. byte* hash_test[3];
  10208. byte hash1[WC_SHA512_DIGEST_SIZE];
  10209. byte hash2[2*WC_SHA512_DIGEST_SIZE];
  10210. byte hash3[5*WC_SHA512_DIGEST_SIZE];
  10211. int times, i, ret;
  10212. int flag = 0;
  10213. /* Initialize */
  10214. ret = wc_InitSha512(&sha512);
  10215. if (ret != 0) {
  10216. flag = ret;
  10217. }
  10218. if (!flag) {
  10219. hash_test[0] = hash1;
  10220. hash_test[1] = hash2;
  10221. hash_test[2] = hash3;
  10222. }
  10223. times = sizeof(hash_test) / sizeof(byte *);
  10224. for (i = 0; i < times; i++) {
  10225. if (!flag) {
  10226. ret = wc_Sha512Final(&sha512, hash_test[i]);
  10227. if (ret != 0) {
  10228. flag = WOLFSSL_FATAL_ERROR;
  10229. }
  10230. }
  10231. }
  10232. /* Test bad args. */
  10233. if (!flag) {
  10234. ret = wc_Sha512Final(NULL, NULL);
  10235. if (ret != BAD_FUNC_ARG) {
  10236. flag = WOLFSSL_FATAL_ERROR;
  10237. }
  10238. }
  10239. if (!flag) {
  10240. ret = wc_Sha512Final(NULL, hash1);
  10241. if (ret != BAD_FUNC_ARG) {
  10242. flag = WOLFSSL_FATAL_ERROR;
  10243. }
  10244. }
  10245. if (!flag) {
  10246. ret = wc_Sha512Final(&sha512, NULL);
  10247. if (ret != BAD_FUNC_ARG) {
  10248. flag = WOLFSSL_FATAL_ERROR;
  10249. }
  10250. }
  10251. wc_Sha512Free(&sha512);
  10252. res = TEST_RES_CHECK(flag == 0);
  10253. #endif
  10254. return res;
  10255. } /* END test_wc_Sha512Final */
  10256. /*
  10257. * Unit test function for wc_Sha512GetFlags()
  10258. */
  10259. static int test_wc_Sha512GetFlags(void)
  10260. {
  10261. int res = TEST_SKIPPED;
  10262. #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS)
  10263. wc_Sha512 sha512;
  10264. word32 flags = 0;
  10265. int flag = 0;
  10266. /* Initialize */
  10267. flag = wc_InitSha512(&sha512);
  10268. if (flag == 0) {
  10269. flag = wc_Sha512GetFlags(&sha512, &flags);
  10270. }
  10271. if (flag == 0) {
  10272. if (flags & WC_HASH_FLAG_ISCOPY) {
  10273. flag = 0;
  10274. }
  10275. }
  10276. wc_Sha512Free(&sha512);
  10277. res = TEST_RES_CHECK(flag == 0);
  10278. #endif
  10279. return res;
  10280. } /* END test_wc_Sha512GetFlags */
  10281. /*
  10282. * Unit test function for wc_Sha512FinalRaw()
  10283. */
  10284. static int test_wc_Sha512FinalRaw(void)
  10285. {
  10286. int res = TEST_SKIPPED;
  10287. #if (defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  10288. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
  10289. !defined(WOLFSSL_NO_HASH_RAW)
  10290. wc_Sha512 sha512;
  10291. byte* hash_test[3];
  10292. byte hash1[WC_SHA512_DIGEST_SIZE];
  10293. byte hash2[2*WC_SHA512_DIGEST_SIZE];
  10294. byte hash3[5*WC_SHA512_DIGEST_SIZE];
  10295. int times, i, ret;
  10296. int flag = 0;
  10297. /* Initialize */
  10298. ret = wc_InitSha512(&sha512);
  10299. if (ret != 0) {
  10300. flag = ret;
  10301. }
  10302. if (!flag) {
  10303. hash_test[0] = hash1;
  10304. hash_test[1] = hash2;
  10305. hash_test[2] = hash3;
  10306. }
  10307. times = sizeof(hash_test) / sizeof(byte*);
  10308. /* Good test args. */
  10309. for (i = 0; i < times; i++) {
  10310. if (!flag) {
  10311. ret = wc_Sha512FinalRaw(&sha512, hash_test[i]);
  10312. if (ret != 0) {
  10313. flag = WOLFSSL_FATAL_ERROR;
  10314. }
  10315. }
  10316. }
  10317. /* Test bad args. */
  10318. if (!flag ) {
  10319. ret = wc_Sha512FinalRaw(NULL, NULL);
  10320. if (ret != BAD_FUNC_ARG) {
  10321. flag = WOLFSSL_FATAL_ERROR;
  10322. }
  10323. }
  10324. if (!flag) {
  10325. ret = wc_Sha512FinalRaw(NULL, hash1);
  10326. if (ret != BAD_FUNC_ARG) {
  10327. flag = WOLFSSL_FATAL_ERROR;
  10328. }
  10329. }
  10330. if (!flag) {
  10331. ret = wc_Sha512FinalRaw(&sha512, NULL);
  10332. if (ret != BAD_FUNC_ARG) {
  10333. flag = WOLFSSL_FATAL_ERROR;
  10334. }
  10335. }
  10336. wc_Sha512Free(&sha512);
  10337. res = TEST_RES_CHECK(flag == 0);
  10338. #endif
  10339. return res;
  10340. } /* END test_wc_Sha512FinalRaw */
  10341. /*
  10342. * Unit test function for wc_Sha512Free()
  10343. */
  10344. static int test_wc_Sha512Free(void)
  10345. {
  10346. int res = TEST_SKIPPED;
  10347. #ifdef WOLFSSL_SHA512
  10348. wc_Sha512Free(NULL);
  10349. res = TEST_RES_CHECK(1);
  10350. #endif
  10351. return res;
  10352. } /* END test_wc_Sha512Free */
  10353. #ifdef WOLFSSL_SHA512
  10354. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
  10355. (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
  10356. static int test_Sha512_Family_GetHash(int type )
  10357. {
  10358. int flag = 0;
  10359. int(*initFp)(wc_Sha512*);
  10360. int(*ghashFp)(wc_Sha512*, byte*);
  10361. wc_Sha512 sha512;
  10362. byte hash1[WC_SHA512_DIGEST_SIZE];
  10363. if (type == WC_HASH_TYPE_SHA512) {
  10364. initFp = wc_InitSha512;
  10365. ghashFp = wc_Sha512GetHash;
  10366. }
  10367. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10368. #if !defined(WOLFSSL_NOSHA512_224)
  10369. else if (type == WC_HASH_TYPE_SHA512_224) {
  10370. initFp = wc_InitSha512_224;
  10371. ghashFp = wc_Sha512_224GetHash;
  10372. }
  10373. #endif
  10374. #if !defined(WOLFSSL_NOSHA512_256)
  10375. else if (type == WC_HASH_TYPE_SHA512_256) {
  10376. initFp = wc_InitSha512_256;
  10377. ghashFp = wc_Sha512_256GetHash;
  10378. }
  10379. #endif
  10380. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10381. else {
  10382. initFp = NULL;
  10383. ghashFp = NULL;
  10384. }
  10385. if (initFp == NULL || ghashFp == NULL)
  10386. return TEST_FAIL;
  10387. if (!flag) {
  10388. flag = initFp(&sha512);
  10389. }
  10390. if (!flag) {
  10391. flag = ghashFp(&sha512, hash1);
  10392. }
  10393. /*test bad arguments*/
  10394. if (!flag) {
  10395. if (ghashFp(NULL, NULL) != BAD_FUNC_ARG )
  10396. flag = WOLFSSL_FATAL_ERROR;
  10397. }
  10398. if (!flag) {
  10399. if (ghashFp(NULL, hash1) != BAD_FUNC_ARG )
  10400. flag = WOLFSSL_FATAL_ERROR;
  10401. }
  10402. if (!flag) {
  10403. if (ghashFp(&sha512, NULL) != BAD_FUNC_ARG )
  10404. flag = WOLFSSL_FATAL_ERROR;
  10405. }
  10406. wc_Sha512Free(&sha512);
  10407. return flag;
  10408. }
  10409. #endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
  10410. (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
  10411. #endif /* WOLFSSL_SHA512 */
  10412. /*
  10413. * Unit test function for wc_Sha512GetHash()
  10414. */
  10415. static int test_wc_Sha512GetHash(void)
  10416. {
  10417. int res = TEST_SKIPPED;
  10418. #ifdef WOLFSSL_SHA512
  10419. wc_Sha512 sha512;
  10420. byte hash1[WC_SHA512_DIGEST_SIZE];
  10421. int flag = 0;
  10422. /* Initialize */
  10423. flag = wc_InitSha512(&sha512);
  10424. if (flag == 0) {
  10425. flag = wc_Sha512GetHash(&sha512, hash1);
  10426. }
  10427. /*test bad arguments*/
  10428. if (flag == 0) {
  10429. flag = wc_Sha512GetHash(NULL, NULL);
  10430. if (flag == BAD_FUNC_ARG) {
  10431. flag = 0;
  10432. }
  10433. }
  10434. if (flag == 0) {
  10435. flag = wc_Sha512GetHash(NULL, hash1);
  10436. if (flag == BAD_FUNC_ARG) {
  10437. flag = 0;
  10438. }
  10439. }
  10440. if (flag == 0) {
  10441. flag = wc_Sha512GetHash(&sha512, NULL);
  10442. if (flag == BAD_FUNC_ARG) {
  10443. flag = 0;
  10444. }
  10445. }
  10446. wc_Sha512Free(&sha512);
  10447. res = TEST_RES_CHECK(flag == 0);
  10448. #endif
  10449. return res;
  10450. } /* END test_wc_Sha512GetHash */
  10451. /*
  10452. * Unit test function for wc_Sha512Copy()
  10453. */
  10454. static int test_wc_Sha512Copy(void)
  10455. {
  10456. int res = TEST_SKIPPED;
  10457. #ifdef WOLFSSL_SHA512
  10458. wc_Sha512 sha512;
  10459. wc_Sha512 temp;
  10460. int flag;
  10461. /* Initialize */
  10462. flag = wc_InitSha512(&sha512);
  10463. if (flag == 0) {
  10464. flag = wc_InitSha512(&temp);
  10465. }
  10466. if (flag == 0) {
  10467. flag = wc_Sha512Copy(&sha512, &temp);
  10468. }
  10469. /*test bad arguments*/
  10470. if (flag == 0) {
  10471. flag = wc_Sha512Copy(NULL, NULL);
  10472. if (flag == BAD_FUNC_ARG) {
  10473. flag = 0;
  10474. }
  10475. }
  10476. if (flag == 0) {
  10477. flag = wc_Sha512Copy(NULL, &temp);
  10478. if (flag == BAD_FUNC_ARG) {
  10479. flag = 0;
  10480. }
  10481. }
  10482. if (flag == 0) {
  10483. flag = wc_Sha512Copy(&sha512, NULL);
  10484. if (flag == BAD_FUNC_ARG) {
  10485. flag = 0;
  10486. }
  10487. }
  10488. wc_Sha512Free(&sha512);
  10489. wc_Sha512Free(&temp);
  10490. res = TEST_RES_CHECK(flag == 0);
  10491. #endif
  10492. return res;
  10493. } /* END test_wc_Sha512Copy */
  10494. static int test_wc_InitSha512_224(void)
  10495. {
  10496. int res = TEST_SKIPPED;
  10497. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10498. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
  10499. wc_Sha512 sha512;
  10500. int ret;
  10501. int flag = 0;
  10502. /* Test good arg. */
  10503. ret = wc_InitSha512_224(&sha512);
  10504. if (ret != 0) {
  10505. flag = WOLFSSL_FATAL_ERROR;
  10506. }
  10507. /* Test bad arg. */
  10508. if (!flag) {
  10509. ret = wc_InitSha512_224(NULL);
  10510. if (ret != BAD_FUNC_ARG) {
  10511. flag = WOLFSSL_FATAL_ERROR;
  10512. }
  10513. }
  10514. wc_Sha512_224Free(&sha512);
  10515. res = TEST_RES_CHECK(flag == 0);
  10516. #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
  10517. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10518. return res;
  10519. }
  10520. static int test_wc_Sha512_224Update(void)
  10521. {
  10522. int res = TEST_SKIPPED;
  10523. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10524. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
  10525. wc_Sha512 sha512;
  10526. byte hash[WC_SHA512_DIGEST_SIZE];
  10527. testVector a, c;
  10528. int ret;
  10529. int flag = 0;
  10530. ret = wc_InitSha512_224(&sha512);
  10531. if (ret != 0) {
  10532. flag = ret;
  10533. }
  10534. /* Input. */
  10535. if (!flag) {
  10536. a.input = "a";
  10537. a.inLen = XSTRLEN(a.input);
  10538. ret = wc_Sha512_224Update(&sha512, NULL, 0);
  10539. if (ret != 0) {
  10540. flag = ret;
  10541. }
  10542. ret = wc_Sha512_224Update(&sha512,(byte*)a.input, 0);
  10543. if (ret != 0) {
  10544. flag = ret;
  10545. }
  10546. ret = wc_Sha512_224Update(&sha512, (byte*)a.input, (word32)a.inLen);
  10547. if (ret != 0) {
  10548. flag = ret;
  10549. }
  10550. ret = wc_Sha512_224Final(&sha512, hash);
  10551. if (ret != 0) {
  10552. flag = ret;
  10553. }
  10554. }
  10555. /* Update input. */
  10556. if (!flag) {
  10557. a.input = "abc";
  10558. a.output = "\x46\x34\x27\x0f\x70\x7b\x6a\x54\xda\xae\x75\x30\x46\x08"
  10559. "\x42\xe2\x0e\x37\xed\x26\x5c\xee\xe9\xa4\x3e\x89\x24\xaa";
  10560. a.inLen = XSTRLEN(a.input);
  10561. a.outLen = XSTRLEN(a.output);
  10562. ret = wc_Sha512_224Update(&sha512, (byte*) a.input, (word32) a.inLen);
  10563. if (ret != 0) {
  10564. flag = ret;
  10565. }
  10566. }
  10567. if (!flag) {
  10568. ret = wc_Sha512_224Final(&sha512, hash);
  10569. if (ret != 0) {
  10570. flag = ret;
  10571. }
  10572. }
  10573. if (!flag) {
  10574. if (XMEMCMP(hash, a.output, WC_SHA512_224_DIGEST_SIZE) != 0) {
  10575. flag = WOLFSSL_FATAL_ERROR;
  10576. }
  10577. }
  10578. if (!flag) {
  10579. c.input = NULL;
  10580. c.inLen = WC_SHA512_224_DIGEST_SIZE;
  10581. ret = wc_Sha512_224Update(&sha512, (byte*)c.input, (word32)c.inLen);
  10582. if (ret != BAD_FUNC_ARG) {
  10583. flag = WOLFSSL_FATAL_ERROR;
  10584. }
  10585. }
  10586. if (!flag) {
  10587. ret = wc_Sha512_224Update(NULL, (byte*)a.input, (word32)a.inLen);
  10588. if (ret != BAD_FUNC_ARG) {
  10589. flag = WOLFSSL_FATAL_ERROR;
  10590. }
  10591. }
  10592. wc_Sha512_224Free(&sha512);
  10593. res = TEST_RES_CHECK(flag == 0);
  10594. #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
  10595. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10596. return res;
  10597. }
  10598. static int test_wc_Sha512_224Final(void)
  10599. {
  10600. int res = TEST_SKIPPED;
  10601. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10602. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
  10603. int ret = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 0);
  10604. res = TEST_RES_CHECK(ret == 0);
  10605. #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
  10606. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10607. return res;
  10608. }
  10609. static int test_wc_Sha512_224GetFlags(void)
  10610. {
  10611. int res = TEST_SKIPPED;
  10612. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10613. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS)
  10614. wc_Sha512 sha512, copy;
  10615. word32 flags = 0;
  10616. int flag = 0;
  10617. /* Initialize */
  10618. flag = wc_InitSha512_224(&sha512);
  10619. if (!flag) {
  10620. flag = wc_InitSha512_224(&copy);
  10621. }
  10622. if (!flag) {
  10623. flag = wc_Sha512_224Copy(&sha512, &copy);
  10624. }
  10625. if (!flag) {
  10626. flag = wc_Sha512_224GetFlags(&copy, &flags);
  10627. }
  10628. if (!flag) {
  10629. if (flags & WC_HASH_FLAG_ISCOPY)
  10630. flag = 0;
  10631. else
  10632. flag = WOLFSSL_FATAL_ERROR;
  10633. }
  10634. wc_Sha512_224Free(&copy);
  10635. wc_Sha512_224Free(&sha512);
  10636. res = TEST_RES_CHECK(flag == 0);
  10637. #endif
  10638. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10639. return res;
  10640. }
  10641. static int test_wc_Sha512_224FinalRaw(void)
  10642. {
  10643. int res = TEST_SKIPPED;
  10644. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
  10645. defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
  10646. !defined(WOLFSSL_NO_HASH_RAW)
  10647. int ret = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 1);
  10648. res = TEST_RES_CHECK(ret == 0);
  10649. #endif
  10650. return res;
  10651. }
  10652. static int test_wc_Sha512_224Free(void)
  10653. {
  10654. int res = TEST_SKIPPED;
  10655. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10656. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
  10657. wc_Sha512_224Free(NULL);
  10658. res = TEST_RES_CHECK(1);
  10659. #endif
  10660. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10661. return res;
  10662. }
  10663. static int test_wc_Sha512_224GetHash(void)
  10664. {
  10665. int res = TEST_SKIPPED;
  10666. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10667. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
  10668. int ret = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_224);
  10669. res = TEST_RES_CHECK(ret == 0);
  10670. #endif
  10671. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10672. return res;
  10673. }
  10674. static int test_wc_Sha512_224Copy(void)
  10675. {
  10676. int res = TEST_SKIPPED;
  10677. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10678. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
  10679. wc_Sha512 sha512;
  10680. wc_Sha512 temp;
  10681. int flag = 0;
  10682. /* Initialize */
  10683. flag = wc_InitSha512_224(&sha512);
  10684. if (flag == 0) {
  10685. flag = wc_InitSha512_224(&temp);
  10686. }
  10687. if (flag == 0) {
  10688. flag = wc_Sha512_224Copy(&sha512, &temp);
  10689. }
  10690. /*test bad arguments*/
  10691. if (flag == 0) {
  10692. if (wc_Sha512_224Copy(NULL, NULL) != BAD_FUNC_ARG)
  10693. flag = WOLFSSL_FATAL_ERROR;
  10694. }
  10695. if (flag == 0) {
  10696. if (wc_Sha512_224Copy(NULL, &temp) != BAD_FUNC_ARG)
  10697. flag = WOLFSSL_FATAL_ERROR;
  10698. }
  10699. if (flag == 0) {
  10700. if (wc_Sha512_224Copy(&sha512, NULL) != BAD_FUNC_ARG)
  10701. flag = WOLFSSL_FATAL_ERROR;
  10702. }
  10703. wc_Sha512_224Free(&sha512);
  10704. wc_Sha512_224Free(&temp);
  10705. res = TEST_RES_CHECK(flag == 0);
  10706. #endif
  10707. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10708. return res;
  10709. }
  10710. static int test_wc_InitSha512_256(void)
  10711. {
  10712. int res = TEST_SKIPPED;
  10713. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10714. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
  10715. wc_Sha512 sha512;
  10716. int ret;
  10717. int flag = 0;
  10718. /* Test good arg. */
  10719. ret = wc_InitSha512_256(&sha512);
  10720. if (ret != 0) {
  10721. flag = WOLFSSL_FATAL_ERROR;
  10722. }
  10723. /* Test bad arg. */
  10724. if (!flag) {
  10725. ret = wc_InitSha512_256(NULL);
  10726. if (ret != BAD_FUNC_ARG) {
  10727. flag = WOLFSSL_FATAL_ERROR;
  10728. }
  10729. }
  10730. wc_Sha512_256Free(&sha512);
  10731. res = TEST_RES_CHECK(flag == 0);
  10732. #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
  10733. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10734. return res;
  10735. }
  10736. static int test_wc_Sha512_256Update(void)
  10737. {
  10738. int res = TEST_SKIPPED;
  10739. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10740. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
  10741. wc_Sha512 sha512;
  10742. byte hash[WC_SHA512_DIGEST_SIZE];
  10743. testVector a, c;
  10744. int ret;
  10745. int flag = 0;
  10746. ret = wc_InitSha512_256(&sha512);
  10747. if (ret != 0) {
  10748. flag = ret;
  10749. }
  10750. /* Input. */
  10751. if (!flag) {
  10752. a.input = "a";
  10753. a.inLen = XSTRLEN(a.input);
  10754. ret = wc_Sha512_256Update(&sha512, NULL, 0);
  10755. if (ret != 0) {
  10756. flag = ret;
  10757. }
  10758. ret = wc_Sha512_256Update(&sha512,(byte*)a.input, 0);
  10759. if (ret != 0) {
  10760. flag = ret;
  10761. }
  10762. ret = wc_Sha512_256Update(&sha512, (byte*)a.input, (word32)a.inLen);
  10763. if (ret != 0) {
  10764. flag = ret;
  10765. }
  10766. ret = wc_Sha512_256Final(&sha512, hash);
  10767. if (ret != 0) {
  10768. flag = ret;
  10769. }
  10770. }
  10771. /* Update input. */
  10772. if (!flag) {
  10773. a.input = "abc";
  10774. a.output = "\x53\x04\x8e\x26\x81\x94\x1e\xf9\x9b\x2e\x29\xb7\x6b\x4c"
  10775. "\x7d\xab\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46\xe0\xe2\xf1\x31"
  10776. "\x07\xe7\xaf\x23";
  10777. a.inLen = XSTRLEN(a.input);
  10778. a.outLen = XSTRLEN(a.output);
  10779. ret = wc_Sha512_256Update(&sha512, (byte*) a.input, (word32) a.inLen);
  10780. if (ret != 0) {
  10781. flag = ret;
  10782. }
  10783. }
  10784. if (!flag) {
  10785. ret = wc_Sha512_256Final(&sha512, hash);
  10786. if (ret != 0) {
  10787. flag = ret;
  10788. }
  10789. }
  10790. if (!flag) {
  10791. if (XMEMCMP(hash, a.output, WC_SHA512_256_DIGEST_SIZE) != 0) {
  10792. flag = WOLFSSL_FATAL_ERROR;
  10793. }
  10794. }
  10795. if (!flag) {
  10796. c.input = NULL;
  10797. c.inLen = WC_SHA512_256_DIGEST_SIZE;
  10798. ret = wc_Sha512_256Update(&sha512, (byte*)c.input, (word32)c.inLen);
  10799. if (ret != BAD_FUNC_ARG) {
  10800. flag = WOLFSSL_FATAL_ERROR;
  10801. }
  10802. }
  10803. if (!flag) {
  10804. ret = wc_Sha512_256Update(NULL, (byte*)a.input, (word32)a.inLen);
  10805. if (ret != BAD_FUNC_ARG) {
  10806. flag = WOLFSSL_FATAL_ERROR;
  10807. }
  10808. }
  10809. wc_Sha512_256Free(&sha512);
  10810. res = TEST_RES_CHECK(flag == 0);
  10811. #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
  10812. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10813. return res;
  10814. }
  10815. static int test_wc_Sha512_256Final(void)
  10816. {
  10817. int res = TEST_SKIPPED;
  10818. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10819. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
  10820. int ret = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 0);
  10821. res = TEST_RES_CHECK(ret == 0);
  10822. #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
  10823. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10824. return res;
  10825. }
  10826. static int test_wc_Sha512_256GetFlags(void)
  10827. {
  10828. int res = TEST_SKIPPED;
  10829. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10830. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS)
  10831. wc_Sha512 sha512, copy;
  10832. word32 flags = 0;
  10833. int flag = 0;
  10834. /* Initialize */
  10835. flag = wc_InitSha512_256(&sha512);
  10836. if (!flag ) {
  10837. flag = wc_InitSha512_256(&copy);
  10838. }
  10839. if (!flag ) {
  10840. flag = wc_Sha512_256Copy(&sha512, &copy);
  10841. }
  10842. if (!flag ) {
  10843. flag = wc_Sha512_256GetFlags(&copy, &flags);
  10844. }
  10845. if (!flag) {
  10846. if (flags & WC_HASH_FLAG_ISCOPY)
  10847. flag = 0;
  10848. else
  10849. flag = WOLFSSL_FATAL_ERROR;
  10850. }
  10851. wc_Sha512_256Free(&sha512);
  10852. res = TEST_RES_CHECK(flag == 0);
  10853. #endif
  10854. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10855. return res;
  10856. }
  10857. static int test_wc_Sha512_256FinalRaw(void)
  10858. {
  10859. int res = TEST_SKIPPED;
  10860. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
  10861. defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
  10862. !defined(WOLFSSL_NO_HASH_RAW)
  10863. int ret = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 1);
  10864. res = TEST_RES_CHECK(ret == 0);
  10865. #endif
  10866. return res;
  10867. }
  10868. static int test_wc_Sha512_256Free(void)
  10869. {
  10870. int res = TEST_SKIPPED;
  10871. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10872. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
  10873. wc_Sha512_256Free(NULL);
  10874. res = TEST_RES_CHECK(1);
  10875. #endif
  10876. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10877. return res;
  10878. }
  10879. static int test_wc_Sha512_256GetHash(void)
  10880. {
  10881. int res = TEST_SKIPPED;
  10882. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10883. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
  10884. int ret = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_256);
  10885. res = TEST_RES_CHECK(ret == 0);
  10886. #endif
  10887. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10888. return res;
  10889. }
  10890. static int test_wc_Sha512_256Copy(void)
  10891. {
  10892. int res = TEST_SKIPPED;
  10893. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10894. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
  10895. wc_Sha512 sha512;
  10896. wc_Sha512 temp;
  10897. int flag = 0;
  10898. /* Initialize */
  10899. flag = wc_InitSha512_256(&sha512);
  10900. if (flag == 0) {
  10901. flag = wc_InitSha512_256(&temp);
  10902. }
  10903. if (flag == 0) {
  10904. flag = wc_Sha512_256Copy(&sha512, &temp);
  10905. }
  10906. /*test bad arguments*/
  10907. if (flag == 0) {
  10908. if (wc_Sha512_256Copy(NULL, NULL) != BAD_FUNC_ARG)
  10909. flag = WOLFSSL_FATAL_ERROR;
  10910. }
  10911. if (flag == 0) {
  10912. if (wc_Sha512_256Copy(NULL, &temp) != BAD_FUNC_ARG)
  10913. flag = WOLFSSL_FATAL_ERROR;
  10914. }
  10915. if (flag == 0) {
  10916. if (wc_Sha512_256Copy(&sha512, NULL) != BAD_FUNC_ARG)
  10917. flag = WOLFSSL_FATAL_ERROR;
  10918. }
  10919. wc_Sha512_256Free(&sha512);
  10920. wc_Sha512_256Free(&temp);
  10921. res = TEST_RES_CHECK(flag == 0);
  10922. #endif
  10923. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  10924. return res;
  10925. }
  10926. /*
  10927. * Testing wc_InitSha384()
  10928. */
  10929. static int test_wc_InitSha384(void)
  10930. {
  10931. int res = TEST_SKIPPED;
  10932. #ifdef WOLFSSL_SHA384
  10933. wc_Sha384 sha384;
  10934. int ret;
  10935. int flag = 0;
  10936. /* Test good arg. */
  10937. ret = wc_InitSha384(&sha384);
  10938. if (ret != 0) {
  10939. flag = WOLFSSL_FATAL_ERROR;
  10940. }
  10941. /* Test bad arg. */
  10942. if (!flag) {
  10943. ret = wc_InitSha384(NULL);
  10944. if (ret != BAD_FUNC_ARG) {
  10945. flag = WOLFSSL_FATAL_ERROR;
  10946. }
  10947. }
  10948. wc_Sha384Free(&sha384);
  10949. res = TEST_RES_CHECK(flag == 0);
  10950. #endif
  10951. return res;
  10952. } /* END test_wc_InitSha384 */
  10953. /*
  10954. * test wc_Sha384Update()
  10955. */
  10956. static int test_wc_Sha384Update(void)
  10957. {
  10958. int res = TEST_SKIPPED;
  10959. #ifdef WOLFSSL_SHA384
  10960. wc_Sha384 sha384;
  10961. byte hash[WC_SHA384_DIGEST_SIZE];
  10962. testVector a, b, c;
  10963. int ret;
  10964. int flag = 0;
  10965. ret = wc_InitSha384(&sha384);
  10966. if (ret != 0) {
  10967. flag = ret;
  10968. }
  10969. /* Input */
  10970. if (!flag) {
  10971. a.input = "a";
  10972. a.inLen = XSTRLEN(a.input);
  10973. ret = wc_Sha384Update(&sha384, NULL, 0);
  10974. if (ret != 0) {
  10975. flag = ret;
  10976. }
  10977. ret = wc_Sha384Update(&sha384, (byte*)a.input, 0);
  10978. if (ret != 0) {
  10979. flag = ret;
  10980. }
  10981. ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
  10982. if (ret != 0) {
  10983. flag = ret;
  10984. }
  10985. }
  10986. if (!flag) {
  10987. ret = wc_Sha384Final(&sha384, hash);
  10988. if (ret != 0) {
  10989. flag = ret;
  10990. }
  10991. }
  10992. /* Update input. */
  10993. if (!flag) {
  10994. a.input = "abc";
  10995. a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
  10996. "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
  10997. "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
  10998. "\xc8\x25\xa7";
  10999. a.inLen = XSTRLEN(a.input);
  11000. a.outLen = XSTRLEN(a.output);
  11001. ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
  11002. if (ret != 0) {
  11003. flag = ret;
  11004. }
  11005. }
  11006. if (!flag) {
  11007. ret = wc_Sha384Final(&sha384, hash);
  11008. if (ret != 0) {
  11009. flag = ret;
  11010. }
  11011. }
  11012. if (!flag) {
  11013. if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
  11014. flag = WOLFSSL_FATAL_ERROR;
  11015. }
  11016. }
  11017. /* Pass in bad values. */
  11018. if (!flag) {
  11019. b.input = NULL;
  11020. b.inLen = 0;
  11021. ret = wc_Sha384Update(&sha384, (byte*)b.input, (word32)b.inLen);
  11022. if (ret != 0) {
  11023. flag = ret;
  11024. }
  11025. }
  11026. if (!flag) {
  11027. c.input = NULL;
  11028. c.inLen = WC_SHA384_DIGEST_SIZE;
  11029. ret = wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen);
  11030. if (ret != BAD_FUNC_ARG) {
  11031. flag = WOLFSSL_FATAL_ERROR;
  11032. }
  11033. }
  11034. if (!flag) {
  11035. ret = wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen);
  11036. if (ret != BAD_FUNC_ARG) {
  11037. flag = WOLFSSL_FATAL_ERROR;
  11038. }
  11039. }
  11040. wc_Sha384Free(&sha384);
  11041. res = TEST_RES_CHECK(flag == 0);
  11042. #endif
  11043. return res;
  11044. } /* END test_wc_Sha384Update */
  11045. /*
  11046. * Unit test function for wc_Sha384Final();
  11047. */
  11048. static int test_wc_Sha384Final(void)
  11049. {
  11050. int res = TEST_SKIPPED;
  11051. #ifdef WOLFSSL_SHA384
  11052. wc_Sha384 sha384;
  11053. byte* hash_test[3];
  11054. byte hash1[WC_SHA384_DIGEST_SIZE];
  11055. byte hash2[2*WC_SHA384_DIGEST_SIZE];
  11056. byte hash3[5*WC_SHA384_DIGEST_SIZE];
  11057. int times, i, ret;
  11058. int flag = 0;
  11059. /* Initialize */
  11060. ret = wc_InitSha384(&sha384);
  11061. if (ret) {
  11062. flag = ret;
  11063. }
  11064. if (!flag) {
  11065. hash_test[0] = hash1;
  11066. hash_test[1] = hash2;
  11067. hash_test[2] = hash3;
  11068. }
  11069. times = sizeof(hash_test) / sizeof(byte*);
  11070. /* Good test args. */
  11071. for (i = 0; i < times; i++) {
  11072. if (!flag) {
  11073. ret = wc_Sha384Final(&sha384, hash_test[i]);
  11074. if (ret != 0) {
  11075. flag = WOLFSSL_FATAL_ERROR;
  11076. }
  11077. }
  11078. }
  11079. /* Test bad args. */
  11080. if (!flag) {
  11081. ret = wc_Sha384Final(NULL, NULL);
  11082. if (ret != BAD_FUNC_ARG) {
  11083. flag = WOLFSSL_FATAL_ERROR;
  11084. }
  11085. }
  11086. if (!flag) {
  11087. ret = wc_Sha384Final(NULL, hash1);
  11088. if (ret != BAD_FUNC_ARG) {
  11089. flag = WOLFSSL_FATAL_ERROR;
  11090. }
  11091. }
  11092. if (!flag) {
  11093. ret = wc_Sha384Final(&sha384, NULL);
  11094. if (ret != BAD_FUNC_ARG) {
  11095. flag = WOLFSSL_FATAL_ERROR;
  11096. }
  11097. }
  11098. wc_Sha384Free(&sha384);
  11099. res = TEST_RES_CHECK(flag == 0);
  11100. #endif
  11101. return res;
  11102. } /* END test_wc_Sha384Final */
  11103. /*
  11104. * Unit test function for wc_Sha384GetFlags()
  11105. */
  11106. static int test_wc_Sha384GetFlags(void)
  11107. {
  11108. int res = TEST_SKIPPED;
  11109. #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS)
  11110. wc_Sha384 sha384;
  11111. word32 flags = 0;
  11112. int flag = 0;
  11113. /* Initialize */
  11114. flag = wc_InitSha384(&sha384);
  11115. if (flag == 0) {
  11116. flag = wc_Sha384GetFlags(&sha384, &flags);
  11117. }
  11118. if (flag == 0) {
  11119. if (flags & WC_HASH_FLAG_ISCOPY) {
  11120. flag = 0;
  11121. }
  11122. }
  11123. wc_Sha384Free(&sha384);
  11124. res = TEST_RES_CHECK(flag == 0);
  11125. #endif
  11126. return res;
  11127. } /* END test_wc_Sha384GetFlags */
  11128. /*
  11129. * Unit test function for wc_Sha384FinalRaw()
  11130. */
  11131. static int test_wc_Sha384FinalRaw(void)
  11132. {
  11133. int res = TEST_SKIPPED;
  11134. #if (defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  11135. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
  11136. !defined(WOLFSSL_NO_HASH_RAW)
  11137. wc_Sha384 sha384;
  11138. byte* hash_test[3];
  11139. byte hash1[WC_SHA384_DIGEST_SIZE];
  11140. byte hash2[2*WC_SHA384_DIGEST_SIZE];
  11141. byte hash3[5*WC_SHA384_DIGEST_SIZE];
  11142. int times, i, ret;
  11143. int flag = 0;
  11144. /* Initialize */
  11145. ret = wc_InitSha384(&sha384);
  11146. if (ret != 0) {
  11147. flag = ret;
  11148. }
  11149. if (!flag) {
  11150. hash_test[0] = hash1;
  11151. hash_test[1] = hash2;
  11152. hash_test[2] = hash3;
  11153. }
  11154. times = sizeof(hash_test) / sizeof(byte*);
  11155. /* Good test args. */
  11156. for (i = 0; i < times; i++) {
  11157. if (!flag) {
  11158. ret = wc_Sha384FinalRaw(&sha384, hash_test[i]);
  11159. if (ret != 0) {
  11160. flag = WOLFSSL_FATAL_ERROR;
  11161. }
  11162. }
  11163. }
  11164. /* Test bad args. */
  11165. if (!flag ) {
  11166. ret = wc_Sha384FinalRaw(NULL, NULL);
  11167. if (ret != BAD_FUNC_ARG) {
  11168. flag = WOLFSSL_FATAL_ERROR;
  11169. }
  11170. }
  11171. if (!flag) {
  11172. ret = wc_Sha384FinalRaw(NULL, hash1);
  11173. if (ret != BAD_FUNC_ARG) {
  11174. flag = WOLFSSL_FATAL_ERROR;
  11175. }
  11176. }
  11177. if (!flag) {
  11178. ret = wc_Sha384FinalRaw(&sha384, NULL);
  11179. if (ret != BAD_FUNC_ARG) {
  11180. flag = WOLFSSL_FATAL_ERROR;
  11181. }
  11182. }
  11183. wc_Sha384Free(&sha384);
  11184. res = TEST_RES_CHECK(flag == 0);
  11185. #endif
  11186. return res;
  11187. } /* END test_wc_Sha384FinalRaw */
  11188. /*
  11189. * Unit test function for wc_Sha384Free()
  11190. */
  11191. static int test_wc_Sha384Free(void)
  11192. {
  11193. int res = TEST_SKIPPED;
  11194. #ifdef WOLFSSL_SHA384
  11195. wc_Sha384Free(NULL);
  11196. res = TEST_RES_CHECK(1);
  11197. #endif
  11198. return res;
  11199. } /* END test_wc_Sha384Free */
  11200. /*
  11201. * Unit test function for wc_Sha384GetHash()
  11202. */
  11203. static int test_wc_Sha384GetHash(void)
  11204. {
  11205. int res = TEST_SKIPPED;
  11206. #ifdef WOLFSSL_SHA384
  11207. wc_Sha384 sha384;
  11208. byte hash1[WC_SHA384_DIGEST_SIZE];
  11209. int flag = 0;
  11210. /* Initialize */
  11211. flag = wc_InitSha384(&sha384);
  11212. if (flag == 0) {
  11213. flag = wc_Sha384GetHash(&sha384, hash1);
  11214. }
  11215. /*test bad arguments*/
  11216. if (flag == 0) {
  11217. flag = wc_Sha384GetHash(NULL, NULL);
  11218. if (flag == BAD_FUNC_ARG) {
  11219. flag = 0;
  11220. }
  11221. }
  11222. if (flag == 0) {
  11223. flag = wc_Sha384GetHash(NULL, hash1);
  11224. if (flag == BAD_FUNC_ARG) {
  11225. flag = 0;
  11226. }
  11227. }
  11228. if (flag == 0) {
  11229. flag = wc_Sha384GetHash(&sha384, NULL);
  11230. if (flag == BAD_FUNC_ARG) {
  11231. flag = 0;
  11232. }
  11233. }
  11234. wc_Sha384Free(&sha384);
  11235. res = TEST_RES_CHECK(flag == 0);
  11236. #endif
  11237. return res;
  11238. } /* END test_wc_Sha384GetHash */
  11239. /*
  11240. * Unit test function for wc_Sha384Copy()
  11241. */
  11242. static int test_wc_Sha384Copy(void)
  11243. {
  11244. int res = TEST_SKIPPED;
  11245. #ifdef WOLFSSL_SHA384
  11246. wc_Sha384 sha384;
  11247. wc_Sha384 temp;
  11248. int flag = 0;
  11249. /* Initialize */
  11250. flag = wc_InitSha384(&sha384);
  11251. if (flag == 0) {
  11252. flag = wc_InitSha384(&temp);
  11253. }
  11254. if (flag == 0) {
  11255. flag = wc_Sha384Copy(&sha384, &temp);
  11256. }
  11257. /*test bad arguments*/
  11258. if (flag == 0) {
  11259. flag = wc_Sha384Copy(NULL, NULL);
  11260. if (flag == BAD_FUNC_ARG) {
  11261. flag = 0;
  11262. }
  11263. }
  11264. if (flag == 0) {
  11265. flag = wc_Sha384Copy(NULL, &temp);
  11266. if (flag == BAD_FUNC_ARG) {
  11267. flag = 0;
  11268. }
  11269. }
  11270. if (flag == 0) {
  11271. flag = wc_Sha384Copy(&sha384, NULL);
  11272. if (flag == BAD_FUNC_ARG) {
  11273. flag = 0;
  11274. }
  11275. }
  11276. wc_Sha384Free(&sha384);
  11277. wc_Sha384Free(&temp);
  11278. res = TEST_RES_CHECK(flag == 0);
  11279. #endif
  11280. return res;
  11281. } /* END test_wc_Sha384Copy */
  11282. /*
  11283. * Testing wc_InitSha224();
  11284. */
  11285. static int test_wc_InitSha224(void)
  11286. {
  11287. int res = TEST_SKIPPED;
  11288. #ifdef WOLFSSL_SHA224
  11289. wc_Sha224 sha224;
  11290. int ret;
  11291. int flag = 0;
  11292. /* Test good arg. */
  11293. ret = wc_InitSha224(&sha224);
  11294. if (ret != 0) {
  11295. flag = WOLFSSL_FATAL_ERROR;
  11296. }
  11297. /* Test bad arg. */
  11298. if (!flag) {
  11299. ret = wc_InitSha224(NULL);
  11300. if (ret != BAD_FUNC_ARG) {
  11301. flag = WOLFSSL_FATAL_ERROR;
  11302. }
  11303. }
  11304. wc_Sha224Free(&sha224);
  11305. res = TEST_RES_CHECK(flag == 0);
  11306. #endif
  11307. return res;
  11308. } /* END test_wc_InitSha224 */
  11309. /*
  11310. * Unit test on wc_Sha224Update
  11311. */
  11312. static int test_wc_Sha224Update(void)
  11313. {
  11314. int res = TEST_SKIPPED;
  11315. #ifdef WOLFSSL_SHA224
  11316. wc_Sha224 sha224;
  11317. byte hash[WC_SHA224_DIGEST_SIZE];
  11318. testVector a, b, c;
  11319. int ret;
  11320. int flag = 0;
  11321. ret = wc_InitSha224(&sha224);
  11322. if (ret != 0) {
  11323. flag = ret;
  11324. }
  11325. /* Input. */
  11326. if (!flag) {
  11327. a.input = "a";
  11328. a.inLen = XSTRLEN(a.input);
  11329. ret = wc_Sha224Update(&sha224, NULL, 0);
  11330. if (ret != 0) {
  11331. flag = ret;
  11332. }
  11333. ret = wc_Sha224Update(&sha224, (byte*)a.input, 0);
  11334. if (ret != 0) {
  11335. flag = ret;
  11336. }
  11337. ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
  11338. if (ret != 0) {
  11339. flag = ret;
  11340. }
  11341. }
  11342. if (!flag) {
  11343. ret = wc_Sha224Final(&sha224, hash);
  11344. if (ret != 0) {
  11345. flag = ret;
  11346. }
  11347. }
  11348. /* Update input. */
  11349. if (!flag) {
  11350. a.input = "abc";
  11351. a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2"
  11352. "\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
  11353. a.inLen = XSTRLEN(a.input);
  11354. a.outLen = XSTRLEN(a.output);
  11355. ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
  11356. if (ret != 0) {
  11357. flag = ret;
  11358. }
  11359. }
  11360. if (!flag) {
  11361. ret = wc_Sha224Final(&sha224, hash);
  11362. if (ret != 0) {
  11363. flag = ret;
  11364. }
  11365. }
  11366. if (!flag) {
  11367. if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
  11368. flag = WOLFSSL_FATAL_ERROR;
  11369. }
  11370. }
  11371. /* Pass in bad values. */
  11372. if (!flag) {
  11373. b.input = NULL;
  11374. b.inLen = 0;
  11375. ret = wc_Sha224Update(&sha224, (byte*)b.input, (word32)b.inLen);
  11376. if (ret != 0) {
  11377. flag = ret;
  11378. }
  11379. }
  11380. if (!flag) {
  11381. c.input = NULL;
  11382. c.inLen = WC_SHA224_DIGEST_SIZE;
  11383. ret = wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen);
  11384. if (ret != BAD_FUNC_ARG) {
  11385. flag = WOLFSSL_FATAL_ERROR;
  11386. }
  11387. }
  11388. if (!flag) {
  11389. ret = wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen);
  11390. if (ret != BAD_FUNC_ARG) {
  11391. flag = WOLFSSL_FATAL_ERROR;
  11392. }
  11393. }
  11394. wc_Sha224Free(&sha224);
  11395. res = TEST_RES_CHECK(flag == 0);
  11396. #endif
  11397. return res;
  11398. } /* END test_wc_Sha224Update */
  11399. /*
  11400. * Unit test for wc_Sha224Final();
  11401. */
  11402. static int test_wc_Sha224Final(void)
  11403. {
  11404. int res = TEST_SKIPPED;
  11405. #ifdef WOLFSSL_SHA224
  11406. wc_Sha224 sha224;
  11407. byte* hash_test[3];
  11408. byte hash1[WC_SHA224_DIGEST_SIZE];
  11409. byte hash2[2*WC_SHA224_DIGEST_SIZE];
  11410. byte hash3[5*WC_SHA224_DIGEST_SIZE];
  11411. int times, i, ret;
  11412. int flag = 0;
  11413. /* Initialize */
  11414. ret = wc_InitSha224(&sha224);
  11415. if (ret) {
  11416. flag = ret;
  11417. }
  11418. if (!flag) {
  11419. hash_test[0] = hash1;
  11420. hash_test[1] = hash2;
  11421. hash_test[2] = hash3;
  11422. }
  11423. times = sizeof(hash_test) / sizeof(byte*);
  11424. /* Good test args. */
  11425. /* Testing oversized buffers. */
  11426. for (i = 0; i < times; i++) {
  11427. if (!flag) {
  11428. ret = wc_Sha224Final(&sha224, hash_test[i]);
  11429. if (ret != 0) {
  11430. flag = WOLFSSL_FATAL_ERROR;
  11431. }
  11432. }
  11433. }
  11434. /* Test bad args. */
  11435. if (!flag) {
  11436. ret = wc_Sha224Final(NULL, NULL);
  11437. if (ret != BAD_FUNC_ARG) {
  11438. flag = WOLFSSL_FATAL_ERROR;
  11439. }
  11440. }
  11441. if (!flag) {
  11442. ret = wc_Sha224Final(NULL, hash1);
  11443. if (ret != BAD_FUNC_ARG) {
  11444. flag = WOLFSSL_FATAL_ERROR;
  11445. }
  11446. }
  11447. if (!flag) {
  11448. ret = wc_Sha224Final(&sha224, NULL);
  11449. if (ret != BAD_FUNC_ARG) {
  11450. flag = WOLFSSL_FATAL_ERROR;
  11451. }
  11452. }
  11453. wc_Sha224Free(&sha224);
  11454. res = TEST_RES_CHECK(flag == 0);
  11455. #endif
  11456. return res;
  11457. } /* END test_wc_Sha224Final */
  11458. /*
  11459. * Unit test function for wc_Sha224SetFlags()
  11460. */
  11461. static int test_wc_Sha224SetFlags(void)
  11462. {
  11463. int res = TEST_SKIPPED;
  11464. #if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
  11465. wc_Sha224 sha224;
  11466. word32 flags = 0;
  11467. int flag = 0;
  11468. /* Initialize */
  11469. flag = wc_InitSha224(&sha224);
  11470. if (flag == 0) {
  11471. flag = wc_Sha224SetFlags(&sha224, flags);
  11472. }
  11473. if (flag == 0) {
  11474. if (flags & WC_HASH_FLAG_ISCOPY) {
  11475. flag = 0;
  11476. }
  11477. }
  11478. wc_Sha224Free(&sha224);
  11479. res = TEST_RES_CHECK(flag == 0);
  11480. #endif
  11481. return res;
  11482. } /* END test_wc_Sha224SetFlags */
  11483. /*
  11484. * Unit test function for wc_Sha224GetFlags()
  11485. */
  11486. static int test_wc_Sha224GetFlags(void)
  11487. {
  11488. int res = TEST_SKIPPED;
  11489. #if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
  11490. wc_Sha224 sha224;
  11491. word32 flags = 0;
  11492. int flag = 0;
  11493. /* Initialize */
  11494. flag = wc_InitSha224(&sha224);
  11495. if (flag == 0) {
  11496. flag = wc_Sha224GetFlags(&sha224, &flags);
  11497. }
  11498. if (flag == 0) {
  11499. if (flags & WC_HASH_FLAG_ISCOPY) {
  11500. flag = 0;
  11501. }
  11502. }
  11503. wc_Sha224Free(&sha224);
  11504. res = TEST_RES_CHECK(flag == 0);
  11505. #endif
  11506. return res;
  11507. } /* END test_wc_Sha224GetFlags */
  11508. /*
  11509. * Unit test function for wc_Sha224Free()
  11510. */
  11511. static int test_wc_Sha224Free(void)
  11512. {
  11513. int res = TEST_SKIPPED;
  11514. #ifdef WOLFSSL_SHA224
  11515. wc_Sha224Free(NULL);
  11516. res = TEST_RES_CHECK(1);
  11517. #endif
  11518. return res;
  11519. } /* END test_wc_Sha224Free */
  11520. /*
  11521. * Unit test function for wc_Sha224GetHash()
  11522. */
  11523. static int test_wc_Sha224GetHash(void)
  11524. {
  11525. int res = TEST_SKIPPED;
  11526. #ifdef WOLFSSL_SHA224
  11527. wc_Sha224 sha224;
  11528. byte hash1[WC_SHA224_DIGEST_SIZE];
  11529. int flag = 0;
  11530. /* Initialize */
  11531. flag = wc_InitSha224(&sha224);
  11532. if (flag == 0) {
  11533. flag = wc_Sha224GetHash(&sha224, hash1);
  11534. }
  11535. /*test bad arguments*/
  11536. if (flag == 0) {
  11537. flag = wc_Sha224GetHash(NULL, NULL);
  11538. if (flag == BAD_FUNC_ARG) {
  11539. flag = 0;
  11540. }
  11541. }
  11542. if (flag == 0) {
  11543. flag = wc_Sha224GetHash(NULL, hash1);
  11544. if (flag == BAD_FUNC_ARG) {
  11545. flag = 0;
  11546. }
  11547. }
  11548. if (flag == 0) {
  11549. flag = wc_Sha224GetHash(&sha224, NULL);
  11550. if (flag == BAD_FUNC_ARG) {
  11551. flag = 0;
  11552. }
  11553. }
  11554. wc_Sha224Free(&sha224);
  11555. res = TEST_RES_CHECK(flag == 0);
  11556. #endif
  11557. return res;
  11558. } /* END test_wc_Sha224GetHash */
  11559. /*
  11560. * Unit test function for wc_Sha224Copy()
  11561. */
  11562. static int test_wc_Sha224Copy(void)
  11563. {
  11564. int res = TEST_SKIPPED;
  11565. #ifdef WOLFSSL_SHA224
  11566. wc_Sha224 sha224;
  11567. wc_Sha224 temp;
  11568. int flag = 0;
  11569. /* Initialize */
  11570. flag = wc_InitSha224(&sha224);
  11571. if (flag == 0) {
  11572. flag = wc_InitSha224(&temp);
  11573. }
  11574. if (flag == 0) {
  11575. flag = wc_Sha224Copy(&sha224, &temp);
  11576. }
  11577. /*test bad arguments*/
  11578. if (flag == 0) {
  11579. flag = wc_Sha224Copy(NULL, NULL);
  11580. if (flag == BAD_FUNC_ARG) {
  11581. flag = 0;
  11582. }
  11583. }
  11584. if (flag == 0) {
  11585. flag = wc_Sha224Copy(NULL, &temp);
  11586. if (flag == BAD_FUNC_ARG) {
  11587. flag = 0;
  11588. }
  11589. }
  11590. if (flag == 0) {
  11591. flag = wc_Sha224Copy(&sha224, NULL);
  11592. if (flag == BAD_FUNC_ARG) {
  11593. flag = 0;
  11594. }
  11595. }
  11596. wc_Sha224Free(&sha224);
  11597. wc_Sha224Free(&temp);
  11598. res = TEST_RES_CHECK(flag == 0);
  11599. #endif
  11600. return res;
  11601. } /* END test_wc_Sha224Copy */
  11602. /*
  11603. * Testing wc_InitRipeMd()
  11604. */
  11605. static int test_wc_InitRipeMd(void)
  11606. {
  11607. int res = TEST_SKIPPED;
  11608. #ifdef WOLFSSL_RIPEMD
  11609. RipeMd ripemd;
  11610. int ret;
  11611. int flag = 0;
  11612. /* Test good arg. */
  11613. ret = wc_InitRipeMd(&ripemd);
  11614. if (ret != 0) {
  11615. flag = WOLFSSL_FATAL_ERROR;
  11616. }
  11617. /* Test bad arg. */
  11618. if (!flag) {
  11619. ret = wc_InitRipeMd(NULL);
  11620. if (ret != BAD_FUNC_ARG) {
  11621. flag = WOLFSSL_FATAL_ERROR;
  11622. }
  11623. }
  11624. res = TEST_RES_CHECK(flag == 0);
  11625. #endif
  11626. return res;
  11627. } /* END test_wc_InitRipeMd */
  11628. /*
  11629. * Testing wc_RipeMdUpdate()
  11630. */
  11631. static int test_wc_RipeMdUpdate(void)
  11632. {
  11633. int res = TEST_SKIPPED;
  11634. #ifdef WOLFSSL_RIPEMD
  11635. RipeMd ripemd;
  11636. byte hash[RIPEMD_DIGEST_SIZE];
  11637. testVector a, b, c;
  11638. int ret;
  11639. int flag = 0;
  11640. ret = wc_InitRipeMd(&ripemd);
  11641. if (ret != 0) {
  11642. flag = ret;
  11643. }
  11644. /* Input */
  11645. if (!flag) {
  11646. a.input = "a";
  11647. a.inLen = XSTRLEN(a.input);
  11648. ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
  11649. if (ret != 0) {
  11650. flag = ret;
  11651. }
  11652. }
  11653. if (!flag) {
  11654. ret = wc_RipeMdFinal(&ripemd, hash);
  11655. if (ret != 0) {
  11656. flag = ret;
  11657. }
  11658. }
  11659. /* Update input. */
  11660. if (!flag) {
  11661. a.input = "abc";
  11662. a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
  11663. "\xb0\x87\xf1\x5a\x0b\xfc";
  11664. a.inLen = XSTRLEN(a.input);
  11665. a.outLen = XSTRLEN(a.output);
  11666. ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
  11667. if (ret != 0) {
  11668. flag = ret;
  11669. }
  11670. }
  11671. if (!flag) {
  11672. ret = wc_RipeMdFinal(&ripemd, hash);
  11673. if (ret != 0) {
  11674. flag = ret;
  11675. }
  11676. }
  11677. if (!flag) {
  11678. if (XMEMCMP(hash, a.output, RIPEMD_DIGEST_SIZE) != 0) {
  11679. flag = WOLFSSL_FATAL_ERROR;
  11680. }
  11681. }
  11682. /* Pass in bad values. */
  11683. if (!flag) {
  11684. b.input = NULL;
  11685. b.inLen = 0;
  11686. ret = wc_RipeMdUpdate(&ripemd, (byte*)b.input, (word32)b.inLen);
  11687. if (ret != 0) {
  11688. flag = ret;
  11689. }
  11690. }
  11691. if (!flag) {
  11692. c.input = NULL;
  11693. c.inLen = RIPEMD_DIGEST_SIZE;
  11694. ret = wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen);
  11695. if (ret != BAD_FUNC_ARG) {
  11696. flag = WOLFSSL_FATAL_ERROR;
  11697. }
  11698. }
  11699. if (!flag) {
  11700. ret = wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  11701. if (ret != BAD_FUNC_ARG) {
  11702. flag = WOLFSSL_FATAL_ERROR;
  11703. }
  11704. }
  11705. res = TEST_RES_CHECK(flag == 0);
  11706. #endif
  11707. return res;
  11708. } /* END test_wc_RipeMdUdpate */
  11709. /*
  11710. * Unit test function for wc_RipeMdFinal()
  11711. */
  11712. static int test_wc_RipeMdFinal(void)
  11713. {
  11714. int res = TEST_SKIPPED;
  11715. #ifdef WOLFSSL_RIPEMD
  11716. RipeMd ripemd;
  11717. byte* hash_test[3];
  11718. byte hash1[RIPEMD_DIGEST_SIZE];
  11719. byte hash2[2*RIPEMD_DIGEST_SIZE];
  11720. byte hash3[5*RIPEMD_DIGEST_SIZE];
  11721. int times, i, ret;
  11722. int flag = 0;
  11723. /* Initialize */
  11724. ret = wc_InitRipeMd(&ripemd);
  11725. if (ret != 0) {
  11726. flag = ret;
  11727. }
  11728. if (!flag) {
  11729. hash_test[0] = hash1;
  11730. hash_test[1] = hash2;
  11731. hash_test[2] = hash3;
  11732. }
  11733. times = sizeof(hash_test) / sizeof(byte*);
  11734. /* Testing oversized buffers. */
  11735. for (i = 0; i < times; i++) {
  11736. if (!flag) {
  11737. ret = wc_RipeMdFinal(&ripemd, hash_test[i]);
  11738. if (ret != 0) {
  11739. flag = WOLFSSL_FATAL_ERROR;
  11740. }
  11741. }
  11742. }
  11743. /* Test bad args. */
  11744. if (!flag) {
  11745. ret = wc_RipeMdFinal(NULL, NULL);
  11746. if (ret != BAD_FUNC_ARG) {
  11747. flag = WOLFSSL_FATAL_ERROR;
  11748. }
  11749. }
  11750. if (!flag) {
  11751. ret = wc_RipeMdFinal(NULL, hash1);
  11752. if (ret != BAD_FUNC_ARG) {
  11753. flag = WOLFSSL_FATAL_ERROR;
  11754. }
  11755. }
  11756. if (!flag) {
  11757. ret = wc_RipeMdFinal(&ripemd, NULL);
  11758. if (ret != BAD_FUNC_ARG) {
  11759. flag = WOLFSSL_FATAL_ERROR;
  11760. }
  11761. }
  11762. res = TEST_RES_CHECK(flag == 0);
  11763. #endif
  11764. return res;
  11765. } /* END test_wc_RipeMdFinal */
  11766. /*
  11767. * Testing wc_InitSha3_224, wc_InitSha3_256, wc_InitSha3_384, and
  11768. * wc_InitSha3_512
  11769. */
  11770. static int test_wc_InitSha3(void)
  11771. {
  11772. int res = TEST_SKIPPED;
  11773. #if defined(WOLFSSL_SHA3)
  11774. wc_Sha3 sha3;
  11775. int ret = 0;
  11776. (void)sha3;
  11777. #if !defined(WOLFSSL_NOSHA3_224)
  11778. ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId);
  11779. /* Test bad args. */
  11780. if (ret == 0) {
  11781. ret = wc_InitSha3_224(NULL, HEAP_HINT, testDevId);
  11782. if (ret == BAD_FUNC_ARG) {
  11783. ret = 0;
  11784. }
  11785. else if (ret == 0) {
  11786. ret = WOLFSSL_FATAL_ERROR;
  11787. }
  11788. }
  11789. wc_Sha3_224_Free(&sha3);
  11790. #endif /* NOSHA3_224 */
  11791. #if !defined(WOLFSSL_NOSHA3_256)
  11792. if (ret == 0) {
  11793. ret = wc_InitSha3_256(&sha3, HEAP_HINT, testDevId);
  11794. /* Test bad args. */
  11795. if (ret == 0) {
  11796. ret = wc_InitSha3_256(NULL, HEAP_HINT, testDevId);
  11797. if (ret == BAD_FUNC_ARG) {
  11798. ret = 0;
  11799. }
  11800. else if (ret == 0) {
  11801. ret = WOLFSSL_FATAL_ERROR;
  11802. }
  11803. }
  11804. wc_Sha3_256_Free(&sha3);
  11805. } /* END sha3_256 */
  11806. #endif /* NOSHA3_256 */
  11807. #if !defined(WOLFSSL_NOSHA3_384)
  11808. if (ret == 0) {
  11809. ret = wc_InitSha3_384(&sha3, HEAP_HINT, testDevId);
  11810. /* Test bad args. */
  11811. if (ret == 0) {
  11812. ret = wc_InitSha3_384(NULL, HEAP_HINT, testDevId);
  11813. if (ret == BAD_FUNC_ARG) {
  11814. ret = 0;
  11815. }
  11816. else if (ret == 0) {
  11817. ret = WOLFSSL_FATAL_ERROR;
  11818. }
  11819. }
  11820. wc_Sha3_384_Free(&sha3);
  11821. } /* END sha3_384 */
  11822. #endif /* NOSHA3_384 */
  11823. #if !defined(WOLFSSL_NOSHA3_512)
  11824. if (ret == 0) {
  11825. ret = wc_InitSha3_512(&sha3, HEAP_HINT, testDevId);
  11826. /* Test bad args. */
  11827. if (ret == 0) {
  11828. ret = wc_InitSha3_512(NULL, HEAP_HINT, testDevId);
  11829. if (ret == BAD_FUNC_ARG) {
  11830. ret = 0;
  11831. }
  11832. else if (ret == 0) {
  11833. ret = WOLFSSL_FATAL_ERROR;
  11834. }
  11835. }
  11836. wc_Sha3_512_Free(&sha3);
  11837. } /* END sha3_512 */
  11838. #endif /* NOSHA3_512 */
  11839. res = TEST_RES_CHECK(ret == 0);
  11840. #endif
  11841. return res;
  11842. } /* END test_wc_InitSha3 */
  11843. /*
  11844. * Testing wc_Sha3_Update()
  11845. */
  11846. static int testing_wc_Sha3_Update(void)
  11847. {
  11848. int res = TEST_SKIPPED;
  11849. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
  11850. !defined(WOLFSSL_AFALG_XILINX)
  11851. wc_Sha3 sha3;
  11852. byte msg[] = "Everybody's working for the weekend.";
  11853. byte msg2[] = "Everybody gets Friday off.";
  11854. byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
  11855. "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
  11856. "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
  11857. "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
  11858. "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
  11859. word32 msglen = sizeof(msg) - 1;
  11860. word32 msg2len = sizeof(msg2);
  11861. word32 msgCmplen = sizeof(msgCmp);
  11862. int ret = 0;
  11863. #if !defined(WOLFSSL_NOSHA3_224)
  11864. ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId);
  11865. if (ret != 0) {
  11866. return TEST_FAIL;
  11867. }
  11868. ret = wc_Sha3_224_Update(&sha3, msg, msglen);
  11869. if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
  11870. ret = WOLFSSL_FATAL_ERROR;
  11871. }
  11872. if (ret == 0) {
  11873. ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
  11874. if (ret == 0 && XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
  11875. ret = WOLFSSL_FATAL_ERROR;
  11876. }
  11877. }
  11878. /* Pass bad args. */
  11879. if (ret == 0) {
  11880. ret = wc_Sha3_224_Update(NULL, msg2, msg2len);
  11881. if (ret == BAD_FUNC_ARG) {
  11882. ret = wc_Sha3_224_Update(&sha3, NULL, 5);
  11883. }
  11884. if (ret == BAD_FUNC_ARG) {
  11885. wc_Sha3_224_Free(&sha3);
  11886. if (wc_InitSha3_224(&sha3, HEAP_HINT, testDevId)) {
  11887. return TEST_FAIL;
  11888. }
  11889. ret = wc_Sha3_224_Update(&sha3, NULL, 0);
  11890. if (ret == 0) {
  11891. ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
  11892. }
  11893. if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
  11894. ret = WOLFSSL_FATAL_ERROR;
  11895. }
  11896. }
  11897. }
  11898. wc_Sha3_224_Free(&sha3);
  11899. #endif /* SHA3_224 */
  11900. #if !defined(WOLFSSL_NOSHA3_256)
  11901. if (ret == 0) {
  11902. ret = wc_InitSha3_256(&sha3, HEAP_HINT, testDevId);
  11903. if (ret != 0) {
  11904. return TEST_FAIL;
  11905. }
  11906. ret = wc_Sha3_256_Update(&sha3, msg, msglen);
  11907. if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
  11908. ret = WOLFSSL_FATAL_ERROR;
  11909. }
  11910. if (ret == 0) {
  11911. ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
  11912. if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
  11913. ret = WOLFSSL_FATAL_ERROR;
  11914. }
  11915. }
  11916. /* Pass bad args. */
  11917. if (ret == 0) {
  11918. ret = wc_Sha3_256_Update(NULL, msg2, msg2len);
  11919. if (ret == BAD_FUNC_ARG) {
  11920. ret = wc_Sha3_256_Update(&sha3, NULL, 5);
  11921. }
  11922. if (ret == BAD_FUNC_ARG) {
  11923. wc_Sha3_256_Free(&sha3);
  11924. if (wc_InitSha3_256(&sha3, HEAP_HINT, testDevId)) {
  11925. return TEST_FAIL;
  11926. }
  11927. ret = wc_Sha3_256_Update(&sha3, NULL, 0);
  11928. if (ret == 0) {
  11929. ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
  11930. }
  11931. if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
  11932. ret = WOLFSSL_FATAL_ERROR;
  11933. }
  11934. }
  11935. }
  11936. wc_Sha3_256_Free(&sha3);
  11937. }
  11938. #endif /* SHA3_256 */
  11939. #if !defined(WOLFSSL_NOSHA3_384)
  11940. if (ret == 0) {
  11941. ret = wc_InitSha3_384(&sha3, HEAP_HINT, testDevId);
  11942. if (ret != 0) {
  11943. return TEST_FAIL;
  11944. }
  11945. ret = wc_Sha3_384_Update(&sha3, msg, msglen);
  11946. if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
  11947. ret = WOLFSSL_FATAL_ERROR;
  11948. }
  11949. if (ret == 0) {
  11950. ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
  11951. if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
  11952. ret = WOLFSSL_FATAL_ERROR;
  11953. }
  11954. }
  11955. /* Pass bad args. */
  11956. if (ret == 0) {
  11957. ret = wc_Sha3_384_Update(NULL, msg2, msg2len);
  11958. if (ret == BAD_FUNC_ARG) {
  11959. ret = wc_Sha3_384_Update(&sha3, NULL, 5);
  11960. }
  11961. if (ret == BAD_FUNC_ARG) {
  11962. wc_Sha3_384_Free(&sha3);
  11963. if (wc_InitSha3_384(&sha3, HEAP_HINT, testDevId)) {
  11964. return TEST_FAIL;
  11965. }
  11966. ret = wc_Sha3_384_Update(&sha3, NULL, 0);
  11967. if (ret == 0) {
  11968. ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
  11969. }
  11970. if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
  11971. ret = WOLFSSL_FATAL_ERROR;
  11972. }
  11973. }
  11974. }
  11975. wc_Sha3_384_Free(&sha3);
  11976. }
  11977. #endif /* SHA3_384 */
  11978. #if !defined(WOLFSSL_NOSHA3_512)
  11979. if (ret == 0) {
  11980. ret = wc_InitSha3_512(&sha3, HEAP_HINT, testDevId);
  11981. if (ret != 0) {
  11982. return TEST_FAIL;
  11983. }
  11984. ret = wc_Sha3_512_Update(&sha3, msg, msglen);
  11985. if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
  11986. ret = WOLFSSL_FATAL_ERROR;
  11987. }
  11988. if (ret == 0) {
  11989. ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
  11990. if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
  11991. ret = WOLFSSL_FATAL_ERROR;
  11992. }
  11993. }
  11994. /* Pass bad args. */
  11995. if (ret == 0) {
  11996. ret = wc_Sha3_512_Update(NULL, msg2, msg2len);
  11997. if (ret == BAD_FUNC_ARG) {
  11998. ret = wc_Sha3_512_Update(&sha3, NULL, 5);
  11999. }
  12000. if (ret == BAD_FUNC_ARG) {
  12001. wc_Sha3_512_Free(&sha3);
  12002. if (wc_InitSha3_512(&sha3, HEAP_HINT, testDevId)) {
  12003. return TEST_FAIL;
  12004. }
  12005. ret = wc_Sha3_512_Update(&sha3, NULL, 0);
  12006. if (ret == 0) {
  12007. ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
  12008. }
  12009. if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
  12010. ret = WOLFSSL_FATAL_ERROR;
  12011. }
  12012. }
  12013. }
  12014. wc_Sha3_512_Free(&sha3);
  12015. }
  12016. #endif /* SHA3_512 */
  12017. res = TEST_RES_CHECK(ret == 0);
  12018. #endif /* WOLFSSL_SHA3 */
  12019. return res;
  12020. } /* END testing_wc_Sha3_Update */
  12021. /*
  12022. * Testing wc_Sha3_224_Final()
  12023. */
  12024. static int test_wc_Sha3_224_Final(void)
  12025. {
  12026. int res = TEST_SKIPPED;
  12027. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
  12028. wc_Sha3 sha3;
  12029. const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
  12030. "nopnopq";
  12031. const char* expOut = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55"
  12032. "\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2"
  12033. "\x64\xea\xd0\xfc\xce\x33";
  12034. byte hash[WC_SHA3_224_DIGEST_SIZE];
  12035. byte hashRet[WC_SHA3_224_DIGEST_SIZE];
  12036. int ret = 0;
  12037. /* Init stack variables. */
  12038. XMEMSET(hash, 0, sizeof(hash));
  12039. ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId);
  12040. if (ret != 0) {
  12041. return TEST_FAIL;
  12042. }
  12043. ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  12044. if (ret == 0) {
  12045. ret = wc_Sha3_224_Final(&sha3, hash);
  12046. if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE) != 0) {
  12047. ret = WOLFSSL_FATAL_ERROR;
  12048. }
  12049. }
  12050. /* Test bad args. */
  12051. if (ret == 0) {
  12052. ret = wc_Sha3_224_Final(NULL, hash);
  12053. if (ret == 0) {
  12054. ret = wc_Sha3_224_Final(&sha3, NULL);
  12055. }
  12056. if (ret == BAD_FUNC_ARG) {
  12057. ret = 0;
  12058. }
  12059. else if (ret == 0) {
  12060. ret = WOLFSSL_FATAL_ERROR;
  12061. }
  12062. }
  12063. wc_Sha3_224_Free(&sha3);
  12064. if (ret == 0) {
  12065. ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId);
  12066. if (ret != 0) {
  12067. return TEST_FAIL;
  12068. }
  12069. /* Init stack variables. */
  12070. XMEMSET(hash, 0, sizeof(hash));
  12071. XMEMSET(hashRet, 0, sizeof(hashRet));
  12072. ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  12073. if (ret == 0) {
  12074. ret = wc_Sha3_224_GetHash(&sha3, hashRet);
  12075. }
  12076. if (ret == 0) {
  12077. ret = wc_Sha3_224_Final(&sha3, hash);
  12078. if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE) != 0) {
  12079. ret = WOLFSSL_FATAL_ERROR;
  12080. }
  12081. }
  12082. if (ret == 0) {
  12083. /* Test bad args. */
  12084. ret = wc_Sha3_224_GetHash(NULL, hashRet);
  12085. if (ret == BAD_FUNC_ARG) {
  12086. ret = wc_Sha3_224_GetHash(&sha3, NULL);
  12087. }
  12088. if (ret == BAD_FUNC_ARG) {
  12089. ret = 0;
  12090. }
  12091. else if (ret == 0) {
  12092. ret = WOLFSSL_FATAL_ERROR;
  12093. }
  12094. }
  12095. }
  12096. wc_Sha3_224_Free(&sha3);
  12097. res = TEST_RES_CHECK(ret == 0);
  12098. #endif
  12099. return res;
  12100. } /* END test_wc_Sha3_224_Final */
  12101. /*
  12102. * Testing wc_Sha3_256_Final()
  12103. */
  12104. static int test_wc_Sha3_256_Final(void)
  12105. {
  12106. int res = TEST_SKIPPED;
  12107. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
  12108. wc_Sha3 sha3;
  12109. const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
  12110. "nopnopq";
  12111. const char* expOut = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8"
  12112. "\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32"
  12113. "\xdd\x97\x49\x6d\x33\x76";
  12114. byte hash[WC_SHA3_256_DIGEST_SIZE];
  12115. byte hashRet[WC_SHA3_256_DIGEST_SIZE];
  12116. int ret = 0;
  12117. /* Init stack variables. */
  12118. XMEMSET(hash, 0, sizeof(hash));
  12119. ret = wc_InitSha3_256(&sha3, HEAP_HINT, testDevId);
  12120. if (ret != 0) {
  12121. return TEST_FAIL;
  12122. }
  12123. ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  12124. if (ret == 0) {
  12125. ret = wc_Sha3_256_Final(&sha3, hash);
  12126. if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE) != 0) {
  12127. ret = WOLFSSL_FATAL_ERROR;
  12128. }
  12129. }
  12130. /* Test bad args. */
  12131. if (ret == 0) {
  12132. ret = wc_Sha3_256_Final(NULL, hash);
  12133. if (ret == 0) {
  12134. ret = wc_Sha3_256_Final(&sha3, NULL);
  12135. }
  12136. if (ret == BAD_FUNC_ARG) {
  12137. ret = 0;
  12138. }
  12139. else if (ret == 0) {
  12140. ret = WOLFSSL_FATAL_ERROR;
  12141. }
  12142. }
  12143. wc_Sha3_256_Free(&sha3);
  12144. if (ret == 0) {
  12145. ret = wc_InitSha3_256(&sha3, HEAP_HINT, testDevId);
  12146. if (ret != 0) {
  12147. return TEST_FAIL;
  12148. }
  12149. /* Init stack variables. */
  12150. XMEMSET(hash, 0, sizeof(hash));
  12151. XMEMSET(hashRet, 0, sizeof(hashRet));
  12152. ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  12153. if (ret == 0) {
  12154. ret = wc_Sha3_256_GetHash(&sha3, hashRet);
  12155. }
  12156. if (ret == 0) {
  12157. ret = wc_Sha3_256_Final(&sha3, hash);
  12158. if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE) != 0) {
  12159. ret = WOLFSSL_FATAL_ERROR;
  12160. }
  12161. }
  12162. if (ret == 0) {
  12163. /* Test bad args. */
  12164. ret = wc_Sha3_256_GetHash(NULL, hashRet);
  12165. if (ret == BAD_FUNC_ARG) {
  12166. ret = wc_Sha3_256_GetHash(&sha3, NULL);
  12167. }
  12168. if (ret == BAD_FUNC_ARG) {
  12169. ret = 0;
  12170. }
  12171. else if (ret == 0) {
  12172. ret = WOLFSSL_FATAL_ERROR;
  12173. }
  12174. }
  12175. }
  12176. wc_Sha3_256_Free(&sha3);
  12177. res = TEST_RES_CHECK(ret == 0);
  12178. #endif
  12179. return res;
  12180. } /* END test_wc_Sha3_256_Final */
  12181. /*
  12182. * Testing wc_Sha3_384_Final()
  12183. */
  12184. static int test_wc_Sha3_384_Final(void)
  12185. {
  12186. int res = TEST_SKIPPED;
  12187. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
  12188. wc_Sha3 sha3;
  12189. const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
  12190. "nopnopq";
  12191. const char* expOut = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7"
  12192. "\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd"
  12193. "\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe"
  12194. "\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22";
  12195. byte hash[WC_SHA3_384_DIGEST_SIZE];
  12196. byte hashRet[WC_SHA3_384_DIGEST_SIZE];
  12197. int ret = 0;
  12198. /* Init stack variables. */
  12199. XMEMSET(hash, 0, sizeof(hash));
  12200. ret = wc_InitSha3_384(&sha3, HEAP_HINT, testDevId);
  12201. if (ret != 0) {
  12202. return TEST_FAIL;
  12203. }
  12204. ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  12205. if (ret == 0) {
  12206. ret = wc_Sha3_384_Final(&sha3, hash);
  12207. if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE) != 0) {
  12208. ret = WOLFSSL_FATAL_ERROR;
  12209. }
  12210. }
  12211. /* Test bad args. */
  12212. if (ret == 0) {
  12213. ret = wc_Sha3_384_Final(NULL, hash);
  12214. if (ret == 0) {
  12215. ret = wc_Sha3_384_Final(&sha3, NULL);
  12216. }
  12217. if (ret == BAD_FUNC_ARG) {
  12218. ret = 0;
  12219. }
  12220. else if (ret == 0) {
  12221. ret = WOLFSSL_FATAL_ERROR;
  12222. }
  12223. }
  12224. wc_Sha3_384_Free(&sha3);
  12225. if (ret == 0) {
  12226. ret = wc_InitSha3_384(&sha3, HEAP_HINT, testDevId);
  12227. if (ret != 0) {
  12228. return TEST_FAIL;
  12229. }
  12230. /* Init stack variables. */
  12231. XMEMSET(hash, 0, sizeof(hash));
  12232. XMEMSET(hashRet, 0, sizeof(hashRet));
  12233. ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  12234. if (ret == 0) {
  12235. ret = wc_Sha3_384_GetHash(&sha3, hashRet);
  12236. }
  12237. if (ret == 0) {
  12238. ret = wc_Sha3_384_Final(&sha3, hash);
  12239. if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE) != 0) {
  12240. ret = WOLFSSL_FATAL_ERROR;
  12241. }
  12242. }
  12243. if (ret == 0) {
  12244. /* Test bad args. */
  12245. ret = wc_Sha3_384_GetHash(NULL, hashRet);
  12246. if (ret == BAD_FUNC_ARG) {
  12247. ret = wc_Sha3_384_GetHash(&sha3, NULL);
  12248. }
  12249. if (ret == BAD_FUNC_ARG) {
  12250. ret = 0;
  12251. }
  12252. else if (ret == 0) {
  12253. ret = WOLFSSL_FATAL_ERROR;
  12254. }
  12255. }
  12256. }
  12257. wc_Sha3_384_Free(&sha3);
  12258. res = TEST_RES_CHECK(ret == 0);
  12259. #endif
  12260. return res;
  12261. } /* END test_wc_Sha3_384_Final */
  12262. /*
  12263. * Testing wc_Sha3_512_Final()
  12264. */
  12265. static int test_wc_Sha3_512_Final(void)
  12266. {
  12267. int res = TEST_SKIPPED;
  12268. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \
  12269. !defined(WOLFSSL_NOSHA3_384)
  12270. wc_Sha3 sha3;
  12271. const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
  12272. "nopnopq";
  12273. const char* expOut = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10"
  12274. "\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7"
  12275. "\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53"
  12276. "\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4"
  12277. "\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e";
  12278. byte hash[WC_SHA3_512_DIGEST_SIZE];
  12279. byte hashRet[WC_SHA3_512_DIGEST_SIZE];
  12280. int ret = 0;
  12281. /* Init stack variables. */
  12282. XMEMSET(hash, 0, sizeof(hash));
  12283. ret = wc_InitSha3_512(&sha3, HEAP_HINT, testDevId);
  12284. if (ret != 0) {
  12285. return TEST_FAIL;
  12286. }
  12287. ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  12288. if (ret == 0) {
  12289. ret = wc_Sha3_512_Final(&sha3, hash);
  12290. if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE) != 0) {
  12291. ret = WOLFSSL_FATAL_ERROR;
  12292. }
  12293. }
  12294. /* Test bad args. */
  12295. if (ret == 0) {
  12296. ret = wc_Sha3_512_Final(NULL, hash);
  12297. if (ret == 0) {
  12298. ret = wc_Sha3_384_Final(&sha3, NULL);
  12299. }
  12300. if (ret == BAD_FUNC_ARG) {
  12301. ret = 0;
  12302. }
  12303. else if (ret == 0) {
  12304. ret = WOLFSSL_FATAL_ERROR;
  12305. }
  12306. }
  12307. wc_Sha3_512_Free(&sha3);
  12308. if (ret == 0) {
  12309. ret = wc_InitSha3_512(&sha3, HEAP_HINT, testDevId);
  12310. if (ret != 0) {
  12311. return TEST_FAIL;
  12312. }
  12313. /* Init stack variables. */
  12314. XMEMSET(hash, 0, sizeof(hash));
  12315. XMEMSET(hashRet, 0, sizeof(hashRet));
  12316. ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  12317. if (ret == 0) {
  12318. ret = wc_Sha3_512_GetHash(&sha3, hashRet);
  12319. }
  12320. if (ret == 0) {
  12321. ret = wc_Sha3_512_Final(&sha3, hash);
  12322. if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE) != 0) {
  12323. ret = WOLFSSL_FATAL_ERROR;
  12324. }
  12325. }
  12326. if (ret == 0) {
  12327. /* Test bad args. */
  12328. ret = wc_Sha3_512_GetHash(NULL, hashRet);
  12329. if (ret == BAD_FUNC_ARG) {
  12330. ret = wc_Sha3_512_GetHash(&sha3, NULL);
  12331. }
  12332. if (ret == BAD_FUNC_ARG) {
  12333. ret = 0;
  12334. }
  12335. else if (ret == 0) {
  12336. ret = WOLFSSL_FATAL_ERROR;
  12337. }
  12338. }
  12339. }
  12340. wc_Sha3_512_Free(&sha3);
  12341. res = TEST_RES_CHECK(ret == 0);
  12342. #endif
  12343. return res;
  12344. } /* END test_wc_Sha3_512_Final */
  12345. /*
  12346. * Testing wc_Sha3_224_Copy()
  12347. */
  12348. static int test_wc_Sha3_224_Copy(void)
  12349. {
  12350. int res = TEST_SKIPPED;
  12351. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
  12352. wc_Sha3 sha3, sha3Cpy;
  12353. const char* msg = TEST_STRING;
  12354. word32 msglen = (word32)TEST_STRING_SZ;
  12355. byte hash[WC_SHA3_224_DIGEST_SIZE];
  12356. byte hashCpy[WC_SHA3_224_DIGEST_SIZE];
  12357. int ret = 0;
  12358. XMEMSET(hash, 0, sizeof(hash));
  12359. XMEMSET(hashCpy, 0, sizeof(hashCpy));
  12360. ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId);
  12361. if (ret != 0) {
  12362. return TEST_FAIL;
  12363. }
  12364. ret = wc_InitSha3_224(&sha3Cpy, HEAP_HINT, testDevId);
  12365. if (ret != 0) {
  12366. wc_Sha3_224_Free(&sha3);
  12367. return TEST_FAIL;
  12368. }
  12369. ret = wc_Sha3_224_Update(&sha3, (byte*)msg, msglen);
  12370. if (ret == 0) {
  12371. ret = wc_Sha3_224_Copy(&sha3Cpy, &sha3);
  12372. if (ret == 0) {
  12373. ret = wc_Sha3_224_Final(&sha3, hash);
  12374. if (ret == 0) {
  12375. ret = wc_Sha3_224_Final(&sha3Cpy, hashCpy);
  12376. }
  12377. }
  12378. if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
  12379. ret = WOLFSSL_FATAL_ERROR;
  12380. }
  12381. }
  12382. /* Test bad args. */
  12383. if (ret == 0) {
  12384. ret = wc_Sha3_224_Copy(NULL, &sha3);
  12385. if (ret == BAD_FUNC_ARG) {
  12386. ret = wc_Sha3_224_Copy(&sha3Cpy, NULL);
  12387. }
  12388. if (ret == BAD_FUNC_ARG) {
  12389. ret = 0;
  12390. }
  12391. else if (ret == 0) {
  12392. ret = WOLFSSL_FATAL_ERROR;
  12393. }
  12394. }
  12395. res = TEST_RES_CHECK(ret == 0);
  12396. #endif
  12397. return res;
  12398. } /* END test_wc_Sha3_224_Copy */
  12399. /*
  12400. * Testing wc_Sha3_256_Copy()
  12401. */
  12402. static int test_wc_Sha3_256_Copy(void)
  12403. {
  12404. int res = TEST_SKIPPED;
  12405. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
  12406. wc_Sha3 sha3, sha3Cpy;
  12407. const char* msg = TEST_STRING;
  12408. word32 msglen = (word32)TEST_STRING_SZ;
  12409. byte hash[WC_SHA3_256_DIGEST_SIZE];
  12410. byte hashCpy[WC_SHA3_256_DIGEST_SIZE];
  12411. int ret = 0;
  12412. XMEMSET(hash, 0, sizeof(hash));
  12413. XMEMSET(hashCpy, 0, sizeof(hashCpy));
  12414. ret = wc_InitSha3_256(&sha3, HEAP_HINT, testDevId);
  12415. if (ret != 0) {
  12416. return TEST_FAIL;
  12417. }
  12418. ret = wc_InitSha3_256(&sha3Cpy, HEAP_HINT, testDevId);
  12419. if (ret != 0) {
  12420. wc_Sha3_256_Free(&sha3);
  12421. return TEST_FAIL;
  12422. }
  12423. ret = wc_Sha3_256_Update(&sha3, (byte*)msg, msglen);
  12424. if (ret == 0) {
  12425. ret = wc_Sha3_256_Copy(&sha3Cpy, &sha3);
  12426. if (ret == 0) {
  12427. ret = wc_Sha3_256_Final(&sha3, hash);
  12428. if (ret == 0) {
  12429. ret = wc_Sha3_256_Final(&sha3Cpy, hashCpy);
  12430. }
  12431. }
  12432. if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
  12433. ret = WOLFSSL_FATAL_ERROR;
  12434. }
  12435. }
  12436. /* Test bad args. */
  12437. if (ret == 0) {
  12438. ret = wc_Sha3_256_Copy(NULL, &sha3);
  12439. if (ret == BAD_FUNC_ARG) {
  12440. ret = wc_Sha3_256_Copy(&sha3Cpy, NULL);
  12441. }
  12442. if (ret == BAD_FUNC_ARG) {
  12443. ret = 0;
  12444. }
  12445. else if (ret == 0) {
  12446. ret = WOLFSSL_FATAL_ERROR;
  12447. }
  12448. }
  12449. res = TEST_RES_CHECK(ret == 0);
  12450. #endif
  12451. return res;
  12452. } /* END test_wc_Sha3_256_Copy */
  12453. /*
  12454. * Testing wc_Sha3_384_Copy()
  12455. */
  12456. static int test_wc_Sha3_384_Copy(void)
  12457. {
  12458. int res = TEST_SKIPPED;
  12459. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
  12460. wc_Sha3 sha3, sha3Cpy;
  12461. const char* msg = TEST_STRING;
  12462. word32 msglen = (word32)TEST_STRING_SZ;
  12463. byte hash[WC_SHA3_384_DIGEST_SIZE];
  12464. byte hashCpy[WC_SHA3_384_DIGEST_SIZE];
  12465. int ret = 0;
  12466. XMEMSET(hash, 0, sizeof(hash));
  12467. XMEMSET(hashCpy, 0, sizeof(hashCpy));
  12468. ret = wc_InitSha3_384(&sha3, HEAP_HINT, testDevId);
  12469. if (ret != 0) {
  12470. return TEST_FAIL;
  12471. }
  12472. ret = wc_InitSha3_384(&sha3Cpy, HEAP_HINT, testDevId);
  12473. if (ret != 0) {
  12474. wc_Sha3_384_Free(&sha3);
  12475. return TEST_FAIL;
  12476. }
  12477. ret = wc_Sha3_384_Update(&sha3, (byte*)msg, msglen);
  12478. if (ret == 0) {
  12479. ret = wc_Sha3_384_Copy(&sha3Cpy, &sha3);
  12480. if (ret == 0) {
  12481. ret = wc_Sha3_384_Final(&sha3, hash);
  12482. if (ret == 0) {
  12483. ret = wc_Sha3_384_Final(&sha3Cpy, hashCpy);
  12484. }
  12485. }
  12486. if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
  12487. ret = WOLFSSL_FATAL_ERROR;
  12488. }
  12489. }
  12490. /* Test bad args. */
  12491. if (ret == 0) {
  12492. ret = wc_Sha3_384_Copy(NULL, &sha3);
  12493. if (ret == BAD_FUNC_ARG) {
  12494. ret = wc_Sha3_384_Copy(&sha3Cpy, NULL);
  12495. }
  12496. if (ret == BAD_FUNC_ARG) {
  12497. ret = 0;
  12498. }
  12499. else if (ret == 0) {
  12500. ret = WOLFSSL_FATAL_ERROR;
  12501. }
  12502. }
  12503. res = TEST_RES_CHECK(ret == 0);
  12504. #endif
  12505. return res;
  12506. } /* END test_wc_Sha3_384_Copy */
  12507. /*
  12508. * Testing wc_Sha3_512_Copy()
  12509. */
  12510. static int test_wc_Sha3_512_Copy(void)
  12511. {
  12512. int res = TEST_SKIPPED;
  12513. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
  12514. wc_Sha3 sha3, sha3Cpy;
  12515. const char* msg = TEST_STRING;
  12516. word32 msglen = (word32)TEST_STRING_SZ;
  12517. byte hash[WC_SHA3_512_DIGEST_SIZE];
  12518. byte hashCpy[WC_SHA3_512_DIGEST_SIZE];
  12519. int ret = 0;
  12520. XMEMSET(hash, 0, sizeof(hash));
  12521. XMEMSET(hashCpy, 0, sizeof(hashCpy));
  12522. ret = wc_InitSha3_512(&sha3, HEAP_HINT, testDevId);
  12523. if (ret != 0) {
  12524. return TEST_FAIL;
  12525. }
  12526. ret = wc_InitSha3_512(&sha3Cpy, HEAP_HINT, testDevId);
  12527. if (ret != 0) {
  12528. wc_Sha3_512_Free(&sha3);
  12529. return TEST_FAIL;
  12530. }
  12531. ret = wc_Sha3_512_Update(&sha3, (byte*)msg, msglen);
  12532. if (ret == 0) {
  12533. ret = wc_Sha3_512_Copy(&sha3Cpy, &sha3);
  12534. if (ret == 0) {
  12535. ret = wc_Sha3_512_Final(&sha3, hash);
  12536. if (ret == 0) {
  12537. ret = wc_Sha3_512_Final(&sha3Cpy, hashCpy);
  12538. }
  12539. }
  12540. if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
  12541. ret = WOLFSSL_FATAL_ERROR;
  12542. }
  12543. }
  12544. /* Test bad args. */
  12545. if (ret == 0) {
  12546. ret = wc_Sha3_512_Copy(NULL, &sha3);
  12547. if (ret == BAD_FUNC_ARG) {
  12548. ret = wc_Sha3_512_Copy(&sha3Cpy, NULL);
  12549. }
  12550. if (ret == BAD_FUNC_ARG) {
  12551. ret = 0;
  12552. }
  12553. else if (ret == 0) {
  12554. ret = WOLFSSL_FATAL_ERROR;
  12555. }
  12556. }
  12557. res = TEST_RES_CHECK(ret == 0);
  12558. #endif
  12559. return res;
  12560. } /* END test_wc_Sha3_512_Copy */
  12561. /*
  12562. * Unit test function for wc_Sha3_GetFlags()
  12563. */
  12564. static int test_wc_Sha3_GetFlags(void)
  12565. {
  12566. int res = TEST_SKIPPED;
  12567. #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS)
  12568. wc_Sha3 sha3;
  12569. word32 flags = 0;
  12570. int ret = 0;
  12571. /* Initialize */
  12572. ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId);
  12573. if (ret != 0) {
  12574. return TEST_FAIL;
  12575. }
  12576. if (ret == 0) {
  12577. ret = wc_Sha3_GetFlags(&sha3, &flags);
  12578. }
  12579. if (ret == 0) {
  12580. if (flags & WC_HASH_FLAG_ISCOPY) {
  12581. ret = 0;
  12582. }
  12583. }
  12584. wc_Sha3_224_Free(&sha3);
  12585. res = TEST_RES_CHECK(ret == 0);
  12586. #endif
  12587. return res;
  12588. } /* END test_wc_Sha3_GetFlags */
  12589. static int test_wc_InitShake256(void)
  12590. {
  12591. int res = TEST_SKIPPED;
  12592. #ifdef WOLFSSL_SHAKE256
  12593. wc_Shake shake;
  12594. int ret = 0;
  12595. ret = wc_InitShake256(&shake, HEAP_HINT, testDevId);
  12596. /* Test bad args. */
  12597. if (ret == 0) {
  12598. ret = wc_InitShake256(NULL, HEAP_HINT, testDevId);
  12599. if (ret == BAD_FUNC_ARG) {
  12600. ret = 0;
  12601. }
  12602. else if (ret == 0) {
  12603. ret = WOLFSSL_FATAL_ERROR;
  12604. }
  12605. }
  12606. wc_Shake256_Free(&shake);
  12607. res = TEST_RES_CHECK(ret == 0);
  12608. #endif
  12609. return res;
  12610. } /* END test_wc_InitSha3 */
  12611. static int testing_wc_Shake256_Update(void)
  12612. {
  12613. int res = TEST_SKIPPED;
  12614. #ifdef WOLFSSL_SHAKE256
  12615. wc_Shake shake;
  12616. byte msg[] = "Everybody's working for the weekend.";
  12617. byte msg2[] = "Everybody gets Friday off.";
  12618. byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
  12619. "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
  12620. "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
  12621. "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
  12622. "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
  12623. word32 msglen = sizeof(msg) - 1;
  12624. word32 msg2len = sizeof(msg2);
  12625. word32 msgCmplen = sizeof(msgCmp);
  12626. int ret = 0;
  12627. ret = wc_InitShake256(&shake, HEAP_HINT, testDevId);
  12628. if (ret != 0) {
  12629. return TEST_FAIL;
  12630. }
  12631. ret = wc_Shake256_Update(&shake, msg, msglen);
  12632. if (XMEMCMP(msg, shake.t, msglen) || shake.i != msglen) {
  12633. ret = WOLFSSL_FATAL_ERROR;
  12634. }
  12635. if (ret == 0) {
  12636. ret = wc_Shake256_Update(&shake, msg2, msg2len);
  12637. if (XMEMCMP(shake.t, msgCmp, msgCmplen) != 0) {
  12638. ret = WOLFSSL_FATAL_ERROR;
  12639. }
  12640. }
  12641. /* Pass bad args. */
  12642. if (ret == 0) {
  12643. ret = wc_Shake256_Update(NULL, msg2, msg2len);
  12644. if (ret == BAD_FUNC_ARG) {
  12645. ret = wc_Shake256_Update(&shake, NULL, 5);
  12646. }
  12647. if (ret == BAD_FUNC_ARG) {
  12648. wc_Shake256_Free(&shake);
  12649. if (wc_InitShake256(&shake, HEAP_HINT, testDevId)) {
  12650. return TEST_FAIL;
  12651. }
  12652. ret = wc_Shake256_Update(&shake, NULL, 0);
  12653. if (ret == 0) {
  12654. ret = wc_Shake256_Update(&shake, msg2, msg2len);
  12655. }
  12656. if (ret == 0 && XMEMCMP(msg2, shake.t, msg2len) != 0) {
  12657. ret = WOLFSSL_FATAL_ERROR;
  12658. }
  12659. }
  12660. }
  12661. wc_Shake256_Free(&shake);
  12662. res = TEST_RES_CHECK(ret == 0);
  12663. #endif /* WOLFSSL_SHAKE256 */
  12664. return res;
  12665. }
  12666. static int test_wc_Shake256_Final(void)
  12667. {
  12668. int res = TEST_SKIPPED;
  12669. #ifdef WOLFSSL_SHAKE256
  12670. wc_Shake shake;
  12671. const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
  12672. "nopnopq";
  12673. const char* expOut = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f"
  12674. "\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b"
  12675. "\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59"
  12676. "\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96"
  12677. "\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37"
  12678. "\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97"
  12679. "\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2"
  12680. "\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67"
  12681. "\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
  12682. byte hash[114];
  12683. int ret = 0;
  12684. /* Init stack variables. */
  12685. XMEMSET(hash, 0, sizeof(hash));
  12686. ret = wc_InitShake256(&shake, HEAP_HINT, testDevId);
  12687. if (ret != 0) {
  12688. return TEST_FAIL;
  12689. }
  12690. ret= wc_Shake256_Update(&shake, (byte*)msg, (word32)XSTRLEN(msg));
  12691. if (ret == 0) {
  12692. ret = wc_Shake256_Final(&shake, hash, (word32)sizeof(hash));
  12693. if (ret == 0 && XMEMCMP(expOut, hash, (word32)sizeof(hash)) != 0) {
  12694. ret = WOLFSSL_FATAL_ERROR;
  12695. }
  12696. }
  12697. /* Test bad args. */
  12698. if (ret == 0) {
  12699. ret = wc_Shake256_Final(NULL, hash, (word32)sizeof(hash));
  12700. if (ret == 0) {
  12701. ret = wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash));
  12702. }
  12703. if (ret == BAD_FUNC_ARG) {
  12704. ret = 0;
  12705. }
  12706. else if (ret == 0) {
  12707. ret = WOLFSSL_FATAL_ERROR;
  12708. }
  12709. }
  12710. wc_Shake256_Free(&shake);
  12711. res = TEST_RES_CHECK(ret == 0);
  12712. #endif
  12713. return res;
  12714. }
  12715. /*
  12716. * Testing wc_Shake256_Copy()
  12717. */
  12718. static int test_wc_Shake256_Copy(void)
  12719. {
  12720. int res = TEST_SKIPPED;
  12721. #ifdef WOLFSSL_SHAKE256
  12722. wc_Shake shake, shakeCpy;
  12723. const char* msg = TEST_STRING;
  12724. word32 msglen = (word32)TEST_STRING_SZ;
  12725. byte hash[144];
  12726. byte hashCpy[144];
  12727. word32 hashLen = sizeof(hash);
  12728. word32 hashLenCpy = sizeof(hashCpy);
  12729. int ret;
  12730. XMEMSET(hash, 0, sizeof(hash));
  12731. XMEMSET(hashCpy, 0, sizeof(hashCpy));
  12732. ret = wc_InitShake256(&shake, HEAP_HINT, testDevId);
  12733. if (ret != 0) {
  12734. return TEST_FAIL;
  12735. }
  12736. ret = wc_InitShake256(&shakeCpy, HEAP_HINT, testDevId);
  12737. if (ret != 0) {
  12738. wc_Shake256_Free(&shake);
  12739. return TEST_FAIL;
  12740. }
  12741. ret = wc_Shake256_Update(&shake, (byte*)msg, msglen);
  12742. if (ret == 0) {
  12743. ret = wc_Shake256_Copy(&shakeCpy, &shake);
  12744. if (ret == 0) {
  12745. ret = wc_Shake256_Final(&shake, hash, hashLen);
  12746. if (ret == 0) {
  12747. ret = wc_Shake256_Final(&shakeCpy, hashCpy, hashLenCpy);
  12748. }
  12749. }
  12750. if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
  12751. ret = WOLFSSL_FATAL_ERROR;
  12752. }
  12753. }
  12754. /* Test bad args. */
  12755. if (ret == 0) {
  12756. ret = wc_Shake256_Copy(NULL, &shake);
  12757. if (ret == BAD_FUNC_ARG) {
  12758. ret = wc_Shake256_Copy(&shakeCpy, NULL);
  12759. }
  12760. if (ret == BAD_FUNC_ARG) {
  12761. ret = 0;
  12762. }
  12763. else if (ret == 0) {
  12764. ret = WOLFSSL_FATAL_ERROR;
  12765. }
  12766. }
  12767. wc_Shake256_Free(&shake);
  12768. res = TEST_RES_CHECK(ret == 0);
  12769. #endif
  12770. return res;
  12771. } /* END test_wc_Shake256_Copy */
  12772. /*
  12773. * Unit test function for wc_Shake256Hash()
  12774. */
  12775. static int test_wc_Shake256Hash(void)
  12776. {
  12777. int res = TEST_SKIPPED;
  12778. #ifdef WOLFSSL_SHAKE256
  12779. const byte data[] = { /* Hello World */
  12780. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  12781. 0x72,0x6c,0x64
  12782. };
  12783. word32 len = sizeof(data);
  12784. byte hash[144];
  12785. word32 hashLen = sizeof(hash);
  12786. int ret;
  12787. ret = wc_Shake256Hash(data, len, hash, hashLen);
  12788. res = TEST_RES_CHECK(ret == 0);
  12789. #endif
  12790. return res;
  12791. } /* END test_wc_Shake256Hash */
  12792. /*
  12793. * Test function for wc_HmacSetKey
  12794. */
  12795. static int test_wc_Md5HmacSetKey(void)
  12796. {
  12797. int res = TEST_SKIPPED;
  12798. #if !defined(NO_HMAC) && !defined(NO_MD5)
  12799. Hmac hmac;
  12800. int ret, times, itr;
  12801. int flag = 0;
  12802. const char* keys[]=
  12803. {
  12804. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
  12805. #ifndef HAVE_FIPS
  12806. "Jefe", /* smaller than minimum FIPS key size */
  12807. #endif
  12808. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  12809. };
  12810. times = sizeof(keys) / sizeof(char*);
  12811. flag = 0;
  12812. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  12813. if (ret != 0)
  12814. return TEST_FAIL;
  12815. for (itr = 0; itr < times; itr++) {
  12816. ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr],
  12817. (word32)XSTRLEN(keys[itr]));
  12818. #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
  12819. wc_HmacFree(&hmac);
  12820. if (ret == BAD_FUNC_ARG) {
  12821. return TEST_SUCCESS;
  12822. }
  12823. else {
  12824. return TEST_FAIL;
  12825. }
  12826. #else
  12827. if (ret != 0) {
  12828. flag = ret;
  12829. }
  12830. #endif
  12831. }
  12832. /* Bad args. */
  12833. if (!flag) {
  12834. ret = wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
  12835. (word32)XSTRLEN(keys[0]));
  12836. if (ret != BAD_FUNC_ARG) {
  12837. flag = WOLFSSL_FATAL_ERROR;
  12838. }
  12839. }
  12840. if (!flag) {
  12841. ret = wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0]));
  12842. if (ret != BAD_FUNC_ARG) {
  12843. flag = WOLFSSL_FATAL_ERROR;
  12844. }
  12845. }
  12846. if (!flag) {
  12847. ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
  12848. (word32)XSTRLEN(keys[0]));
  12849. if (ret != BAD_FUNC_ARG) {
  12850. flag = WOLFSSL_FATAL_ERROR;
  12851. }
  12852. }
  12853. if (!flag) {
  12854. ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
  12855. #ifdef HAVE_FIPS
  12856. if (ret != HMAC_MIN_KEYLEN_E) {
  12857. flag = WOLFSSL_FATAL_ERROR;
  12858. }
  12859. #else
  12860. if (ret != 0) {
  12861. flag = WOLFSSL_FATAL_ERROR;
  12862. }
  12863. #endif
  12864. }
  12865. wc_HmacFree(&hmac);
  12866. res = TEST_RES_CHECK(flag == 0);
  12867. #endif
  12868. return res;
  12869. } /* END test_wc_Md5HmacSetKey */
  12870. /*
  12871. * testing wc_HmacSetKey() on wc_Sha hash.
  12872. */
  12873. static int test_wc_ShaHmacSetKey(void)
  12874. {
  12875. int res = TEST_SKIPPED;
  12876. #if !defined(NO_HMAC) && !defined(NO_SHA)
  12877. Hmac hmac;
  12878. int ret, times, itr;
  12879. int flag = 0;
  12880. const char* keys[]=
  12881. {
  12882. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  12883. "\x0b\x0b\x0b",
  12884. #ifndef HAVE_FIPS
  12885. "Jefe", /* smaller than minimum FIPS key size */
  12886. #endif
  12887. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  12888. "\xAA\xAA\xAA"
  12889. };
  12890. times = sizeof(keys) / sizeof(char*);
  12891. flag = 0;
  12892. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  12893. if (ret != 0)
  12894. return ret;
  12895. for (itr = 0; itr < times; itr++) {
  12896. ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr],
  12897. (word32)XSTRLEN(keys[itr]));
  12898. if (ret != 0) {
  12899. flag = ret;
  12900. }
  12901. }
  12902. /* Bad args. */
  12903. if (!flag) {
  12904. ret = wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
  12905. (word32)XSTRLEN(keys[0]));
  12906. if (ret != BAD_FUNC_ARG) {
  12907. flag = WOLFSSL_FATAL_ERROR;
  12908. }
  12909. }
  12910. if (!flag) {
  12911. ret = wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0]));
  12912. if (ret != BAD_FUNC_ARG) {
  12913. flag = WOLFSSL_FATAL_ERROR;
  12914. }
  12915. }
  12916. if (!flag) {
  12917. ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
  12918. (word32)XSTRLEN(keys[0]));
  12919. if (ret != BAD_FUNC_ARG) {
  12920. flag = WOLFSSL_FATAL_ERROR;
  12921. }
  12922. }
  12923. if (!flag) {
  12924. ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
  12925. #ifdef HAVE_FIPS
  12926. if (ret != HMAC_MIN_KEYLEN_E) {
  12927. flag = WOLFSSL_FATAL_ERROR;
  12928. }
  12929. #else
  12930. if (ret != 0) {
  12931. flag = WOLFSSL_FATAL_ERROR;
  12932. }
  12933. #endif
  12934. }
  12935. wc_HmacFree(&hmac);
  12936. res = TEST_RES_CHECK(flag == 0);
  12937. #endif
  12938. return res;
  12939. } /* END test_wc_ShaHmacSetKey() */
  12940. /*
  12941. * testing wc_HmacSetKey() on Sha224 hash.
  12942. */
  12943. static int test_wc_Sha224HmacSetKey(void)
  12944. {
  12945. int res = TEST_SKIPPED;
  12946. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
  12947. Hmac hmac;
  12948. int ret, times, itr;
  12949. int flag = 0;
  12950. const char* keys[]=
  12951. {
  12952. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  12953. "\x0b\x0b\x0b",
  12954. #ifndef HAVE_FIPS
  12955. "Jefe", /* smaller than minimum FIPS key size */
  12956. #endif
  12957. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  12958. "\xAA\xAA\xAA"
  12959. };
  12960. times = sizeof(keys) / sizeof(char*);
  12961. flag = 0;
  12962. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  12963. if (ret != 0)
  12964. return ret;
  12965. for (itr = 0; itr < times; itr++) {
  12966. ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr],
  12967. (word32)XSTRLEN(keys[itr]));
  12968. if (ret != 0) {
  12969. flag = ret;
  12970. }
  12971. }
  12972. /* Bad args. */
  12973. if (!flag) {
  12974. ret = wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
  12975. (word32)XSTRLEN(keys[0]));
  12976. if (ret != BAD_FUNC_ARG) {
  12977. flag = WOLFSSL_FATAL_ERROR;
  12978. }
  12979. }
  12980. if (!flag) {
  12981. ret = wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0]));
  12982. if (ret != BAD_FUNC_ARG) {
  12983. flag = WOLFSSL_FATAL_ERROR;
  12984. }
  12985. }
  12986. if (!flag) {
  12987. ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
  12988. (word32)XSTRLEN(keys[0]));
  12989. if (ret != BAD_FUNC_ARG) {
  12990. flag = WOLFSSL_FATAL_ERROR;
  12991. }
  12992. }
  12993. if (!flag) {
  12994. ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
  12995. #ifdef HAVE_FIPS
  12996. if (ret != HMAC_MIN_KEYLEN_E) {
  12997. flag = WOLFSSL_FATAL_ERROR;
  12998. }
  12999. #else
  13000. if (ret != 0) {
  13001. flag = WOLFSSL_FATAL_ERROR;
  13002. }
  13003. #endif
  13004. }
  13005. wc_HmacFree(&hmac);
  13006. res = TEST_RES_CHECK(flag == 0);
  13007. #endif
  13008. return res;
  13009. } /* END test_wc_Sha224HmacSetKey() */
  13010. /*
  13011. * testing wc_HmacSetKey() on Sha256 hash
  13012. */
  13013. static int test_wc_Sha256HmacSetKey(void)
  13014. {
  13015. int res = TEST_SKIPPED;
  13016. #if !defined(NO_HMAC) && !defined(NO_SHA256)
  13017. Hmac hmac;
  13018. int ret, times, itr;
  13019. int flag = 0;
  13020. const char* keys[]=
  13021. {
  13022. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  13023. "\x0b\x0b\x0b",
  13024. #ifndef HAVE_FIPS
  13025. "Jefe", /* smaller than minimum FIPS key size */
  13026. #endif
  13027. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  13028. "\xAA\xAA\xAA"
  13029. };
  13030. times = sizeof(keys) / sizeof(char*);
  13031. flag = 0;
  13032. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13033. if (ret != 0)
  13034. return ret;
  13035. for (itr = 0; itr < times; itr++) {
  13036. ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr],
  13037. (word32)XSTRLEN(keys[itr]));
  13038. if (ret != 0) {
  13039. flag = ret;
  13040. }
  13041. }
  13042. /* Bad args. */
  13043. if (!flag) {
  13044. ret = wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
  13045. (word32)XSTRLEN(keys[0]));
  13046. if (ret != BAD_FUNC_ARG) {
  13047. flag = WOLFSSL_FATAL_ERROR;
  13048. }
  13049. }
  13050. if (!flag) {
  13051. ret = wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0]));
  13052. if (ret != BAD_FUNC_ARG) {
  13053. flag = WOLFSSL_FATAL_ERROR;
  13054. }
  13055. }
  13056. if (!flag) {
  13057. ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
  13058. (word32)XSTRLEN(keys[0]));
  13059. if (ret != BAD_FUNC_ARG) {
  13060. flag = WOLFSSL_FATAL_ERROR;
  13061. }
  13062. }
  13063. if (!flag) {
  13064. ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
  13065. #ifdef HAVE_FIPS
  13066. if (ret != HMAC_MIN_KEYLEN_E) {
  13067. flag = WOLFSSL_FATAL_ERROR;
  13068. }
  13069. #else
  13070. if (ret != 0) {
  13071. flag = WOLFSSL_FATAL_ERROR;
  13072. }
  13073. #endif
  13074. }
  13075. wc_HmacFree(&hmac);
  13076. res = TEST_RES_CHECK(flag == 0);
  13077. #endif
  13078. return res;
  13079. } /* END test_wc_Sha256HmacSetKey() */
  13080. /*
  13081. * testing wc_HmacSetKey on Sha384 hash.
  13082. */
  13083. static int test_wc_Sha384HmacSetKey(void)
  13084. {
  13085. int res = TEST_SKIPPED;
  13086. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
  13087. Hmac hmac;
  13088. int ret, times, itr;
  13089. int flag = 0;
  13090. const char* keys[]=
  13091. {
  13092. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  13093. "\x0b\x0b\x0b",
  13094. #ifndef HAVE_FIPS
  13095. "Jefe", /* smaller than minimum FIPS key size */
  13096. #endif
  13097. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  13098. "\xAA\xAA\xAA"
  13099. };
  13100. times = sizeof(keys) / sizeof(char*);
  13101. flag = 0;
  13102. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13103. if (ret != 0)
  13104. return ret;
  13105. for (itr = 0; itr < times; itr++) {
  13106. ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr],
  13107. (word32)XSTRLEN(keys[itr]));
  13108. if (ret != 0) {
  13109. flag = ret;
  13110. }
  13111. }
  13112. /* Bad args. */
  13113. if (!flag) {
  13114. ret = wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
  13115. (word32)XSTRLEN(keys[0]));
  13116. if (ret != BAD_FUNC_ARG) {
  13117. flag = WOLFSSL_FATAL_ERROR;
  13118. }
  13119. }
  13120. if (!flag) {
  13121. ret = wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0]));
  13122. if (ret != BAD_FUNC_ARG) {
  13123. flag = WOLFSSL_FATAL_ERROR;
  13124. }
  13125. }
  13126. if (!flag) {
  13127. ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
  13128. (word32)XSTRLEN(keys[0]));
  13129. if (ret != BAD_FUNC_ARG) {
  13130. flag = WOLFSSL_FATAL_ERROR;
  13131. }
  13132. }
  13133. if (!flag) {
  13134. ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
  13135. #ifdef HAVE_FIPS
  13136. if (ret != HMAC_MIN_KEYLEN_E) {
  13137. flag = WOLFSSL_FATAL_ERROR;
  13138. }
  13139. #else
  13140. if (ret != 0) {
  13141. flag = WOLFSSL_FATAL_ERROR;
  13142. }
  13143. #endif
  13144. }
  13145. wc_HmacFree(&hmac);
  13146. res = TEST_RES_CHECK(flag == 0);
  13147. #endif
  13148. return res;
  13149. } /* END test_wc_Sha384HmacSetKey() */
  13150. /*
  13151. * testing wc_HmacUpdate on wc_Md5 hash.
  13152. */
  13153. static int test_wc_Md5HmacUpdate(void)
  13154. {
  13155. int res = TEST_SKIPPED;
  13156. #if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5))
  13157. Hmac hmac;
  13158. testVector a, b;
  13159. int ret;
  13160. int flag = 0;
  13161. #ifdef HAVE_FIPS
  13162. const char* keys =
  13163. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  13164. #else
  13165. const char* keys = "Jefe";
  13166. #endif
  13167. a.input = "what do ya want for nothing?";
  13168. a.inLen = XSTRLEN(a.input);
  13169. b.input = "Hi There";
  13170. b.inLen = XSTRLEN(b.input);
  13171. flag = 0;
  13172. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13173. if (ret != 0)
  13174. return ret;
  13175. ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, (word32)XSTRLEN(keys));
  13176. if (ret != 0) {
  13177. flag = ret;
  13178. }
  13179. if (!flag) {
  13180. ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
  13181. if (ret != 0) {
  13182. flag = ret;
  13183. }
  13184. }
  13185. /* Update Hmac. */
  13186. if (!flag) {
  13187. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  13188. if (ret != 0) {
  13189. flag = ret;
  13190. }
  13191. }
  13192. /* Test bad args. */
  13193. if (!flag) {
  13194. ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  13195. if (ret != BAD_FUNC_ARG) {
  13196. flag = WOLFSSL_FATAL_ERROR;
  13197. }
  13198. }
  13199. if (!flag) {
  13200. ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
  13201. if (ret != BAD_FUNC_ARG) {
  13202. flag = WOLFSSL_FATAL_ERROR;
  13203. }
  13204. }
  13205. if (!flag) {
  13206. ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
  13207. if (ret != 0) {
  13208. flag = ret;
  13209. }
  13210. }
  13211. wc_HmacFree(&hmac);
  13212. res = TEST_RES_CHECK(flag == 0);
  13213. #endif
  13214. return res;
  13215. } /* END test_wc_Md5HmacUpdate */
  13216. /*
  13217. * testing wc_HmacUpdate on SHA hash.
  13218. */
  13219. static int test_wc_ShaHmacUpdate(void)
  13220. {
  13221. int res = TEST_SKIPPED;
  13222. #if !defined(NO_HMAC) && !defined(NO_SHA)
  13223. Hmac hmac;
  13224. testVector a, b;
  13225. int ret;
  13226. int flag = 0;
  13227. #ifdef HAVE_FIPS
  13228. const char* keys =
  13229. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  13230. #else
  13231. const char* keys = "Jefe";
  13232. #endif
  13233. a.input = "what do ya want for nothing?";
  13234. a.inLen = XSTRLEN(a.input);
  13235. b.input = "Hi There";
  13236. b.inLen = XSTRLEN(b.input);
  13237. flag = 0;
  13238. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13239. if (ret != 0)
  13240. return ret;
  13241. ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, (word32)XSTRLEN(keys));
  13242. if (ret != 0) {
  13243. flag = ret;
  13244. }
  13245. if (!flag) {
  13246. ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
  13247. if (ret != 0) {
  13248. flag = ret;
  13249. }
  13250. }
  13251. /* Update Hmac. */
  13252. if (!flag) {
  13253. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  13254. if (ret != 0) {
  13255. flag = ret;
  13256. }
  13257. }
  13258. /* Test bad args. */
  13259. if (!flag) {
  13260. ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  13261. if (ret != BAD_FUNC_ARG) {
  13262. flag = WOLFSSL_FATAL_ERROR;
  13263. }
  13264. }
  13265. if (!flag) {
  13266. ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
  13267. if (ret != BAD_FUNC_ARG) {
  13268. flag = WOLFSSL_FATAL_ERROR;
  13269. }
  13270. }
  13271. if (!flag) {
  13272. ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
  13273. if (ret != 0) {
  13274. flag = ret;
  13275. }
  13276. }
  13277. wc_HmacFree(&hmac);
  13278. res = TEST_RES_CHECK(flag == 0);
  13279. #endif
  13280. return res;
  13281. } /* END test_wc_ShaHmacUpdate */
  13282. /*
  13283. * testing wc_HmacUpdate on SHA224 hash.
  13284. */
  13285. static int test_wc_Sha224HmacUpdate(void)
  13286. {
  13287. int res = TEST_SKIPPED;
  13288. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
  13289. Hmac hmac;
  13290. testVector a, b;
  13291. int ret;
  13292. int flag = 0;
  13293. #ifdef HAVE_FIPS
  13294. const char* keys =
  13295. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  13296. #else
  13297. const char* keys = "Jefe";
  13298. #endif
  13299. a.input = "what do ya want for nothing?";
  13300. a.inLen = XSTRLEN(a.input);
  13301. b.input = "Hi There";
  13302. b.inLen = XSTRLEN(b.input);
  13303. flag = 0;
  13304. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13305. if (ret != 0)
  13306. return ret;
  13307. ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, (word32)XSTRLEN(keys));
  13308. if (ret != 0) {
  13309. flag = ret;
  13310. }
  13311. if (!flag) {
  13312. ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
  13313. if (ret != 0) {
  13314. flag = ret;
  13315. }
  13316. }
  13317. /* Update Hmac. */
  13318. if (!flag) {
  13319. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  13320. if (ret != 0) {
  13321. flag = ret;
  13322. }
  13323. }
  13324. /* Test bad args. */
  13325. if (!flag) {
  13326. ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  13327. if (ret != BAD_FUNC_ARG) {
  13328. flag = WOLFSSL_FATAL_ERROR;
  13329. }
  13330. }
  13331. if (!flag) {
  13332. ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
  13333. if (ret != BAD_FUNC_ARG) {
  13334. flag = WOLFSSL_FATAL_ERROR;
  13335. }
  13336. }
  13337. if (!flag) {
  13338. ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
  13339. if (ret != 0) {
  13340. flag = ret;
  13341. }
  13342. }
  13343. wc_HmacFree(&hmac);
  13344. res = TEST_RES_CHECK(flag == 0);
  13345. #endif
  13346. return res;
  13347. } /* END test_wc_Sha224HmacUpdate */
  13348. /*
  13349. * testing wc_HmacUpdate on SHA256 hash.
  13350. */
  13351. static int test_wc_Sha256HmacUpdate(void)
  13352. {
  13353. int res = TEST_SKIPPED;
  13354. #if !defined(NO_HMAC) && !defined(NO_SHA256)
  13355. Hmac hmac;
  13356. testVector a, b;
  13357. int ret;
  13358. int flag = 0;
  13359. #ifdef HAVE_FIPS
  13360. const char* keys =
  13361. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  13362. #else
  13363. const char* keys = "Jefe";
  13364. #endif
  13365. a.input = "what do ya want for nothing?";
  13366. a.inLen = XSTRLEN(a.input);
  13367. b.input = "Hi There";
  13368. b.inLen = XSTRLEN(b.input);
  13369. flag = 0;
  13370. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13371. if (ret != 0)
  13372. return ret;
  13373. ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, (word32)XSTRLEN(keys));
  13374. if (ret != 0) {
  13375. flag = ret;
  13376. }
  13377. if (!flag) {
  13378. ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
  13379. if (ret != 0) {
  13380. flag = ret;
  13381. }
  13382. }
  13383. /* Update Hmac. */
  13384. if (!flag) {
  13385. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  13386. if (ret != 0) {
  13387. flag = ret;
  13388. }
  13389. }
  13390. /* Test bad args. */
  13391. if (!flag) {
  13392. ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  13393. if (ret != BAD_FUNC_ARG) {
  13394. flag = WOLFSSL_FATAL_ERROR;
  13395. }
  13396. }
  13397. if (!flag) {
  13398. ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
  13399. if (ret != BAD_FUNC_ARG) {
  13400. flag = WOLFSSL_FATAL_ERROR;
  13401. }
  13402. }
  13403. if (!flag) {
  13404. ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
  13405. if (ret != 0) {
  13406. flag = ret;
  13407. }
  13408. }
  13409. wc_HmacFree(&hmac);
  13410. res = TEST_RES_CHECK(flag == 0);
  13411. #endif
  13412. return res;
  13413. } /* END test_wc_Sha256HmacUpdate */
  13414. /*
  13415. * testing wc_HmacUpdate on SHA384 hash.
  13416. */
  13417. static int test_wc_Sha384HmacUpdate(void)
  13418. {
  13419. int res = TEST_SKIPPED;
  13420. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
  13421. Hmac hmac;
  13422. testVector a, b;
  13423. int ret;
  13424. int flag = 0;
  13425. #ifdef HAVE_FIPS
  13426. const char* keys =
  13427. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  13428. #else
  13429. const char* keys = "Jefe";
  13430. #endif
  13431. a.input = "what do ya want for nothing?";
  13432. a.inLen = XSTRLEN(a.input);
  13433. b.input = "Hi There";
  13434. b.inLen = XSTRLEN(b.input);
  13435. flag = 0;
  13436. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13437. if (ret != 0)
  13438. return ret;
  13439. ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, (word32)XSTRLEN(keys));
  13440. if (ret != 0) {
  13441. flag = ret;
  13442. }
  13443. if (!flag) {
  13444. ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
  13445. if (ret != 0) {
  13446. flag = ret;
  13447. }
  13448. }
  13449. /* Update Hmac. */
  13450. if (!flag) {
  13451. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  13452. if (ret != 0) {
  13453. flag = ret;
  13454. }
  13455. }
  13456. /* Test bad args. */
  13457. if (!flag) {
  13458. ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  13459. if (ret != BAD_FUNC_ARG) {
  13460. flag = WOLFSSL_FATAL_ERROR;
  13461. }
  13462. }
  13463. if (!flag) {
  13464. ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
  13465. if (ret != BAD_FUNC_ARG) {
  13466. flag = WOLFSSL_FATAL_ERROR;
  13467. }
  13468. }
  13469. if (!flag) {
  13470. ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
  13471. if (ret != 0) {
  13472. flag = ret;
  13473. }
  13474. }
  13475. wc_HmacFree(&hmac);
  13476. res = TEST_RES_CHECK(flag == 0);
  13477. #endif
  13478. return res;
  13479. } /* END test_wc_Sha384HmacUpdate */
  13480. /*
  13481. * Testing wc_HmacFinal() with MD5
  13482. */
  13483. static int test_wc_Md5HmacFinal(void)
  13484. {
  13485. int res = TEST_SKIPPED;
  13486. #if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5))
  13487. Hmac hmac;
  13488. byte hash[WC_MD5_DIGEST_SIZE];
  13489. testVector a;
  13490. int ret;
  13491. const char* key;
  13492. int flag = 0;
  13493. key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  13494. a.input = "Hi There";
  13495. a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
  13496. "\x9d";
  13497. a.inLen = XSTRLEN(a.input);
  13498. a.outLen = XSTRLEN(a.output);
  13499. flag = 0;
  13500. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13501. if (ret != 0)
  13502. return ret;
  13503. ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key));
  13504. if (ret != 0) {
  13505. flag = ret;
  13506. }
  13507. if (!flag) {
  13508. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  13509. if (ret != 0) {
  13510. flag = ret;
  13511. }
  13512. }
  13513. if (!flag) {
  13514. ret = wc_HmacFinal(&hmac, hash);
  13515. if (ret != 0) {
  13516. flag = ret;
  13517. }
  13518. }
  13519. if (!flag) {
  13520. if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
  13521. flag = WOLFSSL_FATAL_ERROR;
  13522. }
  13523. }
  13524. /* Try bad parameters. */
  13525. if (!flag) {
  13526. ret = wc_HmacFinal(NULL, hash);
  13527. if (ret != BAD_FUNC_ARG) {
  13528. flag = WOLFSSL_FATAL_ERROR;
  13529. }
  13530. }
  13531. #ifndef HAVE_FIPS
  13532. if (!flag) {
  13533. ret = wc_HmacFinal(&hmac, NULL);
  13534. if (ret != BAD_FUNC_ARG) {
  13535. flag = WOLFSSL_FATAL_ERROR;
  13536. }
  13537. }
  13538. #endif
  13539. wc_HmacFree(&hmac);
  13540. res = TEST_RES_CHECK(flag == 0);
  13541. #endif
  13542. return res;
  13543. } /* END test_wc_Md5HmacFinal */
  13544. /*
  13545. * Testing wc_HmacFinal() with SHA
  13546. */
  13547. static int test_wc_ShaHmacFinal(void)
  13548. {
  13549. int res = TEST_SKIPPED;
  13550. #if !defined(NO_HMAC) && !defined(NO_SHA)
  13551. Hmac hmac;
  13552. byte hash[WC_SHA_DIGEST_SIZE];
  13553. testVector a;
  13554. int ret;
  13555. int flag = 0;
  13556. const char* key;
  13557. key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  13558. "\x0b\x0b\x0b";
  13559. a.input = "Hi There";
  13560. a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
  13561. "\x8e\xf1\x46\xbe\x00";
  13562. a.inLen = XSTRLEN(a.input);
  13563. a.outLen = XSTRLEN(a.output);
  13564. flag = 0;
  13565. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13566. if (ret != 0)
  13567. return ret;
  13568. ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key));
  13569. if (ret != 0) {
  13570. flag = ret;
  13571. }
  13572. if (!flag) {
  13573. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  13574. if (ret != 0) {
  13575. flag = ret;
  13576. }
  13577. }
  13578. if (!flag) {
  13579. ret = wc_HmacFinal(&hmac, hash);
  13580. if (ret != 0) {
  13581. flag = ret;
  13582. }
  13583. }
  13584. if (!flag) {
  13585. if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
  13586. flag = WOLFSSL_FATAL_ERROR;
  13587. }
  13588. }
  13589. /* Try bad parameters. */
  13590. if (!flag) {
  13591. ret = wc_HmacFinal(NULL, hash);
  13592. if (ret != BAD_FUNC_ARG) {
  13593. flag = WOLFSSL_FATAL_ERROR;
  13594. }
  13595. }
  13596. #ifndef HAVE_FIPS
  13597. if (!flag) {
  13598. ret = wc_HmacFinal(&hmac, NULL);
  13599. if (ret != BAD_FUNC_ARG) {
  13600. flag = WOLFSSL_FATAL_ERROR;
  13601. }
  13602. }
  13603. #endif
  13604. wc_HmacFree(&hmac);
  13605. res = TEST_RES_CHECK(flag == 0);
  13606. #endif
  13607. return res;
  13608. } /* END test_wc_ShaHmacFinal */
  13609. /*
  13610. * Testing wc_HmacFinal() with SHA224
  13611. */
  13612. static int test_wc_Sha224HmacFinal(void)
  13613. {
  13614. int res = TEST_SKIPPED;
  13615. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
  13616. Hmac hmac;
  13617. byte hash[WC_SHA224_DIGEST_SIZE];
  13618. testVector a;
  13619. int ret;
  13620. int flag = 0;
  13621. const char* key;
  13622. key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  13623. "\x0b\x0b\x0b";
  13624. a.input = "Hi There";
  13625. a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
  13626. "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
  13627. a.inLen = XSTRLEN(a.input);
  13628. a.outLen = XSTRLEN(a.output);
  13629. flag = 0;
  13630. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13631. if (ret != 0)
  13632. return ret;
  13633. ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key, (word32)XSTRLEN(key));
  13634. if (ret != 0) {
  13635. flag = ret;
  13636. }
  13637. if (!flag) {
  13638. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  13639. if (ret != 0) {
  13640. flag = ret;
  13641. }
  13642. }
  13643. if (!flag) {
  13644. ret = wc_HmacFinal(&hmac, hash);
  13645. if (ret != 0) {
  13646. flag = ret;
  13647. }
  13648. }
  13649. if (!flag) {
  13650. if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
  13651. flag = WOLFSSL_FATAL_ERROR;
  13652. }
  13653. }
  13654. /* Try bad parameters. */
  13655. if (!flag) {
  13656. ret = wc_HmacFinal(NULL, hash);
  13657. if (ret != BAD_FUNC_ARG) {
  13658. flag = WOLFSSL_FATAL_ERROR;
  13659. }
  13660. }
  13661. #ifndef HAVE_FIPS
  13662. if (!flag) {
  13663. ret = wc_HmacFinal(&hmac, NULL);
  13664. if (ret != BAD_FUNC_ARG) {
  13665. flag = WOLFSSL_FATAL_ERROR;
  13666. }
  13667. }
  13668. #endif
  13669. wc_HmacFree(&hmac);
  13670. res = TEST_RES_CHECK(flag == 0);
  13671. #endif
  13672. return res;
  13673. } /* END test_wc_Sha224HmacFinal */
  13674. /*
  13675. * Testing wc_HmacFinal() with SHA256
  13676. */
  13677. static int test_wc_Sha256HmacFinal(void)
  13678. {
  13679. int res = TEST_SKIPPED;
  13680. #if !defined(NO_HMAC) && !defined(NO_SHA256)
  13681. Hmac hmac;
  13682. byte hash[WC_SHA256_DIGEST_SIZE];
  13683. testVector a;
  13684. int ret;
  13685. int flag = 0;
  13686. const char* key;
  13687. key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  13688. "\x0b\x0b\x0b";
  13689. a.input = "Hi There";
  13690. a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
  13691. "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
  13692. "\xcf\xf7";
  13693. a.inLen = XSTRLEN(a.input);
  13694. a.outLen = XSTRLEN(a.output);
  13695. flag = 0;
  13696. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13697. if (ret != 0)
  13698. return TEST_FAIL;
  13699. ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key, (word32)XSTRLEN(key));
  13700. if (ret != 0) {
  13701. flag = ret;
  13702. }
  13703. if (!flag) {
  13704. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  13705. if (ret != 0) {
  13706. flag = ret;
  13707. }
  13708. }
  13709. if (!flag) {
  13710. ret = wc_HmacFinal(&hmac, hash);
  13711. if (ret != 0) {
  13712. flag = ret;
  13713. }
  13714. }
  13715. if (!flag) {
  13716. if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
  13717. flag = WOLFSSL_FATAL_ERROR;
  13718. }
  13719. }
  13720. /* Try bad parameters. */
  13721. if (!flag) {
  13722. ret = wc_HmacFinal(NULL, hash);
  13723. if (ret != BAD_FUNC_ARG) {
  13724. flag = WOLFSSL_FATAL_ERROR;
  13725. }
  13726. }
  13727. #ifndef HAVE_FIPS
  13728. if (!flag) {
  13729. ret = wc_HmacFinal(&hmac, NULL);
  13730. if (ret != BAD_FUNC_ARG) {
  13731. flag = WOLFSSL_FATAL_ERROR;
  13732. }
  13733. }
  13734. #endif
  13735. wc_HmacFree(&hmac);
  13736. res = TEST_RES_CHECK(flag == 0);
  13737. #endif
  13738. return res;
  13739. } /* END test_wc_Sha256HmacFinal */
  13740. /*
  13741. * Testing wc_HmacFinal() with SHA384
  13742. */
  13743. static int test_wc_Sha384HmacFinal(void)
  13744. {
  13745. int res = TEST_SKIPPED;
  13746. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
  13747. Hmac hmac;
  13748. byte hash[WC_SHA384_DIGEST_SIZE];
  13749. testVector a;
  13750. int ret;
  13751. int flag = 0;
  13752. const char* key;
  13753. key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  13754. "\x0b\x0b\x0b";
  13755. a.input = "Hi There";
  13756. a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
  13757. "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
  13758. "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
  13759. "\xfa\x9c\xb6";
  13760. a.inLen = XSTRLEN(a.input);
  13761. a.outLen = XSTRLEN(a.output);
  13762. flag = 0;
  13763. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  13764. if (ret != 0)
  13765. return ret;
  13766. ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key, (word32)XSTRLEN(key));
  13767. if (ret != 0) {
  13768. flag = ret;
  13769. }
  13770. if (!flag) {
  13771. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  13772. if (ret != 0) {
  13773. flag = ret;
  13774. }
  13775. }
  13776. if (!flag) {
  13777. ret = wc_HmacFinal(&hmac, hash);
  13778. if (ret != 0) {
  13779. flag = ret;
  13780. }
  13781. }
  13782. if (!flag) {
  13783. if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
  13784. flag = WOLFSSL_FATAL_ERROR;
  13785. }
  13786. }
  13787. /* Try bad parameters. */
  13788. if (!flag) {
  13789. ret = wc_HmacFinal(NULL, hash);
  13790. if (ret != BAD_FUNC_ARG) {
  13791. flag = WOLFSSL_FATAL_ERROR;
  13792. }
  13793. }
  13794. #ifndef HAVE_FIPS
  13795. if (!flag) {
  13796. ret = wc_HmacFinal(&hmac, NULL);
  13797. if (ret != BAD_FUNC_ARG) {
  13798. flag = WOLFSSL_FATAL_ERROR;
  13799. }
  13800. }
  13801. #endif
  13802. wc_HmacFree(&hmac);
  13803. res = TEST_RES_CHECK(flag == 0);
  13804. #endif
  13805. return res;
  13806. } /* END test_wc_Sha384HmacFinal */
  13807. /*
  13808. * Testing wc_InitCmac()
  13809. */
  13810. static int test_wc_InitCmac(void)
  13811. {
  13812. int res = TEST_SKIPPED;
  13813. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  13814. Cmac cmac1, cmac2, cmac3;
  13815. /* AES 128 key. */
  13816. byte key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
  13817. "\x09\x10\x11\x12\x13\x14\x15\x16";
  13818. /* AES 192 key. */
  13819. byte key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
  13820. "\x09\x01\x11\x12\x13\x14\x15\x16"
  13821. "\x01\x02\x03\x04\x05\x06\x07\x08";
  13822. /* AES 256 key. */
  13823. byte key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
  13824. "\x09\x01\x11\x12\x13\x14\x15\x16"
  13825. "\x01\x02\x03\x04\x05\x06\x07\x08"
  13826. "\x09\x01\x11\x12\x13\x14\x15\x16";
  13827. word32 key1Sz = (word32)sizeof(key1) - 1;
  13828. word32 key2Sz = (word32)sizeof(key2) - 1;
  13829. word32 key3Sz = (word32)sizeof(key3) - 1;
  13830. int type = WC_CMAC_AES;
  13831. int ret = 0;
  13832. #ifdef WOLFSSL_AES_128
  13833. ret = wc_InitCmac(&cmac1, key1, key1Sz, type, NULL);
  13834. #endif
  13835. #ifdef WOLFSSL_AES_192
  13836. if (ret == 0) {
  13837. wc_AesFree(&cmac1.aes);
  13838. ret = wc_InitCmac(&cmac2, key2, key2Sz, type, NULL);
  13839. }
  13840. #endif
  13841. #ifdef WOLFSSL_AES_256
  13842. if (ret == 0) {
  13843. wc_AesFree(&cmac2.aes);
  13844. ret = wc_InitCmac(&cmac3, key3, key3Sz, type, NULL);
  13845. }
  13846. #endif
  13847. /* Test bad args. */
  13848. if (ret == 0) {
  13849. wc_AesFree(&cmac3.aes);
  13850. ret = wc_InitCmac(NULL, key3, key3Sz, type, NULL);
  13851. if (ret == BAD_FUNC_ARG) {
  13852. ret = wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL);
  13853. }
  13854. if (ret == BAD_FUNC_ARG) {
  13855. ret = wc_InitCmac(&cmac3, key3, 0, type, NULL);
  13856. }
  13857. if (ret == BAD_FUNC_ARG) {
  13858. ret = wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL);
  13859. }
  13860. if (ret == BAD_FUNC_ARG) {
  13861. ret = 0;
  13862. }
  13863. else {
  13864. ret = WOLFSSL_FATAL_ERROR;
  13865. }
  13866. }
  13867. (void)key1;
  13868. (void)key1Sz;
  13869. (void)key2;
  13870. (void)key2Sz;
  13871. (void)cmac1;
  13872. (void)cmac2;
  13873. res = TEST_RES_CHECK(ret == 0);
  13874. #endif
  13875. return res;
  13876. } /* END test_wc_InitCmac */
  13877. /*
  13878. * Testing wc_CmacUpdate()
  13879. */
  13880. static int test_wc_CmacUpdate(void)
  13881. {
  13882. int res = TEST_SKIPPED;
  13883. #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
  13884. Cmac cmac;
  13885. byte key[] =
  13886. {
  13887. 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
  13888. 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
  13889. };
  13890. byte in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64"
  13891. "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17"
  13892. "\xb3\x78\xcf\x85\x22\x41\x74\xd9"
  13893. "\xa0\x97\x39\x71\x62\xf1\x8e\x8f"
  13894. "\xf4";
  13895. word32 inSz = (word32)sizeof(in) - 1;
  13896. word32 keySz = (word32)sizeof(key);
  13897. int type = WC_CMAC_AES;
  13898. int ret = 0;
  13899. ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
  13900. if (ret != 0) {
  13901. return ret;
  13902. }
  13903. ret = wc_CmacUpdate(&cmac, in, inSz);
  13904. /* Test bad args. */
  13905. if (ret == 0) {
  13906. ret = wc_CmacUpdate(NULL, in, inSz);
  13907. if (ret == BAD_FUNC_ARG) {
  13908. ret = wc_CmacUpdate(&cmac, NULL, 30);
  13909. }
  13910. if (ret == BAD_FUNC_ARG) {
  13911. ret = 0;
  13912. }
  13913. else if (ret == 0) {
  13914. ret = WOLFSSL_FATAL_ERROR;
  13915. }
  13916. wc_AesFree(&cmac.aes);
  13917. }
  13918. res = TEST_RES_CHECK(ret == 0);
  13919. #endif
  13920. return res;
  13921. } /* END test_wc_CmacUpdate */
  13922. /*
  13923. * Testing wc_CmacFinal()
  13924. */
  13925. static int test_wc_CmacFinal(void)
  13926. {
  13927. int res = TEST_SKIPPED;
  13928. #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
  13929. Cmac cmac;
  13930. byte key[] =
  13931. {
  13932. 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
  13933. 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
  13934. };
  13935. byte msg[] =
  13936. {
  13937. 0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64,
  13938. 0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17,
  13939. 0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9,
  13940. 0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f,
  13941. 0xf4
  13942. };
  13943. /* Test vectors from CMACGenAES128.rsp from
  13944. * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac
  13945. * Per RFC4493 truncation of lsb is possible.
  13946. */
  13947. byte expMac[] =
  13948. {
  13949. 0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae,
  13950. 0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb
  13951. };
  13952. byte mac[AES_BLOCK_SIZE];
  13953. word32 msgSz = (word32)sizeof(msg);
  13954. word32 keySz = (word32)sizeof(key);
  13955. word32 macSz = sizeof(mac);
  13956. word32 badMacSz = 17;
  13957. int expMacSz = sizeof(expMac);
  13958. int type = WC_CMAC_AES;
  13959. int ret = 0;
  13960. XMEMSET(mac, 0, macSz);
  13961. ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
  13962. if (ret != 0) {
  13963. return ret;
  13964. }
  13965. ret = wc_CmacUpdate(&cmac, msg, msgSz);
  13966. if (ret == 0) {
  13967. ret = wc_CmacFinal(&cmac, mac, &macSz);
  13968. if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
  13969. ret = WOLFSSL_FATAL_ERROR;
  13970. }
  13971. /* Pass in bad args. */
  13972. if (ret == 0) {
  13973. ret = wc_CmacFinal(NULL, mac, &macSz);
  13974. if (ret == BAD_FUNC_ARG) {
  13975. ret = wc_CmacFinal(&cmac, NULL, &macSz);
  13976. }
  13977. if (ret == BAD_FUNC_ARG) {
  13978. ret = wc_CmacFinal(&cmac, mac, &badMacSz);
  13979. if (ret == BUFFER_E) {
  13980. ret = 0;
  13981. }
  13982. }
  13983. else if (ret == 0) {
  13984. ret = WOLFSSL_FATAL_ERROR;
  13985. }
  13986. }
  13987. }
  13988. res = TEST_RES_CHECK(ret == 0);
  13989. #endif
  13990. return res;
  13991. } /* END test_wc_CmacFinal */
  13992. /*
  13993. * Testing wc_AesCmacGenerate() && wc_AesCmacVerify()
  13994. */
  13995. static int test_wc_AesCmacGenerate(void)
  13996. {
  13997. int res = TEST_SKIPPED;
  13998. #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
  13999. Cmac cmac;
  14000. byte key[] =
  14001. {
  14002. 0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e,
  14003. 0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69
  14004. };
  14005. byte msg[] = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8"
  14006. "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4";
  14007. byte expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6"
  14008. "\x3d\x32\x65\x4c\x66\x23\xc5";
  14009. byte mac[AES_BLOCK_SIZE];
  14010. word32 keySz = sizeof(key);
  14011. word32 macSz = sizeof(mac);
  14012. word32 msgSz = sizeof(msg) - 1;
  14013. word32 expMacSz = sizeof(expMac) - 1;
  14014. int type = WC_CMAC_AES;
  14015. int ret = 0;
  14016. XMEMSET(mac, 0, macSz);
  14017. ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
  14018. if (ret != 0) {
  14019. return ret;
  14020. }
  14021. ret = wc_CmacUpdate(&cmac, msg, msgSz);
  14022. if (ret != 0) {
  14023. return ret;
  14024. }
  14025. else {
  14026. wc_AesFree(&cmac.aes);
  14027. }
  14028. ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz);
  14029. if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
  14030. ret = WOLFSSL_FATAL_ERROR;
  14031. }
  14032. /* Pass in bad args. */
  14033. if (ret == 0) {
  14034. ret = wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz);
  14035. if (ret == BAD_FUNC_ARG) {
  14036. ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz);
  14037. }
  14038. if (ret == BAD_FUNC_ARG) {
  14039. ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0);
  14040. }
  14041. if (ret == BAD_FUNC_ARG) {
  14042. ret = wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz);
  14043. }
  14044. if (ret == BAD_FUNC_ARG) {
  14045. ret = 0;
  14046. }
  14047. else if (ret == 0) {
  14048. ret = WOLFSSL_FATAL_ERROR;
  14049. }
  14050. }
  14051. if (ret == 0) {
  14052. ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz);
  14053. /* Test bad args. */
  14054. if (ret == 0) {
  14055. ret = wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz);
  14056. if (ret == BAD_FUNC_ARG) {
  14057. ret = wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz);
  14058. }
  14059. if (ret == BAD_FUNC_ARG) {
  14060. ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz);
  14061. }
  14062. if (ret == BAD_FUNC_ARG) {
  14063. ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0);
  14064. }
  14065. if (ret == BAD_FUNC_ARG) {
  14066. ret = wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz);
  14067. }
  14068. if (ret == BAD_FUNC_ARG) {
  14069. ret = 0;
  14070. }
  14071. else if (ret == 0) {
  14072. ret = WOLFSSL_FATAL_ERROR;
  14073. }
  14074. }
  14075. }
  14076. res = TEST_RES_CHECK(ret == 0);
  14077. #endif
  14078. return res;
  14079. } /* END test_wc_AesCmacGenerate */
  14080. /*
  14081. * Testing streaming AES-GCM API.
  14082. */
  14083. static int test_wc_AesGcmStream(void)
  14084. {
  14085. int res = TEST_SKIPPED;
  14086. #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \
  14087. defined(WOLFSSL_AESGCM_STREAM)
  14088. int ret = 0;
  14089. int i;
  14090. WC_RNG rng[1];
  14091. Aes aesEnc[1];
  14092. Aes aesDec[1];
  14093. byte tag[AES_BLOCK_SIZE];
  14094. byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, };
  14095. byte out[AES_BLOCK_SIZE * 3 + 2];
  14096. byte plain[AES_BLOCK_SIZE * 3 + 2];
  14097. byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, };
  14098. byte key[AES_128_KEY_SIZE] = { 0, };
  14099. byte iv[AES_IV_SIZE] = { 1, };
  14100. byte ivOut[AES_IV_SIZE];
  14101. static const byte expTagAAD1[AES_BLOCK_SIZE] = {
  14102. 0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f,
  14103. 0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05
  14104. };
  14105. static const byte expTagPlain1[AES_BLOCK_SIZE] = {
  14106. 0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78,
  14107. 0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1
  14108. };
  14109. static const byte expTag[AES_BLOCK_SIZE] = {
  14110. 0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96,
  14111. 0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d
  14112. };
  14113. /* Create a random for generating IV/nonce. */
  14114. AssertIntEQ(wc_InitRng(rng), 0);
  14115. /* Initialize data structures. */
  14116. AssertIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
  14117. AssertIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
  14118. /* BadParameters to streaming init. */
  14119. AssertIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
  14120. AssertIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
  14121. AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0),
  14122. BAD_FUNC_ARG);
  14123. AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
  14124. BAD_FUNC_ARG);
  14125. /* Bad parameters to encrypt update. */
  14126. AssertIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
  14127. BAD_FUNC_ARG);
  14128. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
  14129. BAD_FUNC_ARG);
  14130. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
  14131. BAD_FUNC_ARG);
  14132. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
  14133. BAD_FUNC_ARG);
  14134. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
  14135. BAD_FUNC_ARG);
  14136. /* Bad parameters to decrypt update. */
  14137. AssertIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
  14138. BAD_FUNC_ARG);
  14139. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
  14140. BAD_FUNC_ARG);
  14141. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
  14142. BAD_FUNC_ARG);
  14143. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
  14144. BAD_FUNC_ARG);
  14145. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
  14146. BAD_FUNC_ARG);
  14147. /* Bad parameters to encrypt final. */
  14148. AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
  14149. AssertIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
  14150. AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE),
  14151. BAD_FUNC_ARG);
  14152. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG);
  14153. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE),
  14154. BAD_FUNC_ARG);
  14155. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1),
  14156. BAD_FUNC_ARG);
  14157. /* Bad parameters to decrypt final. */
  14158. AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
  14159. AssertIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
  14160. AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE),
  14161. BAD_FUNC_ARG);
  14162. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG);
  14163. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE),
  14164. BAD_FUNC_ARG);
  14165. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1),
  14166. BAD_FUNC_ARG);
  14167. /* Check calling final before setting key fails. */
  14168. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY);
  14169. AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY);
  14170. /* Check calling update before setting key else fails. */
  14171. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
  14172. MISSING_KEY);
  14173. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
  14174. MISSING_KEY);
  14175. /* Set key but not IV. */
  14176. AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
  14177. AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
  14178. /* Check calling final before setting IV fails. */
  14179. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV);
  14180. AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV);
  14181. /* Check calling update before setting IV else fails. */
  14182. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
  14183. MISSING_IV);
  14184. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
  14185. MISSING_IV);
  14186. /* Set IV using fixed part IV and external IV APIs. */
  14187. AssertIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
  14188. rng), 0);
  14189. AssertIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut,
  14190. GCM_NONCE_MID_SZ), 0);
  14191. AssertIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0);
  14192. AssertIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0);
  14193. /* Encrypt and decrypt data. */
  14194. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0);
  14195. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0);
  14196. AssertIntEQ(XMEMCMP(plain, in, 1), 0);
  14197. /* Finalize and check tag matches. */
  14198. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
  14199. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
  14200. /* Set key and IV through streaming init API. */
  14201. AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
  14202. AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
  14203. /* Encrypt/decrypt one block and AAD of one block. */
  14204. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad,
  14205. AES_BLOCK_SIZE), 0);
  14206. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad,
  14207. AES_BLOCK_SIZE), 0);
  14208. AssertIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0);
  14209. /* Finalize and check tag matches. */
  14210. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
  14211. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
  14212. /* Set key and IV through streaming init API. */
  14213. AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
  14214. AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
  14215. /* No data to encrypt/decrypt one byte of AAD. */
  14216. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0);
  14217. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0);
  14218. /* Finalize and check tag matches. */
  14219. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
  14220. AssertIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0);
  14221. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
  14222. /* Set key and IV through streaming init API. */
  14223. AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
  14224. AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
  14225. /* Encrypt/decrypt one byte and no AAD. */
  14226. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0);
  14227. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0);
  14228. AssertIntEQ(XMEMCMP(plain, in, 1), 0);
  14229. /* Finalize and check tag matches. */
  14230. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
  14231. AssertIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0);
  14232. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
  14233. /* Set key and IV through streaming init API. */
  14234. AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
  14235. AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
  14236. /* Encryption AES is one byte at a time */
  14237. for (i = 0; i < (int)sizeof(aad); i++) {
  14238. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1),
  14239. 0);
  14240. }
  14241. for (i = 0; i < (int)sizeof(in); i++) {
  14242. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0),
  14243. 0);
  14244. }
  14245. /* Decryption AES is two bytes at a time */
  14246. for (i = 0; i < (int)sizeof(aad); i += 2) {
  14247. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2),
  14248. 0);
  14249. }
  14250. for (i = 0; i < (int)sizeof(aad); i += 2) {
  14251. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL,
  14252. 0), 0);
  14253. }
  14254. AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
  14255. /* Finalize and check tag matches. */
  14256. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
  14257. AssertIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0);
  14258. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
  14259. /* Check streaming encryption can be decrypted with one shot. */
  14260. AssertIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0);
  14261. AssertIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv,
  14262. AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0);
  14263. AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
  14264. wc_AesFree(aesEnc);
  14265. wc_AesFree(aesDec);
  14266. wc_FreeRng(rng);
  14267. res = TEST_RES_CHECK(ret == 0);
  14268. #endif
  14269. return res;
  14270. } /* END test_wc_AesGcmStream */
  14271. /*
  14272. * unit test for wc_Des3_SetIV()
  14273. */
  14274. static int test_wc_Des3_SetIV(void)
  14275. {
  14276. int res = TEST_SKIPPED;
  14277. #ifndef NO_DES3
  14278. Des3 des;
  14279. int ret = 0;
  14280. const byte key[] =
  14281. {
  14282. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  14283. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  14284. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  14285. };
  14286. const byte iv[] =
  14287. {
  14288. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  14289. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  14290. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  14291. };
  14292. ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
  14293. if (ret != 0)
  14294. return ret;
  14295. /* DES_ENCRYPTION or DES_DECRYPTION */
  14296. ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
  14297. if (ret == 0) {
  14298. if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
  14299. ret = WOLFSSL_FATAL_ERROR;
  14300. }
  14301. }
  14302. #ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
  14303. /* Test explicitly wc_Des3_SetIV() */
  14304. if (ret == 0) {
  14305. ret = wc_Des3_SetIV(NULL, iv);
  14306. if (ret == BAD_FUNC_ARG) {
  14307. ret = wc_Des3_SetIV(&des, NULL);
  14308. }
  14309. else if (ret == 0) {
  14310. ret = WOLFSSL_FATAL_ERROR;
  14311. }
  14312. }
  14313. #endif
  14314. wc_Des3Free(&des);
  14315. res = TEST_RES_CHECK(ret == 0);
  14316. #endif
  14317. return res;
  14318. } /* END test_wc_Des3_SetIV */
  14319. /*
  14320. * unit test for wc_Des3_SetKey()
  14321. */
  14322. static int test_wc_Des3_SetKey(void)
  14323. {
  14324. int res = TEST_SKIPPED;
  14325. #ifndef NO_DES3
  14326. Des3 des;
  14327. int ret = 0;
  14328. const byte key[] =
  14329. {
  14330. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  14331. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  14332. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  14333. };
  14334. const byte iv[] =
  14335. {
  14336. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  14337. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  14338. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  14339. };
  14340. ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
  14341. if (ret != 0)
  14342. return ret;
  14343. /* DES_ENCRYPTION or DES_DECRYPTION */
  14344. ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
  14345. if (ret == 0) {
  14346. if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
  14347. ret = WOLFSSL_FATAL_ERROR;
  14348. }
  14349. }
  14350. /* Test bad args. */
  14351. if (ret == 0) {
  14352. ret = wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION);
  14353. if (ret == BAD_FUNC_ARG) {
  14354. ret = wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION);
  14355. }
  14356. if (ret == BAD_FUNC_ARG) {
  14357. ret = wc_Des3_SetKey(&des, key, iv, -1);
  14358. }
  14359. if (ret == BAD_FUNC_ARG) {
  14360. /* Default case. Should return 0. */
  14361. ret = wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION);
  14362. }
  14363. } /* END if ret != 0 */
  14364. wc_Des3Free(&des);
  14365. res = TEST_RES_CHECK(ret == 0);
  14366. #endif
  14367. return res;
  14368. } /* END test_wc_Des3_SetKey */
  14369. /*
  14370. * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
  14371. */
  14372. static int test_wc_Des3_CbcEncryptDecrypt(void)
  14373. {
  14374. int res = TEST_SKIPPED;
  14375. #ifndef NO_DES3
  14376. Des3 des;
  14377. int ret = 0;
  14378. byte cipher[24];
  14379. byte plain[24];
  14380. const byte key[] =
  14381. {
  14382. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  14383. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  14384. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  14385. };
  14386. const byte iv[] =
  14387. {
  14388. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  14389. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  14390. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  14391. };
  14392. const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
  14393. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  14394. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  14395. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  14396. };
  14397. ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
  14398. if (ret != 0)
  14399. return ret;
  14400. ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
  14401. if (ret == 0) {
  14402. ret = wc_Des3_CbcEncrypt(&des, cipher, vector, 24);
  14403. if (ret == 0) {
  14404. ret = wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION);
  14405. }
  14406. if (ret == 0) {
  14407. ret = wc_Des3_CbcDecrypt(&des, plain, cipher, 24);
  14408. }
  14409. }
  14410. if (ret == 0) {
  14411. if (XMEMCMP(plain, vector, 24) != 0) {
  14412. ret = WOLFSSL_FATAL_ERROR;
  14413. }
  14414. }
  14415. /* Pass in bad args. */
  14416. if (ret == 0) {
  14417. ret = wc_Des3_CbcEncrypt(NULL, cipher, vector, 24);
  14418. if (ret == BAD_FUNC_ARG) {
  14419. ret = wc_Des3_CbcEncrypt(&des, NULL, vector, 24);
  14420. }
  14421. if (ret == BAD_FUNC_ARG) {
  14422. ret = wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector));
  14423. }
  14424. if (ret != BAD_FUNC_ARG) {
  14425. ret = WOLFSSL_FATAL_ERROR;
  14426. }
  14427. else {
  14428. ret = 0;
  14429. }
  14430. }
  14431. if (ret == 0) {
  14432. ret = wc_Des3_CbcDecrypt(NULL, plain, cipher, 24);
  14433. if (ret == BAD_FUNC_ARG) {
  14434. ret = wc_Des3_CbcDecrypt(&des, NULL, cipher, 24);
  14435. }
  14436. if (ret == BAD_FUNC_ARG) {
  14437. ret = wc_Des3_CbcDecrypt(&des, plain, NULL, 24);
  14438. }
  14439. if (ret != BAD_FUNC_ARG) {
  14440. ret = WOLFSSL_FATAL_ERROR;
  14441. }
  14442. else {
  14443. ret = 0;
  14444. }
  14445. }
  14446. wc_Des3Free(&des);
  14447. res = TEST_RES_CHECK(ret == 0);
  14448. #endif
  14449. return res;
  14450. } /* END wc_Des3_CbcEncrypt */
  14451. /*
  14452. * Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey
  14453. */
  14454. static int test_wc_Des3_CbcEncryptDecryptWithKey(void)
  14455. {
  14456. int res = TEST_SKIPPED;
  14457. #ifndef NO_DES3
  14458. int ret = 0;
  14459. word32 vectorSz, cipherSz;
  14460. byte cipher[24];
  14461. byte plain[24];
  14462. byte vector[] = /* Now is the time for all w/o trailing 0 */
  14463. {
  14464. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  14465. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  14466. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  14467. };
  14468. byte key[] =
  14469. {
  14470. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  14471. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  14472. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  14473. };
  14474. byte iv[] =
  14475. {
  14476. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  14477. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  14478. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  14479. };
  14480. vectorSz = sizeof(byte) * 24;
  14481. cipherSz = sizeof(byte) * 24;
  14482. ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv);
  14483. if (ret == 0) {
  14484. ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv);
  14485. if (ret == 0) {
  14486. if (XMEMCMP(plain, vector, 24) != 0) {
  14487. ret = WOLFSSL_FATAL_ERROR;
  14488. }
  14489. }
  14490. }
  14491. /* pass in bad args. */
  14492. if (ret == 0) {
  14493. ret = wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv);
  14494. if (ret == BAD_FUNC_ARG) {
  14495. ret = wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv);
  14496. }
  14497. if (ret == BAD_FUNC_ARG) {
  14498. ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv);
  14499. }
  14500. if (ret == BAD_FUNC_ARG) {
  14501. ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz,
  14502. key, NULL);
  14503. }
  14504. else {
  14505. /* Return code catch. */
  14506. ret = WOLFSSL_FAILURE;
  14507. }
  14508. }
  14509. if (ret == 0) {
  14510. ret = wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv);
  14511. if (ret == BAD_FUNC_ARG) {
  14512. ret = wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv);
  14513. }
  14514. if (ret == BAD_FUNC_ARG) {
  14515. ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv);
  14516. }
  14517. if (ret == BAD_FUNC_ARG) {
  14518. ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL);
  14519. }
  14520. else {
  14521. ret = WOLFSSL_FAILURE;
  14522. }
  14523. }
  14524. res = TEST_RES_CHECK(ret == 0);
  14525. #endif
  14526. return res;
  14527. } /* END test_wc_Des3_CbcEncryptDecryptWithKey */
  14528. /*
  14529. * Unit test for wc_Des3_EcbEncrypt
  14530. */
  14531. static int test_wc_Des3_EcbEncrypt(void)
  14532. {
  14533. int res = TEST_SKIPPED;
  14534. #if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
  14535. Des3 des;
  14536. int ret = 0;
  14537. byte cipher[24];
  14538. word32 cipherSz = sizeof(cipher);
  14539. const byte key[] =
  14540. {
  14541. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  14542. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  14543. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  14544. };
  14545. const byte iv[] =
  14546. {
  14547. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  14548. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  14549. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  14550. };
  14551. const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
  14552. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  14553. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  14554. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  14555. };
  14556. ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
  14557. if (ret != 0) {
  14558. return ret;
  14559. }
  14560. if (ret == 0 ) {
  14561. ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
  14562. }
  14563. /* Bad Cases */
  14564. if (ret == 0) {
  14565. ret = wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz);
  14566. if (ret == BAD_FUNC_ARG) {
  14567. ret = 0;
  14568. }
  14569. }
  14570. if (ret == 0) {
  14571. ret = wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz);
  14572. if (ret == BAD_FUNC_ARG) {
  14573. ret = 0;
  14574. }
  14575. }
  14576. if (ret == 0) {
  14577. ret = wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz);
  14578. if (ret == BAD_FUNC_ARG) {
  14579. ret = 0;
  14580. }
  14581. }
  14582. if (ret == 0) {
  14583. ret = wc_Des3_EcbEncrypt(&des, cipher, vector, 0);
  14584. if (ret == BAD_FUNC_ARG) {
  14585. ret = 0;
  14586. }
  14587. }
  14588. if (ret == 0) {
  14589. ret = wc_Des3_EcbEncrypt(NULL, 0, NULL, 0);
  14590. if (ret == BAD_FUNC_ARG) {
  14591. ret = 0;
  14592. }
  14593. }
  14594. /* Good Cases */
  14595. if (ret == 0) {
  14596. ret = wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz);
  14597. }
  14598. wc_Des3Free(&des);
  14599. res = TEST_RES_CHECK(ret == 0);
  14600. #endif
  14601. return res;
  14602. } /* END test_wc_Des3_EcbEncrypt */
  14603. /*
  14604. * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV()
  14605. */
  14606. static int test_wc_Chacha_SetKey(void)
  14607. {
  14608. int res = TEST_SKIPPED;
  14609. #ifdef HAVE_CHACHA
  14610. ChaCha ctx;
  14611. const byte key[] =
  14612. {
  14613. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  14614. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  14615. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  14616. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  14617. };
  14618. byte cipher[128];
  14619. int ret = 0;
  14620. ret = wc_Chacha_SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
  14621. /* Test bad args. */
  14622. if (ret == 0) {
  14623. ret = wc_Chacha_SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
  14624. if (ret == BAD_FUNC_ARG) {
  14625. ret = wc_Chacha_SetKey(&ctx, key, 18);
  14626. }
  14627. if (ret == BAD_FUNC_ARG) {
  14628. ret = 0;
  14629. }
  14630. else {
  14631. ret = WOLFSSL_FATAL_ERROR;
  14632. }
  14633. }
  14634. if (ret == 0) {
  14635. ret = wc_Chacha_SetIV(&ctx, cipher, 0);
  14636. }
  14637. if (ret == 0) {
  14638. /* Test bad args. */
  14639. ret = wc_Chacha_SetIV(NULL, cipher, 0);
  14640. if (ret == BAD_FUNC_ARG) {
  14641. ret = 0;
  14642. }
  14643. else {
  14644. ret = WOLFSSL_FAILURE;
  14645. }
  14646. }
  14647. res = TEST_RES_CHECK(ret == 0);
  14648. #endif
  14649. return res;
  14650. } /* END test_wc_Chacha_SetKey */
  14651. /*
  14652. * unit test for wc_Poly1305SetKey()
  14653. */
  14654. static int test_wc_Poly1305SetKey(void)
  14655. {
  14656. int res = TEST_SKIPPED;
  14657. #ifdef HAVE_POLY1305
  14658. Poly1305 ctx;
  14659. const byte key[] =
  14660. {
  14661. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  14662. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  14663. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  14664. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  14665. };
  14666. int ret = 0;
  14667. ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
  14668. /* Test bad args. */
  14669. if (ret == 0) {
  14670. ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
  14671. if (ret == BAD_FUNC_ARG) {
  14672. ret = wc_Poly1305SetKey(&ctx, NULL, (word32)(sizeof(key)/sizeof(byte)));
  14673. }
  14674. if (ret == BAD_FUNC_ARG) {
  14675. ret = wc_Poly1305SetKey(&ctx, key, 18);
  14676. }
  14677. if (ret == BAD_FUNC_ARG) {
  14678. ret = 0;
  14679. }
  14680. else {
  14681. ret = WOLFSSL_FATAL_ERROR;
  14682. }
  14683. }
  14684. res = TEST_RES_CHECK(ret == 0);
  14685. #endif
  14686. return res;
  14687. } /* END test_wc_Poly1305_SetKey() */
  14688. /*
  14689. * Testing wc_Chacha_Process()
  14690. */
  14691. static int test_wc_Chacha_Process(void)
  14692. {
  14693. int res = TEST_SKIPPED;
  14694. #ifdef HAVE_CHACHA
  14695. ChaCha enc, dec;
  14696. byte cipher[128];
  14697. byte plain[128];
  14698. const byte key[] =
  14699. {
  14700. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  14701. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  14702. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  14703. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  14704. };
  14705. const char* input = "Everybody gets Friday off.";
  14706. word32 keySz = sizeof(key)/sizeof(byte);
  14707. unsigned long int inlen = XSTRLEN(input);
  14708. int ret = 0;
  14709. /*Initialize stack varialbes.*/
  14710. XMEMSET(cipher, 0, 128);
  14711. XMEMSET(plain, 0, 128);
  14712. ret = wc_Chacha_SetKey(&enc, key, keySz);
  14713. AssertIntEQ(ret, 0);
  14714. ret = wc_Chacha_SetKey(&dec, key, keySz);
  14715. AssertIntEQ(ret, 0);
  14716. ret = wc_Chacha_SetIV(&enc, cipher, 0);
  14717. AssertIntEQ(ret, 0);
  14718. ret = wc_Chacha_SetIV(&dec, cipher, 0);
  14719. AssertIntEQ(ret, 0);
  14720. ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen);
  14721. AssertIntEQ(ret, 0);
  14722. ret = wc_Chacha_Process(&dec, plain, cipher, (word32)inlen);
  14723. AssertIntEQ(ret, 0);
  14724. ret = XMEMCMP(input, plain, (int)inlen);
  14725. AssertIntEQ(ret, 0);
  14726. #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
  14727. /* test checking and using leftovers, currently just in C code */
  14728. ret = wc_Chacha_SetIV(&enc, cipher, 0);
  14729. AssertIntEQ(ret, 0);
  14730. ret = wc_Chacha_SetIV(&dec, cipher, 0);
  14731. AssertIntEQ(ret, 0);
  14732. ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen - 2);
  14733. AssertIntEQ(ret, 0);
  14734. ret = wc_Chacha_Process(&enc, cipher + (inlen - 2),
  14735. (byte*)input + (inlen - 2), 2);
  14736. AssertIntEQ(ret, 0);
  14737. ret = wc_Chacha_Process(&dec, plain, (byte*)cipher, (word32)inlen - 2);
  14738. AssertIntEQ(ret, 0);
  14739. ret = wc_Chacha_Process(&dec, cipher + (inlen - 2),
  14740. (byte*)input + (inlen - 2), 2);
  14741. AssertIntEQ(ret, 0);
  14742. ret = XMEMCMP(input, plain, (int)inlen);
  14743. AssertIntEQ(ret, 0);
  14744. /* check edge cases with counter increment */
  14745. {
  14746. /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/
  14747. const byte expected[] = {
  14748. 0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F,
  14749. 0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D,
  14750. 0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20,
  14751. 0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29,
  14752. 0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37,
  14753. 0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38,
  14754. 0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88,
  14755. 0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5,
  14756. 0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E,
  14757. 0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51,
  14758. 0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5,
  14759. 0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43,
  14760. 0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07,
  14761. 0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E,
  14762. 0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4,
  14763. 0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37,
  14764. 0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9,
  14765. 0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04,
  14766. 0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06,
  14767. 0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8,
  14768. 0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B,
  14769. 0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35,
  14770. 0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54,
  14771. 0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19,
  14772. 0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3,
  14773. 0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B,
  14774. 0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23,
  14775. 0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3,
  14776. 0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41,
  14777. 0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2,
  14778. 0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35,
  14779. 0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14
  14780. };
  14781. const byte iv2[] = {
  14782. 0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9,
  14783. 0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93
  14784. };
  14785. byte input2[256];
  14786. int i;
  14787. for (i = 0; i < 256; i++)
  14788. input2[i] = i;
  14789. ret = wc_Chacha_SetIV(&enc, iv2, 0);
  14790. AssertIntEQ(ret, 0);
  14791. ret = wc_Chacha_Process(&enc, cipher, input2, 64);
  14792. AssertIntEQ(ret, 0);
  14793. AssertIntEQ(XMEMCMP(expected, cipher, 64), 0);
  14794. ret = wc_Chacha_Process(&enc, cipher, input2 + 64, 128);
  14795. AssertIntEQ(ret, 0);
  14796. AssertIntEQ(XMEMCMP(expected + 64, cipher, 128), 0);
  14797. /* partial */
  14798. ret = wc_Chacha_Process(&enc, cipher, input2 + 192, 32);
  14799. AssertIntEQ(ret, 0);
  14800. AssertIntEQ(XMEMCMP(expected + 192, cipher, 32), 0);
  14801. ret = wc_Chacha_Process(&enc, cipher, input2 + 224, 32);
  14802. AssertIntEQ(ret, 0);
  14803. AssertIntEQ(XMEMCMP(expected + 224, cipher, 32), 0);
  14804. }
  14805. #endif
  14806. /* Test bad args. */
  14807. ret = wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen);
  14808. AssertIntEQ(ret, BAD_FUNC_ARG);
  14809. if (ret == BAD_FUNC_ARG) {
  14810. ret = 0;
  14811. }
  14812. res = TEST_RES_CHECK(ret == 0);
  14813. #endif
  14814. return res;
  14815. } /* END test_wc_Chacha_Process */
  14816. /*
  14817. * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt()
  14818. */
  14819. static int test_wc_ChaCha20Poly1305_aead(void)
  14820. {
  14821. int res = TEST_SKIPPED;
  14822. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  14823. const byte key[] = {
  14824. 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
  14825. 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  14826. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
  14827. 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
  14828. };
  14829. const byte plaintext[] = {
  14830. 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
  14831. 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
  14832. 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
  14833. 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
  14834. 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
  14835. 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
  14836. 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
  14837. 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
  14838. 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
  14839. 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
  14840. 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
  14841. 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
  14842. 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
  14843. 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
  14844. 0x74, 0x2e
  14845. };
  14846. const byte iv[] = {
  14847. 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
  14848. 0x44, 0x45, 0x46, 0x47
  14849. };
  14850. const byte aad[] = { /* additional data */
  14851. 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
  14852. 0xc4, 0xc5, 0xc6, 0xc7
  14853. };
  14854. const byte cipher[] = { /* expected output from operation */
  14855. 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
  14856. 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
  14857. 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
  14858. 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
  14859. 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
  14860. 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
  14861. 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
  14862. 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
  14863. 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
  14864. 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
  14865. 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
  14866. 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
  14867. 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
  14868. 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
  14869. 0x61, 0x16
  14870. };
  14871. const byte authTag[] = { /* expected output from operation */
  14872. 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
  14873. 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
  14874. };
  14875. byte generatedCiphertext[272];
  14876. byte generatedPlaintext[272];
  14877. byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
  14878. int ret = 0;
  14879. /* Initialize stack variables. */
  14880. XMEMSET(generatedCiphertext, 0, 272);
  14881. XMEMSET(generatedPlaintext, 0, 272);
  14882. /* Test Encrypt */
  14883. ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext,
  14884. sizeof(plaintext), generatedCiphertext, generatedAuthTag);
  14885. AssertIntEQ(ret, 0);
  14886. ret = XMEMCMP(generatedCiphertext, cipher, sizeof(cipher)/sizeof(byte));
  14887. AssertIntEQ(ret, 0);
  14888. /* Test bad args. */
  14889. ret = wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad), plaintext,
  14890. sizeof(plaintext), generatedCiphertext, generatedAuthTag);
  14891. AssertIntEQ(ret, BAD_FUNC_ARG);
  14892. ret = wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
  14893. plaintext, sizeof(plaintext),
  14894. generatedCiphertext, generatedAuthTag);
  14895. AssertIntEQ(ret, BAD_FUNC_ARG);
  14896. ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
  14897. sizeof(plaintext), generatedCiphertext, generatedAuthTag);
  14898. AssertIntEQ(ret, BAD_FUNC_ARG);
  14899. ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
  14900. NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag);
  14901. AssertIntEQ(ret, BAD_FUNC_ARG);
  14902. ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
  14903. plaintext, sizeof(plaintext), NULL, generatedAuthTag);
  14904. AssertIntEQ(ret, BAD_FUNC_ARG);
  14905. ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
  14906. plaintext, sizeof(plaintext), generatedCiphertext, NULL);
  14907. if (ret == BAD_FUNC_ARG) {
  14908. ret = 0;
  14909. (void)ret; /* suppress never read */
  14910. }
  14911. ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
  14912. sizeof(cipher), authTag, generatedPlaintext);
  14913. AssertIntEQ(ret, 0);
  14914. ret = XMEMCMP(generatedPlaintext, plaintext,
  14915. sizeof(plaintext)/sizeof(byte));
  14916. AssertIntEQ(ret, 0);
  14917. /* Test bad args. */
  14918. ret = wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
  14919. sizeof(cipher), authTag, generatedPlaintext);
  14920. AssertIntEQ(ret, BAD_FUNC_ARG);
  14921. ret = wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
  14922. cipher, sizeof(cipher), authTag, generatedPlaintext);
  14923. AssertIntEQ(ret, BAD_FUNC_ARG);
  14924. ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
  14925. sizeof(cipher), authTag, generatedPlaintext);
  14926. AssertIntEQ(ret, BAD_FUNC_ARG);
  14927. ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
  14928. sizeof(cipher), NULL, generatedPlaintext);
  14929. AssertIntEQ(ret, BAD_FUNC_ARG);
  14930. ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
  14931. sizeof(cipher), authTag, NULL);
  14932. AssertIntEQ(ret, BAD_FUNC_ARG);
  14933. ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
  14934. sizeof(cipher), authTag, generatedPlaintext);
  14935. AssertIntEQ(ret, BAD_FUNC_ARG);
  14936. if (ret == BAD_FUNC_ARG) {
  14937. ret = 0;
  14938. }
  14939. res = TEST_RES_CHECK(ret == 0);
  14940. #endif
  14941. return res;
  14942. } /* END test-wc_ChaCha20Poly1305_EncryptDecrypt */
  14943. /*
  14944. * Testing function for wc_Rc2SetKey().
  14945. */
  14946. static int test_wc_Rc2SetKey(void)
  14947. {
  14948. int res = TEST_SKIPPED;
  14949. #ifdef WC_RC2
  14950. Rc2 rc2;
  14951. byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
  14952. byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  14953. int ret = 0;
  14954. /* valid key and IV */
  14955. ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
  14956. iv, 40);
  14957. if (ret == 0) {
  14958. /* valid key, no IV */
  14959. ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
  14960. NULL, 40);
  14961. }
  14962. /* bad arguments */
  14963. if (ret == 0) {
  14964. /* null Rc2 struct */
  14965. ret = wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte),
  14966. iv, 40);
  14967. if (ret == BAD_FUNC_ARG) {
  14968. ret = 0;
  14969. }
  14970. }
  14971. if (ret == 0) {
  14972. /* null key */
  14973. ret = wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte),
  14974. iv, 40);
  14975. if (ret == BAD_FUNC_ARG) {
  14976. ret = 0;
  14977. }
  14978. }
  14979. if (ret == 0) {
  14980. /* key size == 0 */
  14981. ret = wc_Rc2SetKey(&rc2, key40, 0, iv, 40);
  14982. if (ret == WC_KEY_SIZE_E) {
  14983. ret = 0;
  14984. }
  14985. }
  14986. if (ret == 0) {
  14987. /* key size > 128 */
  14988. ret = wc_Rc2SetKey(&rc2, key40, 129, iv, 40);
  14989. if (ret == WC_KEY_SIZE_E) {
  14990. ret = 0;
  14991. }
  14992. }
  14993. if (ret == 0) {
  14994. /* effective bits == 0 */
  14995. ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
  14996. iv, 0);
  14997. if (ret == WC_KEY_SIZE_E) {
  14998. ret = 0;
  14999. }
  15000. }
  15001. if (ret == 0) {
  15002. /* effective bits > 1024 */
  15003. ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
  15004. iv, 1025);
  15005. if (ret == WC_KEY_SIZE_E) {
  15006. ret = 0;
  15007. }
  15008. }
  15009. res = TEST_RES_CHECK(ret == 0);
  15010. #endif
  15011. return res;
  15012. } /* END test_wc_Rc2SetKey */
  15013. /*
  15014. * Testing function for wc_Rc2SetIV().
  15015. */
  15016. static int test_wc_Rc2SetIV(void)
  15017. {
  15018. int res = TEST_SKIPPED;
  15019. #ifdef WC_RC2
  15020. Rc2 rc2;
  15021. byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  15022. int ret = 0;
  15023. /* valid IV */
  15024. ret = wc_Rc2SetIV(&rc2, iv);
  15025. if (ret == 0) {
  15026. /* valid NULL IV */
  15027. ret = wc_Rc2SetIV(&rc2, NULL);
  15028. }
  15029. /* bad arguments */
  15030. if (ret == 0) {
  15031. ret = wc_Rc2SetIV(NULL, iv);
  15032. if (ret == BAD_FUNC_ARG) {
  15033. ret = 0;
  15034. }
  15035. }
  15036. res = TEST_RES_CHECK(ret == 0);
  15037. #endif
  15038. return res;
  15039. } /* END test_wc_Rc2SetKey */
  15040. /*
  15041. * Testing function for wc_Rc2EcbEncrypt().
  15042. */
  15043. static int test_wc_Rc2EcbEncryptDecrypt(void)
  15044. {
  15045. int res = TEST_SKIPPED;
  15046. #ifdef WC_RC2
  15047. Rc2 rc2;
  15048. int ret = 0;
  15049. int effectiveKeyBits = 63;
  15050. byte cipher[RC2_BLOCK_SIZE];
  15051. byte plain[RC2_BLOCK_SIZE];
  15052. byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
  15053. byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
  15054. byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff };
  15055. XMEMSET(cipher, 0, sizeof(cipher));
  15056. XMEMSET(plain, 0, sizeof(plain));
  15057. ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
  15058. NULL, effectiveKeyBits);
  15059. if (ret == 0) {
  15060. ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE);
  15061. if (ret != 0 || XMEMCMP(cipher, output, RC2_BLOCK_SIZE) != 0) {
  15062. ret = WOLFSSL_FATAL_ERROR;
  15063. }
  15064. if (ret == 0) {
  15065. ret = wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE);
  15066. if (ret != 0 || XMEMCMP(plain, input, RC2_BLOCK_SIZE) != 0) {
  15067. ret = WOLFSSL_FATAL_ERROR;
  15068. }
  15069. }
  15070. }
  15071. /* Rc2EcbEncrypt bad arguments */
  15072. if (ret == 0) {
  15073. /* null Rc2 struct */
  15074. ret = wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE);
  15075. if (ret == BAD_FUNC_ARG) {
  15076. ret = 0;
  15077. }
  15078. }
  15079. if (ret == 0) {
  15080. /* null out buffer */
  15081. ret = wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE);
  15082. if (ret == BAD_FUNC_ARG) {
  15083. ret = 0;
  15084. }
  15085. }
  15086. if (ret == 0) {
  15087. /* null input buffer */
  15088. ret = wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE);
  15089. if (ret == BAD_FUNC_ARG) {
  15090. ret = 0;
  15091. }
  15092. }
  15093. if (ret == 0) {
  15094. /* output buffer sz != RC2_BLOCK_SIZE (8) */
  15095. ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, 7);
  15096. if (ret == BUFFER_E) {
  15097. ret = 0;
  15098. }
  15099. }
  15100. /* Rc2EcbDecrypt bad arguments */
  15101. if (ret == 0) {
  15102. /* null Rc2 struct */
  15103. ret = wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE);
  15104. if (ret == BAD_FUNC_ARG) {
  15105. ret = 0;
  15106. }
  15107. }
  15108. if (ret == 0) {
  15109. /* null out buffer */
  15110. ret = wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE);
  15111. if (ret == BAD_FUNC_ARG) {
  15112. ret = 0;
  15113. }
  15114. }
  15115. if (ret == 0) {
  15116. /* null input buffer */
  15117. ret = wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE);
  15118. if (ret == BAD_FUNC_ARG) {
  15119. ret = 0;
  15120. }
  15121. }
  15122. if (ret == 0) {
  15123. /* output buffer sz != RC2_BLOCK_SIZE (8) */
  15124. ret = wc_Rc2EcbDecrypt(&rc2, plain, output, 7);
  15125. if (ret == BUFFER_E) {
  15126. ret = 0;
  15127. }
  15128. }
  15129. res = TEST_RES_CHECK(ret == 0);
  15130. #endif
  15131. return res;
  15132. } /* END test_wc_Rc2SetKey */
  15133. /*
  15134. * Testing function for wc_Rc2CbcEncrypt().
  15135. */
  15136. static int test_wc_Rc2CbcEncryptDecrypt(void)
  15137. {
  15138. int res = TEST_SKIPPED;
  15139. #ifdef WC_RC2
  15140. Rc2 rc2;
  15141. int ret = 0;
  15142. int effectiveKeyBits = 63;
  15143. byte cipher[RC2_BLOCK_SIZE*2];
  15144. byte plain[RC2_BLOCK_SIZE*2];
  15145. /* vector taken from test.c */
  15146. byte key[] = {
  15147. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
  15148. };
  15149. byte iv[] = {
  15150. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
  15151. };
  15152. byte input[] = {
  15153. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  15154. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
  15155. };
  15156. byte output[] = {
  15157. 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff,
  15158. 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57
  15159. };
  15160. XMEMSET(cipher, 0, sizeof(cipher));
  15161. XMEMSET(plain, 0, sizeof(plain));
  15162. ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
  15163. iv, effectiveKeyBits);
  15164. if (ret == 0) {
  15165. ret = wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input));
  15166. if (ret != 0 || XMEMCMP(cipher, output, sizeof(output)) != 0) {
  15167. ret = WOLFSSL_FATAL_ERROR;
  15168. }
  15169. else {
  15170. /* reset IV for decrypt */
  15171. ret = wc_Rc2SetIV(&rc2, iv);
  15172. }
  15173. if (ret == 0) {
  15174. ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher));
  15175. if (ret != 0 || XMEMCMP(plain, input, sizeof(input)) != 0) {
  15176. ret = WOLFSSL_FATAL_ERROR;
  15177. }
  15178. }
  15179. }
  15180. /* Rc2CbcEncrypt bad arguments */
  15181. if (ret == 0) {
  15182. /* null Rc2 struct */
  15183. ret = wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input));
  15184. if (ret == BAD_FUNC_ARG) {
  15185. ret = 0;
  15186. }
  15187. }
  15188. if (ret == 0) {
  15189. /* null out buffer */
  15190. ret = wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input));
  15191. if (ret == BAD_FUNC_ARG) {
  15192. ret = 0;
  15193. }
  15194. }
  15195. if (ret == 0) {
  15196. /* null input buffer */
  15197. ret = wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input));
  15198. if (ret == BAD_FUNC_ARG) {
  15199. ret = 0;
  15200. }
  15201. }
  15202. /* Rc2CbcDecrypt bad arguments */
  15203. if (ret == 0) {
  15204. /* in size is 0 */
  15205. ret = wc_Rc2CbcDecrypt(&rc2, plain, output, 0);
  15206. if (ret != 0) {
  15207. ret = WOLFSSL_FATAL_ERROR;
  15208. }
  15209. }
  15210. if (ret == 0) {
  15211. /* null Rc2 struct */
  15212. ret = wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output));
  15213. if (ret == BAD_FUNC_ARG) {
  15214. ret = 0;
  15215. }
  15216. }
  15217. if (ret == 0) {
  15218. /* null out buffer */
  15219. ret = wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output));
  15220. if (ret == BAD_FUNC_ARG) {
  15221. ret = 0;
  15222. }
  15223. }
  15224. if (ret == 0) {
  15225. /* null input buffer */
  15226. ret = wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output));
  15227. if (ret == BAD_FUNC_ARG) {
  15228. ret = 0;
  15229. }
  15230. }
  15231. res = TEST_RES_CHECK(ret == 0);
  15232. #endif
  15233. return res;
  15234. } /* END test_wc_Rc2SetKey */
  15235. /*
  15236. * Testing function for wc_AesSetIV
  15237. */
  15238. static int test_wc_AesSetIV(void)
  15239. {
  15240. int res = TEST_SKIPPED;
  15241. #if !defined(NO_AES) && defined(WOLFSSL_AES_128)
  15242. Aes aes;
  15243. int ret = 0;
  15244. byte key16[] =
  15245. {
  15246. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15247. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  15248. };
  15249. byte iv1[] = "1234567890abcdef";
  15250. byte iv2[] = "0987654321fedcba";
  15251. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  15252. if (ret != 0)
  15253. return ret;
  15254. ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
  15255. iv1, AES_ENCRYPTION);
  15256. if (ret == 0) {
  15257. ret = wc_AesSetIV(&aes, iv2);
  15258. }
  15259. /* Test bad args. */
  15260. if (ret == 0) {
  15261. ret = wc_AesSetIV(NULL, iv1);
  15262. if (ret == BAD_FUNC_ARG) {
  15263. /* NULL iv should return 0. */
  15264. ret = wc_AesSetIV(&aes, NULL);
  15265. }
  15266. else {
  15267. ret = WOLFSSL_FATAL_ERROR;
  15268. }
  15269. }
  15270. wc_AesFree(&aes);
  15271. res = TEST_RES_CHECK(ret == 0);
  15272. #endif
  15273. return res;
  15274. } /* test_wc_AesSetIV */
  15275. /*
  15276. * Testing function for wc_AesSetKey().
  15277. */
  15278. static int test_wc_AesSetKey(void)
  15279. {
  15280. int res = TEST_SKIPPED;
  15281. #ifndef NO_AES
  15282. Aes aes;
  15283. int ret = 0;
  15284. byte key16[] =
  15285. {
  15286. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15287. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  15288. };
  15289. #ifdef WOLFSSL_AES_192
  15290. byte key24[] =
  15291. {
  15292. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15293. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15294. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
  15295. };
  15296. #endif
  15297. #ifdef WOLFSSL_AES_256
  15298. byte key32[] =
  15299. {
  15300. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15301. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15302. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15303. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  15304. };
  15305. #endif
  15306. byte badKey16[] =
  15307. {
  15308. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15309. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
  15310. };
  15311. byte iv[] = "1234567890abcdef";
  15312. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  15313. if (ret != 0)
  15314. return ret;
  15315. #ifdef WOLFSSL_AES_128
  15316. ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
  15317. iv, AES_ENCRYPTION);
  15318. #endif
  15319. #ifdef WOLFSSL_AES_192
  15320. if (ret == 0) {
  15321. ret = wc_AesSetKey (&aes, key24, (word32) sizeof(key24) / sizeof(byte),
  15322. iv, AES_ENCRYPTION);
  15323. }
  15324. #endif
  15325. #ifdef WOLFSSL_AES_256
  15326. if (ret == 0) {
  15327. ret = wc_AesSetKey (&aes, key32, (word32) sizeof(key32) / sizeof(byte),
  15328. iv, AES_ENCRYPTION);
  15329. }
  15330. #endif
  15331. /* Pass in bad args. */
  15332. if (ret == 0) {
  15333. ret = wc_AesSetKey (NULL, key16, (word32) sizeof(key16) / sizeof(byte),
  15334. iv, AES_ENCRYPTION);
  15335. if (ret == BAD_FUNC_ARG) {
  15336. ret = wc_AesSetKey(&aes, badKey16,
  15337. (word32) sizeof(badKey16) / sizeof(byte),
  15338. iv, AES_ENCRYPTION);
  15339. }
  15340. if (ret == BAD_FUNC_ARG) {
  15341. ret = 0;
  15342. }
  15343. else {
  15344. ret = WOLFSSL_FATAL_ERROR;
  15345. }
  15346. }
  15347. wc_AesFree(&aes);
  15348. res = TEST_RES_CHECK(ret == 0);
  15349. #endif
  15350. return res;
  15351. } /* END test_wc_AesSetKey */
  15352. /*
  15353. * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(),
  15354. * and wc_AesCbcDecryptWithKey()
  15355. */
  15356. static int test_wc_AesCbcEncryptDecrypt(void)
  15357. {
  15358. int res = TEST_SKIPPED;
  15359. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \
  15360. defined(WOLFSSL_AES_256)
  15361. Aes aes;
  15362. int ret = 0;
  15363. byte key32[] =
  15364. {
  15365. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15366. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15367. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15368. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  15369. };
  15370. byte vector[] = /* Now is the time for all good men w/o trailing 0 */
  15371. {
  15372. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  15373. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  15374. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
  15375. 0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
  15376. };
  15377. byte iv[] = "1234567890abcdef";
  15378. byte enc[sizeof(vector)];
  15379. byte dec[sizeof(vector)];
  15380. int cbcE = WOLFSSL_FATAL_ERROR;
  15381. int cbcD = WOLFSSL_FATAL_ERROR;
  15382. int cbcDWK = WOLFSSL_FATAL_ERROR;
  15383. byte dec2[sizeof(vector)];
  15384. /* Init stack variables. */
  15385. XMEMSET(enc, 0, sizeof(enc));
  15386. XMEMSET(dec, 0, sizeof(vector));
  15387. XMEMSET(dec2, 0, sizeof(vector));
  15388. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  15389. if (ret != 0)
  15390. return ret;
  15391. ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
  15392. if (ret == 0) {
  15393. ret = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector));
  15394. if (ret == 0) {
  15395. /* Re init for decrypt and set flag. */
  15396. cbcE = 0;
  15397. wc_AesFree(&aes);
  15398. ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2,
  15399. iv, AES_DECRYPTION);
  15400. }
  15401. if (ret == 0) {
  15402. ret = wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector));
  15403. if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector)) != 0) {
  15404. ret = WOLFSSL_FATAL_ERROR;
  15405. }
  15406. else {
  15407. /* Set flag. */
  15408. cbcD = 0;
  15409. }
  15410. }
  15411. }
  15412. /* If encrypt succeeds but cbc decrypt fails, we can still test. */
  15413. if (ret == 0 || cbcE == 0) {
  15414. ret = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
  15415. key32, sizeof(key32)/sizeof(byte), iv);
  15416. if (ret == 0 || XMEMCMP(vector, dec2, AES_BLOCK_SIZE) == 0) {
  15417. cbcDWK = 0;
  15418. }
  15419. }
  15420. /* Pass in bad args */
  15421. if (cbcE == 0) {
  15422. cbcE = wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector));
  15423. if (cbcE == BAD_FUNC_ARG) {
  15424. cbcE = wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector));
  15425. }
  15426. if (cbcE == BAD_FUNC_ARG) {
  15427. cbcE = wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector));
  15428. }
  15429. if (cbcE == BAD_FUNC_ARG) {
  15430. cbcE = 0;
  15431. }
  15432. else {
  15433. cbcE = WOLFSSL_FATAL_ERROR;
  15434. }
  15435. #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
  15436. if (cbcE == 0) {
  15437. cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1);
  15438. }
  15439. if (cbcE == BAD_LENGTH_E) {
  15440. cbcE = 0;
  15441. }
  15442. else {
  15443. cbcE = WOLFSSL_FATAL_ERROR;
  15444. }
  15445. #endif
  15446. }
  15447. if (cbcE == 0) {
  15448. #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
  15449. (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI)
  15450. fprintf(stderr, "Zero length inputs not supported with AESNI in FIPS "
  15451. "mode (v2), skip test");
  15452. #else
  15453. /* Test passing in size of 0 */
  15454. XMEMSET(enc, 0, sizeof(enc));
  15455. cbcE = wc_AesCbcEncrypt(&aes, enc, vector, 0);
  15456. if (cbcE == 0) {
  15457. /* Check enc was not modified */
  15458. int i;
  15459. for (i = 0; i < (int)sizeof(enc); i++)
  15460. cbcE |= enc[i];
  15461. }
  15462. #endif
  15463. }
  15464. if (cbcE != 0) {
  15465. wc_AesFree(&aes);
  15466. return TEST_FAIL;
  15467. }
  15468. if (cbcD == 0) {
  15469. cbcD = wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE);
  15470. if (cbcD == BAD_FUNC_ARG) {
  15471. cbcD = wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE);
  15472. }
  15473. if (cbcD == BAD_FUNC_ARG) {
  15474. cbcD = wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE);
  15475. }
  15476. if (cbcD == BAD_FUNC_ARG) {
  15477. cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1);
  15478. }
  15479. #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
  15480. if (cbcD == BAD_LENGTH_E) {
  15481. cbcD = 0;
  15482. }
  15483. else {
  15484. cbcD = WOLFSSL_FATAL_ERROR;
  15485. }
  15486. #else
  15487. if (cbcD == BAD_FUNC_ARG) {
  15488. cbcD = 0;
  15489. }
  15490. else {
  15491. cbcD = WOLFSSL_FATAL_ERROR;
  15492. }
  15493. #endif
  15494. }
  15495. if (cbcD == 0) {
  15496. /* Test passing in size of 0 */
  15497. XMEMSET(dec, 0, sizeof(dec));
  15498. cbcD = wc_AesCbcDecrypt(&aes, dec, enc, 0);
  15499. if (cbcD == 0) {
  15500. /* Check dec was not modified */
  15501. int i;
  15502. for (i = 0; i < (int)sizeof(dec); i++)
  15503. cbcD |= dec[i];
  15504. }
  15505. }
  15506. if (cbcD != 0) {
  15507. wc_AesFree(&aes);
  15508. return TEST_FAIL;
  15509. }
  15510. if (cbcDWK == 0) {
  15511. cbcDWK = wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE,
  15512. key32, sizeof(key32)/sizeof(byte), iv);
  15513. if (cbcDWK == BAD_FUNC_ARG) {
  15514. cbcDWK = wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE,
  15515. key32, sizeof(key32)/sizeof(byte), iv);
  15516. }
  15517. if (cbcDWK == BAD_FUNC_ARG) {
  15518. cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
  15519. NULL, sizeof(key32)/sizeof(byte), iv);
  15520. }
  15521. if (cbcDWK == BAD_FUNC_ARG) {
  15522. cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
  15523. key32, sizeof(key32)/sizeof(byte), NULL);
  15524. }
  15525. if (cbcDWK == BAD_FUNC_ARG) {
  15526. cbcDWK = 0;
  15527. }
  15528. else {
  15529. cbcDWK = WOLFSSL_FATAL_ERROR;
  15530. }
  15531. }
  15532. wc_AesFree(&aes);
  15533. res = TEST_RES_CHECK(cbcDWK == 0);
  15534. #endif
  15535. return res;
  15536. } /* END test_wc_AesCbcEncryptDecrypt */
  15537. /*
  15538. * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt
  15539. */
  15540. static int test_wc_AesCtrEncryptDecrypt(void)
  15541. {
  15542. int res = TEST_SKIPPED;
  15543. #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
  15544. Aes aesEnc, aesDec;
  15545. int ret = 0;
  15546. byte key32[] =
  15547. {
  15548. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15549. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15550. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15551. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  15552. };
  15553. byte vector[] = /* Now is the time for all w/o trailing 0 */
  15554. {
  15555. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  15556. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  15557. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  15558. };
  15559. byte iv[] = "1234567890abcdef";
  15560. byte enc[AES_BLOCK_SIZE * 2];
  15561. byte dec[AES_BLOCK_SIZE * 2];
  15562. /* Init stack variables. */
  15563. XMEMSET(enc, 0, AES_BLOCK_SIZE * 2);
  15564. XMEMSET(dec, 0, AES_BLOCK_SIZE * 2);
  15565. ret = wc_AesInit(&aesEnc, NULL, INVALID_DEVID);
  15566. if (ret != 0)
  15567. return ret;
  15568. ret = wc_AesInit(&aesDec, NULL, INVALID_DEVID);
  15569. if (ret != 0) {
  15570. wc_AesFree(&aesEnc);
  15571. return ret;
  15572. }
  15573. ret = wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2,
  15574. iv, AES_ENCRYPTION);
  15575. if (ret == 0) {
  15576. ret = wc_AesCtrEncrypt(&aesEnc, enc, vector,
  15577. sizeof(vector)/sizeof(byte));
  15578. if (ret == 0) {
  15579. /* Decrypt with wc_AesCtrEncrypt() */
  15580. ret = wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2,
  15581. iv, AES_ENCRYPTION);
  15582. }
  15583. if (ret == 0) {
  15584. ret = wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte));
  15585. if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector))) {
  15586. ret = WOLFSSL_FATAL_ERROR;
  15587. }
  15588. }
  15589. }
  15590. /* Test bad args. */
  15591. if (ret == 0) {
  15592. ret = wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte));
  15593. if (ret == BAD_FUNC_ARG) {
  15594. ret = wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte));
  15595. }
  15596. if (ret == BAD_FUNC_ARG) {
  15597. ret = wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte));
  15598. }
  15599. if (ret == BAD_FUNC_ARG) {
  15600. ret = 0;
  15601. }
  15602. else {
  15603. ret = WOLFSSL_FATAL_ERROR;
  15604. }
  15605. }
  15606. wc_AesFree(&aesEnc);
  15607. wc_AesFree(&aesDec);
  15608. res = TEST_RES_CHECK(ret == 0);
  15609. #endif
  15610. return res;
  15611. } /* END test_wc_AesCtrEncryptDecrypt */
  15612. /*
  15613. * test function for wc_AesGcmSetKey()
  15614. */
  15615. static int test_wc_AesGcmSetKey(void)
  15616. {
  15617. int res = TEST_SKIPPED;
  15618. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  15619. Aes aes;
  15620. int ret = 0;
  15621. #ifdef WOLFSSL_AES_128
  15622. byte key16[] =
  15623. {
  15624. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15625. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  15626. };
  15627. #endif
  15628. #ifdef WOLFSSL_AES_192
  15629. byte key24[] =
  15630. {
  15631. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15632. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15633. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
  15634. };
  15635. #endif
  15636. #ifdef WOLFSSL_AES_256
  15637. byte key32[] =
  15638. {
  15639. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15640. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15641. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15642. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  15643. };
  15644. #endif
  15645. byte badKey16[] =
  15646. {
  15647. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15648. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
  15649. };
  15650. byte badKey24[] =
  15651. {
  15652. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15653. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15654. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
  15655. };
  15656. byte badKey32[] =
  15657. {
  15658. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
  15659. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15660. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15661. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
  15662. };
  15663. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  15664. if (ret != 0)
  15665. return ret;
  15666. #ifdef WOLFSSL_AES_128
  15667. ret = wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte));
  15668. #endif
  15669. #ifdef WOLFSSL_AES_192
  15670. if (ret == 0) {
  15671. ret = wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte));
  15672. }
  15673. #endif
  15674. #ifdef WOLFSSL_AES_256
  15675. if (ret == 0) {
  15676. ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
  15677. }
  15678. #endif
  15679. /* Pass in bad args. */
  15680. if (ret == 0) {
  15681. ret = wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte));
  15682. if (ret == BAD_FUNC_ARG) {
  15683. ret = wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte));
  15684. }
  15685. if (ret == BAD_FUNC_ARG) {
  15686. ret = wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte));
  15687. }
  15688. if (ret == BAD_FUNC_ARG) {
  15689. ret = 0;
  15690. }
  15691. else {
  15692. ret = WOLFSSL_FATAL_ERROR;
  15693. }
  15694. }
  15695. wc_AesFree(&aes);
  15696. res = TEST_RES_CHECK(ret == 0);
  15697. #endif
  15698. return res;
  15699. } /* END test_wc_AesGcmSetKey */
  15700. /*
  15701. * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt
  15702. */
  15703. static int test_wc_AesGcmEncryptDecrypt(void)
  15704. {
  15705. int res = TEST_SKIPPED;
  15706. /* WOLFSSL_AFALG requires 12 byte IV */
  15707. #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
  15708. !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES)
  15709. Aes aes;
  15710. byte key32[] =
  15711. {
  15712. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15713. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15714. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15715. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  15716. };
  15717. byte vector[] = /* Now is the time for all w/o trailing 0 */
  15718. {
  15719. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  15720. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  15721. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  15722. };
  15723. const byte a[] =
  15724. {
  15725. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  15726. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  15727. 0xab, 0xad, 0xda, 0xd2
  15728. };
  15729. byte iv[] = "1234567890a";
  15730. byte longIV[] = "1234567890abcdefghij";
  15731. byte enc[sizeof(vector)];
  15732. byte resultT[AES_BLOCK_SIZE];
  15733. byte dec[sizeof(vector)];
  15734. int gcmD = WOLFSSL_FATAL_ERROR;
  15735. int gcmE = WOLFSSL_FATAL_ERROR;
  15736. int ret = 0;
  15737. /* Init stack variables. */
  15738. XMEMSET(enc, 0, sizeof(vector));
  15739. XMEMSET(dec, 0, sizeof(vector));
  15740. XMEMSET(resultT, 0, AES_BLOCK_SIZE);
  15741. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  15742. if (ret != 0)
  15743. return ret;
  15744. ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
  15745. if (ret == 0) {
  15746. gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector),
  15747. iv, sizeof(iv)/sizeof(byte), resultT,
  15748. sizeof(resultT), a, sizeof(a));
  15749. }
  15750. if (gcmE == 0) { /* If encrypt fails, no decrypt. */
  15751. gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
  15752. iv, sizeof(iv)/sizeof(byte), resultT,
  15753. sizeof(resultT), a, sizeof(a));
  15754. if (gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) != 0)) {
  15755. gcmD = WOLFSSL_FATAL_ERROR;
  15756. }
  15757. }
  15758. /*Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
  15759. if (gcmE == 0) {
  15760. gcmE = wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector),
  15761. iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT),
  15762. a, sizeof(a));
  15763. if (gcmE == BAD_FUNC_ARG) {
  15764. gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
  15765. sizeof(vector), iv, sizeof(iv)/sizeof(byte),
  15766. resultT, sizeof(resultT) + 1, a, sizeof(a));
  15767. }
  15768. if (gcmE == BAD_FUNC_ARG) {
  15769. gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
  15770. sizeof(vector), iv, sizeof(iv)/sizeof(byte),
  15771. resultT, sizeof(resultT) - 5, a, sizeof(a));
  15772. }
  15773. #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
  15774. (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \
  15775. defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
  15776. /* FIPS does not check the lower bound of ivSz */
  15777. #else
  15778. if (gcmE == BAD_FUNC_ARG) {
  15779. gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
  15780. sizeof(vector), iv, 0,
  15781. resultT, sizeof(resultT), a, sizeof(a));
  15782. }
  15783. #endif
  15784. if (gcmE == BAD_FUNC_ARG) {
  15785. gcmE = 0;
  15786. }
  15787. else {
  15788. gcmE = WOLFSSL_FATAL_ERROR;
  15789. }
  15790. }
  15791. /* This case is now considered good. Long IVs are now allowed.
  15792. * Except for the original FIPS release, it still has an upper
  15793. * bound on the IV length. */
  15794. #if (!defined(HAVE_FIPS) || \
  15795. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
  15796. !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
  15797. if (gcmE == 0) {
  15798. gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
  15799. sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT),
  15800. a, sizeof(a));
  15801. }
  15802. #else
  15803. (void)longIV;
  15804. #endif /* Old FIPS */
  15805. /* END wc_AesGcmEncrypt */
  15806. if (gcmE != 0) {
  15807. wc_AesFree(&aes);
  15808. return TEST_FAIL;
  15809. }
  15810. #ifdef HAVE_AES_DECRYPT
  15811. if (gcmD == 0) {
  15812. gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte),
  15813. iv, sizeof(iv)/sizeof(byte), resultT,
  15814. sizeof(resultT), a, sizeof(a));
  15815. if (gcmD == BAD_FUNC_ARG) {
  15816. gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte),
  15817. iv, sizeof(iv)/sizeof(byte), resultT,
  15818. sizeof(resultT), a, sizeof(a));
  15819. }
  15820. if (gcmD == BAD_FUNC_ARG) {
  15821. gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte),
  15822. iv, sizeof(iv)/sizeof(byte), resultT,
  15823. sizeof(resultT), a, sizeof(a));
  15824. }
  15825. if (gcmD == BAD_FUNC_ARG) {
  15826. gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
  15827. NULL, sizeof(iv)/sizeof(byte), resultT,
  15828. sizeof(resultT), a, sizeof(a));
  15829. }
  15830. if (gcmD == BAD_FUNC_ARG) {
  15831. gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
  15832. iv, sizeof(iv)/sizeof(byte), NULL,
  15833. sizeof(resultT), a, sizeof(a));
  15834. }
  15835. if (gcmD == BAD_FUNC_ARG) {
  15836. gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
  15837. iv, sizeof(iv)/sizeof(byte), resultT,
  15838. sizeof(resultT) + 1, a, sizeof(a));
  15839. }
  15840. #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
  15841. (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \
  15842. !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
  15843. /* FIPS does not check the lower bound of ivSz */
  15844. #else
  15845. if (gcmD == BAD_FUNC_ARG) {
  15846. gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
  15847. iv, 0, resultT,
  15848. sizeof(resultT), a, sizeof(a));
  15849. }
  15850. #endif
  15851. if (gcmD == BAD_FUNC_ARG) {
  15852. gcmD = 0;
  15853. }
  15854. else {
  15855. gcmD = WOLFSSL_FATAL_ERROR;
  15856. }
  15857. res = TEST_RES_CHECK(gcmD == 0);
  15858. } /* END wc_AesGcmDecrypt */
  15859. #endif /* HAVE_AES_DECRYPT */
  15860. wc_AesFree(&aes);
  15861. #endif
  15862. return res;
  15863. } /* END test_wc_AesGcmEncryptDecrypt */
  15864. /*
  15865. * unit test for wc_GmacSetKey()
  15866. */
  15867. static int test_wc_GmacSetKey(void)
  15868. {
  15869. int res = TEST_SKIPPED;
  15870. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  15871. Gmac gmac;
  15872. byte key16[] =
  15873. {
  15874. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15875. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  15876. };
  15877. #ifdef WOLFSSL_AES_192
  15878. byte key24[] =
  15879. {
  15880. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15881. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15882. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
  15883. };
  15884. #endif
  15885. #ifdef WOLFSSL_AES_256
  15886. byte key32[] =
  15887. {
  15888. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15889. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15890. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15891. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  15892. };
  15893. #endif
  15894. byte badKey16[] =
  15895. {
  15896. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15897. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66
  15898. };
  15899. byte badKey24[] =
  15900. {
  15901. 0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37,
  15902. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  15903. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
  15904. };
  15905. byte badKey32[] =
  15906. {
  15907. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15908. 0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66,
  15909. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  15910. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  15911. };
  15912. int ret = 0;
  15913. ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
  15914. if (ret != 0)
  15915. return ret;
  15916. #ifdef WOLFSSL_AES_128
  15917. ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte));
  15918. #endif
  15919. #ifdef WOLFSSL_AES_192
  15920. if (ret == 0) {
  15921. ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
  15922. }
  15923. #endif
  15924. #ifdef WOLFSSL_AES_256
  15925. if (ret == 0) {
  15926. ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
  15927. }
  15928. #endif
  15929. /* Pass in bad args. */
  15930. if (ret == 0) {
  15931. ret = wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte));
  15932. if (ret == BAD_FUNC_ARG) {
  15933. ret = wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte));
  15934. }
  15935. if (ret == BAD_FUNC_ARG) {
  15936. ret = wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte));
  15937. }
  15938. if (ret == BAD_FUNC_ARG) {
  15939. ret = wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte));
  15940. }
  15941. if (ret == BAD_FUNC_ARG) {
  15942. ret = wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte));
  15943. }
  15944. if (ret == BAD_FUNC_ARG) {
  15945. ret = 0;
  15946. }
  15947. else {
  15948. ret = WOLFSSL_FATAL_ERROR;
  15949. }
  15950. }
  15951. wc_AesFree(&gmac.aes);
  15952. res = TEST_RES_CHECK(ret == 0);
  15953. #endif
  15954. return res;
  15955. } /* END test_wc_GmacSetKey */
  15956. /*
  15957. * unit test for wc_GmacUpdate
  15958. */
  15959. static int test_wc_GmacUpdate(void)
  15960. {
  15961. int res = TEST_SKIPPED;
  15962. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  15963. Gmac gmac;
  15964. #ifdef WOLFSSL_AES_128
  15965. const byte key16[] =
  15966. {
  15967. 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
  15968. 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
  15969. };
  15970. #endif
  15971. #ifdef WOLFSSL_AES_192
  15972. byte key24[] =
  15973. {
  15974. 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52,
  15975. 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a,
  15976. 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0
  15977. };
  15978. #endif
  15979. #ifdef WOLFSSL_AES_256
  15980. byte key32[] =
  15981. {
  15982. 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35,
  15983. 0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00,
  15984. 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4,
  15985. 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23
  15986. };
  15987. #endif
  15988. #ifdef WOLFSSL_AES_128
  15989. const byte authIn[] =
  15990. {
  15991. 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
  15992. 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
  15993. };
  15994. #endif
  15995. #ifdef WOLFSSL_AES_192
  15996. const byte authIn2[] =
  15997. {
  15998. 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f,
  15999. 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1
  16000. };
  16001. #endif
  16002. const byte authIn3[] =
  16003. {
  16004. 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71,
  16005. 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36
  16006. };
  16007. #ifdef WOLFSSL_AES_128
  16008. const byte tag1[] = /* Known. */
  16009. {
  16010. 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
  16011. 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
  16012. };
  16013. #endif
  16014. #ifdef WOLFSSL_AES_192
  16015. const byte tag2[] = /* Known */
  16016. {
  16017. 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf,
  16018. 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05
  16019. };
  16020. #endif
  16021. const byte tag3[] = /* Known */
  16022. {
  16023. 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22,
  16024. 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76
  16025. };
  16026. #ifdef WOLFSSL_AES_128
  16027. const byte iv[] =
  16028. {
  16029. 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
  16030. 0xe2, 0x8c, 0x8f, 0x16
  16031. };
  16032. #endif
  16033. #ifdef WOLFSSL_AES_192
  16034. const byte iv2[] =
  16035. {
  16036. 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66,
  16037. 0x7e, 0x1a, 0x6f, 0xbc
  16038. };
  16039. #endif
  16040. const byte iv3[] =
  16041. {
  16042. 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93,
  16043. 0xc3, 0xfb, 0x6c, 0x8a
  16044. };
  16045. byte tagOut[16];
  16046. byte tagOut2[24];
  16047. byte tagOut3[32];
  16048. int ret = 0;
  16049. /* Init stack variables. */
  16050. XMEMSET(tagOut, 0, sizeof(tagOut));
  16051. XMEMSET(tagOut2, 0, sizeof(tagOut2));
  16052. XMEMSET(tagOut3, 0, sizeof(tagOut3));
  16053. ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
  16054. if (ret != 0)
  16055. return ret;
  16056. #ifdef WOLFSSL_AES_128
  16057. ret = wc_GmacSetKey(&gmac, key16, sizeof(key16));
  16058. if (ret == 0) {
  16059. ret = wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn),
  16060. tagOut, sizeof(tag1));
  16061. if (ret == 0) {
  16062. ret = XMEMCMP(tag1, tagOut, sizeof(tag1));
  16063. }
  16064. wc_AesFree(&gmac.aes);
  16065. }
  16066. #endif
  16067. #ifdef WOLFSSL_AES_192
  16068. if (ret == 0) {
  16069. XMEMSET(&gmac, 0, sizeof(Gmac));
  16070. ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
  16071. }
  16072. if (ret == 0) {
  16073. ret = wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2,
  16074. sizeof(authIn2), tagOut2, sizeof(tag2));
  16075. }
  16076. if (ret == 0) {
  16077. ret = XMEMCMP(tagOut2, tag2, sizeof(tag2));
  16078. wc_AesFree(&gmac.aes);
  16079. }
  16080. #endif
  16081. #ifdef WOLFSSL_AES_256
  16082. if (ret == 0) {
  16083. XMEMSET(&gmac, 0, sizeof(Gmac));
  16084. ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
  16085. }
  16086. if (ret == 0) {
  16087. ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
  16088. sizeof(authIn3), tagOut3, sizeof(tag3));
  16089. }
  16090. if (ret == 0) {
  16091. ret = XMEMCMP(tag3, tagOut3, sizeof(tag3));
  16092. }
  16093. #endif
  16094. /*Pass bad args. */
  16095. if (ret == 0) {
  16096. ret = wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3,
  16097. sizeof(authIn3), tagOut3, sizeof(tag3));
  16098. if (ret == BAD_FUNC_ARG) {
  16099. ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
  16100. sizeof(authIn3), tagOut3, sizeof(tag3) - 5);
  16101. }
  16102. if (ret == BAD_FUNC_ARG) {
  16103. ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
  16104. sizeof(authIn3), tagOut3, sizeof(tag3) + 1);
  16105. }
  16106. if (ret == BAD_FUNC_ARG) {
  16107. ret = 0;
  16108. }
  16109. else {
  16110. ret = WOLFSSL_FATAL_ERROR;
  16111. }
  16112. }
  16113. wc_AesFree(&gmac.aes);
  16114. res = TEST_RES_CHECK(ret == 0);
  16115. #endif
  16116. return res;
  16117. } /* END test_wc_GmacUpdate */
  16118. /*
  16119. * testing wc_CamelliaSetKey
  16120. */
  16121. static int test_wc_CamelliaSetKey(void)
  16122. {
  16123. int res = TEST_SKIPPED;
  16124. #ifdef HAVE_CAMELLIA
  16125. Camellia camellia;
  16126. /*128-bit key*/
  16127. static const byte key16[] =
  16128. {
  16129. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  16130. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  16131. };
  16132. /* 192-bit key */
  16133. static const byte key24[] =
  16134. {
  16135. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  16136. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  16137. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
  16138. };
  16139. /* 256-bit key */
  16140. static const byte key32[] =
  16141. {
  16142. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  16143. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  16144. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  16145. 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
  16146. };
  16147. static const byte iv[] =
  16148. {
  16149. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  16150. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  16151. };
  16152. int ret = 0;
  16153. ret = wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv);
  16154. if (ret == 0) {
  16155. ret = wc_CamelliaSetKey(&camellia, key16,
  16156. (word32)sizeof(key16), NULL);
  16157. if (ret == 0) {
  16158. ret = wc_CamelliaSetKey(&camellia, key24,
  16159. (word32)sizeof(key24), iv);
  16160. }
  16161. if (ret == 0) {
  16162. ret = wc_CamelliaSetKey(&camellia, key24,
  16163. (word32)sizeof(key24), NULL);
  16164. }
  16165. if (ret == 0) {
  16166. ret = wc_CamelliaSetKey(&camellia, key32,
  16167. (word32)sizeof(key32), iv);
  16168. }
  16169. if (ret == 0) {
  16170. ret = wc_CamelliaSetKey(&camellia, key32,
  16171. (word32)sizeof(key32), NULL);
  16172. }
  16173. }
  16174. /* Bad args. */
  16175. if (ret == 0) {
  16176. ret = wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv);
  16177. if (ret != BAD_FUNC_ARG) {
  16178. ret = WOLFSSL_FATAL_ERROR;
  16179. }
  16180. else {
  16181. ret = 0;
  16182. }
  16183. } /* END bad args. */
  16184. res = TEST_RES_CHECK(ret == 0);
  16185. #endif
  16186. return res;
  16187. } /* END test_wc_CammeliaSetKey */
  16188. /*
  16189. * Testing wc_CamelliaSetIV()
  16190. */
  16191. static int test_wc_CamelliaSetIV(void)
  16192. {
  16193. int res = TEST_SKIPPED;
  16194. #ifdef HAVE_CAMELLIA
  16195. Camellia camellia;
  16196. static const byte iv[] =
  16197. {
  16198. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  16199. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  16200. };
  16201. int ret = 0;
  16202. ret = wc_CamelliaSetIV(&camellia, iv);
  16203. if (ret == 0) {
  16204. ret = wc_CamelliaSetIV(&camellia, NULL);
  16205. }
  16206. /* Bad args. */
  16207. if (ret == 0) {
  16208. ret = wc_CamelliaSetIV(NULL, NULL);
  16209. if (ret != BAD_FUNC_ARG) {
  16210. ret = WOLFSSL_FATAL_ERROR;
  16211. }
  16212. else {
  16213. ret = 0;
  16214. }
  16215. }
  16216. res = TEST_RES_CHECK(ret == 0);
  16217. #endif
  16218. return res;
  16219. } /*END test_wc_CamelliaSetIV*/
  16220. /*
  16221. * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
  16222. */
  16223. static int test_wc_CamelliaEncryptDecryptDirect(void)
  16224. {
  16225. int res = TEST_SKIPPED;
  16226. #ifdef HAVE_CAMELLIA
  16227. Camellia camellia;
  16228. static const byte key24[] =
  16229. {
  16230. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  16231. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  16232. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
  16233. };
  16234. static const byte iv[] =
  16235. {
  16236. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  16237. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  16238. };
  16239. static const byte plainT[] =
  16240. {
  16241. 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
  16242. 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
  16243. };
  16244. byte enc[sizeof(plainT)];
  16245. byte dec[sizeof(enc)];
  16246. int camE = WOLFSSL_FATAL_ERROR;
  16247. int camD = WOLFSSL_FATAL_ERROR;
  16248. int ret = 0;
  16249. /*Init stack variables.*/
  16250. XMEMSET(enc, 0, 16);
  16251. XMEMSET(enc, 0, 16);
  16252. ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv);
  16253. if (ret == 0) {
  16254. ret = wc_CamelliaEncryptDirect(&camellia, enc, plainT);
  16255. if (ret == 0) {
  16256. ret = wc_CamelliaDecryptDirect(&camellia, dec, enc);
  16257. if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
  16258. ret = WOLFSSL_FATAL_ERROR;
  16259. }
  16260. }
  16261. }
  16262. /* Pass bad args. */
  16263. if (ret == 0) {
  16264. camE = wc_CamelliaEncryptDirect(NULL, enc, plainT);
  16265. if (camE == BAD_FUNC_ARG) {
  16266. camE = wc_CamelliaEncryptDirect(&camellia, NULL, plainT);
  16267. }
  16268. if (camE == BAD_FUNC_ARG) {
  16269. camE = wc_CamelliaEncryptDirect(&camellia, enc, NULL);
  16270. }
  16271. if (camE == BAD_FUNC_ARG) {
  16272. camE = 0;
  16273. }
  16274. else {
  16275. camE = WOLFSSL_FATAL_ERROR;
  16276. }
  16277. }
  16278. if (camE != 0) {
  16279. return TEST_FAIL;
  16280. }
  16281. if (ret == 0) {
  16282. camD = wc_CamelliaDecryptDirect(NULL, dec, enc);
  16283. if (camD == BAD_FUNC_ARG) {
  16284. camD = wc_CamelliaDecryptDirect(&camellia, NULL, enc);
  16285. }
  16286. if (camD == BAD_FUNC_ARG) {
  16287. camD = wc_CamelliaDecryptDirect(&camellia, dec, NULL);
  16288. }
  16289. if (camD == BAD_FUNC_ARG) {
  16290. camD = 0;
  16291. }
  16292. else {
  16293. camD = WOLFSSL_FATAL_ERROR;
  16294. }
  16295. }
  16296. res = TEST_RES_CHECK(camD == 0);
  16297. #endif
  16298. return res;
  16299. } /* END test-wc_CamelliaEncryptDecryptDirect */
  16300. /*
  16301. * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt
  16302. */
  16303. static int test_wc_CamelliaCbcEncryptDecrypt(void)
  16304. {
  16305. int res = TEST_SKIPPED;
  16306. #ifdef HAVE_CAMELLIA
  16307. Camellia camellia;
  16308. static const byte key24[] =
  16309. {
  16310. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  16311. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  16312. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
  16313. };
  16314. static const byte plainT[] =
  16315. {
  16316. 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
  16317. 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
  16318. };
  16319. byte enc[CAMELLIA_BLOCK_SIZE];
  16320. byte dec[CAMELLIA_BLOCK_SIZE];
  16321. int camCbcE = WOLFSSL_FATAL_ERROR;
  16322. int camCbcD = WOLFSSL_FATAL_ERROR;
  16323. int ret = 0;
  16324. /* Init stack variables. */
  16325. XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
  16326. XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
  16327. ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
  16328. if (ret == 0) {
  16329. ret = wc_CamelliaCbcEncrypt(&camellia, enc, plainT, CAMELLIA_BLOCK_SIZE);
  16330. if (ret != 0) {
  16331. ret = WOLFSSL_FATAL_ERROR;
  16332. }
  16333. }
  16334. if (ret == 0) {
  16335. ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
  16336. if (ret == 0) {
  16337. ret = wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE);
  16338. if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
  16339. ret = WOLFSSL_FATAL_ERROR;
  16340. }
  16341. }
  16342. }
  16343. /* Pass in bad args. */
  16344. if (ret == 0) {
  16345. camCbcE = wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE);
  16346. if (camCbcE == BAD_FUNC_ARG) {
  16347. camCbcE = wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
  16348. CAMELLIA_BLOCK_SIZE);
  16349. }
  16350. if (camCbcE == BAD_FUNC_ARG) {
  16351. camCbcE = wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
  16352. CAMELLIA_BLOCK_SIZE);
  16353. }
  16354. if (camCbcE == BAD_FUNC_ARG) {
  16355. camCbcE = 0;
  16356. }
  16357. else {
  16358. camCbcE = WOLFSSL_FATAL_ERROR;
  16359. }
  16360. }
  16361. if (camCbcE != 0) {
  16362. return TEST_FAIL;
  16363. }
  16364. if (ret == 0) {
  16365. camCbcD = wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE);
  16366. if (camCbcD == BAD_FUNC_ARG) {
  16367. camCbcD = wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
  16368. CAMELLIA_BLOCK_SIZE);
  16369. }
  16370. if (camCbcD == BAD_FUNC_ARG) {
  16371. camCbcD = wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
  16372. CAMELLIA_BLOCK_SIZE);
  16373. }
  16374. if (camCbcD == BAD_FUNC_ARG) {
  16375. camCbcD = 0;
  16376. }
  16377. else {
  16378. camCbcD = WOLFSSL_FATAL_ERROR;
  16379. }
  16380. } /* END bad args. */
  16381. res = TEST_RES_CHECK(camCbcD == 0);
  16382. #endif
  16383. return res;
  16384. } /* END test_wc_CamelliaCbcEncryptDecrypt */
  16385. /*
  16386. * Testing wc_Arc4SetKey()
  16387. */
  16388. static int test_wc_Arc4SetKey(void)
  16389. {
  16390. int res = TEST_SKIPPED;
  16391. #ifndef NO_RC4
  16392. Arc4 arc;
  16393. const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
  16394. int keyLen = 8;
  16395. int ret = 0;
  16396. ret = wc_Arc4SetKey(&arc, (byte*)key, keyLen);
  16397. /* Test bad args. */
  16398. if (ret == 0) {
  16399. ret = wc_Arc4SetKey(NULL, (byte*)key, keyLen);
  16400. if (ret == BAD_FUNC_ARG)
  16401. ret = wc_Arc4SetKey(&arc, NULL, keyLen); /* NULL key */
  16402. if (ret == BAD_FUNC_ARG)
  16403. ret = wc_Arc4SetKey(&arc, (byte*)key, 0); /* length == 0 */
  16404. if (ret == BAD_FUNC_ARG)
  16405. ret = WOLFSSL_ERROR_NONE;
  16406. else
  16407. ret = WOLFSSL_FATAL_ERROR;
  16408. } /* END test bad args. */
  16409. res = TEST_RES_CHECK(ret == 0);
  16410. #endif
  16411. return res;
  16412. } /* END test_wc_Arc4SetKey */
  16413. /*
  16414. * Testing wc_Arc4Process for ENC/DEC.
  16415. */
  16416. static int test_wc_Arc4Process(void)
  16417. {
  16418. int res = TEST_SKIPPED;
  16419. #ifndef NO_RC4
  16420. Arc4 enc, dec;
  16421. const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
  16422. int keyLen = 8;
  16423. const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
  16424. byte cipher[8];
  16425. byte plain[8];
  16426. int ret;
  16427. /* Init stack variables */
  16428. XMEMSET(cipher, 0, sizeof(cipher));
  16429. XMEMSET(plain, 0, sizeof(plain));
  16430. /* Use for async. */
  16431. ret = wc_Arc4Init(&enc, NULL, INVALID_DEVID);
  16432. if (ret == 0) {
  16433. ret = wc_Arc4Init(&dec, NULL, INVALID_DEVID);
  16434. }
  16435. if (ret == 0) {
  16436. ret = wc_Arc4SetKey(&enc, (byte*)key, keyLen);
  16437. }
  16438. if (ret == 0) {
  16439. ret = wc_Arc4SetKey(&dec, (byte*)key, keyLen);
  16440. }
  16441. if (ret == 0) {
  16442. ret = wc_Arc4Process(&enc, cipher, (byte*)input, keyLen);
  16443. }
  16444. if (ret == 0) {
  16445. ret = wc_Arc4Process(&dec, plain, cipher, keyLen);
  16446. if (ret != 0 || XMEMCMP(plain, input, keyLen)) {
  16447. ret = WOLFSSL_FATAL_ERROR;
  16448. }
  16449. else {
  16450. ret = 0;
  16451. }
  16452. }
  16453. /* Bad args. */
  16454. if (ret == 0) {
  16455. ret = wc_Arc4Process(NULL, plain, cipher, keyLen);
  16456. if (ret == BAD_FUNC_ARG) {
  16457. ret = wc_Arc4Process(&dec, NULL, cipher, keyLen);
  16458. }
  16459. if (ret == BAD_FUNC_ARG) {
  16460. ret = wc_Arc4Process(&dec, plain, NULL, keyLen);
  16461. }
  16462. if (ret == BAD_FUNC_ARG) {
  16463. ret = 0;
  16464. }
  16465. else {
  16466. ret = WOLFSSL_FATAL_ERROR;
  16467. }
  16468. }
  16469. wc_Arc4Free(&enc);
  16470. wc_Arc4Free(&dec);
  16471. res = TEST_RES_CHECK(ret == 0);
  16472. #endif
  16473. return res;
  16474. }/* END test_wc_Arc4Process */
  16475. /*
  16476. * Testing wc_Init RsaKey()
  16477. */
  16478. static int test_wc_InitRsaKey(void)
  16479. {
  16480. int res = TEST_SKIPPED;
  16481. #ifndef NO_RSA
  16482. RsaKey key;
  16483. int ret = 0;
  16484. ret = wc_InitRsaKey(&key, HEAP_HINT);
  16485. /* Test bad args. */
  16486. if (ret == 0) {
  16487. ret = wc_InitRsaKey(NULL, HEAP_HINT);
  16488. #ifndef HAVE_USER_RSA
  16489. if (ret == BAD_FUNC_ARG) {
  16490. ret = 0;
  16491. }
  16492. else {
  16493. #else
  16494. if (ret == USER_CRYPTO_ERROR) {
  16495. ret = 0;
  16496. }
  16497. else {
  16498. #endif
  16499. ret = WOLFSSL_FATAL_ERROR;
  16500. }
  16501. } /* end if */
  16502. if (wc_FreeRsaKey(&key) || ret != 0) {
  16503. ret = WOLFSSL_FATAL_ERROR;
  16504. }
  16505. res = TEST_RES_CHECK(ret == 0);
  16506. #endif
  16507. return res;
  16508. } /* END test_wc_InitRsaKey */
  16509. /*
  16510. * Testing wc_RsaPrivateKeyDecode()
  16511. */
  16512. static int test_wc_RsaPrivateKeyDecode(void)
  16513. {
  16514. int res = TEST_SKIPPED;
  16515. #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
  16516. || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
  16517. RsaKey key;
  16518. byte* tmp;
  16519. word32 idx = 0;
  16520. int bytes = 0;
  16521. int ret = 0;
  16522. tmp = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  16523. if (tmp == NULL) {
  16524. ret = WOLFSSL_FATAL_ERROR;
  16525. }
  16526. if (ret == 0) {
  16527. ret = wc_InitRsaKey(&key, HEAP_HINT);
  16528. }
  16529. if (ret == 0) {
  16530. #ifdef USE_CERT_BUFFERS_1024
  16531. XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
  16532. bytes = sizeof_client_key_der_1024;
  16533. #else
  16534. XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
  16535. bytes = sizeof_client_key_der_2048;
  16536. #endif /* Use cert buffers. */
  16537. ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
  16538. }
  16539. #ifndef HAVE_USER_RSA
  16540. /* Test bad args. */
  16541. if (ret == 0) {
  16542. ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
  16543. if (ret == BAD_FUNC_ARG) {
  16544. ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
  16545. }
  16546. if (ret == BAD_FUNC_ARG) {
  16547. ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
  16548. }
  16549. if (ret == BAD_FUNC_ARG) {
  16550. ret = 0;
  16551. }
  16552. else {
  16553. ret = WOLFSSL_FATAL_ERROR;
  16554. }
  16555. }
  16556. #else
  16557. /* Test bad args. User RSA. */
  16558. if (ret == 0) {
  16559. ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
  16560. if (ret == USER_CRYPTO_ERROR) {
  16561. ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
  16562. }
  16563. if (ret == USER_CRYPTO_ERROR) {
  16564. ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
  16565. }
  16566. if (ret == USER_CRYPTO_ERROR) {
  16567. ret = 0;
  16568. }
  16569. else {
  16570. ret = WOLFSSL_FATAL_ERROR;
  16571. }
  16572. }
  16573. #endif
  16574. if (tmp != NULL) {
  16575. XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  16576. }
  16577. if (wc_FreeRsaKey(&key) || ret != 0) {
  16578. ret = WOLFSSL_FATAL_ERROR;
  16579. }
  16580. res = TEST_RES_CHECK(ret == 0);
  16581. #endif
  16582. return res;
  16583. } /* END test_wc_RsaPrivateKeyDecode */
  16584. /*
  16585. * Testing wc_RsaPublicKeyDecode()
  16586. */
  16587. static int test_wc_RsaPublicKeyDecode(void)
  16588. {
  16589. int res = TEST_SKIPPED;
  16590. #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
  16591. || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
  16592. RsaKey keyPub;
  16593. byte* tmp;
  16594. word32 idx = 0;
  16595. int bytes = 0;
  16596. word32 keySz = 0;
  16597. word32 tstKeySz = 0;
  16598. int ret = 0;
  16599. #if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
  16600. XFILE f;
  16601. const char* rsaPssPubKey = "./certs/rsapss/ca-rsapss-key.der";
  16602. const char* rsaPssPubKeyNoParams = "./certs/rsapss/ca-3072-rsapss-key.der";
  16603. byte buf[4096];
  16604. #endif
  16605. tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  16606. if (tmp == NULL) {
  16607. ret = WOLFSSL_FATAL_ERROR;
  16608. }
  16609. if (ret == 0) {
  16610. ret = wc_InitRsaKey(&keyPub, HEAP_HINT);
  16611. }
  16612. if (ret == 0) {
  16613. #ifdef USE_CERT_BUFFERS_1024
  16614. XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
  16615. bytes = sizeof_client_keypub_der_1024;
  16616. keySz = 1024;
  16617. #else
  16618. XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
  16619. bytes = sizeof_client_keypub_der_2048;
  16620. keySz = 2048;
  16621. #endif
  16622. ret = wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes);
  16623. }
  16624. #ifndef HAVE_USER_RSA
  16625. /* Pass in bad args. */
  16626. if (ret == 0) {
  16627. ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
  16628. if (ret == BAD_FUNC_ARG) {
  16629. ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
  16630. }
  16631. if (ret == BAD_FUNC_ARG) {
  16632. ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
  16633. }
  16634. if (ret == BAD_FUNC_ARG) {
  16635. ret = 0;
  16636. }
  16637. else {
  16638. ret = WOLFSSL_FATAL_ERROR;
  16639. }
  16640. }
  16641. #else
  16642. /* Pass in bad args. */
  16643. if (ret == 0) {
  16644. ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
  16645. if (ret == USER_CRYPTO_ERROR) {
  16646. ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
  16647. }
  16648. if (ret == USER_CRYPTO_ERROR) {
  16649. ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
  16650. }
  16651. if (ret == USER_CRYPTO_ERROR) {
  16652. ret = 0;
  16653. }
  16654. else {
  16655. ret = WOLFSSL_FATAL_ERROR;
  16656. }
  16657. }
  16658. #endif
  16659. if (wc_FreeRsaKey(&keyPub) || ret != 0) {
  16660. ret = WOLFSSL_FATAL_ERROR;
  16661. }
  16662. if (ret == 0) {
  16663. /* Test for getting modulus key size */
  16664. idx = 0;
  16665. ret = wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL,
  16666. &tstKeySz, NULL, NULL);
  16667. ret = (ret == 0 && tstKeySz == keySz/8) ? 0 : WOLFSSL_FATAL_ERROR;
  16668. }
  16669. #if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
  16670. f = XFOPEN(rsaPssPubKey, "rb");
  16671. AssertTrue((f != XBADFILE));
  16672. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  16673. XFCLOSE(f);
  16674. idx = 0;
  16675. AssertIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL,
  16676. NULL), 0);
  16677. f = XFOPEN(rsaPssPubKeyNoParams, "rb");
  16678. AssertTrue((f != XBADFILE));
  16679. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  16680. XFCLOSE(f);
  16681. idx = 0;
  16682. AssertIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL,
  16683. NULL), 0);
  16684. #endif
  16685. if (tmp != NULL) {
  16686. XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  16687. }
  16688. res = TEST_RES_CHECK(ret == 0);
  16689. #endif
  16690. return res;
  16691. } /* END test_wc_RsaPublicKeyDecode */
  16692. /*
  16693. * Testing wc_RsaPublicKeyDecodeRaw()
  16694. */
  16695. static int test_wc_RsaPublicKeyDecodeRaw(void)
  16696. {
  16697. int res = TEST_SKIPPED;
  16698. #if !defined(NO_RSA)
  16699. RsaKey key;
  16700. const byte n = 0x23;
  16701. const byte e = 0x03;
  16702. int nSz = sizeof(n);
  16703. int eSz = sizeof(e);
  16704. int ret;
  16705. ret = wc_InitRsaKey(&key, HEAP_HINT);
  16706. if (ret == 0) {
  16707. ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key);
  16708. }
  16709. #ifndef HAVE_USER_RSA
  16710. /* Pass in bad args. */
  16711. if (ret == 0) {
  16712. ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
  16713. if (ret == BAD_FUNC_ARG) {
  16714. ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
  16715. }
  16716. if (ret == BAD_FUNC_ARG) {
  16717. ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
  16718. }
  16719. if (ret == BAD_FUNC_ARG) {
  16720. ret = 0;
  16721. }
  16722. else {
  16723. ret = WOLFSSL_FATAL_ERROR;
  16724. }
  16725. }
  16726. #else
  16727. /* Pass in bad args. User RSA. */
  16728. if (ret == 0) {
  16729. ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
  16730. if (ret == USER_CRYPTO_ERROR) {
  16731. ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
  16732. }
  16733. if (ret == USER_CRYPTO_ERROR) {
  16734. ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
  16735. }
  16736. if (ret == USER_CRYPTO_ERROR) {
  16737. ret = 0;
  16738. }
  16739. else {
  16740. ret = WOLFSSL_FATAL_ERROR;
  16741. }
  16742. }
  16743. #endif
  16744. if (wc_FreeRsaKey(&key) || ret != 0) {
  16745. ret = WOLFSSL_FATAL_ERROR;
  16746. }
  16747. res = TEST_RES_CHECK(ret == 0);
  16748. #endif
  16749. return res;
  16750. } /* END test_wc_RsaPublicKeyDecodeRaw */
  16751. #if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN)
  16752. /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
  16753. * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
  16754. * trying until it gets a probable prime. */
  16755. #ifdef HAVE_FIPS
  16756. static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng)
  16757. {
  16758. int ret;
  16759. for (;;) {
  16760. ret = wc_MakeRsaKey(key, size, e, rng);
  16761. if (ret != PRIME_GEN_E) break;
  16762. fprintf(stderr, "MakeRsaKey couldn't find prime; "
  16763. "trying again.\n");
  16764. }
  16765. return ret;
  16766. }
  16767. #define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d)
  16768. #else
  16769. #define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d)
  16770. #endif
  16771. #endif
  16772. /*
  16773. * Testing wc_MakeRsaKey()
  16774. */
  16775. static int test_wc_MakeRsaKey(void)
  16776. {
  16777. int res = TEST_SKIPPED;
  16778. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  16779. RsaKey genKey;
  16780. WC_RNG rng;
  16781. #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
  16782. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
  16783. int bits = 1024;
  16784. #else
  16785. int bits = 2048;
  16786. #endif
  16787. int ret = 0;
  16788. ret = wc_InitRsaKey(&genKey, HEAP_HINT);
  16789. if (ret == 0) {
  16790. ret = wc_InitRng(&rng);
  16791. if (ret == 0) {
  16792. ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
  16793. if (ret == 0 && wc_FreeRsaKey(&genKey) != 0) {
  16794. ret = WOLFSSL_FATAL_ERROR;
  16795. }
  16796. }
  16797. }
  16798. #ifndef HAVE_USER_RSA
  16799. /* Test bad args. */
  16800. if (ret == 0) {
  16801. ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
  16802. if (ret == BAD_FUNC_ARG) {
  16803. ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
  16804. }
  16805. if (ret == BAD_FUNC_ARG) {
  16806. /* e < 3 */
  16807. ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
  16808. }
  16809. if (ret == BAD_FUNC_ARG) {
  16810. /* e & 1 == 0 */
  16811. ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
  16812. }
  16813. if (ret == BAD_FUNC_ARG) {
  16814. ret = 0;
  16815. }
  16816. else {
  16817. ret = WOLFSSL_FATAL_ERROR;
  16818. }
  16819. }
  16820. #else
  16821. /* Test bad args. */
  16822. if (ret == 0) {
  16823. ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
  16824. if (ret == USER_CRYPTO_ERROR) {
  16825. ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
  16826. }
  16827. if (ret == USER_CRYPTO_ERROR) {
  16828. /* e < 3 */
  16829. ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
  16830. }
  16831. if (ret == USER_CRYPTO_ERROR) {
  16832. /* e & 1 == 0 */
  16833. ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
  16834. }
  16835. if (ret == USER_CRYPTO_ERROR) {
  16836. ret = 0;
  16837. }
  16838. else {
  16839. ret = WOLFSSL_FATAL_ERROR;
  16840. }
  16841. }
  16842. #endif
  16843. if (wc_FreeRng(&rng) || ret != 0) {
  16844. ret = WOLFSSL_FATAL_ERROR;
  16845. }
  16846. res = TEST_RES_CHECK(ret == 0);
  16847. #endif
  16848. return res;
  16849. } /* END test_wc_MakeRsaKey */
  16850. /*
  16851. * Test the bounds checking on the cipher text versus the key modulus.
  16852. * 1. Make a new RSA key.
  16853. * 2. Set c to 1.
  16854. * 3. Decrypt c into k. (error)
  16855. * 4. Copy the key modulus to c and sub 1 from the copy.
  16856. * 5. Decrypt c into k. (error)
  16857. * Valid bounds test cases are covered by all the other RSA tests.
  16858. */
  16859. static int test_RsaDecryptBoundsCheck(void)
  16860. {
  16861. int res = TEST_SKIPPED;
  16862. #if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \
  16863. (defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \
  16864. defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK)
  16865. WC_RNG rng;
  16866. RsaKey key;
  16867. byte flatC[256];
  16868. word32 flatCSz;
  16869. byte out[256];
  16870. word32 outSz = sizeof(out);
  16871. int ret;
  16872. XMEMSET(&rng, 0, sizeof(rng));
  16873. ret = wc_InitRng(&rng);
  16874. if (ret == 0)
  16875. ret = wc_InitRsaKey(&key, HEAP_HINT);
  16876. if (ret == 0) {
  16877. const byte* derKey;
  16878. word32 derKeySz;
  16879. word32 idx = 0;
  16880. #ifdef USE_CERT_BUFFERS_1024
  16881. derKey = server_key_der_1024;
  16882. derKeySz = (word32)sizeof_server_key_der_1024;
  16883. flatCSz = 128;
  16884. #else
  16885. derKey = server_key_der_2048;
  16886. derKeySz = (word32)sizeof_server_key_der_2048;
  16887. flatCSz = 256;
  16888. #endif
  16889. ret = wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz);
  16890. }
  16891. if (ret == 0) {
  16892. XMEMSET(flatC, 0, flatCSz);
  16893. flatC[flatCSz-1] = 1;
  16894. ret = wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
  16895. RSA_PRIVATE_DECRYPT, &rng);
  16896. if (ret == RSA_OUT_OF_RANGE_E) {
  16897. mp_int c;
  16898. mp_init_copy(&c, &key.n);
  16899. mp_sub_d(&c, 1, &c);
  16900. mp_to_unsigned_bin(&c, flatC);
  16901. ret = wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
  16902. RSA_PRIVATE_DECRYPT, NULL);
  16903. mp_clear(&c);
  16904. }
  16905. if (ret == RSA_OUT_OF_RANGE_E)
  16906. ret = 0;
  16907. else
  16908. ret = WOLFSSL_FATAL_ERROR;
  16909. }
  16910. if (wc_FreeRsaKey(&key) || wc_FreeRng(&rng) || ret != 0)
  16911. ret = WOLFSSL_FATAL_ERROR;
  16912. res = TEST_RES_CHECK(ret == 0);
  16913. #endif
  16914. return res;
  16915. } /* END test_wc_RsaDecryptBoundsCheck */
  16916. /*
  16917. * Testing wc_SetKeyUsage()
  16918. */
  16919. static int test_wc_SetKeyUsage(void)
  16920. {
  16921. int res = TEST_SKIPPED;
  16922. #if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && !defined(HAVE_FIPS)
  16923. Cert myCert;
  16924. int ret = 0;
  16925. ret = wc_InitCert(&myCert);
  16926. if (ret == 0) {
  16927. ret = wc_SetKeyUsage(&myCert, "keyEncipherment,keyAgreement");
  16928. if (ret == 0) {
  16929. ret = wc_SetKeyUsage(&myCert, "digitalSignature,nonRepudiation");
  16930. }
  16931. if (ret == 0) {
  16932. ret = wc_SetKeyUsage(&myCert, "contentCommitment,encipherOnly");
  16933. }
  16934. if (ret == 0) {
  16935. ret = wc_SetKeyUsage(&myCert, "decipherOnly");
  16936. }
  16937. if (ret == 0) {
  16938. ret = wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign");
  16939. }
  16940. }
  16941. /* Test bad args. */
  16942. if (ret == 0) {
  16943. ret = wc_SetKeyUsage(NULL, "decipherOnly");
  16944. if (ret == BAD_FUNC_ARG) {
  16945. ret = wc_SetKeyUsage(&myCert, NULL);
  16946. }
  16947. if (ret == BAD_FUNC_ARG) {
  16948. ret = wc_SetKeyUsage(&myCert, "");
  16949. }
  16950. if (ret == KEYUSAGE_E) {
  16951. ret = wc_SetKeyUsage(&myCert, ",");
  16952. }
  16953. if (ret == KEYUSAGE_E) {
  16954. ret = wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign");
  16955. }
  16956. if (ret == KEYUSAGE_E) {
  16957. ret = 0;
  16958. }
  16959. else {
  16960. ret = WOLFSSL_FATAL_ERROR;
  16961. }
  16962. }
  16963. res = TEST_RES_CHECK(ret == 0);
  16964. #endif
  16965. return res;
  16966. } /* END test_wc_SetKeyUsage */
  16967. /*
  16968. * Testing wc_CheckProbablePrime()
  16969. */
  16970. static int test_wc_CheckProbablePrime(void)
  16971. {
  16972. int res = TEST_SKIPPED;
  16973. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
  16974. !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
  16975. #define CHECK_PROBABLE_PRIME_KEY_BITS 2048
  16976. RsaKey key;
  16977. WC_RNG rng;
  16978. byte e[3];
  16979. word32 eSz = (word32)sizeof(e);
  16980. byte n[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
  16981. word32 nSz = (word32)sizeof(n);
  16982. byte d[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
  16983. word32 dSz = (word32)sizeof(d);
  16984. byte p[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
  16985. word32 pSz = (word32)sizeof(p);
  16986. byte q[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
  16987. word32 qSz = (word32)sizeof(q);
  16988. int nlen = CHECK_PROBABLE_PRIME_KEY_BITS;
  16989. int ret = 0;
  16990. int* isPrime;
  16991. int test[5];
  16992. isPrime = test;
  16993. ret = wc_InitRsaKey(&key, HEAP_HINT);
  16994. if (ret == 0) {
  16995. ret = wc_InitRng(&rng);
  16996. }
  16997. if (ret == 0) {
  16998. ret = wc_RsaSetRNG(&key, &rng);
  16999. }
  17000. if (ret == 0) {
  17001. ret = wc_MakeRsaKey(&key, CHECK_PROBABLE_PRIME_KEY_BITS, WC_RSA_EXPONENT, &rng);
  17002. }
  17003. if (ret == 0) {
  17004. PRIVATE_KEY_UNLOCK();
  17005. ret = wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz,
  17006. p, &pSz, q, &qSz);
  17007. PRIVATE_KEY_LOCK();
  17008. }
  17009. /* Bad cases */
  17010. if (ret == 0) {
  17011. ret = wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz,
  17012. nlen, isPrime);
  17013. if (ret == BAD_FUNC_ARG) {
  17014. ret = 0;
  17015. }
  17016. }
  17017. if (ret == 0) {
  17018. ret = wc_CheckProbablePrime(p, 0, q, qSz, e, eSz,
  17019. nlen, isPrime);
  17020. if (ret == BAD_FUNC_ARG) {
  17021. ret = 0;
  17022. }
  17023. }
  17024. if (ret == 0) {
  17025. ret = wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz,
  17026. nlen, isPrime);
  17027. if (ret == BAD_FUNC_ARG) {
  17028. ret = 0;
  17029. }
  17030. }
  17031. if (ret == 0) {
  17032. ret = wc_CheckProbablePrime(p, pSz, q, 0, e, eSz,
  17033. nlen, isPrime);
  17034. if (ret == BAD_FUNC_ARG) {
  17035. ret = 0;
  17036. }
  17037. }
  17038. if (ret == 0) {
  17039. ret = wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz,
  17040. nlen, isPrime);
  17041. if (ret == BAD_FUNC_ARG) {
  17042. ret = 0;
  17043. }
  17044. }
  17045. if (ret == 0) {
  17046. ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, 0,
  17047. nlen, isPrime);
  17048. if (ret == BAD_FUNC_ARG) {
  17049. ret = 0;
  17050. }
  17051. }
  17052. if (ret == 0) {
  17053. ret = wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0,
  17054. nlen, isPrime);
  17055. if (ret == BAD_FUNC_ARG) {
  17056. ret = 0;
  17057. }
  17058. }
  17059. /* Good case */
  17060. if (ret == 0) {
  17061. ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz,
  17062. nlen, isPrime);
  17063. }
  17064. wc_FreeRsaKey(&key);
  17065. wc_FreeRng(&rng);
  17066. #undef CHECK_PROBABLE_PRIME_KEY_BITS
  17067. res = TEST_RES_CHECK(ret == 0);
  17068. #endif
  17069. return res;
  17070. } /* END test_wc_CheckProbablePrime */
  17071. /*
  17072. * Testing wc_RsaPSS_Verify()
  17073. */
  17074. static int test_wc_RsaPSS_Verify(void)
  17075. {
  17076. int res = TEST_SKIPPED;
  17077. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
  17078. !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
  17079. RsaKey key;
  17080. WC_RNG rng;
  17081. int sz = 256;
  17082. byte* pt;
  17083. const char* szMessage = "This is the string to be signed";
  17084. unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
  17085. unsigned char pDecrypted[2048/8];
  17086. word32 outLen = sizeof(pDecrypted);
  17087. int ret = 0;
  17088. pt = pDecrypted;
  17089. ret = wc_InitRsaKey(&key, HEAP_HINT);
  17090. if (ret == 0) {
  17091. ret = wc_InitRng(&rng);
  17092. }
  17093. if (ret == 0) {
  17094. ret = wc_RsaSetRNG(&key, &rng);
  17095. }
  17096. if (ret == 0) {
  17097. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  17098. }
  17099. if (ret == 0) {
  17100. ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1,
  17101. pSignature, sizeof(pSignature),
  17102. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  17103. if (ret > 0) {
  17104. sz = ret;
  17105. ret = 0;
  17106. }
  17107. }
  17108. /* Bad cases */
  17109. if (ret == 0) {
  17110. ret = wc_RsaPSS_Verify(NULL, sz, pt, outLen,
  17111. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17112. if (ret == BAD_FUNC_ARG) {
  17113. ret = 0;
  17114. }
  17115. }
  17116. if (ret == 0) {
  17117. ret = wc_RsaPSS_Verify(pSignature, 0, pt, outLen,
  17118. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17119. if (ret == BAD_FUNC_ARG) {
  17120. ret = 0;
  17121. }
  17122. }
  17123. if (ret == 0) {
  17124. ret = wc_RsaPSS_Verify(pSignature, sz, NULL, outLen,
  17125. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17126. if (ret == BAD_FUNC_ARG) {
  17127. ret = 0;
  17128. }
  17129. }
  17130. if (ret == 0) {
  17131. ret = wc_RsaPSS_Verify(NULL, 0, NULL, outLen,
  17132. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17133. if (ret == BAD_FUNC_ARG) {
  17134. ret = 0;
  17135. }
  17136. }
  17137. /* Good case */
  17138. if (ret == 0) {
  17139. ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
  17140. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17141. if (ret > 0) {
  17142. ret = 0;
  17143. }
  17144. }
  17145. wc_FreeRsaKey(&key);
  17146. wc_FreeRng(&rng);
  17147. res = TEST_RES_CHECK(ret == 0);
  17148. #endif
  17149. return res;
  17150. } /* END test_wc_RsaPSS_Verify */
  17151. /*
  17152. * Testing wc_RsaPSS_VerifyCheck()
  17153. */
  17154. static int test_wc_RsaPSS_VerifyCheck(void)
  17155. {
  17156. int res = TEST_SKIPPED;
  17157. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
  17158. !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
  17159. RsaKey key;
  17160. WC_RNG rng;
  17161. int sz = 256; /* 2048/8 */
  17162. byte* pt;
  17163. byte digest[32];
  17164. word32 digestSz = sizeof(digest);
  17165. unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
  17166. word32 pSignatureSz = sizeof(pSignature);
  17167. unsigned char pDecrypted[2048/8];
  17168. word32 outLen = sizeof(pDecrypted);
  17169. int ret = 0;
  17170. pt = pDecrypted;
  17171. XMEMSET(digest, 0, sizeof(digest));
  17172. XMEMSET(pSignature, 0, sizeof(pSignature));
  17173. ret = wc_InitRsaKey(&key, HEAP_HINT);
  17174. if (ret == 0) {
  17175. ret = wc_InitRng(&rng);
  17176. }
  17177. if (ret == 0) {
  17178. ret = wc_RsaSetRNG(&key, &rng);
  17179. }
  17180. if (ret == 0) {
  17181. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  17182. }
  17183. if (ret == 0) {
  17184. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  17185. ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz);
  17186. }
  17187. if (ret == 0) {
  17188. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  17189. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  17190. if (ret > 0) {
  17191. sz = ret;
  17192. ret = 0;
  17193. }
  17194. }
  17195. /* Bad cases */
  17196. if (ret == 0) {
  17197. ret = wc_RsaPSS_VerifyCheck(NULL, sz, pt, outLen,
  17198. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17199. if (ret == BAD_FUNC_ARG) {
  17200. ret = 0;
  17201. }
  17202. }
  17203. if (ret == 0) {
  17204. ret = wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen,
  17205. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17206. if (ret == BAD_FUNC_ARG) {
  17207. ret = 0;
  17208. }
  17209. }
  17210. if (ret == 0) {
  17211. ret = wc_RsaPSS_VerifyCheck(pSignature, sz, NULL, outLen,
  17212. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17213. if (ret == BAD_FUNC_ARG) {
  17214. ret = 0;
  17215. }
  17216. }
  17217. if (ret == 0) {
  17218. ret = wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen,
  17219. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17220. if (ret == BAD_FUNC_ARG) {
  17221. ret = 0;
  17222. }
  17223. }
  17224. /* Good case */
  17225. if (ret == 0) {
  17226. ret = wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen,
  17227. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17228. if (ret > 0) {
  17229. ret = 0;
  17230. }
  17231. }
  17232. wc_FreeRsaKey(&key);
  17233. wc_FreeRng(&rng);
  17234. res = TEST_RES_CHECK(ret == 0);
  17235. #endif
  17236. return res;
  17237. } /* END test_wc_RsaPSS_VerifyCheck */
  17238. /*
  17239. * Testing wc_RsaPSS_VerifyCheckInline()
  17240. */
  17241. static int test_wc_RsaPSS_VerifyCheckInline(void)
  17242. {
  17243. int res = TEST_SKIPPED;
  17244. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
  17245. !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
  17246. RsaKey key;
  17247. WC_RNG rng;
  17248. int sz = 256;
  17249. byte* pt;
  17250. byte digest[32];
  17251. word32 digestSz = sizeof(digest);
  17252. unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
  17253. unsigned char pDecrypted[2048/8];
  17254. int ret;
  17255. pt = pDecrypted;
  17256. ret = wc_InitRsaKey(&key, HEAP_HINT);
  17257. XMEMSET(digest, 0, sizeof(digest));
  17258. XMEMSET(pSignature, 0, sizeof(pSignature));
  17259. if (ret == 0) {
  17260. ret = wc_InitRng(&rng);
  17261. }
  17262. if (ret == 0) {
  17263. ret = wc_RsaSetRNG(&key, &rng);
  17264. }
  17265. if (ret == 0) {
  17266. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  17267. }
  17268. if (ret == 0) {
  17269. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  17270. ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz);
  17271. }
  17272. if (ret == 0) {
  17273. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature),
  17274. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  17275. if (ret > 0) {
  17276. sz = ret;
  17277. ret = 0;
  17278. }
  17279. }
  17280. /* Bad Cases */
  17281. if (ret == 0) {
  17282. ret = wc_RsaPSS_VerifyCheckInline(NULL, sz, &pt,
  17283. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17284. if (ret == BAD_FUNC_ARG) {
  17285. ret = 0;
  17286. }
  17287. }
  17288. if (ret == 0) {
  17289. ret = wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL,
  17290. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17291. if (ret == BAD_FUNC_ARG) {
  17292. ret = 0;
  17293. }
  17294. }
  17295. if (ret == 0) {
  17296. ret = wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt,
  17297. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17298. if (ret == BAD_FUNC_ARG) {
  17299. ret = 0;
  17300. }
  17301. }
  17302. if (ret == 0) {
  17303. ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt,
  17304. digest, digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key);
  17305. if (ret == BAD_FUNC_ARG) {
  17306. ret = 0;
  17307. }
  17308. }
  17309. /* Good case */
  17310. if (ret == 0) {
  17311. ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt,
  17312. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  17313. if (ret > 0) {
  17314. ret = 0;
  17315. }
  17316. }
  17317. wc_FreeRsaKey(&key);
  17318. wc_FreeRng(&rng);
  17319. res = TEST_RES_CHECK(ret == 0);
  17320. #endif
  17321. return res;
  17322. } /* END test_wc_RsaPSS_VerifyCheckInline */
  17323. #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
  17324. static void sample_mutex_cb (int flag, int type, const char* file, int line)
  17325. {
  17326. (void)flag;
  17327. (void)type;
  17328. (void)file;
  17329. (void)line;
  17330. }
  17331. #endif
  17332. /*
  17333. * Testing wc_LockMutex_ex
  17334. */
  17335. static int test_wc_LockMutex_ex(void)
  17336. {
  17337. int res = TEST_SKIPPED;
  17338. #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
  17339. int ret = 0;
  17340. int flag = CRYPTO_LOCK;
  17341. int type = 0;
  17342. const char* file = "./test-LockMutex_ex.txt";
  17343. int line = 0;
  17344. /* without SetMutexCb */
  17345. ret = wc_LockMutex_ex(flag, type, file, line);
  17346. if (ret == BAD_STATE_E) {
  17347. ret = 0;
  17348. }
  17349. /* with SetMutexCb */
  17350. if (ret == 0) {
  17351. ret = wc_SetMutexCb(sample_mutex_cb);
  17352. if (ret == 0) {
  17353. ret = wc_LockMutex_ex(flag, type, file, line);
  17354. }
  17355. }
  17356. res = TEST_RES_CHECK(ret == 0);
  17357. #endif
  17358. return res;
  17359. }/*End test_wc_LockMutex_ex*/
  17360. /*
  17361. * Testing wc_SetMutexCb
  17362. */
  17363. static int test_wc_SetMutexCb(void)
  17364. {
  17365. int res = TEST_SKIPPED;
  17366. #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
  17367. int ret = wc_SetMutexCb(sample_mutex_cb);
  17368. res = TEST_RES_CHECK(ret == 0);
  17369. #endif
  17370. return res;
  17371. }/*End test_wc_SetMutexCb*/
  17372. /*
  17373. * Testing wc_RsaKeyToDer()
  17374. */
  17375. static int test_wc_RsaKeyToDer(void)
  17376. {
  17377. int res = TEST_SKIPPED;
  17378. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  17379. RsaKey genKey;
  17380. WC_RNG rng;
  17381. byte* der;
  17382. int ret = 0;
  17383. #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
  17384. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
  17385. int bits = 1024;
  17386. word32 derSz = 611;
  17387. /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
  17388. + 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */
  17389. #else
  17390. int bits = 2048;
  17391. word32 derSz = 1196;
  17392. /* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00)
  17393. + 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */
  17394. #endif
  17395. XMEMSET(&rng, 0, sizeof(rng));
  17396. XMEMSET(&genKey, 0, sizeof(genKey));
  17397. der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  17398. if (der == NULL) {
  17399. ret = WOLFSSL_FATAL_ERROR;
  17400. }
  17401. /* Init structures. */
  17402. if (ret == 0) {
  17403. ret = wc_InitRsaKey(&genKey, HEAP_HINT);
  17404. }
  17405. if (ret == 0) {
  17406. ret = wc_InitRng(&rng);
  17407. }
  17408. /* Make key. */
  17409. if (ret == 0) {
  17410. ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
  17411. if (ret != 0) {
  17412. ret = WOLFSSL_FATAL_ERROR;
  17413. }
  17414. }
  17415. if (ret == 0) {
  17416. ret = wc_RsaKeyToDer(&genKey, der, derSz);
  17417. if (ret > 0) {
  17418. ret = 0;
  17419. }
  17420. else {
  17421. ret = WOLFSSL_FATAL_ERROR;
  17422. }
  17423. }
  17424. #ifndef HAVE_USER_RSA
  17425. /* Pass good/bad args. */
  17426. if (ret == 0) {
  17427. ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
  17428. if (ret == BAD_FUNC_ARG) {
  17429. /* Get just the output length */
  17430. ret = wc_RsaKeyToDer(&genKey, NULL, 0);
  17431. }
  17432. if (ret > 0) {
  17433. /* Try Public Key. */
  17434. genKey.type = 0;
  17435. ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
  17436. #ifdef WOLFSSL_CHECK_MEM_ZERO
  17437. /* Put back to Private Key */
  17438. genKey.type = 1;
  17439. #endif
  17440. }
  17441. if (ret == BAD_FUNC_ARG) {
  17442. ret = 0;
  17443. }
  17444. else {
  17445. ret = WOLFSSL_FATAL_ERROR;
  17446. }
  17447. }
  17448. #else
  17449. /* Pass good/bad args. */
  17450. if (ret == 0) {
  17451. ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
  17452. if (ret == USER_CRYPTO_ERROR) {
  17453. /* Get just the output length */
  17454. ret = wc_RsaKeyToDer(&genKey, NULL, 0);
  17455. }
  17456. if (ret > 0) {
  17457. /* Try Public Key. */
  17458. genKey.type = 0;
  17459. ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
  17460. #ifdef WOLFSSL_CHECK_MEM_ZERO
  17461. /* Put back to Private Key */
  17462. genKey.type = 1;
  17463. #endif
  17464. }
  17465. if (ret == USER_CRYPTO_ERROR) {
  17466. ret = 0;
  17467. }
  17468. else {
  17469. ret = WOLFSSL_FATAL_ERROR;
  17470. }
  17471. }
  17472. #endif
  17473. if (der != NULL) {
  17474. XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  17475. }
  17476. if (wc_FreeRsaKey(&genKey) || ret != 0) {
  17477. ret = WOLFSSL_FATAL_ERROR;
  17478. }
  17479. if (wc_FreeRng(&rng) || ret != 0) {
  17480. ret = WOLFSSL_FATAL_ERROR;
  17481. }
  17482. res = TEST_RES_CHECK(ret == 0);
  17483. #endif
  17484. return res;
  17485. } /* END test_wc_RsaKeyToDer */
  17486. /*
  17487. * Testing wc_RsaKeyToPublicDer()
  17488. */
  17489. static int test_wc_RsaKeyToPublicDer(void)
  17490. {
  17491. int res = TEST_SKIPPED;
  17492. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  17493. RsaKey key;
  17494. WC_RNG rng;
  17495. byte* der;
  17496. int ret = 0;
  17497. #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
  17498. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
  17499. int bits = 1024;
  17500. word32 derLen = 162;
  17501. #else
  17502. int bits = 2048;
  17503. word32 derLen = 294;
  17504. #endif
  17505. XMEMSET(&rng, 0, sizeof(rng));
  17506. XMEMSET(&key, 0, sizeof(key));
  17507. der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  17508. if (der == NULL) {
  17509. ret = WOLFSSL_FATAL_ERROR;
  17510. }
  17511. if (ret == 0) {
  17512. ret = wc_InitRsaKey(&key, HEAP_HINT);
  17513. }
  17514. if (ret == 0) {
  17515. ret = wc_InitRng(&rng);
  17516. }
  17517. if (ret == 0) {
  17518. ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
  17519. }
  17520. if (ret == 0) {
  17521. /* test getting size only */
  17522. ret = wc_RsaKeyToPublicDer(&key, NULL, derLen);
  17523. if (ret >= 0)
  17524. ret = 0;
  17525. }
  17526. if (ret == 0) {
  17527. ret = wc_RsaKeyToPublicDer(&key, der, derLen);
  17528. if (ret >= 0) {
  17529. ret = 0;
  17530. }
  17531. else {
  17532. ret = WOLFSSL_FATAL_ERROR;
  17533. }
  17534. }
  17535. if (ret == 0) {
  17536. /* test getting size only */
  17537. ret = wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0);
  17538. if (ret >= 0)
  17539. ret = 0;
  17540. }
  17541. if (ret == 0) {
  17542. ret = wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0);
  17543. if (ret >= 0) {
  17544. ret = 0;
  17545. }
  17546. else {
  17547. ret = WOLFSSL_FATAL_ERROR;
  17548. }
  17549. }
  17550. #ifndef HAVE_USER_RSA
  17551. /* Pass in bad args. */
  17552. if (ret == 0) {
  17553. ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
  17554. if (ret == BAD_FUNC_ARG) {
  17555. ret = wc_RsaKeyToPublicDer(&key, der, -1);
  17556. }
  17557. if (ret == BUFFER_E || ret == BAD_FUNC_ARG) {
  17558. ret = 0;
  17559. }
  17560. else {
  17561. ret = WOLFSSL_FATAL_ERROR;
  17562. }
  17563. }
  17564. #else
  17565. /* Pass in bad args. */
  17566. if (ret == 0) {
  17567. ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
  17568. if (ret == USER_CRYPTO_ERROR) {
  17569. ret = wc_RsaKeyToPublicDer(&key, der, -1);
  17570. }
  17571. if (ret == USER_CRYPTO_ERROR) {
  17572. ret = 0;
  17573. }
  17574. else {
  17575. ret = WOLFSSL_FATAL_ERROR;
  17576. }
  17577. }
  17578. #endif
  17579. if (der != NULL) {
  17580. XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  17581. }
  17582. if (wc_FreeRsaKey(&key) || ret != 0) {
  17583. ret = WOLFSSL_FATAL_ERROR;
  17584. }
  17585. if (wc_FreeRng(&rng) || ret != 0) {
  17586. ret = WOLFSSL_FATAL_ERROR;
  17587. }
  17588. res = TEST_RES_CHECK(ret == 0);
  17589. #endif
  17590. return res;
  17591. } /* END test_wc_RsaKeyToPublicDer */
  17592. /*
  17593. * Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt()
  17594. */
  17595. static int test_wc_RsaPublicEncryptDecrypt(void)
  17596. {
  17597. int res = TEST_SKIPPED;
  17598. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  17599. RsaKey key;
  17600. WC_RNG rng;
  17601. int ret = 0;
  17602. const char inStr[] = TEST_STRING;
  17603. const word32 plainLen = (word32)TEST_STRING_SZ;
  17604. const word32 inLen = (word32)TEST_STRING_SZ;
  17605. int bits = TEST_RSA_BITS;
  17606. const word32 cipherLen = TEST_RSA_BYTES;
  17607. word32 cipherLenResult = cipherLen;
  17608. WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
  17609. WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
  17610. WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
  17611. #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
  17612. if (in == NULL || plain == NULL || cipher == NULL) {
  17613. fprintf(stderr, "test_wc_RsaPublicEncryptDecrypt malloc failed\n");
  17614. return MEMORY_E;
  17615. }
  17616. #endif
  17617. XMEMCPY(in, inStr, inLen);
  17618. ret = wc_InitRsaKey(&key, HEAP_HINT);
  17619. if (ret == 0) {
  17620. ret = wc_InitRng(&rng);
  17621. }
  17622. if (ret == 0) {
  17623. ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
  17624. }
  17625. /* Encrypt. */
  17626. if (ret == 0) {
  17627. ret = wc_RsaPublicEncrypt(in, inLen, cipher, cipherLen, &key, &rng);
  17628. if (ret >= 0) {
  17629. cipherLenResult = ret;
  17630. ret = 0;
  17631. }
  17632. else {
  17633. ret = WOLFSSL_FATAL_ERROR;
  17634. }
  17635. }
  17636. /* Pass bad args. */
  17637. /* Tests PsaPublicEncryptEx() which, is tested by another fn. No need dup.*/
  17638. if (ret != 0) {
  17639. return TEST_FAIL;
  17640. }
  17641. /* Decrypt */
  17642. #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
  17643. /* Bind rng */
  17644. if (ret == 0) {
  17645. ret = wc_RsaSetRNG(&key, &rng);
  17646. }
  17647. #endif
  17648. if (ret == 0) {
  17649. ret = wc_RsaPrivateDecrypt(cipher, cipherLenResult, plain, plainLen, &key);
  17650. }
  17651. if (ret >= 0) {
  17652. ret = XMEMCMP(plain, inStr, plainLen);
  17653. }
  17654. /* Pass in bad args. */
  17655. /* Tests RsaPrivateDecryptEx() which, is tested by another fn. No need dup.*/
  17656. WC_FREE_VAR(in, NULL);
  17657. WC_FREE_VAR(plain, NULL);
  17658. WC_FREE_VAR(cipher, NULL);
  17659. if (wc_FreeRsaKey(&key) || ret != 0) {
  17660. ret = WOLFSSL_FATAL_ERROR;
  17661. }
  17662. if (wc_FreeRng(&rng) || ret != 0) {
  17663. ret = WOLFSSL_FATAL_ERROR;
  17664. }
  17665. res = TEST_RES_CHECK(ret == 0);
  17666. #endif
  17667. return res;
  17668. } /* END test_wc_RsaPublicEncryptDecrypt */
  17669. /*
  17670. * Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex()
  17671. */
  17672. static int test_wc_RsaPublicEncryptDecrypt_ex(void)
  17673. {
  17674. int result = TEST_SKIPPED;
  17675. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
  17676. && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
  17677. && !defined(NO_SHA256)
  17678. RsaKey key;
  17679. WC_RNG rng;
  17680. int ret;
  17681. const char inStr[] = TEST_STRING;
  17682. const word32 inLen = (word32)TEST_STRING_SZ;
  17683. const word32 plainSz = (word32)TEST_STRING_SZ;
  17684. byte* res = NULL;
  17685. int idx = 0;
  17686. int bits = TEST_RSA_BITS;
  17687. const word32 cipherSz = TEST_RSA_BYTES;
  17688. WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
  17689. WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
  17690. WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
  17691. #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
  17692. if (in == NULL || plain == NULL || cipher == NULL) {
  17693. fprintf(stderr, "test_wc_RsaPublicEncryptDecrypt_exmalloc failed\n");
  17694. return TEST_FAIL;
  17695. }
  17696. #endif
  17697. XMEMCPY(in, inStr, inLen);
  17698. /* Initialize stack structures. */
  17699. XMEMSET(&rng, 0, sizeof(rng));
  17700. XMEMSET(&key, 0, sizeof(key));
  17701. ret = wc_InitRsaKey_ex(&key, HEAP_HINT, INVALID_DEVID);
  17702. if (ret == 0) {
  17703. ret = wc_InitRng(&rng);
  17704. }
  17705. if (ret == 0) {
  17706. ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
  17707. }
  17708. /* Encrypt */
  17709. if (ret == 0) {
  17710. ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng,
  17711. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  17712. if (ret >= 0) {
  17713. idx = ret;
  17714. ret = 0;
  17715. }
  17716. else {
  17717. ret = WOLFSSL_FATAL_ERROR;
  17718. }
  17719. }
  17720. /* Pass bad args. */
  17721. /* Tests RsaPublicEncryptEx again. No need duplicate. */
  17722. if (ret != 0) {
  17723. return TEST_FAIL;
  17724. }
  17725. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  17726. /* Decrypt */
  17727. #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
  17728. if (ret == 0) {
  17729. ret = wc_RsaSetRNG(&key, &rng);
  17730. }
  17731. #endif
  17732. if (ret == 0) {
  17733. ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx,
  17734. plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256,
  17735. WC_MGF1SHA256, NULL, 0);
  17736. }
  17737. if (ret >= 0) {
  17738. if (!XMEMCMP(plain, inStr, plainSz)) {
  17739. ret = 0;
  17740. }
  17741. else {
  17742. ret = WOLFSSL_FATAL_ERROR;
  17743. }
  17744. }
  17745. /*Pass bad args.*/
  17746. /* Tests RsaPrivateDecryptEx() again. No need duplicate. */
  17747. if (ret != 0) {
  17748. return TEST_FAIL;
  17749. }
  17750. if (ret == 0) {
  17751. ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx,
  17752. &res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256,
  17753. WC_MGF1SHA256, NULL, 0);
  17754. if (ret >= 0) {
  17755. if (!XMEMCMP(inStr, res, plainSz)) {
  17756. ret = 0;
  17757. }
  17758. else {
  17759. ret = WOLFSSL_FATAL_ERROR;
  17760. }
  17761. }
  17762. }
  17763. #endif
  17764. WC_FREE_VAR(in, NULL);
  17765. WC_FREE_VAR(plain, NULL);
  17766. WC_FREE_VAR(cipher, NULL);
  17767. if (wc_FreeRsaKey(&key) || ret != 0) {
  17768. ret = WOLFSSL_FATAL_ERROR;
  17769. }
  17770. if (wc_FreeRng(&rng) || ret != 0) {
  17771. ret = WOLFSSL_FATAL_ERROR;
  17772. }
  17773. result = TEST_RES_CHECK(ret == 0);
  17774. #endif
  17775. return result;
  17776. } /* END test_wc_RsaPublicEncryptDecrypt_ex */
  17777. /*
  17778. * Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify()
  17779. */
  17780. static int test_wc_RsaSSL_SignVerify(void)
  17781. {
  17782. int res = TEST_SKIPPED;
  17783. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  17784. RsaKey key;
  17785. WC_RNG rng;
  17786. int ret = 0;
  17787. const char inStr[] = TEST_STRING;
  17788. const word32 plainSz = (word32)TEST_STRING_SZ;
  17789. const word32 inLen = (word32)TEST_STRING_SZ;
  17790. word32 idx = 0;
  17791. int bits = TEST_RSA_BITS;
  17792. const word32 outSz = TEST_RSA_BYTES;
  17793. WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
  17794. WC_DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL);
  17795. WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
  17796. #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
  17797. if (in == NULL || out == NULL || plain == NULL) {
  17798. fprintf(stderr, "test_wc_RsaSSL_SignVerify failed\n");
  17799. return TEST_FAIL;
  17800. }
  17801. #endif
  17802. XMEMCPY(in, inStr, inLen);
  17803. ret = wc_InitRsaKey(&key, HEAP_HINT);
  17804. if (ret == 0) {
  17805. ret = wc_InitRng(&rng);
  17806. }
  17807. if (ret == 0) {
  17808. ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
  17809. }
  17810. /* Sign. */
  17811. if (ret == 0) {
  17812. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng);
  17813. if (ret == (int)outSz) {
  17814. idx = ret;
  17815. ret = 0;
  17816. }
  17817. else {
  17818. ret = WOLFSSL_FATAL_ERROR;
  17819. }
  17820. }
  17821. #ifndef HAVE_USER_RSA
  17822. /* Test bad args. */
  17823. if (ret == 0) {
  17824. ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
  17825. if (ret == BAD_FUNC_ARG) {
  17826. ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
  17827. }
  17828. if (ret == BAD_FUNC_ARG) {
  17829. ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
  17830. }
  17831. if (ret == BAD_FUNC_ARG) {
  17832. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
  17833. }
  17834. if (ret == BAD_FUNC_ARG) {
  17835. ret = 0;
  17836. }
  17837. else {
  17838. ret = WOLFSSL_FATAL_ERROR;
  17839. }
  17840. }
  17841. #else
  17842. /* Test bad args. */
  17843. if (ret == 0) {
  17844. ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
  17845. if (ret == USER_CRYPTO_ERROR) {
  17846. ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
  17847. }
  17848. if (ret == USER_CRYPTO_ERROR) {
  17849. ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
  17850. }
  17851. if (ret == USER_CRYPTO_ERROR) {
  17852. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
  17853. }
  17854. if (ret == USER_CRYPTO_ERROR) {
  17855. ret = 0;
  17856. }
  17857. else {
  17858. ret = WOLFSSL_FATAL_ERROR;
  17859. }
  17860. }
  17861. #endif
  17862. if (ret != 0) {
  17863. return TEST_FAIL;
  17864. }
  17865. /* Verify. */
  17866. ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key);
  17867. if (ret == (int)inLen) {
  17868. ret = 0;
  17869. }
  17870. else {
  17871. ret = WOLFSSL_FATAL_ERROR;
  17872. }
  17873. #ifndef HAVE_USER_RSA
  17874. /* Pass bad args. */
  17875. if (ret == 0) {
  17876. ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
  17877. if (ret == BAD_FUNC_ARG) {
  17878. ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
  17879. }
  17880. if (ret == BAD_FUNC_ARG) {
  17881. ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
  17882. }
  17883. if (ret == BAD_FUNC_ARG) {
  17884. ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
  17885. }
  17886. if (ret == BAD_FUNC_ARG) {
  17887. ret = 0;
  17888. }
  17889. else {
  17890. ret = WOLFSSL_FATAL_ERROR;
  17891. }
  17892. }
  17893. #else
  17894. /* Pass bad args. */
  17895. if (ret == 0) {
  17896. ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
  17897. if (ret == USER_CRYPTO_ERROR) {
  17898. ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
  17899. }
  17900. if (ret == USER_CRYPTO_ERROR) {
  17901. ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
  17902. }
  17903. if (ret == USER_CRYPTO_ERROR) {
  17904. ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
  17905. }
  17906. if (ret == USER_CRYPTO_ERROR) {
  17907. ret = 0;
  17908. }
  17909. else {
  17910. ret = WOLFSSL_FATAL_ERROR;
  17911. }
  17912. }
  17913. #endif
  17914. WC_FREE_VAR(in, NULL);
  17915. WC_FREE_VAR(out, NULL);
  17916. WC_FREE_VAR(plain, NULL);
  17917. if (wc_FreeRsaKey(&key) || ret != 0) {
  17918. ret = WOLFSSL_FATAL_ERROR;
  17919. }
  17920. if (wc_FreeRng(&rng) || ret != 0) {
  17921. ret = WOLFSSL_FATAL_ERROR;
  17922. }
  17923. res = TEST_RES_CHECK(ret == 0);
  17924. #endif
  17925. return res;
  17926. } /* END test_wc_RsaSSL_SignVerify */
  17927. /*
  17928. * Testing wc_RsaEncryptSize()
  17929. */
  17930. static int test_wc_RsaEncryptSize(void)
  17931. {
  17932. int res = TEST_SKIPPED;
  17933. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  17934. RsaKey key;
  17935. WC_RNG rng;
  17936. int ret;
  17937. ret = wc_InitRsaKey(&key, HEAP_HINT);
  17938. if (ret == 0) {
  17939. ret = wc_InitRng(&rng);
  17940. }
  17941. #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
  17942. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
  17943. if (ret == 0) {
  17944. ret = MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng);
  17945. if (ret == 0) {
  17946. ret = wc_RsaEncryptSize(&key);
  17947. }
  17948. if (ret == 128) {
  17949. ret = 0;
  17950. }
  17951. else {
  17952. ret = WOLFSSL_FATAL_ERROR;
  17953. }
  17954. }
  17955. if (wc_FreeRsaKey(&key) || ret != 0) {
  17956. ret = WOLFSSL_FATAL_ERROR;
  17957. }
  17958. else {
  17959. ret = 0;
  17960. }
  17961. #endif
  17962. if (ret == 0) {
  17963. ret = MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng);
  17964. if (ret == 0) {
  17965. ret = wc_RsaEncryptSize(&key);
  17966. }
  17967. if (ret == 256) {
  17968. ret = 0;
  17969. }
  17970. else {
  17971. ret = WOLFSSL_FATAL_ERROR;
  17972. }
  17973. }
  17974. /* Pass in bad arg. */
  17975. if (ret == 0) {
  17976. ret = wc_RsaEncryptSize(NULL);
  17977. #ifndef HAVE_USER_RSA
  17978. if (ret == BAD_FUNC_ARG) {
  17979. ret = 0;
  17980. }
  17981. else {
  17982. ret = WOLFSSL_FATAL_ERROR;
  17983. }
  17984. #endif
  17985. }
  17986. if (wc_FreeRsaKey(&key) || ret != 0) {
  17987. ret = WOLFSSL_FATAL_ERROR;
  17988. }
  17989. if (wc_FreeRng(&rng) || ret != 0) {
  17990. ret = WOLFSSL_FATAL_ERROR;
  17991. }
  17992. res = TEST_RES_CHECK(ret == 0);
  17993. #endif
  17994. return res;
  17995. } /* END test_wc_RsaEncryptSize*/
  17996. /*
  17997. * Testing wc_RsaFlattenPublicKey()
  17998. */
  17999. static int test_wc_RsaFlattenPublicKey(void)
  18000. {
  18001. int res = TEST_SKIPPED;
  18002. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  18003. RsaKey key;
  18004. WC_RNG rng;
  18005. int ret = 0;
  18006. byte e[256];
  18007. byte n[256];
  18008. word32 eSz = sizeof(e);
  18009. word32 nSz = sizeof(n);
  18010. #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
  18011. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
  18012. int bits = 1024;
  18013. #else
  18014. int bits = 2048;
  18015. #endif
  18016. ret = wc_InitRsaKey(&key, HEAP_HINT);
  18017. if (ret == 0) {
  18018. ret = wc_InitRng(&rng);
  18019. }
  18020. if (ret == 0) {
  18021. ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
  18022. if (ret >= 0) {
  18023. ret = 0;
  18024. }
  18025. else {
  18026. ret = WOLFSSL_FATAL_ERROR;
  18027. }
  18028. }
  18029. if (ret == 0) {
  18030. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz);
  18031. }
  18032. #ifndef HAVE_USER_RSA
  18033. /* Pass bad args. */
  18034. if (ret == 0) {
  18035. ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
  18036. if (ret == BAD_FUNC_ARG) {
  18037. ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
  18038. }
  18039. if (ret == BAD_FUNC_ARG) {
  18040. ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
  18041. }
  18042. if (ret == BAD_FUNC_ARG) {
  18043. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
  18044. }
  18045. if (ret == BAD_FUNC_ARG) {
  18046. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
  18047. }
  18048. if (ret == BAD_FUNC_ARG) {
  18049. ret = 0;
  18050. }
  18051. else {
  18052. ret = WOLFSSL_FATAL_ERROR;
  18053. }
  18054. }
  18055. #else
  18056. /* Pass bad args. */
  18057. if (ret == 0) {
  18058. ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
  18059. if (ret == USER_CRYPTO_ERROR) {
  18060. ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
  18061. }
  18062. if (ret == USER_CRYPTO_ERROR) {
  18063. ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
  18064. }
  18065. if (ret == USER_CRYPTO_ERROR) {
  18066. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
  18067. }
  18068. if (ret == USER_CRYPTO_ERROR) {
  18069. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
  18070. }
  18071. if (ret == USER_CRYPTO_ERROR) {
  18072. ret = 0;
  18073. }
  18074. else {
  18075. ret = WOLFSSL_FATAL_ERROR;
  18076. }
  18077. }
  18078. #endif
  18079. if (wc_FreeRsaKey(&key) || ret != 0) {
  18080. ret = WOLFSSL_FATAL_ERROR;
  18081. }
  18082. if (wc_FreeRng(&rng) || ret != 0) {
  18083. ret = WOLFSSL_FATAL_ERROR;
  18084. }
  18085. res = TEST_RES_CHECK(ret == 0);
  18086. #endif
  18087. return res;
  18088. } /* END test_wc_RsaFlattenPublicKey */
  18089. /*
  18090. * unit test for wc_AesCcmSetKey
  18091. */
  18092. static int test_wc_AesCcmSetKey(void)
  18093. {
  18094. int res = TEST_SKIPPED;
  18095. #ifdef HAVE_AESCCM
  18096. Aes aes;
  18097. int ret = 0;
  18098. const byte key16[] =
  18099. {
  18100. 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
  18101. 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
  18102. };
  18103. const byte key24[] =
  18104. {
  18105. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  18106. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  18107. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
  18108. };
  18109. const byte key32[] =
  18110. {
  18111. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  18112. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  18113. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  18114. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  18115. };
  18116. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  18117. if (ret != 0)
  18118. return ret;
  18119. #ifdef WOLFSSL_AES_128
  18120. ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
  18121. #endif
  18122. #ifdef WOLFSSL_AES_192
  18123. if (ret == 0) {
  18124. ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24));
  18125. }
  18126. #endif
  18127. #ifdef WOLFSSL_AES_256
  18128. if (ret == 0) {
  18129. ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32));
  18130. }
  18131. #endif
  18132. /* Test bad args. */
  18133. if (ret == 0) {
  18134. ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1);
  18135. if (ret == BAD_FUNC_ARG) {
  18136. ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1);
  18137. }
  18138. if (ret == BAD_FUNC_ARG) {
  18139. ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1);
  18140. }
  18141. if (ret != BAD_FUNC_ARG) {
  18142. ret = WOLFSSL_FATAL_ERROR;
  18143. }
  18144. else {
  18145. ret = 0;
  18146. }
  18147. }
  18148. wc_AesFree(&aes);
  18149. res = TEST_RES_CHECK(ret == 0);
  18150. #endif
  18151. return res;
  18152. } /* END test_wc_AesCcmSetKey */
  18153. /*
  18154. * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt
  18155. */
  18156. static int test_wc_AesCcmEncryptDecrypt(void)
  18157. {
  18158. int res = TEST_SKIPPED;
  18159. #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
  18160. Aes aes;
  18161. int ret = 0;
  18162. const byte key16[] =
  18163. {
  18164. 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
  18165. 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
  18166. };
  18167. /* plaintext */
  18168. const byte plainT[] =
  18169. {
  18170. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  18171. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  18172. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
  18173. };
  18174. /* nonce */
  18175. const byte iv[] =
  18176. {
  18177. 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
  18178. 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
  18179. };
  18180. const byte c[] = /* cipher text. */
  18181. {
  18182. 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
  18183. 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
  18184. 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
  18185. };
  18186. const byte t[] = /* Auth tag */
  18187. {
  18188. 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
  18189. };
  18190. const byte authIn[] =
  18191. {
  18192. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
  18193. };
  18194. byte cipherOut[sizeof(plainT)];
  18195. byte authTag[sizeof(t)];
  18196. int ccmE = WOLFSSL_FATAL_ERROR;
  18197. #ifdef HAVE_AES_DECRYPT
  18198. int ccmD = WOLFSSL_FATAL_ERROR;
  18199. byte plainOut[sizeof(cipherOut)];
  18200. #endif
  18201. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  18202. if (ret != 0)
  18203. return ret;
  18204. ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
  18205. if (ret == 0) {
  18206. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
  18207. iv, sizeof(iv), authTag, sizeof(authTag),
  18208. authIn , sizeof(authIn));
  18209. if ((XMEMCMP(cipherOut, c, sizeof(c)) && ccmE == 0) ||
  18210. XMEMCMP(t, authTag, sizeof(t))) {
  18211. ccmE = WOLFSSL_FATAL_ERROR;
  18212. ret = WOLFSSL_FATAL_ERROR;
  18213. }
  18214. #ifdef HAVE_AES_DECRYPT
  18215. if (ret == 0) {
  18216. ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
  18217. sizeof(plainOut), iv, sizeof(iv),
  18218. authTag, sizeof(authTag),
  18219. authIn, sizeof(authIn));
  18220. if (XMEMCMP(plainOut, plainT, sizeof(plainT)) && ccmD == 0) {
  18221. ccmD = WOLFSSL_FATAL_ERROR;
  18222. }
  18223. }
  18224. #endif
  18225. }
  18226. /* Pass in bad args. Encrypt*/
  18227. if (ret == 0 && ccmE == 0) {
  18228. ccmE = wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
  18229. iv, sizeof(iv), authTag, sizeof(authTag),
  18230. authIn , sizeof(authIn));
  18231. if (ccmE == BAD_FUNC_ARG) {
  18232. ccmE = wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
  18233. iv, sizeof(iv), authTag, sizeof(authTag),
  18234. authIn , sizeof(authIn));
  18235. }
  18236. if (ccmE == BAD_FUNC_ARG) {
  18237. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
  18238. iv, sizeof(iv), authTag, sizeof(authTag),
  18239. authIn , sizeof(authIn));
  18240. }
  18241. if (ccmE == BAD_FUNC_ARG) {
  18242. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
  18243. NULL, sizeof(iv), authTag, sizeof(authTag),
  18244. authIn , sizeof(authIn));
  18245. }
  18246. if (ccmE == BAD_FUNC_ARG) {
  18247. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
  18248. iv, sizeof(iv), NULL, sizeof(authTag),
  18249. authIn , sizeof(authIn));
  18250. }
  18251. if (ccmE == BAD_FUNC_ARG) {
  18252. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
  18253. iv, sizeof(iv) + 1, authTag, sizeof(authTag),
  18254. authIn , sizeof(authIn));
  18255. }
  18256. if (ccmE == BAD_FUNC_ARG) {
  18257. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
  18258. iv, sizeof(iv) - 7, authTag, sizeof(authTag),
  18259. authIn , sizeof(authIn));
  18260. }
  18261. if (ccmE != BAD_FUNC_ARG) {
  18262. ccmE = WOLFSSL_FATAL_ERROR;
  18263. }
  18264. else {
  18265. ccmE = 0;
  18266. }
  18267. } /* End Encrypt */
  18268. if (ccmE != 0) {
  18269. wc_AesFree(&aes);
  18270. return TEST_FAIL;
  18271. }
  18272. #ifdef HAVE_AES_DECRYPT
  18273. /* Pass in bad args. Decrypt*/
  18274. if (ret == 0 && ccmD == 0) {
  18275. ccmD = wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
  18276. iv, sizeof(iv), authTag, sizeof(authTag),
  18277. authIn, sizeof(authIn));
  18278. if (ccmD == BAD_FUNC_ARG) {
  18279. ccmD = wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
  18280. iv, sizeof(iv), authTag, sizeof(authTag),
  18281. authIn, sizeof(authIn));
  18282. }
  18283. if (ccmD == BAD_FUNC_ARG) {
  18284. ccmD = wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
  18285. iv, sizeof(iv), authTag, sizeof(authTag),
  18286. authIn, sizeof(authIn));
  18287. }
  18288. if (ccmD == BAD_FUNC_ARG) {
  18289. ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
  18290. sizeof(plainOut), NULL, sizeof(iv),
  18291. authTag, sizeof(authTag),
  18292. authIn, sizeof(authIn));
  18293. }
  18294. if (ccmD == BAD_FUNC_ARG) {
  18295. ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
  18296. sizeof(plainOut), iv, sizeof(iv), NULL,
  18297. sizeof(authTag), authIn, sizeof(authIn));
  18298. }
  18299. if (ccmD == BAD_FUNC_ARG) {
  18300. ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
  18301. sizeof(plainOut), iv, sizeof(iv) + 1,
  18302. authTag, sizeof(authTag),
  18303. authIn, sizeof(authIn));
  18304. }
  18305. if (ccmD == BAD_FUNC_ARG) {
  18306. ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
  18307. sizeof(plainOut), iv, sizeof(iv) - 7,
  18308. authTag, sizeof(authTag),
  18309. authIn, sizeof(authIn));
  18310. }
  18311. if (ccmD != BAD_FUNC_ARG) {
  18312. ccmD = WOLFSSL_FATAL_ERROR;
  18313. }
  18314. else {
  18315. ccmD = 0;
  18316. }
  18317. } /* END Decrypt */
  18318. res = TEST_RES_CHECK(ccmD == 0);
  18319. #endif
  18320. wc_AesFree(&aes);
  18321. #endif /* HAVE_AESCCM */
  18322. return res;
  18323. } /* END test_wc_AesCcmEncryptDecrypt */
  18324. /*
  18325. * Testing wc_InitDsaKey()
  18326. */
  18327. static int test_wc_InitDsaKey(void)
  18328. {
  18329. int res = TEST_SKIPPED;
  18330. #ifndef NO_DSA
  18331. DsaKey key;
  18332. int ret = 0;
  18333. ret = wc_InitDsaKey(&key);
  18334. /* Pass in bad args. */
  18335. if (ret == 0) {
  18336. ret = wc_InitDsaKey(NULL);
  18337. if (ret == BAD_FUNC_ARG) {
  18338. ret = 0;
  18339. }
  18340. else {
  18341. ret = WOLFSSL_FATAL_ERROR;
  18342. }
  18343. }
  18344. wc_FreeDsaKey(&key);
  18345. res = TEST_RES_CHECK(ret == 0);
  18346. #endif
  18347. return res;
  18348. } /* END test_wc_InitDsaKey */
  18349. /*
  18350. * Testing wc_DsaSign() and wc_DsaVerify()
  18351. */
  18352. static int test_wc_DsaSignVerify(void)
  18353. {
  18354. int res = TEST_SKIPPED;
  18355. #if !defined(NO_DSA)
  18356. DsaKey key;
  18357. WC_RNG rng;
  18358. wc_Sha sha;
  18359. int ret = 0;
  18360. byte signature[DSA_SIG_SIZE];
  18361. byte hash[WC_SHA_DIGEST_SIZE];
  18362. word32 idx = 0;
  18363. word32 bytes;
  18364. int answer;
  18365. #ifdef USE_CERT_BUFFERS_1024
  18366. byte tmp[ONEK_BUF];
  18367. XMEMSET(tmp, 0, sizeof(tmp));
  18368. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  18369. bytes = sizeof_dsa_key_der_1024;
  18370. #elif defined(USE_CERT_BUFFERS_2048)
  18371. byte tmp[TWOK_BUF];
  18372. XMEMSET(tmp, 0, sizeof(tmp));
  18373. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  18374. bytes = sizeof_dsa_key_der_2048;
  18375. #else
  18376. byte tmp[TWOK_BUF];
  18377. XMEMSET(tmp, 0, sizeof(tmp));
  18378. XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
  18379. if (fp == XBADFILE) {
  18380. return WOLFSSL_BAD_FILE;
  18381. }
  18382. bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
  18383. XFCLOSE(fp);
  18384. #endif /* END USE_CERT_BUFFERS_1024 */
  18385. ret = wc_InitSha(&sha);
  18386. if (ret == 0) {
  18387. ret = wc_ShaUpdate(&sha, tmp, bytes);
  18388. if (ret == 0) {
  18389. ret = wc_ShaFinal(&sha, hash);
  18390. }
  18391. if (ret == 0) {
  18392. ret = wc_InitDsaKey(&key);
  18393. }
  18394. if (ret == 0) {
  18395. ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
  18396. }
  18397. if (ret == 0) {
  18398. ret = wc_InitRng(&rng);
  18399. }
  18400. }
  18401. /* Sign. */
  18402. if (ret == 0) {
  18403. ret = wc_DsaSign(hash, signature, &key, &rng);
  18404. }
  18405. /* Test bad args. */
  18406. if (ret == 0) {
  18407. ret = wc_DsaSign(NULL, signature, &key, &rng);
  18408. if (ret == BAD_FUNC_ARG) {
  18409. ret = wc_DsaSign(hash, NULL, &key, &rng);
  18410. }
  18411. if (ret == BAD_FUNC_ARG) {
  18412. ret = wc_DsaSign(hash, signature, NULL, &rng);
  18413. }
  18414. if (ret == BAD_FUNC_ARG) {
  18415. ret = wc_DsaSign(hash, signature, &key, NULL);
  18416. }
  18417. if (ret == BAD_FUNC_ARG) {
  18418. ret = 0;
  18419. }
  18420. else {
  18421. ret = WOLFSSL_FATAL_ERROR;
  18422. }
  18423. }
  18424. if (ret == 0) {
  18425. /* Verify. */
  18426. ret = wc_DsaVerify(hash, signature, &key, &answer);
  18427. if (ret != 0 || answer != 1) {
  18428. ret = WOLFSSL_FATAL_ERROR;
  18429. }
  18430. else {
  18431. ret = 0;
  18432. }
  18433. }
  18434. /* Pass in bad args. */
  18435. if (ret == 0) {
  18436. ret = wc_DsaVerify(NULL, signature, &key, &answer);
  18437. if (ret == BAD_FUNC_ARG) {
  18438. ret = wc_DsaVerify(hash, NULL, &key, &answer);
  18439. }
  18440. if (ret == BAD_FUNC_ARG) {
  18441. ret = wc_DsaVerify(hash, signature, NULL, &answer);
  18442. }
  18443. if (ret == BAD_FUNC_ARG) {
  18444. ret = wc_DsaVerify(hash, signature, &key, NULL);
  18445. }
  18446. if (ret == BAD_FUNC_ARG) {
  18447. ret = 0;
  18448. }
  18449. else {
  18450. ret = WOLFSSL_FATAL_ERROR;
  18451. }
  18452. }
  18453. #if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP)
  18454. /* hard set q to 0 and test fail case */
  18455. mp_free(&key.q);
  18456. mp_init(&key.q);
  18457. AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
  18458. mp_set(&key.q, 1);
  18459. AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
  18460. #endif
  18461. if (wc_FreeRng(&rng) && ret == 0) {
  18462. ret = WOLFSSL_FATAL_ERROR;
  18463. }
  18464. wc_FreeDsaKey(&key);
  18465. wc_ShaFree(&sha);
  18466. res = TEST_RES_CHECK(ret == 0);
  18467. #endif
  18468. return res;
  18469. } /* END test_wc_DsaSign */
  18470. /*
  18471. * Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode()
  18472. */
  18473. static int test_wc_DsaPublicPrivateKeyDecode(void)
  18474. {
  18475. int res = TEST_SKIPPED;
  18476. #if !defined(NO_DSA)
  18477. DsaKey key;
  18478. word32 bytes;
  18479. word32 idx = 0;
  18480. int priv = 0;
  18481. int pub = 0;
  18482. int ret = 0;
  18483. #ifdef USE_CERT_BUFFERS_1024
  18484. byte tmp[ONEK_BUF];
  18485. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  18486. bytes = sizeof_dsa_key_der_1024;
  18487. #elif defined(USE_CERT_BUFFERS_2048)
  18488. byte tmp[TWOK_BUF];
  18489. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  18490. bytes = sizeof_dsa_key_der_2048;
  18491. #else
  18492. byte tmp[TWOK_BUF];
  18493. XMEMSET(tmp, 0, sizeof(tmp));
  18494. XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
  18495. if (fp == XBADFILE)
  18496. {
  18497. return WOLFSSL_BAD_FILE;
  18498. }
  18499. bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
  18500. XFCLOSE(fp);
  18501. #endif /* END USE_CERT_BUFFERS_1024 */
  18502. ret = wc_InitDsaKey(&key);
  18503. if (ret == 0) {
  18504. priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
  18505. /* Test bad args. */
  18506. if (priv == 0) {
  18507. priv = wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes);
  18508. if (priv == BAD_FUNC_ARG) {
  18509. priv = wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes);
  18510. }
  18511. if (priv == BAD_FUNC_ARG) {
  18512. priv = wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes);
  18513. }
  18514. if (priv == BAD_FUNC_ARG) {
  18515. priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
  18516. }
  18517. if (priv == ASN_PARSE_E || priv == BUFFER_E) {
  18518. priv = 0;
  18519. }
  18520. else {
  18521. priv = WOLFSSL_FATAL_ERROR;
  18522. }
  18523. }
  18524. wc_FreeDsaKey(&key);
  18525. ret = wc_InitDsaKey(&key);
  18526. }
  18527. if (ret == 0) {
  18528. idx = 0; /* Reset */
  18529. pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
  18530. /* Test bad args. */
  18531. if (pub == 0) {
  18532. pub = wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes);
  18533. if (pub == BAD_FUNC_ARG) {
  18534. pub = wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes);
  18535. }
  18536. if (pub == BAD_FUNC_ARG) {
  18537. pub = wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes);
  18538. }
  18539. if (pub == BAD_FUNC_ARG) {
  18540. pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
  18541. }
  18542. if (pub == ASN_PARSE_E || pub == BUFFER_E) {
  18543. pub = 0;
  18544. }
  18545. else {
  18546. pub = WOLFSSL_FATAL_ERROR;
  18547. }
  18548. }
  18549. } /* END Public Key */
  18550. wc_FreeDsaKey(&key);
  18551. res = TEST_RES_CHECK(ret == 0 && pub == 0 && priv == 0);
  18552. #endif /* !NO_DSA */
  18553. return res;
  18554. } /* END test_wc_DsaPublicPrivateKeyDecode */
  18555. /*
  18556. * Testing wc_MakeDsaKey() and wc_MakeDsaParameters()
  18557. */
  18558. static int test_wc_MakeDsaKey(void)
  18559. {
  18560. int res = TEST_SKIPPED;
  18561. #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
  18562. DsaKey genKey;
  18563. WC_RNG rng;
  18564. int ret = 0;
  18565. XMEMSET(&rng, 0, sizeof(rng));
  18566. XMEMSET(&genKey, 0, sizeof(genKey));
  18567. ret = wc_InitRng(&rng);
  18568. if (ret == 0) {
  18569. ret = wc_InitDsaKey(&genKey);
  18570. }
  18571. if (ret == 0) {
  18572. ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
  18573. }
  18574. /* Test bad args. */
  18575. if (ret == 0) {
  18576. ret = wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey);
  18577. if (ret == BAD_FUNC_ARG) {
  18578. ret = wc_MakeDsaParameters(&rng, ONEK_BUF, NULL);
  18579. }
  18580. if (ret == BAD_FUNC_ARG) {
  18581. ret = wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey);
  18582. }
  18583. if (ret == BAD_FUNC_ARG) {
  18584. ret = 0;
  18585. }
  18586. else {
  18587. ret = WOLFSSL_FATAL_ERROR;
  18588. }
  18589. }
  18590. if (ret == 0) {
  18591. ret = wc_MakeDsaKey(&rng, &genKey);
  18592. }
  18593. /* Test bad args. */
  18594. if (ret == 0) {
  18595. ret = wc_MakeDsaKey(NULL, &genKey);
  18596. if (ret == BAD_FUNC_ARG) {
  18597. ret = wc_MakeDsaKey(&rng, NULL);
  18598. }
  18599. if (ret == BAD_FUNC_ARG) {
  18600. ret = 0;
  18601. }
  18602. else {
  18603. ret = WOLFSSL_FATAL_ERROR;
  18604. }
  18605. }
  18606. if (wc_FreeRng(&rng) && ret == 0) {
  18607. ret = WOLFSSL_FAILURE;
  18608. }
  18609. wc_FreeDsaKey(&genKey);
  18610. res = TEST_RES_CHECK(ret == 0);
  18611. #endif
  18612. return res;
  18613. } /* END test_wc_MakeDsaKey */
  18614. /*
  18615. * Testing wc_DsaKeyToDer()
  18616. */
  18617. static int test_wc_DsaKeyToDer(void)
  18618. {
  18619. int res = TEST_SKIPPED;
  18620. #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
  18621. DsaKey genKey;
  18622. WC_RNG rng;
  18623. word32 bytes;
  18624. word32 idx = 0;
  18625. int ret = 0;
  18626. #ifdef USE_CERT_BUFFERS_1024
  18627. byte tmp[ONEK_BUF];
  18628. byte der[ONEK_BUF];
  18629. XMEMSET(tmp, 0, sizeof(tmp));
  18630. XMEMSET(der, 0, sizeof(der));
  18631. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  18632. bytes = sizeof_dsa_key_der_1024;
  18633. #elif defined(USE_CERT_BUFFERS_2048)
  18634. byte tmp[TWOK_BUF];
  18635. byte der[TWOK_BUF];
  18636. XMEMSET(tmp, 0, sizeof(tmp));
  18637. XMEMSET(der, 0, sizeof(der));
  18638. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  18639. bytes = sizeof_dsa_key_der_2048;
  18640. #else
  18641. byte tmp[TWOK_BUF];
  18642. byte der[TWOK_BUF];
  18643. XMEMSET(tmp, 0, sizeof(tmp));
  18644. XMEMSET(der, 0, sizeof(der));
  18645. XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
  18646. if (fp == XBADFILE) {
  18647. return WOLFSSL_BAD_FILE;
  18648. }
  18649. bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
  18650. XFCLOSE(fp);
  18651. #endif /* END USE_CERT_BUFFERS_1024 */
  18652. XMEMSET(&rng, 0, sizeof(rng));
  18653. XMEMSET(&genKey, 0, sizeof(genKey));
  18654. ret = wc_InitRng(&rng);
  18655. if (ret == 0) {
  18656. ret = wc_InitDsaKey(&genKey);
  18657. }
  18658. if (ret == 0) {
  18659. ret = wc_MakeDsaParameters(&rng, sizeof(tmp), &genKey);
  18660. if (ret == 0) {
  18661. wc_FreeDsaKey(&genKey);
  18662. ret = wc_InitDsaKey(&genKey);
  18663. }
  18664. }
  18665. if (ret == 0) {
  18666. ret = wc_DsaPrivateKeyDecode(tmp, &idx, &genKey, bytes);
  18667. }
  18668. if (ret == 0) {
  18669. ret = wc_DsaKeyToDer(&genKey, der, bytes);
  18670. if ( ret >= 0 && ( ret = XMEMCMP(der, tmp, bytes) ) == 0 ) {
  18671. ret = 0;
  18672. }
  18673. }
  18674. /* Test bad args. */
  18675. if (ret == 0) {
  18676. ret = wc_DsaKeyToDer(NULL, der, FOURK_BUF);
  18677. if (ret == BAD_FUNC_ARG) {
  18678. ret = wc_DsaKeyToDer(&genKey, NULL, FOURK_BUF);
  18679. }
  18680. if (ret == BAD_FUNC_ARG) {
  18681. ret = 0;
  18682. }
  18683. else {
  18684. ret = WOLFSSL_FATAL_ERROR;
  18685. }
  18686. }
  18687. if (wc_FreeRng(&rng) && ret == 0) {
  18688. ret = WOLFSSL_FATAL_ERROR;
  18689. }
  18690. wc_FreeDsaKey(&genKey);
  18691. res = TEST_RES_CHECK(ret == 0);
  18692. #endif /* !NO_DSA && WOLFSSL_KEY_GEN */
  18693. return res;
  18694. } /* END test_wc_DsaKeyToDer */
  18695. /*
  18696. * Testing wc_DsaKeyToPublicDer()
  18697. * (indirectly testing setDsaPublicKey())
  18698. */
  18699. static int test_wc_DsaKeyToPublicDer(void)
  18700. {
  18701. int res = TEST_SKIPPED;
  18702. #ifndef HAVE_SELFTEST
  18703. #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
  18704. DsaKey genKey;
  18705. WC_RNG rng;
  18706. byte* der;
  18707. word32 sz;
  18708. int ret = 0;
  18709. der = (byte*)XMALLOC(ONEK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  18710. if (der == NULL) {
  18711. ret = WOLFSSL_FATAL_ERROR;
  18712. }
  18713. if (ret == 0) {
  18714. ret = wc_InitDsaKey(&genKey);
  18715. }
  18716. if (ret == 0) {
  18717. ret = wc_InitRng(&rng);
  18718. }
  18719. if (ret == 0) {
  18720. ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
  18721. }
  18722. if (ret == 0) {
  18723. ret = wc_MakeDsaKey(&rng, &genKey);
  18724. }
  18725. if (ret == 0) {
  18726. ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF);
  18727. if (ret >= 0) {
  18728. sz = ret;
  18729. ret = 0;
  18730. }
  18731. else {
  18732. ret = WOLFSSL_FATAL_ERROR;
  18733. }
  18734. }
  18735. if (ret == 0) {
  18736. word32 idx = 0;
  18737. wc_FreeDsaKey(&genKey);
  18738. ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz);
  18739. }
  18740. /* Test without the SubjectPublicKeyInfo header */
  18741. if (ret == 0) {
  18742. ret = wc_SetDsaPublicKey(der, &genKey, ONEK_BUF, 0);
  18743. if (ret >= 0) {
  18744. sz = ret;
  18745. ret = 0;
  18746. }
  18747. else {
  18748. ret = WOLFSSL_FATAL_ERROR;
  18749. }
  18750. }
  18751. if (ret == 0) {
  18752. word32 idx = 0;
  18753. wc_FreeDsaKey(&genKey);
  18754. ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz);
  18755. }
  18756. /* Test bad args. */
  18757. if (ret == 0) {
  18758. ret = wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF);
  18759. if (ret == BAD_FUNC_ARG) {
  18760. ret = wc_DsaKeyToPublicDer(&genKey, NULL, FOURK_BUF);
  18761. }
  18762. if (ret == BAD_FUNC_ARG) {
  18763. ret = 0;
  18764. }
  18765. else {
  18766. ret = WOLFSSL_FATAL_ERROR;
  18767. }
  18768. }
  18769. if (wc_FreeRng(&rng) && ret == 0) {
  18770. ret = WOLFSSL_FATAL_ERROR;
  18771. }
  18772. XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  18773. wc_FreeDsaKey(&genKey);
  18774. res = TEST_RES_CHECK(ret == 0);
  18775. #endif /* !NO_DSA && WOLFSSL_KEY_GEN */
  18776. #endif /* !HAVE_SELFTEST */
  18777. return res;
  18778. } /* END test_wc_DsaKeyToPublicDer */
  18779. /*
  18780. * Testing wc_DsaImportParamsRaw()
  18781. */
  18782. static int test_wc_DsaImportParamsRaw(void)
  18783. {
  18784. int res = TEST_SKIPPED;
  18785. #if !defined(NO_DSA)
  18786. DsaKey key;
  18787. int ret = 0;
  18788. /* [mod = L=1024, N=160], from CAVP KeyPair */
  18789. const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
  18790. "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
  18791. "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
  18792. "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
  18793. "47123188f8dc551054ee162b634d60f097f719076640e209"
  18794. "80a0093113a8bd73";
  18795. const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
  18796. const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
  18797. "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
  18798. "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
  18799. "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
  18800. "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
  18801. "76341a7e7d9";
  18802. /* invalid p and q parameters */
  18803. const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
  18804. const char* invalidQ = "96c5390a";
  18805. ret = wc_InitDsaKey(&key);
  18806. if (ret == 0) {
  18807. ret = wc_DsaImportParamsRaw(&key, p, q, g);
  18808. }
  18809. /* test bad args */
  18810. if (ret == 0) {
  18811. /* null key struct */
  18812. ret = wc_DsaImportParamsRaw(NULL, p, q, g);
  18813. if (ret == BAD_FUNC_ARG) {
  18814. /* null param pointers */
  18815. ret = wc_DsaImportParamsRaw(&key, NULL, NULL, NULL);
  18816. }
  18817. if (ret == BAD_FUNC_ARG) {
  18818. /* illegal p length */
  18819. ret = wc_DsaImportParamsRaw(&key, invalidP, q, g);
  18820. }
  18821. if (ret == BAD_FUNC_ARG) {
  18822. /* illegal q length */
  18823. ret = wc_DsaImportParamsRaw(&key, p, invalidQ, g);
  18824. if (ret == BAD_FUNC_ARG)
  18825. ret = 0;
  18826. }
  18827. }
  18828. wc_FreeDsaKey(&key);
  18829. res = TEST_RES_CHECK(ret == 0);
  18830. #endif
  18831. return res;
  18832. } /* END test_wc_DsaImportParamsRaw */
  18833. /*
  18834. * Testing wc_DsaImportParamsRawCheck()
  18835. */
  18836. static int test_wc_DsaImportParamsRawCheck(void)
  18837. {
  18838. int res = TEST_SKIPPED;
  18839. #if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  18840. DsaKey key;
  18841. int ret = 0;
  18842. int trusted = 0;
  18843. /* [mod = L=1024, N=160], from CAVP KeyPair */
  18844. const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
  18845. "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
  18846. "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
  18847. "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
  18848. "47123188f8dc551054ee162b634d60f097f719076640e209"
  18849. "80a0093113a8bd73";
  18850. const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
  18851. const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
  18852. "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
  18853. "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
  18854. "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
  18855. "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
  18856. "76341a7e7d9";
  18857. /* invalid p and q parameters */
  18858. const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
  18859. const char* invalidQ = "96c5390a";
  18860. ret = wc_InitDsaKey(&key);
  18861. if (ret == 0) {
  18862. ret = wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL);
  18863. }
  18864. /* test bad args */
  18865. if (ret == 0) {
  18866. /* null key struct */
  18867. ret = wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL);
  18868. if (ret == BAD_FUNC_ARG) {
  18869. /* null param pointers */
  18870. ret = wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted, NULL);
  18871. }
  18872. if (ret == BAD_FUNC_ARG) {
  18873. /* illegal p length */
  18874. ret = wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL);
  18875. }
  18876. if (ret == BAD_FUNC_ARG) {
  18877. /* illegal q length */
  18878. ret = wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL);
  18879. if (ret == BAD_FUNC_ARG)
  18880. ret = 0;
  18881. }
  18882. }
  18883. wc_FreeDsaKey(&key);
  18884. res = TEST_RES_CHECK(ret == 0);
  18885. #endif
  18886. return res;
  18887. } /* END test_wc_DsaImportParamsRawCheck */
  18888. /*
  18889. * Testing wc_DsaExportParamsRaw()
  18890. */
  18891. static int test_wc_DsaExportParamsRaw(void)
  18892. {
  18893. int res = TEST_SKIPPED;
  18894. #if !defined(NO_DSA)
  18895. DsaKey key;
  18896. int ret = 0;
  18897. /* [mod = L=1024, N=160], from CAVP KeyPair */
  18898. const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
  18899. "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
  18900. "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
  18901. "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
  18902. "47123188f8dc551054ee162b634d60f097f719076640e209"
  18903. "80a0093113a8bd73";
  18904. const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
  18905. const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
  18906. "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
  18907. "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
  18908. "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
  18909. "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
  18910. "76341a7e7d9";
  18911. const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f"
  18912. "\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d"
  18913. "\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a"
  18914. "\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c"
  18915. "\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5"
  18916. "\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6"
  18917. "\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89"
  18918. "\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71"
  18919. "\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b"
  18920. "\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09"
  18921. "\x80\xa0\x09\x31\x13\xa8\xbd\x73";
  18922. const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0"
  18923. "\xea\x19\x4a\x3e\xc9\x35\xa2\x81";
  18924. const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f"
  18925. "\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82"
  18926. "\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45"
  18927. "\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3"
  18928. "\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd"
  18929. "\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba"
  18930. "\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e"
  18931. "\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f"
  18932. "\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43"
  18933. "\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f"
  18934. "\x17\xfc\x07\x63\x41\xa7\xe7\xd9";
  18935. byte pOut[MAX_DSA_PARAM_SIZE];
  18936. byte qOut[MAX_DSA_PARAM_SIZE];
  18937. byte gOut[MAX_DSA_PARAM_SIZE];
  18938. word32 pOutSz, qOutSz, gOutSz;
  18939. ret = wc_InitDsaKey(&key);
  18940. if (ret == 0) {
  18941. /* first test using imported raw parameters, for expected */
  18942. ret = wc_DsaImportParamsRaw(&key, p, q, g);
  18943. }
  18944. if (ret == 0) {
  18945. pOutSz = sizeof(pOut);
  18946. qOutSz = sizeof(qOut);
  18947. gOutSz = sizeof(gOut);
  18948. ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
  18949. gOut, &gOutSz);
  18950. }
  18951. if (ret == 0) {
  18952. /* validate exported parameters are correct */
  18953. if ((XMEMCMP(pOut, pCompare, pOutSz) != 0) ||
  18954. (XMEMCMP(qOut, qCompare, qOutSz) != 0) ||
  18955. (XMEMCMP(gOut, gCompare, gOutSz) != 0) ) {
  18956. ret = -1;
  18957. }
  18958. }
  18959. /* test bad args */
  18960. if (ret == 0) {
  18961. /* null key struct */
  18962. ret = wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz,
  18963. gOut, &gOutSz);
  18964. if (ret == BAD_FUNC_ARG) {
  18965. /* null output pointers */
  18966. ret = wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz,
  18967. NULL, &gOutSz);
  18968. }
  18969. if (ret == LENGTH_ONLY_E) {
  18970. /* null output size pointers */
  18971. ret = wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL,
  18972. gOut, NULL);
  18973. }
  18974. if (ret == BAD_FUNC_ARG) {
  18975. /* p output buffer size too small */
  18976. pOutSz = 1;
  18977. ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
  18978. gOut, &gOutSz);
  18979. pOutSz = sizeof(pOut);
  18980. }
  18981. if (ret == BUFFER_E) {
  18982. /* q output buffer size too small */
  18983. qOutSz = 1;
  18984. ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
  18985. gOut, &gOutSz);
  18986. qOutSz = sizeof(qOut);
  18987. }
  18988. if (ret == BUFFER_E) {
  18989. /* g output buffer size too small */
  18990. gOutSz = 1;
  18991. ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
  18992. gOut, &gOutSz);
  18993. if (ret == BUFFER_E)
  18994. ret = 0;
  18995. }
  18996. }
  18997. wc_FreeDsaKey(&key);
  18998. res = TEST_RES_CHECK(ret == 0);
  18999. #endif
  19000. return res;
  19001. } /* END test_wc_DsaExportParamsRaw */
  19002. /*
  19003. * Testing wc_DsaExportKeyRaw()
  19004. */
  19005. static int test_wc_DsaExportKeyRaw(void)
  19006. {
  19007. int res = TEST_SKIPPED;
  19008. #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
  19009. DsaKey key;
  19010. WC_RNG rng;
  19011. int ret = 0;
  19012. byte xOut[MAX_DSA_PARAM_SIZE];
  19013. byte yOut[MAX_DSA_PARAM_SIZE];
  19014. word32 xOutSz, yOutSz;
  19015. XMEMSET(&rng, 0, sizeof(rng));
  19016. XMEMSET(&key, 0, sizeof(key));
  19017. ret = wc_InitRng(&rng);
  19018. if (ret == 0) {
  19019. ret = wc_InitDsaKey(&key);
  19020. }
  19021. if (ret == 0) {
  19022. ret = wc_MakeDsaParameters(&rng, 1024, &key);
  19023. if (ret == 0) {
  19024. ret = wc_MakeDsaKey(&rng, &key);
  19025. }
  19026. }
  19027. /* try successful export */
  19028. if (ret == 0) {
  19029. xOutSz = sizeof(xOut);
  19030. yOutSz = sizeof(yOut);
  19031. ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
  19032. }
  19033. /* test bad args */
  19034. if (ret == 0) {
  19035. /* null key struct */
  19036. ret = wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz);
  19037. if (ret == BAD_FUNC_ARG) {
  19038. /* null output pointers */
  19039. ret = wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz);
  19040. }
  19041. if (ret == LENGTH_ONLY_E) {
  19042. /* null output size pointers */
  19043. ret = wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL);
  19044. }
  19045. if (ret == BAD_FUNC_ARG) {
  19046. /* x output buffer size too small */
  19047. xOutSz = 1;
  19048. ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
  19049. xOutSz = sizeof(xOut);
  19050. }
  19051. if (ret == BUFFER_E) {
  19052. /* y output buffer size too small */
  19053. yOutSz = 1;
  19054. ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
  19055. if (ret == BUFFER_E)
  19056. ret = 0;
  19057. }
  19058. }
  19059. wc_FreeDsaKey(&key);
  19060. wc_FreeRng(&rng);
  19061. res = TEST_RES_CHECK(ret == 0);
  19062. #endif
  19063. return res;
  19064. } /* END test_wc_DsaExportParamsRaw */
  19065. /*
  19066. * Testing wc_ed25519_make_key().
  19067. */
  19068. static int test_wc_ed25519_make_key(void)
  19069. {
  19070. int res = TEST_SKIPPED;
  19071. #if defined(HAVE_ED25519)
  19072. ed25519_key key;
  19073. WC_RNG rng;
  19074. unsigned char pubkey[ED25519_PUB_KEY_SIZE];
  19075. int ret = 0;
  19076. ret = wc_InitRng(&rng);
  19077. if (ret == 0) {
  19078. ret = wc_ed25519_init(&key);
  19079. }
  19080. if (ret == 0) {
  19081. ret = wc_ed25519_make_public(&key, pubkey, sizeof(pubkey));
  19082. if (ret == ECC_PRIV_KEY_E) {
  19083. ret = 0;
  19084. }
  19085. else if (ret == 0) {
  19086. ret = -1;
  19087. }
  19088. }
  19089. if (ret == 0) {
  19090. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  19091. }
  19092. /* Test bad args. */
  19093. if (ret == 0) {
  19094. ret = wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key);
  19095. if (ret == BAD_FUNC_ARG) {
  19096. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL);
  19097. }
  19098. if (ret == BAD_FUNC_ARG) {
  19099. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key);
  19100. }
  19101. if (ret == BAD_FUNC_ARG) {
  19102. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key);
  19103. }
  19104. if (ret == BAD_FUNC_ARG) {
  19105. ret = 0;
  19106. }
  19107. else if (ret == 0) {
  19108. ret = WOLFSSL_FATAL_ERROR;
  19109. }
  19110. }
  19111. if (wc_FreeRng(&rng) && ret == 0) {
  19112. ret = WOLFSSL_FATAL_ERROR;
  19113. }
  19114. wc_ed25519_free(&key);
  19115. res = TEST_RES_CHECK(ret == 0);
  19116. #endif
  19117. return res;
  19118. } /* END test_wc_ed25519_make_key */
  19119. /*
  19120. * Testing wc_ed25519_init()
  19121. */
  19122. static int test_wc_ed25519_init(void)
  19123. {
  19124. int res = TEST_SKIPPED;
  19125. #if defined(HAVE_ED25519)
  19126. ed25519_key key;
  19127. int ret = 0;
  19128. ret = wc_ed25519_init(&key);
  19129. /* Test bad args. */
  19130. if (ret == 0) {
  19131. ret = wc_ed25519_init(NULL);
  19132. if (ret == BAD_FUNC_ARG) {
  19133. ret = 0;
  19134. }
  19135. else if (ret == 0) {
  19136. ret = WOLFSSL_FATAL_ERROR;
  19137. }
  19138. }
  19139. wc_ed25519_free(&key);
  19140. res = TEST_RES_CHECK(ret == 0);
  19141. #endif
  19142. return res;
  19143. } /* END test_wc_ed25519_init */
  19144. /*
  19145. * Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg()
  19146. */
  19147. static int test_wc_ed25519_sign_msg(void)
  19148. {
  19149. int res = TEST_SKIPPED;
  19150. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN)
  19151. WC_RNG rng;
  19152. ed25519_key key;
  19153. int ret = 0;
  19154. byte msg[] = "Everybody gets Friday off.\n";
  19155. byte sig[ED25519_SIG_SIZE];
  19156. word32 msglen = sizeof(msg);
  19157. word32 siglen = sizeof(sig);
  19158. word32 badSigLen = sizeof(sig) - 1;
  19159. #ifdef HAVE_ED25519_VERIFY
  19160. int verify_ok = 0; /*1 = Verify success.*/
  19161. #endif
  19162. /* Initialize stack variables. */
  19163. XMEMSET(sig, 0, siglen);
  19164. /* Initialize key. */
  19165. ret = wc_InitRng(&rng);
  19166. if (ret == 0) {
  19167. ret = wc_ed25519_init(&key);
  19168. if (ret == 0) {
  19169. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  19170. }
  19171. }
  19172. if (ret == 0) {
  19173. ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key);
  19174. }
  19175. /* Test bad args. */
  19176. if (ret == 0 && siglen == ED25519_SIG_SIZE) {
  19177. ret = wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key);
  19178. if (ret == BAD_FUNC_ARG) {
  19179. ret = wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key);
  19180. }
  19181. if (ret == BAD_FUNC_ARG) {
  19182. ret = wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key);
  19183. }
  19184. if (ret == BAD_FUNC_ARG) {
  19185. ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL);
  19186. }
  19187. if (ret == BAD_FUNC_ARG) {
  19188. ret = wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key);
  19189. }
  19190. if (ret == BUFFER_E && badSigLen == ED25519_SIG_SIZE) {
  19191. badSigLen -= 1;
  19192. ret = 0;
  19193. }
  19194. else if (ret == 0) {
  19195. ret = WOLFSSL_FATAL_ERROR;
  19196. }
  19197. } /* END sign */
  19198. #ifdef HAVE_ED25519_VERIFY
  19199. if (ret == 0) {
  19200. ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key);
  19201. if (ret == 0 && verify_ok == 1) {
  19202. ret = 0;
  19203. }
  19204. else if (ret == 0) {
  19205. ret = WOLFSSL_FATAL_ERROR;
  19206. }
  19207. /* Test bad args. */
  19208. if (ret == 0) {
  19209. AssertIntEQ(wc_ed25519_verify_msg(sig, siglen - 1, msg,
  19210. msglen, &verify_ok, &key),
  19211. BAD_FUNC_ARG);
  19212. AssertIntEQ(wc_ed25519_verify_msg(sig, siglen + 1, msg,
  19213. msglen, &verify_ok, &key),
  19214. BAD_FUNC_ARG);
  19215. ret = wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
  19216. &key);
  19217. if (ret == BAD_FUNC_ARG) {
  19218. ret = wc_ed25519_verify_msg(sig, siglen, NULL, msglen,
  19219. &verify_ok, &key);
  19220. }
  19221. if (ret == BAD_FUNC_ARG) {
  19222. ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
  19223. NULL, &key);
  19224. }
  19225. if (ret == BAD_FUNC_ARG) {
  19226. ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
  19227. &verify_ok, NULL);
  19228. }
  19229. if (ret == BAD_FUNC_ARG) {
  19230. ret = wc_ed25519_verify_msg(sig, badSigLen, msg, msglen,
  19231. &verify_ok, &key);
  19232. }
  19233. if (ret == BAD_FUNC_ARG) {
  19234. ret = 0;
  19235. }
  19236. else if (ret == 0) {
  19237. ret = WOLFSSL_FATAL_ERROR;
  19238. }
  19239. }
  19240. } /* END verify. */
  19241. #endif /* Verify. */
  19242. if (wc_FreeRng(&rng) && ret == 0) {
  19243. ret = WOLFSSL_FATAL_ERROR;
  19244. }
  19245. wc_ed25519_free(&key);
  19246. res = TEST_RES_CHECK(ret == 0);
  19247. #endif
  19248. return res;
  19249. } /* END test_wc_ed25519_sign_msg */
  19250. /*
  19251. * Testing wc_ed25519_import_public()
  19252. */
  19253. static int test_wc_ed25519_import_public(void)
  19254. {
  19255. int res = TEST_SKIPPED;
  19256. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
  19257. WC_RNG rng;
  19258. ed25519_key pubKey;
  19259. const byte in[] = "Ed25519PublicKeyUnitTest......\n";
  19260. word32 inlen = sizeof(in);
  19261. int ret = 0;
  19262. ret = wc_InitRng(&rng);
  19263. if (ret == 0) {
  19264. ret = wc_ed25519_init(&pubKey);
  19265. if (ret == 0) {
  19266. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey);
  19267. }
  19268. }
  19269. if (ret == 0) {
  19270. ret = wc_ed25519_import_public_ex(in, inlen, &pubKey, 1);
  19271. if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
  19272. ret = 0;
  19273. }
  19274. else {
  19275. ret = WOLFSSL_FATAL_ERROR;
  19276. }
  19277. /* Test bad args. */
  19278. if (ret == 0) {
  19279. ret = wc_ed25519_import_public(NULL, inlen, &pubKey);
  19280. if (ret == BAD_FUNC_ARG) {
  19281. ret = wc_ed25519_import_public(in, inlen, NULL);
  19282. }
  19283. if (ret == BAD_FUNC_ARG) {
  19284. ret = wc_ed25519_import_public(in, inlen - 1, &pubKey);
  19285. }
  19286. if (ret == BAD_FUNC_ARG) {
  19287. ret = 0;
  19288. }
  19289. else if (ret == 0) {
  19290. ret = WOLFSSL_FATAL_ERROR;
  19291. }
  19292. }
  19293. }
  19294. if (wc_FreeRng(&rng) && ret == 0) {
  19295. ret = WOLFSSL_FATAL_ERROR;
  19296. }
  19297. wc_ed25519_free(&pubKey);
  19298. res = TEST_RES_CHECK(ret == 0);
  19299. #endif
  19300. return res;
  19301. } /* END wc_ed25519_import_public */
  19302. /*
  19303. * Testing wc_ed25519_import_private_key()
  19304. */
  19305. static int test_wc_ed25519_import_private_key(void)
  19306. {
  19307. int res = TEST_SKIPPED;
  19308. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
  19309. WC_RNG rng;
  19310. ed25519_key key;
  19311. int ret;
  19312. const byte privKey[] = "Ed25519PrivateKeyUnitTest.....\n";
  19313. const byte pubKey[] = "Ed25519PublicKeyUnitTest......\n";
  19314. word32 privKeySz = sizeof(privKey);
  19315. word32 pubKeySz = sizeof(pubKey);
  19316. #ifdef HAVE_ED25519_KEY_EXPORT
  19317. byte bothKeys[sizeof(privKey) + sizeof(pubKey)];
  19318. word32 bothKeysSz = sizeof(bothKeys);
  19319. #endif
  19320. ret = wc_InitRng(&rng);
  19321. if (ret != 0) {
  19322. return ret;
  19323. }
  19324. ret = wc_ed25519_init(&key);
  19325. if (ret != 0) {
  19326. wc_FreeRng(&rng);
  19327. return ret;
  19328. }
  19329. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  19330. if (ret == 0) {
  19331. ret = wc_ed25519_import_private_key_ex(privKey, privKeySz, pubKey,
  19332. pubKeySz, &key, 1);
  19333. if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0
  19334. || XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
  19335. ret = WOLFSSL_FATAL_ERROR;
  19336. }
  19337. }
  19338. #ifdef HAVE_ED25519_KEY_EXPORT
  19339. if (ret == 0)
  19340. ret = wc_ed25519_export_private(&key, bothKeys, &bothKeysSz);
  19341. if (ret == 0) {
  19342. ret = wc_ed25519_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0,
  19343. &key, 1);
  19344. if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0
  19345. || XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
  19346. ret = WOLFSSL_FATAL_ERROR;
  19347. }
  19348. }
  19349. #endif
  19350. /* Test bad args. */
  19351. if (ret == 0) {
  19352. ret = wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
  19353. &key);
  19354. if (ret == BAD_FUNC_ARG) {
  19355. ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL,
  19356. pubKeySz, &key);
  19357. }
  19358. if (ret == BAD_FUNC_ARG) {
  19359. ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
  19360. pubKeySz, NULL);
  19361. }
  19362. if (ret == BAD_FUNC_ARG) {
  19363. ret = wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey,
  19364. pubKeySz, &key);
  19365. }
  19366. if (ret == BAD_FUNC_ARG) {
  19367. ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
  19368. pubKeySz - 1, &key);
  19369. }
  19370. if (ret == BAD_FUNC_ARG) {
  19371. ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL,
  19372. 0, &key);
  19373. }
  19374. if (ret == BAD_FUNC_ARG) {
  19375. ret = 0;
  19376. }
  19377. else if (ret == 0) {
  19378. ret = WOLFSSL_FATAL_ERROR;
  19379. }
  19380. }
  19381. if (wc_FreeRng(&rng) && ret == 0) {
  19382. ret = WOLFSSL_FATAL_ERROR;
  19383. }
  19384. wc_ed25519_free(&key);
  19385. res = TEST_RES_CHECK(ret == 0);
  19386. #endif
  19387. return res;
  19388. } /* END test_wc_ed25519_import_private_key */
  19389. /*
  19390. * Testing wc_ed25519_export_public() and wc_ed25519_export_private_only()
  19391. */
  19392. static int test_wc_ed25519_export(void)
  19393. {
  19394. int res = TEST_SKIPPED;
  19395. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
  19396. WC_RNG rng;
  19397. ed25519_key key;
  19398. int ret = 0;
  19399. byte priv[ED25519_PRV_KEY_SIZE];
  19400. byte pub[ED25519_PUB_KEY_SIZE];
  19401. word32 privSz = sizeof(priv);
  19402. word32 pubSz = sizeof(pub);
  19403. ret = wc_InitRng(&rng);
  19404. if (ret != 0) {
  19405. return ret;
  19406. }
  19407. ret = wc_ed25519_init(&key);
  19408. if (ret != 0) {
  19409. wc_FreeRng(&rng);
  19410. return ret;
  19411. }
  19412. if (ret == 0) {
  19413. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  19414. }
  19415. if (ret == 0) {
  19416. ret = wc_ed25519_export_public(&key, pub, &pubSz);
  19417. if (ret == 0 && (pubSz != ED25519_KEY_SIZE
  19418. || XMEMCMP(key.p, pub, pubSz) != 0)) {
  19419. ret = WOLFSSL_FATAL_ERROR;
  19420. }
  19421. if (ret == 0) {
  19422. ret = wc_ed25519_export_public(NULL, pub, &pubSz);
  19423. if (ret == BAD_FUNC_ARG) {
  19424. ret = wc_ed25519_export_public(&key, NULL, &pubSz);
  19425. }
  19426. if (ret == BAD_FUNC_ARG) {
  19427. ret = wc_ed25519_export_public(&key, pub, NULL);
  19428. }
  19429. if (ret == BAD_FUNC_ARG) {
  19430. ret = 0;
  19431. }
  19432. else if (ret == 0) {
  19433. ret = WOLFSSL_FATAL_ERROR;
  19434. }
  19435. }
  19436. }
  19437. if (ret == 0) {
  19438. ret = wc_ed25519_export_private_only(&key, priv, &privSz);
  19439. if (ret == 0 && (privSz != ED25519_KEY_SIZE
  19440. || XMEMCMP(key.k, priv, privSz) != 0)) {
  19441. ret = WOLFSSL_FATAL_ERROR;
  19442. }
  19443. if (ret == 0) {
  19444. ret = wc_ed25519_export_private_only(NULL, priv, &privSz);
  19445. if (ret == BAD_FUNC_ARG) {
  19446. ret = wc_ed25519_export_private_only(&key, NULL, &privSz);
  19447. }
  19448. if (ret == BAD_FUNC_ARG) {
  19449. ret = wc_ed25519_export_private_only(&key, priv, NULL);
  19450. }
  19451. if (ret == BAD_FUNC_ARG) {
  19452. ret = 0;
  19453. }
  19454. else if (ret == 0) {
  19455. ret = WOLFSSL_FATAL_ERROR;
  19456. }
  19457. }
  19458. }
  19459. if (wc_FreeRng(&rng) && ret == 0) {
  19460. ret = WOLFSSL_FATAL_ERROR;
  19461. }
  19462. wc_ed25519_free(&key);
  19463. res = TEST_RES_CHECK(ret == 0);
  19464. #endif
  19465. return res;
  19466. } /* END test_wc_ed25519_export */
  19467. /*
  19468. * Testing wc_ed25519_size()
  19469. */
  19470. static int test_wc_ed25519_size(void)
  19471. {
  19472. int res = TEST_SKIPPED;
  19473. #if defined(HAVE_ED25519)
  19474. WC_RNG rng;
  19475. ed25519_key key;
  19476. int ret;
  19477. ret = wc_InitRng(&rng);
  19478. if (ret != 0) {
  19479. return ret;
  19480. }
  19481. ret = wc_ed25519_init(&key);
  19482. if (ret != 0) {
  19483. wc_FreeRng(&rng);
  19484. return ret;
  19485. }
  19486. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  19487. if (ret != 0) {
  19488. wc_FreeRng(&rng);
  19489. wc_ed25519_free(&key);
  19490. return ret;
  19491. }
  19492. ret = wc_ed25519_size(&key);
  19493. /* Test bad args. */
  19494. if (ret == ED25519_KEY_SIZE) {
  19495. ret = wc_ed25519_size(NULL);
  19496. if (ret == BAD_FUNC_ARG) {
  19497. ret = 0;
  19498. }
  19499. }
  19500. if (ret == 0) {
  19501. ret = wc_ed25519_sig_size(&key);
  19502. if (ret == ED25519_SIG_SIZE) {
  19503. ret = 0;
  19504. }
  19505. /* Test bad args. */
  19506. if (ret == 0) {
  19507. ret = wc_ed25519_sig_size(NULL);
  19508. if (ret == BAD_FUNC_ARG) {
  19509. ret = 0;
  19510. }
  19511. }
  19512. } /* END wc_ed25519_sig_size() */
  19513. if (ret == 0) {
  19514. ret = wc_ed25519_pub_size(&key);
  19515. if (ret == ED25519_PUB_KEY_SIZE) {
  19516. ret = 0;
  19517. }
  19518. if (ret == 0) {
  19519. ret = wc_ed25519_pub_size(NULL);
  19520. if (ret == BAD_FUNC_ARG) {
  19521. ret = 0;
  19522. }
  19523. }
  19524. } /* END wc_ed25519_pub_size */
  19525. if (ret == 0) {
  19526. ret = wc_ed25519_priv_size(&key);
  19527. if (ret == ED25519_PRV_KEY_SIZE) {
  19528. ret = 0;
  19529. }
  19530. if (ret == 0) {
  19531. ret = wc_ed25519_priv_size(NULL);
  19532. if (ret == BAD_FUNC_ARG) {
  19533. ret = 0;
  19534. }
  19535. }
  19536. } /* END wc_ed25519_pub_size */
  19537. if (wc_FreeRng(&rng) && ret == 0) {
  19538. ret = WOLFSSL_FATAL_ERROR;
  19539. }
  19540. wc_ed25519_free(&key);
  19541. res = TEST_RES_CHECK(ret == 0);
  19542. #endif
  19543. return res;
  19544. } /* END test_wc_ed25519_size */
  19545. /*
  19546. * Testing wc_ed25519_export_private() and wc_ed25519_export_key()
  19547. */
  19548. static int test_wc_ed25519_exportKey(void)
  19549. {
  19550. int res = TEST_SKIPPED;
  19551. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
  19552. WC_RNG rng;
  19553. ed25519_key key;
  19554. int ret = 0;
  19555. byte priv[ED25519_PRV_KEY_SIZE];
  19556. byte pub[ED25519_PUB_KEY_SIZE];
  19557. byte privOnly[ED25519_PRV_KEY_SIZE];
  19558. word32 privSz = sizeof(priv);
  19559. word32 pubSz = sizeof(pub);
  19560. word32 privOnlySz = sizeof(privOnly);
  19561. ret = wc_InitRng(&rng);
  19562. if (ret != 0) {
  19563. return TEST_FAIL;
  19564. }
  19565. ret = wc_ed25519_init(&key);
  19566. if (ret != 0) {
  19567. wc_FreeRng(&rng);
  19568. return TEST_FAIL;
  19569. }
  19570. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  19571. if (ret != 0) {
  19572. wc_FreeRng(&rng);
  19573. wc_ed25519_free(&key);
  19574. return TEST_FAIL;
  19575. }
  19576. ret = wc_ed25519_export_private(&key, privOnly, &privOnlySz);
  19577. if (ret == 0) {
  19578. ret = wc_ed25519_export_private(NULL, privOnly, &privOnlySz);
  19579. if (ret == BAD_FUNC_ARG) {
  19580. ret = wc_ed25519_export_private(&key, NULL, &privOnlySz);
  19581. }
  19582. if (ret == BAD_FUNC_ARG) {
  19583. ret = wc_ed25519_export_private(&key, privOnly, NULL);
  19584. }
  19585. if (ret == BAD_FUNC_ARG) {
  19586. ret = 0;
  19587. }
  19588. else if (ret == 0) {
  19589. ret = WOLFSSL_FATAL_ERROR;
  19590. }
  19591. }
  19592. if (ret == 0) {
  19593. ret = wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz);
  19594. if (ret == 0) {
  19595. ret = wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz);
  19596. if (ret == BAD_FUNC_ARG) {
  19597. ret = wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz);
  19598. }
  19599. if (ret == BAD_FUNC_ARG) {
  19600. ret = wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz);
  19601. }
  19602. if (ret == BAD_FUNC_ARG) {
  19603. ret = wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz);
  19604. }
  19605. if (ret == BAD_FUNC_ARG) {
  19606. ret = wc_ed25519_export_key(&key, priv, &privSz, pub, NULL);
  19607. }
  19608. if (ret == BAD_FUNC_ARG) {
  19609. ret = 0;
  19610. }
  19611. else if (ret == 0) {
  19612. ret = WOLFSSL_FATAL_ERROR;
  19613. }
  19614. }
  19615. } /* END wc_ed25519_export_key() */
  19616. /* Cross check output. */
  19617. if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
  19618. ret = WOLFSSL_FATAL_ERROR;
  19619. }
  19620. if (wc_FreeRng(&rng) && ret == 0) {
  19621. ret = WOLFSSL_FATAL_ERROR;
  19622. }
  19623. wc_ed25519_free(&key);
  19624. res = TEST_RES_CHECK(ret == 0);
  19625. #endif
  19626. return res;
  19627. } /* END test_wc_ed25519_exportKey */
  19628. /*
  19629. * Testing wc_Ed25519PublicKeyToDer
  19630. */
  19631. static int test_wc_Ed25519PublicKeyToDer(void)
  19632. {
  19633. int res = TEST_SKIPPED;
  19634. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
  19635. (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
  19636. int tmp;
  19637. ed25519_key key;
  19638. byte derBuf[1024];
  19639. int ret = 0;
  19640. /* Test bad args */
  19641. tmp = wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0);
  19642. if (tmp != BAD_FUNC_ARG) {
  19643. ret = WOLFSSL_FATAL_ERROR;
  19644. }
  19645. if (ret == 0) {
  19646. wc_ed25519_init(&key);
  19647. tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0);
  19648. if (tmp != BUFFER_E) {
  19649. ret = WOLFSSL_FATAL_ERROR;
  19650. }
  19651. wc_ed25519_free(&key);
  19652. }
  19653. /* Test good args */
  19654. if (ret == 0) {
  19655. WC_RNG rng;
  19656. ret = wc_InitRng(&rng);
  19657. if (ret != 0) {
  19658. return TEST_FAIL;
  19659. }
  19660. ret = wc_ed25519_init(&key);
  19661. if (ret != 0) {
  19662. wc_FreeRng(&rng);
  19663. return TEST_FAIL;
  19664. }
  19665. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  19666. if (ret != 0) {
  19667. wc_FreeRng(&rng);
  19668. wc_ed25519_free(&key);
  19669. return TEST_FAIL;
  19670. }
  19671. tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1);
  19672. if (tmp <= 0) {
  19673. ret = WOLFSSL_FATAL_ERROR;
  19674. }
  19675. wc_FreeRng(&rng);
  19676. wc_ed25519_free(&key);
  19677. }
  19678. res = TEST_RES_CHECK(ret == 0);
  19679. #endif
  19680. return res;
  19681. } /* END testing wc_Ed25519PublicKeyToDer */
  19682. /*
  19683. * Testing wc_curve25519_init and wc_curve25519_free.
  19684. */
  19685. static int test_wc_curve25519_init(void)
  19686. {
  19687. int res = TEST_SKIPPED;
  19688. #if defined(HAVE_CURVE25519)
  19689. curve25519_key key;
  19690. int ret = 0;
  19691. ret = wc_curve25519_init(&key);
  19692. /* Test bad args for wc_curve25519_init */
  19693. if (ret == 0) {
  19694. ret = wc_curve25519_init(NULL);
  19695. if (ret == BAD_FUNC_ARG) {
  19696. ret = 0;
  19697. }
  19698. else if (ret == 0) {
  19699. ret = WOLFSSL_FATAL_ERROR;
  19700. }
  19701. }
  19702. /* Test good args for wc_curve_25519_free */
  19703. wc_curve25519_free(&key);
  19704. wc_curve25519_free(NULL);
  19705. res = TEST_RES_CHECK(ret == 0);
  19706. #endif
  19707. return res;
  19708. } /* END test_wc_curve25519_init and wc_curve_25519_free*/
  19709. /*
  19710. * Testing test_wc_curve25519_size.
  19711. */
  19712. static int test_wc_curve25519_size(void)
  19713. {
  19714. int res = TEST_SKIPPED;
  19715. #if defined(HAVE_CURVE25519)
  19716. curve25519_key key;
  19717. int ret = 0;
  19718. ret = wc_curve25519_init(&key);
  19719. /* Test good args for wc_curve25519_size */
  19720. if (ret == 0) {
  19721. ret = wc_curve25519_size(&key);
  19722. }
  19723. /* Test bad args for wc_curve25519_size */
  19724. if (ret != 0) {
  19725. ret = wc_curve25519_size(NULL);
  19726. }
  19727. wc_curve25519_free(&key);
  19728. res = TEST_RES_CHECK(ret == 0);
  19729. #endif
  19730. return res;
  19731. } /* END test_wc_curve25519_size*/
  19732. /*
  19733. * Testing test_wc_curve25519_export_key_raw().
  19734. */
  19735. static int test_wc_curve25519_export_key_raw(void)
  19736. {
  19737. int res = TEST_SKIPPED;
  19738. #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
  19739. curve25519_key key;
  19740. WC_RNG rng;
  19741. int ret = 0;
  19742. byte privateKey[CURVE25519_KEYSIZE];
  19743. byte publicKey[CURVE25519_KEYSIZE];
  19744. word32 prvkSz;
  19745. word32 pubkSz;
  19746. byte prik[CURVE25519_KEYSIZE];
  19747. byte pubk[CURVE25519_KEYSIZE];
  19748. word32 prksz;
  19749. word32 pbksz;
  19750. if (0 != wc_InitRng(&rng)) {
  19751. return TEST_FAIL;
  19752. }
  19753. if (0 != wc_curve25519_init(&key)) {
  19754. wc_FreeRng(&rng);
  19755. return TEST_FAIL;
  19756. }
  19757. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  19758. /*
  19759. bad-argument-test cases
  19760. target function sould return BAD_FUNC_ARG
  19761. */
  19762. if (ret == 0) {
  19763. prvkSz = CURVE25519_KEYSIZE;
  19764. pubkSz = CURVE25519_KEYSIZE;
  19765. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw(
  19766. NULL, privateKey, &prvkSz, publicKey, &pubkSz)) {
  19767. ret = -1;
  19768. }
  19769. }
  19770. if (ret == 0) {
  19771. prvkSz = CURVE25519_KEYSIZE;
  19772. pubkSz = CURVE25519_KEYSIZE;
  19773. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw(
  19774. &key, NULL, &prvkSz, publicKey, &pubkSz)) {
  19775. ret = -1;
  19776. }
  19777. }
  19778. if (ret == 0) {
  19779. prvkSz = CURVE25519_KEYSIZE;
  19780. pubkSz = CURVE25519_KEYSIZE;
  19781. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw(
  19782. &key, privateKey, NULL, publicKey, &pubkSz)) {
  19783. ret = -1;
  19784. }
  19785. }
  19786. if (ret == 0) {
  19787. /* prvkSz = CURVE25519_KEYSIZE; */
  19788. pubkSz = CURVE25519_KEYSIZE;
  19789. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw(
  19790. &key, privateKey, &prvkSz, NULL, &pubkSz)) {
  19791. ret = -1;
  19792. }
  19793. }
  19794. if (ret == 0) {
  19795. prvkSz = CURVE25519_KEYSIZE;
  19796. pubkSz = CURVE25519_KEYSIZE;
  19797. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw(
  19798. &key, privateKey, &prvkSz, publicKey, NULL )) {
  19799. ret = -1;
  19800. }
  19801. }
  19802. /*
  19803. cross-testing
  19804. */
  19805. if (ret == 0) {
  19806. prksz = CURVE25519_KEYSIZE;
  19807. ret = wc_curve25519_export_private_raw(&key, prik, &prksz);
  19808. }
  19809. if (ret == 0) {
  19810. pbksz = CURVE25519_KEYSIZE;
  19811. ret = wc_curve25519_export_public(&key, pubk, &pbksz);
  19812. }
  19813. if (ret == 0) {
  19814. prvkSz = CURVE25519_KEYSIZE;
  19815. /* pubkSz = CURVE25519_KEYSIZE; */
  19816. ret = wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
  19817. publicKey, &pubkSz);
  19818. }
  19819. if (ret == 0) {
  19820. if ((prksz == CURVE25519_KEYSIZE) &&
  19821. (pbksz == CURVE25519_KEYSIZE) &&
  19822. (prvkSz == CURVE25519_KEYSIZE) &&
  19823. (pubkSz == CURVE25519_KEYSIZE)) {
  19824. if (0 != XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE) ||
  19825. 0 != XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE)) {
  19826. ret = -1;
  19827. }
  19828. }
  19829. }
  19830. wc_curve25519_free(&key);
  19831. wc_FreeRng(&rng);
  19832. res = TEST_RES_CHECK(ret == 0);
  19833. #endif
  19834. return res;
  19835. } /* end of test_wc_curve25519_export_key_raw */
  19836. /*
  19837. * Testing test_wc_curve25519_export_key_raw_ex().
  19838. */
  19839. static int test_wc_curve25519_export_key_raw_ex(void)
  19840. {
  19841. int res = TEST_SKIPPED;
  19842. #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
  19843. curve25519_key key;
  19844. WC_RNG rng;
  19845. int ret;
  19846. byte privateKey[CURVE25519_KEYSIZE];
  19847. byte publicKey[CURVE25519_KEYSIZE];
  19848. word32 prvkSz;
  19849. word32 pubkSz;
  19850. byte prik[CURVE25519_KEYSIZE];
  19851. byte pubk[CURVE25519_KEYSIZE];
  19852. word32 prksz;
  19853. word32 pbksz;
  19854. if (0 != wc_InitRng(&rng)) {
  19855. return TEST_FAIL;
  19856. }
  19857. if (0 != wc_curve25519_init(&key)) {
  19858. wc_FreeRng(&rng);
  19859. return TEST_FAIL;
  19860. }
  19861. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  19862. /*
  19863. bad-argument-test cases
  19864. target function sould return BAD_FUNC_ARG
  19865. */
  19866. if (ret == 0) {
  19867. prvkSz = CURVE25519_KEYSIZE;
  19868. pubkSz = CURVE25519_KEYSIZE;
  19869. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL , privateKey,
  19870. &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)) {
  19871. ret = -1;
  19872. }
  19873. }
  19874. if (ret == 0) {
  19875. prvkSz = CURVE25519_KEYSIZE;
  19876. pubkSz = CURVE25519_KEYSIZE;
  19877. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key , NULL,
  19878. &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)) {
  19879. ret = -1;
  19880. }
  19881. }
  19882. if (ret == 0) {
  19883. prvkSz = CURVE25519_KEYSIZE;
  19884. pubkSz = CURVE25519_KEYSIZE;
  19885. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key,privateKey,
  19886. NULL, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)) {
  19887. ret = -1;
  19888. }
  19889. }
  19890. if (ret == 0) {
  19891. /* prvkSz = CURVE25519_KEYSIZE; */
  19892. pubkSz = CURVE25519_KEYSIZE;
  19893. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
  19894. &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN)) {
  19895. ret = -1;
  19896. }
  19897. }
  19898. if (ret == 0) {
  19899. prvkSz = CURVE25519_KEYSIZE;
  19900. pubkSz = CURVE25519_KEYSIZE;
  19901. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
  19902. &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN)) {
  19903. ret = -1;
  19904. }
  19905. }
  19906. if (ret == 0) {
  19907. prvkSz = CURVE25519_KEYSIZE;
  19908. /* pubkSz = CURVE25519_KEYSIZE; */
  19909. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL, privateKey,
  19910. &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)) {
  19911. ret = -1;
  19912. }
  19913. }
  19914. if (ret == 0) {
  19915. prvkSz = CURVE25519_KEYSIZE;
  19916. pubkSz = CURVE25519_KEYSIZE;
  19917. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, NULL,
  19918. &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)) {
  19919. ret = -1;
  19920. }
  19921. }
  19922. if (ret == 0) {
  19923. prvkSz = CURVE25519_KEYSIZE;
  19924. pubkSz = CURVE25519_KEYSIZE;
  19925. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
  19926. NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)) {
  19927. ret = -1;
  19928. }
  19929. }
  19930. if (ret == 0) {
  19931. /* prvkSz = CURVE25519_KEYSIZE; */
  19932. pubkSz = CURVE25519_KEYSIZE;
  19933. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
  19934. &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN)) {
  19935. ret = -1;
  19936. }
  19937. }
  19938. if (ret == 0) {
  19939. prvkSz = CURVE25519_KEYSIZE;
  19940. pubkSz = CURVE25519_KEYSIZE;
  19941. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
  19942. &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN)) {
  19943. ret = -1;
  19944. }
  19945. }
  19946. /* illegal value for endien */
  19947. if (ret == 0) {
  19948. prvkSz = CURVE25519_KEYSIZE;
  19949. /* pubkSz = CURVE25519_KEYSIZE; */
  19950. if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex(&key, privateKey,
  19951. &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN + 10)) {
  19952. ret = -1;
  19953. }
  19954. }
  19955. /*
  19956. cross-testing
  19957. */
  19958. if (ret == 0) {
  19959. prksz = CURVE25519_KEYSIZE;
  19960. ret = wc_curve25519_export_private_raw( &key, prik, &prksz);
  19961. }
  19962. if (ret == 0) {
  19963. pbksz = CURVE25519_KEYSIZE;
  19964. ret = wc_curve25519_export_public( &key, pubk, &pbksz);
  19965. }
  19966. if (ret == 0) {
  19967. prvkSz = CURVE25519_KEYSIZE;
  19968. /* pubkSz = CURVE25519_KEYSIZE; */
  19969. ret = wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz,
  19970. publicKey, &pubkSz, EC25519_BIG_ENDIAN);
  19971. }
  19972. if (ret == 0 && (prksz != CURVE25519_KEYSIZE ||
  19973. pbksz != CURVE25519_KEYSIZE ||
  19974. prvkSz != CURVE25519_KEYSIZE ||
  19975. pubkSz != CURVE25519_KEYSIZE)) {
  19976. ret = -1;
  19977. }
  19978. if (ret == 0 && (0 != XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE) ||
  19979. 0 != XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE))) {
  19980. ret = -1;
  19981. }
  19982. if (ret == 0) {
  19983. ret = wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
  19984. publicKey, &pubkSz, EC25519_LITTLE_ENDIAN);
  19985. }
  19986. if (ret == 0 && (prvkSz != CURVE25519_KEYSIZE ||
  19987. pubkSz != CURVE25519_KEYSIZE)) {
  19988. ret = -1;
  19989. }
  19990. /*
  19991. try once with another endian
  19992. */
  19993. if (ret == 0) {
  19994. prvkSz = CURVE25519_KEYSIZE;
  19995. pubkSz = CURVE25519_KEYSIZE;
  19996. ret = wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz,
  19997. publicKey, &pubkSz, EC25519_BIG_ENDIAN);
  19998. }
  19999. if (ret == 0 && (prvkSz != CURVE25519_KEYSIZE ||
  20000. pubkSz != CURVE25519_KEYSIZE)) {
  20001. ret = -1;
  20002. }
  20003. wc_curve25519_free(&key);
  20004. wc_FreeRng(&rng);
  20005. res = TEST_RES_CHECK(ret == 0);
  20006. #endif
  20007. return res;
  20008. } /* end of test_wc_curve25519_export_key_raw_ex */
  20009. /*
  20010. * Testing wc_curve25519_make_key
  20011. */
  20012. static int test_wc_curve25519_make_key(void)
  20013. {
  20014. int res = TEST_SKIPPED;
  20015. #if defined(HAVE_CURVE25519)
  20016. WC_RNG rng;
  20017. curve25519_key key;
  20018. int keysize;
  20019. int ret;
  20020. ret = wc_curve25519_init(&key);
  20021. if (ret == 0) {
  20022. ret = wc_InitRng(&rng);
  20023. }
  20024. if (ret == 0) {
  20025. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  20026. if (ret == 0) {
  20027. keysize = wc_curve25519_size(&key);
  20028. if (keysize != CURVE25519_KEYSIZE) {
  20029. ret = WOLFSSL_FATAL_ERROR;
  20030. }
  20031. }
  20032. if (ret == 0) {
  20033. ret = wc_curve25519_make_key(&rng, keysize, &key);
  20034. }
  20035. }
  20036. /*test bad cases*/
  20037. if (ret == 0) {
  20038. ret = wc_curve25519_make_key(NULL, 0, NULL);
  20039. if (ret == BAD_FUNC_ARG) {
  20040. ret = 0;
  20041. }
  20042. }
  20043. if (ret == 0) {
  20044. ret = wc_curve25519_make_key(&rng, keysize, NULL);
  20045. if (ret == BAD_FUNC_ARG) {
  20046. ret = 0;
  20047. }
  20048. }
  20049. if (ret == 0) {
  20050. ret = wc_curve25519_make_key(NULL, keysize, &key);
  20051. if (ret == BAD_FUNC_ARG) {
  20052. ret = 0;
  20053. }
  20054. }
  20055. if (ret == 0) {
  20056. ret = wc_curve25519_make_key(&rng, 0, &key);
  20057. if (ret == ECC_BAD_ARG_E) {
  20058. ret = 0;
  20059. }
  20060. }
  20061. wc_curve25519_free(&key);
  20062. wc_FreeRng(&rng);
  20063. res = TEST_RES_CHECK(ret == 0);
  20064. #endif
  20065. return res;
  20066. } /*END test_wc_curve25519_make_key*/
  20067. /*
  20068. * Testing wc_curve25519_shared_secret_ex
  20069. */
  20070. static int test_wc_curve25519_shared_secret_ex(void)
  20071. {
  20072. int res = TEST_SKIPPED;
  20073. #if defined(HAVE_CURVE25519)
  20074. WC_RNG rng;
  20075. curve25519_key private_key, public_key;
  20076. byte out[CURVE25519_KEYSIZE];
  20077. word32 outLen = sizeof(out);
  20078. int endian = EC25519_BIG_ENDIAN;
  20079. int ret;
  20080. ret = wc_curve25519_init(&private_key);
  20081. if (ret == 0) {
  20082. ret = wc_curve25519_init(&public_key);
  20083. }
  20084. if (ret == 0) {
  20085. ret = wc_InitRng(&rng);
  20086. }
  20087. if (ret == 0) {
  20088. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key);
  20089. }
  20090. if (ret == 0) {
  20091. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key);
  20092. }
  20093. if (ret == 0) {
  20094. ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
  20095. &outLen, endian);
  20096. }
  20097. /*test bad cases*/
  20098. if (ret == 0) {
  20099. ret = wc_curve25519_shared_secret_ex(NULL, NULL, NULL,
  20100. 0, endian);
  20101. if (ret == 0) {
  20102. ret = -1;
  20103. }
  20104. if (ret == BAD_FUNC_ARG) {
  20105. ret = 0;
  20106. }
  20107. }
  20108. if (ret == 0) {
  20109. ret = wc_curve25519_shared_secret_ex(NULL, &public_key, out,
  20110. &outLen, endian);
  20111. if (ret == 0) {
  20112. ret = -1;
  20113. }
  20114. else if (ret == BAD_FUNC_ARG) {
  20115. ret = 0;
  20116. }
  20117. }
  20118. if (ret == 0) {
  20119. ret = wc_curve25519_shared_secret_ex(&private_key, NULL, out,
  20120. &outLen, endian);
  20121. if (ret == 0) {
  20122. ret = -1;
  20123. }
  20124. else if (ret == BAD_FUNC_ARG) {
  20125. ret = 0;
  20126. }
  20127. }
  20128. if (ret == 0) {
  20129. ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
  20130. &outLen, endian);
  20131. if (ret == 0) {
  20132. ret = -1;
  20133. }
  20134. else if (ret == BAD_FUNC_ARG) {
  20135. ret = 0;
  20136. }
  20137. }
  20138. if (ret == 0) {
  20139. ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
  20140. NULL, endian);
  20141. if (ret == 0) {
  20142. ret = -1;
  20143. }
  20144. else if (ret == BAD_FUNC_ARG) {
  20145. ret = 0;
  20146. }
  20147. }
  20148. if (ret == 0) {
  20149. /*curve25519.c is checking for public_key size less than or equal to 0x7f,
  20150. *increasing to 0x8f checks for error being returned*/
  20151. public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
  20152. ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
  20153. &outLen, endian);
  20154. if (ret == 0) {
  20155. ret = -1;
  20156. }
  20157. else if (ret == ECC_BAD_ARG_E) {
  20158. ret = 0;
  20159. }
  20160. }
  20161. outLen = outLen - 2;
  20162. if (ret == 0) {
  20163. ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
  20164. &outLen, endian);
  20165. if (ret == 0) {
  20166. ret = -1;
  20167. }
  20168. else if (ret == BAD_FUNC_ARG) {
  20169. ret = 0;
  20170. }
  20171. }
  20172. wc_curve25519_free(&private_key);
  20173. wc_curve25519_free(&public_key);
  20174. wc_FreeRng(&rng);
  20175. res = TEST_RES_CHECK(ret == 0);
  20176. #endif
  20177. return res;
  20178. } /*END test_wc_curve25519_shared_secret_ex*/
  20179. /*
  20180. * Testing wc_curve25519_make_pub
  20181. */
  20182. static int test_wc_curve25519_make_pub(void)
  20183. {
  20184. int res = TEST_SKIPPED;
  20185. #ifdef HAVE_CURVE25519
  20186. WC_RNG rng;
  20187. curve25519_key key;
  20188. byte out[CURVE25519_KEYSIZE];
  20189. int ret;
  20190. ret = wc_curve25519_init(&key);
  20191. if (ret == 0) {
  20192. ret = wc_InitRng(&rng);
  20193. if (ret == 0) {
  20194. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  20195. }
  20196. }
  20197. if (ret == 0) {
  20198. ret = wc_curve25519_make_pub((int)sizeof(out), out, (int)sizeof(key.k), key.k);
  20199. }
  20200. /*test bad cases*/
  20201. if (ret == 0) {
  20202. ret = wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k, (int)sizeof out, out);
  20203. if (ret == ECC_BAD_ARG_E) {
  20204. ret = 0;
  20205. }
  20206. }
  20207. if (ret == 0) {
  20208. ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), NULL);
  20209. if (ret == ECC_BAD_ARG_E) {
  20210. ret = 0;
  20211. }
  20212. }
  20213. if (ret == 0) {
  20214. ret = wc_curve25519_make_pub((int)sizeof out - 1, out, (int)sizeof(key.k), key.k);
  20215. if (ret == ECC_BAD_ARG_E) {
  20216. ret = 0;
  20217. }
  20218. }
  20219. if (ret == 0) {
  20220. ret = wc_curve25519_make_pub((int)sizeof out, NULL, (int)sizeof(key.k), key.k);
  20221. if (ret == ECC_BAD_ARG_E) {
  20222. ret = 0;
  20223. }
  20224. }
  20225. if (ret == 0) {
  20226. /* verify clamping test */
  20227. key.k[0] |= ~248;
  20228. ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k);
  20229. if (ret == ECC_BAD_ARG_E) {
  20230. ret = 0;
  20231. }
  20232. key.k[0] &= 248;
  20233. }
  20234. /* repeat the expected-to-succeed test. */
  20235. if (ret == 0) {
  20236. ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k);
  20237. }
  20238. wc_curve25519_free(&key);
  20239. wc_FreeRng(&rng);
  20240. res = TEST_RES_CHECK(ret == 0);
  20241. #endif
  20242. return res;
  20243. } /*END test_wc_curve25519_make_pub */
  20244. /*
  20245. * Testing test_wc_curve25519_export_public_ex
  20246. */
  20247. static int test_wc_curve25519_export_public_ex(void)
  20248. {
  20249. int res = TEST_SKIPPED;
  20250. #if defined(HAVE_CURVE25519)
  20251. WC_RNG rng;
  20252. curve25519_key key;
  20253. byte out[CURVE25519_KEYSIZE];
  20254. word32 outLen = sizeof(out);
  20255. int endian = EC25519_BIG_ENDIAN;
  20256. int ret;
  20257. ret = wc_curve25519_init(&key);
  20258. if (ret == 0) {
  20259. ret = wc_InitRng(&rng);
  20260. }
  20261. if (ret == 0) {
  20262. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  20263. if (ret == 0) {
  20264. ret = wc_curve25519_export_public(&key, out, &outLen);
  20265. }
  20266. if (ret == 0) {
  20267. ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
  20268. }
  20269. }
  20270. /*test bad cases*/
  20271. if (ret == 0) {
  20272. ret = wc_curve25519_export_public_ex(NULL, NULL, NULL, endian);
  20273. if (ret == BAD_FUNC_ARG) {
  20274. ret = 0;
  20275. }
  20276. }
  20277. if (ret == 0) {
  20278. ret = wc_curve25519_export_public_ex(NULL, out, &outLen, endian);
  20279. if (ret == BAD_FUNC_ARG) {
  20280. ret = 0;
  20281. }
  20282. }
  20283. if (ret == 0) {
  20284. ret = wc_curve25519_export_public_ex(&key, NULL, &outLen, endian);
  20285. if (ret == BAD_FUNC_ARG) {
  20286. ret = 0;
  20287. }
  20288. }
  20289. if (ret == 0) {
  20290. ret = wc_curve25519_export_public_ex(&key, out, NULL, endian);
  20291. if (ret == BAD_FUNC_ARG) {
  20292. ret = 0;
  20293. }
  20294. }
  20295. outLen = outLen - 2;
  20296. if (ret == 0) {
  20297. ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
  20298. if (ret == ECC_BAD_ARG_E) {
  20299. ret = 0;
  20300. }
  20301. }
  20302. wc_curve25519_free(&key);
  20303. wc_FreeRng(&rng);
  20304. res = TEST_RES_CHECK(ret == 0);
  20305. #endif
  20306. return res;
  20307. } /*END test_wc_curve25519_export_public_ex*/
  20308. /*
  20309. * Testing test_wc_curve25519_import_private_raw_ex
  20310. */
  20311. static int test_wc_curve25519_import_private_raw_ex(void)
  20312. {
  20313. int res = TEST_SKIPPED;
  20314. #if defined(HAVE_CURVE25519)
  20315. WC_RNG rng;
  20316. curve25519_key key;
  20317. byte priv[CURVE25519_KEYSIZE];
  20318. byte pub[CURVE25519_KEYSIZE];
  20319. word32 privSz = sizeof(priv);
  20320. word32 pubSz = sizeof(pub);
  20321. int endian = EC25519_BIG_ENDIAN;
  20322. int ret;
  20323. ret = wc_curve25519_init(&key);
  20324. if (ret == 0) {
  20325. ret = wc_InitRng(&rng);
  20326. }
  20327. if (ret == 0) {
  20328. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  20329. if (ret == 0) {
  20330. ret = wc_curve25519_export_private_raw_ex(&key, priv, &privSz, endian);
  20331. }
  20332. if (ret == 0) {
  20333. ret = wc_curve25519_export_public(&key, pub, &pubSz);
  20334. }
  20335. if (ret == 0) {
  20336. ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
  20337. &key, endian);
  20338. }
  20339. }
  20340. /*test bad cases*/
  20341. if (ret == 0) {
  20342. ret = wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL,
  20343. endian);
  20344. if (ret == BAD_FUNC_ARG) {
  20345. ret = 0;
  20346. }
  20347. }
  20348. if (ret == 0) {
  20349. ret = wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz,
  20350. &key, endian);
  20351. if (ret == BAD_FUNC_ARG) {
  20352. ret = 0;
  20353. }
  20354. }
  20355. if (ret == 0) {
  20356. ret = wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz,
  20357. &key, endian);
  20358. if (ret == BAD_FUNC_ARG) {
  20359. ret = 0;
  20360. }
  20361. }
  20362. if (ret == 0) {
  20363. ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
  20364. NULL, endian);
  20365. if (ret == BAD_FUNC_ARG) {
  20366. ret = 0;
  20367. }
  20368. }
  20369. if (ret == 0) {
  20370. ret = wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz,
  20371. &key, endian);
  20372. if (ret == ECC_BAD_ARG_E) {
  20373. ret = 0;
  20374. }
  20375. }
  20376. if (ret == 0) {
  20377. ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0,
  20378. &key, endian);
  20379. if (ret == ECC_BAD_ARG_E) {
  20380. ret = 0;
  20381. }
  20382. }
  20383. if (ret == 0) {
  20384. ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
  20385. &key, EC25519_LITTLE_ENDIAN);
  20386. }
  20387. wc_curve25519_free(&key);
  20388. wc_FreeRng(&rng);
  20389. res = TEST_RES_CHECK(ret == 0);
  20390. #endif
  20391. return res;
  20392. } /*END test_wc_curve25519_import_private_raw_ex*/
  20393. /*
  20394. * Testing test_wc_curve25519_import_private
  20395. */
  20396. static int test_wc_curve25519_import_private(void)
  20397. {
  20398. int res = TEST_SKIPPED;
  20399. #if defined(HAVE_CURVE25519)
  20400. curve25519_key key;
  20401. WC_RNG rng;
  20402. byte priv[CURVE25519_KEYSIZE];
  20403. word32 privSz = sizeof(priv);
  20404. int ret;
  20405. ret = wc_curve25519_init(&key);
  20406. if (ret == 0) {
  20407. ret = wc_InitRng(&rng);
  20408. }
  20409. if (ret == 0) {
  20410. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  20411. if (ret == 0) {
  20412. ret = wc_curve25519_export_private_raw(&key, priv, &privSz);
  20413. }
  20414. }
  20415. if (ret == 0) {
  20416. ret = wc_curve25519_import_private(priv, privSz, &key);
  20417. }
  20418. wc_curve25519_free(&key);
  20419. wc_FreeRng(&rng);
  20420. res = TEST_RES_CHECK(ret == 0);
  20421. #endif
  20422. return res;
  20423. } /*END test_wc_curve25519_import*/
  20424. /*
  20425. * Testing test_wc_curve25519_export_private_raw_ex
  20426. */
  20427. static int test_wc_curve25519_export_private_raw_ex(void)
  20428. {
  20429. int res = TEST_SKIPPED;
  20430. #if defined(HAVE_CURVE25519)
  20431. curve25519_key key;
  20432. byte out[CURVE25519_KEYSIZE];
  20433. word32 outLen = sizeof(out);
  20434. int endian = EC25519_BIG_ENDIAN;
  20435. int ret;
  20436. ret = wc_curve25519_init(&key);
  20437. if (ret == 0) {
  20438. ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
  20439. }
  20440. /*test bad cases*/
  20441. if (ret == 0) {
  20442. ret = wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian);
  20443. if (ret == BAD_FUNC_ARG) {
  20444. ret = 0;
  20445. }
  20446. }
  20447. if (ret == 0) {
  20448. ret = wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian);
  20449. if (ret == BAD_FUNC_ARG) {
  20450. ret = 0;
  20451. }
  20452. }
  20453. if (ret == 0) {
  20454. ret = wc_curve25519_export_private_raw_ex(&key, NULL, &outLen, endian);
  20455. if (ret == BAD_FUNC_ARG) {
  20456. ret = 0;
  20457. }
  20458. }
  20459. if (ret == 0) {
  20460. ret = wc_curve25519_export_private_raw_ex(&key, out, NULL, endian);
  20461. if (ret == BAD_FUNC_ARG) {
  20462. ret = 0;
  20463. }
  20464. }
  20465. if (ret == 0) {
  20466. ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen,
  20467. EC25519_LITTLE_ENDIAN);
  20468. }
  20469. outLen = outLen - 2;
  20470. if (ret == 0) {
  20471. ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
  20472. if (ret == ECC_BAD_ARG_E) {
  20473. ret = 0;
  20474. }
  20475. }
  20476. wc_curve25519_free(&key);
  20477. res = TEST_RES_CHECK(ret == 0);
  20478. #endif
  20479. return res;
  20480. }/*END test_wc_curve25519_export_private_raw_ex*/
  20481. /*
  20482. * Testing wc_ed448_make_key().
  20483. */
  20484. static int test_wc_ed448_make_key(void)
  20485. {
  20486. int res = TEST_SKIPPED;
  20487. #if defined(HAVE_ED448)
  20488. ed448_key key;
  20489. WC_RNG rng;
  20490. unsigned char pubkey[ED448_PUB_KEY_SIZE];
  20491. int ret;
  20492. ret = wc_InitRng(&rng);
  20493. if (ret == 0) {
  20494. ret = wc_ed448_init(&key);
  20495. }
  20496. if (ret == 0) {
  20497. ret = wc_ed448_make_public(&key, pubkey, sizeof(pubkey));
  20498. if (ret == ECC_PRIV_KEY_E) {
  20499. ret = 0;
  20500. }
  20501. else if (ret == 0) {
  20502. ret = -1;
  20503. }
  20504. }
  20505. if (ret == 0) {
  20506. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  20507. }
  20508. /* Test bad args. */
  20509. if (ret == 0) {
  20510. ret = wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key);
  20511. if (ret == BAD_FUNC_ARG) {
  20512. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL);
  20513. }
  20514. if (ret == BAD_FUNC_ARG) {
  20515. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key);
  20516. }
  20517. if (ret == BAD_FUNC_ARG) {
  20518. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key);
  20519. }
  20520. if (ret == BAD_FUNC_ARG) {
  20521. ret = 0;
  20522. }
  20523. else if (ret == 0) {
  20524. ret = WOLFSSL_FATAL_ERROR;
  20525. }
  20526. }
  20527. if (wc_FreeRng(&rng) && ret == 0) {
  20528. ret = WOLFSSL_FATAL_ERROR;
  20529. }
  20530. wc_ed448_free(&key);
  20531. res = TEST_RES_CHECK(ret == 0);
  20532. #endif
  20533. return res;
  20534. } /* END test_wc_ed448_make_key */
  20535. /*
  20536. * Testing wc_ed448_init()
  20537. */
  20538. static int test_wc_ed448_init(void)
  20539. {
  20540. int res = TEST_SKIPPED;
  20541. #if defined(HAVE_ED448)
  20542. ed448_key key;
  20543. int ret;
  20544. ret = wc_ed448_init(&key);
  20545. /* Test bad args. */
  20546. if (ret == 0) {
  20547. ret = wc_ed448_init(NULL);
  20548. if (ret == BAD_FUNC_ARG) {
  20549. ret = 0;
  20550. }
  20551. else if (ret == 0) {
  20552. ret = WOLFSSL_FATAL_ERROR;
  20553. }
  20554. }
  20555. wc_ed448_free(&key);
  20556. res = TEST_RES_CHECK(ret == 0);
  20557. #endif
  20558. return res;
  20559. } /* END test_wc_ed448_init */
  20560. /*
  20561. * Test wc_ed448_sign_msg() and wc_ed448_verify_msg()
  20562. */
  20563. static int test_wc_ed448_sign_msg(void)
  20564. {
  20565. int res = TEST_SKIPPED;
  20566. #if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN)
  20567. WC_RNG rng;
  20568. ed448_key key;
  20569. byte msg[] = "Everybody gets Friday off.\n";
  20570. byte sig[ED448_SIG_SIZE];
  20571. word32 msglen = sizeof(msg);
  20572. word32 siglen = sizeof(sig);
  20573. word32 badSigLen = sizeof(sig) - 1;
  20574. #ifdef HAVE_ED448_VERIFY
  20575. int verify_ok = 0; /*1 = Verify success.*/
  20576. #endif
  20577. int ret;
  20578. /* Initialize stack variables. */
  20579. XMEMSET(sig, 0, siglen);
  20580. /* Initialize key. */
  20581. ret = wc_InitRng(&rng);
  20582. if (ret == 0) {
  20583. ret = wc_ed448_init(&key);
  20584. if (ret == 0) {
  20585. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  20586. }
  20587. }
  20588. if (ret == 0) {
  20589. ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0);
  20590. }
  20591. /* Test bad args. */
  20592. if (ret == 0 && siglen == ED448_SIG_SIZE) {
  20593. ret = wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0);
  20594. if (ret == BAD_FUNC_ARG) {
  20595. ret = wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0);
  20596. }
  20597. if (ret == BAD_FUNC_ARG) {
  20598. ret = wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0);
  20599. }
  20600. if (ret == BAD_FUNC_ARG) {
  20601. ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0);
  20602. }
  20603. if (ret == BAD_FUNC_ARG) {
  20604. ret = wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key,
  20605. NULL, 0);
  20606. }
  20607. if (ret == BUFFER_E && badSigLen == ED448_SIG_SIZE) {
  20608. badSigLen -= 1;
  20609. ret = 0;
  20610. }
  20611. else if (ret == 0) {
  20612. ret = WOLFSSL_FATAL_ERROR;
  20613. }
  20614. } /* END sign */
  20615. #ifdef HAVE_ED448_VERIFY
  20616. if (ret == 0) {
  20617. ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok,
  20618. &key, NULL, 0);
  20619. if (ret == 0 && verify_ok == 1) {
  20620. ret = 0;
  20621. }
  20622. else if (ret == 0) {
  20623. ret = WOLFSSL_FATAL_ERROR;
  20624. }
  20625. /* Test bad args. */
  20626. if (ret == 0) {
  20627. AssertIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg,
  20628. msglen, &verify_ok, &key, NULL, 0), BAD_FUNC_ARG);
  20629. AssertIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg,
  20630. msglen, &verify_ok, &key, NULL, 0), BAD_FUNC_ARG);
  20631. ret = wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
  20632. &key, NULL, 0);
  20633. if (ret == BAD_FUNC_ARG) {
  20634. ret = wc_ed448_verify_msg(sig, siglen, NULL, msglen,
  20635. &verify_ok, &key, NULL, 0);
  20636. }
  20637. if (ret == BAD_FUNC_ARG) {
  20638. ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
  20639. NULL, &key, NULL, 0);
  20640. }
  20641. if (ret == BAD_FUNC_ARG) {
  20642. ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
  20643. &verify_ok, NULL, NULL, 0);
  20644. }
  20645. if (ret == BAD_FUNC_ARG) {
  20646. ret = wc_ed448_verify_msg(sig, badSigLen, msg, msglen,
  20647. &verify_ok, &key, NULL, 0);
  20648. }
  20649. if (ret == BAD_FUNC_ARG) {
  20650. ret = 0;
  20651. }
  20652. else if (ret == 0) {
  20653. ret = WOLFSSL_FATAL_ERROR;
  20654. }
  20655. }
  20656. } /* END verify. */
  20657. #endif /* Verify. */
  20658. if (wc_FreeRng(&rng) && ret == 0) {
  20659. ret = WOLFSSL_FATAL_ERROR;
  20660. }
  20661. wc_ed448_free(&key);
  20662. res = TEST_RES_CHECK(ret == 0);
  20663. #endif
  20664. return res;
  20665. } /* END test_wc_ed448_sign_msg */
  20666. /*
  20667. * Testing wc_ed448_import_public()
  20668. */
  20669. static int test_wc_ed448_import_public(void)
  20670. {
  20671. int res = TEST_SKIPPED;
  20672. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
  20673. WC_RNG rng;
  20674. ed448_key pubKey;
  20675. const byte in[] =
  20676. "Ed448PublicKeyUnitTest.................................\n";
  20677. word32 inlen = sizeof(in);
  20678. int ret = 0;
  20679. ret = wc_InitRng(&rng);
  20680. if (ret == 0) {
  20681. ret = wc_ed448_init(&pubKey);
  20682. if (ret == 0) {
  20683. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey);
  20684. }
  20685. }
  20686. if (ret == 0) {
  20687. ret = wc_ed448_import_public_ex(in, inlen, &pubKey, 1);
  20688. if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
  20689. ret = 0;
  20690. }
  20691. else {
  20692. ret = WOLFSSL_FATAL_ERROR;
  20693. }
  20694. /* Test bad args. */
  20695. if (ret == 0) {
  20696. ret = wc_ed448_import_public(NULL, inlen, &pubKey);
  20697. if (ret == BAD_FUNC_ARG) {
  20698. ret = wc_ed448_import_public(in, inlen, NULL);
  20699. }
  20700. if (ret == BAD_FUNC_ARG) {
  20701. ret = wc_ed448_import_public(in, inlen - 1, &pubKey);
  20702. }
  20703. if (ret == BAD_FUNC_ARG) {
  20704. ret = 0;
  20705. }
  20706. else if (ret == 0) {
  20707. ret = WOLFSSL_FATAL_ERROR;
  20708. }
  20709. }
  20710. }
  20711. if (wc_FreeRng(&rng) && ret == 0) {
  20712. ret = WOLFSSL_FATAL_ERROR;
  20713. }
  20714. wc_ed448_free(&pubKey);
  20715. res = TEST_RES_CHECK(ret == 0);
  20716. #endif
  20717. return res;
  20718. } /* END wc_ed448_import_public */
  20719. /*
  20720. * Testing wc_ed448_import_private_key()
  20721. */
  20722. static int test_wc_ed448_import_private_key(void)
  20723. {
  20724. int res = TEST_SKIPPED;
  20725. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
  20726. WC_RNG rng;
  20727. ed448_key key;
  20728. const byte privKey[] =
  20729. "Ed448PrivateKeyUnitTest................................\n";
  20730. const byte pubKey[] =
  20731. "Ed448PublicKeyUnitTest.................................\n";
  20732. word32 privKeySz = sizeof(privKey);
  20733. word32 pubKeySz = sizeof(pubKey);
  20734. #ifdef HAVE_ED448_KEY_EXPORT
  20735. byte bothKeys[sizeof(privKey) + sizeof(pubKey)];
  20736. word32 bothKeysSz = sizeof(bothKeys);
  20737. #endif
  20738. int ret;
  20739. ret = wc_InitRng(&rng);
  20740. if (ret != 0) {
  20741. return TEST_FAIL;
  20742. }
  20743. ret = wc_ed448_init(&key);
  20744. if (ret != 0) {
  20745. wc_FreeRng(&rng);
  20746. return TEST_FAIL;
  20747. }
  20748. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  20749. if (ret == 0) {
  20750. ret = wc_ed448_import_private_key_ex(privKey, privKeySz, pubKey,
  20751. pubKeySz, &key, 1);
  20752. if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 ||
  20753. XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
  20754. ret = WOLFSSL_FATAL_ERROR;
  20755. }
  20756. }
  20757. #ifdef HAVE_ED448_KEY_EXPORT
  20758. if (ret == 0)
  20759. ret = wc_ed448_export_private(&key, bothKeys, &bothKeysSz);
  20760. if (ret == 0) {
  20761. ret = wc_ed448_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0,
  20762. &key, 1);
  20763. if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 ||
  20764. XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
  20765. ret = WOLFSSL_FATAL_ERROR;
  20766. }
  20767. }
  20768. #endif
  20769. /* Test bad args. */
  20770. if (ret == 0) {
  20771. ret = wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
  20772. &key);
  20773. if (ret == BAD_FUNC_ARG) {
  20774. ret = wc_ed448_import_private_key(privKey, privKeySz, NULL,
  20775. pubKeySz, &key);
  20776. }
  20777. if (ret == BAD_FUNC_ARG) {
  20778. ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
  20779. pubKeySz, NULL);
  20780. }
  20781. if (ret == BAD_FUNC_ARG) {
  20782. ret = wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey,
  20783. pubKeySz, &key);
  20784. }
  20785. if (ret == BAD_FUNC_ARG) {
  20786. ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
  20787. pubKeySz - 1, &key);
  20788. }
  20789. if (ret == BAD_FUNC_ARG) {
  20790. ret = wc_ed448_import_private_key(privKey, privKeySz, NULL,
  20791. 0, &key);
  20792. }
  20793. if (ret == BAD_FUNC_ARG) {
  20794. ret = 0;
  20795. }
  20796. else if (ret == 0) {
  20797. ret = WOLFSSL_FATAL_ERROR;
  20798. }
  20799. }
  20800. if (wc_FreeRng(&rng) && ret == 0) {
  20801. ret = WOLFSSL_FATAL_ERROR;
  20802. }
  20803. wc_ed448_free(&key);
  20804. res = TEST_RES_CHECK(ret == 0);
  20805. #endif
  20806. return res;
  20807. } /* END test_wc_ed448_import_private_key */
  20808. /*
  20809. * Testing wc_ed448_export_public() and wc_ed448_export_private_only()
  20810. */
  20811. static int test_wc_ed448_export(void)
  20812. {
  20813. int res = TEST_SKIPPED;
  20814. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
  20815. WC_RNG rng;
  20816. ed448_key key;
  20817. byte priv[ED448_PRV_KEY_SIZE];
  20818. byte pub[ED448_PUB_KEY_SIZE];
  20819. word32 privSz = sizeof(priv);
  20820. word32 pubSz = sizeof(pub);
  20821. int ret;
  20822. ret = wc_InitRng(&rng);
  20823. if (ret != 0) {
  20824. return TEST_FAIL;
  20825. }
  20826. ret = wc_ed448_init(&key);
  20827. if (ret != 0) {
  20828. wc_FreeRng(&rng);
  20829. return TEST_FAIL;
  20830. }
  20831. if (ret == 0) {
  20832. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  20833. }
  20834. if (ret == 0) {
  20835. ret = wc_ed448_export_public(&key, pub, &pubSz);
  20836. if (ret == 0 && (pubSz != ED448_KEY_SIZE ||
  20837. XMEMCMP(key.p, pub, pubSz) != 0)) {
  20838. ret = WOLFSSL_FATAL_ERROR;
  20839. }
  20840. if (ret == 0) {
  20841. ret = wc_ed448_export_public(NULL, pub, &pubSz);
  20842. if (ret == BAD_FUNC_ARG) {
  20843. ret = wc_ed448_export_public(&key, NULL, &pubSz);
  20844. }
  20845. if (ret == BAD_FUNC_ARG) {
  20846. ret = wc_ed448_export_public(&key, pub, NULL);
  20847. }
  20848. if (ret == BAD_FUNC_ARG) {
  20849. ret = 0;
  20850. }
  20851. else if (ret == 0) {
  20852. ret = WOLFSSL_FATAL_ERROR;
  20853. }
  20854. }
  20855. }
  20856. if (ret == 0) {
  20857. ret = wc_ed448_export_private_only(&key, priv, &privSz);
  20858. if (ret == 0 && (privSz != ED448_KEY_SIZE ||
  20859. XMEMCMP(key.k, priv, privSz) != 0)) {
  20860. ret = WOLFSSL_FATAL_ERROR;
  20861. }
  20862. if (ret == 0) {
  20863. ret = wc_ed448_export_private_only(NULL, priv, &privSz);
  20864. if (ret == BAD_FUNC_ARG) {
  20865. ret = wc_ed448_export_private_only(&key, NULL, &privSz);
  20866. }
  20867. if (ret == BAD_FUNC_ARG) {
  20868. ret = wc_ed448_export_private_only(&key, priv, NULL);
  20869. }
  20870. if (ret == BAD_FUNC_ARG) {
  20871. ret = 0;
  20872. }
  20873. else if (ret == 0) {
  20874. ret = WOLFSSL_FATAL_ERROR;
  20875. }
  20876. }
  20877. }
  20878. if (wc_FreeRng(&rng) && ret == 0) {
  20879. ret = WOLFSSL_FATAL_ERROR;
  20880. }
  20881. wc_ed448_free(&key);
  20882. res = TEST_RES_CHECK(ret == 0);
  20883. #endif
  20884. return res;
  20885. } /* END test_wc_ed448_export */
  20886. /*
  20887. * Testing wc_ed448_size()
  20888. */
  20889. static int test_wc_ed448_size(void)
  20890. {
  20891. int res = TEST_SKIPPED;
  20892. #if defined(HAVE_ED448)
  20893. WC_RNG rng;
  20894. ed448_key key;
  20895. int ret = 0;
  20896. ret = wc_InitRng(&rng);
  20897. if (ret != 0) {
  20898. return TEST_FAIL;
  20899. }
  20900. ret = wc_ed448_init(&key);
  20901. if (ret != 0) {
  20902. wc_FreeRng(&rng);
  20903. return TEST_FAIL;
  20904. }
  20905. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  20906. if (ret != 0) {
  20907. wc_FreeRng(&rng);
  20908. wc_ed448_free(&key);
  20909. return TEST_FAIL;
  20910. }
  20911. ret = wc_ed448_size(&key);
  20912. /* Test bad args. */
  20913. if (ret == ED448_KEY_SIZE) {
  20914. ret = wc_ed448_size(NULL);
  20915. if (ret == BAD_FUNC_ARG) {
  20916. ret = 0;
  20917. }
  20918. }
  20919. if (ret == 0) {
  20920. ret = wc_ed448_sig_size(&key);
  20921. if (ret == ED448_SIG_SIZE) {
  20922. ret = 0;
  20923. }
  20924. /* Test bad args. */
  20925. if (ret == 0) {
  20926. ret = wc_ed448_sig_size(NULL);
  20927. if (ret == BAD_FUNC_ARG) {
  20928. ret = 0;
  20929. }
  20930. }
  20931. } /* END wc_ed448_sig_size() */
  20932. if (ret == 0) {
  20933. ret = wc_ed448_pub_size(&key);
  20934. if (ret == ED448_PUB_KEY_SIZE) {
  20935. ret = 0;
  20936. }
  20937. if (ret == 0) {
  20938. ret = wc_ed448_pub_size(NULL);
  20939. if (ret == BAD_FUNC_ARG) {
  20940. ret = 0;
  20941. }
  20942. }
  20943. } /* END wc_ed448_pub_size */
  20944. if (ret == 0) {
  20945. ret = wc_ed448_priv_size(&key);
  20946. if (ret == ED448_PRV_KEY_SIZE) {
  20947. ret = 0;
  20948. }
  20949. if (ret == 0) {
  20950. ret = wc_ed448_priv_size(NULL);
  20951. if (ret == BAD_FUNC_ARG) {
  20952. ret = 0;
  20953. }
  20954. }
  20955. } /* END wc_ed448_pub_size */
  20956. if (wc_FreeRng(&rng) && ret == 0) {
  20957. ret = WOLFSSL_FATAL_ERROR;
  20958. }
  20959. wc_ed448_free(&key);
  20960. res = TEST_RES_CHECK(ret == 0);
  20961. #endif
  20962. return res;
  20963. } /* END test_wc_ed448_size */
  20964. /*
  20965. * Testing wc_ed448_export_private() and wc_ed448_export_key()
  20966. */
  20967. static int test_wc_ed448_exportKey(void)
  20968. {
  20969. int res = TEST_SKIPPED;
  20970. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
  20971. WC_RNG rng;
  20972. ed448_key key;
  20973. byte priv[ED448_PRV_KEY_SIZE];
  20974. byte pub[ED448_PUB_KEY_SIZE];
  20975. byte privOnly[ED448_PRV_KEY_SIZE];
  20976. word32 privSz = sizeof(priv);
  20977. word32 pubSz = sizeof(pub);
  20978. word32 privOnlySz = sizeof(privOnly);
  20979. int ret;
  20980. ret = wc_InitRng(&rng);
  20981. if (ret != 0) {
  20982. return TEST_FAIL;
  20983. }
  20984. ret = wc_ed448_init(&key);
  20985. if (ret != 0) {
  20986. wc_FreeRng(&rng);
  20987. return TEST_FAIL;
  20988. }
  20989. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  20990. if (ret != 0) {
  20991. wc_FreeRng(&rng);
  20992. wc_ed448_free(&key);
  20993. return TEST_FAIL;
  20994. }
  20995. ret = wc_ed448_export_private(&key, privOnly, &privOnlySz);
  20996. if (ret == 0) {
  20997. ret = wc_ed448_export_private(NULL, privOnly, &privOnlySz);
  20998. if (ret == BAD_FUNC_ARG) {
  20999. ret = wc_ed448_export_private(&key, NULL, &privOnlySz);
  21000. }
  21001. if (ret == BAD_FUNC_ARG) {
  21002. ret = wc_ed448_export_private(&key, privOnly, NULL);
  21003. }
  21004. if (ret == BAD_FUNC_ARG) {
  21005. ret = 0;
  21006. }
  21007. else if (ret == 0) {
  21008. ret = WOLFSSL_FATAL_ERROR;
  21009. }
  21010. }
  21011. if (ret == 0) {
  21012. ret = wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz);
  21013. if (ret == 0) {
  21014. ret = wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz);
  21015. if (ret == BAD_FUNC_ARG) {
  21016. ret = wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz);
  21017. }
  21018. if (ret == BAD_FUNC_ARG) {
  21019. ret = wc_ed448_export_key(&key, priv, NULL, pub, &pubSz);
  21020. }
  21021. if (ret == BAD_FUNC_ARG) {
  21022. ret = wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz);
  21023. }
  21024. if (ret == BAD_FUNC_ARG) {
  21025. ret = wc_ed448_export_key(&key, priv, &privSz, pub, NULL);
  21026. }
  21027. if (ret == BAD_FUNC_ARG) {
  21028. ret = 0;
  21029. }
  21030. else if (ret == 0) {
  21031. ret = WOLFSSL_FATAL_ERROR;
  21032. }
  21033. }
  21034. } /* END wc_ed448_export_key() */
  21035. /* Cross check output. */
  21036. if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
  21037. ret = WOLFSSL_FATAL_ERROR;
  21038. }
  21039. if (wc_FreeRng(&rng) && ret == 0) {
  21040. ret = WOLFSSL_FATAL_ERROR;
  21041. }
  21042. wc_ed448_free(&key);
  21043. res = TEST_RES_CHECK(ret == 0);
  21044. #endif
  21045. return res;
  21046. } /* END test_wc_ed448_exportKey */
  21047. /*
  21048. * Testing wc_Ed448PublicKeyToDer
  21049. */
  21050. static int test_wc_Ed448PublicKeyToDer(void)
  21051. {
  21052. int res = TEST_SKIPPED;
  21053. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
  21054. (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
  21055. int tmp;
  21056. ed448_key key;
  21057. byte derBuf[1024];
  21058. int ret = 0;
  21059. /* Test bad args */
  21060. tmp = wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0);
  21061. if (tmp != BAD_FUNC_ARG) {
  21062. ret = WOLFSSL_FATAL_ERROR;
  21063. }
  21064. if (ret == 0) {
  21065. wc_ed448_init(&key);
  21066. tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0);
  21067. if (tmp != BUFFER_E) {
  21068. ret = WOLFSSL_FATAL_ERROR;
  21069. }
  21070. wc_ed448_free(&key);
  21071. }
  21072. /* Test good args */
  21073. if (ret == 0) {
  21074. WC_RNG rng;
  21075. ret = wc_InitRng(&rng);
  21076. if (ret != 0) {
  21077. return TEST_FAIL;
  21078. }
  21079. ret = wc_ed448_init(&key);
  21080. if (ret != 0) {
  21081. wc_FreeRng(&rng);
  21082. return TEST_FAIL;
  21083. }
  21084. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  21085. if (ret != 0) {
  21086. wc_FreeRng(&rng);
  21087. wc_ed448_free(&key);
  21088. return TEST_FAIL;
  21089. }
  21090. tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1);
  21091. if (tmp <= 0) {
  21092. ret = WOLFSSL_FATAL_ERROR;
  21093. }
  21094. wc_FreeRng(&rng);
  21095. wc_ed448_free(&key);
  21096. }
  21097. res = TEST_RES_CHECK(ret == 0);
  21098. #endif
  21099. return res;
  21100. } /* END testing wc_Ed448PublicKeyToDer */
  21101. /*
  21102. * Testing wc_curve448_init and wc_curve448_free.
  21103. */
  21104. static int test_wc_curve448_init(void)
  21105. {
  21106. int res = TEST_SKIPPED;
  21107. #if defined(HAVE_CURVE448)
  21108. curve448_key key;
  21109. int ret = 0;
  21110. ret = wc_curve448_init(&key);
  21111. /* Test bad args for wc_curve448_init */
  21112. if (ret == 0) {
  21113. ret = wc_curve448_init(NULL);
  21114. if (ret == BAD_FUNC_ARG) {
  21115. ret = 0;
  21116. }
  21117. else if (ret == 0) {
  21118. ret = WOLFSSL_FATAL_ERROR;
  21119. }
  21120. }
  21121. /* Test good args for wc_curve_448_free */
  21122. wc_curve448_free(&key);
  21123. wc_curve448_free(NULL);
  21124. res = TEST_RES_CHECK(ret == 0);
  21125. #endif
  21126. return res;
  21127. } /* END test_wc_curve448_init and wc_curve_448_free*/
  21128. /*
  21129. * Testing wc_curve448_make_key
  21130. */
  21131. static int test_wc_curve448_make_key(void)
  21132. {
  21133. int res = TEST_SKIPPED;
  21134. #if defined(HAVE_CURVE448)
  21135. WC_RNG rng;
  21136. curve448_key key;
  21137. int keysize;
  21138. int ret;
  21139. ret = wc_curve448_init(&key);
  21140. if (ret == 0) {
  21141. ret = wc_InitRng(&rng);
  21142. }
  21143. if (ret == 0) {
  21144. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
  21145. if (ret == 0) {
  21146. keysize = wc_curve448_size(&key);
  21147. if (keysize != CURVE448_KEY_SIZE) {
  21148. ret = WOLFSSL_FATAL_ERROR;
  21149. }
  21150. }
  21151. if (ret == 0) {
  21152. ret = wc_curve448_make_key(&rng, keysize, &key);
  21153. }
  21154. }
  21155. /* test bad cases */
  21156. if (ret == 0) {
  21157. ret = wc_curve448_make_key(NULL, 0, NULL);
  21158. if (ret == BAD_FUNC_ARG) {
  21159. ret = 0;
  21160. }
  21161. }
  21162. if (ret == 0) {
  21163. ret = wc_curve448_make_key(&rng, keysize, NULL);
  21164. if (ret == BAD_FUNC_ARG) {
  21165. ret = 0;
  21166. }
  21167. }
  21168. if (ret == 0) {
  21169. ret = wc_curve448_make_key(NULL, keysize, &key);
  21170. if (ret == BAD_FUNC_ARG) {
  21171. ret = 0;
  21172. }
  21173. }
  21174. if (ret == 0) {
  21175. ret = wc_curve448_make_key(&rng, 0, &key);
  21176. if (ret == ECC_BAD_ARG_E) {
  21177. ret = 0;
  21178. }
  21179. }
  21180. if (wc_FreeRng(&rng) != 0 && ret == 0) {
  21181. ret = WOLFSSL_FATAL_ERROR;
  21182. }
  21183. wc_curve448_free(&key);
  21184. res = TEST_RES_CHECK(ret == 0);
  21185. #endif
  21186. return res;
  21187. } /*END test_wc_curve448_make_key*/
  21188. /*
  21189. * Testing test_wc_curve448_shared_secret_ex
  21190. */
  21191. static int test_wc_curve448_shared_secret_ex(void)
  21192. {
  21193. int res = TEST_SKIPPED;
  21194. #if defined(HAVE_CURVE448)
  21195. WC_RNG rng;
  21196. curve448_key private_key, public_key;
  21197. byte out[CURVE448_KEY_SIZE];
  21198. word32 outLen = sizeof(out);
  21199. int endian = EC448_BIG_ENDIAN;
  21200. int ret;
  21201. ret = wc_curve448_init(&private_key);
  21202. if (ret == 0) {
  21203. ret = wc_InitRng(&rng);
  21204. if (ret == 0) {
  21205. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key);
  21206. }
  21207. }
  21208. if (ret == 0) {
  21209. ret = wc_curve448_init(&public_key);
  21210. }
  21211. if (ret == 0) {
  21212. if (ret == 0) {
  21213. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key);
  21214. }
  21215. }
  21216. if (ret == 0) {
  21217. ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
  21218. &outLen, endian);
  21219. }
  21220. /* test bad cases */
  21221. if (ret == 0) {
  21222. ret = wc_curve448_shared_secret_ex(NULL, NULL, NULL, 0, endian);
  21223. if (ret == BAD_FUNC_ARG) {
  21224. ret = 0;
  21225. }
  21226. }
  21227. if (ret == 0) {
  21228. ret = wc_curve448_shared_secret_ex(NULL, &public_key, out,
  21229. &outLen, endian);
  21230. if (ret == BAD_FUNC_ARG) {
  21231. ret = 0;
  21232. }
  21233. }
  21234. if (ret == 0) {
  21235. ret = wc_curve448_shared_secret_ex(&private_key, NULL, out,
  21236. &outLen, endian);
  21237. if (ret == BAD_FUNC_ARG) {
  21238. ret = 0;
  21239. }
  21240. }
  21241. if (ret == 0) {
  21242. ret = wc_curve448_shared_secret_ex(&private_key, &public_key, NULL,
  21243. &outLen, endian);
  21244. if (ret == BAD_FUNC_ARG) {
  21245. ret = 0;
  21246. }
  21247. }
  21248. if (ret == 0) {
  21249. ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
  21250. NULL, endian);
  21251. if (ret == BAD_FUNC_ARG) {
  21252. ret = 0;
  21253. }
  21254. }
  21255. outLen = outLen - 2;
  21256. if (ret == 0) {
  21257. ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
  21258. &outLen, endian);
  21259. if (ret == BAD_FUNC_ARG) {
  21260. ret = 0;
  21261. }
  21262. }
  21263. wc_curve448_free(&private_key);
  21264. wc_curve448_free(&public_key);
  21265. wc_FreeRng(&rng);
  21266. res = TEST_RES_CHECK(ret == 0);
  21267. #endif
  21268. return res;
  21269. } /*END test_wc_curve448_shared_secret_ex*/
  21270. /*
  21271. * Testing test_wc_curve448_export_public_ex
  21272. */
  21273. static int test_wc_curve448_export_public_ex(void)
  21274. {
  21275. int res = TEST_SKIPPED;
  21276. #if defined(HAVE_CURVE448)
  21277. WC_RNG rng;
  21278. curve448_key key;
  21279. byte out[CURVE448_KEY_SIZE];
  21280. word32 outLen = sizeof(out);
  21281. int endian = EC448_BIG_ENDIAN;
  21282. int ret;
  21283. ret = wc_curve448_init(&key);
  21284. if (ret == 0) {
  21285. ret = wc_InitRng(&rng);
  21286. }
  21287. if (ret == 0) {
  21288. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
  21289. if (ret == 0) {
  21290. ret = wc_curve448_export_public(&key, out, &outLen);
  21291. }
  21292. if (ret == 0) {
  21293. ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
  21294. }
  21295. }
  21296. /*test bad cases*/
  21297. if (ret == 0) {
  21298. ret = wc_curve448_export_public_ex(NULL, NULL, NULL, endian);
  21299. if (ret == BAD_FUNC_ARG) {
  21300. ret = 0;
  21301. }
  21302. }
  21303. if (ret == 0) {
  21304. ret = wc_curve448_export_public_ex(NULL, out, &outLen, endian);
  21305. if (ret == BAD_FUNC_ARG) {
  21306. ret = 0;
  21307. }
  21308. }
  21309. if (ret == 0) {
  21310. ret = wc_curve448_export_public_ex(&key, NULL, &outLen, endian);
  21311. if (ret == BAD_FUNC_ARG) {
  21312. ret = 0;
  21313. }
  21314. }
  21315. if (ret == 0) {
  21316. ret = wc_curve448_export_public_ex(&key, out, NULL, endian);
  21317. if (ret == BAD_FUNC_ARG) {
  21318. ret = 0;
  21319. }
  21320. }
  21321. outLen = outLen - 2;
  21322. if (ret == 0) {
  21323. ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
  21324. if (ret == ECC_BAD_ARG_E) {
  21325. ret = 0;
  21326. }
  21327. }
  21328. wc_curve448_free(&key);
  21329. wc_FreeRng(&rng);
  21330. res = TEST_RES_CHECK(ret == 0);
  21331. #endif
  21332. return res;
  21333. } /*END test_wc_curve448_export_public_ex*/
  21334. /*
  21335. * Testing test_wc_curve448_export_private_raw_ex
  21336. */
  21337. static int test_wc_curve448_export_private_raw_ex(void)
  21338. {
  21339. int res = TEST_SKIPPED;
  21340. #if defined(HAVE_CURVE448)
  21341. curve448_key key;
  21342. byte out[CURVE448_KEY_SIZE];
  21343. word32 outLen = sizeof(out);
  21344. int endian = EC448_BIG_ENDIAN;
  21345. int ret;
  21346. ret = wc_curve448_init(&key);
  21347. if (ret == 0) {
  21348. ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
  21349. }
  21350. /*test bad cases*/
  21351. if (ret == 0) {
  21352. ret = wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian);
  21353. if (ret == BAD_FUNC_ARG) {
  21354. ret = 0;
  21355. }
  21356. }
  21357. if (ret == 0) {
  21358. ret = wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian);
  21359. if (ret == BAD_FUNC_ARG) {
  21360. ret = 0;
  21361. }
  21362. }
  21363. if (ret == 0) {
  21364. ret = wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian);
  21365. if (ret == BAD_FUNC_ARG) {
  21366. ret = 0;
  21367. }
  21368. }
  21369. if (ret == 0) {
  21370. ret = wc_curve448_export_private_raw_ex(&key, out, NULL, endian);
  21371. if (ret == BAD_FUNC_ARG) {
  21372. ret = 0;
  21373. }
  21374. }
  21375. if (ret == 0) {
  21376. ret = wc_curve448_export_private_raw_ex(&key, out, &outLen,
  21377. EC448_LITTLE_ENDIAN);
  21378. }
  21379. outLen = outLen - 2;
  21380. if (ret == 0) {
  21381. ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
  21382. if (ret == ECC_BAD_ARG_E) {
  21383. ret = 0;
  21384. }
  21385. }
  21386. wc_curve448_free(&key);
  21387. res = TEST_RES_CHECK(ret == 0);
  21388. #endif
  21389. return res;
  21390. }/*END test_wc_curve448_export_private_raw_ex*/
  21391. /*
  21392. * Testing test_wc_curve448_import_private_raw_ex
  21393. */
  21394. static int test_wc_curve448_import_private_raw_ex(void)
  21395. {
  21396. int res = TEST_SKIPPED;
  21397. #if defined(HAVE_CURVE448)
  21398. WC_RNG rng;
  21399. curve448_key key;
  21400. byte priv[CURVE448_KEY_SIZE];
  21401. byte pub[CURVE448_KEY_SIZE];
  21402. word32 privSz = sizeof(priv);
  21403. word32 pubSz = sizeof(pub);
  21404. int endian = EC448_BIG_ENDIAN;
  21405. int ret;
  21406. ret = wc_curve448_init(&key);
  21407. if (ret == 0) {
  21408. ret = wc_InitRng(&rng);
  21409. }
  21410. if (ret == 0) {
  21411. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
  21412. if (ret == 0) {
  21413. ret = wc_curve448_export_private_raw(&key, priv, &privSz);
  21414. }
  21415. if (ret == 0) {
  21416. ret = wc_curve448_export_public(&key, pub, &pubSz);
  21417. }
  21418. if (ret == 0) {
  21419. ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
  21420. &key, endian);
  21421. }
  21422. }
  21423. /* test bad cases */
  21424. if (ret == 0) {
  21425. ret = wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0);
  21426. if (ret == BAD_FUNC_ARG) {
  21427. ret = 0;
  21428. }
  21429. }
  21430. if (ret == 0) {
  21431. ret = wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz,
  21432. &key, endian);
  21433. if (ret == BAD_FUNC_ARG) {
  21434. ret = 0;
  21435. }
  21436. }
  21437. if (ret == 0) {
  21438. ret = wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz,
  21439. &key, endian);
  21440. if (ret == BAD_FUNC_ARG) {
  21441. ret = 0;
  21442. }
  21443. }
  21444. if (ret == 0) {
  21445. ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
  21446. NULL, endian);
  21447. if (ret == BAD_FUNC_ARG) {
  21448. ret = 0;
  21449. }
  21450. }
  21451. if (ret == 0) {
  21452. ret = wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz,
  21453. &key, endian);
  21454. if (ret == ECC_BAD_ARG_E) {
  21455. ret = 0;
  21456. }
  21457. }
  21458. if (ret == 0) {
  21459. ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, 0,
  21460. &key, endian);
  21461. if (ret == ECC_BAD_ARG_E) {
  21462. ret = 0;
  21463. }
  21464. }
  21465. if (ret == 0) {
  21466. ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
  21467. &key, EC448_LITTLE_ENDIAN);
  21468. }
  21469. if (wc_FreeRng(&rng) != 0 && ret == 0) {
  21470. ret = WOLFSSL_FATAL_ERROR;
  21471. }
  21472. wc_curve448_free(&key);
  21473. res = TEST_RES_CHECK(ret == 0);
  21474. #endif
  21475. return res;
  21476. } /*END test_wc_curve448_import_private_raw_ex*/
  21477. /*
  21478. * Testing test_curve448_export_key_raw
  21479. */
  21480. static int test_wc_curve448_export_key_raw(void)
  21481. {
  21482. int res = TEST_SKIPPED;
  21483. #if defined(HAVE_CURVE448)
  21484. WC_RNG rng;
  21485. curve448_key key;
  21486. byte priv[CURVE448_KEY_SIZE];
  21487. byte pub[CURVE448_KEY_SIZE];
  21488. word32 privSz = sizeof(priv);
  21489. word32 pubSz = sizeof(pub);
  21490. int ret;
  21491. ret = wc_curve448_init(&key);
  21492. if (ret == 0) {
  21493. ret = wc_InitRng(&rng);
  21494. }
  21495. if (ret == 0) {
  21496. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
  21497. if (ret == 0) {
  21498. ret = wc_curve448_export_private_raw(&key, priv, &privSz);
  21499. }
  21500. if (ret == 0) {
  21501. ret = wc_curve448_export_public(&key, pub, &pubSz);
  21502. }
  21503. if (ret == 0) {
  21504. ret = wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz);
  21505. }
  21506. }
  21507. wc_curve448_free(&key);
  21508. wc_FreeRng(&rng);
  21509. res = TEST_RES_CHECK(ret == 0);
  21510. #endif
  21511. return res;
  21512. }/*END test_wc_curve448_import_private_raw_ex*/
  21513. /*
  21514. * Testing test_wc_curve448_import_private
  21515. */
  21516. static int test_wc_curve448_import_private(void)
  21517. {
  21518. int res = TEST_SKIPPED;
  21519. #if defined(HAVE_CURVE448)
  21520. curve448_key key;
  21521. WC_RNG rng;
  21522. byte priv[CURVE448_KEY_SIZE];
  21523. word32 privSz = sizeof(priv);
  21524. int ret;
  21525. ret = wc_curve448_init(&key);
  21526. if (ret == 0) {
  21527. ret = wc_InitRng(&rng);
  21528. }
  21529. if (ret == 0) {
  21530. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
  21531. if (ret == 0) {
  21532. ret = wc_curve448_export_private_raw(&key, priv, &privSz);
  21533. }
  21534. }
  21535. if (ret == 0) {
  21536. ret = wc_curve448_import_private(priv, privSz, &key);
  21537. }
  21538. wc_curve448_free(&key);
  21539. wc_FreeRng(&rng);
  21540. res = TEST_RES_CHECK(ret == 0);
  21541. #endif
  21542. return res;
  21543. } /*END test_wc_curve448_import*/
  21544. /*
  21545. * Testing test_wc_curve448_size.
  21546. */
  21547. static int test_wc_curve448_size(void)
  21548. {
  21549. int res = TEST_SKIPPED;
  21550. #if defined(HAVE_CURVE448)
  21551. curve448_key key;
  21552. int ret = 0;
  21553. ret = wc_curve448_init(&key);
  21554. /* Test good args for wc_curve448_size */
  21555. if (ret == 0) {
  21556. ret = wc_curve448_size(&key);
  21557. }
  21558. /* Test bad args for wc_curve448_size */
  21559. if (ret != 0) {
  21560. ret = wc_curve448_size(NULL);
  21561. }
  21562. wc_curve448_free(&key);
  21563. res = TEST_RES_CHECK(ret == 0);
  21564. #endif
  21565. return res;
  21566. } /* END test_wc_curve448_size*/
  21567. /*
  21568. * Testing wc_ecc_make_key.
  21569. */
  21570. static int test_wc_ecc_make_key(void)
  21571. {
  21572. int res = TEST_SKIPPED;
  21573. #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
  21574. WC_RNG rng;
  21575. ecc_key key;
  21576. int ret;
  21577. ret = wc_InitRng(&rng);
  21578. if (ret != 0)
  21579. return TEST_FAIL;
  21580. ret = wc_ecc_init(&key);
  21581. if (ret == 0) {
  21582. ret = wc_ecc_make_key(&rng, KEY14, &key);
  21583. #if defined(WOLFSSL_ASYNC_CRYPT)
  21584. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  21585. #endif
  21586. /* Pass in bad args. */
  21587. if (ret == 0) {
  21588. ret = wc_ecc_make_key(NULL, KEY14, &key);
  21589. if (ret == BAD_FUNC_ARG) {
  21590. ret = wc_ecc_make_key(&rng, KEY14, NULL);
  21591. }
  21592. if (ret == BAD_FUNC_ARG) {
  21593. ret = 0;
  21594. }
  21595. else if (ret == 0) {
  21596. ret = WOLFSSL_FATAL_ERROR;
  21597. }
  21598. }
  21599. wc_ecc_free(&key);
  21600. }
  21601. if (wc_FreeRng(&rng) != 0 && ret == 0) {
  21602. ret = WOLFSSL_FATAL_ERROR;
  21603. }
  21604. #ifdef FP_ECC
  21605. wc_ecc_fp_free();
  21606. #endif
  21607. res = TEST_RES_CHECK(ret == 0);
  21608. #endif
  21609. return res;
  21610. } /* END test_wc_ecc_make_key */
  21611. /*
  21612. * Testing wc_ecc_init()
  21613. */
  21614. static int test_wc_ecc_init(void)
  21615. {
  21616. int res = TEST_SKIPPED;
  21617. #ifdef HAVE_ECC
  21618. ecc_key key;
  21619. int ret;
  21620. ret = wc_ecc_init(&key);
  21621. /* Pass in bad args. */
  21622. if (ret == 0) {
  21623. ret = wc_ecc_init(NULL);
  21624. if (ret == BAD_FUNC_ARG) {
  21625. ret = 0;
  21626. }
  21627. else if (ret == 0) {
  21628. ret = WOLFSSL_FATAL_ERROR;
  21629. }
  21630. }
  21631. wc_ecc_free(&key);
  21632. res = TEST_RES_CHECK(ret == 0);
  21633. #endif
  21634. return res;
  21635. } /* END test_wc_ecc_init */
  21636. /*
  21637. * Testing wc_ecc_check_key()
  21638. */
  21639. static int test_wc_ecc_check_key(void)
  21640. {
  21641. int res = TEST_SKIPPED;
  21642. #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
  21643. WC_RNG rng;
  21644. ecc_key key;
  21645. int ret;
  21646. XMEMSET(&rng, 0, sizeof(rng));
  21647. XMEMSET(&key, 0, sizeof(key));
  21648. ret = wc_InitRng(&rng);
  21649. if (ret == 0) {
  21650. ret = wc_ecc_init(&key);
  21651. if (ret == 0) {
  21652. ret = wc_ecc_make_key(&rng, KEY14, &key);
  21653. #if defined(WOLFSSL_ASYNC_CRYPT)
  21654. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  21655. #endif
  21656. }
  21657. }
  21658. if (ret == 0) {
  21659. ret = wc_ecc_check_key(&key);
  21660. }
  21661. /* Pass in bad args. */
  21662. if (ret == 0) {
  21663. ret = wc_ecc_check_key(NULL);
  21664. if (ret == BAD_FUNC_ARG) {
  21665. ret = 0;
  21666. }
  21667. else if (ret == 0) {
  21668. ret = WOLFSSL_FATAL_ERROR;
  21669. }
  21670. }
  21671. if (wc_FreeRng(&rng) && ret == 0) {
  21672. ret = WOLFSSL_FATAL_ERROR;
  21673. }
  21674. wc_ecc_free(&key);
  21675. #ifdef FP_ECC
  21676. wc_ecc_fp_free();
  21677. #endif
  21678. res = TEST_RES_CHECK(ret == 0);
  21679. #endif
  21680. return res;
  21681. } /* END test_wc_ecc_check_key */
  21682. /*
  21683. * Testing wc_ecc_get_generator()
  21684. */
  21685. static int test_wc_ecc_get_generator(void)
  21686. {
  21687. int res = TEST_SKIPPED;
  21688. #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
  21689. !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
  21690. ecc_point* pt;
  21691. int ret = 0;
  21692. pt = wc_ecc_new_point();
  21693. if (!pt) {
  21694. ret = WOLFSSL_FATAL_ERROR;
  21695. }
  21696. if (ret == 0) {
  21697. ret = wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1));
  21698. }
  21699. /* Test bad args. */
  21700. if (ret == MP_OKAY) {
  21701. /* Returns Zero for bad arg. */
  21702. ret = wc_ecc_get_generator(pt, -1);
  21703. if (ret != MP_OKAY)
  21704. wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1));
  21705. if (ret != MP_OKAY)
  21706. wc_ecc_get_generator(pt, 1000); /* If we ever get to 1000 curves
  21707. * increase this number */
  21708. if (ret != MP_OKAY)
  21709. wc_ecc_get_generator(NULL, -1);
  21710. ret = (ret == MP_OKAY) ? WOLFSSL_FATAL_ERROR : 0;
  21711. }
  21712. wc_ecc_del_point(pt);
  21713. res = TEST_RES_CHECK(ret == 0);
  21714. #endif
  21715. return res;
  21716. } /* END test_wc_ecc_get_generator */
  21717. /*
  21718. * Testing wc_ecc_size()
  21719. */
  21720. static int test_wc_ecc_size(void)
  21721. {
  21722. int res = TEST_SKIPPED;
  21723. #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
  21724. WC_RNG rng;
  21725. ecc_key key;
  21726. int ret;
  21727. XMEMSET(&rng, 0, sizeof(rng));
  21728. XMEMSET(&key, 0, sizeof(key));
  21729. ret = wc_InitRng(&rng);
  21730. if (ret == 0) {
  21731. ret = wc_ecc_init(&key);
  21732. if (ret == 0) {
  21733. ret = wc_ecc_make_key(&rng, KEY14, &key);
  21734. #if defined(WOLFSSL_ASYNC_CRYPT)
  21735. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  21736. #endif
  21737. }
  21738. }
  21739. if (ret == 0) {
  21740. ret = wc_ecc_size(&key);
  21741. if (ret == KEY14) {
  21742. ret = 0;
  21743. }
  21744. else if (ret == 0) {
  21745. ret = WOLFSSL_FATAL_ERROR;
  21746. }
  21747. }
  21748. /* Test bad args. */
  21749. if (ret == 0) {
  21750. /* Returns Zero for bad arg. */
  21751. ret = wc_ecc_size(NULL);
  21752. }
  21753. if (wc_FreeRng(&rng) && ret == 0) {
  21754. ret = WOLFSSL_FATAL_ERROR;
  21755. }
  21756. wc_ecc_free(&key);
  21757. res = TEST_RES_CHECK(ret == 0);
  21758. #endif
  21759. return res;
  21760. } /* END test_wc_ecc_size */
  21761. static int test_wc_ecc_params(void)
  21762. {
  21763. int res = TEST_SKIPPED;
  21764. /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`.
  21765. It was added after certifications */
  21766. #if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  21767. const ecc_set_type* ecc_set;
  21768. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  21769. /* Test for SECP256R1 curve */
  21770. int curve_id = ECC_SECP256R1;
  21771. int curve_idx = wc_ecc_get_curve_idx(curve_id);
  21772. AssertIntNE(curve_idx, ECC_CURVE_INVALID);
  21773. ecc_set = wc_ecc_get_curve_params(curve_idx);
  21774. AssertNotNull(ecc_set);
  21775. AssertIntEQ(ecc_set->id, curve_id);
  21776. #endif
  21777. /* Test case when SECP256R1 is not enabled */
  21778. /* Test that we get curve params for index 0 */
  21779. ecc_set = wc_ecc_get_curve_params(0);
  21780. AssertNotNull(ecc_set);
  21781. res = TEST_RES_CHECK(1);
  21782. #endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */
  21783. return res;
  21784. }
  21785. /*
  21786. * Testing wc_ecc_sign_hash() and wc_ecc_verify_hash()
  21787. */
  21788. static int test_wc_ecc_signVerify_hash(void)
  21789. {
  21790. int res = TEST_SKIPPED;
  21791. #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG)
  21792. WC_RNG rng;
  21793. ecc_key key;
  21794. int ret;
  21795. int signH = WOLFSSL_FATAL_ERROR;
  21796. #ifdef HAVE_ECC_VERIFY
  21797. int verifyH = WOLFSSL_FATAL_ERROR;
  21798. int verify = 0;
  21799. #endif
  21800. word32 siglen = ECC_BUFSIZE;
  21801. byte sig[ECC_BUFSIZE];
  21802. byte adjustedSig[ECC_BUFSIZE+1];
  21803. byte digest[] = TEST_STRING;
  21804. word32 digestlen = (word32)TEST_STRING_SZ;
  21805. /* Init stack var */
  21806. XMEMSET(sig, 0, siglen);
  21807. XMEMSET(&key, 0, sizeof(key));
  21808. XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1);
  21809. /* Init structs. */
  21810. ret = wc_InitRng(&rng);
  21811. if (ret == 0) {
  21812. ret = wc_ecc_init(&key);
  21813. if (ret == 0) {
  21814. ret = wc_ecc_make_key(&rng, KEY14, &key);
  21815. #if defined(WOLFSSL_ASYNC_CRYPT)
  21816. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  21817. #endif
  21818. }
  21819. }
  21820. if (ret == 0) {
  21821. ret = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key);
  21822. }
  21823. /* Check bad args. */
  21824. if (ret == 0) {
  21825. signH = wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key);
  21826. if (signH == ECC_BAD_ARG_E) {
  21827. signH = wc_ecc_sign_hash(digest, digestlen, NULL, &siglen,
  21828. &rng, &key);
  21829. }
  21830. if (signH == ECC_BAD_ARG_E) {
  21831. signH = wc_ecc_sign_hash(digest, digestlen, sig, NULL,
  21832. &rng, &key);
  21833. }
  21834. if (signH == ECC_BAD_ARG_E) {
  21835. signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
  21836. NULL, &key);
  21837. }
  21838. if (signH == ECC_BAD_ARG_E) {
  21839. signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
  21840. &rng, NULL);
  21841. }
  21842. if (signH == ECC_BAD_ARG_E) {
  21843. signH = 0;
  21844. }
  21845. else if (ret == 0) {
  21846. signH = WOLFSSL_FATAL_ERROR;
  21847. }
  21848. }
  21849. #ifdef HAVE_ECC_VERIFY
  21850. ret = wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, &key);
  21851. if (verify != 1 && ret == 0) {
  21852. ret = WOLFSSL_FATAL_ERROR;
  21853. }
  21854. /* test check on length of signature passed in */
  21855. XMEMCPY(adjustedSig, sig, siglen);
  21856. adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte*/
  21857. #ifndef NO_STRICT_ECDSA_LEN
  21858. AssertIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
  21859. &verify, &key), 0);
  21860. #else
  21861. /* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature
  21862. * is allowed */
  21863. AssertIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
  21864. &verify, &key), 0);
  21865. #endif
  21866. /* Test bad args. */
  21867. if (ret == 0) {
  21868. verifyH = wc_ecc_verify_hash(NULL, siglen, digest, digestlen,
  21869. &verify, &key);
  21870. if (verifyH == ECC_BAD_ARG_E) {
  21871. verifyH = wc_ecc_verify_hash(sig, siglen, NULL, digestlen,
  21872. &verify, &key);
  21873. }
  21874. if (verifyH == ECC_BAD_ARG_E) {
  21875. verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
  21876. NULL, &key);
  21877. }
  21878. if (verifyH == ECC_BAD_ARG_E) {
  21879. verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
  21880. &verify, NULL);
  21881. }
  21882. if (verifyH == ECC_BAD_ARG_E) {
  21883. verifyH = 0;
  21884. }
  21885. else if (ret == 0) {
  21886. verifyH = WOLFSSL_FATAL_ERROR;
  21887. }
  21888. }
  21889. #endif /* HAVE_ECC_VERIFY */
  21890. if (wc_FreeRng(&rng) && ret == 0) {
  21891. ret = WOLFSSL_FATAL_ERROR;
  21892. }
  21893. wc_ecc_free(&key);
  21894. #ifdef FP_ECC
  21895. wc_ecc_fp_free();
  21896. #endif
  21897. res = TEST_RES_CHECK(ret == 0 && signH == 0 && verifyH == 0);
  21898. #endif
  21899. return res;
  21900. } /* END test_wc_ecc_sign_hash */
  21901. /*
  21902. * Testing wc_ecc_shared_secret()
  21903. */
  21904. static int test_wc_ecc_shared_secret(void)
  21905. {
  21906. int res = TEST_SKIPPED;
  21907. #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
  21908. ecc_key key, pubKey;
  21909. WC_RNG rng;
  21910. int ret;
  21911. byte out[KEY32];
  21912. int keySz = sizeof(out);
  21913. word32 outlen = (word32)sizeof(out);
  21914. #if defined(HAVE_ECC) && !defined(NO_ECC256)
  21915. const char* qx =
  21916. "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
  21917. const char* qy =
  21918. "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
  21919. const char* d =
  21920. "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
  21921. const char* curveName = "SECP256R1";
  21922. const byte expected_shared_secret[] =
  21923. {
  21924. 0x65, 0xc0, 0xd4, 0x61, 0x17, 0xe6, 0x09, 0x75,
  21925. 0xf0, 0x12, 0xa0, 0x4d, 0x0b, 0x41, 0x30, 0x7a,
  21926. 0x51, 0xf0, 0xb3, 0xaf, 0x23, 0x8f, 0x0f, 0xdf,
  21927. 0xf1, 0xff, 0x23, 0x64, 0x28, 0xca, 0xf8, 0x06
  21928. };
  21929. #endif
  21930. PRIVATE_KEY_UNLOCK();
  21931. /* Initialize variables. */
  21932. XMEMSET(out, 0, keySz);
  21933. XMEMSET(&rng, 0, sizeof(rng));
  21934. XMEMSET(&key, 0, sizeof(key));
  21935. XMEMSET(&pubKey, 0, sizeof(pubKey));
  21936. ret = wc_InitRng(&rng);
  21937. if (ret == 0) {
  21938. ret = wc_ecc_init(&key);
  21939. if (ret == 0) {
  21940. ret = wc_ecc_init(&pubKey);
  21941. }
  21942. }
  21943. #if defined(HAVE_ECC) && !defined(NO_ECC256)
  21944. if (ret == 0) {
  21945. ret = wc_ecc_import_raw(&key, qx, qy, d, curveName);
  21946. }
  21947. if (ret == 0) {
  21948. ret = wc_ecc_import_raw(&pubKey, qx, qy, NULL, curveName);
  21949. }
  21950. #else
  21951. if (ret == 0) {
  21952. ret = wc_ecc_make_key(&rng, keySz, &key);
  21953. #if defined(WOLFSSL_ASYNC_CRYPT)
  21954. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  21955. #endif
  21956. }
  21957. if (ret == 0) {
  21958. ret = wc_ecc_make_key(&rng, keySz, &pubKey);
  21959. #if defined(WOLFSSL_ASYNC_CRYPT)
  21960. ret = wc_AsyncWait(ret, &pubKey.asyncDev, WC_ASYNC_FLAG_NONE);
  21961. #endif
  21962. }
  21963. #endif
  21964. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  21965. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  21966. !defined(HAVE_SELFTEST)
  21967. if (ret == 0) {
  21968. ret = wc_ecc_set_rng(&key, &rng);
  21969. }
  21970. #endif
  21971. if (ret == 0) {
  21972. ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen);
  21973. #if defined(HAVE_ECC) && !defined(NO_ECC256)
  21974. if (ret == 0) {
  21975. if (0 != XMEMCMP(out, expected_shared_secret, outlen)) {
  21976. ret = WOLFSSL_FATAL_ERROR;
  21977. }
  21978. }
  21979. #endif
  21980. /* Test bad args. */
  21981. if (ret == 0) {
  21982. ret = wc_ecc_shared_secret(NULL, &pubKey, out, &outlen);
  21983. if (ret == BAD_FUNC_ARG) {
  21984. ret = wc_ecc_shared_secret(&key, NULL, out, &outlen);
  21985. }
  21986. if (ret == BAD_FUNC_ARG) {
  21987. ret = wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen);
  21988. }
  21989. if (ret == BAD_FUNC_ARG) {
  21990. ret = wc_ecc_shared_secret(&key, &pubKey, out, NULL);
  21991. }
  21992. if (ret == BAD_FUNC_ARG) {
  21993. /* Invalid length */
  21994. outlen = 1;
  21995. ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen);
  21996. }
  21997. if (ret == BUFFER_E) {
  21998. ret = 0;
  21999. }
  22000. else if (ret == 0) {
  22001. ret = WOLFSSL_FATAL_ERROR;
  22002. }
  22003. }
  22004. }
  22005. if (wc_FreeRng(&rng) && ret == 0) {
  22006. ret = WOLFSSL_FATAL_ERROR;
  22007. }
  22008. wc_ecc_free(&key);
  22009. wc_ecc_free(&pubKey);
  22010. #ifdef FP_ECC
  22011. wc_ecc_fp_free();
  22012. #endif
  22013. PRIVATE_KEY_LOCK();
  22014. res = TEST_RES_CHECK(ret == 0);
  22015. #endif
  22016. return res;
  22017. } /* END tests_wc_ecc_shared_secret */
  22018. /*
  22019. * testint wc_ecc_export_x963()
  22020. */
  22021. static int test_wc_ecc_export_x963(void)
  22022. {
  22023. int res = TEST_SKIPPED;
  22024. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  22025. ecc_key key;
  22026. WC_RNG rng;
  22027. byte out[ECC_ASN963_MAX_BUF_SZ];
  22028. word32 outlen = sizeof(out);
  22029. int ret = 0;
  22030. PRIVATE_KEY_UNLOCK();
  22031. /* Initialize variables. */
  22032. XMEMSET(out, 0, outlen);
  22033. XMEMSET(&rng, 0, sizeof(rng));
  22034. XMEMSET(&key, 0, sizeof(key));
  22035. ret = wc_InitRng(&rng);
  22036. if (ret == 0) {
  22037. ret = wc_ecc_init(&key);
  22038. if (ret == 0) {
  22039. ret = wc_ecc_make_key(&rng, KEY20, &key);
  22040. #if defined(WOLFSSL_ASYNC_CRYPT)
  22041. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  22042. #endif
  22043. }
  22044. }
  22045. if (ret == 0) {
  22046. ret = wc_ecc_export_x963(&key, out, &outlen);
  22047. }
  22048. /* Test bad args. */
  22049. if (ret == 0) {
  22050. ret = wc_ecc_export_x963(NULL, out, &outlen);
  22051. if (ret == ECC_BAD_ARG_E) {
  22052. ret = wc_ecc_export_x963(&key, NULL, &outlen);
  22053. }
  22054. if (ret == LENGTH_ONLY_E) {
  22055. ret = wc_ecc_export_x963(&key, out, NULL);
  22056. }
  22057. if (ret == ECC_BAD_ARG_E) {
  22058. key.idx = -4;
  22059. ret = wc_ecc_export_x963(&key, out, &outlen);
  22060. }
  22061. if (ret == ECC_BAD_ARG_E) {
  22062. ret = 0;
  22063. }
  22064. else {
  22065. ret = WOLFSSL_FATAL_ERROR;
  22066. }
  22067. }
  22068. if (wc_FreeRng(&rng) && ret == 0) {
  22069. ret = WOLFSSL_FATAL_ERROR;
  22070. }
  22071. wc_ecc_free(&key);
  22072. #ifdef FP_ECC
  22073. wc_ecc_fp_free();
  22074. #endif
  22075. PRIVATE_KEY_LOCK();
  22076. res = TEST_RES_CHECK(ret == 0);
  22077. #endif
  22078. return res;
  22079. } /* END test_wc_ecc_export_x963 */
  22080. /*
  22081. * Testing wc_ecc_export_x963_ex()
  22082. * compile with --enable-compkey will use compression.
  22083. */
  22084. static int test_wc_ecc_export_x963_ex(void)
  22085. {
  22086. int res = TEST_SKIPPED;
  22087. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  22088. ecc_key key;
  22089. WC_RNG rng;
  22090. int ret = 0;
  22091. byte out[ECC_ASN963_MAX_BUF_SZ];
  22092. word32 outlen = sizeof(out);
  22093. #ifdef HAVE_COMP_KEY
  22094. word32 badOutLen = 5;
  22095. #endif
  22096. /* Init stack variables. */
  22097. XMEMSET(out, 0, outlen);
  22098. XMEMSET(&rng, 0, sizeof(rng));
  22099. XMEMSET(&key, 0, sizeof(key));
  22100. ret = wc_InitRng(&rng);
  22101. if (ret == 0) {
  22102. ret = wc_ecc_init(&key);
  22103. if (ret == 0) {
  22104. ret = wc_ecc_make_key(&rng, KEY64, &key);
  22105. #if defined(WOLFSSL_ASYNC_CRYPT)
  22106. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  22107. #endif
  22108. }
  22109. }
  22110. #ifdef HAVE_COMP_KEY
  22111. if (ret == 0) {
  22112. ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
  22113. }
  22114. #else
  22115. if (ret == 0) {
  22116. ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
  22117. }
  22118. #endif
  22119. /* Test bad args. */
  22120. #ifdef HAVE_COMP_KEY
  22121. if (ret == 0) {
  22122. ret = wc_ecc_export_x963_ex(NULL, out, &outlen, COMP);
  22123. if (ret == BAD_FUNC_ARG) {
  22124. ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP);
  22125. }
  22126. if (ret == BAD_FUNC_ARG) {
  22127. ret = wc_ecc_export_x963_ex(&key, out, NULL, COMP);
  22128. }
  22129. if (ret == BAD_FUNC_ARG) {
  22130. ret = wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP);
  22131. }
  22132. #if defined(HAVE_FIPS) && (!defined(FIPS_VERSION_LT) || FIPS_VERSION_LT(5,3))
  22133. if (ret == BUFFER_E)
  22134. #else
  22135. if (ret == LENGTH_ONLY_E)
  22136. #endif
  22137. {
  22138. key.idx = -4;
  22139. ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
  22140. }
  22141. if (ret == ECC_BAD_ARG_E) {
  22142. ret = 0;
  22143. }
  22144. else {
  22145. ret = WOLFSSL_FATAL_ERROR;
  22146. }
  22147. }
  22148. #else
  22149. if (ret == 0) {
  22150. ret = wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP);
  22151. if (ret == BAD_FUNC_ARG) {
  22152. ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP);
  22153. }
  22154. if (ret == BAD_FUNC_ARG) {
  22155. ret = wc_ecc_export_x963_ex(&key, out, &outlen, 1);
  22156. }
  22157. if (ret == NOT_COMPILED_IN) {
  22158. ret = wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP);
  22159. }
  22160. if (ret == BAD_FUNC_ARG) {
  22161. key.idx = -4;
  22162. ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
  22163. }
  22164. if (ret == ECC_BAD_ARG_E) {
  22165. ret = 0;
  22166. }
  22167. else if (ret == 0) {
  22168. ret = WOLFSSL_FATAL_ERROR;
  22169. }
  22170. }
  22171. #endif
  22172. if (wc_FreeRng(&rng) && ret == 0) {
  22173. ret = WOLFSSL_FATAL_ERROR;
  22174. }
  22175. wc_ecc_free(&key);
  22176. #ifdef FP_ECC
  22177. wc_ecc_fp_free();
  22178. #endif
  22179. res = TEST_RES_CHECK(ret == 0);
  22180. #endif
  22181. return res;
  22182. } /* END test_wc_ecc_export_x963_ex */
  22183. /*
  22184. * testing wc_ecc_import_x963()
  22185. */
  22186. static int test_wc_ecc_import_x963(void)
  22187. {
  22188. int res = TEST_SKIPPED;
  22189. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
  22190. defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  22191. ecc_key pubKey, key;
  22192. WC_RNG rng;
  22193. byte x963[ECC_ASN963_MAX_BUF_SZ];
  22194. word32 x963Len = (word32)sizeof(x963);
  22195. int ret;
  22196. /* Init stack variables. */
  22197. XMEMSET(x963, 0, x963Len);
  22198. XMEMSET(&rng, 0, sizeof(rng));
  22199. XMEMSET(&key, 0, sizeof(key));
  22200. XMEMSET(&pubKey, 0, sizeof(pubKey));
  22201. ret = wc_InitRng(&rng);
  22202. if (ret == 0) {
  22203. ret = wc_ecc_init(&pubKey);
  22204. if (ret == 0) {
  22205. ret = wc_ecc_init(&key);
  22206. }
  22207. if (ret == 0) {
  22208. ret = wc_ecc_make_key(&rng, KEY24, &key);
  22209. #if defined(WOLFSSL_ASYNC_CRYPT)
  22210. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  22211. #endif
  22212. }
  22213. if (ret == 0) {
  22214. PRIVATE_KEY_UNLOCK();
  22215. ret = wc_ecc_export_x963(&key, x963, &x963Len);
  22216. PRIVATE_KEY_LOCK();
  22217. }
  22218. }
  22219. if (ret == 0) {
  22220. ret = wc_ecc_import_x963(x963, x963Len, &pubKey);
  22221. }
  22222. /* Test bad args. */
  22223. if (ret == 0) {
  22224. ret = wc_ecc_import_x963(NULL, x963Len, &pubKey);
  22225. if (ret == BAD_FUNC_ARG) {
  22226. ret = wc_ecc_import_x963(x963, x963Len, NULL);
  22227. }
  22228. if (ret == BAD_FUNC_ARG) {
  22229. ret = wc_ecc_import_x963(x963, x963Len + 1, &pubKey);
  22230. }
  22231. if (ret == ECC_BAD_ARG_E) {
  22232. ret = 0;
  22233. }
  22234. else if (ret == 0) {
  22235. ret = WOLFSSL_FATAL_ERROR;
  22236. }
  22237. }
  22238. if (wc_FreeRng(&rng) && ret == 0) {
  22239. ret = WOLFSSL_FATAL_ERROR;
  22240. }
  22241. wc_ecc_free(&key);
  22242. wc_ecc_free(&pubKey);
  22243. #ifdef FP_ECC
  22244. wc_ecc_fp_free();
  22245. #endif
  22246. res = TEST_RES_CHECK(ret == 0);
  22247. #endif
  22248. return res;
  22249. } /* END wc_ecc_import_x963 */
  22250. /*
  22251. * testing wc_ecc_import_private_key()
  22252. */
  22253. static int ecc_import_private_key(void)
  22254. {
  22255. int res = TEST_SKIPPED;
  22256. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
  22257. defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  22258. ecc_key key, keyImp;
  22259. WC_RNG rng;
  22260. byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/
  22261. byte x963Key[ECC_ASN963_MAX_BUF_SZ];
  22262. word32 privKeySz = (word32)sizeof(privKey);
  22263. word32 x963KeySz = (word32)sizeof(x963Key);
  22264. int ret;
  22265. /* Init stack variables. */
  22266. XMEMSET(privKey, 0, privKeySz);
  22267. XMEMSET(x963Key, 0, x963KeySz);
  22268. XMEMSET(&rng, 0, sizeof(rng));
  22269. XMEMSET(&key, 0, sizeof(key));
  22270. XMEMSET(&keyImp, 0, sizeof(keyImp));
  22271. ret = wc_InitRng(&rng);
  22272. if (ret == 0) {
  22273. ret = wc_ecc_init(&key);
  22274. if (ret == 0) {
  22275. ret = wc_ecc_init(&keyImp);
  22276. }
  22277. if (ret == 0) {
  22278. ret = wc_ecc_make_key(&rng, KEY48, &key);
  22279. #if defined(WOLFSSL_ASYNC_CRYPT)
  22280. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  22281. #endif
  22282. }
  22283. if (ret == 0) {
  22284. PRIVATE_KEY_UNLOCK();
  22285. ret = wc_ecc_export_x963(&key, x963Key, &x963KeySz);
  22286. PRIVATE_KEY_LOCK();
  22287. }
  22288. if (ret == 0) {
  22289. ret = wc_ecc_export_private_only(&key, privKey, &privKeySz);
  22290. }
  22291. }
  22292. if (ret == 0) {
  22293. ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
  22294. x963KeySz, &keyImp);
  22295. }
  22296. /* Pass in bad args. */
  22297. if (ret == 0) {
  22298. ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
  22299. x963KeySz, NULL);
  22300. if (ret == BAD_FUNC_ARG) {
  22301. ret = wc_ecc_import_private_key(NULL, privKeySz, x963Key,
  22302. x963KeySz, &keyImp);
  22303. }
  22304. if (ret == BAD_FUNC_ARG) {
  22305. ret = 0;
  22306. }
  22307. else if (ret == 0) {
  22308. ret = WOLFSSL_FATAL_ERROR;
  22309. }
  22310. }
  22311. if (wc_FreeRng(&rng) && ret == 0) {
  22312. ret = WOLFSSL_FATAL_ERROR;
  22313. }
  22314. wc_ecc_free(&key);
  22315. wc_ecc_free(&keyImp);
  22316. #ifdef FP_ECC
  22317. wc_ecc_fp_free();
  22318. #endif
  22319. res = TEST_RES_CHECK(ret == 0);
  22320. #endif
  22321. return res;
  22322. } /* END wc_ecc_import_private_key */
  22323. /*
  22324. * Testing wc_ecc_export_private_only()
  22325. */
  22326. static int test_wc_ecc_export_private_only(void)
  22327. {
  22328. int res = TEST_SKIPPED;
  22329. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  22330. ecc_key key;
  22331. WC_RNG rng;
  22332. byte out[ECC_PRIV_KEY_BUF];
  22333. word32 outlen = sizeof(out);
  22334. int ret;
  22335. /* Init stack variables. */
  22336. XMEMSET(out, 0, outlen);
  22337. XMEMSET(&rng, 0, sizeof(rng));
  22338. XMEMSET(&key, 0, sizeof(key));
  22339. ret = wc_InitRng(&rng);
  22340. if (ret == 0) {
  22341. ret = wc_ecc_init(&key);
  22342. if (ret == 0) {
  22343. ret = wc_ecc_make_key(&rng, KEY32, &key);
  22344. #if defined(WOLFSSL_ASYNC_CRYPT)
  22345. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  22346. #endif
  22347. }
  22348. }
  22349. if (ret == 0) {
  22350. ret = wc_ecc_export_private_only(&key, out, &outlen);
  22351. }
  22352. /* Pass in bad args. */
  22353. if (ret == 0) {
  22354. ret = wc_ecc_export_private_only(NULL, out, &outlen);
  22355. if (ret == BAD_FUNC_ARG) {
  22356. ret = wc_ecc_export_private_only(&key, NULL, &outlen);
  22357. }
  22358. if (ret == BAD_FUNC_ARG) {
  22359. ret = wc_ecc_export_private_only(&key, out, NULL);
  22360. }
  22361. if (ret == BAD_FUNC_ARG) {
  22362. ret = 0;
  22363. }
  22364. else if (ret == 0) {
  22365. ret = WOLFSSL_FATAL_ERROR;
  22366. }
  22367. }
  22368. if (wc_FreeRng(&rng) && ret == 0) {
  22369. ret = WOLFSSL_FATAL_ERROR;
  22370. }
  22371. wc_ecc_free(&key);
  22372. #ifdef FP_ECC
  22373. wc_ecc_fp_free();
  22374. #endif
  22375. res = TEST_RES_CHECK(ret == 0);
  22376. #endif
  22377. return res;
  22378. } /* END test_wc_ecc_export_private_only */
  22379. /*
  22380. * Testing wc_ecc_rs_to_sig()
  22381. */
  22382. static int test_wc_ecc_rs_to_sig(void)
  22383. {
  22384. int res = TEST_SKIPPED;
  22385. #if defined(HAVE_ECC) && !defined(NO_ASN)
  22386. /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
  22387. const char* R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
  22388. const char* S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
  22389. const char* zeroStr = "0";
  22390. byte sig[ECC_MAX_SIG_SIZE];
  22391. word32 siglen = (word32)sizeof(sig);
  22392. /*R and S max size is the order of curve. 2^192.*/
  22393. int keySz = KEY24;
  22394. byte r[KEY24];
  22395. byte s[KEY24];
  22396. word32 rlen = (word32)sizeof(r);
  22397. word32 slen = (word32)sizeof(s);
  22398. int ret;
  22399. /* Init stack variables. */
  22400. XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
  22401. XMEMSET(r, 0, keySz);
  22402. XMEMSET(s, 0, keySz);
  22403. ret = wc_ecc_rs_to_sig(R, S, sig, &siglen);
  22404. /* Test bad args. */
  22405. if (ret == 0) {
  22406. ret = wc_ecc_rs_to_sig(NULL, S, sig, &siglen);
  22407. if (ret == ECC_BAD_ARG_E) {
  22408. ret = wc_ecc_rs_to_sig(R, NULL, sig, &siglen);
  22409. }
  22410. if (ret == ECC_BAD_ARG_E) {
  22411. ret = wc_ecc_rs_to_sig(R, S, sig, NULL);
  22412. }
  22413. if (ret == ECC_BAD_ARG_E) {
  22414. ret = wc_ecc_rs_to_sig(R, S, NULL, &siglen);
  22415. }
  22416. if (ret == ECC_BAD_ARG_E) {
  22417. ret = wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen);
  22418. }
  22419. if (ret == MP_ZERO_E) {
  22420. ret = wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen);
  22421. }
  22422. if (ret == MP_ZERO_E) {
  22423. ret = 0;
  22424. }
  22425. else {
  22426. ret = WOLFSSL_FATAL_ERROR;
  22427. }
  22428. }
  22429. if (ret == 0) {
  22430. ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen);
  22431. }
  22432. /* Test bad args. */
  22433. if (ret == 0) {
  22434. ret = wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen);
  22435. if (ret == ECC_BAD_ARG_E) {
  22436. ret = wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen);
  22437. }
  22438. if (ret == ECC_BAD_ARG_E) {
  22439. ret = wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen);
  22440. }
  22441. if (ret == ECC_BAD_ARG_E) {
  22442. ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen);
  22443. }
  22444. if (ret == ECC_BAD_ARG_E) {
  22445. ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL);
  22446. }
  22447. if (ret == ECC_BAD_ARG_E) {
  22448. ret = 0;
  22449. }
  22450. else if (ret == 0) {
  22451. ret = WOLFSSL_FATAL_ERROR;
  22452. }
  22453. }
  22454. res = TEST_RES_CHECK(ret == 0);
  22455. #endif
  22456. return res;
  22457. } /* END test_wc_ecc_rs_to_sig */
  22458. static int test_wc_ecc_import_raw(void)
  22459. {
  22460. int res = TEST_SKIPPED;
  22461. #if defined(HAVE_ECC) && !defined(NO_ECC256)
  22462. ecc_key key;
  22463. int ret = 0;
  22464. const char* qx =
  22465. "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
  22466. const char* qy =
  22467. "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
  22468. const char* d =
  22469. "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
  22470. const char* curveName = "SECP256R1";
  22471. #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
  22472. const char* kNullStr = "";
  22473. #endif
  22474. ret = wc_ecc_init(&key);
  22475. /* Test good import */
  22476. if (ret == 0) {
  22477. ret = wc_ecc_import_raw(&key, qx, qy, d, curveName);
  22478. }
  22479. /* Test bad args. */
  22480. if (ret == 0) {
  22481. ret = wc_ecc_import_raw(NULL, qx, qy, d, curveName);
  22482. if (ret == BAD_FUNC_ARG) {
  22483. ret = wc_ecc_import_raw(&key, NULL, qy, d, curveName);
  22484. }
  22485. if (ret == BAD_FUNC_ARG) {
  22486. ret = wc_ecc_import_raw(&key, qx, NULL, d, curveName);
  22487. }
  22488. if (ret == BAD_FUNC_ARG) {
  22489. ret = wc_ecc_import_raw(&key, qx, qy, d, NULL);
  22490. }
  22491. #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
  22492. if (ret == BAD_FUNC_ARG) {
  22493. #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
  22494. wc_ecc_free(&key);
  22495. #endif
  22496. ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr, curveName);
  22497. if (ret == ECC_INF_E)
  22498. ret = BAD_FUNC_ARG; /* This is expected by other tests */
  22499. }
  22500. #endif
  22501. #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  22502. if (ret == BAD_FUNC_ARG) {
  22503. #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
  22504. wc_ecc_free(&key);
  22505. #endif
  22506. ret = wc_ecc_import_raw(&key, "0", qy, d, curveName);
  22507. /* Note: SP math "is point" failure returns MP_VAL */
  22508. if (ret == ECC_INF_E || ret == MP_VAL) {
  22509. ret = BAD_FUNC_ARG; /* This is expected by other tests */
  22510. }
  22511. }
  22512. if (ret == BAD_FUNC_ARG) {
  22513. #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
  22514. wc_ecc_free(&key);
  22515. #endif
  22516. ret = wc_ecc_import_raw(&key, qx, "0", d, curveName);
  22517. /* Note: SP math "is point" failure returns MP_VAL */
  22518. if (ret == ECC_INF_E || ret == MP_VAL) {
  22519. ret = BAD_FUNC_ARG; /* This is expected by other tests */
  22520. }
  22521. }
  22522. #endif
  22523. if (ret == BAD_FUNC_ARG) {
  22524. ret = 0;
  22525. }
  22526. }
  22527. wc_ecc_free(&key);
  22528. res = TEST_RES_CHECK(ret == 0);
  22529. #endif
  22530. return res;
  22531. } /* END test_wc_ecc_import_raw */
  22532. static int test_wc_ecc_import_unsigned(void)
  22533. {
  22534. int res = TEST_SKIPPED;
  22535. #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
  22536. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
  22537. ecc_key key;
  22538. const byte qx[] = {
  22539. 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6,
  22540. 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36,
  22541. 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa,
  22542. 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61
  22543. };
  22544. const byte qy[] = {
  22545. 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a,
  22546. 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf,
  22547. 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8,
  22548. 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8
  22549. };
  22550. const byte d[] = {
  22551. 0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85,
  22552. 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac,
  22553. 0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c,
  22554. 0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c
  22555. };
  22556. #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
  22557. const byte nullBytes[32] = {0};
  22558. #endif
  22559. int curveId = ECC_SECP256R1;
  22560. int ret;
  22561. ret = wc_ecc_init(&key);
  22562. if (ret == 0) {
  22563. ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
  22564. curveId);
  22565. }
  22566. /* Test bad args. */
  22567. if (ret == 0) {
  22568. ret = wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d,
  22569. curveId);
  22570. if (ret == BAD_FUNC_ARG) {
  22571. ret = wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d,
  22572. curveId);
  22573. }
  22574. if (ret == BAD_FUNC_ARG) {
  22575. ret = wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d,
  22576. curveId);
  22577. }
  22578. if (ret == BAD_FUNC_ARG) {
  22579. ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
  22580. ECC_CURVE_INVALID);
  22581. }
  22582. #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
  22583. if (ret == BAD_FUNC_ARG) {
  22584. ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes,
  22585. (byte*)nullBytes, (byte*)nullBytes, curveId);
  22586. }
  22587. #endif
  22588. if (ret == BAD_FUNC_ARG || ret == ECC_INF_E) {
  22589. ret = 0;
  22590. }
  22591. }
  22592. wc_ecc_free(&key);
  22593. res = TEST_RES_CHECK(ret == 0);
  22594. #endif
  22595. return res;
  22596. } /* END test_wc_ecc_import_unsigned */
  22597. /*
  22598. * Testing wc_ecc_sig_size()
  22599. */
  22600. static int test_wc_ecc_sig_size(void)
  22601. {
  22602. int res = TEST_SKIPPED;
  22603. #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
  22604. ecc_key key;
  22605. WC_RNG rng;
  22606. int keySz = KEY16;
  22607. int ret = 0;
  22608. XMEMSET(&rng, 0, sizeof(rng));
  22609. XMEMSET(&key, 0, sizeof(key));
  22610. ret = wc_InitRng(&rng);
  22611. if (ret == 0) {
  22612. ret = wc_ecc_init(&key);
  22613. if (ret == 0) {
  22614. ret = wc_ecc_make_key(&rng, keySz, &key);
  22615. #if defined(WOLFSSL_ASYNC_CRYPT)
  22616. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  22617. #endif
  22618. }
  22619. }
  22620. if (ret == 0) {
  22621. ret = wc_ecc_sig_size(&key);
  22622. if (ret <= (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)) {
  22623. ret = 0;
  22624. }
  22625. }
  22626. if (wc_FreeRng(&rng) && ret == 0) {
  22627. ret = WOLFSSL_FATAL_ERROR;
  22628. }
  22629. wc_ecc_free(&key);
  22630. res = TEST_RES_CHECK(ret == 0);
  22631. #endif
  22632. return res;
  22633. } /* END test_wc_ecc_sig_size */
  22634. /*
  22635. * Testing wc_ecc_ctx_new()
  22636. */
  22637. static int test_wc_ecc_ctx_new(void)
  22638. {
  22639. int res = TEST_SKIPPED;
  22640. #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
  22641. WC_RNG rng;
  22642. int ret = 0;
  22643. ecEncCtx* cli = NULL;
  22644. ecEncCtx* srv = NULL;
  22645. ret = wc_InitRng(&rng);
  22646. if (ret == 0) {
  22647. cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
  22648. srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
  22649. }
  22650. if (ret == 0 && (cli == NULL || srv == NULL)) {
  22651. ret = WOLFSSL_FATAL_ERROR;
  22652. }
  22653. wc_ecc_ctx_free(cli);
  22654. wc_ecc_ctx_free(srv);
  22655. /* Test bad args. */
  22656. if (ret == 0) {
  22657. /* wc_ecc_ctx_new_ex() will free if returned NULL. */
  22658. cli = wc_ecc_ctx_new(0, &rng);
  22659. if (cli != NULL) {
  22660. ret = WOLFSSL_FATAL_ERROR;
  22661. }
  22662. cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL);
  22663. if (cli != NULL) {
  22664. ret = WOLFSSL_FATAL_ERROR;
  22665. }
  22666. }
  22667. if (wc_FreeRng(&rng) && ret == 0) {
  22668. ret = WOLFSSL_FATAL_ERROR;
  22669. }
  22670. wc_ecc_ctx_free(cli);
  22671. res = TEST_RES_CHECK(ret == 0);
  22672. #endif
  22673. return res;
  22674. } /* END test_wc_ecc_ctx_new */
  22675. /*
  22676. * Tesing wc_ecc_reset()
  22677. */
  22678. static int test_wc_ecc_ctx_reset(void)
  22679. {
  22680. int res = TEST_SKIPPED;
  22681. #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
  22682. ecEncCtx* ctx = NULL;
  22683. WC_RNG rng;
  22684. int ret = 0;
  22685. ret = wc_InitRng(&rng);
  22686. if (ret == 0) {
  22687. if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) {
  22688. ret = WOLFSSL_FATAL_ERROR;
  22689. }
  22690. }
  22691. if (ret == 0) {
  22692. ret = wc_ecc_ctx_reset(ctx, &rng);
  22693. }
  22694. /* Pass in bad args. */
  22695. if (ret == 0) {
  22696. ret = wc_ecc_ctx_reset(NULL, &rng);
  22697. if (ret == BAD_FUNC_ARG) {
  22698. ret = wc_ecc_ctx_reset(ctx, NULL);
  22699. }
  22700. if (ret == BAD_FUNC_ARG) {
  22701. ret = 0;
  22702. }
  22703. else if (ret == 0) {
  22704. ret = WOLFSSL_FATAL_ERROR;
  22705. }
  22706. }
  22707. if (wc_FreeRng(&rng) && ret == 0) {
  22708. ret = WOLFSSL_FATAL_ERROR;
  22709. }
  22710. wc_ecc_ctx_free(ctx);
  22711. res = TEST_RES_CHECK(ret == 0);
  22712. #endif
  22713. return res;
  22714. } /* END test_wc_ecc_ctx_reset */
  22715. /*
  22716. * Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt()
  22717. */
  22718. static int test_wc_ecc_ctx_set_peer_salt(void)
  22719. {
  22720. int res = TEST_SKIPPED;
  22721. #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
  22722. WC_RNG rng;
  22723. ecEncCtx* cliCtx = NULL;
  22724. ecEncCtx* servCtx = NULL;
  22725. const byte* cliSalt = NULL;
  22726. const byte* servSalt = NULL;
  22727. int ret = 0;
  22728. ret = wc_InitRng(&rng);
  22729. if (ret == 0) {
  22730. if ( ( (cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) ||
  22731. ( (servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng)) == NULL) ) {
  22732. ret = WOLFSSL_FATAL_ERROR;
  22733. }
  22734. }
  22735. /* Test bad args. */
  22736. if (ret == 0) {
  22737. cliSalt = wc_ecc_ctx_get_own_salt(NULL);
  22738. if (cliSalt != NULL) {
  22739. ret = WOLFSSL_FATAL_ERROR;
  22740. }
  22741. }
  22742. if (ret == 0) {
  22743. cliSalt = wc_ecc_ctx_get_own_salt(cliCtx);
  22744. servSalt = wc_ecc_ctx_get_own_salt(servCtx);
  22745. if (cliSalt == NULL || servSalt == NULL) {
  22746. ret = WOLFSSL_FATAL_ERROR;
  22747. }
  22748. }
  22749. if (ret == 0) {
  22750. ret = wc_ecc_ctx_set_peer_salt(cliCtx, servSalt);
  22751. }
  22752. /* Test bad args. */
  22753. if (ret == 0) {
  22754. ret = wc_ecc_ctx_set_peer_salt(NULL, servSalt);
  22755. if (ret == BAD_FUNC_ARG) {
  22756. ret = wc_ecc_ctx_set_peer_salt(cliCtx, NULL);
  22757. }
  22758. if (ret == BAD_FUNC_ARG) {
  22759. ret = 0;
  22760. }
  22761. else if (ret == 0) {
  22762. ret = WOLFSSL_FATAL_ERROR;
  22763. }
  22764. }
  22765. if (wc_FreeRng(&rng) && ret == 0) {
  22766. ret = WOLFSSL_FATAL_ERROR;
  22767. }
  22768. wc_ecc_ctx_free(cliCtx);
  22769. wc_ecc_ctx_free(servCtx);
  22770. res = TEST_RES_CHECK(ret == 0);
  22771. #endif
  22772. return res;
  22773. } /* END test_wc_ecc_ctx_set_peer_salt */
  22774. /*
  22775. * Testing wc_ecc_ctx_set_info()
  22776. */
  22777. static int test_wc_ecc_ctx_set_info(void)
  22778. {
  22779. int res = TEST_SKIPPED;
  22780. #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
  22781. ecEncCtx* ctx = NULL;
  22782. WC_RNG rng;
  22783. int ret;
  22784. const char* optInfo = "Optional Test Info.";
  22785. int optInfoSz = (int)XSTRLEN(optInfo);
  22786. const char* badOptInfo = NULL;
  22787. ret = wc_InitRng(&rng);
  22788. if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL || ret != 0 ) {
  22789. ret = WOLFSSL_FATAL_ERROR;
  22790. }
  22791. if (ret == 0) {
  22792. ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz);
  22793. }
  22794. /* Test bad args. */
  22795. if (ret == 0) {
  22796. ret = wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz);
  22797. if (ret == BAD_FUNC_ARG) {
  22798. ret = wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz);
  22799. }
  22800. if (ret == BAD_FUNC_ARG) {
  22801. ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1);
  22802. }
  22803. if (ret == BAD_FUNC_ARG) {
  22804. ret = 0;
  22805. }
  22806. else if (ret == 0) {
  22807. ret = WOLFSSL_FATAL_ERROR;
  22808. }
  22809. }
  22810. if (wc_FreeRng(&rng) && ret == 0) {
  22811. ret = WOLFSSL_FATAL_ERROR;
  22812. }
  22813. wc_ecc_ctx_free(ctx);
  22814. res = TEST_RES_CHECK(ret == 0);
  22815. #endif
  22816. return res;
  22817. } /* END test_wc_ecc_ctx_set_info */
  22818. /*
  22819. * Testing wc_ecc_encrypt() and wc_ecc_decrypt()
  22820. */
  22821. static int test_wc_ecc_encryptDecrypt(void)
  22822. {
  22823. int res = TEST_SKIPPED;
  22824. #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \
  22825. defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  22826. ecc_key srvKey, cliKey, tmpKey;
  22827. WC_RNG rng;
  22828. int ret;
  22829. const char* msg = "EccBlock Size 16";
  22830. word32 msgSz = (word32)XSTRLEN("EccBlock Size 16");
  22831. #ifdef WOLFSSL_ECIES_OLD
  22832. byte out[(sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE];
  22833. #elif defined(WOLFSSL_ECIES_GEN_IV)
  22834. byte out[KEY20 * 2 + 1 + AES_BLOCK_SIZE +
  22835. (sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE];
  22836. #else
  22837. byte out[KEY20 * 2 + 1 + (sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE];
  22838. #endif
  22839. word32 outSz = (word32)sizeof(out);
  22840. byte plain[sizeof("EccBlock Size 16")];
  22841. word32 plainSz = (word32)sizeof(plain);
  22842. int keySz = KEY20;
  22843. /* Init stack variables. */
  22844. XMEMSET(out, 0, outSz);
  22845. XMEMSET(plain, 0, plainSz);
  22846. XMEMSET(&rng, 0, sizeof(rng));
  22847. XMEMSET(&srvKey, 0, sizeof(srvKey));
  22848. XMEMSET(&cliKey, 0, sizeof(cliKey));
  22849. ret = wc_InitRng(&rng);
  22850. if (ret == 0) {
  22851. ret = wc_ecc_init(&cliKey);
  22852. if (ret == 0) {
  22853. ret = wc_ecc_make_key(&rng, keySz, &cliKey);
  22854. #if defined(WOLFSSL_ASYNC_CRYPT)
  22855. ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_NONE);
  22856. #endif
  22857. }
  22858. if (ret == 0) {
  22859. ret = wc_ecc_init(&srvKey);
  22860. }
  22861. if (ret == 0) {
  22862. ret = wc_ecc_make_key(&rng, keySz, &srvKey);
  22863. #if defined(WOLFSSL_ASYNC_CRYPT)
  22864. ret = wc_AsyncWait(ret, &srvKey.asyncDev, WC_ASYNC_FLAG_NONE);
  22865. #endif
  22866. }
  22867. if (ret == 0) {
  22868. ret = wc_ecc_init(&tmpKey);
  22869. }
  22870. }
  22871. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  22872. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  22873. !defined(HAVE_SELFTEST)
  22874. if (ret == 0) {
  22875. ret = wc_ecc_set_rng(&srvKey, &rng);
  22876. }
  22877. if (ret == 0) {
  22878. ret = wc_ecc_set_rng(&cliKey, &rng);
  22879. }
  22880. #endif
  22881. if (ret == 0) {
  22882. ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
  22883. &outSz, NULL);
  22884. }
  22885. if (ret == 0) {
  22886. ret = wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out,
  22887. &outSz, NULL);
  22888. if (ret == BAD_FUNC_ARG) {
  22889. ret = wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out,
  22890. &outSz, NULL);
  22891. }
  22892. if (ret == BAD_FUNC_ARG) {
  22893. ret = wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out,
  22894. &outSz, NULL);
  22895. }
  22896. if (ret == BAD_FUNC_ARG) {
  22897. ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL,
  22898. &outSz, NULL);
  22899. }
  22900. if (ret == BAD_FUNC_ARG) {
  22901. ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
  22902. NULL, NULL);
  22903. }
  22904. if (ret == BAD_FUNC_ARG) {
  22905. ret = 0;
  22906. }
  22907. else if (ret == 0) {
  22908. ret = WOLFSSL_FATAL_ERROR;
  22909. }
  22910. }
  22911. #ifdef WOLFSSL_ECIES_OLD
  22912. if (ret == 0) {
  22913. tmpKey.dp = cliKey.dp;
  22914. ret = wc_ecc_copy_point(&cliKey.pubkey, &tmpKey.pubkey);
  22915. }
  22916. #endif
  22917. if (ret == 0) {
  22918. ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain,
  22919. &plainSz, NULL);
  22920. }
  22921. if (ret == 0) {
  22922. ret = wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain,
  22923. &plainSz, NULL);
  22924. #ifdef WOLFSSL_ECIES_OLD
  22925. /* NULL parameter allowed in new implementations - public key comes from
  22926. * the message. */
  22927. if (ret == BAD_FUNC_ARG) {
  22928. ret = wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain,
  22929. &plainSz, NULL);
  22930. }
  22931. #endif
  22932. if (ret == BAD_FUNC_ARG) {
  22933. ret = wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain,
  22934. &plainSz, NULL);
  22935. }
  22936. if (ret == BAD_FUNC_ARG) {
  22937. ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL,
  22938. &plainSz, NULL);
  22939. }
  22940. if (ret == BAD_FUNC_ARG) {
  22941. ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz,
  22942. plain, NULL, NULL);
  22943. }
  22944. if (ret == BAD_FUNC_ARG) {
  22945. ret = 0;
  22946. }
  22947. else if (ret == 0) {
  22948. ret = WOLFSSL_FATAL_ERROR;
  22949. }
  22950. }
  22951. if (XMEMCMP(msg, plain, msgSz) != 0) {
  22952. ret = WOLFSSL_FATAL_ERROR;
  22953. }
  22954. if (wc_FreeRng(&rng) && ret == 0) {
  22955. ret = WOLFSSL_FATAL_ERROR;
  22956. }
  22957. wc_ecc_free(&tmpKey);
  22958. wc_ecc_free(&cliKey);
  22959. wc_ecc_free(&srvKey);
  22960. res = TEST_RES_CHECK(ret == 0);
  22961. #endif
  22962. return res;
  22963. } /* END test_wc_ecc_encryptDecrypt */
  22964. /*
  22965. * Testing wc_ecc_del_point() and wc_ecc_new_point()
  22966. */
  22967. static int test_wc_ecc_del_point(void)
  22968. {
  22969. int res = TEST_SKIPPED;
  22970. #if defined(HAVE_ECC)
  22971. ecc_point* pt;
  22972. pt = wc_ecc_new_point();
  22973. wc_ecc_del_point(pt);
  22974. res = TEST_RES_CHECK(pt != NULL);
  22975. #endif
  22976. return res;
  22977. } /* END test_wc_ecc_del_point */
  22978. /*
  22979. * Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(),
  22980. * wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(),
  22981. * and wc_ecc_cmp_point()
  22982. */
  22983. static int test_wc_ecc_pointFns(void)
  22984. {
  22985. int res = TEST_SKIPPED;
  22986. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
  22987. !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
  22988. !defined(WOLFSSL_ATECC608A)
  22989. ecc_key key;
  22990. WC_RNG rng;
  22991. int ret;
  22992. ecc_point* point = NULL;
  22993. ecc_point* cpypt = NULL;
  22994. int idx = 0;
  22995. int keySz = KEY32;
  22996. byte der[DER_SZ(KEY32)];
  22997. word32 derlenChk = 0;
  22998. word32 derSz = DER_SZ(KEY32);
  22999. /* Init stack variables. */
  23000. XMEMSET(der, 0, derSz);
  23001. XMEMSET(&rng, 0, sizeof(rng));
  23002. XMEMSET(&key, 0, sizeof(key));
  23003. ret = wc_InitRng(&rng);
  23004. if (ret == 0) {
  23005. ret = wc_ecc_init(&key);
  23006. if (ret == 0) {
  23007. ret = wc_ecc_make_key(&rng, keySz, &key);
  23008. #if defined(WOLFSSL_ASYNC_CRYPT)
  23009. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  23010. #endif
  23011. }
  23012. }
  23013. if (ret == 0) {
  23014. point = wc_ecc_new_point();
  23015. if (!point) {
  23016. ret = WOLFSSL_FATAL_ERROR;
  23017. }
  23018. }
  23019. if (ret == 0) {
  23020. cpypt = wc_ecc_new_point();
  23021. if (!cpypt) {
  23022. ret = WOLFSSL_FATAL_ERROR;
  23023. }
  23024. }
  23025. /* Export */
  23026. if (ret == 0) {
  23027. ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
  23028. NULL, &derlenChk);
  23029. /* Check length value. */
  23030. if (derSz == derlenChk && ret == LENGTH_ONLY_E) {
  23031. ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
  23032. der, &derSz);
  23033. }
  23034. }
  23035. /* Test bad args. */
  23036. if (ret == 0) {
  23037. ret = wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz);
  23038. if (ret == ECC_BAD_ARG_E) {
  23039. ret = wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz);
  23040. }
  23041. if (ret == ECC_BAD_ARG_E) {
  23042. ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
  23043. der, NULL);
  23044. }
  23045. if (ret == ECC_BAD_ARG_E) {
  23046. ret = 0;
  23047. }
  23048. else if (ret == 0) {
  23049. ret = WOLFSSL_FATAL_ERROR;
  23050. }
  23051. }
  23052. /* Import */
  23053. if (ret == 0) {
  23054. ret = wc_ecc_import_point_der(der, derSz, idx, point);
  23055. /* Condition double checks wc_ecc_cmp_point(). */
  23056. if (ret == 0 &&
  23057. XMEMCMP((void *)&key.pubkey, (void *)point, sizeof(key.pubkey))) {
  23058. ret = wc_ecc_cmp_point(&key.pubkey, point);
  23059. }
  23060. }
  23061. /* Test bad args. */
  23062. if (ret == 0) {
  23063. ret = wc_ecc_import_point_der(NULL, derSz, idx, point);
  23064. if (ret == ECC_BAD_ARG_E) {
  23065. ret = wc_ecc_import_point_der(der, derSz, idx, NULL);
  23066. }
  23067. if (ret == ECC_BAD_ARG_E) {
  23068. ret = wc_ecc_import_point_der(der, derSz, -1, point);
  23069. }
  23070. if (ret == ECC_BAD_ARG_E) {
  23071. ret = wc_ecc_import_point_der(der, derSz + 1, idx, point);
  23072. }
  23073. if (ret == ECC_BAD_ARG_E) {
  23074. ret = 0;
  23075. }
  23076. else if (ret == 0) {
  23077. ret = WOLFSSL_FATAL_ERROR;
  23078. }
  23079. }
  23080. /* Copy */
  23081. if (ret == 0) {
  23082. ret = wc_ecc_copy_point(point, cpypt);
  23083. }
  23084. /* Test bad args. */
  23085. if (ret == 0) {
  23086. ret = wc_ecc_copy_point(NULL, cpypt);
  23087. if (ret == ECC_BAD_ARG_E) {
  23088. ret = wc_ecc_copy_point(point, NULL);
  23089. }
  23090. if (ret == ECC_BAD_ARG_E) {
  23091. ret = 0;
  23092. }
  23093. else if (ret == 0) {
  23094. ret = WOLFSSL_FATAL_ERROR;
  23095. }
  23096. }
  23097. /* Compare point */
  23098. if (ret == 0) {
  23099. ret = wc_ecc_cmp_point(point, cpypt);
  23100. }
  23101. /* Test bad args. */
  23102. if (ret == 0) {
  23103. ret = wc_ecc_cmp_point(NULL, cpypt);
  23104. if (ret == BAD_FUNC_ARG) {
  23105. ret = wc_ecc_cmp_point(point, NULL);
  23106. }
  23107. if (ret == BAD_FUNC_ARG) {
  23108. ret = 0;
  23109. }
  23110. else if (ret == 0) {
  23111. ret = WOLFSSL_FATAL_ERROR;
  23112. }
  23113. }
  23114. /* At infinity if return == 1, otherwise return == 0. */
  23115. if (ret == 0) {
  23116. ret = wc_ecc_point_is_at_infinity(point);
  23117. }
  23118. /* Test bad args. */
  23119. if (ret == 0) {
  23120. ret = wc_ecc_point_is_at_infinity(NULL);
  23121. if (ret == BAD_FUNC_ARG) {
  23122. ret = 0;
  23123. }
  23124. else if (ret == 0) {
  23125. ret = WOLFSSL_FATAL_ERROR;
  23126. }
  23127. }
  23128. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  23129. #ifdef USE_ECC_B_PARAM
  23130. /* On curve if ret == 0 */
  23131. if (ret == 0) {
  23132. ret = wc_ecc_point_is_on_curve(point, idx);
  23133. }
  23134. /* Test bad args. */
  23135. if (ret == 0) {
  23136. ret = wc_ecc_point_is_on_curve(NULL, idx);
  23137. if (ret == BAD_FUNC_ARG) {
  23138. ret = wc_ecc_point_is_on_curve(point, 1000);
  23139. }
  23140. if (ret == ECC_BAD_ARG_E) {
  23141. ret = 0;
  23142. }
  23143. else if (ret == 0) {
  23144. ret = WOLFSSL_FATAL_ERROR;
  23145. }
  23146. }
  23147. #endif /* USE_ECC_B_PARAM */
  23148. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  23149. /* Free */
  23150. wc_ecc_del_point(point);
  23151. wc_ecc_del_point(cpypt);
  23152. wc_ecc_free(&key);
  23153. if (wc_FreeRng(&rng) && ret == 0) {
  23154. ret = WOLFSSL_FATAL_ERROR;
  23155. }
  23156. res = TEST_RES_CHECK(ret == 0);
  23157. #endif
  23158. return res;
  23159. } /* END test_wc_ecc_pointFns */
  23160. /*
  23161. * Testing wc_ecc_sahred_secret_ssh()
  23162. */
  23163. static int test_wc_ecc_shared_secret_ssh(void)
  23164. {
  23165. int res = TEST_SKIPPED;
  23166. #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
  23167. !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
  23168. !defined(WOLFSSL_ATECC608A)
  23169. ecc_key key, key2;
  23170. WC_RNG rng;
  23171. int ret;
  23172. int keySz = KEY32;
  23173. int key2Sz = KEY24;
  23174. byte secret[KEY32];
  23175. word32 secretLen = keySz;
  23176. /* Init stack variables. */
  23177. XMEMSET(secret, 0, secretLen);
  23178. XMEMSET(&rng, 0, sizeof(rng));
  23179. XMEMSET(&key, 0, sizeof(key));
  23180. XMEMSET(&key2, 0, sizeof(key2));
  23181. /* Make keys */
  23182. ret = wc_InitRng(&rng);
  23183. if (ret == 0) {
  23184. ret = wc_ecc_init(&key);
  23185. if (ret == 0) {
  23186. ret = wc_ecc_make_key(&rng, keySz, &key);
  23187. #if defined(WOLFSSL_ASYNC_CRYPT)
  23188. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  23189. #endif
  23190. }
  23191. if (wc_FreeRng(&rng) && ret == 0) {
  23192. ret = WOLFSSL_FATAL_ERROR;
  23193. }
  23194. }
  23195. if (ret == 0) {
  23196. ret = wc_InitRng(&rng);
  23197. if (ret == 0) {
  23198. ret = wc_ecc_init(&key2);
  23199. }
  23200. if (ret == 0) {
  23201. ret = wc_ecc_make_key(&rng, key2Sz, &key2);
  23202. #if defined(WOLFSSL_ASYNC_CRYPT)
  23203. ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE);
  23204. #endif
  23205. }
  23206. }
  23207. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  23208. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  23209. !defined(HAVE_SELFTEST)
  23210. if (ret == 0) {
  23211. ret = wc_ecc_set_rng(&key, &rng);
  23212. }
  23213. #endif
  23214. if (ret == 0) {
  23215. ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
  23216. }
  23217. /* Pass in bad args. */
  23218. if (ret == 0) {
  23219. ret = wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret, &secretLen);
  23220. if (ret == BAD_FUNC_ARG) {
  23221. ret = wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen);
  23222. }
  23223. if (ret == BAD_FUNC_ARG) {
  23224. ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen);
  23225. }
  23226. if (ret == BAD_FUNC_ARG) {
  23227. ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL);
  23228. }
  23229. if (ret == BAD_FUNC_ARG) {
  23230. key.type = ECC_PUBLICKEY;
  23231. ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
  23232. if (ret == ECC_BAD_ARG_E) {
  23233. ret = 0;
  23234. }
  23235. else if (ret == 0) {
  23236. ret = WOLFSSL_FATAL_ERROR;
  23237. }
  23238. }
  23239. else if (ret == 0) {
  23240. ret = WOLFSSL_FATAL_ERROR;
  23241. }
  23242. }
  23243. if (wc_FreeRng(&rng) && ret == 0) {
  23244. ret = WOLFSSL_FATAL_ERROR;
  23245. }
  23246. wc_ecc_free(&key);
  23247. wc_ecc_free(&key2);
  23248. #ifdef FP_ECC
  23249. wc_ecc_fp_free();
  23250. #endif
  23251. res = TEST_RES_CHECK(ret == 0);
  23252. #endif
  23253. return res;
  23254. } /* END test_wc_ecc_shared_secret_ssh */
  23255. /*
  23256. * Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex()
  23257. */
  23258. static int test_wc_ecc_verify_hash_ex(void)
  23259. {
  23260. int res = TEST_SKIPPED;
  23261. #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
  23262. && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
  23263. !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC)
  23264. ecc_key key;
  23265. WC_RNG rng;
  23266. int ret;
  23267. mp_int r;
  23268. mp_int s;
  23269. mp_int z;
  23270. unsigned char hash[] = "Everyone gets Friday off.EccSig";
  23271. unsigned char iHash[] = "Everyone gets Friday off.......";
  23272. unsigned char shortHash[] = TEST_STRING;
  23273. word32 hashlen = sizeof(hash);
  23274. word32 iHashLen = sizeof(iHash);
  23275. word32 shortHashLen = sizeof(shortHash);
  23276. int keySz = KEY32;
  23277. int sig = WOLFSSL_FATAL_ERROR;
  23278. int ver = WOLFSSL_FATAL_ERROR;
  23279. int verify_ok = 0;
  23280. /* Initialize r and s. */
  23281. ret = mp_init_multi(&r, &s, &z, NULL, NULL, NULL);
  23282. if (ret != MP_OKAY) {
  23283. return MP_INIT_E;
  23284. }
  23285. ret = wc_InitRng(&rng);
  23286. if (ret == 0) {
  23287. ret = wc_ecc_init(&key);
  23288. if (ret == 0) {
  23289. ret = wc_ecc_make_key(&rng, keySz, &key);
  23290. #if defined(WOLFSSL_ASYNC_CRYPT)
  23291. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  23292. #endif
  23293. }
  23294. }
  23295. if (ret == 0) {
  23296. ret = wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s);
  23297. if (ret == 0) {
  23298. /* verify_ok should be 1. */
  23299. ret = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key);
  23300. if (verify_ok != 1 && ret == 0) {
  23301. ret = WOLFSSL_FATAL_ERROR;
  23302. }
  23303. }
  23304. if (ret == 0) {
  23305. /* verify_ok should be 0 */
  23306. ret = wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen,
  23307. &verify_ok, &key);
  23308. if (verify_ok != 0 && ret == 0) {
  23309. ret = WOLFSSL_FATAL_ERROR;
  23310. }
  23311. }
  23312. if (ret == 0) {
  23313. /* verify_ok should be 0. */
  23314. ret = wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
  23315. &verify_ok, &key);
  23316. if (verify_ok != 0 && ret == 0) {
  23317. ret = WOLFSSL_FATAL_ERROR;
  23318. }
  23319. }
  23320. }
  23321. /* Test bad args. */
  23322. if (ret == 0) {
  23323. if (wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s)
  23324. == ECC_BAD_ARG_E) {
  23325. sig = 0;
  23326. }
  23327. if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s)
  23328. != ECC_BAD_ARG_E) {
  23329. sig = WOLFSSL_FATAL_ERROR;
  23330. }
  23331. if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s)
  23332. != ECC_BAD_ARG_E) {
  23333. sig = WOLFSSL_FATAL_ERROR;
  23334. }
  23335. if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s)
  23336. != ECC_BAD_ARG_E) {
  23337. sig = WOLFSSL_FATAL_ERROR;
  23338. }
  23339. if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL)
  23340. != ECC_BAD_ARG_E) {
  23341. sig = WOLFSSL_FATAL_ERROR;
  23342. }
  23343. }
  23344. /* Test bad args. */
  23345. if (ret == 0) {
  23346. if (wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen, &verify_ok, &key)
  23347. == ECC_BAD_ARG_E) {
  23348. ver = 0;
  23349. }
  23350. if (ver == 0 && wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen,
  23351. &verify_ok, &key) != ECC_BAD_ARG_E) {
  23352. ver = WOLFSSL_FATAL_ERROR;
  23353. }
  23354. if (wc_ecc_verify_hash_ex(&z, &s, shortHash, shortHashLen, &verify_ok, &key)
  23355. != MP_ZERO_E) {
  23356. ver = WOLFSSL_FATAL_ERROR;
  23357. }
  23358. if (wc_ecc_verify_hash_ex(&r, &z, shortHash, shortHashLen, &verify_ok, &key)
  23359. != MP_ZERO_E) {
  23360. ver = WOLFSSL_FATAL_ERROR;
  23361. }
  23362. if (wc_ecc_verify_hash_ex(&z, &z, shortHash, shortHashLen, &verify_ok, &key)
  23363. != MP_ZERO_E) {
  23364. ver = WOLFSSL_FATAL_ERROR;
  23365. }
  23366. if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok,
  23367. &key) != ECC_BAD_ARG_E) {
  23368. ver = WOLFSSL_FATAL_ERROR;
  23369. }
  23370. if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
  23371. NULL, &key) != ECC_BAD_ARG_E) {
  23372. ver = WOLFSSL_FATAL_ERROR;
  23373. }
  23374. if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
  23375. &verify_ok, NULL) != ECC_BAD_ARG_E) {
  23376. ver = WOLFSSL_FATAL_ERROR;
  23377. }
  23378. }
  23379. wc_ecc_free(&key);
  23380. mp_free(&r);
  23381. mp_free(&s);
  23382. if (wc_FreeRng(&rng)) {
  23383. return WOLFSSL_FATAL_ERROR;
  23384. }
  23385. if (ret == 0 && (sig != 0 || ver != 0)) {
  23386. ret = WOLFSSL_FATAL_ERROR;
  23387. }
  23388. res = TEST_RES_CHECK(ret == 0);
  23389. #endif
  23390. return res;
  23391. } /* END test_wc_ecc_verify_hash_ex */
  23392. /*
  23393. * Testing wc_ecc_mulmod()
  23394. */
  23395. static int test_wc_ecc_mulmod(void)
  23396. {
  23397. int res = TEST_SKIPPED;
  23398. #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
  23399. !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
  23400. defined(WOLFSSL_VALIDATE_ECC_IMPORT))
  23401. ecc_key key1, key2, key3;
  23402. WC_RNG rng;
  23403. int ret = 0;
  23404. ret = wc_InitRng(&rng);
  23405. if (ret == 0) {
  23406. ret = wc_ecc_init(&key1);
  23407. if (ret == 0) {
  23408. ret = wc_ecc_init(&key2);
  23409. }
  23410. if (ret == 0) {
  23411. ret = wc_ecc_init(&key3);
  23412. }
  23413. if (ret == 0) {
  23414. ret = wc_ecc_make_key(&rng, KEY32, &key1);
  23415. #if defined(WOLFSSL_ASYNC_CRYPT)
  23416. ret = wc_AsyncWait(ret, &key1.asyncDev, WC_ASYNC_FLAG_NONE);
  23417. #endif
  23418. }
  23419. wc_FreeRng(&rng);
  23420. }
  23421. if (ret == 0) {
  23422. ret = wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy, key1.dp->Af,
  23423. ECC_SECP256R1);
  23424. if (ret == 0) {
  23425. ret = wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy,
  23426. key1.dp->prime, ECC_SECP256R1);
  23427. }
  23428. }
  23429. if (ret == 0) {
  23430. ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, &key2.k,
  23431. &key3.k, 1);
  23432. }
  23433. /* Test bad args. */
  23434. if (ret == 0) {
  23435. ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey, &key2.k,
  23436. &key3.k, 1);
  23437. if (ret == ECC_BAD_ARG_E) {
  23438. ret = wc_ecc_mulmod(&key1.k, NULL, &key3.pubkey, &key2.k,
  23439. &key3.k, 1);
  23440. }
  23441. if (ret == ECC_BAD_ARG_E) {
  23442. ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, NULL, &key2.k,
  23443. &key3.k, 1);
  23444. }
  23445. if (ret == ECC_BAD_ARG_E) {
  23446. ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey,
  23447. &key2.k, NULL, 1);
  23448. }
  23449. if (ret == ECC_BAD_ARG_E) {
  23450. ret = 0;
  23451. }
  23452. else if (ret == 0) {
  23453. ret = WOLFSSL_FATAL_ERROR;
  23454. }
  23455. }
  23456. wc_ecc_free(&key1);
  23457. wc_ecc_free(&key2);
  23458. wc_ecc_free(&key3);
  23459. #ifdef FP_ECC
  23460. wc_ecc_fp_free();
  23461. #endif
  23462. res = TEST_RES_CHECK(ret == 0);
  23463. #endif /* HAVE_ECC && !WOLFSSL_ATECC508A */
  23464. return res;
  23465. } /* END test_wc_ecc_mulmod */
  23466. /*
  23467. * Testing wc_ecc_is_valid_idx()
  23468. */
  23469. static int test_wc_ecc_is_valid_idx(void)
  23470. {
  23471. int res = TEST_SKIPPED;
  23472. #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
  23473. ecc_key key;
  23474. WC_RNG rng;
  23475. int ret;
  23476. int iVal = -2;
  23477. int iVal2 = 3000;
  23478. XMEMSET(&rng, 0, sizeof(rng));
  23479. XMEMSET(&key, 0, sizeof(key));
  23480. ret = wc_InitRng(&rng);
  23481. if (ret == 0) {
  23482. ret = wc_ecc_init(&key);
  23483. if (ret == 0) {
  23484. ret = wc_ecc_make_key(&rng, 32, &key);
  23485. #if defined(WOLFSSL_ASYNC_CRYPT)
  23486. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  23487. #endif
  23488. }
  23489. }
  23490. if (ret == 0) {
  23491. ret = wc_ecc_is_valid_idx(key.idx);
  23492. if (ret == 1) {
  23493. ret = 0;
  23494. }
  23495. else {
  23496. ret = WOLFSSL_FATAL_ERROR;
  23497. }
  23498. }
  23499. /* Test bad args. */
  23500. if (ret == 0) {
  23501. ret = wc_ecc_is_valid_idx(iVal); /* should return 0 */
  23502. if (ret == 0) {
  23503. ret = wc_ecc_is_valid_idx(iVal2);
  23504. }
  23505. if (ret != 0) {
  23506. ret = WOLFSSL_FATAL_ERROR;
  23507. }
  23508. }
  23509. if (wc_FreeRng(&rng) && ret == 0) {
  23510. ret = WOLFSSL_FATAL_ERROR;
  23511. }
  23512. wc_ecc_free(&key);
  23513. #ifdef FP_ECC
  23514. wc_ecc_fp_free();
  23515. #endif
  23516. res = TEST_RES_CHECK(ret == 0);
  23517. #endif
  23518. return res;
  23519. } /* END test_wc_ecc_is_valid_idx */
  23520. /*
  23521. * Testing wc_ecc_get_curve_id_from_oid()
  23522. */
  23523. static int test_wc_ecc_get_curve_id_from_oid(void)
  23524. {
  23525. int res = TEST_SKIPPED;
  23526. #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
  23527. !defined(HAVE_FIPS)
  23528. const byte oid[] = {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07};
  23529. word32 len = sizeof(oid);
  23530. int ret;
  23531. /* Bad Cases */
  23532. ret = wc_ecc_get_curve_id_from_oid(NULL, len);
  23533. if (ret == BAD_FUNC_ARG) {
  23534. ret = 0;
  23535. }
  23536. if (ret == 0) {
  23537. ret = wc_ecc_get_curve_id_from_oid(oid, 0);
  23538. if (ret == ECC_CURVE_INVALID) {
  23539. ret = 0;
  23540. }
  23541. }
  23542. /* Good Case */
  23543. if (ret == 0) {
  23544. ret = wc_ecc_get_curve_id_from_oid(oid, len);
  23545. if (ret == ECC_SECP256R1) {
  23546. ret = 0;
  23547. }
  23548. }
  23549. res = TEST_RES_CHECK(ret == 0);
  23550. #endif
  23551. return res;
  23552. }/* END test_wc_ecc_get_curve_id_from_oid */
  23553. /*
  23554. * Testing wc_ecc_sig_size_calc()
  23555. */
  23556. static int test_wc_ecc_sig_size_calc(void)
  23557. {
  23558. int res = TEST_SKIPPED;
  23559. #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST)
  23560. ecc_key key;
  23561. WC_RNG rng;
  23562. int sz = 0;
  23563. int ret = 0;
  23564. ret = wc_InitRng(&rng);
  23565. if (ret == 0) {
  23566. ret = wc_ecc_init(&key);
  23567. if (ret == 0) {
  23568. ret = wc_ecc_make_key(&rng, 16, &key);
  23569. #if defined(WOLFSSL_ASYNC_CRYPT)
  23570. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
  23571. #endif
  23572. }
  23573. sz = key.dp->size;
  23574. }
  23575. if (ret == 0) {
  23576. ret = wc_ecc_sig_size_calc(sz);
  23577. if (ret > 0) {
  23578. ret = 0;
  23579. }
  23580. }
  23581. wc_ecc_free(&key);
  23582. wc_FreeRng(&rng);
  23583. res = TEST_RES_CHECK(ret == 0);
  23584. #endif
  23585. return res;
  23586. } /* END test_wc_ecc_sig_size_calc */
  23587. /*
  23588. * Testing ToTraditional
  23589. */
  23590. static int test_ToTraditional(void)
  23591. {
  23592. int res = TEST_SKIPPED;
  23593. #if !defined(NO_ASN) && (defined(HAVE_PKCS8) || defined(HAVE_PKCS12)) && \
  23594. (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
  23595. defined(OPENSSL_EXTRA_X509_SMALL))
  23596. XFILE f;
  23597. byte input[TWOK_BUF];
  23598. word32 sz;
  23599. int ret;
  23600. f = XFOPEN("./certs/server-keyPkcs8.der", "rb");
  23601. AssertTrue((f != XBADFILE));
  23602. sz = (word32)XFREAD(input, 1, sizeof(input), f);
  23603. XFCLOSE(f);
  23604. /* Good case */
  23605. ret = ToTraditional(input, sz);
  23606. if (ret > 0) {
  23607. ret = 0;
  23608. }
  23609. /* Bad cases */
  23610. if (ret == 0) {
  23611. ret = ToTraditional(NULL, 0);
  23612. if (ret == BAD_FUNC_ARG) {
  23613. ret = 0;
  23614. }
  23615. }
  23616. if (ret == 0) {
  23617. ret = ToTraditional(NULL, sz);
  23618. if (ret == BAD_FUNC_ARG) {
  23619. ret = 0;
  23620. }
  23621. }
  23622. if (ret == 0) {
  23623. ret = ToTraditional(input, 0);
  23624. if (ret == ASN_PARSE_E || ret == BUFFER_E) {
  23625. ret = 0;
  23626. }
  23627. }
  23628. res = TEST_RES_CHECK(ret == 0);
  23629. #endif
  23630. return res;
  23631. }/* End test_ToTraditional*/
  23632. /*
  23633. * Testing wc_EccPrivateKeyToDer
  23634. */
  23635. static int test_wc_EccPrivateKeyToDer(void)
  23636. {
  23637. int res = TEST_SKIPPED;
  23638. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  23639. byte output[ONEK_BUF];
  23640. ecc_key eccKey;
  23641. WC_RNG rng;
  23642. word32 inLen;
  23643. int ret;
  23644. ret = wc_InitRng(&rng);
  23645. if (ret == 0) {
  23646. ret = wc_ecc_init(&eccKey);
  23647. if (ret == 0) {
  23648. ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
  23649. #if defined(WOLFSSL_ASYNC_CRYPT)
  23650. ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE);
  23651. #endif
  23652. }
  23653. inLen = (word32)sizeof(output);
  23654. /* Bad Cases */
  23655. if (ret == 0) {
  23656. ret = wc_EccPrivateKeyToDer(NULL, NULL, 0);
  23657. if (ret == BAD_FUNC_ARG) {
  23658. ret = 0;
  23659. }
  23660. }
  23661. if (ret == 0) {
  23662. ret = wc_EccPrivateKeyToDer(NULL, output, inLen);
  23663. if (ret == BAD_FUNC_ARG) {
  23664. ret = 0;
  23665. }
  23666. }
  23667. if (ret == 0) {
  23668. ret = wc_EccPrivateKeyToDer(&eccKey, NULL, inLen);
  23669. if (ret == LENGTH_ONLY_E) {
  23670. ret = 0;
  23671. }
  23672. }
  23673. if (ret == 0) {
  23674. ret = wc_EccPrivateKeyToDer(&eccKey, output, 0);
  23675. if (ret == BAD_FUNC_ARG) {
  23676. ret = 0;
  23677. }
  23678. }
  23679. /*Good Case */
  23680. if (ret == 0) {
  23681. ret = wc_EccPrivateKeyToDer(&eccKey, output, inLen);
  23682. if (ret > 0) {
  23683. #if defined(OPENSSL_EXTRA) && defined(HAVE_ALL_CURVES)
  23684. /* test importing private only into a PKEY struct */
  23685. EC_KEY* ec;
  23686. EVP_PKEY* pkey;
  23687. const unsigned char* der = output;
  23688. pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &der, ret);
  23689. AssertNotNull(pkey);
  23690. der = output;
  23691. ec = d2i_ECPrivateKey(NULL, &der, ret);
  23692. AssertNotNull(ec);
  23693. AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ec), SSL_SUCCESS);
  23694. EVP_PKEY_free(pkey); /* EC_KEY should be free'd by free'ing pkey */
  23695. #endif
  23696. ret = 0;
  23697. }
  23698. }
  23699. wc_ecc_free(&eccKey);
  23700. }
  23701. wc_FreeRng(&rng);
  23702. res = TEST_RES_CHECK(ret == 0);
  23703. #endif
  23704. return res;
  23705. }/* End test_wc_EccPrivateKeyToDer*/
  23706. /*
  23707. * Testing wc_DhPublicKeyDecode
  23708. */
  23709. static int test_wc_DhPublicKeyDecode(void)
  23710. {
  23711. int res = TEST_SKIPPED;
  23712. #ifndef NO_DH
  23713. #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)
  23714. DhKey key;
  23715. word32 inOutIdx;
  23716. AssertIntEQ(wc_InitDhKey(&key), 0);
  23717. AssertIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0),
  23718. BAD_FUNC_ARG);
  23719. AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
  23720. BAD_FUNC_ARG);
  23721. AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
  23722. BAD_FUNC_ARG);
  23723. inOutIdx = 0;
  23724. AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0),
  23725. BAD_FUNC_ARG);
  23726. inOutIdx = 0;
  23727. AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0),
  23728. BAD_FUNC_ARG);
  23729. inOutIdx = 0;
  23730. AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,
  23731. sizeof_dh_pub_key_der_2048), 0);
  23732. AssertTrue(key.p.used != 0 && key.g.used != 0 && key.q.used == 0 &&
  23733. key.pub.used != 0 && key.priv.used == 0);
  23734. wc_FreeDhKey(&key);
  23735. res = TEST_RES_CHECK(1);
  23736. #endif
  23737. #endif /* !NO_DH */
  23738. return res;
  23739. }
  23740. /*
  23741. * Testing wc_Ed25519KeyToDer
  23742. */
  23743. static int test_wc_Ed25519KeyToDer(void)
  23744. {
  23745. int res = TEST_SKIPPED;
  23746. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
  23747. (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
  23748. byte output[ONEK_BUF];
  23749. ed25519_key ed25519Key;
  23750. WC_RNG rng;
  23751. word32 inLen;
  23752. int ret;
  23753. ret = wc_InitRng(&rng);
  23754. if (ret == 0) {
  23755. ret = wc_ed25519_init(&ed25519Key);
  23756. if (ret == 0) {
  23757. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
  23758. }
  23759. inLen = (word32)sizeof(output);
  23760. /* Bad Cases */
  23761. if (ret == 0) {
  23762. ret = wc_Ed25519KeyToDer(NULL, NULL, 0);
  23763. if (ret == BAD_FUNC_ARG) {
  23764. ret = 0;
  23765. }
  23766. }
  23767. if (ret == 0) {
  23768. ret = wc_Ed25519KeyToDer(NULL, output, inLen);
  23769. if (ret == BAD_FUNC_ARG) {
  23770. ret = 0;
  23771. }
  23772. }
  23773. if (ret == 0) {
  23774. ret = wc_Ed25519KeyToDer(&ed25519Key, output, 0);
  23775. if (ret == BAD_FUNC_ARG) {
  23776. ret = 0;
  23777. }
  23778. }
  23779. /* Good Cases */
  23780. if (ret == 0) {
  23781. /* length only */
  23782. ret = wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen);
  23783. if (ret > 0) {
  23784. ret = 0;
  23785. }
  23786. }
  23787. if (ret == 0) {
  23788. ret = wc_Ed25519KeyToDer(&ed25519Key, output, inLen);
  23789. if (ret > 0) {
  23790. ret = 0;
  23791. }
  23792. }
  23793. wc_ed25519_free(&ed25519Key);
  23794. }
  23795. wc_FreeRng(&rng);
  23796. res = TEST_RES_CHECK(ret == 0);
  23797. #endif
  23798. return res;
  23799. }/* End test_wc_Ed25519KeyToDer*/
  23800. /*
  23801. * Testing wc_Ed25519PrivateKeyToDer
  23802. */
  23803. static int test_wc_Ed25519PrivateKeyToDer(void)
  23804. {
  23805. int res = TEST_SKIPPED;
  23806. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
  23807. (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
  23808. byte output[ONEK_BUF];
  23809. ed25519_key ed25519PrivKey;
  23810. WC_RNG rng;
  23811. word32 inLen;
  23812. int ret;
  23813. ret = wc_InitRng(&rng);
  23814. if (ret == 0) {
  23815. ret = wc_ed25519_init(&ed25519PrivKey);
  23816. if (ret == 0) {
  23817. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey);
  23818. }
  23819. inLen = (word32)sizeof(output);
  23820. /* Bad Cases */
  23821. if (ret == 0) {
  23822. ret = wc_Ed25519PrivateKeyToDer(NULL, NULL, 0);
  23823. if (ret == BAD_FUNC_ARG) {
  23824. ret = 0;
  23825. }
  23826. }
  23827. if (ret == 0) {
  23828. ret = wc_Ed25519PrivateKeyToDer(NULL, output, inLen);
  23829. if (ret == BAD_FUNC_ARG) {
  23830. ret = 0;
  23831. }
  23832. }
  23833. if (ret == 0) {
  23834. ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0);
  23835. if (ret == BAD_FUNC_ARG) {
  23836. ret = 0;
  23837. }
  23838. }
  23839. /* Good Cases */
  23840. if (ret == 0) {
  23841. /* length only */
  23842. ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen);
  23843. if (ret > 0) {
  23844. ret = 0;
  23845. }
  23846. }
  23847. if (ret == 0) {
  23848. ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen);
  23849. if (ret > 0) {
  23850. ret = 0;
  23851. }
  23852. }
  23853. wc_ed25519_free(&ed25519PrivKey);
  23854. }
  23855. wc_FreeRng(&rng);
  23856. res = TEST_RES_CHECK(ret == 0);
  23857. #endif
  23858. return res;
  23859. }/* End test_wc_Ed25519PrivateKeyToDer*/
  23860. /*
  23861. * Testing wc_Ed448KeyToDer
  23862. */
  23863. static int test_wc_Ed448KeyToDer(void)
  23864. {
  23865. int res = TEST_SKIPPED;
  23866. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
  23867. (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
  23868. byte output[ONEK_BUF];
  23869. ed448_key ed448Key;
  23870. WC_RNG rng;
  23871. word32 inLen;
  23872. int ret;
  23873. ret = wc_InitRng(&rng);
  23874. if (ret == 0) {
  23875. ret = wc_ed448_init(&ed448Key);
  23876. if (ret == 0) {
  23877. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
  23878. }
  23879. inLen = sizeof(output);
  23880. /* Bad Cases */
  23881. if (ret == 0) {
  23882. ret = wc_Ed448KeyToDer(NULL, NULL, 0);
  23883. if (ret == BAD_FUNC_ARG) {
  23884. ret = 0;
  23885. }
  23886. }
  23887. if (ret == 0) {
  23888. ret = wc_Ed448KeyToDer(NULL, output, inLen);
  23889. if (ret == BAD_FUNC_ARG) {
  23890. ret = 0;
  23891. }
  23892. }
  23893. if (ret == 0) {
  23894. ret = wc_Ed448KeyToDer(&ed448Key, output, 0);
  23895. if (ret == BAD_FUNC_ARG) {
  23896. ret = 0;
  23897. }
  23898. }
  23899. /* Good Cases */
  23900. if (ret == 0) {
  23901. /* length only */
  23902. ret = wc_Ed448KeyToDer(&ed448Key, NULL, inLen);
  23903. if (ret > 0) {
  23904. ret = 0;
  23905. }
  23906. }
  23907. if (ret == 0) {
  23908. ret = wc_Ed448KeyToDer(&ed448Key, output, inLen);
  23909. if (ret > 0) {
  23910. ret = 0;
  23911. }
  23912. }
  23913. wc_ed448_free(&ed448Key);
  23914. }
  23915. wc_FreeRng(&rng);
  23916. res = TEST_RES_CHECK(ret == 0);
  23917. #endif
  23918. return res;
  23919. }/* End test_wc_Ed448KeyToDer*/
  23920. /*
  23921. * Testing wc_Ed448PrivateKeyToDer
  23922. */
  23923. static int test_wc_Ed448PrivateKeyToDer(void)
  23924. {
  23925. int res = TEST_SKIPPED;
  23926. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
  23927. (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
  23928. byte output[ONEK_BUF];
  23929. ed448_key ed448PrivKey;
  23930. WC_RNG rng;
  23931. word32 inLen;
  23932. int ret;
  23933. ret = wc_InitRng(&rng);
  23934. if (ret == 0) {
  23935. ret = wc_ed448_init(&ed448PrivKey);
  23936. if (ret == 0) {
  23937. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey);
  23938. }
  23939. inLen = sizeof(output);
  23940. /* Bad Cases */
  23941. if (ret == 0) {
  23942. ret = wc_Ed448PrivateKeyToDer(NULL, NULL, 0);
  23943. if (ret == BAD_FUNC_ARG) {
  23944. ret = 0;
  23945. }
  23946. }
  23947. if (ret == 0) {
  23948. ret = wc_Ed448PrivateKeyToDer(NULL, output, inLen);
  23949. if (ret == BAD_FUNC_ARG) {
  23950. ret = 0;
  23951. }
  23952. }
  23953. if (ret == 0) {
  23954. ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0);
  23955. if (ret == BAD_FUNC_ARG) {
  23956. ret = 0;
  23957. }
  23958. }
  23959. /* Good cases */
  23960. if (ret == 0) {
  23961. /* length only */
  23962. ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen);
  23963. if (ret > 0) {
  23964. ret = 0;
  23965. }
  23966. }
  23967. if (ret == 0) {
  23968. ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen);
  23969. if (ret > 0) {
  23970. ret = 0;
  23971. }
  23972. }
  23973. wc_ed448_free(&ed448PrivKey);
  23974. }
  23975. wc_FreeRng(&rng);
  23976. res = TEST_RES_CHECK(ret == 0);
  23977. #endif
  23978. return res;
  23979. }/* End test_wc_Ed448PrivateKeyToDer*/
  23980. /*
  23981. * Testing wc_SetSubjectBuffer
  23982. */
  23983. static int test_wc_SetSubjectBuffer(void)
  23984. {
  23985. int res = TEST_SKIPPED;
  23986. #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  23987. Cert cert;
  23988. FILE* file;
  23989. byte* der;
  23990. word32 derSz;
  23991. int ret = 0;
  23992. derSz = FOURK_BUF;
  23993. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23994. if (der == NULL) {
  23995. ret = -1;
  23996. }
  23997. if (ret == 0) {
  23998. file = XFOPEN("./certs/ca-cert.der", "rb");
  23999. if (file != NULL) {
  24000. derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
  24001. XFCLOSE(file);
  24002. }
  24003. else {
  24004. ret = -1;
  24005. }
  24006. }
  24007. if (ret == 0) {
  24008. ret = wc_InitCert(&cert);
  24009. }
  24010. if (ret == 0) {
  24011. ret = wc_SetSubjectBuffer(&cert, der, derSz);
  24012. }
  24013. if (ret == 0) {
  24014. ret = wc_SetSubjectBuffer(NULL, der, derSz);
  24015. if (ret == BAD_FUNC_ARG) {
  24016. ret = 0;
  24017. }
  24018. }
  24019. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24020. res = TEST_RES_CHECK(ret == 0);
  24021. #endif
  24022. return res;
  24023. }/* End test_wc_SetSubjectBuffer*/
  24024. /*
  24025. * Testing wc_SetSubjectKeyIdFromPublicKey_ex
  24026. */
  24027. static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void)
  24028. {
  24029. int res = TEST_SKIPPED;
  24030. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  24031. WC_RNG rng;
  24032. Cert cert;
  24033. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
  24034. ed25519_key ed25519Key;
  24035. #endif
  24036. #if !defined(NO_RSA) && defined(HAVE_RSA)
  24037. RsaKey rsaKey;
  24038. int bits = 2048;
  24039. #endif
  24040. #if defined(HAVE_ECC)
  24041. ecc_key eccKey;
  24042. #endif
  24043. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
  24044. ed448_key ed448Key;
  24045. #endif
  24046. int ret = 0;
  24047. #ifndef HAVE_FIPS
  24048. ret = wc_InitRng_ex(&rng, HEAP_HINT, testDevId);
  24049. #else
  24050. ret = wc_InitRng(&rng);
  24051. #endif
  24052. wc_InitCert(&cert);
  24053. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
  24054. if (ret == 0) { /*ED25519*/
  24055. ret = wc_ed25519_init(&ed25519Key);
  24056. if (ret == 0) {
  24057. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
  24058. }
  24059. if (ret == 0) {
  24060. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
  24061. &ed25519Key);
  24062. }
  24063. wc_ed25519_free(&ed25519Key);
  24064. }
  24065. #endif
  24066. #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
  24067. if (ret == 0) { /*RSA*/
  24068. ret = wc_InitRsaKey(&rsaKey, HEAP_HINT);
  24069. if (ret == 0) {
  24070. MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
  24071. }
  24072. if (ret == 0) {
  24073. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
  24074. }
  24075. wc_FreeRsaKey(&rsaKey);
  24076. }
  24077. #endif
  24078. #if defined(HAVE_ECC)
  24079. if (ret == 0) { /*ECC*/
  24080. ret = wc_ecc_init(&eccKey);
  24081. if (ret == 0) {
  24082. ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
  24083. #if defined(WOLFSSL_ASYNC_CRYPT)
  24084. ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE);
  24085. #endif
  24086. }
  24087. if (ret == 0) {
  24088. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
  24089. }
  24090. wc_ecc_free(&eccKey);
  24091. }
  24092. #endif
  24093. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
  24094. if (ret == 0) { /*ED448*/
  24095. ret = wc_ed448_init(&ed448Key);
  24096. if (ret == 0) {
  24097. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
  24098. }
  24099. if (ret == 0) {
  24100. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
  24101. &ed448Key);
  24102. }
  24103. wc_ed448_free(&ed448Key);
  24104. }
  24105. #endif
  24106. wc_FreeRng(&rng);
  24107. res = TEST_RES_CHECK(ret == 0);
  24108. #endif
  24109. return res;
  24110. }/* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/
  24111. /*
  24112. * Testing wc_SetAuthKeyIdFromPublicKey_ex
  24113. */
  24114. static int test_wc_SetAuthKeyIdFromPublicKey_ex(void)
  24115. {
  24116. int res = TEST_SKIPPED;
  24117. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  24118. WC_RNG rng;
  24119. Cert cert;
  24120. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
  24121. ed25519_key ed25519Key;
  24122. #endif
  24123. #if !defined(NO_RSA) && defined(HAVE_RSA)
  24124. RsaKey rsaKey;
  24125. int bits = 2048;
  24126. #endif
  24127. #if defined(HAVE_ECC)
  24128. ecc_key eccKey;
  24129. #endif
  24130. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
  24131. ed448_key ed448Key;
  24132. #endif
  24133. int ret = 0;
  24134. #ifndef HAVE_FIPS
  24135. ret = wc_InitRng_ex(&rng, HEAP_HINT, testDevId);
  24136. #else
  24137. ret = wc_InitRng(&rng);
  24138. #endif
  24139. wc_InitCert(&cert);
  24140. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
  24141. if (ret == 0) { /*ED25519*/
  24142. ret = wc_ed25519_init(&ed25519Key);
  24143. if (ret == 0) {
  24144. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
  24145. }
  24146. if (ret == 0) {
  24147. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
  24148. &ed25519Key);
  24149. }
  24150. wc_ed25519_free(&ed25519Key);
  24151. }
  24152. #endif
  24153. #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
  24154. if (ret == 0) { /*RSA*/
  24155. ret = wc_InitRsaKey(&rsaKey, HEAP_HINT);
  24156. if (ret == 0) {
  24157. MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
  24158. }
  24159. if (ret == 0) {
  24160. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
  24161. }
  24162. wc_FreeRsaKey(&rsaKey);
  24163. }
  24164. #endif
  24165. #if defined(HAVE_ECC)
  24166. if (ret == 0) { /*ECC*/
  24167. ret = wc_ecc_init(&eccKey);
  24168. if (ret == 0) {
  24169. ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
  24170. #if defined(WOLFSSL_ASYNC_CRYPT)
  24171. ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE);
  24172. #endif
  24173. }
  24174. if (ret == 0) {
  24175. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
  24176. }
  24177. wc_ecc_free(&eccKey);
  24178. }
  24179. #endif
  24180. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
  24181. if (ret == 0) { /*ED448*/
  24182. ret = wc_ed448_init(&ed448Key);
  24183. if (ret == 0) {
  24184. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
  24185. }
  24186. if (ret == 0) {
  24187. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
  24188. &ed448Key);
  24189. }
  24190. wc_ed448_free(&ed448Key);
  24191. }
  24192. #endif
  24193. wc_FreeRng(&rng);
  24194. res = TEST_RES_CHECK(ret == 0);
  24195. #endif /*defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/
  24196. return res;
  24197. }/* End test_wc_SetAuthKeyIdFromPublicKey_ex*/
  24198. /*
  24199. * Testing wc_PKCS7_New()
  24200. */
  24201. static int test_wc_PKCS7_New(void)
  24202. {
  24203. int res = TEST_SKIPPED;
  24204. #if defined(HAVE_PKCS7)
  24205. PKCS7* pkcs7;
  24206. pkcs7 = wc_PKCS7_New(NULL, testDevId);
  24207. wc_PKCS7_Free(pkcs7);
  24208. res = TEST_RES_CHECK(pkcs7 != NULL);
  24209. #endif
  24210. return res;
  24211. } /* END test-wc_PKCS7_New */
  24212. /*
  24213. * Testing wc_PKCS7_Init()
  24214. */
  24215. static int test_wc_PKCS7_Init(void)
  24216. {
  24217. int res = TEST_SKIPPED;
  24218. #if defined(HAVE_PKCS7)
  24219. PKCS7* pkcs7;
  24220. void* heap = NULL;
  24221. pkcs7 = wc_PKCS7_New(heap, testDevId);
  24222. AssertNotNull(pkcs7);
  24223. AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
  24224. /* Pass in bad args. */
  24225. AssertIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), BAD_FUNC_ARG);
  24226. wc_PKCS7_Free(pkcs7);
  24227. res = TEST_RES_CHECK(1);
  24228. #endif
  24229. return res;
  24230. } /* END test-wc_PKCS7_Init */
  24231. /*
  24232. * Testing wc_PKCS7_InitWithCert()
  24233. */
  24234. static int test_wc_PKCS7_InitWithCert(void)
  24235. {
  24236. int res = TEST_SKIPPED;
  24237. #if defined(HAVE_PKCS7)
  24238. PKCS7* pkcs7;
  24239. #ifndef NO_RSA
  24240. #if defined(USE_CERT_BUFFERS_2048)
  24241. unsigned char cert[sizeof(client_cert_der_2048)];
  24242. int certSz = (int)sizeof(cert);
  24243. XMEMSET(cert, 0, certSz);
  24244. XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048));
  24245. #elif defined(USE_CERT_BUFFERS_1024)
  24246. unsigned char cert[sizeof(client_cert_der_1024)];
  24247. int certSz = (int)sizeof(cert);
  24248. XMEMSET(cert, 0, certSz);
  24249. XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024);
  24250. #else
  24251. unsigned char cert[ONEK_BUF];
  24252. XFILE fp;
  24253. int certSz;
  24254. fp = XFOPEN("./certs/1024/client-cert.der", "rb");
  24255. AssertTrue(fp != XBADFILE);
  24256. certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
  24257. XFCLOSE(fp);
  24258. #endif
  24259. #elif defined(HAVE_ECC)
  24260. #if defined(USE_CERT_BUFFERS_256)
  24261. unsigned char cert[sizeof(cliecc_cert_der_256)];
  24262. int certSz = (int)sizeof(cert);
  24263. XMEMSET(cert, 0, certSz);
  24264. XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256));
  24265. #else
  24266. unsigned char cert[ONEK_BUF];
  24267. XFILE fp;
  24268. int certSz;
  24269. fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
  24270. AssertTrue(fp != XBADFILE);
  24271. certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256), fp);
  24272. XFCLOSE(fp);
  24273. #endif
  24274. #else
  24275. #error PKCS7 requires ECC or RSA
  24276. #endif
  24277. #ifdef HAVE_ECC
  24278. {
  24279. /* bad test case from ZD 11011, malformed cert gives bad ECC key */
  24280. static unsigned char certWithInvalidEccKey[] = {
  24281. 0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01,
  24282. 0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79,
  24283. 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30,
  24284. 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
  24285. 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
  24286. 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08,
  24287. 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
  24288. 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
  24289. 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
  24290. 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
  24291. 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
  24292. 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
  24293. 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
  24294. 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
  24295. 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
  24296. 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
  24297. 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32,
  24298. 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36,
  24299. 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B,
  24300. 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
  24301. 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72,
  24302. 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04,
  24303. 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11,
  24304. 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E,
  24305. 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55,
  24306. 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26,
  24307. 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
  24308. 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
  24309. 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
  24310. 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
  24311. 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06,
  24312. 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86,
  24313. 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF,
  24314. 0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D,
  24315. 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C,
  24316. 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43,
  24317. 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6,
  24318. 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D,
  24319. 0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D,
  24320. 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B,
  24321. 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
  24322. 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D,
  24323. 0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B,
  24324. 0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
  24325. 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30,
  24326. 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
  24327. 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08,
  24328. 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
  24329. 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
  24330. 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
  24331. 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
  24332. 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
  24333. 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
  24334. 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
  24335. 0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
  24336. 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
  24337. 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
  24338. 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83,
  24339. 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06,
  24340. 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
  24341. 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
  24342. 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
  24343. 0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25,
  24344. 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
  24345. 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
  24346. 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
  24347. 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26,
  24348. 0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3,
  24349. 0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB,
  24350. 0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6,
  24351. 0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F,
  24352. 0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53,
  24353. 0x08, 0xA8, 0xB4};
  24354. #endif
  24355. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  24356. /* If initialization is not successful, it's free'd in init func. */
  24357. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
  24358. wc_PKCS7_Free(pkcs7);
  24359. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  24360. /* Valid initialization usage. */
  24361. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  24362. /* Pass in bad args. No need free for null checks, free at end.*/
  24363. AssertIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
  24364. BAD_FUNC_ARG);
  24365. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
  24366. BAD_FUNC_ARG);
  24367. #ifdef HAVE_ECC
  24368. AssertIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
  24369. sizeof(certWithInvalidEccKey)), 0);
  24370. }
  24371. #endif
  24372. wc_PKCS7_Free(pkcs7);
  24373. res = TEST_RES_CHECK(1);
  24374. #endif
  24375. return res;
  24376. } /* END test_wc_PKCS7_InitWithCert */
  24377. /*
  24378. * Testing wc_PKCS7_EncodeData()
  24379. */
  24380. static int test_wc_PKCS7_EncodeData(void)
  24381. {
  24382. int res = TEST_SKIPPED;
  24383. #if defined(HAVE_PKCS7)
  24384. PKCS7* pkcs7;
  24385. byte output[FOURK_BUF];
  24386. byte data[] = "My encoded DER cert.";
  24387. #ifndef NO_RSA
  24388. #if defined(USE_CERT_BUFFERS_2048)
  24389. unsigned char cert[sizeof(client_cert_der_2048)];
  24390. unsigned char key[sizeof(client_key_der_2048)];
  24391. int certSz = (int)sizeof(cert);
  24392. int keySz = (int)sizeof(key);
  24393. XMEMSET(cert, 0, certSz);
  24394. XMEMSET(key, 0, keySz);
  24395. XMEMCPY(cert, client_cert_der_2048, certSz);
  24396. XMEMCPY(key, client_key_der_2048, keySz);
  24397. #elif defined(USE_CERT_BUFFERS_1024)
  24398. unsigned char cert[sizeof(sizeof_client_cert_der_1024)];
  24399. unsigned char key[sizeof_client_key_der_1024];
  24400. int certSz = (int)sizeof(cert);
  24401. int keySz = (int)sizeof(key);
  24402. XMEMSET(cert, 0, certSz);
  24403. XMEMSET(key, 0, keySz);
  24404. XMEMCPY(cert, client_cert_der_1024, certSz);
  24405. XMEMCPY(key, client_key_der_1024, keySz);
  24406. #else
  24407. unsigned char cert[ONEK_BUF];
  24408. unsigned char key[ONEK_BUF];
  24409. XFILE fp;
  24410. int certSz;
  24411. int keySz;
  24412. fp = XFOPEN("./certs/1024/client-cert.der", "rb");
  24413. AssertTrue(fp != XBADFILE);
  24414. certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
  24415. XFCLOSE(fp);
  24416. fp = XFOPEN("./certs/1024/client-key.der", "rb");
  24417. AssertTrue(fp != XBADFILE);
  24418. keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
  24419. XFCLOSE(fp);
  24420. #endif
  24421. #elif defined(HAVE_ECC)
  24422. #if defined(USE_CERT_BUFFERS_256)
  24423. unsigned char cert[sizeof(cliecc_cert_der_256)];
  24424. unsigned char key[sizeof(ecc_clikey_der_256)];
  24425. int certSz = (int)sizeof(cert);
  24426. int keySz = (int)sizeof(key);
  24427. XMEMSET(cert, 0, certSz);
  24428. XMEMSET(key, 0, keySz);
  24429. XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  24430. XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
  24431. #else
  24432. unsigned char cert[ONEK_BUF];
  24433. unsigned char key[ONEK_BUF];
  24434. XFILE fp;
  24435. int certSz, keySz;
  24436. fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
  24437. AssertTrue(fp != XBADFILE);
  24438. certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
  24439. XFCLOSE(fp);
  24440. fp = XFOPEN("./certs/client-ecc-key.der", "rb");
  24441. AssertTrue(fp != XBADFILE);
  24442. keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
  24443. XFCLOSE(fp);
  24444. #endif
  24445. #endif
  24446. XMEMSET(output, 0, sizeof(output));
  24447. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  24448. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  24449. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, certSz), 0);
  24450. pkcs7->content = data;
  24451. pkcs7->contentSz = sizeof(data);
  24452. pkcs7->privateKey = key;
  24453. pkcs7->privateKeySz = keySz;
  24454. AssertIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0);
  24455. /* Test bad args. */
  24456. AssertIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
  24457. BAD_FUNC_ARG);
  24458. AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
  24459. BAD_FUNC_ARG);
  24460. AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E);
  24461. wc_PKCS7_Free(pkcs7);
  24462. res = TEST_RES_CHECK(1);
  24463. #endif
  24464. return res;
  24465. } /* END test_wc_PKCS7_EncodeData */
  24466. #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
  24467. !defined(NO_RSA) && !defined(NO_SHA256)
  24468. /* RSA sign raw digest callback */
  24469. static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
  24470. byte* out, word32 outSz, byte* privateKey,
  24471. word32 privateKeySz, int devid, int hashOID)
  24472. {
  24473. /* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */
  24474. byte digInfoEncoding[] = {
  24475. 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
  24476. 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
  24477. 0x00, 0x04, 0x20
  24478. };
  24479. int ret;
  24480. byte digestInfo[ONEK_BUF];
  24481. byte sig[FOURK_BUF];
  24482. word32 digestInfoSz = 0;
  24483. word32 idx = 0;
  24484. RsaKey rsa;
  24485. /* SHA-256 required only for this example callback due to above
  24486. * digInfoEncoding[] */
  24487. if (pkcs7 == NULL || digest == NULL || out == NULL ||
  24488. (sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) ||
  24489. (hashOID != SHA256h)) {
  24490. return -1;
  24491. }
  24492. /* build DigestInfo */
  24493. XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding));
  24494. digestInfoSz += sizeof(digInfoEncoding);
  24495. XMEMCPY(digestInfo + digestInfoSz, digest, digestSz);
  24496. digestInfoSz += digestSz;
  24497. /* set up RSA key */
  24498. ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid);
  24499. if (ret != 0) {
  24500. return ret;
  24501. }
  24502. ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz);
  24503. /* sign DigestInfo */
  24504. if (ret == 0) {
  24505. ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig),
  24506. &rsa, pkcs7->rng);
  24507. if (ret > 0) {
  24508. if (ret > (int)outSz) {
  24509. /* output buffer too small */
  24510. ret = -1;
  24511. }
  24512. else {
  24513. /* success, ret holds sig size */
  24514. XMEMCPY(out, sig, ret);
  24515. }
  24516. }
  24517. }
  24518. wc_FreeRsaKey(&rsa);
  24519. return ret;
  24520. }
  24521. #endif
  24522. /*
  24523. * Testing wc_PKCS7_EncodeSignedData()
  24524. */
  24525. static int test_wc_PKCS7_EncodeSignedData(void)
  24526. {
  24527. int res = TEST_SKIPPED;
  24528. #if defined(HAVE_PKCS7)
  24529. PKCS7* pkcs7;
  24530. WC_RNG rng;
  24531. byte output[FOURK_BUF];
  24532. byte badOut[1];
  24533. word32 outputSz = (word32)sizeof(output);
  24534. word32 badOutSz = 0;
  24535. byte data[] = "Test data to encode.";
  24536. #ifndef NO_RSA
  24537. #if defined(USE_CERT_BUFFERS_2048)
  24538. byte key[sizeof(client_key_der_2048)];
  24539. byte cert[sizeof(client_cert_der_2048)];
  24540. word32 keySz = (word32)sizeof(key);
  24541. word32 certSz = (word32)sizeof(cert);
  24542. XMEMSET(key, 0, keySz);
  24543. XMEMSET(cert, 0, certSz);
  24544. XMEMCPY(key, client_key_der_2048, keySz);
  24545. XMEMCPY(cert, client_cert_der_2048, certSz);
  24546. #elif defined(USE_CERT_BUFFERS_1024)
  24547. byte key[sizeof_client_key_der_1024];
  24548. byte cert[sizeof(sizeof_client_cert_der_1024)];
  24549. word32 keySz = (word32)sizeof(key);
  24550. word32 certSz = (word32)sizeof(cert);
  24551. XMEMSET(key, 0, keySz);
  24552. XMEMSET(cert, 0, certSz);
  24553. XMEMCPY(key, client_key_der_1024, keySz);
  24554. XMEMCPY(cert, client_cert_der_1024, certSz);
  24555. #else
  24556. unsigned char cert[ONEK_BUF];
  24557. unsigned char key[ONEK_BUF];
  24558. XFILE fp;
  24559. int certSz;
  24560. int keySz;
  24561. fp = XFOPEN("./certs/1024/client-cert.der", "rb");
  24562. AssertTrue(fp != XBADFILE);
  24563. certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
  24564. XFCLOSE(fp);
  24565. fp = XFOPEN("./certs/1024/client-key.der", "rb");
  24566. AssertTrue(fp != XBADFILE);
  24567. keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
  24568. XFCLOSE(fp);
  24569. #endif
  24570. #elif defined(HAVE_ECC)
  24571. #if defined(USE_CERT_BUFFERS_256)
  24572. unsigned char cert[sizeof(cliecc_cert_der_256)];
  24573. unsigned char key[sizeof(ecc_clikey_der_256)];
  24574. int certSz = (int)sizeof(cert);
  24575. int keySz = (int)sizeof(key);
  24576. XMEMSET(cert, 0, certSz);
  24577. XMEMSET(key, 0, keySz);
  24578. XMEMCPY(cert, cliecc_cert_der_256, certSz);
  24579. XMEMCPY(key, ecc_clikey_der_256, keySz);
  24580. #else
  24581. unsigned char cert[ONEK_BUF];
  24582. unsigned char key[ONEK_BUF];
  24583. XFILE fp;
  24584. int certSz, keySz;
  24585. fp = XOPEN("./certs/client-ecc-cert.der", "rb");
  24586. AssertTrue(fp != XBADFILE);
  24587. certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp);
  24588. XFCLOSE(fp);
  24589. fp = XFOPEN("./certs/client-ecc-key.der", "rb");
  24590. AssertTrue(fp != XBADFILE);
  24591. keySz = (int)XFREAD(key, 1, ONEK_BUF, fp);
  24592. XFCLOSE(fp);
  24593. #endif
  24594. #endif
  24595. XMEMSET(output, 0, outputSz);
  24596. AssertIntEQ(wc_InitRng(&rng), 0);
  24597. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  24598. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  24599. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  24600. pkcs7->content = data;
  24601. pkcs7->contentSz = (word32)sizeof(data);
  24602. pkcs7->privateKey = key;
  24603. pkcs7->privateKeySz = (word32)sizeof(key);
  24604. pkcs7->encryptOID = RSAk;
  24605. #ifdef NO_SHA
  24606. pkcs7->hashOID = SHA256h;
  24607. #else
  24608. pkcs7->hashOID = SHAh;
  24609. #endif
  24610. pkcs7->rng = &rng;
  24611. AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
  24612. wc_PKCS7_Free(pkcs7);
  24613. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  24614. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  24615. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  24616. /* Pass in bad args. */
  24617. AssertIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz), BAD_FUNC_ARG);
  24618. AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
  24619. AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
  24620. badOutSz), BAD_FUNC_ARG);
  24621. pkcs7->hashOID = 0; /* bad hashOID */
  24622. AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), BAD_FUNC_ARG);
  24623. #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
  24624. !defined(NO_RSA) && !defined(NO_SHA256)
  24625. /* test RSA sign raw digest callback, if using RSA and compiled in.
  24626. * Example callback assumes SHA-256, so only run test if compiled in. */
  24627. wc_PKCS7_Free(pkcs7);
  24628. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  24629. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  24630. pkcs7->content = data;
  24631. pkcs7->contentSz = (word32)sizeof(data);
  24632. pkcs7->privateKey = key;
  24633. pkcs7->privateKeySz = (word32)sizeof(key);
  24634. pkcs7->encryptOID = RSAk;
  24635. pkcs7->hashOID = SHA256h;
  24636. pkcs7->rng = &rng;
  24637. AssertIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0);
  24638. AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
  24639. #endif
  24640. wc_PKCS7_Free(pkcs7);
  24641. wc_FreeRng(&rng);
  24642. res = TEST_RES_CHECK(1);
  24643. #endif
  24644. return res;
  24645. } /* END test_wc_PKCS7_EncodeSignedData */
  24646. /*
  24647. * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex()
  24648. */
  24649. static int test_wc_PKCS7_EncodeSignedData_ex(void)
  24650. {
  24651. int res = TEST_SKIPPED;
  24652. #if defined(HAVE_PKCS7)
  24653. int ret, i;
  24654. PKCS7* pkcs7;
  24655. WC_RNG rng;
  24656. byte outputHead[FOURK_BUF/2];
  24657. byte outputFoot[FOURK_BUF/2];
  24658. word32 outputHeadSz = (word32)sizeof(outputHead);
  24659. word32 outputFootSz = (word32)sizeof(outputFoot);
  24660. byte data[FOURK_BUF];
  24661. wc_HashAlg hash;
  24662. #ifdef NO_SHA
  24663. enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
  24664. #else
  24665. enum wc_HashType hashType = WC_HASH_TYPE_SHA;
  24666. #endif
  24667. byte hashBuf[WC_MAX_DIGEST_SIZE];
  24668. word32 hashSz = wc_HashGetDigestSize(hashType);
  24669. #ifndef NO_RSA
  24670. #if defined(USE_CERT_BUFFERS_2048)
  24671. byte key[sizeof(client_key_der_2048)];
  24672. byte cert[sizeof(client_cert_der_2048)];
  24673. word32 keySz = (word32)sizeof(key);
  24674. word32 certSz = (word32)sizeof(cert);
  24675. XMEMSET(key, 0, keySz);
  24676. XMEMSET(cert, 0, certSz);
  24677. XMEMCPY(key, client_key_der_2048, keySz);
  24678. XMEMCPY(cert, client_cert_der_2048, certSz);
  24679. #elif defined(USE_CERT_BUFFERS_1024)
  24680. byte key[sizeof_client_key_der_1024];
  24681. byte cert[sizeof(sizeof_client_cert_der_1024)];
  24682. word32 keySz = (word32)sizeof(key);
  24683. word32 certSz = (word32)sizeof(cert);
  24684. XMEMSET(key, 0, keySz);
  24685. XMEMSET(cert, 0, certSz);
  24686. XMEMCPY(key, client_key_der_1024, keySz);
  24687. XMEMCPY(cert, client_cert_der_1024, certSz);
  24688. #else
  24689. unsigned char cert[ONEK_BUF];
  24690. unsigned char key[ONEK_BUF];
  24691. XFILE fp;
  24692. int certSz;
  24693. int keySz;
  24694. fp = XFOPEN("./certs/1024/client-cert.der", "rb");
  24695. AssertTrue((fp != XBADFILE));
  24696. certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
  24697. XFCLOSE(fp);
  24698. fp = XFOPEN("./certs/1024/client-key.der", "rb");
  24699. AssertTrue(fp != XBADFILE);
  24700. keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
  24701. XFCLOSE(fp);
  24702. #endif
  24703. #elif defined(HAVE_ECC)
  24704. #if defined(USE_CERT_BUFFERS_256)
  24705. unsigned char cert[sizeof(cliecc_cert_der_256)];
  24706. unsigned char key[sizeof(ecc_clikey_der_256)];
  24707. int certSz = (int)sizeof(cert);
  24708. int keySz = (int)sizeof(key);
  24709. XMEMSET(cert, 0, certSz);
  24710. XMEMSET(key, 0, keySz);
  24711. XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  24712. XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
  24713. #else
  24714. unsigned char cert[ONEK_BUF];
  24715. unsigned char key[ONEK_BUF];
  24716. XFILE fp;
  24717. int certSz, keySz;
  24718. fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
  24719. AssertTrue(fp != XBADFILE);
  24720. certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
  24721. XFCLOSE(fp);
  24722. fp = XFOPEN("./certs/client-ecc-key.der", "rb");
  24723. AssertTrue(fp != XBADFILE);
  24724. keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
  24725. XFCLOSE(fp);
  24726. #endif
  24727. #endif
  24728. /* initialize large data with sequence */
  24729. for (i=0; i<(int)sizeof(data); i++)
  24730. data[i] = i & 0xff;
  24731. XMEMSET(outputHead, 0, outputHeadSz);
  24732. XMEMSET(outputFoot, 0, outputFootSz);
  24733. AssertIntEQ(wc_InitRng(&rng), 0);
  24734. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  24735. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  24736. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  24737. pkcs7->content = NULL; /* not used for ex */
  24738. pkcs7->contentSz = (word32)sizeof(data);
  24739. pkcs7->privateKey = key;
  24740. pkcs7->privateKeySz = (word32)sizeof(key);
  24741. pkcs7->encryptOID = RSAk;
  24742. #ifdef NO_SHA
  24743. pkcs7->hashOID = SHA256h;
  24744. #else
  24745. pkcs7->hashOID = SHAh;
  24746. #endif
  24747. pkcs7->rng = &rng;
  24748. /* calculate hash for content */
  24749. ret = wc_HashInit(&hash, hashType);
  24750. if (ret == 0) {
  24751. ret = wc_HashUpdate(&hash, hashType, data, sizeof(data));
  24752. if (ret == 0) {
  24753. ret = wc_HashFinal(&hash, hashType, hashBuf);
  24754. }
  24755. wc_HashFree(&hash, hashType);
  24756. }
  24757. AssertIntEQ(ret, 0);
  24758. /* Perform PKCS7 sign using hash directly */
  24759. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
  24760. outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0);
  24761. AssertIntGT(outputHeadSz, 0);
  24762. AssertIntGT(outputFootSz, 0);
  24763. wc_PKCS7_Free(pkcs7);
  24764. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  24765. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  24766. /* required parameter even on verify when using _ex, if using outputHead
  24767. * and outputFoot */
  24768. pkcs7->contentSz = (word32)sizeof(data);
  24769. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  24770. outputHead, outputHeadSz, outputFoot, outputFootSz), 0);
  24771. wc_PKCS7_Free(pkcs7);
  24772. /* assembly complete PKCS7 sign and use normal verify */
  24773. {
  24774. byte* output = (byte*)XMALLOC(
  24775. outputHeadSz + sizeof(data) + outputFootSz,
  24776. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24777. word32 outputSz = 0;
  24778. AssertNotNull(output);
  24779. XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
  24780. outputSz += outputHeadSz;
  24781. XMEMCPY(&output[outputSz], data, sizeof(data));
  24782. outputSz += sizeof(data);
  24783. XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
  24784. outputSz += outputFootSz;
  24785. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  24786. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  24787. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  24788. XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24789. }
  24790. /* Pass in bad args. */
  24791. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
  24792. &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  24793. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
  24794. &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  24795. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
  24796. &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  24797. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
  24798. &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  24799. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
  24800. outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  24801. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
  24802. outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG);
  24803. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
  24804. outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG);
  24805. pkcs7->hashOID = 0; /* bad hashOID */
  24806. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
  24807. outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  24808. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
  24809. outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
  24810. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
  24811. outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
  24812. #ifndef NO_PKCS7_STREAM
  24813. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
  24814. outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
  24815. #else
  24816. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
  24817. outputHeadSz, outputFoot, outputFootSz), BUFFER_E);
  24818. #endif
  24819. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
  24820. outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
  24821. #ifndef NO_PKCS7_STREAM
  24822. /* can pass in 0 buffer length with streaming API */
  24823. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  24824. outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
  24825. #else
  24826. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  24827. outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG);
  24828. #endif
  24829. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  24830. outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG);
  24831. #ifndef NO_PKCS7_STREAM
  24832. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  24833. outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E);
  24834. #else
  24835. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  24836. outputHead, outputHeadSz, outputFoot, 0), ASN_PARSE_E);
  24837. #endif
  24838. wc_PKCS7_Free(pkcs7);
  24839. wc_FreeRng(&rng);
  24840. res = TEST_RES_CHECK(1);
  24841. #endif
  24842. return res;
  24843. } /* END test_wc_PKCS7_EncodeSignedData_ex */
  24844. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
  24845. /**
  24846. * Loads certs/keys from files or buffers into the argument buffers,
  24847. * helper function called by CreatePKCS7SignedData().
  24848. *
  24849. * Returns 0 on success, negative on error.
  24850. */
  24851. static int LoadPKCS7SignedDataCerts(
  24852. int useIntermediateCertChain, int pkAlgoType,
  24853. byte* intCARoot, word32* intCARootSz,
  24854. byte* intCA1, word32* intCA1Sz,
  24855. byte* intCA2, word32* intCA2Sz,
  24856. byte* cert, word32* certSz,
  24857. byte* key, word32* keySz)
  24858. {
  24859. int ret = 0;
  24860. FILE* fp = NULL;
  24861. #ifndef NO_RSA
  24862. const char* intCARootRSA = "./certs/ca-cert.der";
  24863. const char* intCA1RSA = "./certs/intermediate/ca-int-cert.der";
  24864. const char* intCA2RSA = "./certs/intermediate/ca-int2-cert.der";
  24865. const char* intServCertRSA = "./certs/intermediate/server-int-cert.der";
  24866. const char* intServKeyRSA = "./certs/server-key.der";
  24867. #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)
  24868. const char* cli1024Cert = "./certs/1024/client-cert.der";
  24869. const char* cli1024Key = "./certs/1024/client-key.der";
  24870. #endif
  24871. #endif
  24872. #ifdef HAVE_ECC
  24873. const char* intCARootECC = "./certs/ca-ecc-cert.der";
  24874. const char* intCA1ECC = "./certs/intermediate/ca-int-ecc-cert.der";
  24875. const char* intCA2ECC = "./certs/intermediate/ca-int2-ecc-cert.der";
  24876. const char* intServCertECC = "./certs/intermediate/server-int-ecc-cert.der";
  24877. const char* intServKeyECC = "./certs/ecc-key.der";
  24878. #ifndef USE_CERT_BUFFERS_256
  24879. const char* cliEccCert = "./certs/client-ecc-cert.der";
  24880. const char* cliEccKey = "./certs/client-ecc-key.der";
  24881. #endif
  24882. #endif
  24883. if (cert == NULL || certSz == NULL || key == NULL || keySz == NULL ||
  24884. ((useIntermediateCertChain == 1) &&
  24885. (intCARoot == NULL || intCARootSz == NULL || intCA1 == NULL ||
  24886. intCA1Sz == NULL || intCA2 == NULL || intCA2Sz == NULL))) {
  24887. return BAD_FUNC_ARG;
  24888. }
  24889. /* Read/load certs and keys to use for signing based on PK type and chain */
  24890. switch (pkAlgoType) {
  24891. #ifndef NO_RSA
  24892. case RSA_TYPE:
  24893. if (useIntermediateCertChain == 1) {
  24894. fp = XFOPEN(intCARootRSA, "rb");
  24895. AssertNotNull(fp);
  24896. *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz, fp);
  24897. XFCLOSE(fp);
  24898. AssertIntGT(*intCARootSz, 0);
  24899. fp = XFOPEN(intCA1RSA, "rb");
  24900. AssertNotNull(fp);
  24901. *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp);
  24902. XFCLOSE(fp);
  24903. AssertIntGT(*intCA1Sz, 0);
  24904. fp = XFOPEN(intCA2RSA, "rb");
  24905. AssertNotNull(fp);
  24906. *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp);
  24907. XFCLOSE(fp);
  24908. AssertIntGT(*intCA2Sz, 0);
  24909. fp = XFOPEN(intServCertRSA, "rb");
  24910. AssertNotNull(fp);
  24911. *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
  24912. XFCLOSE(fp);
  24913. AssertIntGT(*certSz, 0);
  24914. fp = XFOPEN(intServKeyRSA, "rb");
  24915. AssertNotNull(fp);
  24916. *keySz = (word32)XFREAD(key, 1, *keySz, fp);
  24917. XFCLOSE(fp);
  24918. AssertIntGT(*keySz, 0);
  24919. }
  24920. else {
  24921. #if defined(USE_CERT_BUFFERS_2048)
  24922. *keySz = sizeof_client_key_der_2048;
  24923. *certSz = sizeof_client_cert_der_2048;
  24924. XMEMCPY(key, client_key_der_2048, *keySz);
  24925. XMEMCPY(cert, client_cert_der_2048, *certSz);
  24926. #elif defined(USE_CERT_BUFFERS_1024)
  24927. *keySz = sizeof_client_key_der_1024;
  24928. *certSz = sizeof_client_cert_der_1024;
  24929. XMEMCPY(key, client_key_der_1024, *keySz);
  24930. XMEMCPY(cert, client_cert_der_1024, *certSz);
  24931. #else
  24932. fp = XFOPEN(cli1024Key, "rb");
  24933. AssertNotNull(fp);
  24934. *keySz = (word32)XFREAD(key, 1, *keySz, fp);
  24935. XFCLOSE(fp);
  24936. AssertIntGT(*keySz, 0);
  24937. fp = XFOPEN(cli1024Cert, "rb");
  24938. AssertNotNull(fp);
  24939. *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
  24940. XFCLOSE(fp);
  24941. AssertIntGT(*certSz, 0);
  24942. #endif /* USE_CERT_BUFFERS_2048 */
  24943. }
  24944. break;
  24945. #endif /* !NO_RSA */
  24946. #ifdef HAVE_ECC
  24947. case ECC_TYPE:
  24948. if (useIntermediateCertChain == 1) {
  24949. fp = XFOPEN(intCARootECC, "rb");
  24950. AssertNotNull(fp);
  24951. *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz, fp);
  24952. XFCLOSE(fp);
  24953. AssertIntGT(*intCARootSz, 0);
  24954. fp = XFOPEN(intCA1ECC, "rb");
  24955. AssertNotNull(fp);
  24956. *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp);
  24957. XFCLOSE(fp);
  24958. AssertIntGT(*intCA1Sz, 0);
  24959. fp = XFOPEN(intCA2ECC, "rb");
  24960. AssertNotNull(fp);
  24961. *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp);
  24962. XFCLOSE(fp);
  24963. AssertIntGT(*intCA2Sz, 0);
  24964. fp = XFOPEN(intServCertECC, "rb");
  24965. AssertNotNull(fp);
  24966. *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
  24967. XFCLOSE(fp);
  24968. AssertIntGT(*certSz, 0);
  24969. fp = XFOPEN(intServKeyECC, "rb");
  24970. AssertNotNull(fp);
  24971. *keySz = (word32)XFREAD(key, 1, *keySz, fp);
  24972. XFCLOSE(fp);
  24973. AssertIntGT(*keySz, 0);
  24974. }
  24975. else {
  24976. #if defined(USE_CERT_BUFFERS_256)
  24977. *keySz = sizeof_ecc_clikey_der_256;
  24978. *certSz = sizeof_cliecc_cert_der_256;
  24979. XMEMCPY(key, ecc_clikey_der_256, *keySz);
  24980. XMEMCPY(cert, cliecc_cert_der_256, *certSz);
  24981. #else
  24982. fp = XFOPEN(cliEccKey, "rb");
  24983. AssertNotNull(fp);
  24984. *keySz = (word32)XFREAD(key, 1, *keySz, fp);
  24985. XFCLOSE(fp);
  24986. AssertIntGT(*keySz, 0);
  24987. fp = XFOPEN(cliEccCert, "rb");
  24988. AssertNotNull(fp);
  24989. *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
  24990. XFCLOSE(fp);
  24991. AssertIntGT(*certSz, 0);
  24992. #endif /* USE_CERT_BUFFERS_256 */
  24993. }
  24994. break;
  24995. #endif /* HAVE_ECC */
  24996. default:
  24997. WOLFSSL_MSG("Unsupported SignedData PK type");
  24998. ret = BAD_FUNC_ARG;
  24999. break;
  25000. }
  25001. return ret;
  25002. }
  25003. /**
  25004. * Creates a PKCS7/CMS SignedData bundle to use for testing.
  25005. *
  25006. * output output buffer to place SignedData
  25007. * outputSz size of output buffer
  25008. * data data buffer to be signed
  25009. * dataSz size of data buffer
  25010. * withAttribs [1/0] include attributes in SignedData message
  25011. * detachedSig [1/0] create detached signature, no content
  25012. * useIntCertChain [1/0] use certificate chain and include intermediate and
  25013. * root CAs in bundle
  25014. * pkAlgoType RSA_TYPE or ECC_TYPE, choose what key/cert type to use
  25015. *
  25016. * Return size of bundle created on success, negative on error */
  25017. static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
  25018. byte* data, word32 dataSz,
  25019. int withAttribs, int detachedSig,
  25020. int useIntermediateCertChain,
  25021. int pkAlgoType)
  25022. {
  25023. int ret = 0;
  25024. WC_RNG rng;
  25025. PKCS7* pkcs7 = NULL;
  25026. static byte messageTypeOid[] =
  25027. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  25028. 0x09, 0x02 };
  25029. static byte messageType[] = { 0x13, 2, '1', '9' };
  25030. PKCS7Attrib attribs[] =
  25031. {
  25032. { messageTypeOid, sizeof(messageTypeOid), messageType,
  25033. sizeof(messageType) }
  25034. };
  25035. byte intCARoot[TWOK_BUF];
  25036. byte intCA1[TWOK_BUF];
  25037. byte intCA2[TWOK_BUF];
  25038. byte cert[TWOK_BUF];
  25039. byte key[TWOK_BUF];
  25040. word32 intCARootSz = sizeof(intCARoot);
  25041. word32 intCA1Sz = sizeof(intCA1);
  25042. word32 intCA2Sz = sizeof(intCA2);
  25043. word32 certSz = sizeof(cert);
  25044. word32 keySz = sizeof(key);
  25045. XMEMSET(intCARoot, 0, intCARootSz);
  25046. XMEMSET(intCA1, 0, intCA1Sz);
  25047. XMEMSET(intCA2, 0, intCA2Sz);
  25048. XMEMSET(cert, 0, certSz);
  25049. XMEMSET(key, 0, keySz);
  25050. ret = LoadPKCS7SignedDataCerts(useIntermediateCertChain, pkAlgoType,
  25051. intCARoot, &intCARootSz, intCA1, &intCA1Sz, intCA2, &intCA2Sz,
  25052. cert, &certSz, key, &keySz);
  25053. AssertIntEQ(ret, 0);
  25054. XMEMSET(output, 0, outputSz);
  25055. AssertIntEQ(wc_InitRng(&rng), 0);
  25056. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25057. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  25058. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  25059. if (useIntermediateCertChain == 1) {
  25060. /* Add intermediate and root CA certs into SignedData Certs SET */
  25061. AssertIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA2, intCA2Sz), 0);
  25062. AssertIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA1, intCA1Sz), 0);
  25063. AssertIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCARoot, intCARootSz), 0);
  25064. }
  25065. pkcs7->content = data;
  25066. pkcs7->contentSz = dataSz;
  25067. pkcs7->privateKey = key;
  25068. pkcs7->privateKeySz = (word32)sizeof(key);
  25069. if (pkAlgoType == RSA_TYPE) {
  25070. pkcs7->encryptOID = RSAk;
  25071. }
  25072. else {
  25073. pkcs7->encryptOID = ECDSAk;
  25074. }
  25075. #ifdef NO_SHA
  25076. pkcs7->hashOID = SHA256h;
  25077. #else
  25078. pkcs7->hashOID = SHAh;
  25079. #endif
  25080. pkcs7->rng = &rng;
  25081. if (withAttribs) {
  25082. /* include a signed attribute */
  25083. pkcs7->signedAttribs = attribs;
  25084. pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib));
  25085. }
  25086. if (detachedSig) {
  25087. AssertIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0);
  25088. }
  25089. outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz);
  25090. AssertIntGT(outputSz, 0);
  25091. wc_PKCS7_Free(pkcs7);
  25092. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25093. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  25094. if (detachedSig) {
  25095. pkcs7->content = data;
  25096. pkcs7->contentSz = dataSz;
  25097. }
  25098. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  25099. wc_PKCS7_Free(pkcs7);
  25100. wc_FreeRng(&rng);
  25101. return outputSz;
  25102. }
  25103. #endif
  25104. /*
  25105. * Testing wc_PKCS_VerifySignedData()
  25106. */
  25107. static int test_wc_PKCS7_VerifySignedData(void)
  25108. {
  25109. int res = TEST_SKIPPED;
  25110. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
  25111. PKCS7* pkcs7;
  25112. byte output[6000]; /* Large size needed for bundles with int CA certs */
  25113. word32 outputSz = sizeof(output);
  25114. byte data[] = "Test data to encode.";
  25115. byte badOut[1];
  25116. word32 badOutSz = 0;
  25117. byte badContent[] = "This is different content than was signed";
  25118. int ret;
  25119. wc_HashAlg hash;
  25120. #ifdef NO_SHA
  25121. enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
  25122. #else
  25123. enum wc_HashType hashType = WC_HASH_TYPE_SHA;
  25124. #endif
  25125. byte hashBuf[WC_MAX_DIGEST_SIZE];
  25126. word32 hashSz = wc_HashGetDigestSize(hashType);
  25127. #ifndef NO_RSA
  25128. /* Success test with RSA certs/key */
  25129. AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
  25130. (word32)sizeof(data),
  25131. 0, 0, 0, RSA_TYPE)), 0);
  25132. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25133. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  25134. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  25135. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  25136. #endif
  25137. #ifdef HAVE_ECC
  25138. #ifndef NO_RSA
  25139. wc_PKCS7_Free(pkcs7);
  25140. #endif
  25141. /* Success test with ECC certs/key */
  25142. outputSz = sizeof(output);
  25143. XMEMSET(output, 0, outputSz);
  25144. AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
  25145. (word32)sizeof(data),
  25146. 0, 0, 0, ECC_TYPE)), 0);
  25147. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25148. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  25149. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  25150. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  25151. #endif
  25152. /* Test bad args. */
  25153. #if !defined(NO_RSA) || defined(HAVE_ECC)
  25154. AssertIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz),
  25155. BAD_FUNC_ARG);
  25156. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz),
  25157. BAD_FUNC_ARG);
  25158. #ifndef NO_PKCS7_STREAM
  25159. /* can pass in 0 buffer length with streaming API */
  25160. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
  25161. badOutSz), WC_PKCS7_WANT_READ_E);
  25162. #else
  25163. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
  25164. badOutSz), BAD_FUNC_ARG);
  25165. #endif
  25166. wc_PKCS7_Free(pkcs7);
  25167. #endif /* !NO_RSA || HAVE_ECC */
  25168. /* Invalid content should error, use detached signature so we can
  25169. * easily change content */
  25170. #ifndef NO_RSA
  25171. /* Try RSA certs/key/sig first */
  25172. outputSz = sizeof(output);
  25173. XMEMSET(output, 0, outputSz);
  25174. AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
  25175. (word32)sizeof(data),
  25176. 1, 1, 0, RSA_TYPE)), 0);
  25177. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25178. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  25179. pkcs7->content = badContent;
  25180. pkcs7->contentSz = sizeof(badContent);
  25181. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
  25182. SIG_VERIFY_E);
  25183. wc_PKCS7_Free(pkcs7);
  25184. /* Test success case with detached signature and valid content */
  25185. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25186. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  25187. pkcs7->content = data;
  25188. pkcs7->contentSz = sizeof(data);
  25189. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  25190. wc_PKCS7_Free(pkcs7);
  25191. /* verify using pre-computed content digest only (no content) */
  25192. {
  25193. /* calculate hash for content */
  25194. ret = wc_HashInit(&hash, hashType);
  25195. if (ret == 0) {
  25196. ret = wc_HashUpdate(&hash, hashType, data, sizeof(data));
  25197. if (ret == 0) {
  25198. ret = wc_HashFinal(&hash, hashType, hashBuf);
  25199. }
  25200. wc_HashFree(&hash, hashType);
  25201. }
  25202. AssertIntEQ(ret, 0);
  25203. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25204. AssertIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0);
  25205. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  25206. output, outputSz,
  25207. NULL, 0), 0);
  25208. wc_PKCS7_Free(pkcs7);
  25209. }
  25210. #endif /* !NO_RSA */
  25211. #ifdef HAVE_ECC
  25212. /* Try ECC certs/key/sig next */
  25213. outputSz = sizeof(output);
  25214. XMEMSET(output, 0, outputSz);
  25215. AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
  25216. (word32)sizeof(data),
  25217. 1, 1, 0, ECC_TYPE)), 0);
  25218. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25219. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  25220. pkcs7->content = badContent;
  25221. pkcs7->contentSz = sizeof(badContent);
  25222. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
  25223. SIG_VERIFY_E);
  25224. wc_PKCS7_Free(pkcs7);
  25225. /* Test success case with detached signature and valid content */
  25226. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25227. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  25228. pkcs7->content = data;
  25229. pkcs7->contentSz = sizeof(data);
  25230. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  25231. wc_PKCS7_Free(pkcs7);
  25232. /* verify using pre-computed content digest only (no content) */
  25233. {
  25234. /* calculate hash for content */
  25235. ret = wc_HashInit(&hash, hashType);
  25236. if (ret == 0) {
  25237. ret = wc_HashUpdate(&hash, hashType, data, sizeof(data));
  25238. if (ret == 0) {
  25239. ret = wc_HashFinal(&hash, hashType, hashBuf);
  25240. }
  25241. wc_HashFree(&hash, hashType);
  25242. }
  25243. AssertIntEQ(ret, 0);
  25244. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25245. AssertIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0);
  25246. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  25247. output, outputSz,
  25248. NULL, 0), 0);
  25249. wc_PKCS7_Free(pkcs7);
  25250. }
  25251. #endif
  25252. /* Test verify on signedData containing intermediate/root CA certs */
  25253. #ifndef NO_RSA
  25254. outputSz = sizeof(output);
  25255. XMEMSET(output, 0, outputSz);
  25256. AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
  25257. (word32)sizeof(data),
  25258. 0, 0, 1, RSA_TYPE)), 0);
  25259. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25260. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  25261. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  25262. wc_PKCS7_Free(pkcs7);
  25263. #endif /* !NO_RSA */
  25264. #ifdef HAVE_ECC
  25265. outputSz = sizeof(output);
  25266. XMEMSET(output, 0, outputSz);
  25267. AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
  25268. (word32)sizeof(data),
  25269. 0, 0, 1, ECC_TYPE)), 0);
  25270. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25271. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  25272. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  25273. wc_PKCS7_Free(pkcs7);
  25274. #endif /* HAVE_ECC */
  25275. res = TEST_RES_CHECK(1);
  25276. #endif
  25277. return res;
  25278. } /* END test_wc_PKCS7_VerifySignedData() */
  25279. #if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
  25280. !defined(NO_AES_256)
  25281. static const byte defKey[] = {
  25282. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  25283. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  25284. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  25285. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  25286. };
  25287. static byte aesHandle[32]; /* simulated hardware key handle */
  25288. /* return 0 on success */
  25289. static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
  25290. byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
  25291. byte* in, int inSz, byte* out, void* usrCtx)
  25292. {
  25293. int ret;
  25294. Aes aes;
  25295. if (usrCtx == NULL) {
  25296. /* no simulated handle passed in */
  25297. return -1;
  25298. }
  25299. switch (encryptOID) {
  25300. case AES256CBCb:
  25301. if (ivSz != AES_BLOCK_SIZE)
  25302. return BAD_FUNC_ARG;
  25303. break;
  25304. default:
  25305. WOLFSSL_MSG("Unsupported content cipher type for test");
  25306. return ALGO_ID_E;
  25307. };
  25308. /* simulate using handle to get key */
  25309. ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID);
  25310. if (ret == 0) {
  25311. ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION);
  25312. if (ret == 0)
  25313. ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
  25314. wc_AesFree(&aes);
  25315. }
  25316. (void)aad;
  25317. (void)aadSz;
  25318. (void)authTag;
  25319. (void)authTagSz;
  25320. (void)pkcs7;
  25321. return ret;
  25322. }
  25323. /* returns key size on success */
  25324. static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
  25325. word32 keyIdSz, byte* orginKey, word32 orginKeySz,
  25326. byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
  25327. {
  25328. int ret = -1;
  25329. if (out == NULL)
  25330. return BAD_FUNC_ARG;
  25331. if (keyId[0] != 0x00) {
  25332. return -1;
  25333. }
  25334. if (type != (int)PKCS7_KEKRI) {
  25335. return -1;
  25336. }
  25337. switch (keyWrapAlgo) {
  25338. case AES256_WRAP:
  25339. /* simulate setting a handle for later decryption but use key
  25340. * as handle in the test case here */
  25341. ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz,
  25342. aesHandle, sizeof(aesHandle), NULL);
  25343. if (ret < 0)
  25344. return ret;
  25345. ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle);
  25346. if (ret < 0)
  25347. return ret;
  25348. /* return key size on success */
  25349. return sizeof(defKey);
  25350. default:
  25351. WOLFSSL_MSG("Unsupported key wrap algorithm in example");
  25352. return BAD_KEYWRAP_ALG_E;
  25353. };
  25354. (void)cekSz;
  25355. (void)cek;
  25356. (void)outSz;
  25357. (void)keyIdSz;
  25358. (void)direction;
  25359. (void)orginKey; /* used with KAKRI */
  25360. (void)orginKeySz;
  25361. return ret;
  25362. }
  25363. #endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */
  25364. /*
  25365. * Testing wc_PKCS7_EncodeEnvelopedData()
  25366. */
  25367. static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
  25368. {
  25369. int res = TEST_SKIPPED;
  25370. #if defined(HAVE_PKCS7)
  25371. PKCS7* pkcs7;
  25372. #ifdef ECC_TIMING_RESISTANT
  25373. WC_RNG rng;
  25374. #endif
  25375. word32 tempWrd32 = 0;
  25376. byte* tmpBytePtr = NULL;
  25377. const char input[] = "Test data to encode.";
  25378. int i;
  25379. int testSz = 0;
  25380. #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \
  25381. !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
  25382. byte* rsaCert = NULL;
  25383. byte* rsaPrivKey = NULL;
  25384. word32 rsaCertSz;
  25385. word32 rsaPrivKeySz;
  25386. #if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \
  25387. !defined(USE_CERT_BUFFERS_2048) )
  25388. static const char* rsaClientCert = "./certs/client-cert.der";
  25389. static const char* rsaClientKey = "./certs/client-key.der";
  25390. rsaCertSz = (word32)sizeof(rsaClientCert);
  25391. rsaPrivKeySz = (word32)sizeof(rsaClientKey);
  25392. #endif
  25393. #endif
  25394. #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
  25395. !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
  25396. byte* eccCert = NULL;
  25397. byte* eccPrivKey = NULL;
  25398. word32 eccCertSz;
  25399. word32 eccPrivKeySz;
  25400. #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256)
  25401. static const char* eccClientCert = "./certs/client-ecc-cert.der";
  25402. static const char* eccClientKey = "./certs/ecc-client-key.der";
  25403. #endif
  25404. #endif
  25405. /* Generic buffer size. */
  25406. byte output[ONEK_BUF];
  25407. byte decoded[sizeof(input)/sizeof(char)];
  25408. int decodedSz = 0;
  25409. #ifndef NO_FILESYSTEM
  25410. XFILE certFile;
  25411. XFILE keyFile;
  25412. #endif
  25413. #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
  25414. !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
  25415. /* RSA certs and keys. */
  25416. #if defined(USE_CERT_BUFFERS_1024)
  25417. rsaCertSz = (word32)sizeof_client_cert_der_1024;
  25418. /* Allocate buffer space. */
  25419. AssertNotNull(rsaCert =
  25420. (byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  25421. /* Init buffer. */
  25422. XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
  25423. rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
  25424. AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
  25425. DYNAMIC_TYPE_TMP_BUFFER));
  25426. XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
  25427. #elif defined(USE_CERT_BUFFERS_2048)
  25428. rsaCertSz = (word32)sizeof_client_cert_der_2048;
  25429. /* Allocate buffer */
  25430. AssertNotNull(rsaCert =
  25431. (byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  25432. /* Init buffer. */
  25433. XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
  25434. rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
  25435. AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
  25436. DYNAMIC_TYPE_TMP_BUFFER));
  25437. XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
  25438. #else
  25439. /* File system. */
  25440. certFile = XFOPEN(rsaClientCert, "rb");
  25441. AssertTrue(certFile != XBADFILE);
  25442. rsaCertSz = (word32)FOURK_BUF;
  25443. AssertNotNull(rsaCert =
  25444. (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  25445. rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz, certFile);
  25446. XFCLOSE(certFile);
  25447. keyFile = XFOPEN(rsaClientKey, "rb");
  25448. AssertTrue(keyFile != XBADFILE);
  25449. AssertNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  25450. DYNAMIC_TYPE_TMP_BUFFER));
  25451. rsaPrivKeySz = (word32)FOURK_BUF;
  25452. rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz, keyFile);
  25453. XFCLOSE(keyFile);
  25454. #endif /* USE_CERT_BUFFERS */
  25455. #endif /* NO_RSA */
  25456. /* ECC */
  25457. #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
  25458. !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
  25459. #ifdef USE_CERT_BUFFERS_256
  25460. AssertNotNull(eccCert =
  25461. (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  25462. /* Init buffer. */
  25463. eccCertSz = (word32)sizeof_cliecc_cert_der_256;
  25464. XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
  25465. AssertNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
  25466. DYNAMIC_TYPE_TMP_BUFFER));
  25467. eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
  25468. XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
  25469. #else /* File system. */
  25470. certFile = XFOPEN(eccClientCert, "rb");
  25471. AssertTrue(certFile != XBADFILE);
  25472. eccCertSz = (word32)FOURK_BUF;
  25473. AssertNotNull(eccCert =
  25474. (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  25475. eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, certFile);
  25476. XFCLOSE(certFile);
  25477. keyFile = XFOPEN(eccClientKey, "rb");
  25478. AssertTrue(keyFile != XBADFILE);
  25479. eccPrivKeySz = (word32)FOURK_BUF;
  25480. AssertNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  25481. DYNAMIC_TYPE_TMP_BUFFER));
  25482. eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, keyFile);
  25483. XFCLOSE(keyFile);
  25484. #endif /* USE_CERT_BUFFERS_256 */
  25485. #endif /* END HAVE_ECC */
  25486. #ifndef NO_FILESYSTEM
  25487. /* Silence. */
  25488. (void)keyFile;
  25489. (void)certFile;
  25490. #endif
  25491. {
  25492. const pkcs7EnvelopedVector testVectors[] = {
  25493. /* DATA is a global variable defined in the makefile. */
  25494. #if !defined(NO_RSA)
  25495. #ifndef NO_DES3
  25496. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
  25497. rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
  25498. #endif /* NO_DES3 */
  25499. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  25500. #ifndef NO_AES_128
  25501. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
  25502. 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
  25503. #endif
  25504. #ifndef NO_AES_192
  25505. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
  25506. 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
  25507. #endif
  25508. #ifndef NO_AES_256
  25509. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
  25510. 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
  25511. #endif
  25512. #endif /* NO_AES && HAVE_AES_CBC */
  25513. #endif /* NO_RSA */
  25514. #if defined(HAVE_ECC)
  25515. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  25516. #if !defined(NO_SHA) && !defined(NO_AES_128)
  25517. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
  25518. AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert,
  25519. eccCertSz, eccPrivKey, eccPrivKeySz},
  25520. #endif
  25521. #if !defined(NO_SHA256) && !defined(NO_AES_256)
  25522. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
  25523. AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, eccCert,
  25524. eccCertSz, eccPrivKey, eccPrivKeySz},
  25525. #endif
  25526. #if defined(WOLFSSL_SHA512) && !defined(NO_AES_256)
  25527. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
  25528. AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert,
  25529. eccCertSz, eccPrivKey, eccPrivKeySz},
  25530. #endif
  25531. #endif /* NO_AES && HAVE_AES_CBC*/
  25532. #endif /* END HAVE_ECC */
  25533. }; /* END pkcs7EnvelopedVector */
  25534. #ifdef ECC_TIMING_RESISTANT
  25535. AssertIntEQ(wc_InitRng(&rng), 0);
  25536. #endif
  25537. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25538. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
  25539. testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
  25540. for (i = 0; i < testSz; i++) {
  25541. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
  25542. (word32)(testVectors + i)->certSz), 0);
  25543. #ifdef ECC_TIMING_RESISTANT
  25544. pkcs7->rng = &rng;
  25545. #endif
  25546. pkcs7->content = (byte*)(testVectors + i)->content;
  25547. pkcs7->contentSz = (testVectors + i)->contentSz;
  25548. pkcs7->contentOID = (testVectors + i)->contentOID;
  25549. pkcs7->encryptOID = (testVectors + i)->encryptOID;
  25550. pkcs7->keyWrapOID = (testVectors + i)->keyWrapOID;
  25551. pkcs7->keyAgreeOID = (testVectors + i)->keyAgreeOID;
  25552. pkcs7->privateKey = (testVectors + i)->privateKey;
  25553. pkcs7->privateKeySz = (testVectors + i)->privateKeySz;
  25554. AssertIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
  25555. (word32)sizeof(output)), 0);
  25556. decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  25557. (word32)sizeof(output), decoded, (word32)sizeof(decoded));
  25558. AssertIntGE(decodedSz, 0);
  25559. /* Verify the size of each buffer. */
  25560. AssertIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
  25561. /* Don't free the last time through the loop. */
  25562. if (i < testSz - 1) {
  25563. wc_PKCS7_Free(pkcs7);
  25564. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25565. }
  25566. } /* END test loop. */
  25567. }
  25568. /* Test bad args. */
  25569. AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
  25570. (word32)sizeof(output)), BAD_FUNC_ARG);
  25571. AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
  25572. (word32)sizeof(output)), BAD_FUNC_ARG);
  25573. AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG);
  25574. /* Decode. */
  25575. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
  25576. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  25577. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  25578. (word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  25579. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  25580. (word32)sizeof(output), decoded, 0), BAD_FUNC_ARG);
  25581. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
  25582. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  25583. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
  25584. (word32)sizeof(decoded)), BAD_FUNC_ARG);
  25585. /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
  25586. #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
  25587. /* only a failure for KARI test cases */
  25588. tempWrd32 = pkcs7->singleCertSz;
  25589. pkcs7->singleCertSz = 0;
  25590. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  25591. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  25592. pkcs7->singleCertSz = tempWrd32;
  25593. tmpBytePtr = pkcs7->singleCert;
  25594. pkcs7->singleCert = NULL;
  25595. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  25596. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  25597. pkcs7->singleCert = tmpBytePtr;
  25598. #endif
  25599. tempWrd32 = pkcs7->privateKeySz;
  25600. pkcs7->privateKeySz = 0;
  25601. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  25602. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  25603. pkcs7->privateKeySz = tempWrd32;
  25604. tmpBytePtr = pkcs7->privateKey;
  25605. pkcs7->privateKey = NULL;
  25606. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  25607. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  25608. pkcs7->privateKey = tmpBytePtr;
  25609. wc_PKCS7_Free(pkcs7);
  25610. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256)
  25611. /* test of decrypt callback with KEKRI enveloped data */
  25612. {
  25613. int envelopedSz;
  25614. const byte keyId[] = { 0x00 };
  25615. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25616. pkcs7->content = (byte*)input;
  25617. pkcs7->contentSz = (word32)(sizeof(input)/sizeof(char));
  25618. pkcs7->contentOID = DATA;
  25619. pkcs7->encryptOID = AES256CBCb;
  25620. AssertIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP,
  25621. (byte*)defKey, sizeof(defKey), (byte*)keyId,
  25622. sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0);
  25623. AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
  25624. AssertIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
  25625. (word32)sizeof(output))), 0);
  25626. wc_PKCS7_Free(pkcs7);
  25627. /* decode envelopedData */
  25628. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25629. AssertIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0);
  25630. AssertIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0);
  25631. AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  25632. envelopedSz, decoded, sizeof(decoded))), 0);
  25633. wc_PKCS7_Free(pkcs7);
  25634. }
  25635. #endif /* !NO_AES && !NO_AES_256 */
  25636. #ifndef NO_RSA
  25637. if (rsaCert) {
  25638. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25639. }
  25640. if (rsaPrivKey) {
  25641. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25642. }
  25643. #endif /*NO_RSA */
  25644. #ifdef HAVE_ECC
  25645. if (eccCert) {
  25646. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25647. }
  25648. if (eccPrivKey) {
  25649. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25650. }
  25651. #endif /* HAVE_ECC */
  25652. #ifdef ECC_TIMING_RESISTANT
  25653. wc_FreeRng(&rng);
  25654. #endif
  25655. #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && \
  25656. !defined(NO_RSA) && !defined(NO_SHA)
  25657. {
  25658. byte out[7];
  25659. byte *cms;
  25660. word32 cmsSz;
  25661. XFILE cmsFile;
  25662. XMEMSET(out, 0, sizeof(out));
  25663. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25664. cmsFile = XFOPEN("./certs/test/ktri-keyid-cms.msg", "rb");
  25665. AssertTrue(cmsFile != XBADFILE);
  25666. cmsSz = (word32)FOURK_BUF;
  25667. AssertNotNull(cms =
  25668. (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  25669. cmsSz = (word32)XFREAD(cms, 1, cmsSz, cmsFile);
  25670. XFCLOSE(cmsFile);
  25671. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
  25672. sizeof_client_cert_der_2048), 0);
  25673. pkcs7->privateKey = (byte*)client_key_der_2048;
  25674. pkcs7->privateKeySz = sizeof_client_key_der_2048;
  25675. AssertIntLT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
  25676. 2), 0);
  25677. AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
  25678. sizeof(out)), 0);
  25679. XFREE(cms, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25680. AssertIntEQ(XMEMCMP(out, "test", 4), 0);
  25681. wc_PKCS7_Free(pkcs7);
  25682. }
  25683. #endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
  25684. res = TEST_RES_CHECK(1);
  25685. #endif /* HAVE_PKCS7 */
  25686. return res;
  25687. } /* END test_wc_PKCS7_EncodeEnvelopedData() */
  25688. /*
  25689. * Testing wc_PKCS7_EncodeEncryptedData()
  25690. */
  25691. static int test_wc_PKCS7_EncodeEncryptedData(void)
  25692. {
  25693. int res = TEST_SKIPPED;
  25694. #if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
  25695. PKCS7* pkcs7 = NULL;
  25696. byte* tmpBytePtr = NULL;
  25697. byte encrypted[TWOK_BUF];
  25698. byte decoded[TWOK_BUF];
  25699. word32 tmpWrd32 = 0;
  25700. int tmpInt = 0;
  25701. int decodedSz;
  25702. int encryptedSz;
  25703. int testSz;
  25704. int i;
  25705. const byte data[] = { /* Hello World */
  25706. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  25707. 0x72,0x6c,0x64
  25708. };
  25709. #ifndef NO_DES3
  25710. byte desKey[] = {
  25711. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
  25712. };
  25713. byte des3Key[] = {
  25714. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  25715. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  25716. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  25717. };
  25718. #endif
  25719. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  25720. #ifndef NO_AES_128
  25721. byte aes128Key[] = {
  25722. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  25723. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  25724. };
  25725. #endif
  25726. #ifndef NO_AES_192
  25727. byte aes192Key[] = {
  25728. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  25729. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  25730. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  25731. };
  25732. #endif
  25733. #ifndef NO_AES_256
  25734. byte aes256Key[] = {
  25735. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  25736. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  25737. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  25738. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  25739. };
  25740. #endif
  25741. #endif /* !NO_AES && HAVE_AES_CBC */
  25742. const pkcs7EncryptedVector testVectors[] =
  25743. {
  25744. #ifndef NO_DES3
  25745. {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
  25746. {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
  25747. #endif /* !NO_DES3 */
  25748. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  25749. #ifndef NO_AES_128
  25750. {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
  25751. sizeof(aes128Key)},
  25752. #endif
  25753. #ifndef NO_AES_192
  25754. {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
  25755. sizeof(aes192Key)},
  25756. #endif
  25757. #ifndef NO_AES_256
  25758. {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
  25759. sizeof(aes256Key)},
  25760. #endif
  25761. #endif /* !NO_AES && HAVE_AES_CBC */
  25762. };
  25763. testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
  25764. for (i = 0; i < testSz; i++) {
  25765. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25766. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
  25767. pkcs7->content = (byte*)testVectors[i].content;
  25768. pkcs7->contentSz = testVectors[i].contentSz;
  25769. pkcs7->contentOID = testVectors[i].contentOID;
  25770. pkcs7->encryptOID = testVectors[i].encryptOID;
  25771. pkcs7->encryptionKey = testVectors[i].encryptionKey;
  25772. pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
  25773. pkcs7->heap = HEAP_HINT;
  25774. /* encode encryptedData */
  25775. encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  25776. sizeof(encrypted));
  25777. AssertIntGT(encryptedSz, 0);
  25778. /* Decode encryptedData */
  25779. decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  25780. decoded, sizeof(decoded));
  25781. AssertIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
  25782. /* Keep values for last itr. */
  25783. if (i < testSz - 1) {
  25784. wc_PKCS7_Free(pkcs7);
  25785. }
  25786. }
  25787. if (pkcs7 == NULL || testSz == 0) {
  25788. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25789. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
  25790. }
  25791. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
  25792. sizeof(encrypted)),BAD_FUNC_ARG);
  25793. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
  25794. sizeof(encrypted)), BAD_FUNC_ARG);
  25795. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  25796. 0), BAD_FUNC_ARG);
  25797. /* Testing the struct. */
  25798. tmpBytePtr = pkcs7->content;
  25799. pkcs7->content = NULL;
  25800. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  25801. sizeof(encrypted)), BAD_FUNC_ARG);
  25802. pkcs7->content = tmpBytePtr;
  25803. tmpWrd32 = pkcs7->contentSz;
  25804. pkcs7->contentSz = 0;
  25805. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  25806. sizeof(encrypted)), BAD_FUNC_ARG);
  25807. pkcs7->contentSz = tmpWrd32;
  25808. tmpInt = pkcs7->encryptOID;
  25809. pkcs7->encryptOID = 0;
  25810. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  25811. sizeof(encrypted)), BAD_FUNC_ARG);
  25812. pkcs7->encryptOID = tmpInt;
  25813. tmpBytePtr = pkcs7->encryptionKey;
  25814. pkcs7->encryptionKey = NULL;
  25815. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  25816. sizeof(encrypted)), BAD_FUNC_ARG);
  25817. pkcs7->encryptionKey = tmpBytePtr;
  25818. tmpWrd32 = pkcs7->encryptionKeySz;
  25819. pkcs7->encryptionKeySz = 0;
  25820. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  25821. sizeof(encrypted)), BAD_FUNC_ARG);
  25822. pkcs7->encryptionKeySz = tmpWrd32;
  25823. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz,
  25824. decoded, sizeof(decoded)), BAD_FUNC_ARG);
  25825. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, encryptedSz,
  25826. decoded, sizeof(decoded)), BAD_FUNC_ARG);
  25827. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
  25828. decoded, sizeof(decoded)), BAD_FUNC_ARG);
  25829. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  25830. NULL, sizeof(decoded)), BAD_FUNC_ARG);
  25831. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  25832. decoded, 0), BAD_FUNC_ARG);
  25833. /* Test struct fields */
  25834. tmpBytePtr = pkcs7->encryptionKey;
  25835. pkcs7->encryptionKey = NULL;
  25836. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  25837. decoded, sizeof(decoded)), BAD_FUNC_ARG);
  25838. pkcs7->encryptionKey = tmpBytePtr;
  25839. pkcs7->encryptionKeySz = 0;
  25840. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  25841. decoded, sizeof(decoded)), BAD_FUNC_ARG);
  25842. wc_PKCS7_Free(pkcs7);
  25843. res = TEST_RES_CHECK(1);
  25844. #endif
  25845. return res;
  25846. } /* END test_wc_PKCS7_EncodeEncryptedData() */
  25847. /*
  25848. * Testing wc_PKCS7_Degenerate()
  25849. */
  25850. static int test_wc_PKCS7_Degenerate(void)
  25851. {
  25852. int res = TEST_SKIPPED;
  25853. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
  25854. PKCS7* pkcs7;
  25855. char fName[] = "./certs/test-degenerate.p7b";
  25856. XFILE f;
  25857. byte der[4096];
  25858. word32 derSz;
  25859. int ret;
  25860. AssertNotNull(f = XFOPEN(fName, "rb"));
  25861. AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
  25862. derSz = (word32)ret;
  25863. XFCLOSE(f);
  25864. /* test degenerate success */
  25865. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25866. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  25867. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  25868. #ifndef NO_RSA
  25869. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
  25870. #else
  25871. AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
  25872. #endif
  25873. wc_PKCS7_Free(pkcs7);
  25874. /* test with turning off degenerate cases */
  25875. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  25876. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  25877. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  25878. wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
  25879. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), PKCS7_NO_SIGNER_E);
  25880. wc_PKCS7_Free(pkcs7);
  25881. res = TEST_RES_CHECK(1);
  25882. #endif
  25883. return res;
  25884. } /* END test_wc_PKCS7_Degenerate() */
  25885. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
  25886. defined(ASN_BER_TO_DER) && !defined(NO_DES3) && !defined(NO_SHA)
  25887. static byte berContent[] = {
  25888. 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
  25889. 0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
  25890. 0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48,
  25891. 0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30,
  25892. 0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30,
  25893. 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
  25894. 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
  25895. 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
  25896. 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
  25897. 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
  25898. 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
  25899. 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
  25900. 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
  25901. 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30,
  25902. 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10,
  25903. 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
  25904. 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34,
  25905. 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
  25906. 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
  25907. 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
  25908. 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
  25909. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
  25910. 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
  25911. 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
  25912. 0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3,
  25913. 0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D,
  25914. 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  25915. 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80,
  25916. 0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62,
  25917. 0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A,
  25918. 0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72,
  25919. 0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8,
  25920. 0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7,
  25921. 0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32,
  25922. 0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF,
  25923. 0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76,
  25924. 0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A,
  25925. 0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72,
  25926. 0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7,
  25927. 0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09,
  25928. 0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A,
  25929. 0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7,
  25930. 0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37,
  25931. 0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C,
  25932. 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
  25933. 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06,
  25934. 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03,
  25935. 0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16,
  25936. 0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03,
  25937. 0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C,
  25938. 0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86,
  25939. 0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A,
  25940. 0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9,
  25941. 0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C,
  25942. 0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F,
  25943. 0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0,
  25944. 0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1,
  25945. 0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0,
  25946. 0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94,
  25947. 0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D,
  25948. 0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75,
  25949. 0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D,
  25950. 0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F,
  25951. 0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF,
  25952. 0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48,
  25953. 0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81,
  25954. 0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE,
  25955. 0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A,
  25956. 0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32,
  25957. 0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36,
  25958. 0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7,
  25959. 0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19,
  25960. 0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42,
  25961. 0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A,
  25962. 0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67,
  25963. 0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD,
  25964. 0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF,
  25965. 0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D,
  25966. 0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7,
  25967. 0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87,
  25968. 0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA,
  25969. 0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B,
  25970. 0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D,
  25971. 0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4,
  25972. 0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E,
  25973. 0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7,
  25974. 0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4,
  25975. 0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A,
  25976. 0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11,
  25977. 0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D,
  25978. 0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B,
  25979. 0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85,
  25980. 0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C,
  25981. 0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3,
  25982. 0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64,
  25983. 0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A,
  25984. 0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC,
  25985. 0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36,
  25986. 0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C,
  25987. 0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69,
  25988. 0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0,
  25989. 0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1,
  25990. 0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27,
  25991. 0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C,
  25992. 0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80,
  25993. 0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41,
  25994. 0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44,
  25995. 0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B,
  25996. 0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E,
  25997. 0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56,
  25998. 0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D,
  25999. 0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1,
  26000. 0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7,
  26001. 0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40,
  26002. 0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6,
  26003. 0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23,
  26004. 0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0,
  26005. 0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39,
  26006. 0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C,
  26007. 0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C,
  26008. 0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7,
  26009. 0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD,
  26010. 0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C,
  26011. 0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8,
  26012. 0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4,
  26013. 0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99,
  26014. 0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9,
  26015. 0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61,
  26016. 0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5,
  26017. 0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B,
  26018. 0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A,
  26019. 0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71,
  26020. 0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66,
  26021. 0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD,
  26022. 0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF,
  26023. 0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8,
  26024. 0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5,
  26025. 0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91,
  26026. 0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C,
  26027. 0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A,
  26028. 0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE,
  26029. 0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B,
  26030. 0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3,
  26031. 0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1,
  26032. 0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06,
  26033. 0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11,
  26034. 0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75,
  26035. 0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A,
  26036. 0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49,
  26037. 0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6,
  26038. 0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26,
  26039. 0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4,
  26040. 0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D,
  26041. 0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF,
  26042. 0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C,
  26043. 0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26,
  26044. 0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA,
  26045. 0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB,
  26046. 0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC,
  26047. 0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81,
  26048. 0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7,
  26049. 0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18,
  26050. 0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D,
  26051. 0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01,
  26052. 0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB,
  26053. 0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44,
  26054. 0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C,
  26055. 0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70,
  26056. 0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B,
  26057. 0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36,
  26058. 0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7,
  26059. 0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E,
  26060. 0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D,
  26061. 0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06,
  26062. 0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92,
  26063. 0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03,
  26064. 0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C,
  26065. 0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED,
  26066. 0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A,
  26067. 0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2,
  26068. 0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50,
  26069. 0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16,
  26070. 0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4,
  26071. 0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF,
  26072. 0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E,
  26073. 0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
  26074. 0x00, 0x00, 0x00, 0x00, 0x00
  26075. };
  26076. #endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER &&
  26077. * !NO_DES3 && !NO_SHA
  26078. */
  26079. /*
  26080. * Testing wc_PKCS7_BER()
  26081. */
  26082. static int test_wc_PKCS7_BER(void)
  26083. {
  26084. int res = TEST_SKIPPED;
  26085. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
  26086. !defined(NO_SHA) && defined(ASN_BER_TO_DER)
  26087. PKCS7* pkcs7;
  26088. char fName[] = "./certs/test-ber-exp02-05-2022.p7b";
  26089. XFILE f;
  26090. byte der[4096];
  26091. #ifndef NO_DES3
  26092. byte decoded[2048];
  26093. #endif
  26094. word32 derSz;
  26095. int ret;
  26096. AssertNotNull(f = XFOPEN(fName, "rb"));
  26097. AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
  26098. derSz = (word32)ret;
  26099. XFCLOSE(f);
  26100. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  26101. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  26102. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  26103. #ifndef NO_RSA
  26104. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
  26105. #else
  26106. AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
  26107. #endif
  26108. wc_PKCS7_Free(pkcs7);
  26109. #ifndef NO_DES3
  26110. /* decode BER content */
  26111. AssertNotNull(f = XFOPEN("./certs/1024/client-cert.der", "rb"));
  26112. AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
  26113. derSz = (word32)ret;
  26114. XFCLOSE(f);
  26115. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  26116. #ifndef NO_RSA
  26117. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
  26118. #else
  26119. AssertIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
  26120. #endif
  26121. AssertNotNull(f = XFOPEN("./certs/1024/client-key.der", "rb"));
  26122. AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
  26123. derSz = (word32)ret;
  26124. XFCLOSE(f);
  26125. pkcs7->privateKey = der;
  26126. pkcs7->privateKeySz = derSz;
  26127. #ifndef NO_RSA
  26128. #ifdef WOLFSSL_SP_MATH
  26129. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
  26130. sizeof(berContent), decoded, sizeof(decoded)), WC_KEY_SIZE_E);
  26131. #else
  26132. AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
  26133. sizeof(berContent), decoded, sizeof(decoded)), 0);
  26134. #endif
  26135. #else
  26136. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
  26137. sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN);
  26138. #endif
  26139. wc_PKCS7_Free(pkcs7);
  26140. #endif /* !NO_DES3 */
  26141. res = TEST_RES_CHECK(1);
  26142. #endif
  26143. return res;
  26144. } /* END test_wc_PKCS7_BER() */
  26145. static int test_PKCS7_signed_enveloped(void)
  26146. {
  26147. int res = TEST_SKIPPED;
  26148. #if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
  26149. !defined(NO_FILESYSTEM)
  26150. XFILE f;
  26151. PKCS7* pkcs7;
  26152. #ifdef HAVE_AES_CBC
  26153. PKCS7* inner;
  26154. #endif
  26155. void* pt;
  26156. WC_RNG rng;
  26157. unsigned char key[FOURK_BUF/2];
  26158. unsigned char cert[FOURK_BUF/2];
  26159. unsigned char env[FOURK_BUF];
  26160. int envSz = FOURK_BUF;
  26161. int keySz;
  26162. int certSz;
  26163. unsigned char sig[FOURK_BUF * 2];
  26164. int sigSz = FOURK_BUF * 2;
  26165. #ifdef HAVE_AES_CBC
  26166. unsigned char decoded[FOURK_BUF];
  26167. int decodedSz = FOURK_BUF;
  26168. #endif
  26169. /* load cert */
  26170. AssertNotNull(f = XFOPEN(cliCertDerFile, "rb"));
  26171. AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0);
  26172. XFCLOSE(f);
  26173. /* load key */
  26174. AssertNotNull(f = XFOPEN(cliKeyFile, "rb"));
  26175. AssertIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0);
  26176. XFCLOSE(f);
  26177. keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL);
  26178. /* sign cert for envelope */
  26179. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  26180. AssertIntEQ(wc_InitRng(&rng), 0);
  26181. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  26182. pkcs7->content = cert;
  26183. pkcs7->contentSz = certSz;
  26184. pkcs7->contentOID = DATA;
  26185. pkcs7->privateKey = key;
  26186. pkcs7->privateKeySz = keySz;
  26187. pkcs7->encryptOID = RSAk;
  26188. pkcs7->hashOID = SHA256h;
  26189. pkcs7->rng = &rng;
  26190. AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
  26191. wc_PKCS7_Free(pkcs7);
  26192. wc_FreeRng(&rng);
  26193. #ifdef HAVE_AES_CBC
  26194. /* create envelope */
  26195. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  26196. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  26197. pkcs7->content = sig;
  26198. pkcs7->contentSz = sigSz;
  26199. pkcs7->contentOID = DATA;
  26200. pkcs7->encryptOID = AES256CBCb;
  26201. pkcs7->privateKey = key;
  26202. pkcs7->privateKeySz = keySz;
  26203. AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
  26204. AssertIntLT(wc_PKCS7_EncodeEnvelopedData(pkcs7, env, 2), 0);
  26205. wc_PKCS7_Free(pkcs7);
  26206. #endif
  26207. /* create bad signed enveloped data */
  26208. sigSz = FOURK_BUF * 2;
  26209. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  26210. AssertIntEQ(wc_InitRng(&rng), 0);
  26211. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  26212. pkcs7->content = env;
  26213. pkcs7->contentSz = envSz;
  26214. pkcs7->contentOID = DATA;
  26215. pkcs7->privateKey = key;
  26216. pkcs7->privateKeySz = keySz;
  26217. pkcs7->encryptOID = RSAk;
  26218. pkcs7->hashOID = SHA256h;
  26219. pkcs7->rng = &rng;
  26220. /* Set no certs in bundle for this test. Hang on to the pointer though to
  26221. * free it later. */
  26222. pt = (void*)pkcs7->certList;
  26223. pkcs7->certList = NULL; /* no certs in bundle */
  26224. AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
  26225. pkcs7->certList = (Pkcs7Cert*)pt; /* restore pointer for PKCS7 free call */
  26226. wc_PKCS7_Free(pkcs7);
  26227. /* check verify fails */
  26228. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  26229. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  26230. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz),
  26231. PKCS7_SIGNEEDS_CHECK);
  26232. /* try verifying the signature manually */
  26233. {
  26234. RsaKey rKey;
  26235. word32 idx = 0;
  26236. byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
  26237. WC_MAX_DIGEST_SIZE];
  26238. int digestSz;
  26239. AssertIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
  26240. AssertIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0);
  26241. digestSz = wc_RsaSSL_Verify(pkcs7->signature, pkcs7->signatureSz,
  26242. digest, sizeof(digest), &rKey);
  26243. AssertIntGT(digestSz, 0);
  26244. AssertIntEQ(digestSz, pkcs7->pkcs7DigestSz);
  26245. AssertIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0);
  26246. AssertIntEQ(wc_FreeRsaKey(&rKey), 0);
  26247. /* verify was success */
  26248. }
  26249. wc_PKCS7_Free(pkcs7);
  26250. /* initializing the PKCS7 struct with the signing certificate should pass */
  26251. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  26252. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  26253. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
  26254. wc_PKCS7_Free(pkcs7);
  26255. /* create valid degenerate bundle */
  26256. sigSz = FOURK_BUF * 2;
  26257. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  26258. pkcs7->content = env;
  26259. pkcs7->contentSz = envSz;
  26260. pkcs7->contentOID = DATA;
  26261. pkcs7->privateKey = key;
  26262. pkcs7->privateKeySz = keySz;
  26263. pkcs7->encryptOID = RSAk;
  26264. pkcs7->hashOID = SHA256h;
  26265. pkcs7->rng = &rng;
  26266. AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
  26267. AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
  26268. wc_PKCS7_Free(pkcs7);
  26269. wc_FreeRng(&rng);
  26270. /* check verify */
  26271. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  26272. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
  26273. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
  26274. AssertNotNull(pkcs7->content);
  26275. #ifdef HAVE_AES_CBC
  26276. /* check decode */
  26277. AssertNotNull(inner = wc_PKCS7_New(NULL, 0));
  26278. AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
  26279. inner->privateKey = key;
  26280. inner->privateKeySz = keySz;
  26281. AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
  26282. pkcs7->contentSz, decoded, decodedSz)), 0);
  26283. wc_PKCS7_Free(inner);
  26284. #endif
  26285. wc_PKCS7_Free(pkcs7);
  26286. #ifdef HAVE_AES_CBC
  26287. /* check cert set */
  26288. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  26289. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  26290. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0);
  26291. AssertNotNull(pkcs7->singleCert);
  26292. AssertIntNE(pkcs7->singleCertSz, 0);
  26293. wc_PKCS7_Free(pkcs7);
  26294. #endif
  26295. res = TEST_RES_CHECK(1);
  26296. #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
  26297. return res;
  26298. }
  26299. static int test_wc_PKCS7_NoDefaultSignedAttribs(void)
  26300. {
  26301. int res = TEST_SKIPPED;
  26302. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
  26303. && !defined(NO_AES)
  26304. PKCS7* pkcs7;
  26305. void* heap = NULL;
  26306. pkcs7 = wc_PKCS7_New(heap, testDevId);
  26307. AssertNotNull(pkcs7);
  26308. AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
  26309. AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), BAD_FUNC_ARG);
  26310. AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);
  26311. wc_PKCS7_Free(pkcs7);
  26312. res = TEST_RES_CHECK(1);
  26313. #endif
  26314. return res;
  26315. }
  26316. static int test_wc_PKCS7_SetOriEncryptCtx(void)
  26317. {
  26318. int res = TEST_SKIPPED;
  26319. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
  26320. && !defined(NO_AES)
  26321. PKCS7* pkcs7;
  26322. void* heap = NULL;
  26323. WOLFSSL_CTX* ctx;
  26324. ctx = NULL;
  26325. pkcs7 = wc_PKCS7_New(heap, testDevId);
  26326. AssertNotNull(pkcs7);
  26327. AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
  26328. AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), BAD_FUNC_ARG);
  26329. AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);
  26330. wc_PKCS7_Free(pkcs7);
  26331. res = TEST_RES_CHECK(1);
  26332. #endif
  26333. return res;
  26334. }
  26335. static int test_wc_PKCS7_SetOriDecryptCtx(void)
  26336. {
  26337. int res = TEST_SKIPPED;
  26338. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
  26339. && !defined(NO_AES)
  26340. PKCS7* pkcs7;
  26341. void* heap = NULL;
  26342. WOLFSSL_CTX* ctx;
  26343. ctx = NULL;
  26344. pkcs7 = wc_PKCS7_New(heap, testDevId);
  26345. AssertNotNull(pkcs7);
  26346. AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
  26347. AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), BAD_FUNC_ARG);
  26348. AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);
  26349. wc_PKCS7_Free(pkcs7);
  26350. res = TEST_RES_CHECK(1);
  26351. #endif
  26352. return res;
  26353. }
  26354. static int test_wc_PKCS7_DecodeCompressedData(void)
  26355. {
  26356. int res = TEST_SKIPPED;
  26357. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
  26358. && !defined(NO_AES) && defined(HAVE_LIBZ)
  26359. PKCS7* pkcs7;
  26360. void* heap = NULL;
  26361. byte out[4096];
  26362. byte *decompressed;
  26363. int outSz, decompressedSz;
  26364. const char* cert = "./certs/client-cert.pem";
  26365. byte* cert_buf = NULL;
  26366. size_t cert_sz = 0;
  26367. AssertIntEQ(load_file(cert, &cert_buf, &cert_sz), 0);
  26368. AssertNotNull((decompressed =
  26369. (byte*)XMALLOC(cert_sz, heap, DYNAMIC_TYPE_TMP_BUFFER)));
  26370. decompressedSz = (int)cert_sz;
  26371. AssertNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId)));
  26372. pkcs7->content = (byte*)cert_buf;
  26373. pkcs7->contentSz = (word32)cert_sz;
  26374. pkcs7->contentOID = DATA;
  26375. AssertIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out,
  26376. sizeof(out))), 0);
  26377. wc_PKCS7_Free(pkcs7);
  26378. /* compressed key should be smaller than when started */
  26379. AssertIntLT(outSz, cert_sz);
  26380. /* test decompression */
  26381. AssertNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId)));
  26382. AssertIntEQ(pkcs7->contentOID, 0);
  26383. /* fail case with out buffer too small */
  26384. AssertIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
  26385. decompressed, outSz), 0);
  26386. /* success case */
  26387. AssertIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
  26388. decompressed, decompressedSz), cert_sz);
  26389. AssertIntEQ(pkcs7->contentOID, DATA);
  26390. AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
  26391. XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
  26392. decompressed = NULL;
  26393. /* test decompression function with different 'max' inputs */
  26394. outSz = sizeof(out);
  26395. AssertIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)),
  26396. 0);
  26397. AssertIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER,
  26398. out, outSz, 0, heap), 0);
  26399. AssertNull(decompressed);
  26400. AssertIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER,
  26401. out, outSz, 0, heap), 0);
  26402. AssertNotNull(decompressed);
  26403. AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
  26404. XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
  26405. decompressed = NULL;
  26406. AssertIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5,
  26407. out, outSz, 0, heap), 0);
  26408. AssertNotNull(decompressed);
  26409. AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
  26410. XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
  26411. if (cert_buf)
  26412. free(cert_buf);
  26413. wc_PKCS7_Free(pkcs7);
  26414. res = TEST_RES_CHECK(1);
  26415. #endif
  26416. return res;
  26417. }
  26418. static int test_wc_i2d_PKCS12(void)
  26419. {
  26420. int res = TEST_SKIPPED;
  26421. #if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
  26422. && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
  26423. && !defined(NO_AES) && !defined(NO_DES3) && !defined(NO_SHA)
  26424. WC_PKCS12* pkcs12 = NULL;
  26425. unsigned char der[FOURK_BUF * 2];
  26426. unsigned char* pt;
  26427. int derSz;
  26428. unsigned char out[FOURK_BUF * 2];
  26429. int outSz = FOURK_BUF * 2;
  26430. const char p12_f[] = "./certs/test-servercert.p12";
  26431. XFILE f;
  26432. f = XFOPEN(p12_f, "rb");
  26433. AssertNotNull(f);
  26434. derSz = (int)XFREAD(der, 1, sizeof(der), f);
  26435. AssertIntGT(derSz, 0);
  26436. XFCLOSE(f);
  26437. AssertNotNull(pkcs12 = wc_PKCS12_new());
  26438. AssertIntEQ(wc_d2i_PKCS12(der, derSz, pkcs12), 0);
  26439. AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
  26440. AssertIntEQ(outSz, derSz);
  26441. outSz = derSz - 1;
  26442. pt = out;
  26443. AssertIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0);
  26444. outSz = derSz;
  26445. AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz);
  26446. AssertIntEQ((pt == out), 0);
  26447. pt = NULL;
  26448. AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz);
  26449. XFREE(pt, NULL, DYNAMIC_TYPE_PKCS);
  26450. wc_PKCS12_free(pkcs12);
  26451. /* Run the same test but use wc_d2i_PKCS12_fp. */
  26452. AssertNotNull(pkcs12 = wc_PKCS12_new());
  26453. AssertIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
  26454. AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
  26455. AssertIntEQ(outSz, derSz);
  26456. wc_PKCS12_free(pkcs12);
  26457. /* wc_d2i_PKCS12_fp can also allocate the PKCS12 object for the caller. */
  26458. pkcs12 = NULL;
  26459. AssertIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
  26460. AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
  26461. AssertIntEQ(outSz, derSz);
  26462. wc_PKCS12_free(pkcs12);
  26463. res = TEST_RES_CHECK(1);
  26464. #endif
  26465. return res;
  26466. }
  26467. /* Testing wc_SignatureGetSize() for signature type ECC */
  26468. static int test_wc_SignatureGetSize_ecc(void)
  26469. {
  26470. int res = TEST_SKIPPED;
  26471. #ifndef NO_SIG_WRAPPER
  26472. int ret;
  26473. #if defined(HAVE_ECC) && !defined(NO_ECC256)
  26474. enum wc_SignatureType sig_type;
  26475. word32 key_len;
  26476. /* Initialize ECC Key */
  26477. ecc_key ecc;
  26478. const char* qx =
  26479. "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
  26480. const char* qy =
  26481. "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
  26482. const char* d =
  26483. "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
  26484. ret = wc_ecc_init(&ecc);
  26485. if (ret == 0) {
  26486. ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1");
  26487. }
  26488. if (ret == 0) {
  26489. /* Input for signature type ECC */
  26490. sig_type = WC_SIGNATURE_TYPE_ECC;
  26491. key_len = sizeof(ecc_key);
  26492. ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
  26493. /* Test bad args */
  26494. if (ret > 0) {
  26495. sig_type = (enum wc_SignatureType) 100;
  26496. ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
  26497. if (ret == BAD_FUNC_ARG) {
  26498. sig_type = WC_SIGNATURE_TYPE_ECC;
  26499. ret = wc_SignatureGetSize(sig_type, NULL, key_len);
  26500. }
  26501. if (ret >= 0) {
  26502. key_len = (word32) 0;
  26503. ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
  26504. }
  26505. if (ret == BAD_FUNC_ARG) {
  26506. ret = SIG_TYPE_E;
  26507. }
  26508. }
  26509. }
  26510. else {
  26511. ret = WOLFSSL_FATAL_ERROR;
  26512. }
  26513. wc_ecc_free(&ecc);
  26514. #else
  26515. ret = SIG_TYPE_E;
  26516. #endif
  26517. res = TEST_RES_CHECK(ret == SIG_TYPE_E);
  26518. #endif /* NO_SIG_WRAPPER */
  26519. return res;
  26520. }/* END test_wc_SignatureGetSize_ecc() */
  26521. /* Testing wc_SignatureGetSize() for signature type rsa */
  26522. static int test_wc_SignatureGetSize_rsa(void)
  26523. {
  26524. int res = TEST_SKIPPED;
  26525. #ifndef NO_SIG_WRAPPER
  26526. int ret = 0;
  26527. #ifndef NO_RSA
  26528. enum wc_SignatureType sig_type;
  26529. word32 key_len;
  26530. word32 idx = 0;
  26531. /* Initialize RSA Key */
  26532. RsaKey rsa_key;
  26533. byte* tmp = NULL;
  26534. size_t bytes;
  26535. #ifdef USE_CERT_BUFFERS_1024
  26536. bytes = (size_t)sizeof_client_key_der_1024;
  26537. if (bytes < (size_t)sizeof_client_key_der_1024)
  26538. bytes = (size_t)sizeof_client_cert_der_1024;
  26539. #elif defined(USE_CERT_BUFFERS_2048)
  26540. bytes = (size_t)sizeof_client_key_der_2048;
  26541. if (bytes < (size_t)sizeof_client_cert_der_2048)
  26542. bytes = (size_t)sizeof_client_cert_der_2048;
  26543. #else
  26544. bytes = FOURK_BUF;
  26545. #endif
  26546. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26547. if (tmp != NULL) {
  26548. #ifdef USE_CERT_BUFFERS_1024
  26549. XMEMCPY(tmp, client_key_der_1024,
  26550. (size_t)sizeof_client_key_der_1024);
  26551. #elif defined(USE_CERT_BUFFERS_2048)
  26552. XMEMCPY(tmp, client_key_der_2048,
  26553. (size_t)sizeof_client_key_der_2048);
  26554. #elif !defined(NO_FILESYSTEM)
  26555. file = XFOPEN(clientKey, "rb");
  26556. if (file != XBADFILE) {
  26557. bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file);
  26558. XFCLOSE(file);
  26559. }
  26560. else {
  26561. ret = WOLFSSL_FATAL_ERROR;
  26562. }
  26563. #else
  26564. ret = WOLFSSL_FATAL_ERROR;
  26565. #endif
  26566. }
  26567. else {
  26568. ret = WOLFSSL_FATAL_ERROR;
  26569. }
  26570. if (ret == 0) {
  26571. ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, testDevId);
  26572. }
  26573. if (ret == 0) {
  26574. ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes);
  26575. }
  26576. if (ret == 0) {
  26577. /* Input for signature type RSA */
  26578. sig_type = WC_SIGNATURE_TYPE_RSA;
  26579. key_len = sizeof(RsaKey);
  26580. ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
  26581. /* Test bad args */
  26582. if (ret > 0) {
  26583. sig_type = (enum wc_SignatureType) 100;
  26584. ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
  26585. if (ret == BAD_FUNC_ARG) {
  26586. sig_type = WC_SIGNATURE_TYPE_RSA;
  26587. ret = wc_SignatureGetSize(sig_type, NULL, key_len);
  26588. }
  26589. #ifndef HAVE_USER_RSA
  26590. if (ret == BAD_FUNC_ARG)
  26591. #else
  26592. if (ret == 0)
  26593. #endif
  26594. {
  26595. key_len = (word32)0;
  26596. ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
  26597. }
  26598. if (ret == BAD_FUNC_ARG) {
  26599. ret = SIG_TYPE_E;
  26600. }
  26601. }
  26602. }
  26603. else {
  26604. ret = WOLFSSL_FATAL_ERROR;
  26605. }
  26606. wc_FreeRsaKey(&rsa_key);
  26607. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26608. #else
  26609. ret = SIG_TYPE_E;
  26610. #endif
  26611. res = TEST_RES_CHECK(ret == SIG_TYPE_E);
  26612. #endif /* NO_SIG_WRAPPER */
  26613. return res;
  26614. }/* END test_wc_SignatureGetSize_rsa(void) */
  26615. /*----------------------------------------------------------------------------*
  26616. | hash.h Tests
  26617. *----------------------------------------------------------------------------*/
  26618. static int test_wc_HashInit(void)
  26619. {
  26620. int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */
  26621. wc_HashAlg hash;
  26622. /* enum for holding supported algorithms, #ifndef's restrict if disabled */
  26623. enum wc_HashType enumArray[] = {
  26624. #ifndef NO_MD5
  26625. WC_HASH_TYPE_MD5,
  26626. #endif
  26627. #ifndef NO_SHA
  26628. WC_HASH_TYPE_SHA,
  26629. #endif
  26630. #ifndef WOLFSSL_SHA224
  26631. WC_HASH_TYPE_SHA224,
  26632. #endif
  26633. #ifndef NO_SHA256
  26634. WC_HASH_TYPE_SHA256,
  26635. #endif
  26636. #ifndef WOLFSSL_SHA384
  26637. WC_HASH_TYPE_SHA384,
  26638. #endif
  26639. #ifndef WOLFSSL_SHA512
  26640. WC_HASH_TYPE_SHA512,
  26641. #endif
  26642. };
  26643. /* dynamically finds the length */
  26644. int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
  26645. /* For loop to test various arguments... */
  26646. for (i = 0; i < enumlen; i++) {
  26647. /* check for bad args */
  26648. if (wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) {
  26649. ret = 1;
  26650. break;
  26651. }
  26652. wc_HashFree(&hash, enumArray[i]);
  26653. /* check for null ptr */
  26654. if (wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) {
  26655. ret = 1;
  26656. break;
  26657. }
  26658. } /* end of for loop */
  26659. return TEST_RES_CHECK(ret == 0);
  26660. } /* end of test_wc_HashInit */
  26661. /*
  26662. * Unit test function for wc_HashSetFlags()
  26663. */
  26664. static int test_wc_HashSetFlags(void)
  26665. {
  26666. int res = TEST_SKIPPED;
  26667. #ifdef WOLFSSL_HASH_FLAGS
  26668. wc_HashAlg hash;
  26669. int ret = 0;
  26670. word32 flags = 0;
  26671. int i, j;
  26672. int notSupportedLen;
  26673. /* enum for holding supported algorithms, #ifndef's restrict if disabled */
  26674. enum wc_HashType enumArray[] = {
  26675. #ifndef NO_MD5
  26676. WC_HASH_TYPE_MD5,
  26677. #endif
  26678. #ifndef NO_SHA
  26679. WC_HASH_TYPE_SHA,
  26680. #endif
  26681. #ifdef WOLFSSL_SHA224
  26682. WC_HASH_TYPE_SHA224,
  26683. #endif
  26684. #ifndef NO_SHA256
  26685. WC_HASH_TYPE_SHA256,
  26686. #endif
  26687. #ifdef WOLFSSL_SHA384
  26688. WC_HASH_TYPE_SHA384,
  26689. #endif
  26690. #ifdef WOLFSSL_SHA512
  26691. WC_HASH_TYPE_SHA512,
  26692. #endif
  26693. #ifdef WOLFSSL_SHA3
  26694. WC_HASH_TYPE_SHA3_224,
  26695. #endif
  26696. };
  26697. enum wc_HashType notSupported[] = {
  26698. WC_HASH_TYPE_MD5_SHA,
  26699. WC_HASH_TYPE_MD2,
  26700. WC_HASH_TYPE_MD4,
  26701. WC_HASH_TYPE_BLAKE2B,
  26702. WC_HASH_TYPE_BLAKE2S,
  26703. WC_HASH_TYPE_NONE,
  26704. };
  26705. /* dynamically finds the length */
  26706. int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
  26707. /* For loop to test various arguments... */
  26708. for (i = 0; i < enumlen; i++) {
  26709. ret = wc_HashInit(&hash, enumArray[i]);
  26710. if (ret == 0) {
  26711. ret = wc_HashSetFlags(&hash, enumArray[i], flags);
  26712. }
  26713. if (ret == 0) {
  26714. if (flags & WC_HASH_FLAG_ISCOPY) {
  26715. ret = 0;
  26716. }
  26717. }
  26718. if (ret == 0) {
  26719. ret = wc_HashSetFlags(NULL, enumArray[i], flags);
  26720. if (ret == BAD_FUNC_ARG) {
  26721. ret = 0;
  26722. }
  26723. }
  26724. wc_HashFree(&hash, enumArray[i]);
  26725. }
  26726. /* For loop to test not supported cases */
  26727. notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
  26728. for (j = 0; ret == 0 && j < notSupportedLen; j++) {
  26729. ret = wc_HashInit(&hash, notSupported[j]);
  26730. if (ret == 0) {
  26731. ret = -1;
  26732. }
  26733. else if (ret == BAD_FUNC_ARG) {
  26734. ret = wc_HashSetFlags(&hash, notSupported[j], flags);
  26735. if (ret == 0) {
  26736. ret = -1;
  26737. }
  26738. else if (ret == BAD_FUNC_ARG) {
  26739. ret = 0;
  26740. }
  26741. }
  26742. if (ret == 0) {
  26743. ret = wc_HashFree(&hash, notSupported[j]);
  26744. if (ret == 0) {
  26745. ret = -1;
  26746. }
  26747. else if (ret == BAD_FUNC_ARG) {
  26748. ret = 0;
  26749. }
  26750. }
  26751. }
  26752. res = TEST_RES_CHECK(ret == 0);
  26753. #endif
  26754. return res;
  26755. } /* END test_wc_HashSetFlags */
  26756. /*
  26757. * Unit test function for wc_HashGetFlags()
  26758. */
  26759. static int test_wc_HashGetFlags(void)
  26760. {
  26761. int res = TEST_SKIPPED;
  26762. #ifdef WOLFSSL_HASH_FLAGS
  26763. wc_HashAlg hash;
  26764. int ret = 0;
  26765. word32 flags = 0;
  26766. int i, j;
  26767. /* enum for holding supported algorithms, #ifndef's restrict if disabled */
  26768. enum wc_HashType enumArray[] = {
  26769. #ifndef NO_MD5
  26770. WC_HASH_TYPE_MD5,
  26771. #endif
  26772. #ifndef NO_SHA
  26773. WC_HASH_TYPE_SHA,
  26774. #endif
  26775. #ifdef WOLFSSL_SHA224
  26776. WC_HASH_TYPE_SHA224,
  26777. #endif
  26778. #ifndef NO_SHA256
  26779. WC_HASH_TYPE_SHA256,
  26780. #endif
  26781. #ifdef WOLFSSL_SHA384
  26782. WC_HASH_TYPE_SHA384,
  26783. #endif
  26784. #ifdef WOLFSSL_SHA512
  26785. WC_HASH_TYPE_SHA512,
  26786. #endif
  26787. #ifdef WOLFSSL_SHA3
  26788. WC_HASH_TYPE_SHA3_224,
  26789. #endif
  26790. };
  26791. enum wc_HashType notSupported[] = {
  26792. WC_HASH_TYPE_MD5_SHA,
  26793. WC_HASH_TYPE_MD2,
  26794. WC_HASH_TYPE_MD4,
  26795. WC_HASH_TYPE_BLAKE2B,
  26796. WC_HASH_TYPE_BLAKE2S,
  26797. WC_HASH_TYPE_NONE,
  26798. };
  26799. int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
  26800. int notSupportedLen;
  26801. /* For loop to test various arguments... */
  26802. for (i = 0; i < enumlen; i++) {
  26803. ret = wc_HashInit(&hash, enumArray[i]);
  26804. if (ret == 0) {
  26805. ret = wc_HashGetFlags(&hash, enumArray[i], &flags);
  26806. }
  26807. if (ret == 0) {
  26808. if (flags & WC_HASH_FLAG_ISCOPY) {
  26809. ret = 0;
  26810. }
  26811. }
  26812. if (ret == 0) {
  26813. ret = wc_HashGetFlags(NULL, enumArray[i], &flags);
  26814. if (ret == BAD_FUNC_ARG) {
  26815. ret = 0;
  26816. }
  26817. }
  26818. wc_HashFree(&hash, enumArray[i]);
  26819. if (ret != 0) {
  26820. break;
  26821. }
  26822. }
  26823. /* For loop to test not supported cases */
  26824. notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
  26825. for (j = 0; ret == 0 && j < notSupportedLen; j++) {
  26826. ret = wc_HashInit(&hash, notSupported[j]);
  26827. if (ret == 0) {
  26828. ret = -1;
  26829. }
  26830. else if (ret == BAD_FUNC_ARG) {
  26831. ret = wc_HashGetFlags(&hash, notSupported[j], &flags);
  26832. if (ret == 0) {
  26833. ret = -1;
  26834. }
  26835. else if (ret == BAD_FUNC_ARG) {
  26836. ret = 0;
  26837. }
  26838. }
  26839. if (ret == 0) {
  26840. ret = wc_HashFree(&hash, notSupported[j]);
  26841. if (ret == 0) {
  26842. ret = -1;
  26843. }
  26844. if (ret == BAD_FUNC_ARG) {
  26845. ret = 0;
  26846. }
  26847. }
  26848. }
  26849. res = TEST_RES_CHECK(ret == 0);
  26850. #endif
  26851. return res;
  26852. } /* END test_wc_HashGetFlags */
  26853. /*----------------------------------------------------------------------------*
  26854. | Compatibility Tests
  26855. *----------------------------------------------------------------------------*/
  26856. static int test_wolfSSL_lhash(void)
  26857. {
  26858. int res = TEST_SKIPPED;
  26859. #ifdef OPENSSL_ALL
  26860. const char testStr[] = "Like a true nature's child\n"
  26861. "We were born\n"
  26862. "Born to be wild";
  26863. #ifdef NO_SHA
  26864. AssertIntEQ(lh_strhash(testStr), 0xf9dc8a43);
  26865. #else
  26866. AssertIntEQ(lh_strhash(testStr), 0x5b7541dc);
  26867. #endif
  26868. res = TEST_RES_CHECK(1);
  26869. #endif
  26870. return res;
  26871. }
  26872. static int test_wolfSSL_X509_NAME(void)
  26873. {
  26874. int res = TEST_SKIPPED;
  26875. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
  26876. !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
  26877. && !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \
  26878. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
  26879. defined(OPENSSL_EXTRA))
  26880. X509* x509;
  26881. const unsigned char* c;
  26882. unsigned char buf[4096];
  26883. int bytes;
  26884. XFILE f;
  26885. const X509_NAME* a;
  26886. const X509_NAME* b;
  26887. X509_NAME* d2i_name = NULL;
  26888. int sz;
  26889. unsigned char* tmp;
  26890. char file[] = "./certs/ca-cert.der";
  26891. #ifndef OPENSSL_EXTRA_X509_SMALL
  26892. byte empty[] = { /* CN=empty emailAddress= */
  26893. 0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03,
  26894. 0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70,
  26895. 0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09,
  26896. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
  26897. 0x01, 0x16, 0x00
  26898. };
  26899. #endif
  26900. #ifndef OPENSSL_EXTRA_X509_SMALL
  26901. /* test compile of deprecated function, returns 0 */
  26902. AssertIntEQ(CRYPTO_thread_id(), 0);
  26903. #endif
  26904. AssertNotNull(a = X509_NAME_new());
  26905. X509_NAME_free((X509_NAME*)a);
  26906. f = XFOPEN(file, "rb");
  26907. AssertTrue(f != XBADFILE);
  26908. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  26909. XFCLOSE(f);
  26910. c = buf;
  26911. AssertNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes));
  26912. /* test cmp function */
  26913. AssertNotNull(a = X509_get_issuer_name(x509));
  26914. AssertNotNull(b = X509_get_subject_name(x509));
  26915. #ifndef OPENSSL_EXTRA_X509_SMALL
  26916. AssertIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
  26917. #endif
  26918. tmp = buf;
  26919. AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0);
  26920. if (sz > 0 && tmp == buf) {
  26921. fprintf(stderr, "\nERROR - %s line %d failed with:", __FILE__,
  26922. __LINE__);
  26923. fprintf(stderr, " Expected pointer to be incremented\n");
  26924. abort();
  26925. }
  26926. #ifndef OPENSSL_EXTRA_X509_SMALL
  26927. tmp = buf;
  26928. AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
  26929. #endif
  26930. /* if output parameter is NULL, should still return required size. */
  26931. AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, NULL)), 0);
  26932. /* retry but with the function creating a buffer */
  26933. tmp = NULL;
  26934. AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0);
  26935. XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
  26936. AssertNotNull(b = X509_NAME_dup((X509_NAME*)a));
  26937. #ifndef OPENSSL_EXTRA_X509_SMALL
  26938. AssertIntEQ(X509_NAME_cmp(a, b), 0);
  26939. #endif
  26940. X509_NAME_free((X509_NAME*)b);
  26941. X509_NAME_free(d2i_name);
  26942. X509_free(x509);
  26943. #ifndef OPENSSL_EXTRA_X509_SMALL
  26944. /* test with an empty domain component */
  26945. tmp = empty;
  26946. sz = sizeof(empty);
  26947. AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
  26948. AssertIntEQ(X509_NAME_entry_count(d2i_name), 2);
  26949. /* size of empty emailAddress will be 0 */
  26950. tmp = buf;
  26951. AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress,
  26952. (char*)tmp, sizeof(buf)), 0);
  26953. /* should contain no organization name */
  26954. tmp = buf;
  26955. AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName,
  26956. (char*)tmp, sizeof(buf)), -1);
  26957. X509_NAME_free(d2i_name);
  26958. #endif
  26959. res = TEST_RES_CHECK(1);
  26960. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
  26961. return res;
  26962. }
  26963. static int test_wolfSSL_X509_NAME_hash(void)
  26964. {
  26965. int res = TEST_SKIPPED;
  26966. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) \
  26967. && !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO)
  26968. BIO* bio;
  26969. X509* x509 = NULL;
  26970. AssertNotNull(bio = BIO_new(BIO_s_file()));
  26971. AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
  26972. AssertNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL));
  26973. AssertIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0x137DC03F);
  26974. AssertIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0xFDB2DA4);
  26975. X509_free(x509);
  26976. BIO_free(bio);
  26977. res = TEST_RES_CHECK(1);
  26978. #endif
  26979. return res;
  26980. }
  26981. static int test_wolfSSL_X509_NAME_print_ex(void)
  26982. {
  26983. int res = TEST_SKIPPED;
  26984. #if (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
  26985. (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
  26986. defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
  26987. defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) && \
  26988. !defined(NO_BIO) && !defined(NO_RSA)
  26989. int memSz;
  26990. byte* mem = NULL;
  26991. BIO* bio = NULL;
  26992. BIO* membio = NULL;
  26993. X509* x509 = NULL;
  26994. X509_NAME* name = NULL;
  26995. const char* expNormal = "C=US, CN=wolfssl.com";
  26996. const char* expReverse = "CN=wolfssl.com, C=US";
  26997. const char* expNotEscaped = "C= US,+\"\\ , CN=#wolfssl.com<>;";
  26998. const char* expNotEscapedRev = "CN=#wolfssl.com<>;, C= US,+\"\\ ";
  26999. const char* expRFC5523 =
  27000. "CN=\\#wolfssl.com\\<\\>\\;, C=\\ US\\,\\+\\\"\\\\\\ ";
  27001. /* Test with real cert (svrCertFile) first */
  27002. AssertNotNull(bio = BIO_new(BIO_s_file()));
  27003. AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
  27004. AssertNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL));
  27005. AssertNotNull(name = X509_get_subject_name(x509));
  27006. /* Test without flags */
  27007. AssertNotNull(membio = BIO_new(BIO_s_mem()));
  27008. AssertIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS);
  27009. BIO_free(membio);
  27010. /* Test flag: XN_FLAG_RFC2253 */
  27011. AssertNotNull(membio = BIO_new(BIO_s_mem()));
  27012. AssertIntEQ(X509_NAME_print_ex(membio, name, 0,
  27013. XN_FLAG_RFC2253), WOLFSSL_SUCCESS);
  27014. BIO_free(membio);
  27015. /* Test flag: XN_FLAG_RFC2253 | XN_FLAG_DN_REV */
  27016. AssertNotNull(membio = BIO_new(BIO_s_mem()));
  27017. AssertIntEQ(X509_NAME_print_ex(membio, name, 0,
  27018. XN_FLAG_RFC2253 | XN_FLAG_DN_REV), WOLFSSL_SUCCESS);
  27019. BIO_free(membio);
  27020. X509_free(x509);
  27021. BIO_free(bio);
  27022. /* Test normal case without escaped characters */
  27023. {
  27024. /* Create name: "/C=US/CN=wolfssl.com" */
  27025. AssertNotNull(name = X509_NAME_new());
  27026. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName",
  27027. MBSTRING_UTF8, (byte*)"US", 2, -1, 0),
  27028. WOLFSSL_SUCCESS);
  27029. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName",
  27030. MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0),
  27031. WOLFSSL_SUCCESS);
  27032. /* Test without flags */
  27033. AssertNotNull(membio = BIO_new(BIO_s_mem()));
  27034. AssertIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS);
  27035. AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
  27036. AssertIntEQ(memSz, XSTRLEN(expNormal));
  27037. AssertIntEQ(XSTRNCMP((char*)mem, expNormal, XSTRLEN(expNormal)), 0);
  27038. BIO_free(membio);
  27039. /* Test flags: XN_FLAG_RFC2253 - should be reversed */
  27040. AssertNotNull(membio = BIO_new(BIO_s_mem()));
  27041. AssertIntEQ(X509_NAME_print_ex(membio, name, 0,
  27042. XN_FLAG_RFC2253), WOLFSSL_SUCCESS);
  27043. AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
  27044. AssertIntEQ(memSz, XSTRLEN(expReverse));
  27045. BIO_free(membio);
  27046. /* Test flags: XN_FLAG_DN_REV - reversed */
  27047. AssertNotNull(membio = BIO_new(BIO_s_mem()));
  27048. AssertIntEQ(X509_NAME_print_ex(membio, name, 0,
  27049. XN_FLAG_DN_REV), WOLFSSL_SUCCESS);
  27050. AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
  27051. AssertIntEQ(memSz, XSTRLEN(expReverse));
  27052. AssertIntEQ(XSTRNCMP((char*)mem, expReverse, XSTRLEN(expReverse)), 0);
  27053. BIO_free(membio);
  27054. X509_NAME_free(name);
  27055. }
  27056. /* Test RFC2253 characters are escaped with backslashes */
  27057. {
  27058. AssertNotNull(name = X509_NAME_new());
  27059. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName",
  27060. /* space at beginning and end, and: ,+"\ */
  27061. MBSTRING_UTF8, (byte*)" US,+\"\\ ", 8, -1, 0),
  27062. WOLFSSL_SUCCESS);
  27063. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName",
  27064. /* # at beginning, and: <>;*/
  27065. MBSTRING_UTF8, (byte*)"#wolfssl.com<>;", 15, -1, 0),
  27066. WOLFSSL_SUCCESS);
  27067. /* Test without flags */
  27068. AssertNotNull(membio = BIO_new(BIO_s_mem()));
  27069. AssertIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS);
  27070. AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
  27071. AssertIntEQ(memSz, XSTRLEN(expNotEscaped));
  27072. AssertIntEQ(XSTRNCMP((char*)mem, expNotEscaped,
  27073. XSTRLEN(expNotEscaped)), 0);
  27074. BIO_free(membio);
  27075. /* Test flags: XN_FLAG_RFC5523 - should be reversed and escaped */
  27076. AssertNotNull(membio = BIO_new(BIO_s_mem()));
  27077. AssertIntEQ(X509_NAME_print_ex(membio, name, 0,
  27078. XN_FLAG_RFC2253), WOLFSSL_SUCCESS);
  27079. AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
  27080. AssertIntEQ(memSz, XSTRLEN(expRFC5523));
  27081. AssertIntEQ(XSTRNCMP((char*)mem, expRFC5523, XSTRLEN(expRFC5523)), 0);
  27082. BIO_free(membio);
  27083. /* Test flags: XN_FLAG_DN_REV - reversed but not escaped */
  27084. AssertNotNull(membio = BIO_new(BIO_s_mem()));
  27085. AssertIntEQ(X509_NAME_print_ex(membio, name, 0,
  27086. XN_FLAG_DN_REV), WOLFSSL_SUCCESS);
  27087. AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
  27088. AssertIntEQ(memSz, XSTRLEN(expNotEscapedRev));
  27089. AssertIntEQ(XSTRNCMP((char*)mem, expNotEscapedRev,
  27090. XSTRLEN(expNotEscapedRev)), 0);
  27091. BIO_free(membio);
  27092. X509_NAME_free(name);
  27093. }
  27094. res = TEST_RES_CHECK(1);
  27095. #endif
  27096. return res;
  27097. }
  27098. #ifndef NO_BIO
  27099. static int test_wolfSSL_X509_INFO_multiple_info(void)
  27100. {
  27101. int res = TEST_SKIPPED;
  27102. #if defined(OPENSSL_ALL) && !defined(NO_RSA)
  27103. STACK_OF(X509_INFO) *info_stack;
  27104. X509_INFO *info;
  27105. int len;
  27106. int i;
  27107. const char* files[] = {
  27108. cliCertFile,
  27109. cliKeyFile,
  27110. /* This needs to be the order as svrCertFile contains the
  27111. * intermediate cert as well. */
  27112. svrKeyFile,
  27113. svrCertFile,
  27114. NULL,
  27115. };
  27116. const char** curFile;
  27117. BIO *fileBIO;
  27118. BIO *concatBIO = NULL;
  27119. byte tmp[FOURK_BUF];
  27120. /* concatenate the cert and the key file to force PEM_X509_INFO_read_bio
  27121. * to group objects together. */
  27122. AssertNotNull(concatBIO = BIO_new(BIO_s_mem()));
  27123. for (curFile = files; *curFile != NULL; curFile++) {
  27124. int fileLen;
  27125. AssertNotNull(fileBIO = BIO_new_file(*curFile, "rb"));
  27126. fileLen = wolfSSL_BIO_get_len(fileBIO);
  27127. while ((len = BIO_read(fileBIO, tmp, sizeof(tmp))) > 0) {
  27128. AssertIntEQ(BIO_write(concatBIO, tmp, len), len);
  27129. fileLen -= len;
  27130. }
  27131. /* Make sure we read the entire file */
  27132. AssertIntEQ(fileLen, 0);
  27133. BIO_free(fileBIO);
  27134. }
  27135. AssertNotNull(info_stack = PEM_X509_INFO_read_bio(concatBIO, NULL, NULL,
  27136. NULL));
  27137. AssertIntEQ(sk_X509_INFO_num(info_stack), 3);
  27138. for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
  27139. AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
  27140. AssertNotNull(info->x509);
  27141. AssertNull(info->crl);
  27142. if (i != 0) {
  27143. AssertNotNull(info->x_pkey);
  27144. AssertIntEQ(X509_check_private_key(info->x509,
  27145. info->x_pkey->dec_pkey), 1);
  27146. }
  27147. else {
  27148. AssertNull(info->x_pkey);
  27149. }
  27150. }
  27151. sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
  27152. BIO_free(concatBIO);
  27153. res = TEST_RES_CHECK(1);
  27154. #endif
  27155. return res;
  27156. }
  27157. #endif
  27158. #ifndef NO_BIO
  27159. static int test_wolfSSL_X509_INFO(void)
  27160. {
  27161. int res = TEST_SKIPPED;
  27162. #if defined(OPENSSL_ALL) && !defined(NO_RSA)
  27163. STACK_OF(X509_INFO) *info_stack;
  27164. X509_INFO *info;
  27165. BIO *cert;
  27166. int i;
  27167. /* PEM in hex format to avoid null terminator */
  27168. byte data[] = {
  27169. 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47,
  27170. 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d,
  27171. 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d,
  27172. 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d,
  27173. 0x2d, 0x2d, 0x2d
  27174. };
  27175. /* PEM in hex format to avoid null terminator */
  27176. byte data2[] = {
  27177. 0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72,
  27178. 0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d,
  27179. 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50,
  27180. 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d,
  27181. 0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71,
  27182. 0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d,
  27183. 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
  27184. };
  27185. AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
  27186. AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
  27187. for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
  27188. AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
  27189. AssertNotNull(info->x509);
  27190. AssertNull(info->crl);
  27191. AssertNull(info->x_pkey);
  27192. }
  27193. sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
  27194. BIO_free(cert);
  27195. AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
  27196. AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
  27197. sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
  27198. BIO_free(cert);
  27199. /* This case should fail due to invalid input. */
  27200. AssertNotNull(cert = BIO_new(BIO_s_mem()));
  27201. AssertIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data));
  27202. AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
  27203. sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
  27204. BIO_free(cert);
  27205. AssertNotNull(cert = BIO_new(BIO_s_mem()));
  27206. AssertIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2));
  27207. AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
  27208. sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
  27209. BIO_free(cert);
  27210. res = TEST_RES_CHECK(1);
  27211. #endif
  27212. return res;
  27213. }
  27214. #endif
  27215. static int test_wolfSSL_X509_subject_name_hash(void)
  27216. {
  27217. int res = TEST_SKIPPED;
  27218. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
  27219. && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
  27220. X509* x509;
  27221. X509_NAME* subjectName = NULL;
  27222. unsigned long ret1 = 0;
  27223. unsigned long ret2 = 0;
  27224. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  27225. SSL_FILETYPE_PEM));
  27226. AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
  27227. /* These two
  27228. * - X509_subject_name_hash(x509)
  27229. * - X509_NAME_hash(X509_get_subject_name(x509))
  27230. * should give the same hash, if !defined(NO_SHA) is true. */
  27231. ret1 = X509_subject_name_hash(x509);
  27232. AssertIntNE(ret1, 0);
  27233. #if !defined(NO_SHA)
  27234. ret2 = X509_NAME_hash(X509_get_subject_name(x509));
  27235. AssertIntNE(ret2, 0);
  27236. AssertIntEQ(ret1, ret2);
  27237. #else
  27238. (void) ret2;
  27239. #endif
  27240. X509_free(x509);
  27241. res = TEST_RES_CHECK(1);
  27242. #endif
  27243. return res;
  27244. }
  27245. static int test_wolfSSL_X509_issuer_name_hash(void)
  27246. {
  27247. int res = TEST_SKIPPED;
  27248. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
  27249. && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
  27250. X509* x509;
  27251. X509_NAME* issuertName = NULL;
  27252. unsigned long ret1 = 0;
  27253. unsigned long ret2 = 0;
  27254. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  27255. SSL_FILETYPE_PEM));
  27256. AssertNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
  27257. /* These two
  27258. * - X509_issuer_name_hash(x509)
  27259. * - X509_NAME_hash(X509_get_issuer_name(x509))
  27260. * should give the same hash, if !defined(NO_SHA) is true. */
  27261. ret1 = X509_issuer_name_hash(x509);
  27262. AssertIntNE(ret1, 0);
  27263. #if !defined(NO_SHA)
  27264. ret2 = X509_NAME_hash(X509_get_issuer_name(x509));
  27265. AssertIntNE(ret2, 0);
  27266. AssertIntEQ(ret1, ret2);
  27267. #else
  27268. (void) ret2;
  27269. #endif
  27270. X509_free(x509);
  27271. res = TEST_RES_CHECK(1);
  27272. #endif
  27273. return res;
  27274. }
  27275. static int test_wolfSSL_X509_check_host(void)
  27276. {
  27277. int res = TEST_SKIPPED;
  27278. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
  27279. && !defined(NO_SHA) && !defined(NO_RSA)
  27280. X509* x509;
  27281. const char altName[] = "example.com";
  27282. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  27283. SSL_FILETYPE_PEM));
  27284. AssertIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
  27285. WOLFSSL_SUCCESS);
  27286. AssertIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
  27287. WOLFSSL_FAILURE);
  27288. X509_free(x509);
  27289. AssertIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
  27290. WOLFSSL_FAILURE);
  27291. res = TEST_RES_CHECK(1);
  27292. #endif
  27293. return res;
  27294. }
  27295. static int test_wolfSSL_X509_check_email(void)
  27296. {
  27297. int res = TEST_SKIPPED;
  27298. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
  27299. X509* x509;
  27300. const char goodEmail[] = "info@wolfssl.com";
  27301. const char badEmail[] = "disinfo@wolfssl.com";
  27302. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  27303. SSL_FILETYPE_PEM));
  27304. /* Should fail on non-matching email address */
  27305. AssertIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0),
  27306. WOLFSSL_FAILURE);
  27307. /* Should succeed on matching email address */
  27308. AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0),
  27309. WOLFSSL_SUCCESS);
  27310. /* Should compute length internally when not provided */
  27311. AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0),
  27312. WOLFSSL_SUCCESS);
  27313. /* Should fail when email address is NULL */
  27314. AssertIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0),
  27315. WOLFSSL_FAILURE);
  27316. X509_free(x509);
  27317. /* Should fail when x509 is NULL */
  27318. AssertIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0),
  27319. WOLFSSL_FAILURE);
  27320. res = TEST_RES_CHECK(1);
  27321. #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
  27322. return res;
  27323. }
  27324. static int test_wolfSSL_DES(void)
  27325. {
  27326. int res = TEST_SKIPPED;
  27327. #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
  27328. const_DES_cblock myDes;
  27329. DES_cblock iv;
  27330. DES_key_schedule key;
  27331. word32 i;
  27332. DES_LONG dl;
  27333. unsigned char msg[] = "hello wolfssl";
  27334. DES_check_key(1);
  27335. DES_set_key(&myDes, &key);
  27336. /* check, check of odd parity */
  27337. XMEMSET(myDes, 4, sizeof(const_DES_cblock)); myDes[0] = 6; /*set even parity*/
  27338. XMEMSET(key, 5, sizeof(DES_key_schedule));
  27339. AssertIntEQ(DES_set_key_checked(&myDes, &key), -1);
  27340. AssertIntNE(key[0], myDes[0]); /* should not have copied over key */
  27341. /* set odd parity for success case */
  27342. DES_set_odd_parity(&myDes);
  27343. AssertIntEQ(DES_check_key_parity(&myDes), 1);
  27344. fprintf(stderr, "%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2],
  27345. myDes[3]);
  27346. AssertIntEQ(DES_set_key_checked(&myDes, &key), 0);
  27347. for (i = 0; i < sizeof(DES_key_schedule); i++) {
  27348. AssertIntEQ(key[i], myDes[i]);
  27349. }
  27350. AssertIntEQ(DES_is_weak_key(&myDes), 0);
  27351. /* check weak key */
  27352. XMEMSET(myDes, 1, sizeof(const_DES_cblock));
  27353. XMEMSET(key, 5, sizeof(DES_key_schedule));
  27354. AssertIntEQ(DES_set_key_checked(&myDes, &key), -2);
  27355. AssertIntNE(key[0], myDes[0]); /* should not have copied over key */
  27356. /* now do unchecked copy of a weak key over */
  27357. DES_set_key_unchecked(&myDes, &key);
  27358. /* compare arrays, should be the same */
  27359. for (i = 0; i < sizeof(DES_key_schedule); i++) {
  27360. AssertIntEQ(key[i], myDes[i]);
  27361. }
  27362. AssertIntEQ(DES_is_weak_key(&myDes), 1);
  27363. /* check DES_key_sched API */
  27364. XMEMSET(key, 1, sizeof(DES_key_schedule));
  27365. AssertIntEQ(DES_key_sched(&myDes, NULL), 0);
  27366. AssertIntEQ(DES_key_sched(NULL, &key), 0);
  27367. AssertIntEQ(DES_key_sched(&myDes, &key), 0);
  27368. /* compare arrays, should be the same */
  27369. for (i = 0; i < sizeof(DES_key_schedule); i++) {
  27370. AssertIntEQ(key[i], myDes[i]);
  27371. }
  27372. /* DES_cbc_cksum should return the last 4 of the last 8 bytes after
  27373. * DES_cbc_encrypt on the input */
  27374. XMEMSET(iv, 0, sizeof(DES_cblock));
  27375. XMEMSET(myDes, 5, sizeof(DES_key_schedule));
  27376. AssertIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0);
  27377. AssertIntEQ(dl, 480052723);
  27378. res = TEST_RES_CHECK(1);
  27379. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
  27380. return res;
  27381. }
  27382. static int test_wc_PemToDer(void)
  27383. {
  27384. int res = TEST_SKIPPED;
  27385. #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM)
  27386. int ret;
  27387. DerBuffer* pDer = NULL;
  27388. const char* ca_cert = "./certs/server-cert.pem";
  27389. byte* cert_buf = NULL;
  27390. size_t cert_sz = 0;
  27391. int eccKey = 0;
  27392. EncryptedInfo info;
  27393. XMEMSET(&info, 0, sizeof(info));
  27394. ret = load_file(ca_cert, &cert_buf, &cert_sz);
  27395. if (ret == 0) {
  27396. ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE,
  27397. &pDer, NULL, &info, &eccKey);
  27398. AssertIntEQ(ret, 0);
  27399. wc_FreeDer(&pDer);
  27400. }
  27401. if (cert_buf)
  27402. free(cert_buf);
  27403. #ifdef HAVE_ECC
  27404. {
  27405. const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem";
  27406. byte key_buf[256] = {0};
  27407. /* Test fail of loading a key with cert type */
  27408. AssertIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0);
  27409. key_buf[0] = '\n';
  27410. XMEMCPY(key_buf + 1, cert_buf, cert_sz);
  27411. AssertIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE,
  27412. &pDer, NULL, &info, &eccKey)), 0);
  27413. #ifdef OPENSSL_EXTRA
  27414. AssertIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE,
  27415. &pDer, NULL, &info, &eccKey)), 0);
  27416. #endif
  27417. wc_FreeDer(&pDer);
  27418. if (cert_buf)
  27419. free(cert_buf);
  27420. }
  27421. #endif
  27422. res = TEST_RES_CHECK(1);
  27423. #endif
  27424. return res;
  27425. }
  27426. static int test_wc_AllocDer(void)
  27427. {
  27428. int res = TEST_SKIPPED;
  27429. #if !defined(NO_CERTS)
  27430. int ret;
  27431. DerBuffer* pDer = NULL;
  27432. word32 testSize = 1024;
  27433. ret = wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT);
  27434. AssertIntEQ(ret, 0);
  27435. AssertNotNull(pDer);
  27436. wc_FreeDer(&pDer);
  27437. res = TEST_RES_CHECK(1);
  27438. #endif
  27439. return res;
  27440. }
  27441. static int test_wc_CertPemToDer(void)
  27442. {
  27443. int res = TEST_SKIPPED;
  27444. #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM)
  27445. int ret;
  27446. const char* ca_cert = "./certs/ca-cert.pem";
  27447. byte* cert_buf = NULL;
  27448. size_t cert_sz = 0, cert_dersz = 0;
  27449. byte* cert_der = NULL;
  27450. ret = load_file(ca_cert, &cert_buf, &cert_sz);
  27451. if (ret == 0) {
  27452. cert_dersz = cert_sz; /* DER will be smaller than PEM */
  27453. cert_der = (byte*)malloc(cert_dersz);
  27454. if (cert_der) {
  27455. ret = wc_CertPemToDer(cert_buf, (int)cert_sz,
  27456. cert_der, (int)cert_dersz, CERT_TYPE);
  27457. AssertIntGE(ret, 0);
  27458. }
  27459. }
  27460. if (cert_der)
  27461. free(cert_der);
  27462. if (cert_buf)
  27463. free(cert_buf);
  27464. res = TEST_RES_CHECK(1);
  27465. #endif
  27466. return res;
  27467. }
  27468. static int test_wc_PubKeyPemToDer(void)
  27469. {
  27470. int res = TEST_SKIPPED;
  27471. #if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && \
  27472. (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER))
  27473. int ret;
  27474. const char* key = "./certs/ecc-client-keyPub.pem";
  27475. byte* cert_buf = NULL;
  27476. size_t cert_sz = 0, cert_dersz = 0;
  27477. byte* cert_der = NULL;
  27478. ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
  27479. cert_der, (int)cert_dersz);
  27480. AssertIntGE(ret, BAD_FUNC_ARG);
  27481. ret = load_file(key, &cert_buf, &cert_sz);
  27482. if (ret == 0) {
  27483. cert_dersz = cert_sz; /* DER will be smaller than PEM */
  27484. cert_der = (byte*)malloc(cert_dersz);
  27485. if (cert_der) {
  27486. ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
  27487. cert_der, (int)cert_dersz);
  27488. AssertIntGE(ret, 0);
  27489. }
  27490. }
  27491. if (cert_der)
  27492. free(cert_der);
  27493. if (cert_buf)
  27494. free(cert_buf);
  27495. res = TEST_RES_CHECK(1);
  27496. #endif
  27497. return res;
  27498. }
  27499. static int test_wc_PemPubKeyToDer(void)
  27500. {
  27501. int res = TEST_SKIPPED;
  27502. #if !defined(NO_FILESYSTEM) && \
  27503. (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER))
  27504. int ret;
  27505. const char* key = "./certs/ecc-client-keyPub.pem";
  27506. size_t cert_dersz = 1024;
  27507. byte* cert_der = (byte*)malloc(cert_dersz);
  27508. ret = wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz);
  27509. AssertIntGE(ret, BAD_FUNC_ARG);
  27510. if (cert_der) {
  27511. ret = wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz);
  27512. AssertIntGE(ret, 0);
  27513. free(cert_der);
  27514. }
  27515. res = TEST_RES_CHECK(1);
  27516. #endif
  27517. return res;
  27518. }
  27519. static int test_wc_GetPubKeyDerFromCert(void)
  27520. {
  27521. int res = TEST_SKIPPED;
  27522. #if !defined(NO_RSA) || defined(HAVE_ECC)
  27523. int ret;
  27524. word32 idx = 0;
  27525. byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */
  27526. word32 keyDerSz = (word32)sizeof(keyDer);
  27527. DecodedCert decoded;
  27528. #if !defined(NO_RSA) && defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM)
  27529. byte certBuf[6000]; /* for PEM and CSR, client-cert.pem is 5-6kB */
  27530. word32 certBufSz = sizeof(certBuf);
  27531. #endif
  27532. #if ((!defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)) || \
  27533. defined(WOLFSSL_CERT_REQ)) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  27534. XFILE fp;
  27535. #endif
  27536. #ifndef NO_RSA
  27537. RsaKey rsaKey;
  27538. #if defined(USE_CERT_BUFFERS_2048)
  27539. byte* rsaCertDer = (byte*)client_cert_der_2048;
  27540. word32 rsaCertDerSz = sizeof_client_cert_der_2048;
  27541. #elif defined(USE_CERT_BUFFERS_1024)
  27542. byte* rsaCertDer = (byte*)client_cert_der_1024;
  27543. word32 rsaCertDerSz = sizeof_client_cert_der_1024;
  27544. #else
  27545. unsigned char rsaCertDer[TWOK_BUF];
  27546. word32 rsaCertDerSz;
  27547. #endif
  27548. #endif
  27549. #ifdef HAVE_ECC
  27550. ecc_key eccKey;
  27551. #if defined(USE_CERT_BUFFERS_256)
  27552. byte* eccCert = (byte*)cliecc_cert_der_256;
  27553. word32 eccCertSz = sizeof_cliecc_cert_der_256;
  27554. #else
  27555. unsigned char eccCert[ONEK_BUF];
  27556. word32 eccCertSz;
  27557. XFILE fp2;
  27558. #endif
  27559. #endif
  27560. #ifndef NO_RSA
  27561. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  27562. fp = XFOPEN("./certs/1024/client-cert.der", "rb");
  27563. AssertTrue((fp != XBADFILE));
  27564. rsaCertDerSz = (word32)XFREAD(rsaCertDer, 1, sizeof(rsaCertDer), fp);
  27565. XFCLOSE(fp);
  27566. #endif
  27567. /* good test case - RSA DER cert */
  27568. wc_InitDecodedCert(&decoded, rsaCertDer, rsaCertDerSz, NULL);
  27569. ret = wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL);
  27570. AssertIntEQ(ret, 0);
  27571. ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz);
  27572. AssertIntEQ(ret, 0);
  27573. AssertIntGT(keyDerSz, 0);
  27574. /* sanity check, verify we can import DER public key */
  27575. ret = wc_InitRsaKey(&rsaKey, HEAP_HINT);
  27576. AssertIntEQ(ret, 0);
  27577. ret = wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz);
  27578. AssertIntEQ(ret, 0);
  27579. wc_FreeRsaKey(&rsaKey);
  27580. /* test LENGTH_ONLY_E case */
  27581. keyDerSz = 0;
  27582. ret = wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz);
  27583. AssertIntEQ(ret, LENGTH_ONLY_E);
  27584. AssertIntGT(keyDerSz, 0);
  27585. /* bad args: DecodedCert NULL */
  27586. ret = wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz);
  27587. AssertIntEQ(ret, BAD_FUNC_ARG);
  27588. /* bad args: output key buff size */
  27589. ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL);
  27590. AssertIntEQ(ret, BAD_FUNC_ARG);
  27591. /* bad args: zero size output key buffer */
  27592. keyDerSz = 0;
  27593. ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz);
  27594. AssertIntEQ(ret, BAD_FUNC_ARG);
  27595. wc_FreeDecodedCert(&decoded);
  27596. /* Certificate Request Tests */
  27597. #if defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM)
  27598. {
  27599. XMEMSET(certBuf, 0, sizeof(certBuf));
  27600. fp = XFOPEN("./certs/csr.signed.der", "rb");
  27601. AssertTrue((fp != XBADFILE));
  27602. certBufSz = (word32)XFREAD(certBuf, 1, certBufSz, fp);
  27603. XFCLOSE(fp);
  27604. wc_InitDecodedCert(&decoded, certBuf, certBufSz, NULL);
  27605. ret = wc_ParseCert(&decoded, CERTREQ_TYPE, VERIFY, NULL);
  27606. AssertIntEQ(ret, 0);
  27607. /* good test case - RSA DER certificate request */
  27608. keyDerSz = sizeof(keyDer);
  27609. ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz);
  27610. AssertIntEQ(ret, 0);
  27611. AssertIntGT(keyDerSz, 0);
  27612. /* sanity check, verify we can import DER public key */
  27613. ret = wc_InitRsaKey(&rsaKey, HEAP_HINT);
  27614. AssertIntEQ(ret, 0);
  27615. idx = 0;
  27616. ret = wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz);
  27617. AssertIntEQ(ret, 0);
  27618. wc_FreeRsaKey(&rsaKey);
  27619. wc_FreeDecodedCert(&decoded);
  27620. }
  27621. #endif /* WOLFSSL_CERT_REQ */
  27622. #endif /* NO_RSA */
  27623. #ifdef HAVE_ECC
  27624. #ifndef USE_CERT_BUFFERS_256
  27625. fp2 = XFOPEN("./certs/client-ecc-cert.der", "rb");
  27626. AssertTrue((fp2 != XBADFILE));
  27627. eccCertSz = (word32)XFREAD(eccCert, 1, ONEK_BUF, fp2);
  27628. XFCLOSE(fp2);
  27629. #endif
  27630. wc_InitDecodedCert(&decoded, eccCert, eccCertSz, NULL);
  27631. ret = wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL);
  27632. AssertIntEQ(ret, 0);
  27633. /* good test case - ECC */
  27634. XMEMSET(keyDer, 0, sizeof(keyDer));
  27635. keyDerSz = sizeof(keyDer);
  27636. ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz);
  27637. AssertIntEQ(ret, 0);
  27638. AssertIntGT(keyDerSz, 0);
  27639. /* sanity check, verify we can import DER public key */
  27640. ret = wc_ecc_init(&eccKey);
  27641. AssertIntEQ(ret, 0);
  27642. idx = 0; /* reset idx to 0, used above in RSA case */
  27643. ret = wc_EccPublicKeyDecode(keyDer, &idx, &eccKey, keyDerSz);
  27644. AssertIntEQ(ret, 0);
  27645. wc_ecc_free(&eccKey);
  27646. /* test LENGTH_ONLY_E case */
  27647. keyDerSz = 0;
  27648. ret = wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz);
  27649. AssertIntEQ(ret, LENGTH_ONLY_E);
  27650. AssertIntGT(keyDerSz, 0);
  27651. wc_FreeDecodedCert(&decoded);
  27652. #endif
  27653. res = TEST_RES_CHECK(1);
  27654. #endif /* !NO_RSA || HAVE_ECC */
  27655. return res;
  27656. }
  27657. static int test_wc_CheckCertSigPubKey(void)
  27658. {
  27659. int res = TEST_SKIPPED;
  27660. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
  27661. !defined(NO_RSA) && defined(WOLFSSL_PEM_TO_DER) && defined(HAVE_ECC)
  27662. int ret;
  27663. const char* ca_cert = "./certs/ca-cert.pem";
  27664. byte* cert_buf = NULL;
  27665. size_t cert_sz = 0;
  27666. byte* cert_der = NULL;
  27667. word32 cert_dersz = 0;
  27668. byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */
  27669. word32 keyDerSz = (word32)sizeof(keyDer);
  27670. DecodedCert decoded;
  27671. ret = load_file(ca_cert, &cert_buf, &cert_sz);
  27672. if (ret == 0) {
  27673. cert_dersz = (word32)cert_sz; /* DER will be smaller than PEM */
  27674. cert_der = (byte*)malloc(cert_dersz);
  27675. if (cert_der) {
  27676. ret = wc_CertPemToDer(cert_buf, (int)cert_sz,
  27677. cert_der, (int)cert_dersz, CERT_TYPE);
  27678. AssertIntGE(ret, 0);
  27679. }
  27680. }
  27681. wc_InitDecodedCert(&decoded, cert_der, cert_dersz, NULL);
  27682. ret = wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL);
  27683. AssertIntEQ(ret, 0);
  27684. ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz);
  27685. AssertIntEQ(ret, 0);
  27686. AssertIntGT(keyDerSz, 0);
  27687. /* Good test case. */
  27688. ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, keyDerSz,
  27689. RSAk);
  27690. AssertIntEQ(ret, 0);
  27691. /* No certificate. */
  27692. ret = wc_CheckCertSigPubKey(NULL, cert_dersz, NULL, keyDer, keyDerSz,
  27693. ECDSAk);
  27694. AssertIntEQ(ret, BAD_FUNC_ARG);
  27695. /* Bad cert size. */
  27696. ret = wc_CheckCertSigPubKey(cert_der, 0, NULL, keyDer, keyDerSz,
  27697. RSAk);
  27698. AssertTrue(ret == ASN_PARSE_E || ret == BUFFER_E);
  27699. /* No public key. */
  27700. ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, NULL, keyDerSz,
  27701. RSAk);
  27702. AssertIntEQ(ret, ASN_NO_SIGNER_E);
  27703. /* Bad public key size. */
  27704. ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0,
  27705. RSAk);
  27706. AssertIntEQ(ret, BAD_FUNC_ARG);
  27707. /* Wrong aglo. */
  27708. ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, keyDerSz,
  27709. ECDSAk);
  27710. AssertIntEQ(ret, ASN_PARSE_E);
  27711. wc_FreeDecodedCert(&decoded);
  27712. if (cert_der)
  27713. free(cert_der);
  27714. if (cert_buf)
  27715. free(cert_buf);
  27716. res = TEST_RES_CHECK(1);
  27717. #endif
  27718. return res;
  27719. }
  27720. static int test_wolfSSL_certs(void)
  27721. {
  27722. int res = TEST_SKIPPED;
  27723. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
  27724. !defined(NO_RSA)
  27725. X509* x509ext;
  27726. #ifdef OPENSSL_ALL
  27727. X509* x509;
  27728. WOLFSSL_X509_EXTENSION* ext;
  27729. ASN1_OBJECT* obj;
  27730. #endif
  27731. WOLFSSL* ssl;
  27732. WOLFSSL_CTX* ctx;
  27733. STACK_OF(ASN1_OBJECT)* sk;
  27734. ASN1_STRING* asn1_str;
  27735. AUTHORITY_KEYID* akey;
  27736. BASIC_CONSTRAINTS* bc;
  27737. int crit;
  27738. #ifndef NO_WOLFSSL_SERVER
  27739. AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
  27740. #else
  27741. AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
  27742. #endif
  27743. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  27744. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  27745. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  27746. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  27747. AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
  27748. #endif
  27749. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  27750. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  27751. AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
  27752. #endif
  27753. AssertNotNull(ssl = SSL_new(ctx));
  27754. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  27755. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  27756. #endif
  27757. #ifdef HAVE_PK_CALLBACKS
  27758. AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS);
  27759. #endif /* HAVE_PK_CALLBACKS */
  27760. /* create and use x509 */
  27761. #ifdef OPENSSL_ALL
  27762. x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
  27763. AssertNotNull(x509);
  27764. #endif
  27765. x509ext = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM);
  27766. AssertNotNull(x509ext);
  27767. AssertIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);
  27768. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  27769. /* with loading in a new cert the check on private key should now fail */
  27770. AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  27771. #endif
  27772. #if defined(USE_CERT_BUFFERS_2048)
  27773. AssertIntEQ(SSL_use_certificate_ASN1(ssl,
  27774. (unsigned char*)server_cert_der_2048,
  27775. sizeof_server_cert_der_2048), WOLFSSL_SUCCESS);
  27776. #endif
  27777. #if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
  27778. /************* Get Digest of Certificate ******************/
  27779. {
  27780. byte digest[64]; /* max digest size */
  27781. word32 digestSz;
  27782. XMEMSET(digest, 0, sizeof(digest));
  27783. AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
  27784. WOLFSSL_SUCCESS);
  27785. AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz),
  27786. WOLFSSL_SUCCESS);
  27787. AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
  27788. WOLFSSL_FAILURE);
  27789. }
  27790. #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
  27791. /* test and checkout X509 extensions */
  27792. bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
  27793. &crit, NULL);
  27794. AssertNotNull(bc);
  27795. AssertIntEQ(crit, 0);
  27796. #ifdef OPENSSL_ALL
  27797. ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc);
  27798. AssertNotNull(ext);
  27799. X509_EXTENSION_free(ext);
  27800. AssertNotNull(ext = X509_EXTENSION_new());
  27801. X509_EXTENSION_set_critical(ext, 1);
  27802. AssertNotNull(obj = OBJ_nid2obj(NID_basic_constraints));
  27803. AssertIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
  27804. ASN1_OBJECT_free(obj);
  27805. X509_EXTENSION_free(ext);
  27806. AssertNotNull(ext = X509_EXTENSION_new());
  27807. X509_EXTENSION_set_critical(ext, 0);
  27808. AssertIntEQ(X509_EXTENSION_set_data(ext, NULL), SSL_FAILURE);
  27809. asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit,
  27810. NULL);
  27811. AssertIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
  27812. ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy
  27813. * and X509_get_ext_d2i has created new */
  27814. X509_EXTENSION_free(ext);
  27815. #endif
  27816. BASIC_CONSTRAINTS_free(bc);
  27817. asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL);
  27818. AssertNotNull(asn1_str);
  27819. AssertIntEQ(crit, 1);
  27820. AssertIntEQ(asn1_str->type, NID_key_usage);
  27821. #ifdef OPENSSL_ALL
  27822. ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str);
  27823. AssertNotNull(ext);
  27824. X509_EXTENSION_free(ext);
  27825. #endif
  27826. ASN1_STRING_free(asn1_str);
  27827. #ifdef OPENSSL_ALL
  27828. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
  27829. &crit, NULL);
  27830. AssertNotNull(sk);
  27831. ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk);
  27832. AssertNotNull(ext);
  27833. X509_EXTENSION_free(ext);
  27834. sk_ASN1_OBJECT_pop_free(sk, NULL);
  27835. #else
  27836. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage,
  27837. &crit, NULL);
  27838. AssertNull(sk);
  27839. #endif
  27840. akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
  27841. NID_authority_key_identifier, &crit, NULL);
  27842. AssertNotNull(akey);
  27843. #ifdef OPENSSL_ALL
  27844. ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit, akey);
  27845. AssertNotNull(ext);
  27846. X509_EXTENSION_free(ext);
  27847. #endif
  27848. wolfSSL_AUTHORITY_KEYID_free(akey);
  27849. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
  27850. NID_private_key_usage_period, &crit, NULL);
  27851. /* AssertNotNull(sk); NID not yet supported */
  27852. AssertIntEQ(crit, -1);
  27853. sk_ASN1_OBJECT_free(sk);
  27854. sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext, NID_subject_alt_name,
  27855. &crit, NULL);
  27856. {
  27857. int i;
  27858. for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
  27859. GENERAL_NAME* gen = sk_GENERAL_NAME_value(sk, i);
  27860. AssertIntEQ(gen->type, GEN_DNS);
  27861. AssertIntEQ(gen->d.dNSName->type, V_ASN1_IA5STRING);
  27862. }
  27863. }
  27864. /* AssertNotNull(sk); no alt names set */
  27865. sk_GENERAL_NAME_free(sk);
  27866. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_issuer_alt_name,
  27867. &crit, NULL);
  27868. /* AssertNotNull(sk); NID not yet supported */
  27869. AssertIntEQ(crit, -1);
  27870. sk_ASN1_OBJECT_free(sk);
  27871. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_info_access, &crit,
  27872. NULL);
  27873. /* AssertNotNull(sk); no auth info set */
  27874. sk_ASN1_OBJECT_free(sk);
  27875. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_sinfo_access,
  27876. &crit, NULL);
  27877. /* AssertNotNull(sk); NID not yet supported */
  27878. AssertIntEQ(crit, -1);
  27879. sk_ASN1_OBJECT_free(sk);
  27880. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_name_constraints,
  27881. &crit, NULL);
  27882. /* AssertNotNull(sk); NID not yet supported */
  27883. AssertIntEQ(crit, -1);
  27884. sk_ASN1_OBJECT_free(sk);
  27885. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
  27886. NID_certificate_policies, &crit, NULL);
  27887. #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT)
  27888. AssertNull(sk);
  27889. #else
  27890. /* AssertNotNull(sk); no cert policy set */
  27891. #endif
  27892. sk_ASN1_OBJECT_free(sk);
  27893. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_mappings,
  27894. &crit, NULL);
  27895. /* AssertNotNull(sk); NID not yet supported */
  27896. AssertIntEQ(crit, -1);
  27897. sk_ASN1_OBJECT_free(sk);
  27898. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_constraints,
  27899. &crit, NULL);
  27900. /* AssertNotNull(sk); NID not yet supported */
  27901. AssertIntEQ(crit, -1);
  27902. sk_ASN1_OBJECT_free(sk);
  27903. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_inhibit_any_policy,
  27904. &crit, NULL);
  27905. /* AssertNotNull(sk); NID not yet supported */
  27906. AssertIntEQ(crit, -1);
  27907. sk_ASN1_OBJECT_free(sk);
  27908. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_tlsfeature, &crit,
  27909. NULL);
  27910. /* AssertNotNull(sk); NID not yet supported */
  27911. AssertIntEQ(crit, -1);
  27912. sk_ASN1_OBJECT_free(sk);
  27913. /* test invalid cases */
  27914. crit = 0;
  27915. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, -1, &crit, NULL);
  27916. AssertNull(sk);
  27917. AssertIntEQ(crit, -1);
  27918. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature,
  27919. NULL, NULL);
  27920. AssertNull(sk);
  27921. AssertIntEQ(SSL_get_hit(ssl), 0);
  27922. #ifdef OPENSSL_ALL
  27923. X509_free(x509);
  27924. #endif
  27925. X509_free(x509ext);
  27926. SSL_free(ssl);
  27927. SSL_CTX_free(ctx);
  27928. res = TEST_RES_CHECK(1);
  27929. #endif /* OPENSSL_EXTRA && !NO_CERTS */
  27930. return res;
  27931. }
  27932. static int test_wolfSSL_X509_check_private_key(void)
  27933. {
  27934. int res = TEST_SKIPPED;
  27935. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  27936. defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY)
  27937. X509* x509;
  27938. EVP_PKEY* pkey = NULL;
  27939. const byte* key;
  27940. /* Check with correct key */
  27941. AssertNotNull((x509 = X509_load_certificate_file(cliCertFile,
  27942. SSL_FILETYPE_PEM)));
  27943. key = client_key_der_2048;
  27944. AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
  27945. &key, (long)sizeof_client_key_der_2048));
  27946. AssertIntEQ(X509_check_private_key(x509, pkey), 1);
  27947. EVP_PKEY_free(pkey);
  27948. pkey = NULL;
  27949. /* Check with wrong key */
  27950. key = server_key_der_2048;
  27951. AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
  27952. &key, (long)sizeof_server_key_der_2048));
  27953. AssertIntEQ(X509_check_private_key(x509, pkey), 0);
  27954. /* test for incorrect parameter */
  27955. AssertIntEQ(X509_check_private_key(NULL, pkey), 0);
  27956. AssertIntEQ(X509_check_private_key(x509, NULL), 0);
  27957. AssertIntEQ(X509_check_private_key(NULL, NULL), 0);
  27958. EVP_PKEY_free(pkey);
  27959. X509_free(x509);
  27960. res = TEST_RES_CHECK(1);
  27961. #endif
  27962. return res;
  27963. }
  27964. static int test_wolfSSL_ASN1_TIME_print(void)
  27965. {
  27966. int res = TEST_SKIPPED;
  27967. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) \
  27968. && (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
  27969. defined(WOLFSSL_HAPROXY)) && defined(USE_CERT_BUFFERS_2048) && \
  27970. !defined(NO_BIO)
  27971. BIO* bio;
  27972. X509* x509;
  27973. const unsigned char* der = client_cert_der_2048;
  27974. ASN1_TIME* t;
  27975. unsigned char buf[25];
  27976. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  27977. AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der,
  27978. sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
  27979. AssertIntEQ(ASN1_TIME_print(bio, X509_get_notBefore(x509)), 1);
  27980. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
  27981. AssertIntEQ(XMEMCMP(buf, "Dec 16 21:17:49 2022 GMT", sizeof(buf) - 1), 0);
  27982. /* create a bad time and test results */
  27983. AssertNotNull(t = X509_get_notAfter(x509));
  27984. AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_SUCCESS);
  27985. t->data[8] = 0;
  27986. t->data[3] = 0;
  27987. AssertIntNE(ASN1_TIME_print(bio, t), 1);
  27988. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
  27989. AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
  27990. AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_FAILURE);
  27991. BIO_free(bio);
  27992. X509_free(x509);
  27993. res = TEST_RES_CHECK(1);
  27994. #endif
  27995. return res;
  27996. }
  27997. static int test_wolfSSL_ASN1_UTCTIME_print(void)
  27998. {
  27999. int res = TEST_SKIPPED;
  28000. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO)
  28001. BIO* bio;
  28002. ASN1_UTCTIME* utc = NULL;
  28003. unsigned char buf[25];
  28004. const char* validDate = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */
  28005. const char* invalidDate = "190424111501X"; /* UTC = YYMMDDHHMMSSZ */
  28006. /* NULL parameter check */
  28007. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  28008. AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
  28009. BIO_free(bio);
  28010. /* Valid date */
  28011. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  28012. AssertNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL,
  28013. DYNAMIC_TYPE_ASN1));
  28014. utc->type = ASN_UTC_TIME;
  28015. utc->length = ASN_UTC_TIME_SIZE;
  28016. XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE);
  28017. AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 1);
  28018. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
  28019. AssertIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0);
  28020. XMEMSET(buf, 0, sizeof(buf));
  28021. BIO_free(bio);
  28022. /* Invalid format */
  28023. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  28024. utc->type = ASN_UTC_TIME;
  28025. utc->length = ASN_UTC_TIME_SIZE;
  28026. XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE);
  28027. AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
  28028. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
  28029. AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
  28030. XFREE(utc, NULL, DYNAMIC_TYPE_ASN1);
  28031. BIO_free(bio);
  28032. res = TEST_RES_CHECK(1);
  28033. #endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
  28034. return res;
  28035. }
  28036. static int test_wolfSSL_ASN1_TIME_diff_compare(void)
  28037. {
  28038. int res = TEST_SKIPPED;
  28039. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
  28040. ASN1_TIME* fromTime;
  28041. ASN1_TIME* toTime;
  28042. int daysDiff;
  28043. int secsDiff;
  28044. AssertNotNull((fromTime = ASN1_TIME_new()));
  28045. /* Feb 22, 2003, 21:15:15 */
  28046. AssertIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), WOLFSSL_SUCCESS);
  28047. AssertNotNull((toTime = ASN1_TIME_new()));
  28048. /* Dec 19, 2010, 18:10:11 */
  28049. AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), WOLFSSL_SUCCESS);
  28050. AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), WOLFSSL_SUCCESS);
  28051. /* Error conditions. */
  28052. AssertIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime),
  28053. WOLFSSL_FAILURE);
  28054. AssertIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime),
  28055. WOLFSSL_FAILURE);
  28056. /* If both times are NULL, difference is 0. */
  28057. AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, NULL),
  28058. WOLFSSL_SUCCESS);
  28059. AssertIntEQ(daysDiff, 0);
  28060. AssertIntEQ(secsDiff, 0);
  28061. /* If one time is NULL, it defaults to the current time. */
  28062. AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, toTime),
  28063. WOLFSSL_SUCCESS);
  28064. AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, NULL),
  28065. WOLFSSL_SUCCESS);
  28066. /* Normal operation. Both times non-NULL. */
  28067. AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime),
  28068. WOLFSSL_SUCCESS);
  28069. AssertIntEQ(daysDiff, 2856);
  28070. AssertIntEQ(secsDiff, 75296);
  28071. /* Swapping the times should return negative values. */
  28072. AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, toTime, fromTime),
  28073. WOLFSSL_SUCCESS);
  28074. AssertIntEQ(daysDiff, -2856);
  28075. AssertIntEQ(secsDiff, -75296);
  28076. AssertIntEQ(ASN1_TIME_compare(fromTime, toTime), -1);
  28077. AssertIntEQ(ASN1_TIME_compare(toTime, fromTime), 1);
  28078. AssertIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0);
  28079. /* Compare regression test: No seconds difference, just difference in days.
  28080. */
  28081. ASN1_TIME_set_string(fromTime, "19700101000000Z");
  28082. ASN1_TIME_set_string(toTime, "19800101000000Z");
  28083. AssertIntEQ(ASN1_TIME_compare(fromTime, toTime), -1);
  28084. AssertIntEQ(ASN1_TIME_compare(toTime, fromTime), 1);
  28085. AssertIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0);
  28086. /* Edge case with Unix epoch. */
  28087. AssertNotNull(ASN1_TIME_set_string(fromTime, "19700101000000Z"));
  28088. AssertNotNull(ASN1_TIME_set_string(toTime, "19800101000000Z"));
  28089. AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime),
  28090. WOLFSSL_SUCCESS);
  28091. AssertIntEQ(daysDiff, 3652);
  28092. AssertIntEQ(secsDiff, 0);
  28093. /* Edge case with year > 2038 (year 2038 problem). */
  28094. AssertNotNull(ASN1_TIME_set_string(toTime, "99991231235959Z"));
  28095. AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime),
  28096. WOLFSSL_SUCCESS);
  28097. AssertIntEQ(daysDiff, 2932896);
  28098. AssertIntEQ(secsDiff, 86399);
  28099. ASN1_TIME_free(fromTime);
  28100. ASN1_TIME_free(toTime);
  28101. res = TEST_RES_CHECK(1);
  28102. #endif
  28103. return res;
  28104. }
  28105. static int test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
  28106. {
  28107. int res = TEST_SKIPPED;
  28108. #if defined(OPENSSL_EXTRA)
  28109. WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime;
  28110. unsigned char nullstr[32];
  28111. XMEMSET(nullstr, 0, 32);
  28112. asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC(
  28113. sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL,
  28114. DYNAMIC_TYPE_TMP_BUFFER);
  28115. if (asn1_gtime) {
  28116. XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE);
  28117. wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime);
  28118. AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32));
  28119. XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  28120. }
  28121. res = TEST_RES_CHECK(1);
  28122. #endif /* OPENSSL_EXTRA */
  28123. return res;
  28124. }
  28125. static int test_wolfSSL_private_keys(void)
  28126. {
  28127. int res = TEST_SKIPPED;
  28128. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  28129. !defined(NO_FILESYSTEM)
  28130. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  28131. WOLFSSL* ssl;
  28132. WOLFSSL_CTX* ctx;
  28133. EVP_PKEY* pkey = NULL;
  28134. OpenSSL_add_all_digests();
  28135. OpenSSL_add_all_algorithms();
  28136. #ifndef NO_RSA
  28137. #ifndef NO_WOLFSSL_SERVER
  28138. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  28139. #else
  28140. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  28141. #endif
  28142. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  28143. /* Have to load a cert before you can check the private key against that
  28144. * certificates public key! */
  28145. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28146. AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
  28147. #endif
  28148. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  28149. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28150. AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
  28151. #endif
  28152. AssertNotNull(ssl = SSL_new(ctx));
  28153. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28154. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  28155. #endif
  28156. #ifdef USE_CERT_BUFFERS_2048
  28157. {
  28158. const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
  28159. unsigned char buf[FOURK_BUF];
  28160. word32 bufSz;
  28161. AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
  28162. (unsigned char*)client_key_der_2048,
  28163. sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
  28164. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28165. /* Should mismatch now that a different private key loaded */
  28166. AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  28167. #endif
  28168. AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
  28169. (unsigned char*)server_key,
  28170. sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
  28171. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28172. /* After loading back in DER format of original key, should match */
  28173. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  28174. #endif
  28175. /* test loading private key to the WOLFSSL_CTX */
  28176. AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
  28177. (unsigned char*)client_key_der_2048,
  28178. sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
  28179. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28180. /* Should mismatch now that a different private key loaded */
  28181. AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
  28182. #endif
  28183. AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
  28184. (unsigned char*)server_key,
  28185. sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
  28186. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28187. /* After loading back in DER format of original key, should match */
  28188. AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
  28189. #endif
  28190. /* pkey not set yet, expecting to fail */
  28191. AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
  28192. /* set PKEY and test again */
  28193. AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
  28194. &server_key, (long)sizeof_server_key_der_2048));
  28195. AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
  28196. /* reuse PKEY structure and test
  28197. * this should be checked with a memory management sanity checker */
  28198. AssertFalse(server_key == (const unsigned char*)server_key_der_2048);
  28199. server_key = (const unsigned char*)server_key_der_2048;
  28200. AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
  28201. &server_key, (long)sizeof_server_key_der_2048));
  28202. AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
  28203. /* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */
  28204. bufSz = FOURK_BUF;
  28205. AssertIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz,
  28206. (byte*)server_key_der_2048, sizeof_server_key_der_2048,
  28207. RSAk, NULL, 0)), 0);
  28208. server_key = (const unsigned char*)buf;
  28209. AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key,
  28210. (long)bufSz));
  28211. }
  28212. #endif
  28213. EVP_PKEY_free(pkey);
  28214. SSL_free(ssl); /* frees x509 also since loaded into ssl */
  28215. SSL_CTX_free(ctx);
  28216. #endif /* end of RSA private key match tests */
  28217. #ifdef HAVE_ECC
  28218. #ifndef NO_WOLFSSL_SERVER
  28219. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  28220. #else
  28221. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  28222. #endif
  28223. AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
  28224. WOLFSSL_FILETYPE_PEM));
  28225. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
  28226. WOLFSSL_FILETYPE_PEM));
  28227. AssertNotNull(ssl = SSL_new(ctx));
  28228. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28229. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  28230. #endif
  28231. SSL_free(ssl);
  28232. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile,
  28233. WOLFSSL_FILETYPE_PEM));
  28234. AssertNotNull(ssl = SSL_new(ctx));
  28235. #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
  28236. AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  28237. #endif
  28238. SSL_free(ssl);
  28239. SSL_CTX_free(ctx);
  28240. #endif /* end of ECC private key match tests */
  28241. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
  28242. #ifndef NO_WOLFSSL_SERVER
  28243. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  28244. #else
  28245. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  28246. #endif
  28247. AssertTrue(SSL_CTX_use_certificate_file(ctx, edCertFile,
  28248. WOLFSSL_FILETYPE_PEM));
  28249. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
  28250. WOLFSSL_FILETYPE_PEM));
  28251. AssertNotNull(ssl = SSL_new(ctx));
  28252. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28253. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  28254. #endif
  28255. SSL_free(ssl);
  28256. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEdKeyFile,
  28257. WOLFSSL_FILETYPE_PEM));
  28258. AssertNotNull(ssl = SSL_new(ctx));
  28259. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28260. AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  28261. #endif
  28262. SSL_free(ssl);
  28263. SSL_CTX_free(ctx);
  28264. #endif /* end of Ed25519 private key match tests */
  28265. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
  28266. #ifndef NO_WOLFSSL_SERVER
  28267. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  28268. #else
  28269. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  28270. #endif
  28271. AssertTrue(SSL_CTX_use_certificate_file(ctx, ed448CertFile,
  28272. WOLFSSL_FILETYPE_PEM));
  28273. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
  28274. WOLFSSL_FILETYPE_PEM));
  28275. AssertNotNull(ssl = SSL_new(ctx));
  28276. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28277. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  28278. #endif
  28279. SSL_free(ssl);
  28280. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEd448KeyFile,
  28281. WOLFSSL_FILETYPE_PEM));
  28282. AssertNotNull(ssl = SSL_new(ctx));
  28283. #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
  28284. AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  28285. #endif
  28286. SSL_free(ssl);
  28287. SSL_CTX_free(ctx);
  28288. #endif /* end of Ed448 private key match tests */
  28289. EVP_cleanup();
  28290. /* test existence of no-op macros in wolfssl/openssl/ssl.h */
  28291. CONF_modules_free();
  28292. ENGINE_cleanup();
  28293. CONF_modules_unload();
  28294. (void)ssl;
  28295. (void)ctx;
  28296. (void)pkey;
  28297. res = TEST_RES_CHECK(1);
  28298. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  28299. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
  28300. return res;
  28301. }
  28302. static int test_wolfSSL_PEM_read_PrivateKey(void)
  28303. {
  28304. int res = TEST_SKIPPED;
  28305. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \
  28306. && !defined(NO_FILESYSTEM)
  28307. XFILE file;
  28308. const char* fname = "./certs/server-key.pem";
  28309. EVP_PKEY* pkey;
  28310. RSA* rsa;
  28311. WOLFSSL_EVP_PKEY_CTX* ctx;
  28312. unsigned char* sig;
  28313. size_t sigLen;
  28314. const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7};
  28315. size_t tbsLen = sizeof(tbs);
  28316. /* Check error case. */
  28317. AssertNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL));
  28318. /* Read in an RSA key. */
  28319. file = XFOPEN(fname, "rb");
  28320. AssertTrue(file != XBADFILE);
  28321. AssertNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL));
  28322. XFCLOSE(file);
  28323. /* Make sure the key is usable by signing some data with it. */
  28324. AssertNotNull(rsa = EVP_PKEY_get0_RSA(pkey));
  28325. AssertIntGT((sigLen = RSA_size(rsa)), 0);
  28326. AssertNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT,
  28327. DYNAMIC_TYPE_TMP_BUFFER));
  28328. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  28329. AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
  28330. AssertIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen),
  28331. WOLFSSL_SUCCESS);
  28332. XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28333. EVP_PKEY_CTX_free(ctx);
  28334. EVP_PKEY_free(pkey);
  28335. res = TEST_RES_CHECK(1);
  28336. #endif
  28337. return res;
  28338. }
  28339. static int test_wolfSSL_PEM_read_PUBKEY(void)
  28340. {
  28341. int res = TEST_SKIPPED;
  28342. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \
  28343. && !defined(NO_FILESYSTEM)
  28344. XFILE file;
  28345. const char* fname = "./certs/client-keyPub.pem";
  28346. EVP_PKEY* pkey;
  28347. /* Check error case. */
  28348. AssertNull(pkey = PEM_read_PUBKEY(NULL, NULL, NULL, NULL));
  28349. /* Read in an RSA key. */
  28350. file = XFOPEN(fname, "rb");
  28351. AssertTrue(file != XBADFILE);
  28352. AssertNotNull(pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL));
  28353. EVP_PKEY_free(pkey);
  28354. XFCLOSE(file);
  28355. res = TEST_RES_CHECK(1);
  28356. #endif
  28357. return res;
  28358. }
  28359. static int test_wolfSSL_PEM_PrivateKey(void)
  28360. {
  28361. int res = TEST_SKIPPED;
  28362. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  28363. (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048)
  28364. #ifndef NO_BIO
  28365. BIO* bio = NULL;
  28366. #endif
  28367. EVP_PKEY* pkey = NULL;
  28368. const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
  28369. #ifndef NO_BIO
  28370. /* test creating new EVP_PKEY with bad arg */
  28371. AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL)));
  28372. /* test loading RSA key using BIO */
  28373. #if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  28374. {
  28375. XFILE file;
  28376. const char* fname = "./certs/server-key.pem";
  28377. const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem";
  28378. size_t sz;
  28379. byte* buf;
  28380. EVP_PKEY* pkey2;
  28381. EVP_PKEY* pkey3;
  28382. RSA* rsa_key = NULL;
  28383. file = XFOPEN(fname, "rb");
  28384. AssertTrue((file != XBADFILE));
  28385. AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
  28386. sz = XFTELL(file);
  28387. XREWIND(file);
  28388. AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
  28389. if (buf) {
  28390. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  28391. }
  28392. XFCLOSE(file);
  28393. /* Test using BIO new mem and loading PEM private key */
  28394. bio = BIO_new_mem_buf(buf, (int)sz);
  28395. AssertNotNull(bio);
  28396. AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
  28397. XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
  28398. BIO_free(bio);
  28399. bio = NULL;
  28400. AssertNotNull(pkey2 = EVP_PKEY_new());
  28401. pkey2->type = EVP_PKEY_RSA;
  28402. /* Test parameter copy */
  28403. AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0);
  28404. EVP_PKEY_free(pkey2);
  28405. EVP_PKEY_free(pkey);
  28406. pkey = NULL;
  28407. /* Qt unit test case : rsa pkcs8 key */
  28408. file = XFOPEN(fname_rsa_p8, "rb");
  28409. AssertTrue((file != XBADFILE));
  28410. AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
  28411. sz = XFTELL(file);
  28412. XREWIND(file);
  28413. AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
  28414. if (buf)
  28415. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  28416. XFCLOSE(file);
  28417. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  28418. AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
  28419. XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
  28420. BIO_free(bio);
  28421. bio = NULL;
  28422. AssertNotNull(pkey3 = EVP_PKEY_new());
  28423. AssertNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey));
  28424. AssertIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS);
  28425. #ifdef WOLFSSL_ERROR_CODE_OPENSSL
  28426. AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
  28427. #else
  28428. AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
  28429. #endif
  28430. RSA_free(rsa_key);
  28431. EVP_PKEY_free(pkey3);
  28432. EVP_PKEY_free(pkey);
  28433. pkey = NULL;
  28434. }
  28435. #endif
  28436. /* test loading ECC key using BIO */
  28437. #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
  28438. {
  28439. XFILE file;
  28440. const char* fname = "./certs/ecc-key.pem";
  28441. const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem";
  28442. size_t sz;
  28443. byte* buf;
  28444. EVP_PKEY* pkey2;
  28445. EVP_PKEY* pkey3;
  28446. EC_KEY* ec_key;
  28447. int nid = 0;
  28448. file = XFOPEN(fname, "rb");
  28449. AssertTrue((file != XBADFILE));
  28450. AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
  28451. sz = XFTELL(file);
  28452. XREWIND(file);
  28453. AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
  28454. if (buf)
  28455. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  28456. XFCLOSE(file);
  28457. /* Test using BIO new mem and loading PEM private key */
  28458. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  28459. AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
  28460. XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
  28461. BIO_free(bio);
  28462. bio = NULL;
  28463. AssertNotNull(pkey2 = EVP_PKEY_new());
  28464. AssertNotNull(pkey3 = EVP_PKEY_new());
  28465. pkey2->type = EVP_PKEY_EC;
  28466. /* Test parameter copy */
  28467. AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1);
  28468. /* Qt unit test case 1*/
  28469. AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
  28470. AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
  28471. #ifdef WOLFSSL_ERROR_CODE_OPENSSL
  28472. AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
  28473. #else
  28474. AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
  28475. #endif
  28476. /* Test default digest */
  28477. AssertIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1);
  28478. AssertIntEQ(nid, NID_sha256);
  28479. EC_KEY_free(ec_key);
  28480. EVP_PKEY_free(pkey3);
  28481. EVP_PKEY_free(pkey2);
  28482. EVP_PKEY_free(pkey);
  28483. pkey = NULL;
  28484. /* Qt unit test case ec pkcs8 key */
  28485. file = XFOPEN(fname_ecc_p8, "rb");
  28486. AssertTrue((file != XBADFILE));
  28487. AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
  28488. sz = XFTELL(file);
  28489. XREWIND(file);
  28490. AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
  28491. if (buf)
  28492. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  28493. XFCLOSE(file);
  28494. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  28495. AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
  28496. XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
  28497. BIO_free(bio);
  28498. bio = NULL;
  28499. AssertNotNull(pkey3 = EVP_PKEY_new());
  28500. /* Qt unit test case */
  28501. AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
  28502. AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
  28503. #ifdef WOLFSSL_ERROR_CODE_OPENSSL
  28504. AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
  28505. #else
  28506. AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
  28507. #endif
  28508. EC_KEY_free(ec_key);
  28509. EVP_PKEY_free(pkey3);
  28510. EVP_PKEY_free(pkey);
  28511. pkey = NULL;
  28512. }
  28513. #endif
  28514. #if !defined(NO_BIO) && !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || \
  28515. defined(WOLFSSL_CERT_GEN))
  28516. {
  28517. #define BIO_PEM_TEST_CHAR 'a'
  28518. EVP_PKEY* pkey2 = NULL;
  28519. unsigned char extra[10];
  28520. int i;
  28521. BIO* pub_bio = NULL;
  28522. XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
  28523. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  28524. AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
  28525. AssertNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  28526. AssertIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE);
  28527. AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey,
  28528. &server_key, (long)sizeof_server_key_der_2048));
  28529. AssertNull(pkey);
  28530. AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
  28531. &server_key, (long)sizeof_server_key_der_2048));
  28532. AssertIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL,
  28533. NULL), WOLFSSL_FAILURE);
  28534. AssertIntEQ(PEM_write_bio_PrivateKey(bio, NULL, NULL, NULL, 0, NULL,
  28535. NULL), WOLFSSL_FAILURE);
  28536. AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
  28537. NULL), WOLFSSL_SUCCESS);
  28538. AssertIntGT(BIO_pending(bio), 0);
  28539. AssertIntEQ(BIO_pending(bio), 1679);
  28540. /* Check if the pubkey API writes only the public key */
  28541. #ifdef WOLFSSL_KEY_GEN
  28542. AssertIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WOLFSSL_FAILURE);
  28543. AssertIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WOLFSSL_FAILURE);
  28544. AssertIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS);
  28545. AssertIntGT(BIO_pending(pub_bio), 0);
  28546. /* Previously both the private key and the pubkey calls would write
  28547. * out the private key and the PEM header was the only difference.
  28548. * The public PEM should be significantly shorter than the
  28549. * private key versison. */
  28550. AssertIntEQ(BIO_pending(pub_bio), 451);
  28551. #endif
  28552. /* test creating new EVP_PKEY with good args */
  28553. AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
  28554. if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr)
  28555. AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0);
  28556. /* test of reuse of EVP_PKEY */
  28557. AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
  28558. AssertIntEQ(BIO_pending(bio), 0);
  28559. AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
  28560. SSL_SUCCESS);
  28561. AssertIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */
  28562. AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
  28563. AssertNotNull(pkey);
  28564. if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
  28565. AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0);
  28566. }
  28567. AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */
  28568. AssertIntEQ(BIO_read(bio, extra, 10), 10);
  28569. for (i = 0; i < 10; i++) {
  28570. AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR);
  28571. }
  28572. BIO_free(pub_bio);
  28573. BIO_free(bio);
  28574. bio = NULL;
  28575. EVP_PKEY_free(pkey);
  28576. pkey = NULL;
  28577. EVP_PKEY_free(pkey2);
  28578. }
  28579. #endif
  28580. /* key is DES encrypted */
  28581. #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
  28582. !defined(NO_RSA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) && \
  28583. !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && \
  28584. !defined(HAVE_USER_RSA) && !defined(NO_RSA)
  28585. {
  28586. XFILE f;
  28587. wc_pem_password_cb* passwd_cb;
  28588. void* passwd_cb_userdata;
  28589. SSL_CTX* ctx;
  28590. char passwd[] = "bad password";
  28591. #ifndef WOLFSSL_NO_TLS12
  28592. #ifndef NO_WOLFSSL_SERVER
  28593. AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
  28594. #else
  28595. AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
  28596. #endif
  28597. #else
  28598. #ifndef NO_WOLFSSL_SERVER
  28599. AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
  28600. #else
  28601. AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
  28602. #endif
  28603. #endif
  28604. AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
  28605. SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  28606. AssertNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx));
  28607. AssertNull(passwd_cb_userdata =
  28608. SSL_CTX_get_default_passwd_cb_userdata(ctx));
  28609. /* fail case with password call back */
  28610. AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
  28611. (void*)passwd));
  28612. BIO_free(bio);
  28613. AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
  28614. AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
  28615. (void*)passwd));
  28616. BIO_free(bio);
  28617. f = XFOPEN("./certs/server-keyEnc.pem", "rb");
  28618. AssertNotNull(bio = BIO_new_fp(f, BIO_CLOSE));
  28619. /* use callback that works */
  28620. AssertNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
  28621. (void*)"yassl123"));
  28622. AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
  28623. EVP_PKEY_free(pkey);
  28624. pkey = NULL;
  28625. BIO_free(bio);
  28626. bio = NULL;
  28627. SSL_CTX_free(ctx);
  28628. }
  28629. #endif /* !defined(NO_DES3) */
  28630. #endif /* !NO_BIO */
  28631. #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
  28632. {
  28633. unsigned char buf[2048];
  28634. size_t bytes;
  28635. XFILE f;
  28636. SSL_CTX* ctx;
  28637. #ifndef WOLFSSL_NO_TLS12
  28638. #ifndef NO_WOLFSSL_SERVER
  28639. AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
  28640. #else
  28641. AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
  28642. #endif
  28643. #else
  28644. #ifndef NO_WOLFSSL_SERVER
  28645. AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
  28646. #else
  28647. AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
  28648. #endif
  28649. #endif
  28650. f = XFOPEN("./certs/ecc-key.der", "rb");
  28651. AssertTrue((f != XBADFILE));
  28652. bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f);
  28653. XFCLOSE(f);
  28654. server_key = buf;
  28655. pkey = NULL;
  28656. AssertNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, bytes));
  28657. AssertNull(pkey);
  28658. AssertNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, bytes));
  28659. AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
  28660. EVP_PKEY_free(pkey);
  28661. pkey = NULL;
  28662. SSL_CTX_free(ctx);
  28663. }
  28664. #endif
  28665. res = TEST_RES_CHECK(1);
  28666. #ifndef NO_BIO
  28667. (void)bio;
  28668. #endif
  28669. (void)pkey;
  28670. (void)server_key;
  28671. #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */
  28672. return res;
  28673. }
  28674. static int test_wolfSSL_PEM_file_RSAKey(void)
  28675. {
  28676. int res = TEST_SKIPPED;
  28677. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
  28678. defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
  28679. !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  28680. RSA* rsa = NULL;
  28681. XFILE fp;
  28682. AssertTrue((fp = XFOPEN("./certs/rsa-pub-2048.pem", "rb")) != XBADFILE);
  28683. AssertNotNull((rsa = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL)));
  28684. XFCLOSE(fp);
  28685. AssertIntEQ(RSA_size(rsa), 256);
  28686. AssertIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WOLFSSL_FAILURE);
  28687. AssertIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WOLFSSL_FAILURE);
  28688. AssertIntEQ(PEM_write_RSAPublicKey(stderr, rsa), WOLFSSL_SUCCESS);
  28689. AssertIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WOLFSSL_FAILURE);
  28690. AssertIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WOLFSSL_FAILURE);
  28691. AssertIntEQ(PEM_write_RSA_PUBKEY(stderr, rsa), WOLFSSL_SUCCESS);
  28692. RSA_free(rsa);
  28693. res = TEST_RES_CHECK(1);
  28694. #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
  28695. (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \
  28696. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */
  28697. return res;
  28698. }
  28699. static int test_wolfSSL_PEM_file_RSAPrivateKey(void)
  28700. {
  28701. int res = TEST_SKIPPED;
  28702. #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
  28703. !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && \
  28704. (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
  28705. RSA* rsa = NULL;
  28706. XFILE f = NULL;
  28707. f = XFOPEN(svrKeyFile, "r");
  28708. AssertTrue((f != XBADFILE));
  28709. AssertNotNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL)));
  28710. AssertIntEQ(RSA_size(rsa), 256);
  28711. AssertIntEQ(PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL,
  28712. NULL), WOLFSSL_FAILURE);
  28713. AssertIntEQ(PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL,
  28714. NULL), WOLFSSL_FAILURE);
  28715. AssertIntEQ(PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL),
  28716. WOLFSSL_SUCCESS);
  28717. RSA_free(rsa);
  28718. XFCLOSE(f);
  28719. #ifdef HAVE_ECC
  28720. f = XFOPEN(eccKeyFile, "r");
  28721. AssertTrue((f != XBADFILE));
  28722. AssertNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL)));
  28723. XFCLOSE(f);
  28724. #endif /* HAVE_ECC */
  28725. res = TEST_RES_CHECK(1);
  28726. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
  28727. return res;
  28728. }
  28729. #ifndef NO_BIO
  28730. static int test_wolfSSL_PEM_bio_RSAKey(void)
  28731. {
  28732. int res = TEST_SKIPPED;
  28733. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
  28734. defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
  28735. !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  28736. RSA* rsa = NULL;
  28737. BIO* bio = NULL;
  28738. /* PrivateKey */
  28739. AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
  28740. AssertNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL)));
  28741. AssertNotNull(PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL));
  28742. AssertNotNull(rsa);
  28743. AssertIntEQ(RSA_size(rsa), 256);
  28744. AssertIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
  28745. NULL), WOLFSSL_FAILURE);
  28746. BIO_free(bio);
  28747. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  28748. AssertIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \
  28749. NULL), WOLFSSL_SUCCESS);
  28750. BIO_free(bio);
  28751. RSA_free(rsa);
  28752. /* PUBKEY */
  28753. AssertNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb"));
  28754. AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL)));
  28755. AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
  28756. AssertIntEQ(RSA_size(rsa), 256);
  28757. AssertIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
  28758. BIO_free(bio);
  28759. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  28760. AssertIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS);
  28761. BIO_free(bio);
  28762. RSA_free(rsa);
  28763. /* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */
  28764. AssertNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb"));
  28765. AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
  28766. BIO_free(bio);
  28767. RSA_free(rsa);
  28768. #ifdef HAVE_ECC
  28769. /* ensure that non-rsa keys do not work */
  28770. AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
  28771. AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
  28772. AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
  28773. BIO_free(bio);
  28774. RSA_free(rsa);
  28775. #endif /* HAVE_ECC */
  28776. res = TEST_RES_CHECK(1);
  28777. #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
  28778. (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \
  28779. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */
  28780. return res;
  28781. }
  28782. static int test_wolfSSL_PEM_bio_RSAPrivateKey(void)
  28783. {
  28784. int res = TEST_SKIPPED;
  28785. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  28786. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  28787. RSA* rsa = NULL;
  28788. RSA* rsa_dup = NULL;
  28789. BIO* bio = NULL;
  28790. AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
  28791. AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
  28792. AssertIntEQ(RSA_size(rsa), 256);
  28793. #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
  28794. AssertNull(rsa_dup = RSAPublicKey_dup(NULL));
  28795. /* Test duplicating empty key. */
  28796. rsa_dup = RSA_new();
  28797. AssertNull(RSAPublicKey_dup(rsa_dup));
  28798. RSA_free(rsa_dup);
  28799. AssertNotNull(rsa_dup = RSAPublicKey_dup(rsa));
  28800. AssertPtrNE(rsa_dup, rsa);
  28801. #endif
  28802. /* test if valgrind complains about unreleased memory */
  28803. RSA_up_ref(rsa);
  28804. RSA_free(rsa);
  28805. BIO_free(bio);
  28806. RSA_free(rsa);
  28807. RSA_free(rsa_dup);
  28808. #ifdef HAVE_ECC
  28809. AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb"));
  28810. AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
  28811. BIO_free(bio);
  28812. #endif /* HAVE_ECC */
  28813. res = TEST_RES_CHECK(1);
  28814. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
  28815. return res;
  28816. }
  28817. static int test_wolfSSL_PEM_read_RSA_PUBKEY(void)
  28818. {
  28819. int res = TEST_SKIPPED;
  28820. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  28821. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  28822. XFILE file;
  28823. const char* fname = "./certs/client-keyPub.pem";
  28824. RSA *rsa;
  28825. AssertNull(wolfSSL_PEM_read_RSA_PUBKEY(XBADFILE, NULL, NULL, NULL));
  28826. file = XFOPEN(fname, "rb");
  28827. AssertTrue((file != XBADFILE));
  28828. AssertNotNull((rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL)));
  28829. AssertIntEQ(RSA_size(rsa), 256);
  28830. RSA_free(rsa);
  28831. XFCLOSE(file);
  28832. res = TEST_RES_CHECK(1);
  28833. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
  28834. return res;
  28835. }
  28836. static int test_wolfSSL_PEM_bio_DSAKey(void)
  28837. {
  28838. int res = TEST_SKIPPED;
  28839. #ifndef HAVE_SELFTEST
  28840. #if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \
  28841. defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA)
  28842. DSA* dsa = NULL;
  28843. BIO* bio = NULL;
  28844. /* PrivateKey */
  28845. AssertNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb"));
  28846. AssertNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL)));
  28847. AssertNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
  28848. AssertIntEQ(BN_num_bytes(dsa->g), 128);
  28849. AssertIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, NULL),
  28850. WOLFSSL_FAILURE);
  28851. BIO_free(bio);
  28852. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  28853. AssertIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, NULL),
  28854. WOLFSSL_SUCCESS);
  28855. BIO_free(bio);
  28856. DSA_free(dsa);
  28857. /* PUBKEY */
  28858. AssertNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb"));
  28859. AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL)));
  28860. AssertNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
  28861. AssertIntEQ(BN_num_bytes(dsa->g), 128);
  28862. AssertIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
  28863. BIO_free(bio);
  28864. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  28865. AssertIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS);
  28866. BIO_free(bio);
  28867. DSA_free(dsa);
  28868. #ifdef HAVE_ECC
  28869. /* ensure that non-dsa keys do not work */
  28870. AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
  28871. AssertNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
  28872. AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
  28873. BIO_free(bio);
  28874. DSA_free(dsa);
  28875. #endif /* HAVE_ECC */
  28876. res = TEST_RES_CHECK(1);
  28877. #endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \
  28878. !defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \
  28879. !defined(NO_FILESYSTEM) && !defined(NO_DSA) */
  28880. #endif /* HAVE_SELFTEST */
  28881. return res;
  28882. }
  28883. static int test_wolfSSL_PEM_bio_ECKey(void)
  28884. {
  28885. int res = TEST_SKIPPED;
  28886. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
  28887. defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
  28888. EC_KEY* ec = NULL;
  28889. BIO* bio = NULL;
  28890. /* PrivateKey */
  28891. AssertNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb"));
  28892. AssertNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL)));
  28893. AssertNotNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
  28894. AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
  28895. AssertIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
  28896. NULL),WOLFSSL_FAILURE);
  28897. BIO_free(bio);
  28898. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  28899. AssertIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \
  28900. NULL), WOLFSSL_SUCCESS);
  28901. BIO_free(bio);
  28902. EC_KEY_free(ec);
  28903. /* PUBKEY */
  28904. AssertNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb"));
  28905. AssertNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL)));
  28906. AssertNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
  28907. AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
  28908. AssertIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
  28909. BIO_free(bio);
  28910. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  28911. AssertIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS);
  28912. BIO_free(bio);
  28913. /* Same test as above, but with a file pointer rather than a BIO. */
  28914. AssertIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WOLFSSL_FAILURE);
  28915. AssertIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WOLFSSL_FAILURE);
  28916. AssertIntEQ(PEM_write_EC_PUBKEY(stderr, ec), WOLFSSL_SUCCESS);
  28917. EC_KEY_free(ec);
  28918. #ifndef NO_RSA
  28919. /* ensure that non-ec keys do not work */
  28920. AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */
  28921. AssertNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
  28922. AssertNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
  28923. BIO_free(bio);
  28924. EC_KEY_free(ec);
  28925. #endif /* HAVE_ECC */
  28926. res = TEST_RES_CHECK(1);
  28927. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
  28928. return res;
  28929. }
  28930. static int test_wolfSSL_PEM_PUBKEY(void)
  28931. {
  28932. int res = TEST_SKIPPED;
  28933. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
  28934. BIO* bio = NULL;
  28935. EVP_PKEY* pkey = NULL;
  28936. /* test creating new EVP_PKEY with bad arg */
  28937. AssertNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL)));
  28938. /* test loading ECC key using BIO */
  28939. #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
  28940. {
  28941. XFILE file;
  28942. const char* fname = "./certs/ecc-client-keyPub.pem";
  28943. size_t sz;
  28944. byte* buf;
  28945. EVP_PKEY* pkey2;
  28946. EC_KEY* ec_key;
  28947. file = XFOPEN(fname, "rb");
  28948. AssertTrue((file != XBADFILE));
  28949. AssertIntGE(XFSEEK(file, 0, XSEEK_END), 0);
  28950. sz = XFTELL(file);
  28951. XREWIND(file);
  28952. AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
  28953. if (buf)
  28954. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  28955. XFCLOSE(file);
  28956. /* Test using BIO new mem and loading PEM private key */
  28957. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  28958. AssertNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)));
  28959. XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
  28960. BIO_free(bio);
  28961. bio = NULL;
  28962. /* Qt unit test case*/
  28963. AssertNotNull(pkey2 = EVP_PKEY_new());
  28964. AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
  28965. AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS);
  28966. #ifdef WOLFSSL_ERROR_CODE_OPENSSL
  28967. AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */);
  28968. #else
  28969. AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0);
  28970. #endif
  28971. EC_KEY_free(ec_key);
  28972. EVP_PKEY_free(pkey2);
  28973. EVP_PKEY_free(pkey);
  28974. pkey = NULL;
  28975. }
  28976. #endif
  28977. (void)bio;
  28978. (void)pkey;
  28979. res = TEST_RES_CHECK(1);
  28980. #endif
  28981. return res;
  28982. }
  28983. #endif /* !NO_BIO */
  28984. static int test_DSA_do_sign_verify(void)
  28985. {
  28986. int res = TEST_SKIPPED;
  28987. #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  28988. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
  28989. !defined(NO_DSA)
  28990. unsigned char digest[WC_SHA_DIGEST_SIZE];
  28991. DSA_SIG* sig;
  28992. DSA* dsa;
  28993. word32 bytes;
  28994. byte sigBin[DSA_SIG_SIZE];
  28995. int dsacheck;
  28996. #ifdef USE_CERT_BUFFERS_1024
  28997. byte tmp[ONEK_BUF];
  28998. XMEMSET(tmp, 0, sizeof(tmp));
  28999. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  29000. bytes = sizeof_dsa_key_der_1024;
  29001. #elif defined(USE_CERT_BUFFERS_2048)
  29002. byte tmp[TWOK_BUF];
  29003. XMEMSET(tmp, 0, sizeof(tmp));
  29004. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  29005. bytes = sizeof_dsa_key_der_2048;
  29006. #else
  29007. byte tmp[TWOK_BUF];
  29008. XMEMSET(tmp, 0, sizeof(tmp));
  29009. XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
  29010. if (fp == XBADFILE) {
  29011. return WOLFSSL_BAD_FILE;
  29012. }
  29013. bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
  29014. XFCLOSE(fp);
  29015. #endif /* END USE_CERT_BUFFERS_1024 */
  29016. XMEMSET(digest, 202, sizeof(digest));
  29017. AssertNotNull(dsa = DSA_new());
  29018. AssertIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1);
  29019. AssertIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1);
  29020. AssertIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1);
  29021. AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa));
  29022. AssertIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1);
  29023. DSA_SIG_free(sig);
  29024. DSA_free(dsa);
  29025. res = TEST_RES_CHECK(1);
  29026. #endif
  29027. #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
  29028. return res;
  29029. }
  29030. static int test_wolfSSL_tmp_dh(void)
  29031. {
  29032. int res = TEST_SKIPPED;
  29033. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
  29034. !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
  29035. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  29036. byte buff[6000];
  29037. char file[] = "./certs/dsaparams.pem";
  29038. XFILE f;
  29039. int bytes;
  29040. DSA* dsa;
  29041. DH* dh;
  29042. #if defined(WOLFSSL_DH_EXTRA) && \
  29043. (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
  29044. DH* dh2;
  29045. #endif
  29046. BIO* bio;
  29047. SSL* ssl;
  29048. SSL_CTX* ctx;
  29049. #ifndef NO_WOLFSSL_SERVER
  29050. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  29051. #else
  29052. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  29053. #endif
  29054. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  29055. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  29056. AssertNotNull(ssl = SSL_new(ctx));
  29057. f = XFOPEN(file, "rb");
  29058. AssertTrue((f != XBADFILE));
  29059. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  29060. XFCLOSE(f);
  29061. bio = BIO_new_mem_buf((void*)buff, bytes);
  29062. AssertNotNull(bio);
  29063. dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
  29064. AssertNotNull(dsa);
  29065. dh = wolfSSL_DSA_dup_DH(dsa);
  29066. AssertNotNull(dh);
  29067. #if defined(WOLFSSL_DH_EXTRA) && \
  29068. (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
  29069. AssertNotNull(dh2 = wolfSSL_DH_dup(dh));
  29070. #endif
  29071. AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
  29072. #ifndef NO_WOLFSSL_SERVER
  29073. AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS);
  29074. #else
  29075. AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR);
  29076. #endif
  29077. BIO_free(bio);
  29078. DSA_free(dsa);
  29079. DH_free(dh);
  29080. #if defined(WOLFSSL_DH_EXTRA) && \
  29081. (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
  29082. DH_free(dh2);
  29083. #endif
  29084. SSL_free(ssl);
  29085. SSL_CTX_free(ctx);
  29086. res = TEST_RES_CHECK(1);
  29087. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  29088. #endif
  29089. return res;
  29090. }
  29091. static int test_wolfSSL_ctrl(void)
  29092. {
  29093. int res = TEST_SKIPPED;
  29094. #if defined (OPENSSL_EXTRA) && !defined(NO_BIO)
  29095. byte buff[6000];
  29096. BIO* bio;
  29097. int bytes;
  29098. BUF_MEM* ptr = NULL;
  29099. XMEMSET(buff, 0, sizeof(buff));
  29100. bytes = sizeof(buff);
  29101. bio = BIO_new_mem_buf((void*)buff, bytes);
  29102. AssertNotNull(bio);
  29103. AssertNotNull(BIO_s_socket());
  29104. AssertIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), WOLFSSL_SUCCESS);
  29105. /* needs tested after stubs filled out @TODO
  29106. SSL_ctrl
  29107. SSL_CTX_ctrl
  29108. */
  29109. BIO_free(bio);
  29110. res = TEST_RES_CHECK(1);
  29111. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_BIO) */
  29112. return res;
  29113. }
  29114. static int test_wolfSSL_EVP_PKEY_new_mac_key(void)
  29115. {
  29116. int res = TEST_SKIPPED;
  29117. #ifdef OPENSSL_EXTRA
  29118. static const unsigned char pw[] = "password";
  29119. static const int pwSz = sizeof(pw) - 1;
  29120. size_t checkPwSz = 0;
  29121. const unsigned char* checkPw = NULL;
  29122. WOLFSSL_EVP_PKEY* key = NULL;
  29123. AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz));
  29124. AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz));
  29125. AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, pwSz));
  29126. if (key) {
  29127. AssertIntEQ(key->type, EVP_PKEY_HMAC);
  29128. AssertIntEQ(key->save_type, EVP_PKEY_HMAC);
  29129. AssertIntEQ(key->pkey_sz, pwSz);
  29130. AssertIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0);
  29131. }
  29132. AssertNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz));
  29133. AssertIntEQ((int)checkPwSz, pwSz);
  29134. if (checkPw) {
  29135. AssertIntEQ(XMEMCMP(checkPw, pw, pwSz), 0);
  29136. }
  29137. wolfSSL_EVP_PKEY_free(key);
  29138. AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, 0));
  29139. if (key) {
  29140. AssertIntEQ(key->pkey_sz, 0);
  29141. }
  29142. checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
  29143. (void)checkPw;
  29144. AssertIntEQ((int)checkPwSz, 0);
  29145. wolfSSL_EVP_PKEY_free(key);
  29146. AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL, 0));
  29147. if (key) {
  29148. AssertIntEQ(key->pkey_sz, 0);
  29149. }
  29150. checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
  29151. (void)checkPw;
  29152. AssertIntEQ((int)checkPwSz, 0);
  29153. wolfSSL_EVP_PKEY_free(key);
  29154. res = TEST_RES_CHECK(1);
  29155. #endif /* OPENSSL_EXTRA */
  29156. return res;
  29157. }
  29158. static int test_wolfSSL_EVP_PKEY_new_CMAC_key(void)
  29159. {
  29160. int res = TEST_SKIPPED;
  29161. #ifdef OPENSSL_EXTRA
  29162. #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
  29163. const char *priv = "ABCDEFGHIJKLMNOP";
  29164. const WOLFSSL_EVP_CIPHER* cipher = EVP_aes_128_cbc();
  29165. WOLFSSL_EVP_PKEY* key = NULL;
  29166. AssertNull(key = wolfSSL_EVP_PKEY_new_CMAC_key(
  29167. NULL, NULL, AES_128_KEY_SIZE, cipher));
  29168. AssertNull(key = wolfSSL_EVP_PKEY_new_CMAC_key(
  29169. NULL, (const unsigned char *)priv, 0, cipher));
  29170. AssertNull(key = wolfSSL_EVP_PKEY_new_CMAC_key(
  29171. NULL, (const unsigned char *)priv, AES_128_KEY_SIZE, NULL));
  29172. AssertNotNull(key = wolfSSL_EVP_PKEY_new_CMAC_key(
  29173. NULL, (const unsigned char *)priv, AES_128_KEY_SIZE, cipher));
  29174. wolfSSL_EVP_PKEY_free(key);
  29175. res = TEST_RES_CHECK(1);
  29176. #endif /* defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) */
  29177. #endif /* OPENSSL_EXTRA */
  29178. return res;
  29179. }
  29180. static int test_wolfSSL_EVP_Digest(void)
  29181. {
  29182. int res = TEST_SKIPPED;
  29183. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
  29184. const char* in = "abc";
  29185. int inLen = (int)XSTRLEN(in);
  29186. byte out[WC_SHA256_DIGEST_SIZE];
  29187. unsigned int outLen;
  29188. const char* expOut = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
  29189. "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
  29190. "\x15\xAD";
  29191. AssertIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen, "SHA256", NULL), 1);
  29192. AssertIntEQ(outLen, WC_SHA256_DIGEST_SIZE);
  29193. AssertIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0);
  29194. res = TEST_RES_CHECK(1);
  29195. #endif /* OPEN_EXTRA && ! NO_SHA256 */
  29196. return res;
  29197. }
  29198. static int test_wolfSSL_EVP_Digest_all(void)
  29199. {
  29200. int res = TEST_SKIPPED;
  29201. #ifdef OPENSSL_EXTRA
  29202. const char* digests[] = {
  29203. #ifndef NO_MD5
  29204. "MD5",
  29205. #endif
  29206. #ifndef NO_SHA
  29207. "SHA",
  29208. #endif
  29209. #ifdef WOLFSSL_SHA224
  29210. "SHA224",
  29211. #endif
  29212. #ifndef NO_SHA256
  29213. "SHA256",
  29214. #endif
  29215. #ifdef WOLFSSL_SHA384
  29216. "SHA384",
  29217. #endif
  29218. #ifdef WOLFSSL_SHA512
  29219. "SHA512",
  29220. #endif
  29221. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
  29222. "SHA512_224",
  29223. #endif
  29224. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
  29225. "SHA512_256",
  29226. #endif
  29227. #ifdef WOLFSSL_SHA3
  29228. #ifndef WOLFSSL_NOSHA3_224
  29229. "SHA3_224",
  29230. #endif
  29231. #ifndef WOLFSSL_NOSHA3_256
  29232. "SHA3_256",
  29233. #endif
  29234. "SHA3_384",
  29235. #ifndef WOLFSSL_NOSHA3_512
  29236. "SHA3_512",
  29237. #endif
  29238. #endif /* WOLFSSL_SHA3 */
  29239. NULL
  29240. };
  29241. const char** d;
  29242. const unsigned char in[] = "abc";
  29243. int inLen = XSTR_SIZEOF(in);
  29244. byte out[WC_MAX_DIGEST_SIZE];
  29245. unsigned int outLen;
  29246. for (d = digests; *d != NULL; d++) {
  29247. AssertIntEQ(EVP_Digest(in, inLen, out, &outLen, *d, NULL), 1);
  29248. AssertIntGT(outLen, 0);
  29249. AssertIntEQ(EVP_MD_size(*d), outLen);
  29250. }
  29251. res = TEST_RES_CHECK(1);
  29252. #endif
  29253. return res;
  29254. }
  29255. static int test_wolfSSL_EVP_MD_size(void)
  29256. {
  29257. int res = TEST_SKIPPED;
  29258. #ifdef OPENSSL_EXTRA
  29259. WOLFSSL_EVP_MD_CTX mdCtx;
  29260. #ifdef WOLFSSL_SHA3
  29261. #ifndef WOLFSSL_NOSHA3_224
  29262. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29263. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_224"), 1);
  29264. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE);
  29265. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE);
  29266. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29267. #endif
  29268. #ifndef WOLFSSL_NOSHA3_256
  29269. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29270. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_256"), 1);
  29271. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE);
  29272. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE);
  29273. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29274. #endif
  29275. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29276. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_384"), 1);
  29277. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE);
  29278. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE);
  29279. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29280. #ifndef WOLFSSL_NOSHA3_512
  29281. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29282. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_512"), 1);
  29283. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE);
  29284. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE);
  29285. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29286. #endif
  29287. #endif /* WOLFSSL_SHA3 */
  29288. #ifndef NO_SHA256
  29289. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29290. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1);
  29291. AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_DIGEST_SIZE);
  29292. AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_BLOCK_SIZE);
  29293. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA256_DIGEST_SIZE);
  29294. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE);
  29295. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29296. #endif
  29297. #ifndef NO_MD5
  29298. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29299. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1);
  29300. AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_DIGEST_SIZE);
  29301. AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_BLOCK_SIZE);
  29302. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE);
  29303. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE);
  29304. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29305. #endif
  29306. #ifdef WOLFSSL_SHA224
  29307. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29308. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1);
  29309. AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_DIGEST_SIZE);
  29310. AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_BLOCK_SIZE);
  29311. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE);
  29312. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE);
  29313. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29314. #endif
  29315. #ifdef WOLFSSL_SHA384
  29316. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29317. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1);
  29318. AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_DIGEST_SIZE);
  29319. AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_BLOCK_SIZE);
  29320. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE);
  29321. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE);
  29322. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29323. #endif
  29324. #ifdef WOLFSSL_SHA512
  29325. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29326. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1);
  29327. AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_DIGEST_SIZE);
  29328. AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_BLOCK_SIZE);
  29329. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE);
  29330. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE);
  29331. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29332. #endif
  29333. #ifndef NO_SHA
  29334. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29335. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1);
  29336. AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE);
  29337. AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE);
  29338. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
  29339. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
  29340. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29341. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29342. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1);
  29343. AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE);
  29344. AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE);
  29345. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
  29346. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
  29347. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29348. #endif
  29349. /* error case */
  29350. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29351. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG);
  29352. AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), BAD_FUNC_ARG);
  29353. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG);
  29354. /* Cleanup is valid on uninit'ed struct */
  29355. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29356. res = TEST_RES_CHECK(1);
  29357. #endif /* OPENSSL_EXTRA */
  29358. return res;
  29359. }
  29360. static int test_wolfSSL_EVP_MD_pkey_type(void)
  29361. {
  29362. int res = TEST_SKIPPED;
  29363. #ifdef OPENSSL_EXTRA
  29364. const WOLFSSL_EVP_MD* md;
  29365. #ifndef NO_MD5
  29366. AssertNotNull(md = EVP_md5());
  29367. AssertIntEQ(EVP_MD_pkey_type(md), NID_md5WithRSAEncryption);
  29368. #endif
  29369. #ifndef NO_SHA
  29370. AssertNotNull(md = EVP_sha1());
  29371. AssertIntEQ(EVP_MD_pkey_type(md), NID_sha1WithRSAEncryption);
  29372. #endif
  29373. #ifdef WOLFSSL_SHA224
  29374. AssertNotNull(md = EVP_sha224());
  29375. AssertIntEQ(EVP_MD_pkey_type(md), NID_sha224WithRSAEncryption);
  29376. #endif
  29377. AssertNotNull(md = EVP_sha256());
  29378. AssertIntEQ(EVP_MD_pkey_type(md), NID_sha256WithRSAEncryption);
  29379. #ifdef WOLFSSL_SHA384
  29380. AssertNotNull(md = EVP_sha384());
  29381. AssertIntEQ(EVP_MD_pkey_type(md), NID_sha384WithRSAEncryption);
  29382. #endif
  29383. #ifdef WOLFSSL_SHA512
  29384. AssertNotNull(md = EVP_sha512());
  29385. AssertIntEQ(EVP_MD_pkey_type(md), NID_sha512WithRSAEncryption);
  29386. #endif
  29387. res = TEST_RES_CHECK(1);
  29388. #endif
  29389. return res;
  29390. }
  29391. #ifdef OPENSSL_EXTRA
  29392. static void test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey,
  29393. size_t testKeySz, const char* testData, size_t testDataSz,
  29394. const byte* testResult, size_t testResultSz)
  29395. {
  29396. unsigned char check[WC_MAX_DIGEST_SIZE];
  29397. size_t checkSz = -1;
  29398. WOLFSSL_EVP_PKEY* key;
  29399. WOLFSSL_EVP_MD_CTX mdCtx;
  29400. AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
  29401. testKey, (int)testKeySz));
  29402. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29403. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
  29404. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
  29405. (unsigned int)testDataSz), 1);
  29406. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  29407. AssertIntEQ((int)checkSz, (int)testResultSz);
  29408. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  29409. AssertIntEQ((int)checkSz,(int)testResultSz);
  29410. AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0);
  29411. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29412. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
  29413. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
  29414. (unsigned int)testDataSz), 1);
  29415. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
  29416. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29417. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29418. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
  29419. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
  29420. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  29421. AssertIntEQ((int)checkSz, (int)testResultSz);
  29422. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  29423. AssertIntEQ((int)checkSz,(int)testResultSz);
  29424. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
  29425. (unsigned int)testDataSz - 4), 1);
  29426. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  29427. AssertIntEQ((int)checkSz,(int)testResultSz);
  29428. AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0);
  29429. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29430. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
  29431. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
  29432. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
  29433. (unsigned int)testDataSz - 4), 1);
  29434. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
  29435. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29436. wolfSSL_EVP_PKEY_free(key);
  29437. }
  29438. #endif
  29439. static int test_wolfSSL_EVP_MD_hmac_signing(void)
  29440. {
  29441. int res = TEST_SKIPPED;
  29442. #ifdef OPENSSL_EXTRA
  29443. static const unsigned char testKey[] =
  29444. {
  29445. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  29446. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  29447. 0x0b, 0x0b, 0x0b, 0x0b
  29448. };
  29449. static const char testData[] = "Hi There";
  29450. #ifdef WOLFSSL_SHA224
  29451. static const unsigned char testResultSha224[] =
  29452. {
  29453. 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19,
  29454. 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f,
  29455. 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f,
  29456. 0x53, 0x68, 0x4b, 0x22
  29457. };
  29458. #endif
  29459. #ifndef NO_SHA256
  29460. static const unsigned char testResultSha256[] =
  29461. {
  29462. 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
  29463. 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
  29464. 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
  29465. 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
  29466. };
  29467. #endif
  29468. #ifdef WOLFSSL_SHA384
  29469. static const unsigned char testResultSha384[] =
  29470. {
  29471. 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
  29472. 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
  29473. 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
  29474. 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
  29475. 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
  29476. 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
  29477. };
  29478. #endif
  29479. #ifdef WOLFSSL_SHA512
  29480. static const unsigned char testResultSha512[] =
  29481. {
  29482. 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
  29483. 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
  29484. 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
  29485. 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
  29486. 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02,
  29487. 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4,
  29488. 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70,
  29489. 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54
  29490. };
  29491. #endif
  29492. #ifdef WOLFSSL_SHA3
  29493. #ifndef WOLFSSL_NOSHA3_224
  29494. static const unsigned char testResultSha3_224[] =
  29495. {
  29496. 0x3b, 0x16, 0x54, 0x6b, 0xbc, 0x7b, 0xe2, 0x70,
  29497. 0x6a, 0x03, 0x1d, 0xca, 0xfd, 0x56, 0x37, 0x3d,
  29498. 0x98, 0x84, 0x36, 0x76, 0x41, 0xd8, 0xc5, 0x9a,
  29499. 0xf3, 0xc8, 0x60, 0xf7
  29500. };
  29501. #endif
  29502. #ifndef WOLFSSL_NOSHA3_256
  29503. static const unsigned char testResultSha3_256[] =
  29504. {
  29505. 0xba, 0x85, 0x19, 0x23, 0x10, 0xdf, 0xfa, 0x96,
  29506. 0xe2, 0xa3, 0xa4, 0x0e, 0x69, 0x77, 0x43, 0x51,
  29507. 0x14, 0x0b, 0xb7, 0x18, 0x5e, 0x12, 0x02, 0xcd,
  29508. 0xcc, 0x91, 0x75, 0x89, 0xf9, 0x5e, 0x16, 0xbb
  29509. };
  29510. #endif
  29511. #ifndef WOLFSSL_NOSHA3_384
  29512. static const unsigned char testResultSha3_384[] =
  29513. {
  29514. 0x68, 0xd2, 0xdc, 0xf7, 0xfd, 0x4d, 0xdd, 0x0a,
  29515. 0x22, 0x40, 0xc8, 0xa4, 0x37, 0x30, 0x5f, 0x61,
  29516. 0xfb, 0x73, 0x34, 0xcf, 0xb5, 0xd0, 0x22, 0x6e,
  29517. 0x1b, 0xc2, 0x7d, 0xc1, 0x0a, 0x2e, 0x72, 0x3a,
  29518. 0x20, 0xd3, 0x70, 0xb4, 0x77, 0x43, 0x13, 0x0e,
  29519. 0x26, 0xac, 0x7e, 0x3d, 0x53, 0x28, 0x86, 0xbd
  29520. };
  29521. #endif
  29522. #ifndef WOLFSSL_NOSHA3_512
  29523. static const unsigned char testResultSha3_512[] =
  29524. {
  29525. 0xeb, 0x3f, 0xbd, 0x4b, 0x2e, 0xaa, 0xb8, 0xf5,
  29526. 0xc5, 0x04, 0xbd, 0x3a, 0x41, 0x46, 0x5a, 0xac,
  29527. 0xec, 0x15, 0x77, 0x0a, 0x7c, 0xab, 0xac, 0x53,
  29528. 0x1e, 0x48, 0x2f, 0x86, 0x0b, 0x5e, 0xc7, 0xba,
  29529. 0x47, 0xcc, 0xb2, 0xc6, 0xf2, 0xaf, 0xce, 0x8f,
  29530. 0x88, 0xd2, 0x2b, 0x6d, 0xc6, 0x13, 0x80, 0xf2,
  29531. 0x3a, 0x66, 0x8f, 0xd3, 0x88, 0x8b, 0xb8, 0x05,
  29532. 0x37, 0xc0, 0xa0, 0xb8, 0x64, 0x07, 0x68, 0x9e
  29533. };
  29534. #endif
  29535. #endif
  29536. #ifndef NO_SHA256
  29537. test_hmac_signing(wolfSSL_EVP_sha256(), testKey, sizeof(testKey), testData,
  29538. XSTRLEN(testData), testResultSha256, sizeof(testResultSha256));
  29539. #endif
  29540. #ifdef WOLFSSL_SHA224
  29541. test_hmac_signing(wolfSSL_EVP_sha224(), testKey, sizeof(testKey), testData,
  29542. XSTRLEN(testData), testResultSha224, sizeof(testResultSha224));
  29543. #endif
  29544. #ifdef WOLFSSL_SHA384
  29545. test_hmac_signing(wolfSSL_EVP_sha384(), testKey, sizeof(testKey), testData,
  29546. XSTRLEN(testData), testResultSha384, sizeof(testResultSha384));
  29547. #endif
  29548. #ifdef WOLFSSL_SHA512
  29549. test_hmac_signing(wolfSSL_EVP_sha512(), testKey, sizeof(testKey), testData,
  29550. XSTRLEN(testData), testResultSha512, sizeof(testResultSha512));
  29551. #endif
  29552. #ifdef WOLFSSL_SHA3
  29553. #ifndef WOLFSSL_NOSHA3_224
  29554. test_hmac_signing(wolfSSL_EVP_sha3_224(), testKey, sizeof(testKey),
  29555. testData, XSTRLEN(testData), testResultSha3_224,
  29556. sizeof(testResultSha3_224));
  29557. #endif
  29558. #ifndef WOLFSSL_NOSHA3_256
  29559. test_hmac_signing(wolfSSL_EVP_sha3_256(), testKey, sizeof(testKey),
  29560. testData, XSTRLEN(testData), testResultSha3_256,
  29561. sizeof(testResultSha3_256));
  29562. #endif
  29563. #ifndef WOLFSSL_NOSHA3_384
  29564. test_hmac_signing(wolfSSL_EVP_sha3_384(), testKey, sizeof(testKey),
  29565. testData, XSTRLEN(testData), testResultSha3_384,
  29566. sizeof(testResultSha3_384));
  29567. #endif
  29568. #ifndef WOLFSSL_NOSHA3_512
  29569. test_hmac_signing(wolfSSL_EVP_sha3_512(), testKey, sizeof(testKey),
  29570. testData, XSTRLEN(testData), testResultSha3_512,
  29571. sizeof(testResultSha3_512));
  29572. #endif
  29573. #endif
  29574. res = TEST_RES_CHECK(1);
  29575. #endif /* OPENSSL_EXTRA */
  29576. return res;
  29577. }
  29578. static int test_wolfSSL_EVP_MD_rsa_signing(void)
  29579. {
  29580. int res = TEST_SKIPPED;
  29581. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
  29582. defined(USE_CERT_BUFFERS_2048)
  29583. WOLFSSL_EVP_PKEY* privKey;
  29584. WOLFSSL_EVP_PKEY* pubKey;
  29585. WOLFSSL_EVP_PKEY_CTX* keyCtx;
  29586. const char testData[] = "Hi There";
  29587. WOLFSSL_EVP_MD_CTX mdCtx;
  29588. WOLFSSL_EVP_MD_CTX mdCtxCopy;
  29589. size_t checkSz = -1;
  29590. int sz = 2048 / 8;
  29591. const unsigned char* cp;
  29592. const unsigned char* p;
  29593. unsigned char check[2048/8];
  29594. size_t i;
  29595. int paddings[] = {
  29596. RSA_PKCS1_PADDING,
  29597. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS)
  29598. RSA_PKCS1_PSS_PADDING,
  29599. #endif
  29600. };
  29601. cp = client_key_der_2048;
  29602. AssertNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp,
  29603. sizeof_client_key_der_2048)));
  29604. p = client_keypub_der_2048;
  29605. AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
  29606. sizeof_client_keypub_der_2048)));
  29607. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29608. wolfSSL_EVP_MD_CTX_init(&mdCtxCopy);
  29609. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  29610. NULL, privKey), 1);
  29611. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
  29612. (unsigned int)XSTRLEN(testData)), 1);
  29613. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  29614. AssertIntEQ((int)checkSz, sz);
  29615. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  29616. AssertIntEQ((int)checkSz,sz);
  29617. AssertIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1);
  29618. AssertIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1);
  29619. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtxCopy), 1);
  29620. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29621. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29622. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  29623. NULL, pubKey), 1);
  29624. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
  29625. (unsigned int)XSTRLEN(testData)),
  29626. 1);
  29627. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
  29628. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29629. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29630. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  29631. NULL, privKey), 1);
  29632. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
  29633. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  29634. AssertIntEQ((int)checkSz, sz);
  29635. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  29636. AssertIntEQ((int)checkSz, sz);
  29637. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
  29638. (unsigned int)XSTRLEN(testData) - 4), 1);
  29639. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  29640. AssertIntEQ((int)checkSz, sz);
  29641. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29642. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29643. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  29644. NULL, pubKey), 1);
  29645. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
  29646. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
  29647. (unsigned int)XSTRLEN(testData) - 4),
  29648. 1);
  29649. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
  29650. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29651. /* Check all signing padding types */
  29652. for (i = 0; i < sizeof(paddings)/sizeof(int); i++) {
  29653. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29654. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx,
  29655. wolfSSL_EVP_sha256(), NULL, privKey), 1);
  29656. AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
  29657. paddings[i]), 1);
  29658. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
  29659. (unsigned int)XSTRLEN(testData)), 1);
  29660. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  29661. AssertIntEQ((int)checkSz, sz);
  29662. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  29663. AssertIntEQ((int)checkSz,sz);
  29664. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29665. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29666. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx,
  29667. wolfSSL_EVP_sha256(), NULL, pubKey), 1);
  29668. AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
  29669. paddings[i]), 1);
  29670. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
  29671. (unsigned int)XSTRLEN(testData)), 1);
  29672. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
  29673. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29674. }
  29675. wolfSSL_EVP_PKEY_free(pubKey);
  29676. wolfSSL_EVP_PKEY_free(privKey);
  29677. res = TEST_RES_CHECK(1);
  29678. #endif
  29679. return res;
  29680. }
  29681. static int test_wolfSSL_EVP_MD_ecc_signing(void)
  29682. {
  29683. int res = TEST_SKIPPED;
  29684. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  29685. WOLFSSL_EVP_PKEY* privKey;
  29686. WOLFSSL_EVP_PKEY* pubKey;
  29687. const char testData[] = "Hi There";
  29688. WOLFSSL_EVP_MD_CTX mdCtx;
  29689. size_t checkSz = -1;
  29690. const unsigned char* cp;
  29691. const unsigned char* p;
  29692. unsigned char check[2048/8];
  29693. cp = ecc_clikey_der_256;
  29694. privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
  29695. sizeof_ecc_clikey_der_256);
  29696. AssertNotNull(privKey);
  29697. p = ecc_clikeypub_der_256;
  29698. AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
  29699. sizeof_ecc_clikeypub_der_256)));
  29700. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29701. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  29702. NULL, privKey), 1);
  29703. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
  29704. (unsigned int)XSTRLEN(testData)), 1);
  29705. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  29706. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  29707. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29708. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29709. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  29710. NULL, pubKey), 1);
  29711. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
  29712. (unsigned int)XSTRLEN(testData)),
  29713. 1);
  29714. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
  29715. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29716. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29717. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  29718. NULL, privKey), 1);
  29719. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
  29720. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  29721. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  29722. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
  29723. (unsigned int)XSTRLEN(testData) - 4), 1);
  29724. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  29725. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29726. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  29727. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  29728. NULL, pubKey), 1);
  29729. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
  29730. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
  29731. (unsigned int)XSTRLEN(testData) - 4),
  29732. 1);
  29733. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
  29734. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  29735. wolfSSL_EVP_PKEY_free(pubKey);
  29736. wolfSSL_EVP_PKEY_free(privKey);
  29737. res = TEST_RES_CHECK(1);
  29738. #endif
  29739. return res;
  29740. }
  29741. static int test_wolfSSL_CTX_add_extra_chain_cert(void)
  29742. {
  29743. int res = TEST_SKIPPED;
  29744. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  29745. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO)
  29746. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  29747. char caFile[] = "./certs/client-ca.pem";
  29748. char clientFile[] = "./certs/client-cert.pem";
  29749. SSL_CTX* ctx;
  29750. X509* x509;
  29751. BIO *bio = NULL;
  29752. X509 *cert = NULL;
  29753. X509 *ca;
  29754. STACK_OF(X509) *chain = NULL;
  29755. STACK_OF(X509) *chain2 = NULL;
  29756. #ifndef NO_WOLFSSL_SERVER
  29757. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  29758. #else
  29759. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  29760. #endif
  29761. x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
  29762. AssertNotNull(x509);
  29763. AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
  29764. x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
  29765. AssertNotNull(x509);
  29766. #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
  29767. /* additional test of getting EVP_PKEY key size from X509
  29768. * Do not run with user RSA because wolfSSL_RSA_size is not currently
  29769. * allowed with user RSA */
  29770. {
  29771. EVP_PKEY* pkey;
  29772. #if defined(HAVE_ECC)
  29773. X509* ecX509;
  29774. #endif /* HAVE_ECC */
  29775. AssertNotNull(pkey = X509_get_pubkey(x509));
  29776. /* current RSA key is 2048 bit (256 bytes) */
  29777. AssertIntEQ(EVP_PKEY_size(pkey), 256);
  29778. EVP_PKEY_free(pkey);
  29779. #if defined(HAVE_ECC)
  29780. #if defined(USE_CERT_BUFFERS_256)
  29781. AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
  29782. cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
  29783. SSL_FILETYPE_ASN1));
  29784. #else
  29785. AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(cliEccCertFile,
  29786. SSL_FILETYPE_PEM));
  29787. #endif
  29788. pkey = X509_get_pubkey(ecX509);
  29789. AssertNotNull(pkey);
  29790. /* current ECC key is 256 bit (32 bytes) */
  29791. AssertIntEQ(EVP_PKEY_size(pkey), 32);
  29792. X509_free(ecX509);
  29793. EVP_PKEY_free(pkey);
  29794. #endif /* HAVE_ECC */
  29795. }
  29796. #endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
  29797. AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS);
  29798. #ifdef WOLFSSL_ENCRYPTED_KEYS
  29799. AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
  29800. AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
  29801. #endif
  29802. SSL_CTX_free(ctx);
  29803. #ifndef NO_WOLFSSL_SERVER
  29804. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  29805. #else
  29806. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  29807. #endif
  29808. /* Test haproxy use case */
  29809. AssertNotNull(bio = BIO_new_file(svrCertFile, "r"));
  29810. /* Read Certificate */
  29811. AssertNotNull(cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
  29812. AssertNotNull(ca = PEM_read_bio_X509(bio, NULL, NULL, NULL));
  29813. AssertNotNull(chain = sk_X509_new_null());
  29814. AssertIntEQ(sk_X509_push(chain, ca), 1);
  29815. AssertNotNull(chain2 = X509_chain_up_ref(chain));
  29816. AssertNotNull(ca = sk_X509_shift(chain2));
  29817. AssertIntEQ(SSL_CTX_use_certificate(ctx, cert), 1);
  29818. AssertIntEQ(SSL_CTX_add_extra_chain_cert(ctx, ca), 1);
  29819. BIO_free(bio);
  29820. X509_free(cert);
  29821. sk_X509_pop_free(chain, X509_free);
  29822. sk_X509_pop_free(chain2, X509_free);
  29823. SSL_CTX_free(ctx);
  29824. res = TEST_RES_CHECK(1);
  29825. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  29826. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  29827. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined (NO_BIO) */
  29828. return res;
  29829. }
  29830. #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
  29831. static int test_wolfSSL_ERR_peek_last_error_line(void)
  29832. {
  29833. int res = TEST_SKIPPED;
  29834. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  29835. !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
  29836. !defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \
  29837. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_ERROR_QUEUE)
  29838. tcp_ready ready;
  29839. func_args client_args;
  29840. func_args server_args;
  29841. #ifndef SINGLE_THREADED
  29842. THREAD_TYPE serverThread;
  29843. #endif
  29844. callback_functions client_cb;
  29845. callback_functions server_cb;
  29846. int line = 0;
  29847. int flag = ERR_TXT_STRING;
  29848. const char* file = NULL;
  29849. const char* data = NULL;
  29850. /* create a failed connection and inspect the error */
  29851. #ifdef WOLFSSL_TIRTOS
  29852. fdOpenSession(Task_self());
  29853. #endif
  29854. XMEMSET(&client_args, 0, sizeof(func_args));
  29855. XMEMSET(&server_args, 0, sizeof(func_args));
  29856. StartTCP();
  29857. InitTcpReady(&ready);
  29858. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  29859. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  29860. client_cb.method = wolfTLSv1_1_client_method;
  29861. server_cb.method = wolfTLSv1_2_server_method;
  29862. server_args.signal = &ready;
  29863. server_args.callbacks = &server_cb;
  29864. client_args.signal = &ready;
  29865. client_args.callbacks = &client_cb;
  29866. #ifndef SINGLE_THREADED
  29867. start_thread(test_server_nofail, &server_args, &serverThread);
  29868. wait_tcp_ready(&server_args);
  29869. test_client_nofail(&client_args, NULL);
  29870. join_thread(serverThread);
  29871. #endif
  29872. FreeTcpReady(&ready);
  29873. AssertIntGT(ERR_get_error_line_data(NULL, NULL, &data, &flag), 0);
  29874. AssertNotNull(data);
  29875. /* check clearing error state */
  29876. ERR_remove_state(0);
  29877. AssertIntEQ((int)ERR_peek_last_error_line(NULL, NULL), 0);
  29878. ERR_peek_last_error_line(NULL, &line);
  29879. AssertIntEQ(line, 0);
  29880. ERR_peek_last_error_line(&file, NULL);
  29881. AssertNull(file);
  29882. /* retry connection to fill error queue */
  29883. XMEMSET(&client_args, 0, sizeof(func_args));
  29884. XMEMSET(&server_args, 0, sizeof(func_args));
  29885. StartTCP();
  29886. InitTcpReady(&ready);
  29887. client_cb.method = wolfTLSv1_1_client_method;
  29888. server_cb.method = wolfTLSv1_2_server_method;
  29889. server_args.signal = &ready;
  29890. server_args.callbacks = &server_cb;
  29891. client_args.signal = &ready;
  29892. client_args.callbacks = &client_cb;
  29893. start_thread(test_server_nofail, &server_args, &serverThread);
  29894. wait_tcp_ready(&server_args);
  29895. test_client_nofail(&client_args, NULL);
  29896. join_thread(serverThread);
  29897. FreeTcpReady(&ready);
  29898. /* check that error code was stored */
  29899. AssertIntNE((int)ERR_peek_last_error_line(NULL, NULL), 0);
  29900. ERR_peek_last_error_line(NULL, &line);
  29901. AssertIntNE(line, 0);
  29902. ERR_peek_last_error_line(&file, NULL);
  29903. AssertNotNull(file);
  29904. #ifdef WOLFSSL_TIRTOS
  29905. fdOpenSession(Task_self());
  29906. #endif
  29907. fprintf(stderr, "\nTesting error print out\n");
  29908. ERR_print_errors_fp(stderr);
  29909. fprintf(stderr, "Done testing print out\n\n");
  29910. res = TEST_RES_CHECK(1);
  29911. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  29912. !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */
  29913. return res;
  29914. }
  29915. #endif
  29916. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  29917. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  29918. static int verify_cb(int ok, X509_STORE_CTX *ctx)
  29919. {
  29920. (void) ok;
  29921. (void) ctx;
  29922. fprintf(stderr, "ENTER verify_cb\n");
  29923. return SSL_SUCCESS;
  29924. }
  29925. #endif
  29926. static int test_wolfSSL_X509_Name_canon(void)
  29927. {
  29928. int res = TEST_SKIPPED;
  29929. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  29930. !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \
  29931. defined(WOLFSSL_CERT_GEN) && \
  29932. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA)
  29933. const long ex_hash1 = 0x0fdb2da4;
  29934. const long ex_hash2 = 0x9f3e8c9e;
  29935. X509_NAME *name = NULL;
  29936. X509 *x509 = NULL;
  29937. FILE* file = NULL;
  29938. unsigned long hash = 0;
  29939. byte digest[WC_MAX_DIGEST_SIZE] = {0};
  29940. byte *pbuf = NULL;
  29941. word32 len = 0;
  29942. (void) ex_hash2;
  29943. file = XFOPEN(caCertFile, "rb");
  29944. AssertNotNull(file);
  29945. AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
  29946. AssertNotNull(name = X509_get_issuer_name(x509));
  29947. /* When output buffer is NULL, should return necessary output buffer
  29948. * length.*/
  29949. AssertIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0);
  29950. AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
  29951. AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
  29952. hash = (((unsigned long)digest[3] << 24) |
  29953. ((unsigned long)digest[2] << 16) |
  29954. ((unsigned long)digest[1] << 8) |
  29955. ((unsigned long)digest[0]));
  29956. AssertIntEQ(hash, ex_hash1);
  29957. XFCLOSE(file);
  29958. X509_free(x509);
  29959. XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
  29960. pbuf = NULL;
  29961. file = XFOPEN(cliCertFile, "rb");
  29962. AssertNotNull(file);
  29963. AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
  29964. AssertNotNull(name = X509_get_issuer_name(x509));
  29965. AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
  29966. AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
  29967. hash = (((unsigned long)digest[3] << 24) |
  29968. ((unsigned long)digest[2] << 16) |
  29969. ((unsigned long)digest[1] << 8) |
  29970. ((unsigned long)digest[0]));
  29971. AssertIntEQ(hash, ex_hash2);
  29972. XFCLOSE(file);
  29973. X509_free(x509);
  29974. XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
  29975. res = TEST_RES_CHECK(1);
  29976. #endif
  29977. return res;
  29978. }
  29979. static int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
  29980. {
  29981. int res = TEST_SKIPPED;
  29982. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
  29983. const int MAX_DIR = 4;
  29984. const char paths[][32] = {
  29985. "./certs/ed25519",
  29986. "./certs/ecc",
  29987. "./certs/crl",
  29988. "./certs/",
  29989. };
  29990. char CertCrl_path[MAX_FILENAME_SZ];
  29991. char *p;
  29992. X509_STORE* str;
  29993. X509_LOOKUP* lookup;
  29994. WOLFSSL_STACK* sk = NULL;
  29995. int len, total_len, i;
  29996. (void) sk;
  29997. XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ);
  29998. /* illegal string */
  29999. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  30000. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  30001. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "",
  30002. SSL_FILETYPE_PEM,NULL), 0);
  30003. /* free store */
  30004. X509_STORE_free(str);
  30005. /* short folder string */
  30006. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  30007. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  30008. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./",
  30009. SSL_FILETYPE_PEM,NULL), 1);
  30010. #if defined(WOLFSSL_INT_H)
  30011. /* only available when including internal.h */
  30012. AssertNotNull(sk = lookup->dirs->dir_entry);
  30013. #endif
  30014. /* free store */
  30015. X509_STORE_free(str);
  30016. /* typical function check */
  30017. p = &CertCrl_path[0];
  30018. total_len = 0;
  30019. for (i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) {
  30020. len = (int)XSTRLEN((const char*)&paths[i]);
  30021. total_len += len;
  30022. XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len);
  30023. p += len;
  30024. if (i != 0) *(p++) = SEPARATOR_CHAR;
  30025. }
  30026. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  30027. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  30028. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path,
  30029. SSL_FILETYPE_PEM,NULL), 1);
  30030. #if defined(WOLFSSL_INT_H)
  30031. /* only available when including internal.h */
  30032. AssertNotNull(sk = lookup->dirs->dir_entry);
  30033. #endif
  30034. X509_STORE_free(str);
  30035. res = TEST_RES_CHECK(1);
  30036. #endif
  30037. return res;
  30038. }
  30039. static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
  30040. {
  30041. int res = TEST_SKIPPED;
  30042. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  30043. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
  30044. defined(WOLFSSL_SIGNER_DER_CERT)
  30045. X509_STORE_CTX* ctx;
  30046. X509_STORE* str;
  30047. X509_LOOKUP* lookup;
  30048. X509* cert1;
  30049. X509* x509Ca;
  30050. X509* x509Svr;
  30051. X509* issuer;
  30052. WOLFSSL_STACK* sk = NULL;
  30053. X509_NAME* caName;
  30054. X509_NAME* issuerName;
  30055. FILE* file1 = NULL;
  30056. int i, cert_count, cmp;
  30057. char der[] = "certs/ca-cert.der";
  30058. #ifdef HAVE_CRL
  30059. char pem[][100] = {
  30060. "./certs/crl/crl.pem",
  30061. "./certs/crl/crl2.pem",
  30062. "./certs/crl/caEccCrl.pem",
  30063. "./certs/crl/eccCliCRL.pem",
  30064. "./certs/crl/eccSrvCRL.pem",
  30065. ""
  30066. };
  30067. #endif
  30068. AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
  30069. AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
  30070. fclose(file1);
  30071. AssertNotNull(ctx = X509_STORE_CTX_new());
  30072. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  30073. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  30074. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
  30075. SSL_FILETYPE_PEM,NULL), 1);
  30076. AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
  30077. AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
  30078. /* check if CA cert is loaded into the store */
  30079. for (i = 0; i < cert_count; i++) {
  30080. x509Ca = sk_X509_value(sk, i);
  30081. AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
  30082. }
  30083. AssertNotNull((x509Svr =
  30084. wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
  30085. AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
  30086. AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
  30087. issuer = X509_STORE_CTX_get0_current_issuer(ctx);
  30088. AssertNotNull(issuer);
  30089. caName = X509_get_subject_name(x509Ca);
  30090. AssertNotNull(caName);
  30091. issuerName = X509_get_subject_name(issuer);
  30092. AssertNotNull(issuerName);
  30093. cmp = X509_NAME_cmp(caName, issuerName);
  30094. AssertIntEQ(cmp, 0);
  30095. /* load der format */
  30096. X509_free(issuer);
  30097. X509_STORE_CTX_free(ctx);
  30098. X509_STORE_free(str);
  30099. sk_X509_pop_free(sk, NULL);
  30100. X509_free(x509Svr);
  30101. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  30102. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  30103. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der,
  30104. SSL_FILETYPE_ASN1,NULL), 1);
  30105. AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
  30106. AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
  30107. /* check if CA cert is loaded into the store */
  30108. for (i = 0; i < cert_count; i++) {
  30109. x509Ca = sk_X509_value(sk, i);
  30110. AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
  30111. }
  30112. X509_STORE_free(str);
  30113. sk_X509_pop_free(sk, NULL);
  30114. X509_free(cert1);
  30115. #ifdef HAVE_CRL
  30116. AssertNotNull(str = wolfSSL_X509_STORE_new());
  30117. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  30118. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
  30119. SSL_FILETYPE_PEM,NULL), 1);
  30120. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD,
  30121. "certs/server-revoked-cert.pem",
  30122. SSL_FILETYPE_PEM,NULL), 1);
  30123. if (str) {
  30124. AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile,
  30125. WOLFSSL_FILETYPE_PEM), 1);
  30126. /* since store hasn't yet known the revoked cert*/
  30127. AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
  30128. "certs/server-revoked-cert.pem",
  30129. WOLFSSL_FILETYPE_PEM), 1);
  30130. }
  30131. for (i = 0; pem[i][0] != '\0'; i++)
  30132. {
  30133. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i],
  30134. SSL_FILETYPE_PEM, NULL), 1);
  30135. }
  30136. if (str) {
  30137. /* since store knows crl list */
  30138. AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
  30139. "certs/server-revoked-cert.pem",
  30140. WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
  30141. }
  30142. AssertIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0);
  30143. X509_STORE_free(str);
  30144. #endif
  30145. res = TEST_RES_CHECK(1);
  30146. #endif
  30147. return res;
  30148. }
  30149. static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void)
  30150. {
  30151. int res = TEST_SKIPPED;
  30152. #if defined(OPENSSL_EXTRA)
  30153. X509_STORE_CTX_cleanup(NULL);
  30154. X509_STORE_CTX_trusted_stack(NULL, NULL);
  30155. AssertTrue(1); /* to confirm previous call gives no harm */
  30156. res = TEST_RES_CHECK(1);
  30157. #endif
  30158. return res;
  30159. }
  30160. static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
  30161. {
  30162. int res = TEST_SKIPPED;
  30163. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  30164. #ifdef WOLFSSL_SIGNER_DER_CERT
  30165. int cmp;
  30166. #endif
  30167. X509_STORE_CTX* ctx;
  30168. X509_STORE* str;
  30169. X509* x509Ca;
  30170. X509* x509Svr;
  30171. X509* issuer;
  30172. X509_NAME* caName;
  30173. X509_NAME* issuerName;
  30174. AssertNotNull(ctx = X509_STORE_CTX_new());
  30175. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  30176. AssertNotNull((x509Ca =
  30177. wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)));
  30178. AssertIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS);
  30179. AssertNotNull((x509Svr =
  30180. wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
  30181. AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
  30182. AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
  30183. issuer = X509_STORE_CTX_get0_current_issuer(ctx);
  30184. AssertNotNull(issuer);
  30185. caName = X509_get_subject_name(x509Ca);
  30186. AssertNotNull(caName);
  30187. issuerName = X509_get_subject_name(issuer);
  30188. AssertNotNull(issuerName);
  30189. #ifdef WOLFSSL_SIGNER_DER_CERT
  30190. cmp = X509_NAME_cmp(caName, issuerName);
  30191. AssertIntEQ(cmp, 0);
  30192. #endif
  30193. X509_free(issuer);
  30194. X509_STORE_CTX_free(ctx);
  30195. X509_free(x509Svr);
  30196. X509_STORE_free(str);
  30197. X509_free(x509Ca);
  30198. res = TEST_RES_CHECK(1);
  30199. #endif
  30200. return res;
  30201. }
  30202. static int test_wolfSSL_PKCS7_certs(void)
  30203. {
  30204. int res = TEST_SKIPPED;
  30205. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_BIO) && \
  30206. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7)
  30207. STACK_OF(X509)* sk = NULL;
  30208. STACK_OF(X509_INFO)* info_sk = NULL;
  30209. PKCS7 *p7 = NULL;
  30210. BIO* bio;
  30211. const byte* p = NULL;
  30212. int buflen = 0;
  30213. int i;
  30214. /* Test twice. Once with d2i and once without to test
  30215. * that everything is free'd correctly. */
  30216. for (i = 0; i < 2; i++) {
  30217. AssertNotNull(p7 = PKCS7_new());
  30218. p7->version = 1;
  30219. #ifdef NO_SHA
  30220. p7->hashOID = SHA256h;
  30221. #else
  30222. p7->hashOID = SHAh;
  30223. #endif
  30224. AssertNotNull(bio = BIO_new(BIO_s_file()));
  30225. AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
  30226. AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
  30227. AssertIntEQ(sk_X509_INFO_num(info_sk), 2);
  30228. AssertNotNull(sk = sk_X509_new_null());
  30229. while (sk_X509_INFO_num(info_sk)) {
  30230. X509_INFO* info;
  30231. AssertNotNull(info = sk_X509_INFO_shift(info_sk));
  30232. AssertIntEQ(sk_X509_push(sk, info->x509), 1);
  30233. info->x509 = NULL;
  30234. X509_INFO_free(info);
  30235. }
  30236. sk_X509_INFO_free(info_sk);
  30237. BIO_free(bio);
  30238. bio = BIO_new(BIO_s_mem());
  30239. AssertIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1);
  30240. AssertIntGT((buflen = BIO_get_mem_data(bio, &p)), 0);
  30241. if (i == 0) {
  30242. PKCS7_free(p7);
  30243. AssertNotNull(d2i_PKCS7(&p7, &p, buflen));
  30244. /* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate them */
  30245. ((WOLFSSL_PKCS7*)p7)->certs = NULL;
  30246. /* PKCS7_free free's the certs */
  30247. AssertNotNull(wolfSSL_PKCS7_to_stack(p7));
  30248. }
  30249. BIO_free(bio);
  30250. PKCS7_free(p7);
  30251. }
  30252. res = TEST_RES_CHECK(1);
  30253. #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  30254. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */
  30255. return res;
  30256. }
  30257. static int test_wolfSSL_X509_STORE_CTX(void)
  30258. {
  30259. int res = TEST_SKIPPED;
  30260. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  30261. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  30262. X509_STORE_CTX* ctx;
  30263. X509_STORE* str;
  30264. X509* x509;
  30265. #ifdef OPENSSL_ALL
  30266. X509* x5092;
  30267. STACK_OF(X509) *sk, *sk2, *sk3;
  30268. #endif
  30269. AssertNotNull(ctx = X509_STORE_CTX_new());
  30270. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  30271. AssertNotNull((x509 =
  30272. wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
  30273. AssertIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS);
  30274. #ifdef OPENSSL_ALL
  30275. /* sk_X509_new only in OPENSSL_ALL */
  30276. sk = sk_X509_new_null();
  30277. AssertNotNull(sk);
  30278. AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS);
  30279. #else
  30280. AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS);
  30281. #endif
  30282. AssertIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0);
  30283. X509_STORE_CTX_set_error(ctx, -5);
  30284. X509_STORE_CTX_set_error(NULL, -5);
  30285. X509_STORE_CTX_free(ctx);
  30286. #ifdef OPENSSL_ALL
  30287. sk_X509_pop_free(sk, NULL);
  30288. #endif
  30289. X509_STORE_free(str);
  30290. X509_free(x509);
  30291. AssertNotNull(ctx = X509_STORE_CTX_new());
  30292. X509_STORE_CTX_set_verify_cb(ctx, verify_cb);
  30293. X509_STORE_CTX_free(ctx);
  30294. #ifdef OPENSSL_ALL
  30295. /* test X509_STORE_CTX_get(1)_chain */
  30296. AssertNotNull((x509 = X509_load_certificate_file(svrCertFile,
  30297. SSL_FILETYPE_PEM)));
  30298. AssertNotNull((x5092 = X509_load_certificate_file(cliCertFile,
  30299. SSL_FILETYPE_PEM)));
  30300. AssertNotNull((sk = sk_X509_new_null()));
  30301. AssertIntEQ(sk_X509_push(sk, x509), 1);
  30302. AssertNotNull((str = X509_STORE_new()));
  30303. AssertNotNull((ctx = X509_STORE_CTX_new()));
  30304. AssertIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1);
  30305. AssertNull((sk2 = X509_STORE_CTX_get_chain(NULL)));
  30306. AssertNotNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
  30307. AssertIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */
  30308. AssertNull((sk3 = X509_STORE_CTX_get1_chain(NULL)));
  30309. AssertNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
  30310. AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
  30311. X509_STORE_CTX_free(ctx);
  30312. X509_STORE_free(str);
  30313. /* CTX certs not freed yet */
  30314. X509_free(x5092);
  30315. sk_X509_pop_free(sk, NULL);
  30316. /* sk3 is dup so free here */
  30317. sk_X509_pop_free(sk3, NULL);
  30318. #endif
  30319. /* test X509_STORE_CTX_get/set_ex_data */
  30320. {
  30321. int i = 0, tmpData = 5;
  30322. void* tmpDataRet;
  30323. AssertNotNull(ctx = X509_STORE_CTX_new());
  30324. #ifdef HAVE_EX_DATA
  30325. for (i = 0; i < MAX_EX_DATA; i++) {
  30326. AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
  30327. WOLFSSL_SUCCESS);
  30328. tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
  30329. AssertNotNull(tmpDataRet);
  30330. AssertIntEQ(tmpData, *(int*)tmpDataRet);
  30331. }
  30332. #else
  30333. AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
  30334. WOLFSSL_FAILURE);
  30335. tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
  30336. AssertNull(tmpDataRet);
  30337. #endif
  30338. X509_STORE_CTX_free(ctx);
  30339. }
  30340. /* test X509_STORE_get/set_ex_data */
  30341. {
  30342. int i = 0, tmpData = 99;
  30343. void* tmpDataRet;
  30344. AssertNotNull(str = X509_STORE_new());
  30345. #ifdef HAVE_EX_DATA
  30346. for (i = 0; i < MAX_EX_DATA; i++) {
  30347. AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
  30348. WOLFSSL_SUCCESS);
  30349. tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
  30350. AssertNotNull(tmpDataRet);
  30351. AssertIntEQ(tmpData, *(int*)tmpDataRet);
  30352. }
  30353. #else
  30354. AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
  30355. WOLFSSL_FAILURE);
  30356. tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
  30357. AssertNull(tmpDataRet);
  30358. #endif
  30359. X509_STORE_free(str);
  30360. }
  30361. res = TEST_RES_CHECK(1);
  30362. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  30363. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  30364. return res;
  30365. }
  30366. static int test_wolfSSL_X509_STORE_set_flags(void)
  30367. {
  30368. int res = TEST_SKIPPED;
  30369. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  30370. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  30371. X509_STORE* store;
  30372. X509* x509;
  30373. AssertNotNull((store = wolfSSL_X509_STORE_new()));
  30374. AssertNotNull((x509 =
  30375. wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM)));
  30376. AssertIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS);
  30377. #ifdef HAVE_CRL
  30378. AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), WOLFSSL_SUCCESS);
  30379. #else
  30380. AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
  30381. NOT_COMPILED_IN);
  30382. #endif
  30383. wolfSSL_X509_free(x509);
  30384. wolfSSL_X509_STORE_free(store);
  30385. res = TEST_RES_CHECK(1);
  30386. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  30387. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  30388. return res;
  30389. }
  30390. static int test_wolfSSL_X509_LOOKUP_load_file(void)
  30391. {
  30392. int res = TEST_SKIPPED;
  30393. #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
  30394. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
  30395. (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
  30396. WOLFSSL_X509_STORE* store;
  30397. WOLFSSL_X509_LOOKUP* lookup;
  30398. AssertNotNull(store = wolfSSL_X509_STORE_new());
  30399. AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
  30400. AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem",
  30401. X509_FILETYPE_PEM), 1);
  30402. AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem",
  30403. X509_FILETYPE_PEM), 1);
  30404. if (store) {
  30405. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
  30406. WOLFSSL_FILETYPE_PEM), 1);
  30407. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
  30408. WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
  30409. }
  30410. AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
  30411. X509_FILETYPE_PEM), 1);
  30412. if (store) {
  30413. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
  30414. WOLFSSL_FILETYPE_PEM), 1);
  30415. }
  30416. wolfSSL_X509_STORE_free(store);
  30417. res = TEST_RES_CHECK(1);
  30418. #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
  30419. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  30420. return res;
  30421. }
  30422. static int test_wolfSSL_X509_STORE_CTX_set_time(void)
  30423. {
  30424. int res = TEST_SKIPPED;
  30425. #if defined(OPENSSL_EXTRA)
  30426. WOLFSSL_X509_STORE_CTX* ctx;
  30427. time_t c_time;
  30428. AssertNotNull(ctx = wolfSSL_X509_STORE_CTX_new());
  30429. c_time = 365*24*60*60;
  30430. wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time);
  30431. AssertTrue(
  30432. (ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == WOLFSSL_USE_CHECK_TIME);
  30433. AssertTrue(ctx->param->check_time == c_time);
  30434. wolfSSL_X509_STORE_CTX_free(ctx);
  30435. res = TEST_RES_CHECK(1);
  30436. #endif /* OPENSSL_EXTRA */
  30437. return res;
  30438. }
  30439. static int test_wolfSSL_CTX_get0_set1_param(void)
  30440. {
  30441. int res = TEST_SKIPPED;
  30442. #if defined(OPENSSL_EXTRA)
  30443. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  30444. int ret;
  30445. SSL_CTX* ctx;
  30446. WOLFSSL_X509_VERIFY_PARAM* pParam;
  30447. WOLFSSL_X509_VERIFY_PARAM* pvpm;
  30448. char testIPv4[] = "127.0.0.1";
  30449. char testhostName[] = "foo.hoge.com";
  30450. #ifndef NO_WOLFSSL_SERVER
  30451. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  30452. #else
  30453. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  30454. #endif
  30455. AssertNull(SSL_CTX_get0_param(NULL));
  30456. AssertNotNull(pParam = SSL_CTX_get0_param(ctx));
  30457. pvpm = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC(
  30458. sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL);
  30459. AssertNotNull(pvpm);
  30460. XMEMSET(pvpm, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
  30461. wolfSSL_X509_VERIFY_PARAM_set1_host(pvpm, testhostName,
  30462. (int)XSTRLEN(testhostName));
  30463. wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(pvpm, testIPv4);
  30464. wolfSSL_X509_VERIFY_PARAM_set_hostflags(pvpm, 0x01);
  30465. ret = SSL_CTX_set1_param(ctx, pvpm);
  30466. AssertIntEQ(1, ret);
  30467. AssertIntEQ(0, XSTRNCMP(pParam->hostName, testhostName,
  30468. (int)XSTRLEN(testhostName)));
  30469. AssertIntEQ(0x01, pParam->hostFlags);
  30470. AssertIntEQ(0, XSTRNCMP(pParam->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
  30471. /* test for incorrect patameter */
  30472. AssertIntEQ(1,SSL_CTX_set1_param(ctx, NULL));
  30473. AssertIntEQ(1,SSL_CTX_set1_param(NULL, pvpm));
  30474. AssertIntEQ(1,SSL_CTX_set1_param(NULL, NULL));
  30475. SSL_CTX_free(ctx);
  30476. XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL);
  30477. res = TEST_RES_CHECK(1);
  30478. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  30479. #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
  30480. return res;
  30481. }
  30482. static int test_wolfSSL_get0_param(void)
  30483. {
  30484. int res = TEST_SKIPPED;
  30485. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  30486. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  30487. SSL_CTX* ctx;
  30488. SSL* ssl;
  30489. WOLFSSL_X509_VERIFY_PARAM* pParam;
  30490. #ifndef NO_WOLFSSL_SERVER
  30491. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  30492. #else
  30493. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  30494. #endif
  30495. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  30496. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  30497. AssertNotNull(ssl = SSL_new(ctx));
  30498. pParam = SSL_get0_param(ssl);
  30499. (void)pParam;
  30500. SSL_free(ssl);
  30501. SSL_CTX_free(ctx);
  30502. res = TEST_RES_CHECK(1);
  30503. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  30504. #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
  30505. return res;
  30506. }
  30507. static int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
  30508. {
  30509. int res = TEST_SKIPPED;
  30510. #if defined(OPENSSL_EXTRA)
  30511. const char host[] = "www.example.com";
  30512. WOLFSSL_X509_VERIFY_PARAM* pParam;
  30513. AssertNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
  30514. sizeof(WOLFSSL_X509_VERIFY_PARAM),
  30515. HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
  30516. XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
  30517. X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));
  30518. AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
  30519. XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
  30520. AssertIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
  30521. XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
  30522. res = TEST_RES_CHECK(1);
  30523. #endif /* OPENSSL_EXTRA */
  30524. return res;
  30525. }
  30526. static int test_wolfSSL_set1_host(void)
  30527. {
  30528. int res = TEST_SKIPPED;
  30529. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  30530. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  30531. const char host[] = "www.test_wolfSSL_set1_host.com";
  30532. const char emptyStr[] = "";
  30533. SSL_CTX* ctx;
  30534. SSL* ssl;
  30535. WOLFSSL_X509_VERIFY_PARAM* pParam;
  30536. #ifndef NO_WOLFSSL_SERVER
  30537. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  30538. #else
  30539. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  30540. #endif
  30541. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  30542. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  30543. AssertNotNull(ssl = SSL_new(ctx));
  30544. pParam = SSL_get0_param(ssl);
  30545. /* we should get back host string */
  30546. SSL_set1_host(ssl, host);
  30547. AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
  30548. /* we should get back empty string */
  30549. SSL_set1_host(ssl, emptyStr);
  30550. AssertIntEQ(XMEMCMP(pParam->hostName, emptyStr, sizeof(emptyStr)), 0);
  30551. /* we should get back host string */
  30552. SSL_set1_host(ssl, host);
  30553. AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
  30554. /* we should get back empty string */
  30555. SSL_set1_host(ssl, NULL);
  30556. AssertIntEQ(XMEMCMP(pParam->hostName, emptyStr, sizeof(emptyStr)), 0);
  30557. SSL_free(ssl);
  30558. SSL_CTX_free(ctx);
  30559. res = TEST_RES_CHECK(1);
  30560. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  30561. #endif /* OPENSSL_EXTRA */
  30562. return res;
  30563. }
  30564. static int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void)
  30565. {
  30566. int res = TEST_SKIPPED;
  30567. #if defined(OPENSSL_EXTRA)
  30568. unsigned char buf[16] = {0};
  30569. WOLFSSL_X509_VERIFY_PARAM* param;
  30570. AssertNotNull(param = X509_VERIFY_PARAM_new());
  30571. /* test 127.0.0.1 */
  30572. buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1;
  30573. AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS);
  30574. AssertIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0);
  30575. /* test 2001:db8:3333:4444:5555:6666:7777:8888 */
  30576. buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
  30577. buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68;
  30578. buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102;
  30579. buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136;
  30580. AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
  30581. AssertIntEQ(XSTRNCMP(param->ipasc,
  30582. "2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0);
  30583. /* test 2001:db8:: */
  30584. buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
  30585. buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
  30586. buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
  30587. buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0;
  30588. AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
  30589. AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0);
  30590. /* test ::1234:5678 */
  30591. buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0;
  30592. buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
  30593. buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
  30594. buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120;
  30595. AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
  30596. AssertIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0);
  30597. /* test 2001:db8::1234:5678 */
  30598. buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
  30599. buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
  30600. buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
  30601. buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120;
  30602. AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
  30603. AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678",
  30604. sizeof(param->ipasc)), 0);
  30605. /* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/
  30606. /* 2001:db8:1::ab9:c0a8:102 */
  30607. buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
  30608. buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0;
  30609. buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185;
  30610. buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2;
  30611. AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
  30612. AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102",
  30613. sizeof(param->ipasc)), 0);
  30614. XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
  30615. res = TEST_RES_CHECK(1);
  30616. #endif /* OPENSSL_EXTRA */
  30617. return res;
  30618. }
  30619. static int test_wolfSSL_X509_STORE_CTX_get0_store(void)
  30620. {
  30621. int res = TEST_SKIPPED;
  30622. #if defined(OPENSSL_EXTRA)
  30623. X509_STORE* store;
  30624. X509_STORE_CTX* ctx;
  30625. X509_STORE_CTX* ctx_no_init;
  30626. AssertNotNull((store = X509_STORE_new()));
  30627. AssertNotNull(ctx = X509_STORE_CTX_new());
  30628. AssertNotNull(ctx_no_init = X509_STORE_CTX_new());
  30629. AssertIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS);
  30630. AssertNull(X509_STORE_CTX_get0_store(NULL));
  30631. /* should return NULL if ctx has not bee initialized */
  30632. AssertNull(X509_STORE_CTX_get0_store(ctx_no_init));
  30633. AssertNotNull(X509_STORE_CTX_get0_store(ctx));
  30634. wolfSSL_X509_STORE_CTX_free(ctx);
  30635. wolfSSL_X509_STORE_CTX_free(ctx_no_init);
  30636. X509_STORE_free(store);
  30637. res = TEST_RES_CHECK(1);
  30638. #endif /* OPENSSL_EXTRA */
  30639. return res;
  30640. }
  30641. static int test_wolfSSL_CTX_set_client_CA_list(void)
  30642. {
  30643. int res = TEST_SKIPPED;
  30644. #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
  30645. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO)
  30646. WOLFSSL_CTX* ctx;
  30647. WOLFSSL* ssl;
  30648. X509_NAME* name = NULL;
  30649. STACK_OF(X509_NAME)* names = NULL;
  30650. STACK_OF(X509_NAME)* ca_list = NULL;
  30651. int i, names_len;
  30652. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  30653. /* Send two X501 names in cert request */
  30654. names = SSL_load_client_CA_file(cliCertFile);
  30655. AssertNotNull(names);
  30656. ca_list = SSL_load_client_CA_file(caCertFile);
  30657. AssertNotNull(ca_list);
  30658. AssertIntEQ(sk_X509_NAME_push(names, sk_X509_NAME_value(ca_list, 0)), 1);
  30659. SSL_CTX_set_client_CA_list(ctx, names);
  30660. /* This should only free the stack structure */
  30661. sk_X509_NAME_free(ca_list);
  30662. AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
  30663. AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
  30664. AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
  30665. for (i=0; i<names_len; i++) {
  30666. AssertNotNull(name = sk_X509_NAME_value(names, i));
  30667. AssertIntEQ(sk_X509_NAME_find(names, name), i);
  30668. }
  30669. /* Needed to be able to create ssl object */
  30670. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  30671. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  30672. AssertNotNull(ssl = wolfSSL_new(ctx));
  30673. /* load again as old names are responsibility of ctx to free*/
  30674. names = SSL_load_client_CA_file(cliCertFile);
  30675. AssertNotNull(names);
  30676. SSL_set_client_CA_list(ssl, names);
  30677. AssertNotNull(ca_list = SSL_get_client_CA_list(ssl));
  30678. AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
  30679. AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
  30680. for (i=0; i<names_len; i++) {
  30681. AssertNotNull(name = sk_X509_NAME_value(names, i));
  30682. AssertIntEQ(sk_X509_NAME_find(names, name), i);
  30683. }
  30684. #if !defined(SINGLE_THREADED) && defined(SESSION_CERTS)
  30685. {
  30686. tcp_ready ready;
  30687. func_args server_args;
  30688. callback_functions server_cb;
  30689. THREAD_TYPE serverThread;
  30690. WOLFSSL* ssl_client;
  30691. WOLFSSL_CTX* ctx_client;
  30692. SOCKET_T sockfd = 0;
  30693. /* wolfSSL_get_client_CA_list() with handshake */
  30694. StartTCP();
  30695. InitTcpReady(&ready);
  30696. XMEMSET(&server_args, 0, sizeof(func_args));
  30697. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  30698. server_args.signal = &ready;
  30699. server_args.callbacks = &server_cb;
  30700. /* we are responsible for free'ing WOLFSSL_CTX */
  30701. server_cb.ctx = ctx;
  30702. server_cb.isSharedCtx = 1;
  30703. AssertIntEQ(WOLFSSL_SUCCESS,
  30704. wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));
  30705. start_thread(test_server_nofail, &server_args, &serverThread);
  30706. wait_tcp_ready(&server_args);
  30707. tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
  30708. AssertNotNull(ctx_client = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
  30709. AssertIntEQ(WOLFSSL_SUCCESS,
  30710. wolfSSL_CTX_load_verify_locations(ctx_client, caCertFile, 0));
  30711. AssertIntEQ(WOLFSSL_SUCCESS,
  30712. wolfSSL_CTX_use_certificate_file(ctx_client, cliCertFile, SSL_FILETYPE_PEM));
  30713. AssertIntEQ(WOLFSSL_SUCCESS,
  30714. wolfSSL_CTX_use_PrivateKey_file(ctx_client, cliKeyFile, SSL_FILETYPE_PEM));
  30715. AssertNotNull(ssl_client = wolfSSL_new(ctx_client));
  30716. AssertIntEQ(wolfSSL_set_fd(ssl_client, sockfd), WOLFSSL_SUCCESS);
  30717. AssertIntEQ(wolfSSL_connect(ssl_client), WOLFSSL_SUCCESS);
  30718. AssertNotNull(ca_list = SSL_get_client_CA_list(ssl_client));
  30719. /* We are expecting two cert names to be sent */
  30720. AssertIntEQ(sk_X509_NAME_num(ca_list), 2);
  30721. AssertNotNull(names = SSL_CTX_get_client_CA_list(ctx));
  30722. for (i=0; i<sk_X509_NAME_num(ca_list); i++) {
  30723. AssertNotNull(name = sk_X509_NAME_value(ca_list, i));
  30724. AssertIntGE(sk_X509_NAME_find(names, name), 0);
  30725. }
  30726. wolfSSL_shutdown(ssl_client);
  30727. wolfSSL_free(ssl_client);
  30728. wolfSSL_CTX_free(ctx_client);
  30729. join_thread(serverThread);
  30730. FreeTcpReady(&ready);
  30731. }
  30732. #endif
  30733. wolfSSL_free(ssl);
  30734. wolfSSL_CTX_free(ctx);
  30735. res = TEST_RES_CHECK(1);
  30736. #endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT &&
  30737. * !NO_BIO */
  30738. return res;
  30739. }
  30740. static int test_wolfSSL_CTX_add_client_CA(void)
  30741. {
  30742. int res = TEST_SKIPPED;
  30743. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
  30744. !defined(NO_WOLFSSL_CLIENT)
  30745. WOLFSSL_CTX* ctx;
  30746. WOLFSSL_X509* x509;
  30747. WOLFSSL_X509* x509_a;
  30748. STACK_OF(X509_NAME)* ca_list;
  30749. int ret = 0;
  30750. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  30751. /* Add client cert */
  30752. x509 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
  30753. AssertNotNull(x509);
  30754. ret = SSL_CTX_add_client_CA(ctx, x509);
  30755. AssertIntEQ(ret, SSL_SUCCESS);
  30756. AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
  30757. /* Add another client cert */
  30758. AssertNotNull(x509_a = X509_load_certificate_file(cliCertFile,
  30759. SSL_FILETYPE_PEM));
  30760. AssertIntEQ(SSL_CTX_add_client_CA(ctx, x509_a), SSL_SUCCESS);
  30761. /* test for incorrect parameter */
  30762. AssertIntEQ(SSL_CTX_add_client_CA(NULL, x509), 0);
  30763. AssertIntEQ(SSL_CTX_add_client_CA(ctx, NULL), 0);
  30764. AssertIntEQ(SSL_CTX_add_client_CA(NULL, NULL), 0);
  30765. X509_free(x509);
  30766. X509_free(x509_a);
  30767. SSL_CTX_free(ctx);
  30768. res = TEST_RES_CHECK(1);
  30769. #endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
  30770. return res;
  30771. }
  30772. #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
  30773. static THREAD_RETURN WOLFSSL_THREAD server_task_ech(void* args)
  30774. {
  30775. callback_functions* callbacks = ((func_args*)args)->callbacks;
  30776. WOLFSSL_CTX* ctx = callbacks->ctx;
  30777. WOLFSSL* ssl = NULL;
  30778. SOCKET_T sfd = 0;
  30779. SOCKET_T cfd = 0;
  30780. word16 port;
  30781. char input[1024];
  30782. int idx;
  30783. int ret, err = 0;
  30784. const char* privateName = "ech-private-name.com";
  30785. int privateNameLen = (int)XSTRLEN(privateName);
  30786. ((func_args*)args)->return_code = TEST_FAIL;
  30787. port = ((func_args*)args)->signal->port;
  30788. AssertIntEQ(WOLFSSL_SUCCESS,
  30789. wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));
  30790. AssertIntEQ(WOLFSSL_SUCCESS,
  30791. wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  30792. WOLFSSL_FILETYPE_PEM));
  30793. AssertIntEQ(WOLFSSL_SUCCESS,
  30794. wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  30795. WOLFSSL_FILETYPE_PEM));
  30796. if (callbacks->ctx_ready)
  30797. callbacks->ctx_ready(ctx);
  30798. ssl = wolfSSL_new(ctx);
  30799. /* set the sni for the server */
  30800. wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, privateName, privateNameLen);
  30801. tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, NULL, NULL);
  30802. CloseSocket(sfd);
  30803. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
  30804. if (callbacks->ssl_ready)
  30805. callbacks->ssl_ready(ssl);
  30806. do {
  30807. err = 0; /* Reset error */
  30808. ret = wolfSSL_accept(ssl);
  30809. if (ret != WOLFSSL_SUCCESS) {
  30810. err = wolfSSL_get_error(ssl, 0);
  30811. }
  30812. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  30813. if (ret != WOLFSSL_SUCCESS) {
  30814. char buff[WOLFSSL_MAX_ERROR_SZ];
  30815. printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
  30816. }
  30817. else {
  30818. if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
  30819. input[idx] = 0;
  30820. printf("Client message: %s\n", input);
  30821. }
  30822. AssertIntEQ(privateNameLen, wolfSSL_write(ssl, privateName,
  30823. privateNameLen));
  30824. ((func_args*)args)->return_code = TEST_SUCCESS;
  30825. }
  30826. if (callbacks->on_result)
  30827. callbacks->on_result(ssl);
  30828. wolfSSL_shutdown(ssl);
  30829. wolfSSL_free(ssl);
  30830. wolfSSL_CTX_free(ctx);
  30831. CloseSocket(cfd);
  30832. #ifdef FP_ECC
  30833. wc_ecc_fp_free();
  30834. #endif
  30835. return 0;
  30836. }
  30837. #endif /* HAVE_ECH && WOLFSSL_TLS13 */
  30838. #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
  30839. static THREAD_RETURN WOLFSSL_THREAD server_task(void* args)
  30840. {
  30841. callback_functions* callbacks = ((func_args*)args)->callbacks;
  30842. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method());
  30843. WOLFSSL* ssl = NULL;
  30844. SOCKET_T sfd = 0;
  30845. SOCKET_T cfd = 0;
  30846. word16 port;
  30847. char msg[] = "I hear you fa shizzle!";
  30848. int len = (int) XSTRLEN(msg);
  30849. char input[1024];
  30850. int idx;
  30851. int ret, err = 0;
  30852. #ifdef WOLFSSL_TIRTOS
  30853. fdOpenSession(Task_self());
  30854. #endif
  30855. ((func_args*)args)->return_code = TEST_FAIL;
  30856. port = ((func_args*)args)->signal->port;
  30857. AssertIntEQ(WOLFSSL_SUCCESS,
  30858. wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));
  30859. AssertIntEQ(WOLFSSL_SUCCESS,
  30860. wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  30861. WOLFSSL_FILETYPE_PEM));
  30862. AssertIntEQ(WOLFSSL_SUCCESS,
  30863. wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  30864. WOLFSSL_FILETYPE_PEM));
  30865. if (callbacks->ctx_ready)
  30866. callbacks->ctx_ready(ctx);
  30867. ssl = wolfSSL_new(ctx);
  30868. tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, NULL, NULL);
  30869. CloseSocket(sfd);
  30870. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
  30871. if (callbacks->ssl_ready)
  30872. callbacks->ssl_ready(ssl);
  30873. do {
  30874. err = 0; /* Reset error */
  30875. ret = wolfSSL_accept(ssl);
  30876. if (ret != WOLFSSL_SUCCESS) {
  30877. err = wolfSSL_get_error(ssl, 0);
  30878. }
  30879. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  30880. if (ret != WOLFSSL_SUCCESS) {
  30881. char buff[WOLFSSL_MAX_ERROR_SZ];
  30882. fprintf(stderr, "error = %d, %s\n", err,
  30883. wolfSSL_ERR_error_string(err, buff));
  30884. }
  30885. else {
  30886. if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
  30887. input[idx] = 0;
  30888. fprintf(stderr, "Client message: %s\n", input);
  30889. }
  30890. AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
  30891. #ifdef WOLFSSL_TIRTOS
  30892. Task_yield();
  30893. #endif
  30894. ((func_args*)args)->return_code = TEST_SUCCESS;
  30895. }
  30896. if (callbacks->on_result)
  30897. callbacks->on_result(ssl);
  30898. wolfSSL_shutdown(ssl);
  30899. wolfSSL_free(ssl);
  30900. wolfSSL_CTX_free(ctx);
  30901. CloseSocket(cfd);
  30902. #ifdef WOLFSSL_TIRTOS
  30903. fdCloseSession(Task_self());
  30904. #endif
  30905. #ifndef WOLFSSL_TIRTOS
  30906. return 0;
  30907. #endif
  30908. }
  30909. static void keyLog_callback(const WOLFSSL* ssl, const char* line )
  30910. {
  30911. AssertNotNull(ssl);
  30912. AssertNotNull(line);
  30913. XFILE fp;
  30914. const byte lf = '\n';
  30915. fp = XFOPEN("./MyKeyLog.txt", "a");
  30916. XFWRITE( line, 1, strlen(line),fp);
  30917. XFWRITE( (void*)&lf,1,1,fp);
  30918. XFCLOSE(fp);
  30919. }
  30920. #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
  30921. static int test_wolfSSL_CTX_set_keylog_callback(void)
  30922. {
  30923. int res = TEST_SKIPPED;
  30924. #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \
  30925. !defined(NO_WOLFSSL_CLIENT)
  30926. SSL_CTX* ctx;
  30927. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  30928. SSL_CTX_set_keylog_callback(ctx, keyLog_callback );
  30929. SSL_CTX_free(ctx);
  30930. SSL_CTX_set_keylog_callback(NULL, NULL);
  30931. res = TEST_RES_CHECK(1);
  30932. #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */
  30933. return res;
  30934. }
  30935. static int test_wolfSSL_CTX_get_keylog_callback(void)
  30936. {
  30937. int res = TEST_SKIPPED;
  30938. #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \
  30939. !defined(NO_WOLFSSL_CLIENT)
  30940. SSL_CTX* ctx;
  30941. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  30942. AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL);
  30943. SSL_CTX_set_keylog_callback(ctx, keyLog_callback );
  30944. AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),keyLog_callback);
  30945. SSL_CTX_set_keylog_callback(ctx, NULL );
  30946. AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL);
  30947. SSL_CTX_free(ctx);
  30948. res = TEST_RES_CHECK(1);
  30949. #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */
  30950. return res;
  30951. }
  30952. static int test_wolfSSL_Tls12_Key_Logging_test(void)
  30953. {
  30954. int res = TEST_SKIPPED;
  30955. #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
  30956. /* This test is intended for checking whether keylog callback is called
  30957. * in client during TLS handshake between the client and a server.
  30958. */
  30959. tcp_ready ready;
  30960. func_args client_args;
  30961. func_args server_args;
  30962. THREAD_TYPE serverThread;
  30963. callback_functions server_cbf;
  30964. callback_functions client_cbf;
  30965. SOCKET_T sockfd = 0;
  30966. WOLFSSL_CTX* ctx;
  30967. WOLFSSL* ssl;
  30968. XFILE fp;
  30969. char msg[64] = "hello wolfssl!";
  30970. char reply[1024];
  30971. int msgSz = (int)XSTRLEN(msg);
  30972. #ifdef WOLFSSL_TIRTOS
  30973. fdOpenSession(Task_self());
  30974. #endif
  30975. InitTcpReady(&ready);
  30976. ready.port = 22222;
  30977. XMEMSET(&client_args, 0, sizeof(func_args));
  30978. XMEMSET(&server_args, 0, sizeof(func_args));
  30979. XMEMSET(&server_cbf, 0, sizeof(callback_functions));
  30980. XMEMSET(&client_cbf, 0, sizeof(callback_functions));
  30981. server_cbf.method = wolfTLSv1_2_server_method;
  30982. server_args.callbacks = &server_cbf;
  30983. server_args.signal = &ready;
  30984. /* clean up keylog file */
  30985. fp = XFOPEN("./MyKeyLog.txt", "w");
  30986. XFCLOSE(fp);
  30987. /* start server task */
  30988. start_thread(server_task, &server_args, &serverThread);
  30989. wait_tcp_ready(&server_args);
  30990. /* run as a TLS1.2 client */
  30991. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
  30992. AssertIntEQ(WOLFSSL_SUCCESS,
  30993. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  30994. AssertIntEQ(WOLFSSL_SUCCESS,
  30995. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  30996. AssertIntEQ(WOLFSSL_SUCCESS,
  30997. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  30998. tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
  30999. /* set keylog callback */
  31000. wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback);
  31001. /* get connected the server task */
  31002. AssertNotNull(ssl = wolfSSL_new(ctx));
  31003. AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
  31004. AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
  31005. AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
  31006. AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
  31007. wolfSSL_shutdown(ssl);
  31008. wolfSSL_free(ssl);
  31009. wolfSSL_CTX_free(ctx);
  31010. CloseSocket(sockfd);
  31011. join_thread(serverThread);
  31012. FreeTcpReady(&ready);
  31013. #ifdef WOLFSSL_TIRTOS
  31014. fdOpenSession(Task_self());
  31015. #endif
  31016. /* check if the keylog file exists */
  31017. char buff[300] = {0};
  31018. int found = 0;
  31019. fp = XFOPEN("./MyKeyLog.txt", "r");
  31020. AssertNotNull(fp);
  31021. while (XFGETS( buff, (int)sizeof(buff),fp) != NULL ) {
  31022. if (0 == strncmp(buff,"CLIENT_RANDOM ",
  31023. sizeof("CLIENT_RANDOM ")-1)) {
  31024. found = 1;
  31025. break;
  31026. }
  31027. }
  31028. XFCLOSE(fp);
  31029. /* a log starting with "CLIENT_RANDOM " should exit in the file */
  31030. AssertNotNull( found );
  31031. res = TEST_RES_CHECK(1);
  31032. #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
  31033. return res;
  31034. }
  31035. static int test_wolfSSL_Tls13_Key_Logging_test(void)
  31036. {
  31037. int res = TEST_SKIPPED;
  31038. #if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \
  31039. defined(HAVE_SECRET_CALLBACK)
  31040. /* This test is intended for checking whether keylog callback is called
  31041. * in client during TLS handshake between the client and a server.
  31042. */
  31043. tcp_ready ready;
  31044. func_args client_args;
  31045. func_args server_args;
  31046. THREAD_TYPE serverThread;
  31047. callback_functions server_cbf;
  31048. callback_functions client_cbf;
  31049. SOCKET_T sockfd = 0;
  31050. WOLFSSL_CTX* ctx;
  31051. WOLFSSL* ssl;
  31052. XFILE fp;
  31053. char msg[64] = "hello wolfssl!";
  31054. char reply[1024];
  31055. int msgSz = (int)XSTRLEN(msg);
  31056. #ifdef WOLFSSL_TIRTOS
  31057. fdOpenSession(Task_self());
  31058. #endif
  31059. InitTcpReady(&ready);
  31060. ready.port = 22222;
  31061. XMEMSET(&client_args, 0, sizeof(func_args));
  31062. XMEMSET(&server_args, 0, sizeof(func_args));
  31063. XMEMSET(&server_cbf, 0, sizeof(callback_functions));
  31064. XMEMSET(&client_cbf, 0, sizeof(callback_functions));
  31065. server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */
  31066. server_args.callbacks = &server_cbf;
  31067. server_args.signal = &ready;
  31068. /* clean up keylog file */
  31069. fp = XFOPEN("./MyKeyLog.txt", "w");
  31070. XFCLOSE(fp);
  31071. /* start server task */
  31072. start_thread(server_task, &server_args, &serverThread);
  31073. wait_tcp_ready(&server_args);
  31074. /* run as a TLS1.3 client */
  31075. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
  31076. AssertIntEQ(WOLFSSL_SUCCESS,
  31077. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  31078. AssertIntEQ(WOLFSSL_SUCCESS,
  31079. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  31080. AssertIntEQ(WOLFSSL_SUCCESS,
  31081. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  31082. tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
  31083. /* set keylog callback */
  31084. wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback);
  31085. /* get connected the server task */
  31086. AssertNotNull(ssl = wolfSSL_new(ctx));
  31087. AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
  31088. AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
  31089. AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
  31090. AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
  31091. wolfSSL_free(ssl);
  31092. wolfSSL_CTX_free(ctx);
  31093. join_thread(serverThread);
  31094. FreeTcpReady(&ready);
  31095. #ifdef WOLFSSL_TIRTOS
  31096. fdOpenSession(Task_self());
  31097. #endif
  31098. /* check if the keylog file exists */
  31099. {
  31100. char buff[300] = {0};
  31101. int found[4] = {0};
  31102. int numfnd = 0;
  31103. int i;
  31104. fp = XFOPEN("./MyKeyLog.txt", "r");
  31105. AssertNotNull(fp);
  31106. while (XFGETS( buff, (int)sizeof(buff),fp) != NULL ) {
  31107. if (0 == strncmp(buff,"CLIENT_HANDSHAKE_TRAFFIC_SECRET ",
  31108. sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET ")-1)) {
  31109. found[0] = 1;
  31110. continue;
  31111. }
  31112. else if (0 == strncmp(buff,"SERVER_HANDSHAKE_TRAFFIC_SECRET ",
  31113. sizeof("SERVER_HANDSHAKE_TRAFFIC_SECRET ")-1)) {
  31114. found[1] = 1;
  31115. continue;
  31116. }
  31117. else if (0 == strncmp(buff,"CLIENT_TRAFFIC_SECRET_0 ",
  31118. sizeof("CLIENT_TRAFFIC_SECRET_0 ")-1)) {
  31119. found[2] = 1;
  31120. continue;
  31121. }
  31122. else if (0 == strncmp(buff,"SERVER_TRAFFIC_SECRET_0 ",
  31123. sizeof("SERVER_TRAFFIC_SECRET_0 ")-1)) {
  31124. found[3] = 1;
  31125. continue;
  31126. }
  31127. }
  31128. XFCLOSE(fp);
  31129. for (i = 0; i < 4; i++) {
  31130. if (found[i] != 0)
  31131. numfnd++;
  31132. }
  31133. AssertIntEQ(numfnd, 4);
  31134. }
  31135. res = TEST_RES_CHECK(1);
  31136. #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */
  31137. return res;
  31138. }
  31139. #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
  31140. static int test_wolfSSL_Tls13_ECH_params(void)
  31141. {
  31142. #if !defined(NO_WOLFSSL_CLIENT)
  31143. word32 outputLen = 0;
  31144. byte testBuf[72];
  31145. WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
  31146. WOLFSSL *ssl = wolfSSL_new(ctx);
  31147. AssertNotNull(ctx);
  31148. AssertNotNull(ssl);
  31149. /* invalid ctx */
  31150. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(NULL,
  31151. "ech-public-name.com", 0, 0, 0));
  31152. /* invalid public name */
  31153. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, NULL, 0,
  31154. 0, 0));
  31155. /* invalid algorithms */
  31156. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx,
  31157. "ech-public-name.com", 1000, 1000, 1000));
  31158. /* invalid ctx */
  31159. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(NULL, NULL,
  31160. &outputLen));
  31161. /* invalid output len */
  31162. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(ctx, NULL, NULL));
  31163. /* invalid ssl */
  31164. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(NULL,
  31165. (char*)testBuf, sizeof(testBuf)));
  31166. /* invalid configs64 */
  31167. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, NULL,
  31168. sizeof(testBuf)));
  31169. /* invalid size */
  31170. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl,
  31171. (char*)testBuf, 0));
  31172. /* invalid ssl */
  31173. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(NULL, testBuf,
  31174. sizeof(testBuf)));
  31175. /* invalid configs */
  31176. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, NULL,
  31177. sizeof(testBuf)));
  31178. /* invalid size */
  31179. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, 0));
  31180. /* invalid ssl */
  31181. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(NULL, NULL, &outputLen));
  31182. /* invalid size */
  31183. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(ssl, NULL, NULL));
  31184. wolfSSL_free(ssl);
  31185. wolfSSL_CTX_free(ctx);
  31186. #endif /* !NO_WOLFSSL_CLIENT */
  31187. return TEST_SUCCESS;
  31188. }
  31189. static int test_wolfSSL_Tls13_ECH(void)
  31190. {
  31191. tcp_ready ready;
  31192. func_args client_args;
  31193. func_args server_args;
  31194. THREAD_TYPE serverThread;
  31195. callback_functions server_cbf;
  31196. callback_functions client_cbf;
  31197. SOCKET_T sockfd = 0;
  31198. WOLFSSL_CTX* ctx;
  31199. WOLFSSL* ssl;
  31200. const char* publicName = "ech-public-name.com";
  31201. const char* privateName = "ech-private-name.com";
  31202. int privateNameLen = 20;
  31203. char reply[1024];
  31204. int replyLen = 0;
  31205. byte rawEchConfig[128];
  31206. word32 rawEchConfigLen = sizeof(rawEchConfig);
  31207. InitTcpReady(&ready);
  31208. ready.port = 22222;
  31209. XMEMSET(&client_args, 0, sizeof(func_args));
  31210. XMEMSET(&server_args, 0, sizeof(func_args));
  31211. XMEMSET(&server_cbf, 0, sizeof(callback_functions));
  31212. XMEMSET(&client_cbf, 0, sizeof(callback_functions));
  31213. server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */
  31214. /* create the server context here so we can get the ech config */
  31215. AssertNotNull(server_cbf.ctx =
  31216. wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
  31217. /* generate ech config */
  31218. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(server_cbf.ctx,
  31219. publicName, 0, 0, 0));
  31220. /* get the config for the client to use */
  31221. AssertIntEQ(WOLFSSL_SUCCESS,
  31222. wolfSSL_CTX_GetEchConfigs(server_cbf.ctx, rawEchConfig,
  31223. &rawEchConfigLen));
  31224. server_args.callbacks = &server_cbf;
  31225. server_args.signal = &ready;
  31226. /* start server task */
  31227. start_thread(server_task_ech, &server_args, &serverThread);
  31228. wait_tcp_ready(&server_args);
  31229. /* run as a TLS1.3 client */
  31230. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
  31231. AssertIntEQ(WOLFSSL_SUCCESS,
  31232. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  31233. AssertIntEQ(WOLFSSL_SUCCESS,
  31234. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  31235. AssertIntEQ(WOLFSSL_SUCCESS,
  31236. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  31237. tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
  31238. /* get connected the server task */
  31239. AssertNotNull(ssl = wolfSSL_new(ctx));
  31240. /* set the ech configs for the client */
  31241. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, rawEchConfig,
  31242. rawEchConfigLen));
  31243. /* set the sni for the client */
  31244. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME,
  31245. privateName, privateNameLen));
  31246. AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
  31247. AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
  31248. AssertIntEQ(wolfSSL_write(ssl, privateName, privateNameLen),
  31249. privateNameLen);
  31250. AssertIntGT((replyLen = wolfSSL_read(ssl, reply, sizeof(reply))), 0);
  31251. /* add th null terminator for string compare */
  31252. reply[replyLen] = 0;
  31253. /* check that the server replied with the private name */
  31254. AssertStrEQ(privateName, reply);
  31255. wolfSSL_free(ssl);
  31256. wolfSSL_CTX_free(ctx);
  31257. join_thread(serverThread);
  31258. FreeTcpReady(&ready);
  31259. return TEST_SUCCESS;
  31260. }
  31261. #endif /* HAVE_ECH && WOLFSSL_TLS13 */
  31262. #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  31263. defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  31264. defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  31265. static void post_auth_version_cb(WOLFSSL* ssl)
  31266. {
  31267. /* do handshake and then test version error */
  31268. AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
  31269. AssertStrEQ("TLSv1.2", wolfSSL_get_version(ssl));
  31270. }
  31271. static void post_auth_version_client_cb(WOLFSSL* ssl)
  31272. {
  31273. /* do handshake and then test version error */
  31274. AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
  31275. AssertStrEQ("TLSv1.2", wolfSSL_get_version(ssl));
  31276. AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_FAILURE);
  31277. #if defined(OPENSSL_ALL) && !defined(NO_ERROR_QUEUE)
  31278. /* check was added to error queue */
  31279. AssertIntEQ(wolfSSL_ERR_get_error(), -UNSUPPORTED_PROTO_VERSION);
  31280. /* check the string matches expected string */
  31281. AssertStrEQ(wolfSSL_ERR_error_string(-UNSUPPORTED_PROTO_VERSION, NULL),
  31282. "WRONG_SSL_VERSION");
  31283. #endif
  31284. }
  31285. static void post_auth_cb(WOLFSSL* ssl)
  31286. {
  31287. WOLFSSL_X509* x509;
  31288. /* do handshake and then test version error */
  31289. AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
  31290. AssertStrEQ("TLSv1.3", wolfSSL_get_version(ssl));
  31291. AssertNull(x509 = wolfSSL_get_peer_certificate(ssl));
  31292. wolfSSL_X509_free(x509);
  31293. AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_SUCCESS);
  31294. }
  31295. static void set_post_auth_cb(WOLFSSL* ssl)
  31296. {
  31297. if (!wolfSSL_is_server(ssl)) {
  31298. AssertIntEQ(wolfSSL_allow_post_handshake_auth(ssl), 0);
  31299. }
  31300. else {
  31301. wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_POST_HANDSHAKE, NULL);
  31302. }
  31303. }
  31304. #endif
  31305. static int test_wolfSSL_Tls13_postauth(void)
  31306. {
  31307. int res = TEST_SKIPPED;
  31308. #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  31309. defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  31310. defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  31311. tcp_ready ready;
  31312. func_args client_args;
  31313. func_args server_args;
  31314. callback_functions server_cbf;
  31315. callback_functions client_cbf;
  31316. THREAD_TYPE serverThread;
  31317. XMEMSET(&client_args, 0, sizeof(func_args));
  31318. XMEMSET(&server_args, 0, sizeof(func_args));
  31319. StartTCP();
  31320. InitTcpReady(&ready);
  31321. #if defined(USE_WINDOWS_API)
  31322. /* use RNG to get random port if using windows */
  31323. ready.port = GetRandomPort();
  31324. #endif
  31325. server_args.signal = &ready;
  31326. client_args.signal = &ready;
  31327. /* test version failure doing post auth with TLS 1.2 connection */
  31328. XMEMSET(&server_cbf, 0, sizeof(callback_functions));
  31329. XMEMSET(&client_cbf, 0, sizeof(callback_functions));
  31330. server_cbf.method = wolfTLSv1_2_server_method;
  31331. server_cbf.ssl_ready = set_post_auth_cb;
  31332. server_cbf.on_result = post_auth_version_cb;
  31333. client_cbf.ssl_ready = set_post_auth_cb;
  31334. client_cbf.on_result = post_auth_version_client_cb;
  31335. server_args.callbacks = &server_cbf;
  31336. client_args.callbacks = &client_cbf;
  31337. start_thread(test_server_nofail, &server_args, &serverThread);
  31338. wait_tcp_ready(&server_args);
  31339. test_client_nofail(&client_args, NULL);
  31340. join_thread(serverThread);
  31341. /* tests on post auth with TLS 1.3 */
  31342. XMEMSET(&server_cbf, 0, sizeof(callback_functions));
  31343. XMEMSET(&client_cbf, 0, sizeof(callback_functions));
  31344. server_cbf.method = wolfTLSv1_3_server_method;
  31345. server_cbf.ssl_ready = set_post_auth_cb;
  31346. client_cbf.ssl_ready = set_post_auth_cb;
  31347. server_cbf.on_result = post_auth_cb;
  31348. client_cbf.on_result = NULL;
  31349. server_args.callbacks = &server_cbf;
  31350. client_args.callbacks = &client_cbf;
  31351. start_thread(test_server_nofail, &server_args, &serverThread);
  31352. wait_tcp_ready(&server_args);
  31353. test_client_nofail(&client_args, NULL);
  31354. join_thread(serverThread);
  31355. FreeTcpReady(&ready);
  31356. res = TEST_RES_CHECK(1);
  31357. #endif
  31358. return res;
  31359. }
  31360. static int test_wolfSSL_X509_NID(void)
  31361. {
  31362. int res = TEST_SKIPPED;
  31363. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
  31364. !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
  31365. int sigType;
  31366. int nameSz;
  31367. X509* cert;
  31368. EVP_PKEY* pubKeyTmp;
  31369. X509_NAME* name;
  31370. char commonName[80];
  31371. char countryName[80];
  31372. char localityName[80];
  31373. char stateName[80];
  31374. char orgName[80];
  31375. char orgUnit[80];
  31376. /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */
  31377. /* convert cert from DER to internal WOLFSSL_X509 struct */
  31378. AssertNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048,
  31379. sizeof_client_cert_der_2048));
  31380. /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */
  31381. /* extract PUBLIC KEY from cert */
  31382. AssertNotNull(pubKeyTmp = X509_get_pubkey(cert));
  31383. /* extract signatureType */
  31384. AssertIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0);
  31385. /* extract subjectName info */
  31386. AssertNotNull(name = X509_get_subject_name(cert));
  31387. AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
  31388. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
  31389. NULL, 0)), 0);
  31390. AssertIntEQ(nameSz, 15);
  31391. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
  31392. commonName, sizeof(commonName))), 0);
  31393. AssertIntEQ(nameSz, 15);
  31394. AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
  31395. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
  31396. commonName, 9)), 0);
  31397. AssertIntEQ(nameSz, 8);
  31398. AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
  31399. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
  31400. countryName, sizeof(countryName))), 0);
  31401. AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
  31402. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
  31403. localityName, sizeof(localityName))), 0);
  31404. AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
  31405. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName,
  31406. stateName, sizeof(stateName))), 0);
  31407. AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
  31408. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
  31409. orgName, sizeof(orgName))), 0);
  31410. AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
  31411. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName,
  31412. orgUnit, sizeof(orgUnit))), 0);
  31413. AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
  31414. EVP_PKEY_free(pubKeyTmp);
  31415. X509_free(cert);
  31416. res = TEST_RES_CHECK(1);
  31417. #endif
  31418. return res;
  31419. }
  31420. static int test_wolfSSL_CTX_set_srp_username(void)
  31421. {
  31422. int res = TEST_SKIPPED;
  31423. #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
  31424. && !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT)
  31425. WOLFSSL_CTX* ctx;
  31426. WOLFSSL* ssl;
  31427. const char *username = "TESTUSER";
  31428. const char *password = "TESTPASSWORD";
  31429. int r;
  31430. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  31431. AssertNotNull(ctx);
  31432. r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
  31433. AssertIntEQ(r,SSL_SUCCESS);
  31434. wolfSSL_CTX_free(ctx);
  31435. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  31436. AssertNotNull(ctx);
  31437. r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
  31438. AssertIntEQ(r,SSL_SUCCESS);
  31439. r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
  31440. AssertIntEQ(r,SSL_SUCCESS);
  31441. AssertNotNull(ssl = SSL_new(ctx));
  31442. AssertNotNull(SSL_get_srp_username(ssl));
  31443. AssertStrEQ(SSL_get_srp_username(ssl), username);
  31444. wolfSSL_free(ssl);
  31445. wolfSSL_CTX_free(ctx);
  31446. res = TEST_RES_CHECK(1);
  31447. #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
  31448. /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */
  31449. return res;
  31450. }
  31451. static int test_wolfSSL_CTX_set_srp_password(void)
  31452. {
  31453. int res = TEST_SKIPPED;
  31454. #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
  31455. && !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT)
  31456. WOLFSSL_CTX* ctx;
  31457. const char *username = "TESTUSER";
  31458. const char *password = "TESTPASSWORD";
  31459. int r;
  31460. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  31461. AssertNotNull(ctx);
  31462. r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
  31463. AssertIntEQ(r,SSL_SUCCESS);
  31464. wolfSSL_CTX_free(ctx);
  31465. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  31466. AssertNotNull(ctx);
  31467. r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
  31468. AssertIntEQ(r,SSL_SUCCESS);
  31469. r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
  31470. AssertIntEQ(r,SSL_SUCCESS);
  31471. wolfSSL_CTX_free(ctx);
  31472. res = TEST_RES_CHECK(1);
  31473. #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
  31474. /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */
  31475. return res;
  31476. }
  31477. static int test_wolfSSL_X509_STORE(void)
  31478. {
  31479. int res = TEST_SKIPPED;
  31480. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  31481. X509_STORE *store;
  31482. #ifdef HAVE_CRL
  31483. X509_STORE_CTX *storeCtx;
  31484. X509_CRL *crl;
  31485. X509 *ca, *cert;
  31486. const char crlPem[] = "./certs/crl/crl.revoked";
  31487. const char srvCert[] = "./certs/server-revoked-cert.pem";
  31488. const char caCert[] = "./certs/ca-cert.pem";
  31489. XFILE fp;
  31490. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  31491. AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
  31492. SSL_FILETYPE_PEM)));
  31493. AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
  31494. AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
  31495. SSL_FILETYPE_PEM)));
  31496. AssertNotNull((storeCtx = X509_STORE_CTX_new()));
  31497. AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
  31498. AssertIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS);
  31499. X509_STORE_free(store);
  31500. X509_STORE_CTX_free(storeCtx);
  31501. X509_free(cert);
  31502. X509_free(ca);
  31503. /* should fail to verify now after adding in CRL */
  31504. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  31505. AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
  31506. SSL_FILETYPE_PEM)));
  31507. AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
  31508. fp = XFOPEN(crlPem, "rb");
  31509. AssertTrue((fp != XBADFILE));
  31510. AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
  31511. NULL, NULL));
  31512. XFCLOSE(fp);
  31513. AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
  31514. AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS);
  31515. AssertNotNull((storeCtx = X509_STORE_CTX_new()));
  31516. AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
  31517. SSL_FILETYPE_PEM)));
  31518. AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
  31519. AssertIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS);
  31520. AssertIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_CERT_REVOKED);
  31521. X509_CRL_free(crl);
  31522. X509_STORE_free(store);
  31523. X509_STORE_CTX_free(storeCtx);
  31524. X509_free(cert);
  31525. X509_free(ca);
  31526. #endif /* HAVE_CRL */
  31527. #ifndef WOLFCRYPT_ONLY
  31528. {
  31529. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  31530. SSL_CTX* ctx;
  31531. SSL* ssl;
  31532. int i;
  31533. for (i = 0; i < 2; i++) {
  31534. #ifndef NO_WOLFSSL_SERVER
  31535. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  31536. #else
  31537. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  31538. #endif
  31539. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  31540. SSL_CTX_set_cert_store(ctx, store);
  31541. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  31542. SSL_CTX_set_cert_store(ctx, store);
  31543. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  31544. AssertIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile,
  31545. SSL_FILETYPE_PEM), SSL_SUCCESS);
  31546. AssertIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  31547. SSL_FILETYPE_PEM), SSL_SUCCESS);
  31548. AssertNotNull(ssl = SSL_new(ctx));
  31549. if (i == 0) {
  31550. AssertIntEQ(SSL_set0_verify_cert_store(ssl, store), SSL_SUCCESS);
  31551. }
  31552. else {
  31553. AssertIntEQ(SSL_set1_verify_cert_store(ssl, store), SSL_SUCCESS);
  31554. X509_STORE_free(store);
  31555. }
  31556. SSL_free(ssl);
  31557. SSL_CTX_free(ctx);
  31558. }
  31559. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  31560. }
  31561. #endif
  31562. res = TEST_RES_CHECK(1);
  31563. #endif
  31564. return res;
  31565. }
  31566. static int test_wolfSSL_X509_STORE_load_locations(void)
  31567. {
  31568. int res = TEST_SKIPPED;
  31569. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
  31570. !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
  31571. SSL_CTX *ctx;
  31572. X509_STORE *store;
  31573. const char ca_file[] = "./certs/ca-cert.pem";
  31574. const char client_pem_file[] = "./certs/client-cert.pem";
  31575. const char client_der_file[] = "./certs/client-cert.der";
  31576. const char ecc_file[] = "./certs/ecc-key.pem";
  31577. const char certs_path[] = "./certs/";
  31578. const char bad_path[] = "./bad-path/";
  31579. #ifdef HAVE_CRL
  31580. const char crl_path[] = "./certs/crl/";
  31581. const char crl_file[] = "./certs/crl/crl.pem";
  31582. #endif
  31583. #ifndef NO_WOLFSSL_SERVER
  31584. AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
  31585. #else
  31586. AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
  31587. #endif
  31588. AssertNotNull(store = SSL_CTX_get_cert_store(ctx));
  31589. AssertIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), WOLFSSL_SUCCESS);
  31590. /* Test bad arguments */
  31591. AssertIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), WOLFSSL_FAILURE);
  31592. AssertIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE);
  31593. AssertIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), WOLFSSL_FAILURE);
  31594. AssertIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), WOLFSSL_FAILURE);
  31595. AssertIntEQ(X509_STORE_load_locations(store, NULL, bad_path), WOLFSSL_FAILURE);
  31596. #ifdef HAVE_CRL
  31597. /* Test with CRL */
  31598. AssertIntEQ(X509_STORE_load_locations(store, crl_file, NULL), WOLFSSL_SUCCESS);
  31599. AssertIntEQ(X509_STORE_load_locations(store, NULL, crl_path), WOLFSSL_SUCCESS);
  31600. #endif
  31601. /* Test with CA */
  31602. AssertIntEQ(X509_STORE_load_locations(store, ca_file, NULL), WOLFSSL_SUCCESS);
  31603. /* Test with client_cert and certs path */
  31604. AssertIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), WOLFSSL_SUCCESS);
  31605. AssertIntEQ(X509_STORE_load_locations(store, NULL, certs_path), WOLFSSL_SUCCESS);
  31606. #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
  31607. /* Clear nodes */
  31608. ERR_clear_error();
  31609. #endif
  31610. SSL_CTX_free(ctx);
  31611. res = TEST_RES_CHECK(1);
  31612. #endif
  31613. return res;
  31614. }
  31615. static int test_X509_STORE_get0_objects(void)
  31616. {
  31617. int res = TEST_SKIPPED;
  31618. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && \
  31619. !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
  31620. X509_STORE *store;
  31621. X509_STORE *store_cpy;
  31622. SSL_CTX *ctx;
  31623. X509_OBJECT *obj;
  31624. STACK_OF(X509_OBJECT) *objs;
  31625. int i;
  31626. /* Setup store */
  31627. #ifndef NO_WOLFSSL_SERVER
  31628. AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
  31629. #else
  31630. AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
  31631. #endif
  31632. AssertNotNull(store_cpy = X509_STORE_new());
  31633. AssertNotNull(store = SSL_CTX_get_cert_store(ctx));
  31634. AssertIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL), WOLFSSL_SUCCESS);
  31635. AssertIntEQ(X509_STORE_load_locations(store, caCertFile, NULL), WOLFSSL_SUCCESS);
  31636. AssertIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL), WOLFSSL_SUCCESS);
  31637. #ifdef HAVE_CRL
  31638. AssertIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir), WOLFSSL_SUCCESS);
  31639. #endif
  31640. /* Store ready */
  31641. /* Similar to HaProxy ssl_set_cert_crl_file use case */
  31642. AssertNotNull(objs = X509_STORE_get0_objects(store));
  31643. #ifdef HAVE_CRL
  31644. #ifdef WOLFSSL_SIGNER_DER_CERT
  31645. AssertIntEQ(sk_X509_OBJECT_num(objs), 4);
  31646. #else
  31647. AssertIntEQ(sk_X509_OBJECT_num(objs), 1);
  31648. #endif
  31649. #else
  31650. #ifdef WOLFSSL_SIGNER_DER_CERT
  31651. AssertIntEQ(sk_X509_OBJECT_num(objs), 3);
  31652. #else
  31653. AssertIntEQ(sk_X509_OBJECT_num(objs), 0);
  31654. #endif
  31655. #endif
  31656. for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
  31657. obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i);
  31658. switch (X509_OBJECT_get_type(obj)) {
  31659. case X509_LU_X509:
  31660. AssertNotNull(X509_OBJECT_get0_X509(obj));
  31661. AssertIntEQ(X509_STORE_add_cert(store_cpy,
  31662. X509_OBJECT_get0_X509(obj)), WOLFSSL_SUCCESS);
  31663. break;
  31664. case X509_LU_CRL:
  31665. #ifdef HAVE_CRL
  31666. AssertNotNull(X509_OBJECT_get0_X509_CRL(obj));
  31667. AssertIntEQ(X509_STORE_add_crl(store_cpy,
  31668. X509_OBJECT_get0_X509_CRL(obj)), WOLFSSL_SUCCESS);
  31669. break;
  31670. #endif
  31671. case X509_LU_NONE:
  31672. default:
  31673. Fail(("X509_OBJECT_get_type should return x509 or crl "
  31674. "(when built with crl support)"),
  31675. ("Unrecognized X509_OBJECT type or none"));
  31676. }
  31677. }
  31678. X509_STORE_free(store_cpy);
  31679. SSL_CTX_free(ctx);
  31680. res = TEST_RES_CHECK(1);
  31681. #endif
  31682. return res;
  31683. }
  31684. static int test_wolfSSL_BN(void)
  31685. {
  31686. int res = TEST_SKIPPED;
  31687. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(WOLFSSL_SP_MATH)
  31688. BIGNUM* a;
  31689. BIGNUM* b;
  31690. BIGNUM* c;
  31691. BIGNUM* d;
  31692. ASN1_INTEGER* ai;
  31693. AssertNotNull(b = BN_new());
  31694. AssertNotNull(c = BN_new());
  31695. AssertNotNull(d = BN_new());
  31696. ai = ASN1_INTEGER_new();
  31697. AssertNotNull(ai);
  31698. /* at the moment hard setting since no set function */
  31699. ai->data[0] = 0x02; /* tag for ASN_INTEGER */
  31700. ai->data[1] = 0x01; /* length of integer */
  31701. ai->data[2] = 0x03;
  31702. AssertNotNull(a = ASN1_INTEGER_to_BN(ai, NULL));
  31703. ASN1_INTEGER_free(ai);
  31704. AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
  31705. AssertIntEQ(BN_set_word(c, 5), SSL_SUCCESS);
  31706. /* a + 3 = */
  31707. AssertIntEQ(BN_add_word(NULL, 3), WOLFSSL_FAILURE);
  31708. AssertIntEQ(BN_add_word(a, 3), WOLFSSL_SUCCESS);
  31709. /* check result 3 + 3*/
  31710. AssertIntEQ(BN_get_word(a), 6);
  31711. /* set a back to 3 */
  31712. AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
  31713. /* a - 3 = */
  31714. AssertIntEQ(BN_sub_word(NULL, 3), WOLFSSL_FAILURE);
  31715. AssertIntEQ(BN_sub_word(a, 3), WOLFSSL_SUCCESS);
  31716. /* check result 3 - 3*/
  31717. AssertIntEQ(BN_get_word(a), 0);
  31718. /* set a back to 3 */
  31719. AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
  31720. /* a^b mod c = */
  31721. AssertIntEQ(BN_mod_exp(d, NULL, b, c, NULL), WOLFSSL_FAILURE);
  31722. AssertIntEQ(BN_mod_exp(d, a, b, c, NULL), WOLFSSL_SUCCESS);
  31723. /* check result 3^2 mod 5 */
  31724. AssertIntEQ(BN_get_word(d), 4);
  31725. /* a*b = */
  31726. AssertIntEQ(BN_mul(d, NULL, b, NULL), WOLFSSL_FAILURE);
  31727. AssertIntEQ(BN_mul(d, a, b, NULL), WOLFSSL_SUCCESS);
  31728. /* check result 3*2 */
  31729. AssertIntEQ(BN_get_word(d), 6);
  31730. /* c/b => db + a */
  31731. AssertIntEQ(BN_div(d, NULL, c, b, NULL), WOLFSSL_FAILURE);
  31732. AssertIntEQ(BN_div(d, a, c, b, NULL), WOLFSSL_SUCCESS);
  31733. /* check result 5/2 */
  31734. AssertIntEQ(BN_get_word(d), 2); /* check quotient */
  31735. AssertIntEQ(BN_get_word(a), 1); /* check remainder */
  31736. /* set a back to 3 */
  31737. AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
  31738. /* a*b mod c = */
  31739. AssertIntEQ(BN_mod_mul(d, NULL, b, c, NULL), SSL_FAILURE);
  31740. AssertIntEQ(BN_mod_mul(d, a, b, c, NULL), SSL_SUCCESS);
  31741. /* check result 3*2 mod 5 */
  31742. AssertIntEQ(BN_get_word(d), 1);
  31743. AssertIntEQ(BN_set_word(a, 16), SSL_SUCCESS);
  31744. AssertIntEQ(BN_set_word(b, 24), SSL_SUCCESS);
  31745. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  31746. /* gcd of a and b */
  31747. AssertIntEQ(BN_gcd(d, NULL, b, NULL), SSL_FAILURE);
  31748. AssertIntEQ(BN_gcd(d, a, b, NULL), SSL_SUCCESS);
  31749. /* check result gcd(16, 24) */
  31750. AssertIntEQ(BN_get_word(d), 8);
  31751. #endif /* !NO_RSA && WOLFSSL_KEY_GEN */
  31752. AssertIntEQ(BN_set_word(a, 1 << 6), SSL_SUCCESS);
  31753. AssertIntEQ(BN_rshift(b, a, 6), SSL_SUCCESS);
  31754. AssertIntEQ(BN_is_zero(b), 0);
  31755. AssertIntEQ(BN_rshift(b, a, 7), SSL_SUCCESS);
  31756. AssertIntEQ(BN_is_zero(b), 1);
  31757. AssertIntEQ(BN_rshift1(b, a), SSL_SUCCESS);
  31758. AssertIntEQ(BN_is_zero(b), 0);
  31759. /* set b back to 2 */
  31760. AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
  31761. {
  31762. /* BN_mod_inverse test */
  31763. BIGNUM *r = BN_new();
  31764. BIGNUM *val = BN_mod_inverse(r,b,c,NULL);
  31765. AssertIntEQ((int)(BN_get_word(r) & 0x03), 3);
  31766. BN_free(val);
  31767. }
  31768. #if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \
  31769. defined(WOLFSSL_SP_INT_NEGATIVE))
  31770. AssertIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
  31771. AssertIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
  31772. AssertIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
  31773. AssertIntEQ(BN_is_word(a, 3), SSL_FAILURE);
  31774. AssertIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
  31775. #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
  31776. {
  31777. char* ret;
  31778. AssertNotNull(ret = BN_bn2dec(c));
  31779. AssertIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
  31780. XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
  31781. }
  31782. #endif
  31783. AssertIntEQ(BN_get_word(c), 4);
  31784. #endif
  31785. BN_free(a);
  31786. BN_free(b);
  31787. BN_free(c);
  31788. BN_clear_free(d);
  31789. /* check that converting NULL and the null string returns an error */
  31790. a = NULL;
  31791. AssertIntLE(BN_hex2bn(&a, NULL), 0);
  31792. AssertIntLE(BN_hex2bn(&a, ""), 0);
  31793. AssertNull(a);
  31794. /* check that getting a string and a bin of the same number are equal,
  31795. * and that the comparison works EQ, LT and GT */
  31796. AssertIntGT(BN_hex2bn(&a, "03"), 0);
  31797. AssertNotNull(b = BN_new());
  31798. AssertIntEQ(BN_set_word(b, 3), SSL_SUCCESS);
  31799. AssertNotNull(c = BN_new());
  31800. AssertIntEQ(BN_set_word(c, 4), SSL_SUCCESS);
  31801. AssertIntEQ(BN_cmp(a, b), 0);
  31802. AssertIntLT(BN_cmp(a, c), 0);
  31803. AssertIntGT(BN_cmp(c, b), 0);
  31804. AssertIntEQ(BN_set_word(a, 0), 1);
  31805. AssertIntEQ(BN_is_zero(a), 1);
  31806. AssertIntEQ(BN_set_bit(a, 0x45), 1);
  31807. AssertIntEQ(BN_is_zero(a), 0);
  31808. AssertIntEQ(BN_is_bit_set(a, 0x45), 1);
  31809. AssertIntEQ(BN_clear_bit(a, 0x45), 1);
  31810. AssertIntEQ(BN_is_bit_set(a, 0x45), 0);
  31811. AssertIntEQ(BN_is_zero(a), 1);
  31812. BN_free(a);
  31813. BN_free(b);
  31814. BN_free(c);
  31815. #if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
  31816. {
  31817. BIGNUM *ap;
  31818. BIGNUM bv;
  31819. BIGNUM cv;
  31820. BIGNUM dv;
  31821. AssertNotNull(ap = BN_new());
  31822. BN_init(&bv);
  31823. BN_init(&cv);
  31824. BN_init(&dv);
  31825. AssertIntEQ(BN_set_word(ap, 3), SSL_SUCCESS);
  31826. AssertIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
  31827. AssertIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
  31828. /* a^b mod c = */
  31829. AssertIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE);
  31830. AssertIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
  31831. /* check result 3^2 mod 5 */
  31832. AssertIntEQ(BN_get_word(&dv), 4);
  31833. /* a*b mod c = */
  31834. AssertIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE);
  31835. AssertIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
  31836. /* check result 3*2 mod 5 */
  31837. AssertIntEQ(BN_get_word(&dv), 1);
  31838. BN_free(ap);
  31839. }
  31840. #endif
  31841. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA))
  31842. AssertNotNull(a = BN_new());
  31843. AssertIntEQ(BN_generate_prime_ex(a, 512, 0, NULL, NULL, NULL),
  31844. SSL_SUCCESS);
  31845. AssertIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), SSL_SUCCESS);
  31846. BN_free(a);
  31847. #endif
  31848. res = TEST_RES_CHECK(1);
  31849. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
  31850. return res;
  31851. }
  31852. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  31853. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  31854. #define TEST_ARG 0x1234
  31855. static void msg_cb(int write_p, int version, int content_type,
  31856. const void *buf, size_t len, SSL *ssl, void *arg)
  31857. {
  31858. (void)write_p;
  31859. (void)version;
  31860. (void)content_type;
  31861. (void)buf;
  31862. (void)len;
  31863. (void)ssl;
  31864. AssertTrue(arg == (void*)TEST_ARG);
  31865. }
  31866. #endif
  31867. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  31868. !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
  31869. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
  31870. !defined(NO_WOLFSSL_SERVER)
  31871. #ifndef SINGLE_THREADED
  31872. #if defined(SESSION_CERTS)
  31873. #include "wolfssl/internal.h"
  31874. #endif
  31875. static int msgCb(SSL_CTX *ctx, SSL *ssl)
  31876. {
  31877. #if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO)
  31878. STACK_OF(X509)* sk;
  31879. X509* x509;
  31880. int i, num;
  31881. BIO* bio;
  31882. #endif
  31883. (void) ctx;
  31884. fprintf(stderr, "\n===== msgcb called ====\n");
  31885. #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
  31886. AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL);
  31887. AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2);
  31888. AssertNotNull(SSL_get0_verified_chain(ssl));
  31889. #else
  31890. (void) ssl;
  31891. #endif
  31892. #if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO)
  31893. bio = BIO_new(BIO_s_file());
  31894. BIO_set_fp(bio, stderr, BIO_NOCLOSE);
  31895. sk = SSL_get_peer_cert_chain(ssl);
  31896. AssertNotNull(sk);
  31897. if (!sk) {
  31898. BIO_free(bio);
  31899. return SSL_FAILURE;
  31900. }
  31901. num = sk_X509_num(sk);
  31902. AssertTrue(num > 0);
  31903. for (i = 0; i < num; i++) {
  31904. x509 = sk_X509_value(sk,i);
  31905. AssertNotNull(x509);
  31906. if (!x509)
  31907. break;
  31908. fprintf(stderr, "Certificate at index [%d] = :\n",i);
  31909. X509_print(bio,x509);
  31910. fprintf(stderr, "\n\n");
  31911. }
  31912. BIO_free(bio);
  31913. #endif
  31914. return SSL_SUCCESS;
  31915. }
  31916. #endif
  31917. #endif
  31918. static int test_wolfSSL_msgCb(void)
  31919. {
  31920. int res = TEST_SKIPPED;
  31921. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  31922. !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
  31923. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
  31924. !defined(NO_WOLFSSL_SERVER)
  31925. tcp_ready ready;
  31926. func_args client_args;
  31927. func_args server_args;
  31928. #ifndef SINGLE_THREADED
  31929. THREAD_TYPE serverThread;
  31930. #endif
  31931. callback_functions client_cb;
  31932. callback_functions server_cb;
  31933. /* create a failed connection and inspect the error */
  31934. #ifdef WOLFSSL_TIRTOS
  31935. fdOpenSession(Task_self());
  31936. #endif
  31937. XMEMSET(&client_args, 0, sizeof(func_args));
  31938. XMEMSET(&server_args, 0, sizeof(func_args));
  31939. StartTCP();
  31940. InitTcpReady(&ready);
  31941. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  31942. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  31943. #ifndef WOLFSSL_NO_TLS12
  31944. client_cb.method = wolfTLSv1_2_client_method;
  31945. server_cb.method = wolfTLSv1_2_server_method;
  31946. #else
  31947. client_cb.method = wolfTLSv1_3_client_method;
  31948. server_cb.method = wolfTLSv1_3_server_method;
  31949. #endif
  31950. server_args.signal = &ready;
  31951. server_args.callbacks = &server_cb;
  31952. client_args.signal = &ready;
  31953. client_args.callbacks = &client_cb;
  31954. client_args.return_code = TEST_FAIL;
  31955. #ifndef SINGLE_THREADED
  31956. start_thread(test_server_nofail, &server_args, &serverThread);
  31957. wait_tcp_ready(&server_args);
  31958. test_client_nofail(&client_args, msgCb);
  31959. join_thread(serverThread);
  31960. #endif
  31961. FreeTcpReady(&ready);
  31962. #ifndef SINGLE_THREADED
  31963. AssertTrue(client_args.return_code);
  31964. AssertTrue(server_args.return_code);
  31965. #endif
  31966. #ifdef WOLFSSL_TIRTOS
  31967. fdOpenSession(Task_self());
  31968. #endif
  31969. res = TEST_RES_CHECK(1);
  31970. #endif
  31971. return res;
  31972. }
  31973. static int test_wolfSSL_either_side(void)
  31974. {
  31975. int res = TEST_SKIPPED;
  31976. #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
  31977. !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  31978. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
  31979. tcp_ready ready;
  31980. func_args client_args;
  31981. func_args server_args;
  31982. #ifndef SINGLE_THREADED
  31983. THREAD_TYPE serverThread;
  31984. #endif
  31985. callback_functions client_cb;
  31986. callback_functions server_cb;
  31987. /* create a failed connection and inspect the error */
  31988. #ifdef WOLFSSL_TIRTOS
  31989. fdOpenSession(Task_self());
  31990. #endif
  31991. XMEMSET(&client_args, 0, sizeof(func_args));
  31992. XMEMSET(&server_args, 0, sizeof(func_args));
  31993. StartTCP();
  31994. InitTcpReady(&ready);
  31995. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  31996. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  31997. /* Use different CTX for client and server */
  31998. client_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
  31999. AssertNotNull(client_cb.ctx);
  32000. server_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
  32001. AssertNotNull(server_cb.ctx);
  32002. /* we are responsible for free'ing WOLFSSL_CTX */
  32003. server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
  32004. server_args.signal = &ready;
  32005. server_args.callbacks = &server_cb;
  32006. client_args.signal = &ready;
  32007. client_args.callbacks = &client_cb;
  32008. client_args.return_code = TEST_FAIL;
  32009. #ifndef SINGLE_THREADED
  32010. start_thread(test_server_nofail, &server_args, &serverThread);
  32011. wait_tcp_ready(&server_args);
  32012. test_client_nofail(&client_args, NULL);
  32013. join_thread(serverThread);
  32014. #endif
  32015. wolfSSL_CTX_free(client_cb.ctx);
  32016. wolfSSL_CTX_free(server_cb.ctx);
  32017. FreeTcpReady(&ready);
  32018. #ifndef SINGLE_THREADED
  32019. AssertTrue(client_args.return_code);
  32020. AssertTrue(server_args.return_code);
  32021. #endif
  32022. #ifdef WOLFSSL_TIRTOS
  32023. fdOpenSession(Task_self());
  32024. #endif
  32025. res = TEST_RES_CHECK(1);
  32026. #endif
  32027. return res;
  32028. }
  32029. static int test_wolfSSL_DTLS_either_side(void)
  32030. {
  32031. int res = TEST_SKIPPED;
  32032. #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
  32033. !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  32034. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
  32035. defined(WOLFSSL_DTLS)
  32036. tcp_ready ready;
  32037. func_args client_args;
  32038. func_args server_args;
  32039. #ifndef SINGLE_THREADED
  32040. THREAD_TYPE serverThread;
  32041. #endif
  32042. callback_functions client_cb;
  32043. callback_functions server_cb;
  32044. /* create a failed connection and inspect the error */
  32045. #ifdef WOLFSSL_TIRTOS
  32046. fdOpenSession(Task_self());
  32047. #endif
  32048. XMEMSET(&client_args, 0, sizeof(func_args));
  32049. XMEMSET(&server_args, 0, sizeof(func_args));
  32050. StartTCP();
  32051. InitTcpReady(&ready);
  32052. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  32053. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  32054. /* Use different CTX for client and server */
  32055. client_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
  32056. AssertNotNull(client_cb.ctx);
  32057. server_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
  32058. AssertNotNull(server_cb.ctx);
  32059. /* we are responsible for free'ing WOLFSSL_CTX */
  32060. server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
  32061. server_args.signal = &ready;
  32062. server_args.callbacks = &server_cb;
  32063. client_args.signal = &ready;
  32064. client_args.callbacks = &client_cb;
  32065. client_args.return_code = TEST_FAIL;
  32066. #ifndef SINGLE_THREADED
  32067. start_thread(test_server_nofail, &server_args, &serverThread);
  32068. wait_tcp_ready(&server_args);
  32069. test_client_nofail(&client_args, NULL);
  32070. join_thread(serverThread);
  32071. #endif
  32072. wolfSSL_CTX_free(client_cb.ctx);
  32073. wolfSSL_CTX_free(server_cb.ctx);
  32074. FreeTcpReady(&ready);
  32075. #ifndef SINGLE_THREADED
  32076. AssertTrue(client_args.return_code);
  32077. AssertTrue(server_args.return_code);
  32078. #endif
  32079. #ifdef WOLFSSL_TIRTOS
  32080. fdOpenSession(Task_self());
  32081. #endif
  32082. res = TEST_RES_CHECK(1);
  32083. #endif
  32084. return res;
  32085. }
  32086. static int test_generate_cookie(void)
  32087. {
  32088. int res = TEST_SKIPPED;
  32089. #if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) && defined(USE_WOLFSSL_IO)
  32090. SSL_CTX* ctx;
  32091. SSL* ssl;
  32092. byte buf[FOURK_BUF] = {0};
  32093. AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLS_method()));
  32094. AssertNotNull(ssl = SSL_new(ctx));
  32095. /* Test unconnected */
  32096. AssertIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E);
  32097. wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie);
  32098. wolfSSL_SetCookieCtx(ssl, ctx);
  32099. AssertNotNull(wolfSSL_GetCookieCtx(ssl));
  32100. AssertNull(wolfSSL_GetCookieCtx(NULL));
  32101. SSL_free(ssl);
  32102. SSL_CTX_free(ctx);
  32103. res = TEST_RES_CHECK(1);
  32104. #endif
  32105. return res;
  32106. }
  32107. static int test_wolfSSL_set_options(void)
  32108. {
  32109. int res = TEST_SKIPPED;
  32110. #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  32111. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  32112. WOLFSSL* ssl;
  32113. WOLFSSL_CTX* ctx;
  32114. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  32115. char appData[] = "extra msg";
  32116. #endif
  32117. #ifdef OPENSSL_EXTRA
  32118. unsigned char protos[] = {
  32119. 7, 't', 'l', 's', '/', '1', '.', '2',
  32120. 8, 'h', 't', 't', 'p', '/', '1', '.', '1'
  32121. };
  32122. unsigned int len = sizeof(protos);
  32123. void *arg = (void *)TEST_ARG;
  32124. #endif
  32125. #ifndef NO_WOLFSSL_SERVER
  32126. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  32127. #else
  32128. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  32129. #endif
  32130. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  32131. WOLFSSL_FILETYPE_PEM));
  32132. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  32133. WOLFSSL_FILETYPE_PEM));
  32134. AssertTrue(wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1)
  32135. == WOLFSSL_OP_NO_TLSv1);
  32136. AssertTrue(wolfSSL_CTX_get_options(ctx) == WOLFSSL_OP_NO_TLSv1);
  32137. AssertIntGT((int)wolfSSL_CTX_set_options(ctx, (WOLFSSL_OP_COOKIE_EXCHANGE |
  32138. WOLFSSL_OP_NO_SSLv2)), 0);
  32139. AssertTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_COOKIE_EXCHANGE) &
  32140. WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE);
  32141. AssertTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_2) &
  32142. WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2);
  32143. AssertTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_COMPRESSION) &
  32144. WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION);
  32145. AssertFalse((wolfSSL_CTX_clear_options(ctx, WOLFSSL_OP_NO_COMPRESSION) &
  32146. WOLFSSL_OP_NO_COMPRESSION));
  32147. wolfSSL_CTX_free(ctx);
  32148. #ifndef NO_WOLFSSL_SERVER
  32149. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  32150. AssertNotNull(ctx);
  32151. #else
  32152. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  32153. AssertNotNull(ctx);
  32154. #endif
  32155. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  32156. WOLFSSL_FILETYPE_PEM));
  32157. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  32158. WOLFSSL_FILETYPE_PEM));
  32159. #ifdef OPENSSL_EXTRA
  32160. AssertTrue(wolfSSL_CTX_set_msg_callback(ctx, msg_cb) == WOLFSSL_SUCCESS);
  32161. #endif
  32162. AssertNotNull(ssl = wolfSSL_new(ctx));
  32163. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  32164. #ifdef HAVE_EX_DATA
  32165. AssertIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_SUCCESS);
  32166. AssertNotNull(wolfSSL_get_app_data((const WOLFSSL*)ssl));
  32167. if (ssl) {
  32168. AssertIntEQ(XMEMCMP(wolfSSL_get_app_data((const WOLFSSL*)ssl),
  32169. appData, sizeof(appData)), 0);
  32170. }
  32171. #else
  32172. AssertIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_FAILURE);
  32173. AssertNull(wolfSSL_get_app_data((const WOLFSSL*)ssl));
  32174. #endif
  32175. #endif
  32176. AssertTrue(wolfSSL_set_options(ssl, WOLFSSL_OP_NO_TLSv1) ==
  32177. WOLFSSL_OP_NO_TLSv1);
  32178. AssertTrue(wolfSSL_get_options(ssl) == WOLFSSL_OP_NO_TLSv1);
  32179. AssertIntGT((int)wolfSSL_set_options(ssl, (WOLFSSL_OP_COOKIE_EXCHANGE |
  32180. WOLFSSL_OP_NO_SSLv2)), 0);
  32181. AssertTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_COOKIE_EXCHANGE) &
  32182. WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE);
  32183. AssertTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_NO_TLSv1_2) &
  32184. WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2);
  32185. AssertTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_NO_COMPRESSION) &
  32186. WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION);
  32187. #ifdef OPENSSL_EXTRA
  32188. AssertFalse((wolfSSL_clear_options(ssl, WOLFSSL_OP_NO_COMPRESSION) &
  32189. WOLFSSL_OP_NO_COMPRESSION));
  32190. #endif
  32191. #ifdef OPENSSL_EXTRA
  32192. AssertTrue(wolfSSL_set_msg_callback(ssl, msg_cb) == WOLFSSL_SUCCESS);
  32193. wolfSSL_set_msg_callback_arg(ssl, arg);
  32194. #ifdef WOLFSSL_ERROR_CODE_OPENSSL
  32195. AssertTrue(wolfSSL_CTX_set_alpn_protos(ctx, protos, len) == 0);
  32196. #else
  32197. AssertTrue(wolfSSL_CTX_set_alpn_protos(ctx, protos, len) == WOLFSSL_SUCCESS);
  32198. #endif
  32199. #endif
  32200. #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
  32201. defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \
  32202. defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
  32203. #if defined(HAVE_ALPN) && !defined(NO_BIO)
  32204. #ifdef WOLFSSL_ERROR_CODE_OPENSSL
  32205. AssertTrue(wolfSSL_set_alpn_protos(ssl, protos, len) == 0);
  32206. #else
  32207. AssertTrue(wolfSSL_set_alpn_protos(ssl, protos, len) == WOLFSSL_SUCCESS);
  32208. #endif
  32209. #endif /* HAVE_ALPN && !NO_BIO */
  32210. #endif
  32211. wolfSSL_free(ssl);
  32212. wolfSSL_CTX_free(ctx);
  32213. res = TEST_RES_CHECK(1);
  32214. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  32215. #endif /* !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  32216. return res;
  32217. }
  32218. static int test_wolfSSL_sk_SSL_CIPHER(void)
  32219. {
  32220. int res = TEST_SKIPPED;
  32221. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  32222. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  32223. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  32224. SSL* ssl;
  32225. SSL_CTX* ctx;
  32226. STACK_OF(SSL_CIPHER) *sk, *dupSk;
  32227. #ifndef NO_WOLFSSL_SERVER
  32228. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  32229. #else
  32230. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  32231. #endif
  32232. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  32233. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  32234. AssertNotNull(ssl = SSL_new(ctx));
  32235. AssertNotNull(sk = SSL_get_ciphers(ssl));
  32236. AssertNotNull(dupSk = sk_SSL_CIPHER_dup(sk));
  32237. AssertIntGT(sk_SSL_CIPHER_num(sk), 0);
  32238. AssertIntEQ(sk_SSL_CIPHER_num(sk), sk_SSL_CIPHER_num(dupSk));
  32239. /* error case because connection has not been established yet */
  32240. AssertIntEQ(sk_SSL_CIPHER_find(sk, SSL_get_current_cipher(ssl)), -1);
  32241. sk_SSL_CIPHER_free(dupSk);
  32242. /* sk is pointer to internal struct that should be free'd in SSL_free */
  32243. SSL_free(ssl);
  32244. SSL_CTX_free(ctx);
  32245. res = TEST_RES_CHECK(1);
  32246. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  32247. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  32248. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  32249. return res;
  32250. }
  32251. static int test_wolfSSL_set1_curves_list(void)
  32252. {
  32253. int res = TEST_SKIPPED;
  32254. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
  32255. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  32256. SSL* ssl = NULL;
  32257. SSL_CTX* ctx = NULL;
  32258. #ifndef NO_WOLFSSL_SERVER
  32259. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  32260. #else
  32261. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  32262. #endif
  32263. AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
  32264. SSL_FILETYPE_PEM));
  32265. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM));
  32266. AssertNotNull(ssl = SSL_new(ctx));
  32267. AssertIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE);
  32268. #ifdef HAVE_ECC
  32269. AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE);
  32270. AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS);
  32271. #endif
  32272. #ifdef HAVE_CURVE25519
  32273. AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_SUCCESS);
  32274. #else
  32275. AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_FAILURE);
  32276. #endif
  32277. #ifdef HAVE_CURVE448
  32278. AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_SUCCESS);
  32279. #else
  32280. AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_FAILURE);
  32281. #endif
  32282. AssertIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE);
  32283. #ifdef HAVE_ECC
  32284. AssertIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE);
  32285. AssertIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS);
  32286. #endif
  32287. #ifdef HAVE_CURVE25519
  32288. AssertIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_SUCCESS);
  32289. #else
  32290. AssertIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_FAILURE);
  32291. #endif
  32292. #ifdef HAVE_CURVE448
  32293. AssertIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_SUCCESS);
  32294. #else
  32295. AssertIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_FAILURE);
  32296. #endif
  32297. SSL_free(ssl);
  32298. SSL_CTX_free(ctx);
  32299. res = TEST_RES_CHECK(1);
  32300. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  32301. #endif
  32302. return res;
  32303. }
  32304. static int test_wolfSSL_set1_sigalgs_list(void)
  32305. {
  32306. int res = TEST_SKIPPED;
  32307. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
  32308. #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  32309. SSL* ssl;
  32310. SSL_CTX* ctx;
  32311. #ifndef NO_WOLFSSL_SERVER
  32312. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  32313. #else
  32314. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  32315. #endif
  32316. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
  32317. SSL_FILETYPE_PEM));
  32318. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  32319. AssertNotNull(ssl = SSL_new(ctx));
  32320. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
  32321. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WOLFSSL_FAILURE);
  32322. AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
  32323. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WOLFSSL_FAILURE);
  32324. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WOLFSSL_FAILURE);
  32325. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WOLFSSL_FAILURE);
  32326. #ifndef NO_RSA
  32327. #ifndef NO_SHA256
  32328. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, "RSA+SHA256"),
  32329. WOLFSSL_FAILURE);
  32330. AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, "RSA+SHA256"),
  32331. WOLFSSL_FAILURE);
  32332. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256"),
  32333. WOLFSSL_SUCCESS);
  32334. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256"),
  32335. WOLFSSL_SUCCESS);
  32336. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-SHA256"),
  32337. WOLFSSL_FAILURE);
  32338. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-SHA256"),
  32339. WOLFSSL_FAILURE);
  32340. #ifdef WC_RSA_PSS
  32341. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-PSS+SHA256"),
  32342. WOLFSSL_SUCCESS);
  32343. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-PSS+SHA256"),
  32344. WOLFSSL_SUCCESS);
  32345. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "PSS+SHA256"),
  32346. WOLFSSL_SUCCESS);
  32347. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "PSS+SHA256"),
  32348. WOLFSSL_SUCCESS);
  32349. #endif
  32350. #ifdef WOLFSSL_SHA512
  32351. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
  32352. "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS);
  32353. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
  32354. "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS);
  32355. #elif defined(WOLFSSL_SHA384)
  32356. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
  32357. "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
  32358. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
  32359. "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
  32360. #endif
  32361. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WOLFSSL_FAILURE);
  32362. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WOLFSSL_FAILURE);
  32363. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA:RSA+SHA256"),
  32364. WOLFSSL_FAILURE);
  32365. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA:RSA+SHA256"),
  32366. WOLFSSL_FAILURE);
  32367. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256+SHA256"),
  32368. WOLFSSL_FAILURE);
  32369. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256+RSA"),
  32370. WOLFSSL_FAILURE);
  32371. #endif
  32372. #endif
  32373. #ifdef HAVE_ECC
  32374. #ifndef NO_SHA256
  32375. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256"),
  32376. WOLFSSL_SUCCESS);
  32377. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256"), WOLFSSL_SUCCESS);
  32378. #ifdef WOLFSSL_SHA512
  32379. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
  32380. "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS);
  32381. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
  32382. "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS);
  32383. #elif defined(WOLFSSL_SHA384)
  32384. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
  32385. "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS);
  32386. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
  32387. "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS);
  32388. #endif
  32389. #endif
  32390. #endif
  32391. #ifdef HAVE_ED25519
  32392. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED25519"), WOLFSSL_SUCCESS);
  32393. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED25519"), WOLFSSL_SUCCESS);
  32394. #endif
  32395. #ifdef HAVE_ED448
  32396. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED448"), WOLFSSL_SUCCESS);
  32397. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED448"), WOLFSSL_SUCCESS);
  32398. #endif
  32399. #ifndef NO_DSA
  32400. #ifndef NO_SHA256
  32401. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA256"),
  32402. WOLFSSL_SUCCESS);
  32403. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA256"),
  32404. WOLFSSL_SUCCESS);
  32405. #endif
  32406. #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
  32407. defined(WOLFSSL_ALLOW_TLS_SHA1))
  32408. AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA1"),
  32409. WOLFSSL_SUCCESS);
  32410. AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA1"),
  32411. WOLFSSL_SUCCESS);
  32412. #endif
  32413. #endif
  32414. SSL_free(ssl);
  32415. SSL_CTX_free(ctx);
  32416. res = TEST_RES_CHECK(1);
  32417. #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
  32418. #endif
  32419. return res;
  32420. }
  32421. /* Testing wolfSSL_set_tlsext_status_type function.
  32422. * PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined.
  32423. */
  32424. static int test_wolfSSL_set_tlsext_status_type(void)
  32425. {
  32426. int res = TEST_SKIPPED;
  32427. #if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
  32428. !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
  32429. SSL* ssl;
  32430. SSL_CTX* ctx;
  32431. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  32432. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  32433. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  32434. AssertNotNull(ssl = SSL_new(ctx));
  32435. AssertIntEQ(SSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp),
  32436. SSL_SUCCESS);
  32437. AssertIntEQ(SSL_get_tlsext_status_type(ssl), TLSEXT_STATUSTYPE_ocsp);
  32438. SSL_free(ssl);
  32439. SSL_CTX_free(ctx);
  32440. res = TEST_RES_CHECK(1);
  32441. #endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */
  32442. return res;
  32443. }
  32444. #ifndef NO_BIO
  32445. static int test_wolfSSL_PEM_read_bio(void)
  32446. {
  32447. int res = TEST_SKIPPED;
  32448. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  32449. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  32450. byte buff[6000];
  32451. XFILE f;
  32452. int bytes;
  32453. X509* x509;
  32454. BIO* bio = NULL;
  32455. BUF_MEM* buf;
  32456. f = XFOPEN(cliCertFile, "rb");
  32457. AssertTrue((f != XBADFILE));
  32458. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  32459. XFCLOSE(f);
  32460. AssertNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
  32461. AssertNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
  32462. AssertIntEQ(BIO_set_mem_eof_return(bio, -0xDEAD), 1);
  32463. AssertNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
  32464. AssertIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1);
  32465. /* BIO should return the set EOF value */
  32466. AssertIntEQ(BIO_read(bio, buff, sizeof(buff)), -0xDEAD);
  32467. AssertIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1);
  32468. AssertIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1);
  32469. AssertIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf));
  32470. BIO_free(bio);
  32471. BUF_MEM_free(buf);
  32472. X509_free(x509);
  32473. res = TEST_RES_CHECK(1);
  32474. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  32475. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  32476. return res;
  32477. }
  32478. #if defined(OPENSSL_EXTRA)
  32479. static long bioCallback(BIO *bio, int cmd, const char* argp, int argi,
  32480. long argl, long ret)
  32481. {
  32482. (void)bio;
  32483. (void)cmd;
  32484. (void)argp;
  32485. (void)argi;
  32486. (void)argl;
  32487. return ret;
  32488. }
  32489. #endif
  32490. static int test_wolfSSL_BIO(void)
  32491. {
  32492. int res = TEST_SKIPPED;
  32493. #if defined(OPENSSL_EXTRA)
  32494. const unsigned char* p;
  32495. byte buff[20];
  32496. BIO* bio1;
  32497. BIO* bio2;
  32498. BIO* bio3;
  32499. char* bufPt;
  32500. int i;
  32501. for (i = 0; i < 20; i++) {
  32502. buff[i] = i;
  32503. }
  32504. /* test BIO_free with NULL */
  32505. AssertIntEQ(BIO_free(NULL), WOLFSSL_FAILURE);
  32506. /* Creating and testing type BIO_s_bio */
  32507. AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
  32508. AssertNotNull(bio2 = BIO_new(BIO_s_bio()));
  32509. AssertNotNull(bio3 = BIO_new(BIO_s_bio()));
  32510. /* read/write before set up */
  32511. AssertIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET);
  32512. AssertIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET);
  32513. AssertIntEQ(BIO_set_nbio(bio1, 1), 1);
  32514. AssertIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS);
  32515. AssertIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS);
  32516. AssertIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS);
  32517. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10);
  32518. XMEMCPY(bufPt, buff, 10);
  32519. AssertIntEQ(BIO_write(bio1, buff + 10, 10), 10);
  32520. /* write buffer full */
  32521. AssertIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR);
  32522. AssertIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS);
  32523. AssertIntEQ((int)BIO_ctrl_pending(bio1), 0);
  32524. /* write the other direction with pair */
  32525. AssertIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8);
  32526. XMEMCPY(bufPt, buff, 8);
  32527. AssertIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR);
  32528. /* try read */
  32529. AssertIntEQ((int)BIO_ctrl_pending(bio1), 8);
  32530. AssertIntEQ((int)BIO_ctrl_pending(bio2), 20);
  32531. /* try read using ctrl function */
  32532. AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8);
  32533. AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8);
  32534. AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20);
  32535. AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20);
  32536. AssertIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20);
  32537. for (i = 0; i < 20; i++) {
  32538. AssertIntEQ((int)bufPt[i], i);
  32539. }
  32540. AssertIntEQ(BIO_nread(bio2, &bufPt, 1), WOLFSSL_BIO_ERROR);
  32541. AssertIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8);
  32542. for (i = 0; i < 8; i++) {
  32543. AssertIntEQ((int)bufPt[i], i);
  32544. }
  32545. AssertIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR);
  32546. AssertIntEQ(BIO_ctrl_reset_read_request(bio1), 1);
  32547. /* new pair */
  32548. AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE);
  32549. BIO_free(bio2); /* free bio2 and automatically remove from pair */
  32550. AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS);
  32551. AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
  32552. AssertIntEQ(BIO_nread(bio3, &bufPt, 10), WOLFSSL_BIO_ERROR);
  32553. /* test wrap around... */
  32554. AssertIntEQ(BIO_reset(bio1), 0);
  32555. AssertIntEQ(BIO_reset(bio3), 0);
  32556. /* fill write buffer, read only small amount then write again */
  32557. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
  32558. XMEMCPY(bufPt, buff, 20);
  32559. AssertIntEQ(BIO_nread(bio3, &bufPt, 4), 4);
  32560. for (i = 0; i < 4; i++) {
  32561. AssertIntEQ(bufPt[i], i);
  32562. }
  32563. /* try writing over read index */
  32564. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4);
  32565. XMEMSET(bufPt, 0, 4);
  32566. AssertIntEQ((int)BIO_ctrl_pending(bio3), 20);
  32567. /* read and write 0 bytes */
  32568. AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
  32569. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0);
  32570. /* should read only to end of write buffer then need to read again */
  32571. AssertIntEQ(BIO_nread(bio3, &bufPt, 20), 16);
  32572. for (i = 0; i < 16; i++) {
  32573. AssertIntEQ(bufPt[i], buff[4 + i]);
  32574. }
  32575. AssertIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE);
  32576. AssertIntEQ(BIO_nread0(bio3, &bufPt), 4);
  32577. for (i = 0; i < 4; i++) {
  32578. AssertIntEQ(bufPt[i], 0);
  32579. }
  32580. /* read index should not have advanced with nread0 */
  32581. AssertIntEQ(BIO_nread(bio3, &bufPt, 5), 4);
  32582. for (i = 0; i < 4; i++) {
  32583. AssertIntEQ(bufPt[i], 0);
  32584. }
  32585. /* write and fill up buffer checking reset of index state */
  32586. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
  32587. XMEMCPY(bufPt, buff, 20);
  32588. /* test reset on data in bio1 write buffer */
  32589. AssertIntEQ(BIO_reset(bio1), 0);
  32590. AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
  32591. AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR);
  32592. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
  32593. AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20);
  32594. AssertNotNull(p);
  32595. XMEMCPY(bufPt, buff, 20);
  32596. AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6);
  32597. for (i = 0; i < 6; i++) {
  32598. AssertIntEQ(bufPt[i], i);
  32599. }
  32600. /* test case of writing twice with offset read index */
  32601. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3);
  32602. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */
  32603. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
  32604. AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
  32605. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
  32606. AssertIntEQ(BIO_nread(bio3, &bufPt, 1), 1);
  32607. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1);
  32608. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
  32609. BIO_free(bio1);
  32610. BIO_free(bio3);
  32611. #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
  32612. {
  32613. BIO* bioA = NULL;
  32614. BIO* bioB = NULL;
  32615. AssertIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG);
  32616. AssertIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS);
  32617. BIO_free(bioA);
  32618. bioA = NULL;
  32619. BIO_free(bioB);
  32620. bioB = NULL;
  32621. }
  32622. #endif /* OPENSSL_ALL || WOLFSSL_ASIO */
  32623. /* BIOs with file pointers */
  32624. #if !defined(NO_FILESYSTEM)
  32625. {
  32626. XFILE f1;
  32627. XFILE f2;
  32628. BIO* f_bio1;
  32629. BIO* f_bio2;
  32630. unsigned char cert[300];
  32631. char testFile[] = "tests/bio_write_test.txt";
  32632. char msg[] = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n";
  32633. AssertNotNull(f_bio1 = BIO_new(BIO_s_file()));
  32634. AssertNotNull(f_bio2 = BIO_new(BIO_s_file()));
  32635. /* Failure due to wrong BIO type */
  32636. AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
  32637. AssertIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0);
  32638. f1 = XFOPEN(svrCertFile, "rwb");
  32639. AssertTrue((f1 != XBADFILE));
  32640. AssertIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS);
  32641. AssertIntEQ(BIO_write_filename(f_bio2, testFile),
  32642. WOLFSSL_SUCCESS);
  32643. AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
  32644. AssertIntEQ(BIO_tell(f_bio1),sizeof(cert));
  32645. AssertIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg));
  32646. AssertIntEQ(BIO_tell(f_bio2),sizeof(msg));
  32647. AssertIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert));
  32648. AssertIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg));
  32649. AssertIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS);
  32650. AssertIntEQ(BIO_reset(f_bio2), 0);
  32651. AssertIntEQ(BIO_tell(NULL),-1);
  32652. AssertIntEQ(BIO_tell(f_bio2),0);
  32653. AssertIntEQ(BIO_seek(f_bio2, 4), 0);
  32654. AssertIntEQ(BIO_tell(f_bio2),4);
  32655. BIO_free(f_bio1);
  32656. BIO_free(f_bio2);
  32657. AssertNotNull(f_bio1 = BIO_new_file(svrCertFile, "rwb"));
  32658. AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
  32659. AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
  32660. BIO_free(f_bio1);
  32661. }
  32662. #endif /* !defined(NO_FILESYSTEM) */
  32663. /* BIO info callback */
  32664. {
  32665. const char* testArg = "test";
  32666. BIO* cb_bio;
  32667. AssertNotNull(cb_bio = BIO_new(BIO_s_mem()));
  32668. BIO_set_callback(cb_bio, bioCallback);
  32669. AssertNotNull(BIO_get_callback(cb_bio));
  32670. BIO_set_callback(cb_bio, NULL);
  32671. AssertNull(BIO_get_callback(cb_bio));
  32672. BIO_set_callback_arg(cb_bio, (char*)testArg);
  32673. AssertStrEQ(BIO_get_callback_arg(cb_bio), testArg);
  32674. AssertNull(BIO_get_callback_arg(NULL));
  32675. BIO_free(cb_bio);
  32676. }
  32677. /* BIO_vfree */
  32678. AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
  32679. BIO_vfree(NULL);
  32680. BIO_vfree(bio1);
  32681. res = TEST_RES_CHECK(1);
  32682. #endif
  32683. return res;
  32684. }
  32685. #endif /* !NO_BIO */
  32686. static int test_wolfSSL_ASN1_STRING(void)
  32687. {
  32688. int res = TEST_SKIPPED;
  32689. #if defined(OPENSSL_EXTRA)
  32690. ASN1_STRING* str = NULL;
  32691. const char data[] = "hello wolfSSL";
  32692. AssertNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
  32693. AssertIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING);
  32694. AssertIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1);
  32695. AssertIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
  32696. AssertIntEQ(ASN1_STRING_set(str, NULL, -1), 0);
  32697. ASN1_STRING_free(str);
  32698. res = TEST_RES_CHECK(1);
  32699. #endif
  32700. return res;
  32701. }
  32702. static int test_wolfSSL_ASN1_BIT_STRING(void)
  32703. {
  32704. int res = TEST_SKIPPED;
  32705. #ifdef OPENSSL_ALL
  32706. ASN1_BIT_STRING* str;
  32707. AssertNotNull(str = ASN1_BIT_STRING_new());
  32708. AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1);
  32709. AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1);
  32710. AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0);
  32711. AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1);
  32712. AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1);
  32713. AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0);
  32714. ASN1_BIT_STRING_free(str);
  32715. res = TEST_RES_CHECK(1);
  32716. #endif
  32717. return res;
  32718. }
  32719. static int test_wolfSSL_a2i_ASN1_INTEGER(void)
  32720. {
  32721. int res = TEST_SKIPPED;
  32722. #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
  32723. BIO *bio, *out;
  32724. ASN1_INTEGER* ai;
  32725. char buf[] = "123456\n12345\n112345678912345678901234567890\n";
  32726. char tmp[1024];
  32727. int tmpSz;
  32728. const char expected1[] = "123456";
  32729. const char expected2[] = "112345678912345678901234567890";
  32730. AssertNotNull(bio = BIO_new_mem_buf(buf, -1));
  32731. AssertNotNull(out = BIO_new(BIO_s_mem()));
  32732. AssertNotNull(ai = ASN1_INTEGER_new());
  32733. /* read first line */
  32734. AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
  32735. AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
  32736. XMEMSET(tmp, 0, 1024);
  32737. tmpSz = BIO_read(out, tmp, 1024);
  32738. AssertIntEQ(tmpSz, 6);
  32739. AssertIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);
  32740. /* fail on second line (not % 2) */
  32741. AssertIntNE(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
  32742. /* read 3rd long line */
  32743. AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
  32744. AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
  32745. XMEMSET(tmp, 0, 1024);
  32746. tmpSz = BIO_read(out, tmp, 1024);
  32747. AssertIntEQ(tmpSz, 30);
  32748. AssertIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);
  32749. BIO_free(out);
  32750. BIO_free(bio);
  32751. ASN1_INTEGER_free(ai);
  32752. res = TEST_RES_CHECK(1);
  32753. #endif
  32754. return res;
  32755. }
  32756. static int test_wolfSSL_a2i_IPADDRESS(void)
  32757. {
  32758. int res = TEST_SKIPPED;
  32759. #if defined(OPENSSL_ALL) && !defined(WOLFSSL_USER_IO)
  32760. const unsigned char* data;
  32761. int dataSz = 0;
  32762. ASN1_OCTET_STRING *st;
  32763. const unsigned char ipv4_exp[] = {0x7F, 0, 0, 1};
  32764. const unsigned char ipv6_exp[] = {
  32765. 0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
  32766. 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77
  32767. };
  32768. const unsigned char ipv6_home[] = {
  32769. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  32770. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
  32771. };
  32772. AssertNull(st = a2i_IPADDRESS("127.0.0.1bad"));
  32773. AssertNotNull(st = a2i_IPADDRESS("127.0.0.1"));
  32774. data = ASN1_STRING_get0_data(st);
  32775. dataSz = ASN1_STRING_length(st);
  32776. AssertIntEQ(dataSz, WOLFSSL_IP4_ADDR_LEN);
  32777. AssertIntEQ(XMEMCMP(data, ipv4_exp, dataSz), 0);
  32778. ASN1_STRING_free(st);
  32779. AssertNotNull(st = a2i_IPADDRESS("::1"));
  32780. data = ASN1_STRING_get0_data(st);
  32781. dataSz = ASN1_STRING_length(st);
  32782. AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN);
  32783. AssertIntEQ(XMEMCMP(data, ipv6_home, dataSz), 0);
  32784. ASN1_STRING_free(st);
  32785. AssertNotNull(st = a2i_IPADDRESS("2021:db8::ff00:42:7777"));
  32786. data = ASN1_STRING_get0_data(st);
  32787. dataSz = ASN1_STRING_length(st);
  32788. AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN);
  32789. AssertIntEQ(XMEMCMP(data, ipv6_exp, dataSz), 0);
  32790. ASN1_STRING_free(st);
  32791. res = TEST_RES_CHECK(1);
  32792. #endif
  32793. return res;
  32794. }
  32795. static int test_wolfSSL_DES_ecb_encrypt(void)
  32796. {
  32797. int res = TEST_SKIPPED;
  32798. #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
  32799. WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2;
  32800. WOLFSSL_DES_key_schedule key;
  32801. XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule));
  32802. XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock));
  32803. XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock));
  32804. XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock));
  32805. XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock));
  32806. XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock));
  32807. XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock));
  32808. /* Encrypt messages */
  32809. wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT);
  32810. wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT);
  32811. {
  32812. /* Decrypt messages */
  32813. int ret1 = 0;
  32814. int ret2 = 0;
  32815. wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT);
  32816. ret1 = XMEMCMP((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock));
  32817. AssertIntEQ(ret1,0);
  32818. wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT);
  32819. ret2 = XMEMCMP((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock));
  32820. AssertIntEQ(ret2,0);
  32821. }
  32822. res = TEST_RES_CHECK(1);
  32823. #endif
  32824. return res;
  32825. }
  32826. static int test_wolfSSL_ASN1_TIME_adj(void)
  32827. {
  32828. int res = TEST_SKIPPED;
  32829. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
  32830. && !defined(USER_TIME) && !defined(TIME_OVERRIDES)
  32831. const int year = 365*24*60*60;
  32832. const int day = 24*60*60;
  32833. const int hour = 60*60;
  32834. const int mini = 60;
  32835. const byte asn_utc_time = ASN_UTC_TIME;
  32836. #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
  32837. const byte asn_gen_time = ASN_GENERALIZED_TIME;
  32838. #endif
  32839. WOLFSSL_ASN1_TIME *asn_time, *s;
  32840. int offset_day;
  32841. long offset_sec;
  32842. char date_str[CTC_DATE_SIZE + 1];
  32843. time_t t;
  32844. AssertNotNull(s = wolfSSL_ASN1_TIME_new());
  32845. /* UTC notation test */
  32846. /* 2000/2/15 20:30:00 */
  32847. t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
  32848. offset_day = 7;
  32849. offset_sec = 45 * mini;
  32850. /* offset_sec = -45 * min;*/
  32851. AssertNotNull(asn_time =
  32852. wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec));
  32853. AssertTrue(asn_time->type == asn_utc_time);
  32854. XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
  32855. date_str[CTC_DATE_SIZE] = '\0';
  32856. AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13));
  32857. /* negative offset */
  32858. offset_sec = -45 * mini;
  32859. asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
  32860. AssertNotNull(asn_time);
  32861. AssertTrue(asn_time->type == asn_utc_time);
  32862. XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
  32863. date_str[CTC_DATE_SIZE] = '\0';
  32864. AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13));
  32865. XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
  32866. XMEMSET(date_str, 0, sizeof(date_str));
  32867. /* Generalized time will overflow time_t if not long */
  32868. #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
  32869. s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
  32870. DYNAMIC_TYPE_OPENSSL);
  32871. /* GeneralizedTime notation test */
  32872. /* 2055/03/01 09:00:00 */
  32873. t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day;
  32874. offset_day = 12;
  32875. offset_sec = 10 * mini;
  32876. asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
  32877. AssertTrue(asn_time->type == asn_gen_time);
  32878. XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
  32879. date_str[CTC_DATE_SIZE] = '\0';
  32880. AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15));
  32881. XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
  32882. XMEMSET(date_str, 0, sizeof(date_str));
  32883. #endif /* !TIME_T_NOT_64BIT && !NO_64BIT */
  32884. /* if WOLFSSL_ASN1_TIME struct is not allocated */
  32885. s = NULL;
  32886. t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day;
  32887. offset_day = 7;
  32888. offset_sec = 45 * mini;
  32889. asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
  32890. AssertTrue(asn_time->type == asn_utc_time);
  32891. XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
  32892. date_str[CTC_DATE_SIZE] = '\0';
  32893. AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
  32894. XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
  32895. asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec);
  32896. AssertTrue(asn_time->type == asn_utc_time);
  32897. XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
  32898. date_str[CTC_DATE_SIZE] = '\0';
  32899. AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
  32900. XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
  32901. res = TEST_RES_CHECK(1);
  32902. #endif
  32903. return res;
  32904. }
  32905. static int test_wolfSSL_ASN1_TIME_to_tm(void)
  32906. {
  32907. int res = TEST_SKIPPED;
  32908. #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
  32909. defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) \
  32910. && !defined(NO_ASN_TIME)
  32911. ASN1_TIME asnTime;
  32912. struct tm tm;
  32913. XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
  32914. AssertIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1);
  32915. AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
  32916. AssertIntEQ(tm.tm_sec, 15);
  32917. AssertIntEQ(tm.tm_min, 15);
  32918. AssertIntEQ(tm.tm_hour, 21);
  32919. AssertIntEQ(tm.tm_mday, 22);
  32920. AssertIntEQ(tm.tm_mon, 1);
  32921. AssertIntEQ(tm.tm_year, 100);
  32922. AssertIntEQ(tm.tm_isdst, 0);
  32923. #ifdef XMKTIME
  32924. AssertIntEQ(tm.tm_wday, 2);
  32925. AssertIntEQ(tm.tm_yday, 52);
  32926. #endif
  32927. res = TEST_RES_CHECK(1);
  32928. #endif
  32929. return res;
  32930. }
  32931. static int test_wolfSSL_X509_cmp_time(void)
  32932. {
  32933. int res = TEST_SKIPPED;
  32934. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
  32935. && !defined(USER_TIME) && !defined(TIME_OVERRIDES)
  32936. WOLFSSL_ASN1_TIME asn_time;
  32937. time_t t;
  32938. AssertIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t));
  32939. XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME));
  32940. AssertIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t));
  32941. AssertIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
  32942. AssertIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
  32943. res = TEST_RES_CHECK(1);
  32944. #endif
  32945. return res;
  32946. }
  32947. static int test_wolfSSL_X509_time_adj(void)
  32948. {
  32949. int res = TEST_SKIPPED;
  32950. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \
  32951. !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \
  32952. defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \
  32953. !defined(NO_ASN_TIME)
  32954. X509* x509;
  32955. time_t t, not_before, not_after;
  32956. AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
  32957. client_cert_der_2048, sizeof_client_cert_der_2048,
  32958. WOLFSSL_FILETYPE_ASN1));
  32959. t = 0;
  32960. not_before = wc_Time(0);
  32961. not_after = wc_Time(0) + (60 * 24 * 30); /* 30 days after */
  32962. AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t));
  32963. AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t));
  32964. /* Check X509_gmtime_adj, too. */
  32965. AssertNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after));
  32966. X509_free(x509);
  32967. res = TEST_RES_CHECK(1);
  32968. #endif
  32969. return res;
  32970. }
  32971. static int test_wolfSSL_X509(void)
  32972. {
  32973. int res = TEST_SKIPPED;
  32974. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)\
  32975. && !defined(NO_RSA)
  32976. X509* x509;
  32977. #ifndef NO_BIO
  32978. BIO* bio;
  32979. X509_STORE_CTX* ctx;
  32980. X509_STORE* store;
  32981. #endif
  32982. char der[] = "certs/ca-cert.der";
  32983. XFILE fp;
  32984. AssertNotNull(x509 = X509_new());
  32985. X509_free(x509);
  32986. #ifndef NO_BIO
  32987. x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
  32988. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  32989. #ifdef WOLFSSL_CERT_GEN
  32990. AssertIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
  32991. #endif
  32992. AssertNotNull(ctx = X509_STORE_CTX_new());
  32993. AssertIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR);
  32994. AssertNotNull(store = X509_STORE_new());
  32995. AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
  32996. AssertIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS);
  32997. AssertIntEQ(X509_verify_cert(ctx), SSL_SUCCESS);
  32998. X509_STORE_CTX_free(ctx);
  32999. X509_STORE_free(store);
  33000. X509_free(x509);
  33001. BIO_free(bio);
  33002. #endif
  33003. /** d2i_X509_fp test **/
  33004. fp = XFOPEN(der, "rb");
  33005. AssertTrue((fp != XBADFILE));
  33006. AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
  33007. AssertNotNull(x509);
  33008. X509_free(x509);
  33009. XFCLOSE(fp);
  33010. fp = XFOPEN(der, "rb");
  33011. AssertTrue((fp != XBADFILE));
  33012. AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
  33013. AssertNotNull(x509);
  33014. X509_free(x509);
  33015. XFCLOSE(fp);
  33016. /* X509_up_ref test */
  33017. AssertIntEQ(X509_up_ref(NULL), 0);
  33018. AssertNotNull(x509 = X509_new()); /* refCount = 1 */
  33019. AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */
  33020. AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */
  33021. X509_free(x509); /* refCount = 2 */
  33022. X509_free(x509); /* refCount = 1 */
  33023. X509_free(x509); /* refCount = 0, free */
  33024. res = TEST_RES_CHECK(1);
  33025. #endif
  33026. return res;
  33027. }
  33028. static int test_wolfSSL_X509_get_ext_count(void)
  33029. {
  33030. int res = TEST_SKIPPED;
  33031. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
  33032. !defined(NO_RSA)
  33033. int ret = 0;
  33034. WOLFSSL_X509* x509;
  33035. const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem";
  33036. FILE* f;
  33037. /* NULL parameter check */
  33038. AssertIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE);
  33039. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
  33040. SSL_FILETYPE_PEM));
  33041. AssertIntEQ(X509_get_ext_count(x509), 5);
  33042. wolfSSL_X509_free(x509);
  33043. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile,
  33044. SSL_FILETYPE_PEM));
  33045. AssertIntEQ(X509_get_ext_count(x509), 5);
  33046. wolfSSL_X509_free(x509);
  33047. AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
  33048. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  33049. fclose(f);
  33050. /* wolfSSL_X509_get_ext_count() valid input */
  33051. AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
  33052. /* wolfSSL_X509_get_ext_count() NULL argument */
  33053. AssertIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE);
  33054. wolfSSL_X509_free(x509);
  33055. res = TEST_RES_CHECK(1);
  33056. #endif
  33057. return res;
  33058. }
  33059. static int test_wolfSSL_X509_sign2(void)
  33060. {
  33061. int res = TEST_SKIPPED;
  33062. /* test requires WOLFSSL_AKID_NAME to match expected output */
  33063. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
  33064. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \
  33065. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_AKID_NAME) && \
  33066. (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
  33067. WOLFSSL_X509 *x509, *ca;
  33068. const unsigned char *der;
  33069. const unsigned char *pt;
  33070. WOLFSSL_EVP_PKEY *priv;
  33071. WOLFSSL_X509_NAME *name;
  33072. WOLFSSL_ASN1_TIME *notBefore, *notAfter;
  33073. int derSz;
  33074. const int year = 365*24*60*60;
  33075. const int day = 24*60*60;
  33076. const int hour = 60*60;
  33077. const int mini = 60;
  33078. time_t t;
  33079. const unsigned char expected[] = {
  33080. 0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01,
  33081. 0x02, 0x02, 0x14, 0x73, 0xFB, 0x54, 0xD6, 0x03, 0x7D, 0x4C, 0x07, 0x84,
  33082. 0xE2, 0x00, 0x11, 0x8C, 0xDD, 0x90, 0xDC, 0x48, 0x8D, 0xEA, 0x53, 0x30,
  33083. 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
  33084. 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
  33085. 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
  33086. 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
  33087. 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
  33088. 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03,
  33089. 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74,
  33090. 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A,
  33091. 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18,
  33092. 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77,
  33093. 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
  33094. 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  33095. 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F,
  33096. 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17,
  33097. 0x0D, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, 0x30,
  33098. 0x30, 0x5A, 0x17, 0x0D, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, 0x30,
  33099. 0x33, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
  33100. 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
  33101. 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
  33102. 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07,
  33103. 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30,
  33104. 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66,
  33105. 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17,
  33106. 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72,
  33107. 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31,
  33108. 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
  33109. 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
  33110. 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
  33111. 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
  33112. 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82,
  33113. 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  33114. 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82,
  33115. 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE,
  33116. 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74,
  33117. 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07,
  33118. 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81,
  33119. 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36,
  33120. 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC,
  33121. 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F,
  33122. 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, 0xC5,
  33123. 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56,
  33124. 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF,
  33125. 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3,
  33126. 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97,
  33127. 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14,
  33128. 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40,
  33129. 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65,
  33130. 0x24, 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B,
  33131. 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B,
  33132. 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 0xD9,
  33133. 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1,
  33134. 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72,
  33135. 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7,
  33136. 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02,
  33137. 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, 0x30, 0x82, 0x01, 0x4B,
  33138. 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
  33139. 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30,
  33140. 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63,
  33141. 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03,
  33142. 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7,
  33143. 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7,
  33144. 0x85, 0x65, 0xC0, 0x30, 0x81, 0xDE, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04,
  33145. 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7,
  33146. 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7,
  33147. 0x85, 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E,
  33148. 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
  33149. 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
  33150. 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06,
  33151. 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
  33152. 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C,
  33153. 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38,
  33154. 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50,
  33155. 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32,
  33156. 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
  33157. 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
  33158. 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
  33159. 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E,
  33160. 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
  33161. 0x6F, 0x6D, 0x82, 0x14, 0x73, 0xFB, 0x54, 0xD6, 0x03, 0x7D, 0x4C, 0x07,
  33162. 0x84, 0xE2, 0x00, 0x11, 0x8C, 0xDD, 0x90, 0xDC, 0x48, 0x8D, 0xEA, 0x53,
  33163. 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06,
  33164. 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
  33165. 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
  33166. 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82,
  33167. 0x01, 0x01, 0x00, 0x4A, 0xFD, 0x81, 0xC9, 0xE9, 0xE6, 0x2D, 0xC7, 0x1F,
  33168. 0xFA, 0x0A, 0xDC, 0x80, 0x21, 0xCE, 0xD9, 0x27, 0xD4, 0xA4, 0xA1, 0xEC,
  33169. 0x87, 0x50, 0xA9, 0xE4, 0x6D, 0xF6, 0x04, 0x93, 0x5A, 0x1E, 0x51, 0xF4,
  33170. 0x8F, 0x92, 0x3E, 0x58, 0x90, 0xD7, 0xE5, 0xD7, 0x4A, 0x3D, 0xF3, 0xC6,
  33171. 0x1E, 0xE4, 0x78, 0x57, 0xCB, 0xE7, 0xED, 0x3F, 0x6A, 0x7D, 0x1E, 0xE2,
  33172. 0xF1, 0x9F, 0xAA, 0x18, 0x0A, 0xC9, 0x1A, 0xD6, 0x78, 0x71, 0xB3, 0xB6,
  33173. 0xE9, 0x55, 0x84, 0x27, 0x36, 0xA0, 0x89, 0x5C, 0x5A, 0x0A, 0x97, 0x53,
  33174. 0x95, 0x36, 0x68, 0x39, 0xA9, 0x17, 0x51, 0x84, 0x2A, 0x68, 0x5F, 0xAE,
  33175. 0xF3, 0x26, 0x32, 0x57, 0x99, 0x4A, 0x65, 0xE2, 0x14, 0x1E, 0xD8, 0x00,
  33176. 0x24, 0xC1, 0xD1, 0x75, 0x56, 0xD3, 0x99, 0xD3, 0x55, 0x10, 0x88, 0xEC,
  33177. 0x13, 0x05, 0x89, 0x18, 0x58, 0x55, 0x86, 0xFF, 0xA1, 0x2C, 0xB1, 0x96,
  33178. 0xE5, 0x63, 0x1C, 0x83, 0xCA, 0xF6, 0x58, 0x0C, 0xD5, 0xD2, 0x27, 0x70,
  33179. 0x61, 0x87, 0xCC, 0x17, 0x36, 0x6A, 0x75, 0x55, 0xB1, 0x13, 0xB6, 0xC8,
  33180. 0x94, 0x0B, 0x1F, 0xE0, 0x32, 0xCA, 0x94, 0xA2, 0x46, 0x95, 0xBC, 0xA2,
  33181. 0xA0, 0x2A, 0x4C, 0xEB, 0xFE, 0x14, 0xA3, 0x1D, 0x38, 0x13, 0x07, 0xB9,
  33182. 0x98, 0x62, 0x88, 0xF1, 0x8F, 0xBC, 0xD7, 0x3F, 0x72, 0xD4, 0x2F, 0x77,
  33183. 0xF2, 0x48, 0x0E, 0x9C, 0xAC, 0xE1, 0x44, 0x88, 0x58, 0x9A, 0x8E, 0x81,
  33184. 0xBD, 0xB8, 0x6E, 0xF4, 0x64, 0x9B, 0x3A, 0xF1, 0x1D, 0x13, 0xE3, 0x51,
  33185. 0xB9, 0xD1, 0x4D, 0xA3, 0xB5, 0x5D, 0x7B, 0x18, 0xBD, 0xDE, 0xAB, 0x1F,
  33186. 0x82, 0x23, 0xAE, 0x6E, 0xB7, 0xE9, 0xEA, 0x54, 0xE6, 0xF5, 0x3E, 0x10,
  33187. 0x80, 0x25, 0x36, 0x83, 0x46, 0xB2, 0x97, 0x8D, 0x3A, 0x06, 0xB6, 0xCC,
  33188. 0x8D, 0xBE, 0xB4, 0xE6, 0x5E, 0xCA, 0x7B
  33189. };
  33190. pt = ca_key_der_2048;
  33191. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
  33192. sizeof_ca_key_der_2048));
  33193. pt = client_cert_der_2048;
  33194. AssertNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt,
  33195. sizeof_client_cert_der_2048));
  33196. pt = ca_cert_der_2048;
  33197. AssertNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048));
  33198. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  33199. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  33200. t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
  33201. AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
  33202. AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
  33203. AssertIntEQ(notAfter->length, 13);
  33204. AssertTrue(wolfSSL_X509_set_notBefore(x509, notBefore));
  33205. AssertTrue(wolfSSL_X509_set_notAfter(x509, notAfter));
  33206. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  33207. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  33208. AssertIntEQ(derSz, sizeof(expected));
  33209. AssertIntEQ(XMEMCMP(der, expected, derSz), 0);
  33210. wolfSSL_X509_free(ca);
  33211. wolfSSL_X509_free(x509);
  33212. wolfSSL_EVP_PKEY_free(priv);
  33213. wolfSSL_ASN1_TIME_free(notBefore);
  33214. wolfSSL_ASN1_TIME_free(notAfter);
  33215. res = TEST_RES_CHECK(1);
  33216. #endif
  33217. return res;
  33218. }
  33219. static int test_wolfSSL_X509_sign(void)
  33220. {
  33221. int res = TEST_SKIPPED;
  33222. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  33223. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
  33224. int ret;
  33225. char *cn;
  33226. word32 cnSz;
  33227. X509_NAME *name;
  33228. X509 *x509, *ca;
  33229. DecodedCert dCert;
  33230. EVP_PKEY *pub;
  33231. EVP_PKEY *priv;
  33232. EVP_MD_CTX *mctx;
  33233. #if defined(USE_CERT_BUFFERS_1024)
  33234. const unsigned char* rsaPriv = client_key_der_1024;
  33235. const unsigned char* rsaPub = client_keypub_der_1024;
  33236. const unsigned char* certIssuer = client_cert_der_1024;
  33237. long clientKeySz = (long)sizeof_client_key_der_1024;
  33238. long clientPubKeySz = (long)sizeof_client_keypub_der_1024;
  33239. long certIssuerSz = (long)sizeof_client_cert_der_1024;
  33240. #elif defined(USE_CERT_BUFFERS_2048)
  33241. const unsigned char* rsaPriv = client_key_der_2048;
  33242. const unsigned char* rsaPub = client_keypub_der_2048;
  33243. const unsigned char* certIssuer = client_cert_der_2048;
  33244. long clientKeySz = (long)sizeof_client_key_der_2048;
  33245. long clientPubKeySz = (long)sizeof_client_keypub_der_2048;
  33246. long certIssuerSz = (long)sizeof_client_cert_der_2048;
  33247. #endif
  33248. byte sn[16];
  33249. int snSz = sizeof(sn);
  33250. /* Set X509_NAME fields */
  33251. AssertNotNull(name = X509_NAME_new());
  33252. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  33253. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  33254. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  33255. (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
  33256. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
  33257. (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS);
  33258. /* Get private and public keys */
  33259. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
  33260. clientKeySz));
  33261. AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz));
  33262. AssertNotNull(x509 = X509_new());
  33263. /* Set version 3 */
  33264. AssertIntNE(X509_set_version(x509, 2L), 0);
  33265. /* Set subject name, add pubkey, and sign certificate */
  33266. AssertIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS);
  33267. X509_NAME_free(name);
  33268. AssertIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS);
  33269. #ifdef WOLFSSL_ALT_NAMES
  33270. /* Add some subject alt names */
  33271. AssertIntNE(wolfSSL_X509_add_altname(NULL,
  33272. "ipsum", ASN_DNS_TYPE), SSL_SUCCESS);
  33273. AssertIntEQ(wolfSSL_X509_add_altname(x509,
  33274. NULL, ASN_DNS_TYPE), SSL_SUCCESS);
  33275. AssertIntEQ(wolfSSL_X509_add_altname(x509,
  33276. "sphygmomanometer",
  33277. ASN_DNS_TYPE), SSL_SUCCESS);
  33278. AssertIntEQ(wolfSSL_X509_add_altname(x509,
  33279. "supercalifragilisticexpialidocious",
  33280. ASN_DNS_TYPE), SSL_SUCCESS);
  33281. AssertIntEQ(wolfSSL_X509_add_altname(x509,
  33282. "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch",
  33283. ASN_DNS_TYPE), SSL_SUCCESS);
  33284. #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
  33285. {
  33286. unsigned char ip4_type[] = {127,128,0,255};
  33287. unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab,
  33288. 0xff, 0xee, 0x99, 0x88,
  33289. 0x77, 0x66, 0x55, 0x44,
  33290. 0x00, 0x33, 0x22, 0x11};
  33291. AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type,
  33292. sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS);
  33293. AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type,
  33294. sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS);
  33295. }
  33296. #endif
  33297. #endif /* WOLFSSL_ALT_NAMES */
  33298. /* test valid sign case */
  33299. ret = X509_sign(x509, priv, EVP_sha256());
  33300. /* test valid X509_sign_ctx case */
  33301. AssertNotNull(mctx = EVP_MD_CTX_new());
  33302. AssertIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1);
  33303. AssertIntGT(X509_sign_ctx(x509, mctx), 0);
  33304. #if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
  33305. AssertIntEQ(X509_get_ext_count(x509), 1);
  33306. #endif
  33307. #if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
  33308. AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1);
  33309. AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1);
  33310. #endif
  33311. AssertIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz),
  33312. WOLFSSL_SUCCESS);
  33313. DEBUG_WRITE_CERT_X509(x509, "signed.pem");
  33314. /* Variation in size depends on ASN.1 encoding when MSB is set.
  33315. * WOLFSSL_ASN_TEMPLATE code does not generate a serial number
  33316. * with the MSB set. See GenerateInteger in asn.c */
  33317. #ifndef USE_CERT_BUFFERS_1024
  33318. #ifndef WOLFSSL_ALT_NAMES
  33319. /* Valid case - size should be 798-797 with 16 byte serial number */
  33320. AssertTrue((ret == 781 + snSz) || (ret == 782 + snSz));
  33321. #elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
  33322. /* Valid case - size should be 955-956 with 16 byte serial number */
  33323. AssertTrue((ret == 939 + snSz) || (ret == 940 + snSz));
  33324. #else
  33325. /* Valid case - size should be 926-927 with 16 byte serial number */
  33326. AssertTrue((ret == 910 + snSz) || (ret == 911 + snSz));
  33327. #endif
  33328. #else
  33329. #ifndef WOLFSSL_ALT_NAMES
  33330. /* Valid case - size should be 537-538 with 16 byte serial number */
  33331. AssertTrue((ret == 521 + snSz) || (ret == 522 + snSz));
  33332. #elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
  33333. /* Valid case - size should be 695-696 with 16 byte serial number */
  33334. AssertTrue((ret == 679 + snSz) || (ret == 680 + snSz));
  33335. #else
  33336. /* Valid case - size should be 666-667 with 16 byte serial number */
  33337. AssertTrue((ret == 650 + snSz) || (ret == 651 + snSz));
  33338. #endif
  33339. #endif
  33340. /* check that issuer name is as expected after signature */
  33341. InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0);
  33342. AssertIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0);
  33343. AssertNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz));
  33344. AssertNotNull(name = X509_get_subject_name(ca));
  33345. cnSz = X509_NAME_get_sz(name);
  33346. AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
  33347. AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
  33348. AssertIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn)));
  33349. XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
  33350. #ifdef WOLFSSL_MULTI_ATTRIB
  33351. /* test adding multiple OU's to the signer */
  33352. AssertNotNull(name = X509_get_subject_name(ca));
  33353. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
  33354. (byte*)"OU1", 3, -1, 0), SSL_SUCCESS);
  33355. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
  33356. (byte*)"OU2", 3, -1, 0), SSL_SUCCESS);
  33357. AssertIntGT(X509_sign(ca, priv, EVP_sha256()), 0);
  33358. #endif
  33359. AssertNotNull(name = X509_get_subject_name(ca));
  33360. AssertIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS);
  33361. AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
  33362. AssertNotNull(name = X509_get_issuer_name(x509));
  33363. cnSz = X509_NAME_get_sz(name);
  33364. AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
  33365. AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
  33366. /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */
  33367. AssertIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer)));
  33368. XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
  33369. FreeDecodedCert(&dCert);
  33370. /* Test invalid parameters */
  33371. AssertIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0);
  33372. AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0);
  33373. AssertIntEQ(X509_sign(x509, priv, NULL), 0);
  33374. AssertIntEQ(X509_sign_ctx(NULL, mctx), 0);
  33375. EVP_MD_CTX_free(mctx);
  33376. AssertNotNull(mctx = EVP_MD_CTX_new());
  33377. AssertIntEQ(X509_sign_ctx(x509, mctx), 0);
  33378. AssertIntEQ(X509_sign_ctx(x509, NULL), 0);
  33379. /* test invalid version number */
  33380. #if defined(OPENSSL_ALL)
  33381. AssertIntNE(X509_set_version(x509, 6L), 0);
  33382. AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
  33383. /* uses ParseCert which fails on bad version number */
  33384. AssertIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
  33385. #endif
  33386. EVP_MD_CTX_free(mctx);
  33387. EVP_PKEY_free(priv);
  33388. EVP_PKEY_free(pub);
  33389. X509_free(x509);
  33390. X509_free(ca);
  33391. res = TEST_RES_CHECK(1);
  33392. #endif
  33393. return res;
  33394. }
  33395. static int test_wolfSSL_X509_get0_tbs_sigalg(void)
  33396. {
  33397. int res = TEST_SKIPPED;
  33398. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
  33399. X509* x509 = NULL;
  33400. const X509_ALGOR* alg;
  33401. AssertNotNull(x509 = X509_new());
  33402. AssertNull(alg = X509_get0_tbs_sigalg(NULL));
  33403. AssertNotNull(alg = X509_get0_tbs_sigalg(x509));
  33404. X509_free(x509);
  33405. res = TEST_RES_CHECK(1);
  33406. #endif
  33407. return res;
  33408. }
  33409. static int test_wolfSSL_X509_ALGOR_get0(void)
  33410. {
  33411. int res = TEST_SKIPPED;
  33412. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
  33413. !defined(NO_SHA256) && !defined(NO_RSA)
  33414. X509* x509 = NULL;
  33415. const ASN1_OBJECT* obj = NULL;
  33416. const X509_ALGOR* alg;
  33417. int pptype = 0;
  33418. const void *ppval = NULL;
  33419. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  33420. SSL_FILETYPE_PEM));
  33421. AssertNotNull(alg = X509_get0_tbs_sigalg(x509));
  33422. /* Invalid case */
  33423. X509_ALGOR_get0(&obj, NULL, NULL, NULL);
  33424. AssertNull(obj);
  33425. /* Valid case */
  33426. X509_ALGOR_get0(&obj, &pptype, &ppval, alg);
  33427. AssertNotNull(obj);
  33428. AssertNull(ppval);
  33429. AssertIntNE(pptype, 0);
  33430. /* Make sure NID of X509_ALGOR is Sha256 with RSA */
  33431. AssertIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption);
  33432. X509_free(x509);
  33433. res = TEST_RES_CHECK(1);
  33434. #endif
  33435. return res;
  33436. }
  33437. static int test_wolfSSL_X509_VERIFY_PARAM(void)
  33438. {
  33439. int res = TEST_SKIPPED;
  33440. #if defined(OPENSSL_EXTRA)
  33441. X509_VERIFY_PARAM *paramTo;
  33442. X509_VERIFY_PARAM *paramFrom;
  33443. int ret;
  33444. char testIPv4[] = "127.0.0.1";
  33445. char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32";
  33446. char testhostName1[] = "foo.hoge.com";
  33447. char testhostName2[] = "foobar.hoge.com";
  33448. paramTo = X509_VERIFY_PARAM_new();
  33449. AssertNotNull(paramTo);
  33450. XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM ));
  33451. paramFrom = X509_VERIFY_PARAM_new();
  33452. AssertNotNull(paramFrom);
  33453. XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM ));
  33454. ret = X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1,
  33455. (int)XSTRLEN(testhostName1));
  33456. AssertIntEQ(1, ret);
  33457. AssertIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1,
  33458. (int)XSTRLEN(testhostName1)));
  33459. X509_VERIFY_PARAM_set_hostflags(NULL, 0x00);
  33460. X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01);
  33461. AssertIntEQ(0x01, paramFrom->hostFlags);
  33462. ret = X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4);
  33463. AssertIntEQ(0, ret);
  33464. ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4);
  33465. AssertIntEQ(1, ret);
  33466. AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
  33467. ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL);
  33468. AssertIntEQ(1, ret);
  33469. ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6);
  33470. AssertIntEQ(1, ret);
  33471. AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
  33472. /* null pointer */
  33473. ret = X509_VERIFY_PARAM_set1(NULL, paramFrom);
  33474. AssertIntEQ(WOLFSSL_FAILURE, ret);
  33475. /* in the case of "from" null, returns success */
  33476. ret = X509_VERIFY_PARAM_set1(paramTo, NULL);
  33477. AssertIntEQ(WOLFSSL_SUCCESS, ret);
  33478. ret = X509_VERIFY_PARAM_set1(NULL, NULL);
  33479. AssertIntEQ(WOLFSSL_FAILURE, ret);
  33480. /* inherit flags test : VPARAM_DEFAULT */
  33481. ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
  33482. AssertIntEQ(1, ret);
  33483. AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
  33484. (int)XSTRLEN(testhostName1)));
  33485. AssertIntEQ(0x01, paramTo->hostFlags);
  33486. AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
  33487. /* inherit flags test : VPARAM OVERWRITE */
  33488. X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
  33489. (int)XSTRLEN(testhostName2));
  33490. X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
  33491. X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
  33492. paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE;
  33493. ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
  33494. AssertIntEQ(1, ret);
  33495. AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
  33496. (int)XSTRLEN(testhostName1)));
  33497. AssertIntEQ(0x01, paramTo->hostFlags);
  33498. AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
  33499. /* inherit flags test : VPARAM_RESET_FLAGS */
  33500. X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
  33501. (int)XSTRLEN(testhostName2));
  33502. X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
  33503. X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10);
  33504. paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS;
  33505. ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
  33506. AssertIntEQ(1, ret);
  33507. AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
  33508. (int)XSTRLEN(testhostName1)));
  33509. AssertIntEQ(0x01, paramTo->hostFlags);
  33510. AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
  33511. /* inherit flags test : VPARAM_LOCKED */
  33512. X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
  33513. (int)XSTRLEN(testhostName2));
  33514. X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
  33515. X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
  33516. paramTo->inherit_flags = X509_VP_FLAG_LOCKED;
  33517. ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
  33518. AssertIntEQ(1, ret);
  33519. AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2,
  33520. (int)XSTRLEN(testhostName2)));
  33521. AssertIntEQ(0x00, paramTo->hostFlags);
  33522. AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
  33523. /* test for incorrect parameters */
  33524. ret = X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL );
  33525. AssertIntEQ(0, ret);
  33526. ret = X509_VERIFY_PARAM_set_flags(NULL, 0 );
  33527. AssertIntEQ(0, ret);
  33528. /* inherit flags test : VPARAM_ONCE, not testable yet */
  33529. ret = X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL);
  33530. AssertIntEQ(1, ret);
  33531. ret = X509_VERIFY_PARAM_get_flags(paramTo);
  33532. AssertIntEQ(X509_V_FLAG_CRL_CHECK_ALL, ret);
  33533. ret = X509_VERIFY_PARAM_clear_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL);
  33534. AssertIntEQ(1, ret);
  33535. ret = X509_VERIFY_PARAM_get_flags(paramTo);
  33536. AssertIntEQ(0, ret);
  33537. X509_VERIFY_PARAM_free(paramTo);
  33538. X509_VERIFY_PARAM_free(paramFrom);
  33539. X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */
  33540. res = TEST_RES_CHECK(1);
  33541. #endif
  33542. return res;
  33543. }
  33544. #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)
  33545. static int test_wolfSSL_check_domain_verify_count = 0;
  33546. static WC_INLINE int test_wolfSSL_check_domain_verify_cb(int preverify,
  33547. WOLFSSL_X509_STORE_CTX* store)
  33548. {
  33549. AssertIntEQ(X509_STORE_CTX_get_error(store), 0);
  33550. AssertIntEQ(preverify, 1);
  33551. test_wolfSSL_check_domain_verify_count++;
  33552. return 1;
  33553. }
  33554. static void test_wolfSSL_check_domain_client_cb(WOLFSSL* ssl)
  33555. {
  33556. X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
  33557. /* Domain check should only be done on the leaf cert */
  33558. X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
  33559. AssertIntEQ(X509_VERIFY_PARAM_set1_host(param,
  33560. "wolfSSL Server Chain", 0), 1);
  33561. wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_PEER,
  33562. test_wolfSSL_check_domain_verify_cb);
  33563. }
  33564. static void test_wolfSSL_check_domain_server_cb(WOLFSSL_CTX* ctx)
  33565. {
  33566. /* Use a cert with different domains in chain */
  33567. AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx,
  33568. "certs/intermediate/server-chain.pem"), WOLFSSL_SUCCESS);
  33569. }
  33570. static int test_wolfSSL_check_domain(void)
  33571. {
  33572. tcp_ready ready;
  33573. func_args client_args;
  33574. func_args server_args;
  33575. THREAD_TYPE serverThread;
  33576. callback_functions func_cb_client;
  33577. callback_functions func_cb_server;
  33578. XMEMSET(&client_args, 0, sizeof(func_args));
  33579. XMEMSET(&server_args, 0, sizeof(func_args));
  33580. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  33581. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  33582. #ifdef WOLFSSL_TIRTOS
  33583. fdOpenSession(Task_self());
  33584. #endif
  33585. StartTCP();
  33586. InitTcpReady(&ready);
  33587. #if defined(USE_WINDOWS_API)
  33588. /* use RNG to get random port if using windows */
  33589. ready.port = GetRandomPort();
  33590. #endif
  33591. server_args.signal = &ready;
  33592. client_args.signal = &ready;
  33593. func_cb_client.ssl_ready = &test_wolfSSL_check_domain_client_cb;
  33594. func_cb_server.ctx_ready = &test_wolfSSL_check_domain_server_cb;
  33595. client_args.callbacks = &func_cb_client;
  33596. server_args.callbacks = &func_cb_server;
  33597. start_thread(test_server_nofail, &server_args, &serverThread);
  33598. wait_tcp_ready(&server_args);
  33599. test_client_nofail(&client_args, NULL);
  33600. join_thread(serverThread);
  33601. AssertTrue(client_args.return_code);
  33602. AssertTrue(server_args.return_code);
  33603. FreeTcpReady(&ready);
  33604. /* Should have been called once for each cert in sent chain */
  33605. #ifdef WOLFSSL_VERIFY_CB_ALL_CERTS
  33606. AssertIntEQ(test_wolfSSL_check_domain_verify_count, 3);
  33607. #else
  33608. AssertIntEQ(test_wolfSSL_check_domain_verify_count, 1);
  33609. #endif
  33610. return TEST_RES_CHECK(1);
  33611. }
  33612. #endif /* OPENSSL_EXTRA && HAVE_IO_TESTS_DEPENDENCIES */
  33613. static int test_wolfSSL_X509_get_X509_PUBKEY(void)
  33614. {
  33615. int res = TEST_SKIPPED;
  33616. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
  33617. X509* x509 = NULL;
  33618. X509_PUBKEY* pubKey;
  33619. AssertNotNull(x509 = X509_new());
  33620. AssertNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL));
  33621. AssertNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509));
  33622. X509_free(x509);
  33623. res = TEST_RES_CHECK(1);
  33624. #endif
  33625. return res;
  33626. }
  33627. static int test_wolfSSL_X509_PUBKEY_RSA(void)
  33628. {
  33629. int res = TEST_SKIPPED;
  33630. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
  33631. !defined(NO_SHA256) && !defined(NO_RSA)
  33632. X509* x509 = NULL;
  33633. ASN1_OBJECT* obj = NULL;
  33634. const ASN1_OBJECT* pa_oid = NULL;
  33635. X509_PUBKEY* pubKey;
  33636. X509_PUBKEY* pubKey2;
  33637. EVP_PKEY* evpKey;
  33638. const unsigned char *pk;
  33639. int ppklen, pptype;
  33640. X509_ALGOR *pa;
  33641. const void *pval;
  33642. AssertNotNull(x509 = X509_load_certificate_file(cliCertFile,
  33643. SSL_FILETYPE_PEM));
  33644. AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509));
  33645. AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
  33646. AssertNotNull(pk);
  33647. AssertNotNull(pa);
  33648. AssertNotNull(pubKey);
  33649. AssertIntGT(ppklen, 0);
  33650. AssertIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption);
  33651. AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
  33652. AssertNotNull(pubKey2 = X509_PUBKEY_new());
  33653. AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
  33654. AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
  33655. AssertNotNull(pk);
  33656. AssertNotNull(pa);
  33657. AssertIntGT(ppklen, 0);
  33658. X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
  33659. AssertNotNull(pa_oid);
  33660. AssertNull(pval);
  33661. AssertIntEQ(pptype, V_ASN1_NULL);
  33662. AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA);
  33663. X509_PUBKEY_free(pubKey2);
  33664. X509_free(x509);
  33665. EVP_PKEY_free(evpKey);
  33666. res = TEST_RES_CHECK(1);
  33667. #endif
  33668. return res;
  33669. }
  33670. static int test_wolfSSL_X509_PUBKEY_EC(void)
  33671. {
  33672. int res = TEST_SKIPPED;
  33673. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC)
  33674. X509* x509 = NULL;
  33675. ASN1_OBJECT* obj = NULL;
  33676. ASN1_OBJECT* poid;
  33677. const ASN1_OBJECT* pa_oid = NULL;
  33678. X509_PUBKEY* pubKey;
  33679. X509_PUBKEY* pubKey2;
  33680. EVP_PKEY* evpKey;
  33681. const unsigned char *pk;
  33682. int ppklen, pptype;
  33683. X509_ALGOR *pa;
  33684. const void *pval;
  33685. char buf[50];
  33686. AssertNotNull(x509 = X509_load_certificate_file(cliEccCertFile,
  33687. SSL_FILETYPE_PEM));
  33688. AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509));
  33689. AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
  33690. AssertNotNull(pubKey2 = X509_PUBKEY_new());
  33691. AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
  33692. AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
  33693. AssertNotNull(pk);
  33694. AssertNotNull(pa);
  33695. AssertIntGT(ppklen, 0);
  33696. X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
  33697. AssertNotNull(pa_oid);
  33698. AssertNotNull(pval);
  33699. AssertIntEQ(pptype, V_ASN1_OBJECT);
  33700. AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC);
  33701. poid = (ASN1_OBJECT *)pval;
  33702. AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0);
  33703. AssertIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1);
  33704. X509_PUBKEY_free(pubKey2);
  33705. X509_free(x509);
  33706. EVP_PKEY_free(evpKey);
  33707. res = TEST_RES_CHECK(1);
  33708. #endif
  33709. return res;
  33710. }
  33711. static int test_wolfSSL_X509_PUBKEY_DSA(void)
  33712. {
  33713. int res = TEST_SKIPPED;
  33714. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA)
  33715. word32 bytes;
  33716. #ifdef USE_CERT_BUFFERS_1024
  33717. byte tmp[ONEK_BUF];
  33718. #elif defined(USE_CERT_BUFFERS_2048)
  33719. byte tmp[TWOK_BUF];
  33720. #else
  33721. byte tmp[TWOK_BUF];
  33722. #endif /* END USE_CERT_BUFFERS_1024 */
  33723. const unsigned char* dsaKeyDer = tmp;
  33724. ASN1_OBJECT* obj = NULL;
  33725. ASN1_STRING* str;
  33726. const ASN1_OBJECT* pa_oid = NULL;
  33727. X509_PUBKEY* pubKey = NULL;
  33728. EVP_PKEY* evpKey = NULL;
  33729. const unsigned char *pk;
  33730. int ppklen, pptype;
  33731. X509_ALGOR *pa;
  33732. const void *pval;
  33733. #ifdef USE_CERT_BUFFERS_1024
  33734. XMEMSET(tmp, 0, sizeof(tmp));
  33735. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  33736. bytes = sizeof_dsa_key_der_1024;
  33737. #elif defined(USE_CERT_BUFFERS_2048)
  33738. XMEMSET(tmp, 0, sizeof(tmp));
  33739. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  33740. bytes = sizeof_dsa_key_der_2048;
  33741. #else
  33742. {
  33743. XFILE fp;
  33744. XMEMSET(tmp, 0, sizeof(tmp));
  33745. fp = XFOPEN("./certs/dsa2048.der", "rb");
  33746. if (fp == XBADFILE) {
  33747. return WOLFSSL_BAD_FILE;
  33748. }
  33749. bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
  33750. XFCLOSE(fp);
  33751. }
  33752. #endif
  33753. /* Initialize pkey with der format dsa key */
  33754. AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes));
  33755. AssertNotNull(pubKey = X509_PUBKEY_new());
  33756. AssertIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1);
  33757. AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
  33758. AssertNotNull(pk);
  33759. AssertNotNull(pa);
  33760. AssertIntGT(ppklen, 0);
  33761. X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
  33762. AssertNotNull(pa_oid);
  33763. AssertNotNull(pval);
  33764. AssertIntEQ(pptype, V_ASN1_SEQUENCE);
  33765. AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA);
  33766. str = (ASN1_STRING *)pval;
  33767. DEBUG_WRITE_DER(ASN1_STRING_data(str), ASN1_STRING_length(str), "str.der");
  33768. #ifdef USE_CERT_BUFFERS_1024
  33769. AssertIntEQ(ASN1_STRING_length(str), 291);
  33770. #else
  33771. AssertIntEQ(ASN1_STRING_length(str), 549);
  33772. #endif /* END USE_CERT_BUFFERS_1024 */
  33773. X509_PUBKEY_free(pubKey);
  33774. EVP_PKEY_free(evpKey);
  33775. res = TEST_RES_CHECK(1);
  33776. #endif
  33777. return res;
  33778. }
  33779. static int test_wolfSSL_RAND(void)
  33780. {
  33781. int res = TEST_SKIPPED;
  33782. #if defined(OPENSSL_EXTRA)
  33783. byte seed[16];
  33784. XMEMSET(seed, 0, sizeof(seed));
  33785. RAND_seed(seed, sizeof(seed));
  33786. AssertIntEQ(RAND_poll(), 1);
  33787. RAND_cleanup();
  33788. AssertIntEQ(RAND_egd(NULL), -1);
  33789. #ifndef NO_FILESYSTEM
  33790. {
  33791. char fname[100];
  33792. AssertNotNull(RAND_file_name(fname, (sizeof(fname) - 1)));
  33793. AssertIntEQ(RAND_write_file(NULL), 0);
  33794. }
  33795. #endif
  33796. res = TEST_RES_CHECK(1);
  33797. #endif
  33798. return res;
  33799. }
  33800. static int test_wolfSSL_BUF(void)
  33801. {
  33802. int res = TEST_SKIPPED;
  33803. #if defined(OPENSSL_EXTRA)
  33804. BUF_MEM* buf;
  33805. AssertNotNull(buf = BUF_MEM_new());
  33806. AssertIntEQ(BUF_MEM_grow(buf, 10), 10);
  33807. AssertIntEQ(BUF_MEM_grow(buf, -1), 0);
  33808. BUF_MEM_free(buf);
  33809. res = TEST_RES_CHECK(1);
  33810. #endif
  33811. return res;
  33812. }
  33813. #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
  33814. static int stub_rand_seed(const void *buf, int num)
  33815. {
  33816. (void)buf;
  33817. (void)num;
  33818. return 123;
  33819. }
  33820. static int stub_rand_bytes(unsigned char *buf, int num)
  33821. {
  33822. (void)buf;
  33823. (void)num;
  33824. return 456;
  33825. }
  33826. static byte* was_stub_rand_cleanup_called(void)
  33827. {
  33828. static byte was_called = 0;
  33829. return &was_called;
  33830. }
  33831. static void stub_rand_cleanup(void)
  33832. {
  33833. byte* was_called = was_stub_rand_cleanup_called();
  33834. *was_called = 1;
  33835. return;
  33836. }
  33837. static byte* was_stub_rand_add_called(void)
  33838. {
  33839. static byte was_called = 0;
  33840. return &was_called;
  33841. }
  33842. static int stub_rand_add(const void *buf, int num, double entropy)
  33843. {
  33844. byte* was_called = was_stub_rand_add_called();
  33845. (void)buf;
  33846. (void)num;
  33847. (void)entropy;
  33848. *was_called = 1;
  33849. return 0;
  33850. }
  33851. static int stub_rand_pseudo_bytes(unsigned char *buf, int num)
  33852. {
  33853. (void)buf;
  33854. (void)num;
  33855. return 9876;
  33856. }
  33857. static int stub_rand_status(void)
  33858. {
  33859. return 5432;
  33860. }
  33861. #endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
  33862. static int test_wolfSSL_RAND_set_rand_method(void)
  33863. {
  33864. int res = TEST_SKIPPED;
  33865. #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
  33866. RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL};
  33867. unsigned char* buf = NULL;
  33868. int num = 0;
  33869. double entropy = 0;
  33870. byte* was_cleanup_called = was_stub_rand_cleanup_called();
  33871. byte* was_add_called = was_stub_rand_add_called();
  33872. buf = (byte*)XMALLOC(32 * sizeof(byte), NULL,
  33873. DYNAMIC_TYPE_TMP_BUFFER);
  33874. AssertIntNE(wolfSSL_RAND_status(), 5432);
  33875. AssertIntEQ(*was_cleanup_called, 0);
  33876. RAND_cleanup();
  33877. AssertIntEQ(*was_cleanup_called, 0);
  33878. rand_methods.seed = &stub_rand_seed;
  33879. rand_methods.bytes = &stub_rand_bytes;
  33880. rand_methods.cleanup = &stub_rand_cleanup;
  33881. rand_methods.add = &stub_rand_add;
  33882. rand_methods.pseudorand = &stub_rand_pseudo_bytes;
  33883. rand_methods.status = &stub_rand_status;
  33884. AssertIntEQ(RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS);
  33885. AssertIntEQ(RAND_seed(buf, num), 123);
  33886. AssertIntEQ(RAND_bytes(buf, num), 456);
  33887. AssertIntEQ(RAND_pseudo_bytes(buf, num), 9876);
  33888. AssertIntEQ(RAND_status(), 5432);
  33889. AssertIntEQ(*was_add_called, 0);
  33890. /* The function pointer for RAND_add returns int, but RAND_add itself returns void. */
  33891. RAND_add(buf, num, entropy);
  33892. AssertIntEQ(*was_add_called, 1);
  33893. was_add_called = 0;
  33894. AssertIntEQ(*was_cleanup_called, 0);
  33895. RAND_cleanup();
  33896. AssertIntEQ(*was_cleanup_called, 1);
  33897. *was_cleanup_called = 0;
  33898. AssertIntEQ(RAND_set_rand_method(NULL), WOLFSSL_SUCCESS);
  33899. AssertIntNE(RAND_status(), 5432);
  33900. AssertIntEQ(*was_cleanup_called, 0);
  33901. RAND_cleanup();
  33902. AssertIntEQ(*was_cleanup_called, 0);
  33903. XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  33904. res = TEST_RES_CHECK(1);
  33905. #endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
  33906. return res;
  33907. }
  33908. static int test_wolfSSL_RAND_bytes(void)
  33909. {
  33910. int res = TEST_SKIPPED;
  33911. #if defined(OPENSSL_EXTRA)
  33912. const int size1 = RNG_MAX_BLOCK_LEN; /* in bytes */
  33913. const int size2 = RNG_MAX_BLOCK_LEN + 1; /* in bytes */
  33914. const int size3 = RNG_MAX_BLOCK_LEN * 2; /* in bytes */
  33915. const int size4 = RNG_MAX_BLOCK_LEN * 4; /* in bytes */
  33916. int max_bufsize;
  33917. byte *my_buf;
  33918. /* sanity check */
  33919. AssertIntEQ(RAND_bytes(NULL, 16), 0);
  33920. AssertIntEQ(RAND_bytes(NULL, 0), 0);
  33921. max_bufsize = size4;
  33922. my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), NULL,
  33923. DYNAMIC_TYPE_TMP_BUFFER);
  33924. AssertIntEQ(RAND_bytes(my_buf, 0), 1);
  33925. AssertIntEQ(RAND_bytes(my_buf, -1), 0);
  33926. AssertNotNull(my_buf);
  33927. XMEMSET(my_buf, 0, max_bufsize);
  33928. AssertIntEQ(RAND_bytes(my_buf, size1), 1);
  33929. AssertIntEQ(RAND_bytes(my_buf, size2), 1);
  33930. AssertIntEQ(RAND_bytes(my_buf, size3), 1);
  33931. AssertIntEQ(RAND_bytes(my_buf, size4), 1);
  33932. XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  33933. res = TEST_RES_CHECK(1);
  33934. #endif
  33935. return res;
  33936. }
  33937. static int test_wolfSSL_BN_rand(void)
  33938. {
  33939. int res = TEST_SKIPPED;
  33940. #if defined(OPENSSL_EXTRA)
  33941. BIGNUM* bn;
  33942. BIGNUM* range;
  33943. /* Error conditions. */
  33944. /* NULL BN. */
  33945. AssertIntEQ(BN_rand(NULL, 0, 0, 0), SSL_FAILURE);
  33946. AssertNotNull(bn = BN_new());
  33947. /* Negative bits. */
  33948. AssertIntEQ(BN_rand(bn, -2, 0, 0), SSL_FAILURE);
  33949. /* 0 bits and top is not -1. */
  33950. AssertIntEQ(BN_rand(bn, 0, 1, 0), SSL_FAILURE);
  33951. /* 0 bits and bottom is not 0. */
  33952. AssertIntEQ(BN_rand(bn, 0, 0, 1), SSL_FAILURE);
  33953. /* 1 bit and top is 1. */
  33954. AssertIntEQ(BN_rand(bn, 1, 1, 0), SSL_FAILURE);
  33955. AssertIntEQ(BN_rand(bn, 0, -1, 0), SSL_SUCCESS);
  33956. AssertIntEQ(BN_num_bits(bn), 0);
  33957. AssertIntEQ(BN_rand(bn, 8, 0, 0), SSL_SUCCESS);
  33958. AssertIntEQ(BN_num_bits(bn), 8);
  33959. /* When top is 0, top bit should be 1. */
  33960. AssertIntEQ(BN_is_bit_set(bn, 7), SSL_SUCCESS);
  33961. AssertIntEQ(BN_rand(bn, 8, 1, 0), SSL_SUCCESS);
  33962. /* When top is 1, top 2 bits should be 1. */
  33963. AssertIntEQ(BN_is_bit_set(bn, 7), SSL_SUCCESS);
  33964. AssertIntEQ(BN_is_bit_set(bn, 6), SSL_SUCCESS);
  33965. AssertIntEQ(BN_rand(bn, 8, 0, 1), SSL_SUCCESS);
  33966. /* When bottom is 1, bottom bit should be 1. */
  33967. AssertIntEQ(BN_is_bit_set(bn, 0), SSL_SUCCESS);
  33968. /* Regression test: Older versions of wolfSSL_BN_rand would round the
  33969. * requested number of bits up to the nearest multiple of 8. E.g. in this
  33970. * case, requesting a 13-bit random number would actually return a 16-bit
  33971. * random number. */
  33972. AssertIntEQ(BN_rand(bn, 13, 0, 0), SSL_SUCCESS);
  33973. AssertIntEQ(BN_num_bits(bn), 13);
  33974. AssertNotNull(range = BN_new());
  33975. AssertIntEQ(BN_rand(range, 64, 0, 0), SSL_SUCCESS);
  33976. AssertIntEQ(BN_rand_range(bn, range), SSL_SUCCESS);
  33977. BN_free(bn);
  33978. BN_free(range);
  33979. res = TEST_RES_CHECK(1);
  33980. #endif
  33981. return res;
  33982. }
  33983. static int test_wolfSSL_pseudo_rand(void)
  33984. {
  33985. int res = TEST_SKIPPED;
  33986. #if defined(OPENSSL_EXTRA)
  33987. BIGNUM* bn;
  33988. unsigned char bin[8];
  33989. int i;
  33990. /* BN_pseudo_rand returns 1 on success 0 on failure
  33991. * int BN_pseudo_rand(BIGNUM* bn, int bits, int top, int bottom) */
  33992. for (i = 0; i < 10; i++) {
  33993. AssertNotNull(bn = BN_new());
  33994. AssertIntEQ(BN_pseudo_rand(bn, 8, 0, 0), SSL_SUCCESS);
  33995. AssertIntGT(BN_bn2bin(bn, bin),0);
  33996. AssertIntEQ((bin[0] & 0x80), 0x80); /* top bit should be set */
  33997. BN_free(bn);
  33998. }
  33999. for (i = 0; i < 10; i++) {
  34000. AssertNotNull(bn = BN_new());
  34001. AssertIntEQ(BN_pseudo_rand(bn, 8, 1, 1), SSL_SUCCESS);
  34002. AssertIntGT(BN_bn2bin(bn, bin),0);
  34003. AssertIntEQ((bin[0] & 0xc1), 0xc1); /* top bit should be set */
  34004. BN_free(bn);
  34005. }
  34006. res = TEST_RES_CHECK(1);
  34007. #endif
  34008. return res;
  34009. }
  34010. static int test_wolfSSL_PKCS8_Compat(void)
  34011. {
  34012. int res = TEST_SKIPPED;
  34013. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
  34014. #ifndef NO_BIO
  34015. PKCS8_PRIV_KEY_INFO* pt;
  34016. BIO* bio;
  34017. XFILE f;
  34018. int bytes;
  34019. char pkcs8_buffer[512];
  34020. #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
  34021. EVP_PKEY *pkey = NULL;
  34022. #endif
  34023. /* file from wolfssl/certs/ directory */
  34024. f = XFOPEN("./certs/ecc-keyPkcs8.pem", "rb");
  34025. AssertTrue(f != XBADFILE);
  34026. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), f)), 0);
  34027. XFCLOSE(f);
  34028. AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
  34029. AssertNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL));
  34030. #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
  34031. AssertNotNull(pkey = EVP_PKCS82PKEY(pt));
  34032. AssertIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC);
  34033. /* gets PKCS8 pointer to pkey */
  34034. AssertNotNull(EVP_PKEY2PKCS8(pkey));
  34035. EVP_PKEY_free(pkey);
  34036. #endif
  34037. BIO_free(bio);
  34038. PKCS8_PRIV_KEY_INFO_free(pt);
  34039. res = TEST_RES_CHECK(1);
  34040. #endif
  34041. #endif
  34042. return res;
  34043. }
  34044. static int test_wolfSSL_PKCS8_d2i(void)
  34045. {
  34046. int res = TEST_SKIPPED;
  34047. #if !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
  34048. /* This test ends up using HMAC as a part of PBKDF2, and HMAC
  34049. * requires a 12 byte password in FIPS mode. This test ends up
  34050. * trying to use an 8 byte password. */
  34051. #ifndef NO_FILESYSTEM
  34052. unsigned char pkcs8_buffer[2048];
  34053. const unsigned char* p;
  34054. int bytes;
  34055. XFILE file;
  34056. WOLFSSL_EVP_PKEY* pkey = NULL;
  34057. #ifndef NO_BIO
  34058. BIO* bio;
  34059. #if defined(OPENSSL_ALL) && \
  34060. ((!defined(NO_RSA) && !defined(NO_DES3)) || \
  34061. defined(HAVE_ECC)) && \
  34062. !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
  34063. WOLFSSL_EVP_PKEY* evpPkey = NULL;
  34064. #endif
  34065. #endif
  34066. #ifndef NO_RSA
  34067. const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der";
  34068. const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem";
  34069. #ifndef NO_DES3
  34070. const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der";
  34071. #endif
  34072. #endif /* NO_RSA */
  34073. #ifdef HAVE_ECC
  34074. const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der";
  34075. const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem";
  34076. #ifndef NO_DES3
  34077. const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der";
  34078. #endif
  34079. #endif /* HAVE_ECC */
  34080. #endif /* !NO_FILESYSTEM */
  34081. #if defined(OPENSSL_ALL) && (!defined(NO_RSA) || defined(HAVE_ECC))
  34082. #ifndef NO_RSA
  34083. #ifdef USE_CERT_BUFFERS_1024
  34084. const unsigned char* rsa = (unsigned char*)server_key_der_1024;
  34085. int rsaSz = sizeof_server_key_der_1024;
  34086. #else
  34087. const unsigned char* rsa = (unsigned char*)server_key_der_2048;
  34088. int rsaSz = sizeof_server_key_der_2048;
  34089. #endif
  34090. #endif
  34091. #ifdef HAVE_ECC
  34092. const unsigned char* ec = (unsigned char*)ecc_key_der_256;
  34093. int ecSz = sizeof_ecc_key_der_256;
  34094. #endif
  34095. #endif /* OPENSSL_ALL && (!NO_RSA || HAVE_ECC) */
  34096. #ifndef NO_FILESYSTEM
  34097. (void)pkcs8_buffer;
  34098. (void)p;
  34099. (void)bytes;
  34100. (void)file;
  34101. #ifndef NO_BIO
  34102. (void)bio;
  34103. #endif
  34104. #endif
  34105. #ifdef OPENSSL_ALL
  34106. #ifndef NO_RSA
  34107. /* Try to auto-detect normal RSA private key */
  34108. AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz));
  34109. EVP_PKEY_free(pkey);
  34110. #endif
  34111. #ifdef HAVE_ECC
  34112. /* Try to auto-detect normal EC private key */
  34113. AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz));
  34114. EVP_PKEY_free(pkey);
  34115. #endif
  34116. #endif /* OPENSSL_ALL */
  34117. #ifndef NO_FILESYSTEM
  34118. #ifndef NO_RSA
  34119. /* Get DER encoded RSA PKCS#8 data. */
  34120. file = XFOPEN(rsaDerPkcs8File, "rb");
  34121. AssertTrue(file != XBADFILE);
  34122. XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
  34123. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  34124. file)), 0);
  34125. XFCLOSE(file);
  34126. p = pkcs8_buffer;
  34127. #ifdef OPENSSL_ALL
  34128. /* Try to decode - auto-detect key type. */
  34129. AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
  34130. #else
  34131. AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, bytes));
  34132. #endif
  34133. /* Get PEM encoded RSA PKCS#8 data. */
  34134. file = XFOPEN(rsaPemPkcs8File, "rb");
  34135. AssertTrue(file != XBADFILE);
  34136. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  34137. file)), 0);
  34138. XFCLOSE(file);
  34139. #if defined(OPENSSL_ALL) && \
  34140. !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
  34141. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  34142. /* Write PKCS#8 PEM to BIO. */
  34143. AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
  34144. NULL), bytes);
  34145. /* Compare file and written data */
  34146. AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
  34147. AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
  34148. BIO_free(bio);
  34149. #if !defined(NO_DES3) && !defined(NO_SHA)
  34150. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  34151. /* Write Encrypted PKCS#8 PEM to BIO. */
  34152. bytes = 1834;
  34153. AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(),
  34154. NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
  34155. AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
  34156. (void*)"yassl123"));
  34157. EVP_PKEY_free(evpPkey);
  34158. BIO_free(bio);
  34159. #endif /* !NO_DES3 && !NO_SHA */
  34160. #endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
  34161. EVP_PKEY_free(pkey);
  34162. /* PKCS#8 encrypted RSA key */
  34163. #ifndef NO_DES3
  34164. file = XFOPEN(rsaDerPkcs8EncFile, "rb");
  34165. AssertTrue(file != XBADFILE);
  34166. XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
  34167. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  34168. file)), 0);
  34169. XFCLOSE(file);
  34170. #if defined(OPENSSL_ALL) && \
  34171. !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
  34172. AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
  34173. AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
  34174. (void*)"yassl123"));
  34175. EVP_PKEY_free(pkey);
  34176. BIO_free(bio);
  34177. #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
  34178. #endif /* !NO_DES3 */
  34179. #endif /* NO_RSA */
  34180. #ifdef HAVE_ECC
  34181. /* PKCS#8 encode EC key */
  34182. file = XFOPEN(ecDerPkcs8File, "rb");
  34183. AssertTrue(file != XBADFILE);
  34184. XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
  34185. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  34186. file)), 0);
  34187. XFCLOSE(file);
  34188. p = pkcs8_buffer;
  34189. #ifdef OPENSSL_ALL
  34190. /* Try to decode - auto-detect key type. */
  34191. AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
  34192. #else
  34193. AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, bytes));
  34194. #endif
  34195. /* Get PEM encoded RSA PKCS#8 data. */
  34196. file = XFOPEN(ecPemPkcs8File, "rb");
  34197. AssertTrue(file != XBADFILE);
  34198. XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
  34199. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  34200. file)), 0);
  34201. XFCLOSE(file);
  34202. #if defined(OPENSSL_ALL) && \
  34203. !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \
  34204. defined(HAVE_AES_CBC)
  34205. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  34206. /* Write PKCS#8 PEM to BIO. */
  34207. AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
  34208. NULL), bytes);
  34209. /* Compare file and written data */
  34210. AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
  34211. AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
  34212. BIO_free(bio);
  34213. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  34214. /* Write Encrypted PKCS#8 PEM to BIO. */
  34215. bytes = 379;
  34216. AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(),
  34217. NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
  34218. AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
  34219. (void*)"yassl123"));
  34220. EVP_PKEY_free(evpPkey);
  34221. BIO_free(bio);
  34222. #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */
  34223. EVP_PKEY_free(pkey);
  34224. /* PKCS#8 encrypted EC key */
  34225. #ifndef NO_DES3
  34226. file = XFOPEN(ecDerPkcs8EncFile, "rb");
  34227. AssertTrue(file != XBADFILE);
  34228. XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
  34229. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  34230. file)), 0);
  34231. XFCLOSE(file);
  34232. #if defined(OPENSSL_ALL) && \
  34233. !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
  34234. AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
  34235. AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
  34236. (void*)"yassl123"));
  34237. EVP_PKEY_free(pkey);
  34238. BIO_free(bio);
  34239. #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
  34240. #endif /* !NO_DES3 */
  34241. #endif /* HAVE_ECC */
  34242. #endif /* !NO_FILESYSTEM */
  34243. res = TEST_RES_CHECK(1);
  34244. #endif /* HAVE_FIPS && OPENSSL_EXTRA */
  34245. return res;
  34246. }
  34247. #if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
  34248. defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
  34249. #define LOGGING_THREADS 5
  34250. #define ERROR_COUNT 10
  34251. /* copied from logging.c since this is not exposed otherwise */
  34252. #ifndef ERROR_QUEUE_MAX
  34253. #ifdef ERROR_QUEUE_PER_THREAD
  34254. #define ERROR_QUEUE_MAX 16
  34255. #else
  34256. /* this breaks from compat of unlimited error queue size */
  34257. #define ERROR_QUEUE_MAX 100
  34258. #endif
  34259. #endif
  34260. static volatile int loggingThreadsReady;
  34261. static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args)
  34262. {
  34263. const char* file;
  34264. int line;
  34265. unsigned long err;
  34266. int errorCount = 0;
  34267. int i;
  34268. (void)args;
  34269. while (!loggingThreadsReady);
  34270. for (i = 0; i < ERROR_COUNT; i++)
  34271. ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__);
  34272. while ((err = ERR_get_error_line(&file, &line))) {
  34273. AssertIntEQ(err, 990 + errorCount);
  34274. errorCount++;
  34275. }
  34276. AssertIntEQ(errorCount, ERROR_COUNT);
  34277. /* test max queue behavior, trying to add an arbitrary 3 errors over */
  34278. ERR_clear_error(); /* ERR_get_error_line() does not remove */
  34279. errorCount = 0;
  34280. for (i = 0; i < ERROR_QUEUE_MAX + 3; i++)
  34281. ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__);
  34282. while ((err = ERR_get_error_line(&file, &line))) {
  34283. AssertIntEQ(err, 990 + errorCount);
  34284. errorCount++;
  34285. }
  34286. /* test that the 3 errors over the max were dropped */
  34287. AssertIntEQ(errorCount, ERROR_QUEUE_MAX);
  34288. return 0;
  34289. }
  34290. #endif
  34291. static int test_error_queue_per_thread(void)
  34292. {
  34293. int res = TEST_SKIPPED;
  34294. #if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
  34295. defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
  34296. THREAD_TYPE loggingThreads[LOGGING_THREADS];
  34297. int i;
  34298. ERR_clear_error(); /* clear out any error nodes */
  34299. loggingThreadsReady = 0;
  34300. for (i = 0; i < LOGGING_THREADS; i++)
  34301. start_thread(test_logging, NULL, &loggingThreads[i]);
  34302. loggingThreadsReady = 1;
  34303. for (i = 0; i < LOGGING_THREADS; i++)
  34304. join_thread(loggingThreads[i]);
  34305. res = TEST_RES_CHECK(1);
  34306. #endif
  34307. return res;
  34308. }
  34309. static int test_wolfSSL_ERR_put_error(void)
  34310. {
  34311. int res = TEST_SKIPPED;
  34312. #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
  34313. defined(DEBUG_WOLFSSL)
  34314. const char* file;
  34315. int line;
  34316. ERR_clear_error(); /* clear out any error nodes */
  34317. ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
  34318. AssertIntEQ(ERR_get_error_line(&file, &line), 0);
  34319. ERR_put_error(0,SYS_F_BIND, 1, "this file", 1);
  34320. AssertIntEQ(ERR_get_error_line(&file, &line), 1);
  34321. ERR_put_error(0,SYS_F_CONNECT, 2, "this file", 2);
  34322. AssertIntEQ(ERR_get_error_line(&file, &line), 2);
  34323. ERR_put_error(0,SYS_F_FOPEN, 3, "this file", 3);
  34324. AssertIntEQ(ERR_get_error_line(&file, &line), 3);
  34325. ERR_put_error(0,SYS_F_FREAD, 4, "this file", 4);
  34326. AssertIntEQ(ERR_get_error_line(&file, &line), 4);
  34327. ERR_put_error(0,SYS_F_GETADDRINFO, 5, "this file", 5);
  34328. AssertIntEQ(ERR_get_error_line(&file, &line), 5);
  34329. ERR_put_error(0,SYS_F_GETSOCKOPT, 6, "this file", 6);
  34330. AssertIntEQ(ERR_get_error_line(&file, &line), 6);
  34331. ERR_put_error(0,SYS_F_GETSOCKNAME, 7, "this file", 7);
  34332. AssertIntEQ(ERR_get_error_line(&file, &line), 7);
  34333. ERR_put_error(0,SYS_F_GETHOSTBYNAME, 8, "this file", 8);
  34334. AssertIntEQ(ERR_get_error_line(&file, &line), 8);
  34335. ERR_put_error(0,SYS_F_GETNAMEINFO, 9, "this file", 9);
  34336. AssertIntEQ(ERR_get_error_line(&file, &line), 9);
  34337. ERR_put_error(0,SYS_F_GETSERVBYNAME, 10, "this file", 10);
  34338. AssertIntEQ(ERR_get_error_line(&file, &line), 10);
  34339. ERR_put_error(0,SYS_F_IOCTLSOCKET, 11, "this file", 11);
  34340. AssertIntEQ(ERR_get_error_line(&file, &line), 11);
  34341. ERR_put_error(0,SYS_F_LISTEN, 12, "this file", 12);
  34342. AssertIntEQ(ERR_get_error_line(&file, &line), 12);
  34343. ERR_put_error(0,SYS_F_OPENDIR, 13, "this file", 13);
  34344. AssertIntEQ(ERR_get_error_line(&file, &line), 13);
  34345. ERR_put_error(0,SYS_F_SETSOCKOPT, 14, "this file", 14);
  34346. AssertIntEQ(ERR_get_error_line(&file, &line), 14);
  34347. ERR_put_error(0,SYS_F_SOCKET, 15, "this file", 15);
  34348. AssertIntEQ(ERR_get_error_line(&file, &line), 15);
  34349. #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON)
  34350. ERR_put_error(ERR_LIB_ASN1, SYS_F_ACCEPT, ASN1_R_HEADER_TOO_LONG,
  34351. "this file", 100);
  34352. AssertIntEQ(wolfSSL_ERR_peek_last_error_line(&file, &line),
  34353. (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG);
  34354. AssertIntEQ(line, 100);
  34355. AssertIntEQ(wolfSSL_ERR_peek_error(),
  34356. (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG);
  34357. AssertIntEQ(ERR_get_error_line(&file, &line), ASN1_R_HEADER_TOO_LONG);
  34358. #endif
  34359. /* try reading past end of error queue */
  34360. file = NULL;
  34361. AssertIntEQ(ERR_get_error_line(&file, &line), 0);
  34362. AssertNull(file);
  34363. AssertIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0);
  34364. PEMerr(4,4);
  34365. AssertIntEQ(ERR_get_error(), 4);
  34366. /* Empty and free up all error nodes */
  34367. ERR_clear_error();
  34368. /* Verify all nodes are cleared */
  34369. ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
  34370. ERR_clear_error();
  34371. AssertIntEQ(ERR_get_error_line(&file, &line), 0);
  34372. res = TEST_RES_CHECK(1);
  34373. #endif
  34374. return res;
  34375. }
  34376. /*
  34377. * This is a regression test for a bug where the peek/get error functions were
  34378. * drawing from the end of the queue rather than the front.
  34379. */
  34380. static int test_wolfSSL_ERR_get_error_order(void)
  34381. {
  34382. int res = TEST_SKIPPED;
  34383. #ifdef WOLFSSL_HAVE_ERROR_QUEUE
  34384. /* Empty the queue. */
  34385. wolfSSL_ERR_clear_error();
  34386. wolfSSL_ERR_put_error(0, 0, ASN_NO_SIGNER_E, "test", 0);
  34387. wolfSSL_ERR_put_error(0, 0, ASN_SELF_SIGNED_E, "test", 0);
  34388. AssertIntEQ(wolfSSL_ERR_peek_error(), -ASN_NO_SIGNER_E);
  34389. AssertIntEQ(wolfSSL_ERR_get_error(), -ASN_NO_SIGNER_E);
  34390. AssertIntEQ(wolfSSL_ERR_peek_error(), -ASN_SELF_SIGNED_E);
  34391. AssertIntEQ(wolfSSL_ERR_get_error(), -ASN_SELF_SIGNED_E);
  34392. res = TEST_RES_CHECK(1);
  34393. #endif /* WOLFSSL_HAVE_ERROR_QUEUE */
  34394. return res;
  34395. }
  34396. #ifndef NO_BIO
  34397. static int test_wolfSSL_ERR_print_errors(void)
  34398. {
  34399. int res = TEST_SKIPPED;
  34400. #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
  34401. defined(DEBUG_WOLFSSL) && !defined(NO_ERROR_STRINGS)
  34402. BIO* bio;
  34403. char buf[1024];
  34404. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  34405. ERR_clear_error(); /* clear out any error nodes */
  34406. ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
  34407. /* Choosing -299 as an unused errno between MIN_CODE_E < x < WC_LAST_E. */
  34408. ERR_put_error(0,SYS_F_BIND, -299, "asn.c", 100);
  34409. ERR_print_errors(bio);
  34410. AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56);
  34411. AssertIntEQ(XSTRNCMP("error:173:wolfSSL library:Bad function argument:ssl.c:0",
  34412. buf, 55), 0);
  34413. AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57);
  34414. AssertIntEQ(XSTRNCMP("error:299:wolfSSL library:unknown error number:asn.c:100",
  34415. buf, 56), 0);
  34416. AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 1);
  34417. AssertIntEQ(buf[0], '\0');
  34418. AssertIntEQ(ERR_get_error_line(NULL, NULL), 0);
  34419. BIO_free(bio);
  34420. res = TEST_RES_CHECK(1);
  34421. #endif
  34422. return res;
  34423. }
  34424. #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
  34425. defined(DEBUG_WOLFSSL)
  34426. static int test_wolfSSL_error_cb(const char *str, size_t len, void *u)
  34427. {
  34428. wolfSSL_BIO_write((BIO*)u, str, (int)len);
  34429. return 0;
  34430. }
  34431. #endif
  34432. static int test_wolfSSL_ERR_print_errors_cb(void)
  34433. {
  34434. int res = TEST_SKIPPED;
  34435. #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
  34436. defined(DEBUG_WOLFSSL)
  34437. BIO* bio;
  34438. char buf[1024];
  34439. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  34440. ERR_clear_error(); /* clear out any error nodes */
  34441. ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
  34442. ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100);
  34443. ERR_print_errors_cb(test_wolfSSL_error_cb, bio);
  34444. AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 108);
  34445. AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 173 line:0 file:ssl.c",
  34446. buf, 53), 0);
  34447. AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 275 line:100 file:asn.c",
  34448. buf + 53, 55), 0);
  34449. AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0);
  34450. BIO_free(bio);
  34451. res = TEST_RES_CHECK(1);
  34452. #endif
  34453. return res;
  34454. }
  34455. /*
  34456. * Testing WOLFSSL_ERROR_MSG
  34457. */
  34458. static int test_WOLFSSL_ERROR_MSG(void)
  34459. {
  34460. int res = TEST_SKIPPED;
  34461. #if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
  34462. defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
  34463. const char* msg = TEST_STRING;
  34464. WOLFSSL_ERROR_MSG(msg);
  34465. res = TEST_RES_CHECK(1);
  34466. #endif
  34467. return res;
  34468. }/*End test_WOLFSSL_ERROR_MSG*/
  34469. /*
  34470. * Testing wc_ERR_remove_state
  34471. */
  34472. static int test_wc_ERR_remove_state(void)
  34473. {
  34474. int res = TEST_SKIPPED;
  34475. #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
  34476. wc_ERR_remove_state();
  34477. res = TEST_RES_CHECK(1);
  34478. #endif
  34479. return res;
  34480. }/*End test_wc_ERR_remove_state*/
  34481. /*
  34482. * Testing wc_ERR_print_errors_fp
  34483. */
  34484. static int test_wc_ERR_print_errors_fp(void)
  34485. {
  34486. int res = TEST_SKIPPED;
  34487. #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) && \
  34488. (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM))
  34489. long sz;
  34490. XFILE fp;
  34491. int ret = 0;
  34492. WOLFSSL_ERROR(BAD_FUNC_ARG);
  34493. fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar");
  34494. wc_ERR_print_errors_fp(fp);
  34495. #if defined(DEBUG_WOLFSSL)
  34496. AssertTrue(XFSEEK(fp, 0, XSEEK_END) == 0);
  34497. sz = XFTELL(fp);
  34498. #ifdef NO_ERROR_QUEUE
  34499. /* File should be empty when NO_ERROR_QUEUE is defined */
  34500. if (sz != 0) {
  34501. ret = BAD_FUNC_ARG;
  34502. }
  34503. #else
  34504. if (sz == 0) {
  34505. ret = BAD_FUNC_ARG;
  34506. }
  34507. #endif
  34508. #endif
  34509. XFCLOSE(fp);
  34510. (void)sz;
  34511. res = TEST_RES_CHECK(ret == 0);
  34512. #endif
  34513. return res;
  34514. }/*End test_wc_ERR_print_errors_fp*/
  34515. #ifdef DEBUG_WOLFSSL
  34516. static void Logging_cb(const int logLevel, const char *const logMessage)
  34517. {
  34518. (void)logLevel;
  34519. (void)logMessage;
  34520. }
  34521. #endif
  34522. /*
  34523. * Testing wolfSSL_GetLoggingCb
  34524. */
  34525. static int test_wolfSSL_GetLoggingCb(void)
  34526. {
  34527. int ret = 0;
  34528. #ifdef DEBUG_WOLFSSL
  34529. /* Testing without wolfSSL_SetLoggingCb() */
  34530. if (ret == 0) {
  34531. if (wolfSSL_GetLoggingCb() == NULL) { /* Should be true */
  34532. ret = 0;
  34533. }
  34534. if (wolfSSL_GetLoggingCb() != NULL) { /* Should not be true */
  34535. ret = -1;
  34536. }
  34537. }
  34538. /* Testing with wolfSSL_SetLoggingCb() */
  34539. if (ret == 0) {
  34540. ret = wolfSSL_SetLoggingCb(Logging_cb);
  34541. if (ret == 0) {
  34542. if (wolfSSL_GetLoggingCb() == NULL) { /* Should not be true */
  34543. ret = -1;
  34544. }
  34545. if (ret == 0) {
  34546. if (wolfSSL_GetLoggingCb() == Logging_cb) { /* Should be true */
  34547. ret = 0;
  34548. }
  34549. }
  34550. /* reset logging callback */
  34551. wolfSSL_SetLoggingCb(NULL);
  34552. }
  34553. }
  34554. #endif
  34555. if (ret == 0) {
  34556. if (wolfSSL_GetLoggingCb() != NULL) {
  34557. ret = -1;
  34558. }
  34559. }
  34560. return TEST_RES_CHECK(ret == 0);
  34561. }/*End test_wolfSSL_GetLoggingCb*/
  34562. #endif /* !NO_BIO */
  34563. #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
  34564. defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
  34565. defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
  34566. static int test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
  34567. {
  34568. static const unsigned char key[] = "simple test key";
  34569. HMAC_CTX* hmac;
  34570. ENGINE* e = NULL;
  34571. unsigned char hash[WC_MAX_DIGEST_SIZE];
  34572. unsigned int len;
  34573. AssertNotNull(hmac = HMAC_CTX_new());
  34574. HMAC_CTX_init(hmac);
  34575. AssertIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e),
  34576. SSL_SUCCESS);
  34577. /* re-using test key as data to hash */
  34578. AssertIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), SSL_SUCCESS);
  34579. AssertIntEQ(HMAC_Update(hmac, NULL, 0), SSL_SUCCESS);
  34580. AssertIntEQ(HMAC_Final(hmac, hash, &len), SSL_SUCCESS);
  34581. AssertIntEQ(len, md_len);
  34582. AssertIntEQ(HMAC_size(hmac), md_len);
  34583. AssertStrEQ(HMAC_CTX_get_md(hmac), md);
  34584. HMAC_cleanup(hmac);
  34585. HMAC_CTX_free(hmac);
  34586. len = 0;
  34587. AssertNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, &len));
  34588. AssertIntEQ(len, md_len);
  34589. return 0;
  34590. }
  34591. #endif
  34592. static int test_wolfSSL_HMAC(void)
  34593. {
  34594. int res = TEST_SKIPPED;
  34595. #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
  34596. defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
  34597. defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
  34598. #ifndef NO_SHA256
  34599. test_openssl_hmac(EVP_sha256(), (int)WC_SHA256_DIGEST_SIZE);
  34600. #endif
  34601. #ifdef WOLFSSL_SHA224
  34602. test_openssl_hmac(EVP_sha224(), (int)WC_SHA224_DIGEST_SIZE);
  34603. #endif
  34604. #ifdef WOLFSSL_SHA384
  34605. test_openssl_hmac(EVP_sha384(), (int)WC_SHA384_DIGEST_SIZE);
  34606. #endif
  34607. #ifdef WOLFSSL_SHA512
  34608. test_openssl_hmac(EVP_sha512(), (int)WC_SHA512_DIGEST_SIZE);
  34609. #endif
  34610. #ifdef WOLFSSL_SHA3
  34611. #ifndef WOLFSSL_NOSHA3_224
  34612. test_openssl_hmac(EVP_sha3_224(), (int)WC_SHA3_224_DIGEST_SIZE);
  34613. #endif
  34614. #ifndef WOLFSSL_NOSHA3_256
  34615. test_openssl_hmac(EVP_sha3_256(), (int)WC_SHA3_256_DIGEST_SIZE);
  34616. #endif
  34617. #ifndef WOLFSSL_NOSHA3_384
  34618. test_openssl_hmac(EVP_sha3_384(), (int)WC_SHA3_384_DIGEST_SIZE);
  34619. #endif
  34620. #ifndef WOLFSSL_NOSHA3_512
  34621. test_openssl_hmac(EVP_sha3_512(), (int)WC_SHA3_512_DIGEST_SIZE);
  34622. #endif
  34623. #endif
  34624. #ifndef NO_SHA
  34625. test_openssl_hmac(EVP_sha1(), (int)WC_SHA_DIGEST_SIZE);
  34626. #endif
  34627. res = TEST_RES_CHECK(1);
  34628. #endif
  34629. return res;
  34630. }
  34631. static int test_wolfSSL_CMAC(void)
  34632. {
  34633. int res = TEST_SKIPPED;
  34634. #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
  34635. defined(WOLFSSL_AES_DIRECT)
  34636. int i;
  34637. byte key[AES_128_KEY_SIZE];
  34638. CMAC_CTX* cmacCtx = NULL;
  34639. byte out[AES_BLOCK_SIZE];
  34640. size_t outLen = AES_BLOCK_SIZE;
  34641. for (i=0; i < AES_128_KEY_SIZE; ++i) {
  34642. key[i] = i;
  34643. }
  34644. AssertNotNull(cmacCtx = CMAC_CTX_new());
  34645. /* Check CMAC_CTX_get0_cipher_ctx; return value not used. */
  34646. AssertNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
  34647. AssertIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
  34648. NULL), SSL_SUCCESS);
  34649. /* re-using test key as data to hash */
  34650. AssertIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), SSL_SUCCESS);
  34651. AssertIntEQ(CMAC_Update(cmacCtx, NULL, 0), SSL_SUCCESS);
  34652. AssertIntEQ(CMAC_Final(cmacCtx, out, &outLen), SSL_SUCCESS);
  34653. AssertIntEQ(outLen, AES_BLOCK_SIZE);
  34654. CMAC_CTX_free(cmacCtx);
  34655. res = TEST_RES_CHECK(1);
  34656. #endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
  34657. return res;
  34658. }
  34659. static int test_wolfSSL_OBJ(void)
  34660. {
  34661. /* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS
  34662. * mode
  34663. */
  34664. int res = TEST_SKIPPED;
  34665. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
  34666. !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
  34667. defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
  34668. ASN1_OBJECT *obj = NULL;
  34669. ASN1_OBJECT *obj2 = NULL;
  34670. char buf[50];
  34671. XFILE fp;
  34672. X509 *x509 = NULL;
  34673. X509_NAME *x509Name;
  34674. X509_NAME_ENTRY *x509NameEntry;
  34675. ASN1_OBJECT *asn1Name = NULL;
  34676. int numNames;
  34677. BIO *bio = NULL;
  34678. int nid;
  34679. int i, j;
  34680. const char *f[] = {
  34681. #ifndef NO_RSA
  34682. "./certs/ca-cert.der",
  34683. #endif
  34684. #ifdef HAVE_ECC
  34685. "./certs/ca-ecc-cert.der",
  34686. "./certs/ca-ecc384-cert.der",
  34687. #endif
  34688. NULL};
  34689. ASN1_OBJECT *field_name_obj = NULL;
  34690. int lastpos = -1;
  34691. int tmp = -1;
  34692. ASN1_STRING *asn1 = NULL;
  34693. unsigned char *buf_dyn = NULL;
  34694. AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
  34695. AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
  34696. AssertIntEQ(OBJ_obj2nid(obj), NID_any_policy);
  34697. AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11);
  34698. AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
  34699. ASN1_OBJECT_free(obj);
  34700. AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
  34701. AssertIntEQ(OBJ_obj2nid(obj), NID_sha256);
  34702. AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22);
  34703. #ifdef WOLFSSL_CERT_EXT
  34704. AssertIntEQ(OBJ_txt2nid(buf), NID_sha256);
  34705. #endif
  34706. AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
  34707. AssertNotNull(obj2 = OBJ_dup(obj));
  34708. AssertIntEQ(OBJ_cmp(obj, obj2), 0);
  34709. ASN1_OBJECT_free(obj);
  34710. ASN1_OBJECT_free(obj2);
  34711. for (i = 0; f[i] != NULL; i++)
  34712. {
  34713. AssertTrue((fp = XFOPEN(f[i], "rb")) != XBADFILE);
  34714. AssertNotNull(x509 = d2i_X509_fp(fp, NULL));
  34715. XFCLOSE(fp);
  34716. AssertNotNull(x509Name = X509_get_issuer_name(x509));
  34717. AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
  34718. /* Get the Common Name by using OBJ_txt2obj */
  34719. AssertNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
  34720. do
  34721. {
  34722. lastpos = tmp;
  34723. tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos);
  34724. } while (tmp > -1);
  34725. AssertIntNE(lastpos, -1);
  34726. ASN1_OBJECT_free(field_name_obj);
  34727. AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos));
  34728. AssertNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry));
  34729. AssertIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0);
  34730. /*
  34731. * All Common Names should be www.wolfssl.com
  34732. * This makes testing easier as we can test for the expected value.
  34733. */
  34734. AssertStrEQ((char*)buf_dyn, "www.wolfssl.com");
  34735. OPENSSL_free(buf_dyn);
  34736. bio = BIO_new(BIO_s_mem());
  34737. AssertTrue(bio != NULL);
  34738. for (j = 0; j < numNames; j++)
  34739. {
  34740. AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
  34741. AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
  34742. AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
  34743. }
  34744. BIO_free(bio);
  34745. X509_free(x509);
  34746. }
  34747. #ifdef HAVE_PKCS12
  34748. {
  34749. PKCS12 *p12;
  34750. int boolRet;
  34751. EVP_PKEY *pkey = NULL;
  34752. const char *p12_f[] = {
  34753. #if !defined(NO_DES3) && !defined(NO_RSA)
  34754. "./certs/test-servercert.p12",
  34755. #endif
  34756. NULL};
  34757. for (i = 0; p12_f[i] != NULL; i++)
  34758. {
  34759. AssertTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE);
  34760. AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
  34761. XFCLOSE(fp);
  34762. AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test",
  34763. &pkey, &x509, NULL)) > 0);
  34764. wc_PKCS12_free(p12);
  34765. EVP_PKEY_free(pkey);
  34766. x509Name = X509_get_issuer_name(x509);
  34767. AssertNotNull(x509Name);
  34768. AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
  34769. AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
  34770. for (j = 0; j < numNames; j++)
  34771. {
  34772. AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
  34773. AssertNotNull(asn1Name =
  34774. X509_NAME_ENTRY_get_object(x509NameEntry));
  34775. AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
  34776. }
  34777. BIO_free(bio);
  34778. X509_free(x509);
  34779. }
  34780. }
  34781. #endif /* HAVE_PKCS12 */
  34782. res = TEST_RES_CHECK(1);
  34783. #endif
  34784. return res;
  34785. }
  34786. static int test_wolfSSL_i2a_ASN1_OBJECT(void)
  34787. {
  34788. int res = TEST_SKIPPED;
  34789. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO)
  34790. ASN1_OBJECT *obj = NULL;
  34791. BIO *bio = NULL;
  34792. AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
  34793. AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
  34794. AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0);
  34795. AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0);
  34796. AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0);
  34797. BIO_free(bio);
  34798. ASN1_OBJECT_free(obj);
  34799. res = TEST_RES_CHECK(1);
  34800. #endif
  34801. return res;
  34802. }
  34803. static int test_wolfSSL_OBJ_cmp(void)
  34804. {
  34805. int res = TEST_SKIPPED;
  34806. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
  34807. ASN1_OBJECT *obj = NULL;
  34808. ASN1_OBJECT *obj2 = NULL;
  34809. AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
  34810. AssertNotNull(obj2 = OBJ_nid2obj(NID_sha256));
  34811. AssertIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR);
  34812. AssertIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR);
  34813. AssertIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR);
  34814. AssertIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR);
  34815. AssertIntEQ(OBJ_cmp(obj, obj), 0);
  34816. AssertIntEQ(OBJ_cmp(obj2, obj2), 0);
  34817. ASN1_OBJECT_free(obj);
  34818. ASN1_OBJECT_free(obj2);
  34819. res = TEST_RES_CHECK(1);
  34820. #endif
  34821. return res;
  34822. }
  34823. static int test_wolfSSL_OBJ_txt2nid(void)
  34824. {
  34825. int res = TEST_SKIPPED;
  34826. #if !defined(NO_WOLFSSL_STUB) && defined(WOLFSSL_APACHE_HTTPD)
  34827. int i;
  34828. static const struct {
  34829. const char* sn;
  34830. const char* ln;
  34831. const char* oid;
  34832. int nid;
  34833. } testVals[] = {
  34834. { "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature },
  34835. { "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7",
  34836. NID_id_on_dnsSRV },
  34837. { "msUPN", "Microsoft User Principal Name",
  34838. "1.3.6.1.4.1.311.20.2.3", NID_ms_upn },
  34839. { NULL, NULL, NULL, NID_undef }
  34840. };
  34841. /* Invalid cases */
  34842. AssertIntEQ(OBJ_txt2nid(NULL), NID_undef);
  34843. AssertIntEQ(OBJ_txt2nid("Bad name"), NID_undef);
  34844. /* Valid cases */
  34845. for (i = 0; testVals[i].sn != NULL; i++) {
  34846. AssertIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid);
  34847. AssertIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid);
  34848. AssertIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid);
  34849. }
  34850. res = TEST_RES_CHECK(1);
  34851. #endif
  34852. return res;
  34853. }
  34854. static int test_wolfSSL_OBJ_txt2obj(void)
  34855. {
  34856. int res = TEST_SKIPPED;
  34857. #if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \
  34858. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN))
  34859. int i;
  34860. char buf[50];
  34861. ASN1_OBJECT* obj;
  34862. static const struct {
  34863. const char* oidStr;
  34864. const char* sn;
  34865. const char* ln;
  34866. } objs_list[] = {
  34867. #if defined(WOLFSSL_APACHE_HTTPD)
  34868. { "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" },
  34869. { "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" },
  34870. #endif
  34871. { "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"},
  34872. { NULL, NULL, NULL }
  34873. };
  34874. static const struct {
  34875. const char* numeric;
  34876. const char* name;
  34877. } objs_named[] = {
  34878. /* In dictionary but not in normal list. */
  34879. { "1.3.6.1.5.5.7.3.8", "Time Stamping" },
  34880. /* Made up OID. */
  34881. { "1.3.5.7", "1.3.5.7" },
  34882. { NULL, NULL }
  34883. };
  34884. AssertNull(obj = OBJ_txt2obj("Bad name", 0));
  34885. AssertNull(obj = OBJ_txt2obj(NULL, 0));
  34886. for (i = 0; objs_list[i].oidStr != NULL; i++) {
  34887. /* Test numerical value of oid (oidStr) */
  34888. AssertNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1));
  34889. /* Convert object back to text to confirm oid is correct */
  34890. wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
  34891. AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
  34892. ASN1_OBJECT_free(obj);
  34893. XMEMSET(buf, 0, sizeof(buf));
  34894. /* Test short name (sn) */
  34895. AssertNull(obj = OBJ_txt2obj(objs_list[i].sn, 1));
  34896. AssertNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0));
  34897. /* Convert object back to text to confirm oid is correct */
  34898. wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
  34899. AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
  34900. ASN1_OBJECT_free(obj);
  34901. XMEMSET(buf, 0, sizeof(buf));
  34902. /* Test long name (ln) - should fail when no_name = 1 */
  34903. AssertNull(obj = OBJ_txt2obj(objs_list[i].ln, 1));
  34904. AssertNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0));
  34905. /* Convert object back to text to confirm oid is correct */
  34906. wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
  34907. AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
  34908. ASN1_OBJECT_free(obj);
  34909. XMEMSET(buf, 0, sizeof(buf));
  34910. }
  34911. for (i = 0; objs_named[i].numeric != NULL; i++) {
  34912. AssertNotNull(obj = OBJ_txt2obj(objs_named[i].numeric, 1));
  34913. wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0);
  34914. AssertIntEQ(XSTRNCMP(buf, objs_named[i].name, (int)XSTRLEN(buf)), 0);
  34915. wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
  34916. AssertIntEQ(XSTRNCMP(buf, objs_named[i].numeric, (int)XSTRLEN(buf)), 0);
  34917. ASN1_OBJECT_free(obj);
  34918. }
  34919. res = TEST_RES_CHECK(1);
  34920. #endif
  34921. return res;
  34922. }
  34923. static int test_wolfSSL_i2t_ASN1_OBJECT(void)
  34924. {
  34925. int res = TEST_SKIPPED;
  34926. #if defined(OPENSSL_EXTRA) && \
  34927. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  34928. char buf[50] = {0};
  34929. ASN1_OBJECT* obj;
  34930. const char* oid = "2.5.29.19";
  34931. const char* ln = "X509v3 Basic Constraints";
  34932. obj = NULL;
  34933. AssertIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), WOLFSSL_FAILURE);
  34934. AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), WOLFSSL_FAILURE);
  34935. AssertIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), WOLFSSL_FAILURE);
  34936. AssertNotNull(obj = OBJ_txt2obj(oid, 0));
  34937. XMEMSET(buf, 0, sizeof(buf));
  34938. AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln));
  34939. AssertIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0);
  34940. ASN1_OBJECT_free(obj);
  34941. res = TEST_RES_CHECK(1);
  34942. #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */
  34943. return res;
  34944. }
  34945. static int test_wolfSSL_PEM_write_bio_X509(void)
  34946. {
  34947. int res = TEST_SKIPPED;
  34948. #if defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL) && \
  34949. defined(WOLFSSL_AKID_NAME) && defined(WOLFSSL_CERT_EXT) && \
  34950. defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_RSA) && \
  34951. !defined(NO_FILESYSTEM)
  34952. /* This test contains the hard coded expected
  34953. * lengths. Update if necessary */
  34954. FILE* fp = NULL;
  34955. WOLFSSL_EVP_PKEY *priv = NULL;
  34956. BIO* input = NULL;
  34957. BIO* output = NULL;
  34958. X509* x509a = NULL;
  34959. X509* x509b = NULL;
  34960. ASN1_TIME* notBeforeA = NULL;
  34961. ASN1_TIME* notAfterA = NULL;
  34962. ASN1_TIME* notBeforeB = NULL;
  34963. ASN1_TIME* notAfterB = NULL;
  34964. int expectedLen;
  34965. fp = XFOPEN("certs/server-key.pem", "rb");
  34966. AssertNotNull(fp);
  34967. priv = wolfSSL_PEM_read_PrivateKey(fp, NULL, NULL, NULL);
  34968. XFCLOSE(fp);
  34969. fp = NULL;
  34970. AssertNotNull(priv);
  34971. AssertNotNull(input = BIO_new_file(
  34972. "certs/test/cert-ext-multiple.pem", "rb"));
  34973. AssertIntEQ(wolfSSL_BIO_get_len(input), 2000);
  34974. /* read PEM into X509 struct, get notBefore / notAfter to verify against */
  34975. AssertNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL));
  34976. AssertNotNull(notBeforeA = X509_get_notBefore(x509a));
  34977. AssertNotNull(notAfterA = X509_get_notAfter(x509a));
  34978. /* write X509 back to PEM BIO; no need to sign as nothing changed. */
  34979. AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
  34980. AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
  34981. /* compare length against expected */
  34982. expectedLen = 2000;
  34983. AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
  34984. /* read exported X509 PEM back into struct, sanity check on export,
  34985. * make sure notBefore/notAfter are the same and certs are identical. */
  34986. AssertNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL));
  34987. AssertNotNull(notBeforeB = X509_get_notBefore(x509b));
  34988. AssertNotNull(notAfterB = X509_get_notAfter(x509b));
  34989. AssertIntEQ(ASN1_TIME_compare(notBeforeA, notBeforeB), 0);
  34990. AssertIntEQ(ASN1_TIME_compare(notAfterA, notAfterB), 0);
  34991. AssertIntEQ(0, wolfSSL_X509_cmp(x509a, x509b));
  34992. X509_free(x509b);
  34993. /* Reset output buffer */
  34994. BIO_free(output);
  34995. AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
  34996. /* Test forcing the AKID to be generated just from KeyIdentifier */
  34997. if (x509a->authKeyIdSrc != NULL) {
  34998. XMEMMOVE(x509a->authKeyIdSrc, x509a->authKeyId, x509a->authKeyIdSz);
  34999. x509a->authKeyId = x509a->authKeyIdSrc;
  35000. x509a->authKeyIdSrc = NULL;
  35001. x509a->authKeyIdSrcSz = 0;
  35002. }
  35003. /* Resign to re-generate the der */
  35004. AssertIntGT(wolfSSL_X509_sign(x509a, priv, EVP_sha256()), 0);
  35005. AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
  35006. /* Check that we generate a smaller output since the AKID will
  35007. * only contain the KeyIdentifier without any additional
  35008. * information */
  35009. /* Here we copy the validity struct from the original */
  35010. expectedLen = 1688;
  35011. AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
  35012. /* Reset buffers and x509 */
  35013. BIO_free(input);
  35014. BIO_free(output);
  35015. X509_free(x509a);
  35016. /* test CA and basicConstSet values are encoded when
  35017. * the cert is a CA */
  35018. AssertNotNull(input = BIO_new_file(
  35019. "certs/server-cert.pem", "rb"));
  35020. /* read PEM into X509 struct */
  35021. AssertNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL));
  35022. /* write X509 back to PEM BIO; no need to sign as nothing changed */
  35023. AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
  35024. AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
  35025. /* read exported X509 PEM back into struct, ensure isCa and basicConstSet
  35026. * values are maintained and certs are identical.*/
  35027. AssertNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL));
  35028. AssertIntEQ(x509b->isCa, 1);
  35029. AssertIntEQ(x509b->basicConstSet, 1);
  35030. AssertIntEQ(0, wolfSSL_X509_cmp(x509a, x509b));
  35031. X509_free(x509a);
  35032. X509_free(x509b);
  35033. BIO_free(input);
  35034. BIO_free(output);
  35035. /* test CA and basicConstSet values are encoded when
  35036. * the cert is not CA */
  35037. AssertNotNull(input = BIO_new_file(
  35038. "certs/client-uri-cert.pem", "rb"));
  35039. /* read PEM into X509 struct */
  35040. AssertNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL));
  35041. /* write X509 back to PEM BIO; no need to sign as nothing changed */
  35042. AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
  35043. AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
  35044. /* read exported X509 PEM back into struct, ensure isCa and
  35045. * basicConstSet values are maintained and certs are identical */
  35046. AssertNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL));
  35047. AssertIntEQ(x509b->isCa, 0);
  35048. AssertIntEQ(x509b->basicConstSet, 1);
  35049. AssertIntEQ(0, wolfSSL_X509_cmp(x509a, x509b));
  35050. wolfSSL_EVP_PKEY_free(priv);
  35051. X509_free(x509a);
  35052. X509_free(x509b);
  35053. BIO_free(input);
  35054. BIO_free(output);
  35055. res = TEST_RES_CHECK(1);
  35056. #endif
  35057. return res;
  35058. }
  35059. static int test_wolfSSL_X509_NAME_ENTRY(void)
  35060. {
  35061. int res = TEST_SKIPPED;
  35062. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
  35063. !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
  35064. X509* x509;
  35065. #ifndef NO_BIO
  35066. BIO* bio;
  35067. #endif
  35068. X509_NAME* nm;
  35069. X509_NAME_ENTRY* entry;
  35070. unsigned char cn[] = "another name to add";
  35071. #ifdef OPENSSL_ALL
  35072. int i, names_len;
  35073. #endif
  35074. AssertNotNull(x509 =
  35075. wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
  35076. #ifndef NO_BIO
  35077. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  35078. AssertIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS);
  35079. #endif
  35080. #ifdef WOLFSSL_CERT_REQ
  35081. {
  35082. X509_REQ* req;
  35083. #ifndef NO_BIO
  35084. BIO* bReq;
  35085. #endif
  35086. AssertNotNull(req =
  35087. wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
  35088. #ifndef NO_BIO
  35089. AssertNotNull(bReq = BIO_new(BIO_s_mem()));
  35090. AssertIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS);
  35091. BIO_free(bReq);
  35092. #endif
  35093. X509_free(req);
  35094. }
  35095. #endif
  35096. AssertNotNull(nm = X509_get_subject_name(x509));
  35097. /* Test add entry */
  35098. AssertNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName,
  35099. 0x0c, cn, (int)sizeof(cn)));
  35100. AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
  35101. #ifdef WOLFSSL_CERT_EXT
  35102. AssertIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
  35103. (byte*)"support@wolfssl.com", 19, -1,
  35104. 1), WOLFSSL_SUCCESS);
  35105. #endif
  35106. X509_NAME_ENTRY_free(entry);
  35107. #ifdef WOLFSSL_CERT_REQ
  35108. {
  35109. unsigned char srv_pkcs9p[] = "Server";
  35110. char* subject;
  35111. AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType,
  35112. MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS);
  35113. subject = X509_NAME_oneline(nm, 0, 0);
  35114. #ifdef DEBUG_WOLFSSL
  35115. fprintf(stderr, "\n\t%s\n", subject);
  35116. #endif
  35117. XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
  35118. }
  35119. #endif
  35120. /* Test add entry by text */
  35121. AssertNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName",
  35122. 0x0c, cn, (int)sizeof(cn)));
  35123. #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \
  35124. || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
  35125. AssertNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown",
  35126. V_ASN1_UTF8STRING, cn, (int)sizeof(cn)));
  35127. #endif
  35128. AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
  35129. X509_NAME_ENTRY_free(entry);
  35130. /* Test add entry by NID */
  35131. AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8,
  35132. cn, -1, -1, 0), SSL_SUCCESS);
  35133. #ifdef OPENSSL_ALL
  35134. /* stack of name entry */
  35135. AssertIntGT((names_len = sk_X509_NAME_ENTRY_num(nm->entries)), 0);
  35136. for (i=0; i<names_len; i++) {
  35137. AssertNotNull(entry = sk_X509_NAME_ENTRY_value(nm->entries, i));
  35138. }
  35139. #endif
  35140. #ifndef NO_BIO
  35141. BIO_free(bio);
  35142. #endif
  35143. X509_free(x509); /* free's nm */
  35144. res = TEST_RES_CHECK(1);
  35145. #endif
  35146. return res;
  35147. }
  35148. static int test_wolfSSL_X509_set_name(void)
  35149. {
  35150. int res = TEST_SKIPPED;
  35151. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  35152. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
  35153. X509* x509;
  35154. X509_NAME* name;
  35155. AssertNotNull(name = X509_NAME_new());
  35156. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  35157. (byte*)"wolfssl.com", 11, 0, 1),
  35158. WOLFSSL_SUCCESS);
  35159. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
  35160. (byte*)"support@wolfssl.com", 19, -1,
  35161. 1), WOLFSSL_SUCCESS);
  35162. AssertNotNull(x509 = X509_new());
  35163. AssertIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE);
  35164. AssertIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE);
  35165. AssertIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE);
  35166. AssertIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  35167. AssertIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE);
  35168. AssertIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE);
  35169. AssertIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE);
  35170. AssertIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  35171. X509_free(x509);
  35172. X509_NAME_free(name);
  35173. res = TEST_RES_CHECK(1);
  35174. #endif /* OPENSSL_ALL && !NO_CERTS */
  35175. return res;
  35176. }
  35177. static int test_wolfSSL_X509_set_notAfter(void)
  35178. {
  35179. int res = TEST_SKIPPED;
  35180. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
  35181. && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
  35182. !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
  35183. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\
  35184. !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO)
  35185. /* Generalized time will overflow time_t if not long */
  35186. X509* x;
  35187. BIO* bio;
  35188. ASN1_TIME *asn_time, *time_check;
  35189. const int year = 365*24*60*60;
  35190. const int day = 24*60*60;
  35191. const int hour = 60*60;
  35192. const int mini = 60;
  35193. int offset_day;
  35194. unsigned char buf[25];
  35195. time_t t;
  35196. /*
  35197. * Setup asn_time. APACHE HTTPD uses time(NULL)
  35198. */
  35199. t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day;
  35200. offset_day = 7;
  35201. /*
  35202. * Free these.
  35203. */
  35204. asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
  35205. AssertNotNull(asn_time);
  35206. AssertNotNull(x = X509_new());
  35207. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  35208. /*
  35209. * Tests
  35210. */
  35211. AssertTrue(wolfSSL_X509_set_notAfter(x, asn_time));
  35212. /* time_check is simply (ANS1_TIME*)x->notAfter */
  35213. AssertNotNull(time_check = X509_get_notAfter(x));
  35214. /* ANS1_TIME_check validates by checking if argument can be parsed */
  35215. AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
  35216. /* Convert to human readable format and compare to intended date */
  35217. AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
  35218. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
  35219. AssertIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0);
  35220. /*
  35221. * Cleanup
  35222. */
  35223. XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
  35224. X509_free(x);
  35225. BIO_free(bio);
  35226. res = TEST_RES_CHECK(1);
  35227. #endif
  35228. return res;
  35229. }
  35230. static int test_wolfSSL_X509_set_notBefore(void)
  35231. {
  35232. int res = TEST_SKIPPED;
  35233. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
  35234. && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
  35235. !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
  35236. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
  35237. X509* x;
  35238. BIO* bio;
  35239. ASN1_TIME *asn_time, *time_check;
  35240. const int year = 365*24*60*60;
  35241. const int day = 24*60*60;
  35242. const int hour = 60*60;
  35243. const int mini = 60;
  35244. int offset_day;
  35245. unsigned char buf[25];
  35246. time_t t;
  35247. /*
  35248. * Setup asn_time. APACHE HTTPD uses time(NULL)
  35249. */
  35250. t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day;
  35251. offset_day = 7;
  35252. /*
  35253. * Free these.
  35254. */
  35255. asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
  35256. AssertNotNull(asn_time);
  35257. AssertNotNull(x = X509_new());
  35258. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  35259. AssertIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS);
  35260. /*
  35261. * Main Tests
  35262. */
  35263. AssertTrue(wolfSSL_X509_set_notBefore(x, asn_time));
  35264. /* time_check == (ANS1_TIME*)x->notBefore */
  35265. AssertNotNull(time_check = X509_get_notBefore(x));
  35266. /* ANS1_TIME_check validates by checking if argument can be parsed */
  35267. AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
  35268. /* Convert to human readable format and compare to intended date */
  35269. AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
  35270. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
  35271. AssertIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0);
  35272. /*
  35273. * Cleanup
  35274. */
  35275. XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
  35276. X509_free(x);
  35277. BIO_free(bio);
  35278. res = TEST_RES_CHECK(1);
  35279. #endif
  35280. return res;
  35281. }
  35282. static int test_wolfSSL_X509_set_version(void)
  35283. {
  35284. int res = TEST_SKIPPED;
  35285. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
  35286. !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
  35287. X509* x509;
  35288. long v = 2L;
  35289. long maxInt = INT_MAX;
  35290. AssertNotNull(x509 = X509_new());
  35291. /* These should pass. */
  35292. AssertTrue(wolfSSL_X509_set_version(x509, v));
  35293. AssertIntEQ(v, wolfSSL_X509_get_version(x509));
  35294. /* Fail Case: When v(long) is greater than x509->version(int). */
  35295. v = maxInt+1;
  35296. AssertFalse(wolfSSL_X509_set_version(x509, v));
  35297. /* Cleanup */
  35298. X509_free(x509);
  35299. res = TEST_RES_CHECK(1);
  35300. #endif
  35301. return res;
  35302. }
  35303. #ifndef NO_BIO
  35304. static int test_wolfSSL_BIO_gets(void)
  35305. {
  35306. int res = TEST_SKIPPED;
  35307. #if defined(OPENSSL_EXTRA)
  35308. BIO* bio;
  35309. BIO* bio2;
  35310. char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c";
  35311. char emp[] = "";
  35312. char bio_buffer[20];
  35313. int bufferSz = 20;
  35314. /* try with bad args */
  35315. AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
  35316. /* try with real msg */
  35317. AssertNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
  35318. XMEMSET(bio_buffer, 0, bufferSz);
  35319. AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio())));
  35320. AssertNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE));
  35321. AssertNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO));
  35322. AssertFalse(bio2 != BIO_next(bio));
  35323. /* make buffer filled with no terminating characters */
  35324. XMEMSET(bio_buffer, 1, bufferSz);
  35325. /* BIO_gets reads a line of data */
  35326. AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
  35327. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
  35328. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
  35329. AssertStrEQ(bio_buffer, "hello wolfSSL\n");
  35330. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
  35331. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
  35332. AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
  35333. /* check not null terminated string */
  35334. BIO_free(bio);
  35335. msg[0] = 0x33;
  35336. msg[1] = 0x33;
  35337. msg[2] = 0x33;
  35338. AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
  35339. AssertIntEQ(BIO_gets(bio, bio_buffer, 3), 2);
  35340. AssertIntEQ(bio_buffer[0], msg[0]);
  35341. AssertIntEQ(bio_buffer[1], msg[1]);
  35342. AssertIntNE(bio_buffer[2], msg[2]);
  35343. BIO_free(bio);
  35344. msg[3] = 0x33;
  35345. bio_buffer[3] = 0x33;
  35346. AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
  35347. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3);
  35348. AssertIntEQ(bio_buffer[0], msg[0]);
  35349. AssertIntEQ(bio_buffer[1], msg[1]);
  35350. AssertIntEQ(bio_buffer[2], msg[2]);
  35351. AssertIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */
  35352. /* check reading an empty string */
  35353. BIO_free(bio);
  35354. AssertNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp)));
  35355. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
  35356. AssertStrEQ(emp, bio_buffer);
  35357. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
  35358. /* check error cases */
  35359. BIO_free(bio);
  35360. AssertIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE);
  35361. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  35362. AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
  35363. #if !defined(NO_FILESYSTEM)
  35364. {
  35365. BIO* f_bio;
  35366. XFILE f;
  35367. AssertNotNull(f_bio = BIO_new(BIO_s_file()));
  35368. AssertIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
  35369. f = XFOPEN(svrCertFile, "rb");
  35370. AssertTrue((f != XBADFILE));
  35371. AssertIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS);
  35372. AssertIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
  35373. BIO_free(f_bio);
  35374. }
  35375. #endif /* NO_FILESYSTEM */
  35376. BIO_free(bio);
  35377. BIO_free(bio2);
  35378. /* try with type BIO */
  35379. XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c",
  35380. sizeof(msg));
  35381. AssertNotNull(bio = BIO_new(BIO_s_bio()));
  35382. AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
  35383. AssertNotNull(bio2 = BIO_new(BIO_s_bio()));
  35384. AssertIntEQ(BIO_set_write_buf_size(bio, 10), SSL_SUCCESS);
  35385. AssertIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS);
  35386. AssertIntEQ(BIO_make_bio_pair(bio, bio2), SSL_SUCCESS);
  35387. AssertIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg));
  35388. AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
  35389. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
  35390. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
  35391. AssertStrEQ(bio_buffer, "hello wolfSSL\n");
  35392. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
  35393. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
  35394. AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
  35395. BIO_free(bio);
  35396. BIO_free(bio2);
  35397. /* check reading an empty string */
  35398. AssertNotNull(bio = BIO_new(BIO_s_bio()));
  35399. AssertIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS);
  35400. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
  35401. AssertStrEQ(emp, bio_buffer);
  35402. BIO_free(bio);
  35403. res = TEST_RES_CHECK(1);
  35404. #endif
  35405. return res;
  35406. }
  35407. static int test_wolfSSL_BIO_puts(void)
  35408. {
  35409. int res = TEST_SKIPPED;
  35410. #if defined(OPENSSL_EXTRA)
  35411. BIO* bio;
  35412. char input[] = "hello\0world\n.....ok\n\0";
  35413. char output[128];
  35414. XMEMSET(output, 0, sizeof(output));
  35415. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  35416. AssertIntEQ(BIO_puts(bio, input), 5);
  35417. AssertIntEQ(BIO_pending(bio), 5);
  35418. AssertIntEQ(BIO_puts(bio, input + 6), 14);
  35419. AssertIntEQ(BIO_pending(bio), 19);
  35420. AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 11);
  35421. AssertStrEQ(output, "helloworld\n");
  35422. AssertIntEQ(BIO_pending(bio), 8);
  35423. AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 8);
  35424. AssertStrEQ(output, ".....ok\n");
  35425. AssertIntEQ(BIO_pending(bio), 0);
  35426. AssertIntEQ(BIO_puts(bio, ""), -1);
  35427. BIO_free(bio);
  35428. res = TEST_RES_CHECK(1);
  35429. #endif
  35430. return res;
  35431. }
  35432. static int test_wolfSSL_BIO_dump(void)
  35433. {
  35434. int res = TEST_SKIPPED;
  35435. #if defined(OPENSSL_EXTRA)
  35436. BIO* bio;
  35437. static const unsigned char data[] = {
  35438. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
  35439. 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
  35440. 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4,
  35441. 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
  35442. 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80,
  35443. 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA,
  35444. 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56,
  35445. 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
  35446. 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
  35447. 0xB4
  35448. };
  35449. /* Generated with OpenSSL. */
  35450. static const char expected[] =
  35451. "0000 - 30 59 30 13 06 07 2a 86-48 ce 3d 02 01 06 08 2a 0Y0...*.H.=....*\n"
  35452. "0010 - 86 48 ce 3d 03 01 07 03-42 00 04 55 bf f4 0f 44 .H.=....B..U...D\n"
  35453. "0020 - 50 9a 3d ce 9b b7 f0 c5-4d f5 70 7b d4 ec 24 8e P.=.....M.p{..$.\n"
  35454. "0030 - 19 80 ec 5a 4c a2 24 03-62 2c 9b da ef a2 35 12 ...ZL.$.b,....5.\n"
  35455. "0040 - 43 84 76 16 c6 56 95 06-cc 01 a9 bd f6 75 1a 42 C.v..V.......u.B\n"
  35456. "0050 - f7 bd a9 b2 36 22 5f c7-5d 7f b4 ....6\"_.]..\n";
  35457. static const char expectedAll[] =
  35458. "0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f ................\n"
  35459. "0010 - 10 11 12 13 14 15 16 17-18 19 1a 1b 1c 1d 1e 1f ................\n"
  35460. "0020 - 20 21 22 23 24 25 26 27-28 29 2a 2b 2c 2d 2e 2f !\"#$%&'()*+,-./\n"
  35461. "0030 - 30 31 32 33 34 35 36 37-38 39 3a 3b 3c 3d 3e 3f 0123456789:;<=>?\n"
  35462. "0040 - 40 41 42 43 44 45 46 47-48 49 4a 4b 4c 4d 4e 4f @ABCDEFGHIJKLMNO\n"
  35463. "0050 - 50 51 52 53 54 55 56 57-58 59 5a 5b 5c 5d 5e 5f PQRSTUVWXYZ[\\]^_\n"
  35464. "0060 - 60 61 62 63 64 65 66 67-68 69 6a 6b 6c 6d 6e 6f `abcdefghijklmno\n"
  35465. "0070 - 70 71 72 73 74 75 76 77-78 79 7a 7b 7c 7d 7e 7f pqrstuvwxyz{|}~.\n"
  35466. "0080 - 80 81 82 83 84 85 86 87-88 89 8a 8b 8c 8d 8e 8f ................\n"
  35467. "0090 - 90 91 92 93 94 95 96 97-98 99 9a 9b 9c 9d 9e 9f ................\n"
  35468. "00a0 - a0 a1 a2 a3 a4 a5 a6 a7-a8 a9 aa ab ac ad ae af ................\n"
  35469. "00b0 - b0 b1 b2 b3 b4 b5 b6 b7-b8 b9 ba bb bc bd be bf ................\n"
  35470. "00c0 - c0 c1 c2 c3 c4 c5 c6 c7-c8 c9 ca cb cc cd ce cf ................\n"
  35471. "00d0 - d0 d1 d2 d3 d4 d5 d6 d7-d8 d9 da db dc dd de df ................\n"
  35472. "00e0 - e0 e1 e2 e3 e4 e5 e6 e7-e8 e9 ea eb ec ed ee ef ................\n"
  35473. "00f0 - f0 f1 f2 f3 f4 f5 f6 f7-f8 f9 fa fb fc fd fe ff ................\n";
  35474. char output[16 * 80];
  35475. int i;
  35476. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  35477. /* Example key dumped. */
  35478. AssertIntEQ(BIO_dump(bio, (const char*)data, (int)sizeof(data)),
  35479. sizeof(expected) - 1);
  35480. AssertIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expected) - 1);
  35481. AssertIntEQ(XMEMCMP(output, expected, sizeof(expected) - 1), 0);
  35482. /* Try every possible value for a character. */
  35483. for (i = 0; i < 256; i++)
  35484. output[i] = i;
  35485. AssertIntEQ(BIO_dump(bio, output, 256), sizeof(expectedAll) - 1);
  35486. AssertIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expectedAll) - 1);
  35487. AssertIntEQ(XMEMCMP(output, expectedAll, sizeof(expectedAll) - 1), 0);
  35488. BIO_free(bio);
  35489. res = TEST_RES_CHECK(1);
  35490. #endif
  35491. return res;
  35492. }
  35493. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  35494. !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
  35495. defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
  35496. static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx)
  35497. {
  35498. (void)ssl;
  35499. (void)buf;
  35500. (void)sz;
  35501. (void)ctx;
  35502. return WOLFSSL_CBIO_ERR_WANT_READ;
  35503. }
  35504. #endif
  35505. static int test_wolfSSL_BIO_should_retry(void)
  35506. {
  35507. int res = TEST_SKIPPED;
  35508. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  35509. !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
  35510. defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
  35511. tcp_ready ready;
  35512. func_args server_args;
  35513. THREAD_TYPE serverThread;
  35514. SOCKET_T sockfd = 0;
  35515. WOLFSSL_CTX* ctx;
  35516. WOLFSSL* ssl;
  35517. char msg[64] = "hello wolfssl!";
  35518. char reply[1024];
  35519. int msgSz = (int)XSTRLEN(msg);
  35520. int ret;
  35521. BIO* bio;
  35522. XMEMSET(&server_args, 0, sizeof(func_args));
  35523. #ifdef WOLFSSL_TIRTOS
  35524. fdOpenSession(Task_self());
  35525. #endif
  35526. StartTCP();
  35527. InitTcpReady(&ready);
  35528. #if defined(USE_WINDOWS_API)
  35529. /* use RNG to get random port if using windows */
  35530. ready.port = GetRandomPort();
  35531. #endif
  35532. server_args.signal = &ready;
  35533. start_thread(test_server_nofail, &server_args, &serverThread);
  35534. wait_tcp_ready(&server_args);
  35535. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  35536. #ifdef OPENSSL_COMPATIBLE_DEFAULTS
  35537. AssertIntEQ(wolfSSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY), 0);
  35538. #endif
  35539. AssertIntEQ(WOLFSSL_SUCCESS,
  35540. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  35541. AssertIntEQ(WOLFSSL_SUCCESS,
  35542. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  35543. AssertIntEQ(WOLFSSL_SUCCESS,
  35544. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  35545. tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
  35546. /* force retry */
  35547. ssl = wolfSSL_new(ctx);
  35548. AssertNotNull(ssl);
  35549. AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
  35550. wolfSSL_SSLSetIORecv(ssl, forceWantRead);
  35551. AssertNotNull(bio = BIO_new(BIO_f_ssl()));
  35552. BIO_set_ssl(bio, ssl, BIO_CLOSE);
  35553. AssertIntLE(BIO_write(bio, msg, msgSz), 0);
  35554. AssertIntNE(BIO_should_retry(bio), 0);
  35555. /* now perform successful connection */
  35556. wolfSSL_SSLSetIORecv(ssl, EmbedReceive);
  35557. AssertIntEQ(BIO_write(bio, msg, msgSz), msgSz);
  35558. BIO_read(bio, reply, sizeof(reply));
  35559. ret = wolfSSL_get_error(ssl, -1);
  35560. if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) {
  35561. AssertIntNE(BIO_should_retry(bio), 0);
  35562. }
  35563. else {
  35564. AssertIntEQ(BIO_should_retry(bio), 0);
  35565. }
  35566. AssertIntEQ(XMEMCMP(reply, "I hear you fa shizzle!",
  35567. XSTRLEN("I hear you fa shizzle!")), 0);
  35568. BIO_free(bio);
  35569. wolfSSL_CTX_free(ctx);
  35570. join_thread(serverThread);
  35571. FreeTcpReady(&ready);
  35572. #ifdef WOLFSSL_TIRTOS
  35573. fdOpenSession(Task_self());
  35574. #endif
  35575. res = TEST_RES_CHECK(1);
  35576. #endif
  35577. return res;
  35578. }
  35579. static int test_wolfSSL_BIO_connect(void)
  35580. {
  35581. int res = TEST_SKIPPED;
  35582. #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  35583. defined(HAVE_HTTP_CLIENT) && !defined(NO_WOLFSSL_CLIENT)
  35584. tcp_ready ready;
  35585. func_args server_args;
  35586. THREAD_TYPE serverThread;
  35587. BIO *tcpBio;
  35588. BIO *sslBio;
  35589. SSL_CTX* ctx;
  35590. SSL *ssl;
  35591. SSL *sslPtr;
  35592. char msg[] = "hello wolfssl!";
  35593. char reply[30];
  35594. char buff[10] = {0};
  35595. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  35596. AssertIntEQ(WOLFSSL_SUCCESS,
  35597. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  35598. AssertIntEQ(WOLFSSL_SUCCESS,
  35599. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  35600. AssertIntEQ(WOLFSSL_SUCCESS,
  35601. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  35602. /* Setup server */
  35603. XMEMSET(&server_args, 0, sizeof(func_args));
  35604. StartTCP();
  35605. InitTcpReady(&ready);
  35606. #if defined(USE_WINDOWS_API)
  35607. /* use RNG to get random port if using windows */
  35608. ready.port = GetRandomPort();
  35609. #endif
  35610. server_args.signal = &ready;
  35611. start_thread(test_server_nofail, &server_args, &serverThread);
  35612. wait_tcp_ready(&server_args);
  35613. AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0);
  35614. /* Start the test proper */
  35615. /* Setup the TCP BIO */
  35616. AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP));
  35617. AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1);
  35618. /* Setup the SSL object */
  35619. AssertNotNull(ssl = SSL_new(ctx));
  35620. SSL_set_connect_state(ssl);
  35621. /* Setup the SSL BIO */
  35622. AssertNotNull(sslBio = BIO_new(BIO_f_ssl()));
  35623. AssertIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1);
  35624. /* Verify that BIO_get_ssl works. */
  35625. AssertIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1);
  35626. AssertPtrEq(ssl, sslPtr);
  35627. /* Link BIO's so that sslBio uses tcpBio for IO */
  35628. AssertPtrEq(BIO_push(sslBio, tcpBio), sslBio);
  35629. /* Do TCP connect */
  35630. AssertIntEQ(BIO_do_connect(sslBio), 1);
  35631. /* Do TLS handshake */
  35632. AssertIntEQ(BIO_do_handshake(sslBio), 1);
  35633. /* Test writing */
  35634. AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
  35635. /* Expect length of default wolfSSL reply */
  35636. AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
  35637. /* Clean it all up */
  35638. BIO_free_all(sslBio);
  35639. /* Server clean up */
  35640. join_thread(serverThread);
  35641. FreeTcpReady(&ready);
  35642. /* Run the same test, but use BIO_new_ssl_connect and set the IP and port
  35643. * after. */
  35644. XMEMSET(&server_args, 0, sizeof(func_args));
  35645. StartTCP();
  35646. InitTcpReady(&ready);
  35647. #if defined(USE_WINDOWS_API)
  35648. /* use RNG to get random port if using windows */
  35649. ready.port = GetRandomPort();
  35650. #endif
  35651. server_args.signal = &ready;
  35652. start_thread(test_server_nofail, &server_args, &serverThread);
  35653. wait_tcp_ready(&server_args);
  35654. AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0);
  35655. AssertNotNull(sslBio = BIO_new_ssl_connect(ctx));
  35656. AssertIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1);
  35657. AssertIntEQ(BIO_set_conn_port(sslBio, buff), 1);
  35658. AssertIntEQ(BIO_do_connect(sslBio), 1);
  35659. AssertIntEQ(BIO_do_handshake(sslBio), 1);
  35660. AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
  35661. AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
  35662. /* Attempt to close the TLS connection gracefully. */
  35663. BIO_ssl_shutdown(sslBio);
  35664. BIO_free_all(sslBio);
  35665. join_thread(serverThread);
  35666. FreeTcpReady(&ready);
  35667. SSL_CTX_free(ctx);
  35668. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
  35669. wc_ecc_fp_free(); /* free per thread cache */
  35670. #endif
  35671. res = TEST_RES_CHECK(1);
  35672. #endif
  35673. return res;
  35674. }
  35675. static int test_wolfSSL_BIO_tls(void)
  35676. {
  35677. int res = TEST_SKIPPED;
  35678. #if !defined(NO_BIO) && defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_CLIENT)
  35679. SSL_CTX* ctx;
  35680. SSL *ssl;
  35681. BIO *readBio;
  35682. BIO *writeBio;
  35683. int ret, err = 0;
  35684. AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
  35685. AssertNotNull(ssl = SSL_new(ctx));
  35686. AssertNotNull(readBio = BIO_new(BIO_s_mem()));
  35687. AssertNotNull(writeBio = BIO_new(BIO_s_mem()));
  35688. /* Qt reads data from write-bio,
  35689. * then writes the read data into plain packet.
  35690. * Qt reads data from plain packet,
  35691. * then writes the read data into read-bio.
  35692. */
  35693. SSL_set_bio(ssl, readBio, writeBio);
  35694. do {
  35695. #ifdef WOLFSSL_ASYNC_CRYPT
  35696. if (err == WC_PENDING_E) {
  35697. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  35698. if (ret < 0) { break; } else if (ret == 0) { continue; }
  35699. }
  35700. #endif
  35701. ret = SSL_connect(ssl);
  35702. err = SSL_get_error(ssl, 0);
  35703. } while (err == WC_PENDING_E);
  35704. AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
  35705. /* in this use case, should return WANT READ
  35706. * so that Qt will read the data from plain packet for next state.
  35707. */
  35708. AssertIntEQ(err, SSL_ERROR_WANT_READ);
  35709. SSL_free(ssl);
  35710. SSL_CTX_free(ctx);
  35711. res = TEST_RES_CHECK(1);
  35712. #endif
  35713. return res;
  35714. }
  35715. #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
  35716. static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args)
  35717. {
  35718. BIO* clientBio;
  35719. SSL* sslClient;
  35720. SSL_CTX* ctx;
  35721. char connectAddr[20]; /* IP + port */;
  35722. (void)args;
  35723. AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0);
  35724. AssertNotNull(clientBio = BIO_new_connect(connectAddr));
  35725. AssertIntEQ(BIO_do_connect(clientBio), 1);
  35726. AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
  35727. AssertNotNull(sslClient = SSL_new(ctx));
  35728. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS);
  35729. SSL_set_bio(sslClient, clientBio, clientBio);
  35730. AssertIntEQ(SSL_connect(sslClient), 1);
  35731. SSL_free(sslClient);
  35732. SSL_CTX_free(ctx);
  35733. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
  35734. wc_ecc_fp_free(); /* free per thread cache */
  35735. #endif
  35736. return 0;
  35737. }
  35738. #endif
  35739. static int test_wolfSSL_BIO_accept(void)
  35740. {
  35741. int res = TEST_SKIPPED;
  35742. #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
  35743. BIO* serverBindBio;
  35744. BIO* serverAcceptBio;
  35745. SSL* sslServer;
  35746. SSL_CTX* ctx;
  35747. func_args args;
  35748. THREAD_TYPE thread;
  35749. char port[10]; /* 10 bytes should be enough to store the string
  35750. * representation of the port */
  35751. AssertIntGT(snprintf(port, sizeof(port), "%d", wolfSSLPort), 0);
  35752. AssertNotNull(serverBindBio = BIO_new_accept(port));
  35753. /* First BIO_do_accept binds the port */
  35754. AssertIntEQ(BIO_do_accept(serverBindBio), 1);
  35755. XMEMSET(&args, 0, sizeof(func_args));
  35756. start_thread(test_wolfSSL_BIO_accept_client, &args, &thread);
  35757. AssertIntEQ(BIO_do_accept(serverBindBio), 1);
  35758. /* Let's plug it into SSL to test */
  35759. AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
  35760. AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  35761. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  35762. AssertNotNull(sslServer = SSL_new(ctx));
  35763. AssertNotNull(serverAcceptBio = BIO_pop(serverBindBio));
  35764. SSL_set_bio(sslServer, serverAcceptBio, serverAcceptBio);
  35765. AssertIntEQ(SSL_accept(sslServer), 1);
  35766. join_thread(thread);
  35767. BIO_free(serverBindBio);
  35768. SSL_free(sslServer);
  35769. SSL_CTX_free(ctx);
  35770. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
  35771. wc_ecc_fp_free(); /* free per thread cache */
  35772. #endif
  35773. res = TEST_RES_CHECK(1);
  35774. #endif
  35775. return res;
  35776. }
  35777. static int test_wolfSSL_BIO_write(void)
  35778. {
  35779. int res = TEST_SKIPPED;
  35780. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
  35781. BIO* bio;
  35782. BIO* bio64;
  35783. BIO* ptr;
  35784. int sz;
  35785. char msg[] = "conversion test";
  35786. char out[40];
  35787. char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n";
  35788. void* bufPtr = NULL;
  35789. BUF_MEM* buf = NULL;
  35790. AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
  35791. AssertNotNull(bio = BIO_push(bio64, BIO_new(BIO_s_mem())));
  35792. /* now should convert to base64 then write to memory */
  35793. AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
  35794. BIO_flush(bio);
  35795. /* test BIO chain */
  35796. AssertIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf));
  35797. AssertNotNull(buf);
  35798. AssertIntEQ(buf->length, 25);
  35799. AssertIntEQ(BIO_get_mem_data(bio, &bufPtr), 25);
  35800. AssertPtrEq(buf->data, bufPtr);
  35801. AssertNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM));
  35802. sz = sizeof(out);
  35803. XMEMSET(out, 0, sz);
  35804. AssertIntEQ((sz = BIO_read(ptr, out, sz)), 25);
  35805. AssertIntEQ(XMEMCMP(out, expected, sz), 0);
  35806. /* write then read should return the same message */
  35807. AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
  35808. sz = sizeof(out);
  35809. XMEMSET(out, 0, sz);
  35810. AssertIntEQ(BIO_read(bio, out, sz), 16);
  35811. AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
  35812. /* now try encoding with no line ending */
  35813. BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL);
  35814. #ifdef HAVE_EX_DATA
  35815. BIO_set_ex_data(bio64, 0, (void*) "data");
  35816. AssertIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0);
  35817. #endif
  35818. AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
  35819. BIO_flush(bio);
  35820. sz = sizeof(out);
  35821. XMEMSET(out, 0, sz);
  35822. AssertIntEQ((sz = BIO_read(ptr, out, sz)), 24);
  35823. AssertIntEQ(XMEMCMP(out, expected, sz), 0);
  35824. BIO_free_all(bio); /* frees bio64 also */
  35825. /* test with more than one bio64 in list */
  35826. AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
  35827. AssertNotNull(bio = BIO_push(BIO_new(BIO_f_base64()), bio64));
  35828. AssertNotNull(BIO_push(bio64, BIO_new(BIO_s_mem())));
  35829. /* now should convert to base64 when stored and then decode with read */
  35830. AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 25);
  35831. BIO_flush(bio);
  35832. sz = sizeof(out);
  35833. XMEMSET(out, 0, sz);
  35834. AssertIntEQ((sz = BIO_read(bio, out, sz)), 16);
  35835. AssertIntEQ(XMEMCMP(out, msg, sz), 0);
  35836. BIO_clear_flags(bio64, ~0);
  35837. BIO_set_retry_read(bio);
  35838. BIO_free_all(bio); /* frees bio64s also */
  35839. AssertNotNull(bio = BIO_new_mem_buf(out, 0));
  35840. AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
  35841. BIO_free(bio);
  35842. res = TEST_RES_CHECK(1);
  35843. #endif
  35844. return res;
  35845. }
  35846. static int test_wolfSSL_BIO_printf(void)
  35847. {
  35848. int res = TEST_SKIPPED;
  35849. #if defined(OPENSSL_ALL)
  35850. BIO* bio;
  35851. int sz = 7;
  35852. char msg[] = "TLS 1.3 for the world";
  35853. char out[60];
  35854. char expected[] = "TLS 1.3 for the world : sz = 7";
  35855. XMEMSET(out, 0, sizeof(out));
  35856. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  35857. AssertIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
  35858. AssertIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR);
  35859. AssertIntEQ(BIO_read(bio, out, sizeof(out)), 30);
  35860. AssertIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
  35861. BIO_free(bio);
  35862. res = TEST_RES_CHECK(1);
  35863. #endif
  35864. return res;
  35865. }
  35866. static int test_wolfSSL_BIO_f_md(void)
  35867. {
  35868. int res = TEST_SKIPPED;
  35869. #if defined(OPENSSL_ALL) && !defined(NO_SHA256)
  35870. BIO *bio, *mem;
  35871. char msg[] = "message to hash";
  35872. char out[60];
  35873. EVP_MD_CTX* ctx;
  35874. const unsigned char testKey[] =
  35875. {
  35876. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  35877. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  35878. 0x0b, 0x0b, 0x0b, 0x0b
  35879. };
  35880. const char testData[] = "Hi There";
  35881. const unsigned char testResult[] =
  35882. {
  35883. 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
  35884. 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
  35885. 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
  35886. 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
  35887. };
  35888. const unsigned char expectedHash[] =
  35889. {
  35890. 0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60,
  35891. 0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07,
  35892. 0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4,
  35893. 0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D
  35894. };
  35895. const unsigned char emptyHash[] =
  35896. {
  35897. 0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14,
  35898. 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
  35899. 0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C,
  35900. 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55
  35901. };
  35902. unsigned char check[sizeof(testResult) + 1];
  35903. size_t checkSz = -1;
  35904. EVP_PKEY* key;
  35905. XMEMSET(out, 0, sizeof(out));
  35906. AssertNotNull(bio = BIO_new(BIO_f_md()));
  35907. AssertNotNull(mem = BIO_new(BIO_s_mem()));
  35908. AssertIntEQ(BIO_get_md_ctx(bio, &ctx), 1);
  35909. AssertIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1);
  35910. /* should not be able to write/read yet since just digest wrapper and no
  35911. * data is passing through the bio */
  35912. AssertIntEQ(BIO_write(bio, msg, 0), 0);
  35913. AssertIntEQ(BIO_pending(bio), 0);
  35914. AssertIntEQ(BIO_read(bio, out, sizeof(out)), 0);
  35915. AssertIntEQ(BIO_gets(bio, out, 3), 0);
  35916. AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
  35917. AssertIntEQ(XMEMCMP(emptyHash, out, 32), 0);
  35918. BIO_reset(bio);
  35919. /* append BIO mem to bio in order to read/write */
  35920. AssertNotNull(bio = BIO_push(bio, mem));
  35921. XMEMSET(out, 0, sizeof(out));
  35922. AssertIntEQ(BIO_write(mem, msg, sizeof(msg)), 16);
  35923. AssertIntEQ(BIO_pending(bio), 16);
  35924. /* this just reads the message and does not hash it (gets calls final) */
  35925. AssertIntEQ(BIO_read(bio, out, sizeof(out)), 16);
  35926. AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
  35927. /* create a message digest using BIO */
  35928. XMEMSET(out, 0, sizeof(out));
  35929. AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 16);
  35930. AssertIntEQ(BIO_pending(mem), 16);
  35931. AssertIntEQ(BIO_pending(bio), 16);
  35932. AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
  35933. AssertIntEQ(XMEMCMP(expectedHash, out, 32), 0);
  35934. BIO_free(bio);
  35935. BIO_free(mem);
  35936. /* test with HMAC */
  35937. XMEMSET(out, 0, sizeof(out));
  35938. AssertNotNull(bio = BIO_new(BIO_f_md()));
  35939. AssertNotNull(mem = BIO_new(BIO_s_mem()));
  35940. BIO_get_md_ctx(bio, &ctx);
  35941. AssertNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
  35942. testKey, (int)sizeof(testKey)));
  35943. EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key);
  35944. AssertNotNull(bio = BIO_push(bio, mem));
  35945. BIO_write(bio, testData, (int)strlen(testData));
  35946. EVP_DigestSignFinal(ctx, NULL, &checkSz);
  35947. EVP_DigestSignFinal(ctx, check, &checkSz);
  35948. AssertIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0);
  35949. EVP_PKEY_free(key);
  35950. BIO_free(bio);
  35951. BIO_free(mem);
  35952. res = TEST_RES_CHECK(1);
  35953. #endif
  35954. return res;
  35955. }
  35956. static int test_wolfSSL_BIO_up_ref(void)
  35957. {
  35958. int res = TEST_SKIPPED;
  35959. #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
  35960. BIO* bio;
  35961. AssertNotNull(bio = BIO_new(BIO_f_md()));
  35962. AssertIntEQ(BIO_up_ref(NULL), 0);
  35963. AssertIntEQ(BIO_up_ref(bio), 1);
  35964. BIO_free(bio);
  35965. AssertIntEQ(BIO_up_ref(bio), 1);
  35966. BIO_free(bio);
  35967. BIO_free(bio);
  35968. res = TEST_RES_CHECK(1);
  35969. #endif
  35970. return res;
  35971. }
  35972. #endif /* !NO_BIO */
  35973. #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)
  35974. /* test that the callback arg is correct */
  35975. static int certCbArg = 0;
  35976. static int clientCertCb(WOLFSSL* ssl, void* arg)
  35977. {
  35978. if (ssl == NULL || arg != &certCbArg)
  35979. return 0;
  35980. if (wolfSSL_use_certificate_file(ssl, cliCertFile,
  35981. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
  35982. return 0;
  35983. if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
  35984. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
  35985. return 0;
  35986. return 1;
  35987. }
  35988. static void clientCertSetupCb(WOLFSSL_CTX* ctx)
  35989. {
  35990. SSL_CTX_set_cert_cb(ctx, clientCertCb, &certCbArg);
  35991. }
  35992. /**
  35993. * This is only done because test_client_nofail has no way to stop
  35994. * certificate and key loading
  35995. */
  35996. static void clientCertClearCb(WOLFSSL* ssl)
  35997. {
  35998. /* Clear the loaded certs to force the callbacks to set them up */
  35999. SSL_certs_clear(ssl);
  36000. }
  36001. static int serverCertCb(WOLFSSL* ssl, void* arg)
  36002. {
  36003. if (ssl == NULL || arg != &certCbArg)
  36004. return 0;
  36005. if (wolfSSL_use_certificate_file(ssl, svrCertFile,
  36006. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
  36007. return 0;
  36008. if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
  36009. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
  36010. return 0;
  36011. return 1;
  36012. }
  36013. static void serverCertSetupCb(WOLFSSL_CTX* ctx)
  36014. {
  36015. SSL_CTX_set_cert_cb(ctx, serverCertCb, &certCbArg);
  36016. }
  36017. /**
  36018. * This is only done because test_server_nofail has no way to stop
  36019. * certificate and key loading
  36020. */
  36021. static void serverCertClearCb(WOLFSSL* ssl)
  36022. {
  36023. /* Clear the loaded certs to force the callbacks to set them up */
  36024. SSL_certs_clear(ssl);
  36025. }
  36026. #endif
  36027. static int test_wolfSSL_cert_cb(void)
  36028. {
  36029. int res = TEST_SKIPPED;
  36030. #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)
  36031. callback_functions func_cb_client;
  36032. callback_functions func_cb_server;
  36033. tcp_ready ready;
  36034. func_args client_args;
  36035. func_args server_args;
  36036. THREAD_TYPE serverThread;
  36037. XMEMSET(&client_args, 0, sizeof(func_args));
  36038. XMEMSET(&server_args, 0, sizeof(func_args));
  36039. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  36040. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  36041. #ifdef WOLFSSL_TIRTOS
  36042. fdOpenSession(Task_self());
  36043. #endif
  36044. StartTCP();
  36045. InitTcpReady(&ready);
  36046. #if defined(USE_WINDOWS_API)
  36047. /* use RNG to get random port if using windows */
  36048. ready.port = GetRandomPort();
  36049. #endif
  36050. server_args.signal = &ready;
  36051. client_args.signal = &ready;
  36052. client_args.callbacks = &func_cb_client;
  36053. server_args.callbacks = &func_cb_server;
  36054. func_cb_client.ctx_ready = clientCertSetupCb;
  36055. func_cb_client.ssl_ready = clientCertClearCb;
  36056. func_cb_server.ctx_ready = serverCertSetupCb;
  36057. func_cb_server.ssl_ready = serverCertClearCb;
  36058. start_thread(test_server_nofail, &server_args, &serverThread);
  36059. wait_tcp_ready(&server_args);
  36060. test_client_nofail(&client_args, NULL);
  36061. join_thread(serverThread);
  36062. AssertTrue(client_args.return_code);
  36063. AssertTrue(server_args.return_code);
  36064. FreeTcpReady(&ready);
  36065. #ifdef WOLFSSL_TIRTOS
  36066. fdOpenSession(Task_self());
  36067. #endif
  36068. res = TEST_RES_CHECK(1);
  36069. #endif
  36070. return res;
  36071. }
  36072. static int test_wolfSSL_SESSION(void)
  36073. {
  36074. int res = TEST_SKIPPED;
  36075. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  36076. !defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  36077. !defined(NO_SESSION_CACHE)
  36078. WOLFSSL* ssl;
  36079. WOLFSSL_CTX* ctx;
  36080. WOLFSSL_SESSION* sess;
  36081. WOLFSSL_SESSION* sess_copy;
  36082. #ifdef OPENSSL_EXTRA
  36083. unsigned char* sessDer = NULL;
  36084. unsigned char* ptr = NULL;
  36085. const unsigned char context[] = "user app context";
  36086. unsigned int contextSz = (unsigned int)sizeof(context);
  36087. int sz;
  36088. #endif
  36089. int ret, err;
  36090. SOCKET_T sockfd;
  36091. tcp_ready ready;
  36092. func_args server_args;
  36093. THREAD_TYPE serverThread;
  36094. char msg[80];
  36095. const char* sendGET = "GET";
  36096. /* TLS v1.3 requires session tickets */
  36097. /* CHACHA and POLY1305 required for myTicketEncCb */
  36098. #if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
  36099. !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
  36100. defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
  36101. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
  36102. #else
  36103. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  36104. #endif
  36105. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  36106. WOLFSSL_FILETYPE_PEM));
  36107. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  36108. WOLFSSL_FILETYPE_PEM));
  36109. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
  36110. WOLFSSL_SUCCESS);
  36111. #ifdef WOLFSSL_ENCRYPTED_KEYS
  36112. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  36113. #endif
  36114. #ifdef HAVE_SESSION_TICKET
  36115. /* Use session tickets, for ticket tests below */
  36116. AssertIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS);
  36117. #endif
  36118. XMEMSET(&server_args, 0, sizeof(func_args));
  36119. #ifdef WOLFSSL_TIRTOS
  36120. fdOpenSession(Task_self());
  36121. #endif
  36122. StartTCP();
  36123. InitTcpReady(&ready);
  36124. #if defined(USE_WINDOWS_API)
  36125. /* use RNG to get random port if using windows */
  36126. ready.port = GetRandomPort();
  36127. #endif
  36128. server_args.signal = &ready;
  36129. start_thread(test_server_nofail, &server_args, &serverThread);
  36130. wait_tcp_ready(&server_args);
  36131. /* client connection */
  36132. ssl = wolfSSL_new(ctx);
  36133. tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
  36134. AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
  36135. #ifdef WOLFSSL_ASYNC_CRYPT
  36136. err = 0; /* Reset error */
  36137. #endif
  36138. do {
  36139. #ifdef WOLFSSL_ASYNC_CRYPT
  36140. if (err == WC_PENDING_E) {
  36141. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  36142. if (ret < 0) { break; } else if (ret == 0) { continue; }
  36143. }
  36144. #endif
  36145. ret = wolfSSL_connect(ssl);
  36146. err = wolfSSL_get_error(ssl, 0);
  36147. } while (err == WC_PENDING_E);
  36148. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  36149. #ifdef WOLFSSL_ASYNC_CRYPT
  36150. err = 0; /* Reset error */
  36151. #endif
  36152. do {
  36153. #ifdef WOLFSSL_ASYNC_CRYPT
  36154. if (err == WC_PENDING_E) {
  36155. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  36156. if (ret < 0) { break; } else if (ret == 0) { continue; }
  36157. }
  36158. #endif
  36159. ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET));
  36160. err = wolfSSL_get_error(ssl, 0);
  36161. } while (err == WC_PENDING_E);
  36162. AssertIntEQ(ret, (int)XSTRLEN(sendGET));
  36163. #ifdef WOLFSSL_ASYNC_CRYPT
  36164. err = 0; /* Reset error */
  36165. #endif
  36166. do {
  36167. #ifdef WOLFSSL_ASYNC_CRYPT
  36168. if (err == WC_PENDING_E) {
  36169. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  36170. if (ret < 0) { break; } else if (ret == 0) { continue; }
  36171. }
  36172. #endif
  36173. ret = wolfSSL_read(ssl, msg, sizeof(msg));
  36174. err = wolfSSL_get_error(ssl, 0);
  36175. } while (err == WC_PENDING_E);
  36176. AssertIntEQ(ret, 23);
  36177. AssertPtrNE((sess = wolfSSL_get1_session(ssl)), NULL); /* ref count 1 */
  36178. AssertPtrNE((sess_copy = wolfSSL_get1_session(ssl)), NULL); /* ref count 2 */
  36179. #ifdef HAVE_EXT_CACHE
  36180. AssertPtrEq(sess, sess_copy); /* they should be the same pointer but without
  36181. * HAVE_EXT_CACHE we get new objects each time */
  36182. #endif
  36183. wolfSSL_SESSION_free(sess_copy); sess_copy = NULL;
  36184. wolfSSL_SESSION_free(sess); sess = NULL; /* free session ref */
  36185. sess = wolfSSL_get_session(ssl);
  36186. #ifdef OPENSSL_EXTRA
  36187. AssertIntEQ(SSL_SESSION_is_resumable(NULL), 0);
  36188. AssertIntEQ(SSL_SESSION_is_resumable(sess), 1);
  36189. AssertIntEQ(wolfSSL_SESSION_has_ticket(NULL), 0);
  36190. AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(NULL), 0);
  36191. #ifdef HAVE_SESSION_TICKET
  36192. AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 1);
  36193. AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(sess),
  36194. SESSION_TICKET_HINT_DEFAULT);
  36195. #else
  36196. AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 0);
  36197. #endif
  36198. #else
  36199. (void)sess;
  36200. #endif /* OPENSSL_EXTRA */
  36201. /* Retain copy of the session for later testing */
  36202. AssertNotNull(sess = wolfSSL_get1_session(ssl));
  36203. wolfSSL_shutdown(ssl);
  36204. wolfSSL_free(ssl);
  36205. join_thread(serverThread);
  36206. FreeTcpReady(&ready);
  36207. #ifdef WOLFSSL_TIRTOS
  36208. fdOpenSession(Task_self());
  36209. #endif
  36210. #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
  36211. {
  36212. X509 *x509;
  36213. char buf[30];
  36214. int bufSz;
  36215. AssertNotNull(x509 = SSL_SESSION_get0_peer(sess));
  36216. AssertIntGT((bufSz = X509_NAME_get_text_by_NID(
  36217. X509_get_subject_name(x509), NID_organizationalUnitName,
  36218. buf, sizeof(buf))), 0);
  36219. AssertIntNE((bufSz == 7 || bufSz == 16), 0); /* should be one of these*/
  36220. if (bufSz == 7) {
  36221. AssertIntEQ(XMEMCMP(buf, "Support", bufSz), 0);
  36222. }
  36223. if (bufSz == 16) {
  36224. AssertIntEQ(XMEMCMP(buf, "Programming-2048", bufSz), 0);
  36225. }
  36226. }
  36227. #endif
  36228. #ifdef HAVE_EXT_CACHE
  36229. AssertNotNull(sess_copy = wolfSSL_SESSION_dup(sess));
  36230. wolfSSL_SESSION_free(sess_copy);
  36231. sess_copy = NULL;
  36232. #endif
  36233. #ifdef OPENSSL_EXTRA
  36234. /* get session from DER and update the timeout */
  36235. AssertIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG);
  36236. AssertIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0);
  36237. wolfSSL_SESSION_free(sess);
  36238. sess = NULL;
  36239. ptr = sessDer;
  36240. AssertNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, NULL, sz));
  36241. AssertNotNull(sess = wolfSSL_d2i_SSL_SESSION(NULL,
  36242. (const unsigned char**)&ptr, sz));
  36243. XFREE(sessDer, NULL, DYNAMIC_TYPE_OPENSSL);
  36244. sessDer = NULL;
  36245. AssertIntGT(wolfSSL_SESSION_get_time(sess), 0);
  36246. AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
  36247. #endif
  36248. /* successful set session test */
  36249. AssertNotNull(ssl = wolfSSL_new(ctx));
  36250. AssertIntEQ(wolfSSL_set_session(ssl, sess), WOLFSSL_SUCCESS);
  36251. #ifdef HAVE_SESSION_TICKET
  36252. /* Test set/get session ticket */
  36253. {
  36254. const char* ticket = "This is a session ticket";
  36255. char buf[64] = {0};
  36256. word32 bufSz = (word32)sizeof(buf);
  36257. AssertIntEQ(SSL_SUCCESS,
  36258. wolfSSL_set_SessionTicket(ssl, (byte *)ticket,
  36259. (word32)XSTRLEN(ticket)));
  36260. AssertIntEQ(SSL_SUCCESS,
  36261. wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz));
  36262. AssertStrEQ(ticket, buf);
  36263. }
  36264. #endif
  36265. #ifdef OPENSSL_EXTRA
  36266. /* session timeout case */
  36267. /* make the session to be expired */
  36268. AssertIntEQ(SSL_SESSION_set_timeout(sess,1), SSL_SUCCESS);
  36269. XSLEEP_MS(1200);
  36270. /* SSL_set_session should reject specified session but return success
  36271. * if WOLFSSL_ERROR_CODE_OPENSSL macro is defined for OpenSSL compatibility.
  36272. */
  36273. #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
  36274. AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS);
  36275. #else
  36276. AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_FAILURE);
  36277. #endif
  36278. AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
  36279. /* fail case with miss match session context IDs (use compatibility API) */
  36280. AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
  36281. SSL_SUCCESS);
  36282. AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
  36283. wolfSSL_free(ssl);
  36284. AssertIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz),
  36285. SSL_FAILURE);
  36286. AssertIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz),
  36287. SSL_SUCCESS);
  36288. AssertNotNull(ssl = wolfSSL_new(ctx));
  36289. AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
  36290. #endif /* OPENSSL_EXTRA */
  36291. wolfSSL_free(ssl);
  36292. wolfSSL_SESSION_free(sess);
  36293. wolfSSL_CTX_free(ctx);
  36294. res = TEST_RES_CHECK(1);
  36295. #endif
  36296. return res;
  36297. }
  36298. #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  36299. defined(HAVE_EX_DATA)
  36300. static int clientSessRemCountMalloc = 0;
  36301. static int serverSessRemCountMalloc = 0;
  36302. static int clientSessRemCountFree = 0;
  36303. static int serverSessRemCountFree = 0;
  36304. static WOLFSSL_CTX* serverSessCtx = NULL;
  36305. static WOLFSSL_SESSION* serverSess = NULL;
  36306. #ifndef NO_SESSION_CACHE_REF
  36307. static WOLFSSL_CTX* clientSessCtx = NULL;
  36308. static WOLFSSL_SESSION* clientSess = NULL;
  36309. #endif
  36310. static int serverSessRemIdx = 3;
  36311. static void SessRemCtxCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess)
  36312. {
  36313. int* mallocedData = (int*)SSL_SESSION_get_ex_data(sess, serverSessRemIdx);
  36314. (void)ctx;
  36315. AssertNotNull(mallocedData);
  36316. if (!*mallocedData)
  36317. clientSessRemCountFree++;
  36318. else
  36319. serverSessRemCountFree++;
  36320. XFREE(mallocedData, NULL, DYNAMIC_TYPE_SESSION);
  36321. SSL_SESSION_set_ex_data(sess, serverSessRemIdx, NULL);
  36322. }
  36323. static void SessRemCtxSetupCb(WOLFSSL_CTX* ctx)
  36324. {
  36325. SSL_CTX_sess_set_remove_cb(ctx, SessRemCtxCb);
  36326. #if defined(WOLFSSL_TLS13) && !defined(HAVE_SESSION_TICKET) && \
  36327. !defined(NO_SESSION_CACHE_REF)
  36328. /* Allow downgrade, set min version, and disable TLS 1.3.
  36329. * Do this because without NO_SESSION_CACHE_REF we will want to return a
  36330. * reference to the session cache. But with WOLFSSL_TLS13 and without
  36331. * HAVE_SESSION_TICKET we won't have a session ID to be able to place the
  36332. * session in the cache. In this case we need to downgrade to previous
  36333. * versions to just use the legacy session ID field. */
  36334. AssertIntEQ(SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION), SSL_SUCCESS);
  36335. AssertIntEQ(SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION), SSL_SUCCESS);
  36336. #endif
  36337. }
  36338. static void SessRemSslSetupCb(WOLFSSL* ssl)
  36339. {
  36340. int* mallocedData = (int*)XMALLOC(sizeof(int), NULL, DYNAMIC_TYPE_SESSION);
  36341. AssertNotNull(mallocedData);
  36342. *mallocedData = SSL_is_server(ssl);
  36343. if (!*mallocedData) {
  36344. clientSessRemCountMalloc++;
  36345. #ifndef NO_SESSION_CACHE_REF
  36346. AssertNotNull(clientSess = SSL_get1_session(ssl));
  36347. AssertIntEQ(SSL_CTX_up_ref(clientSessCtx = SSL_get_SSL_CTX(ssl)),
  36348. SSL_SUCCESS);
  36349. #endif
  36350. }
  36351. else {
  36352. serverSessRemCountMalloc++;
  36353. AssertNotNull(serverSess = SSL_get1_session(ssl));
  36354. AssertIntEQ(SSL_CTX_up_ref(serverSessCtx = SSL_get_SSL_CTX(ssl)),
  36355. SSL_SUCCESS);
  36356. }
  36357. AssertIntEQ(SSL_SESSION_set_ex_data(SSL_get_session(ssl), serverSessRemIdx,
  36358. mallocedData), SSL_SUCCESS);
  36359. }
  36360. #endif
  36361. static int test_wolfSSL_CTX_sess_set_remove_cb(void)
  36362. {
  36363. int res = TEST_SKIPPED;
  36364. #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  36365. defined(HAVE_EX_DATA)
  36366. /* Check that the remove callback gets called for external data in a
  36367. * session object */
  36368. callback_functions func_cb;
  36369. tcp_ready ready;
  36370. func_args client_args;
  36371. func_args server_args;
  36372. THREAD_TYPE serverThread;
  36373. XMEMSET(&client_args, 0, sizeof(func_args));
  36374. XMEMSET(&server_args, 0, sizeof(func_args));
  36375. XMEMSET(&func_cb, 0, sizeof(callback_functions));
  36376. #ifdef WOLFSSL_TIRTOS
  36377. fdOpenSession(Task_self());
  36378. #endif
  36379. StartTCP();
  36380. InitTcpReady(&ready);
  36381. #if defined(USE_WINDOWS_API)
  36382. /* use RNG to get random port if using windows */
  36383. ready.port = GetRandomPort();
  36384. #endif
  36385. server_args.signal = &ready;
  36386. client_args.signal = &ready;
  36387. client_args.callbacks = &func_cb;
  36388. server_args.callbacks = &func_cb;
  36389. func_cb.ctx_ready = SessRemCtxSetupCb;
  36390. func_cb.on_result = SessRemSslSetupCb;
  36391. start_thread(test_server_nofail, &server_args, &serverThread);
  36392. wait_tcp_ready(&server_args);
  36393. test_client_nofail(&client_args, NULL);
  36394. join_thread(serverThread);
  36395. AssertTrue(client_args.return_code);
  36396. AssertTrue(server_args.return_code);
  36397. FreeTcpReady(&ready);
  36398. #ifdef WOLFSSL_TIRTOS
  36399. fdOpenSession(Task_self());
  36400. #endif
  36401. /* Both should have been allocated */
  36402. AssertIntEQ(clientSessRemCountMalloc, 1);
  36403. AssertIntEQ(serverSessRemCountMalloc, 1);
  36404. #ifdef NO_SESSION_CACHE_REF
  36405. /* Client session should not be added to cache so this should be free'd when
  36406. * the SSL object was being free'd */
  36407. AssertIntEQ(clientSessRemCountFree, 1);
  36408. #else
  36409. /* Client session is in cache due to requiring a persistent reference */
  36410. AssertIntEQ(clientSessRemCountFree, 0);
  36411. /* Force a cache lookup */
  36412. AssertNotNull(SSL_SESSION_get_ex_data(clientSess, serverSessRemIdx));
  36413. /* Force a cache update */
  36414. AssertNotNull(SSL_SESSION_set_ex_data(clientSess, serverSessRemIdx - 1, 0));
  36415. /* This should set the timeout to 0 and call the remove callback from within
  36416. * the session cache. */
  36417. AssertIntEQ(SSL_CTX_remove_session(clientSessCtx, clientSess), 0);
  36418. AssertNull(SSL_SESSION_get_ex_data(clientSess, serverSessRemIdx));
  36419. AssertIntEQ(clientSessRemCountFree, 1);
  36420. #endif
  36421. /* Server session is in the cache so ex_data isn't free'd with the SSL
  36422. * object */
  36423. AssertIntEQ(serverSessRemCountFree, 0);
  36424. /* Force a cache lookup */
  36425. AssertNotNull(SSL_SESSION_get_ex_data(serverSess, serverSessRemIdx));
  36426. /* Force a cache update */
  36427. AssertNotNull(SSL_SESSION_set_ex_data(serverSess, serverSessRemIdx - 1, 0));
  36428. /* This should set the timeout to 0 and call the remove callback from within
  36429. * the session cache. */
  36430. AssertIntEQ(SSL_CTX_remove_session(serverSessCtx, serverSess), 0);
  36431. AssertNull(SSL_SESSION_get_ex_data(serverSess, serverSessRemIdx));
  36432. AssertIntEQ(serverSessRemCountFree, 1);
  36433. /* Need to free the references that we kept */
  36434. SSL_CTX_free(serverSessCtx);
  36435. SSL_SESSION_free(serverSess);
  36436. #ifndef NO_SESSION_CACHE_REF
  36437. SSL_CTX_free(clientSessCtx);
  36438. SSL_SESSION_free(clientSess);
  36439. #endif
  36440. res = TEST_RES_CHECK(1);
  36441. #endif
  36442. return res;
  36443. }
  36444. static int test_wolfSSL_ticket_keys(void)
  36445. {
  36446. int res = TEST_SKIPPED;
  36447. #if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
  36448. !defined(NO_WOLFSSL_SERVER)
  36449. WOLFSSL_CTX* ctx;
  36450. byte keys[WOLFSSL_TICKET_KEYS_SZ];
  36451. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  36452. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0),
  36453. WOLFSSL_FAILURE);
  36454. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0),
  36455. WOLFSSL_FAILURE);
  36456. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0),
  36457. WOLFSSL_FAILURE);
  36458. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0),
  36459. WOLFSSL_FAILURE);
  36460. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
  36461. WOLFSSL_FAILURE);
  36462. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
  36463. WOLFSSL_FAILURE);
  36464. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
  36465. WOLFSSL_FAILURE);
  36466. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0),
  36467. WOLFSSL_FAILURE);
  36468. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0),
  36469. WOLFSSL_FAILURE);
  36470. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0),
  36471. WOLFSSL_FAILURE);
  36472. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0),
  36473. WOLFSSL_FAILURE);
  36474. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
  36475. WOLFSSL_FAILURE);
  36476. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
  36477. WOLFSSL_FAILURE);
  36478. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
  36479. WOLFSSL_FAILURE);
  36480. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
  36481. WOLFSSL_SUCCESS);
  36482. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
  36483. WOLFSSL_SUCCESS);
  36484. wolfSSL_CTX_free(ctx);
  36485. res = TEST_RES_CHECK(1);
  36486. #endif
  36487. return res;
  36488. }
  36489. #ifndef NO_BIO
  36490. static int test_wolfSSL_d2i_PUBKEY(void)
  36491. {
  36492. int res = TEST_SKIPPED;
  36493. #if defined(OPENSSL_EXTRA)
  36494. BIO* bio;
  36495. EVP_PKEY* pkey;
  36496. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  36497. AssertNull(d2i_PUBKEY_bio(NULL, NULL));
  36498. #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
  36499. /* RSA PUBKEY test */
  36500. AssertIntGT(BIO_write(bio, client_keypub_der_2048,
  36501. sizeof_client_keypub_der_2048), 0);
  36502. AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
  36503. EVP_PKEY_free(pkey);
  36504. #endif
  36505. #if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC)
  36506. /* ECC PUBKEY test */
  36507. AssertIntGT(BIO_write(bio, ecc_clikeypub_der_256,
  36508. sizeof_ecc_clikeypub_der_256), 0);
  36509. AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
  36510. EVP_PKEY_free(pkey);
  36511. #endif
  36512. #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DSA)
  36513. /* DSA PUBKEY test */
  36514. AssertIntGT(BIO_write(bio, dsa_pub_key_der_2048,
  36515. sizeof_dsa_pub_key_der_2048), 0);
  36516. AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
  36517. EVP_PKEY_free(pkey);
  36518. #endif
  36519. #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \
  36520. defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
  36521. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
  36522. (HAVE_FIPS_VERSION > 2))
  36523. /* DH PUBKEY test */
  36524. AssertIntGT(BIO_write(bio, dh_pub_key_der_2048,
  36525. sizeof_dh_pub_key_der_2048), 0);
  36526. AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
  36527. EVP_PKEY_free(pkey);
  36528. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  36529. #endif /* USE_CERT_BUFFERS_2048 && !NO_DH && && OPENSSL_EXTRA */
  36530. BIO_free(bio);
  36531. (void)pkey;
  36532. res = TEST_RES_CHECK(1);
  36533. #endif
  36534. return res;
  36535. }
  36536. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
  36537. static int test_wolfSSL_d2i_PrivateKeys_bio(void)
  36538. {
  36539. BIO* bio = NULL;
  36540. EVP_PKEY* pkey = NULL;
  36541. #ifndef NO_RSA
  36542. #endif
  36543. WOLFSSL_CTX* ctx;
  36544. #if defined(WOLFSSL_KEY_GEN)
  36545. unsigned char buff[4096];
  36546. unsigned char* bufPtr = buff;
  36547. #endif
  36548. /* test creating new EVP_PKEY with bad arg */
  36549. AssertNull((pkey = d2i_PrivateKey_bio(NULL, NULL)));
  36550. /* test loading RSA key using BIO */
  36551. #if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  36552. {
  36553. XFILE file;
  36554. const char* fname = "./certs/server-key.der";
  36555. size_t sz;
  36556. byte* buf;
  36557. file = XFOPEN(fname, "rb");
  36558. AssertTrue((file != XBADFILE));
  36559. AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
  36560. sz = XFTELL(file);
  36561. XREWIND(file);
  36562. AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
  36563. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  36564. XFCLOSE(file);
  36565. /* Test using BIO new mem and loading DER private key */
  36566. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  36567. AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
  36568. XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
  36569. BIO_free(bio);
  36570. bio = NULL;
  36571. EVP_PKEY_free(pkey);
  36572. pkey = NULL;
  36573. }
  36574. #endif
  36575. /* test loading ECC key using BIO */
  36576. #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
  36577. {
  36578. XFILE file;
  36579. const char* fname = "./certs/ecc-key.der";
  36580. size_t sz;
  36581. byte* buf;
  36582. file = XFOPEN(fname, "rb");
  36583. AssertTrue((file != XBADFILE));
  36584. AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
  36585. sz = XFTELL(file);
  36586. XREWIND(file);
  36587. AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
  36588. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  36589. XFCLOSE(file);
  36590. /* Test using BIO new mem and loading DER private key */
  36591. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  36592. AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
  36593. XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
  36594. BIO_free(bio);
  36595. bio = NULL;
  36596. EVP_PKEY_free(pkey);
  36597. pkey = NULL;
  36598. }
  36599. #endif
  36600. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  36601. #ifndef NO_WOLFSSL_SERVER
  36602. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  36603. #else
  36604. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  36605. #endif
  36606. #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
  36607. !defined(NO_RSA) && !defined(HAVE_USER_RSA)
  36608. {
  36609. RSA* rsa = NULL;
  36610. /* Tests bad parameters */
  36611. AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));
  36612. /* RSA not set yet, expecting to fail*/
  36613. AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
  36614. #if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
  36615. /* set RSA using bio*/
  36616. AssertIntGT(BIO_write(bio, client_key_der_2048,
  36617. sizeof_client_key_der_2048), 0);
  36618. AssertNotNull(d2i_RSAPrivateKey_bio(bio, &rsa));
  36619. AssertNotNull(rsa);
  36620. AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
  36621. /*i2d RSAprivate key tests */
  36622. AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
  36623. AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
  36624. AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
  36625. sizeof_client_key_der_2048);
  36626. bufPtr -= sizeof_client_key_der_2048;
  36627. AssertIntEQ(XMEMCMP(bufPtr, client_key_der_2048,
  36628. sizeof_client_key_der_2048), 0);
  36629. bufPtr = NULL;
  36630. AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
  36631. sizeof_client_key_der_2048);
  36632. AssertNotNull(bufPtr);
  36633. AssertIntEQ(XMEMCMP(bufPtr, client_key_der_2048,
  36634. sizeof_client_key_der_2048), 0);
  36635. XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
  36636. RSA_free(rsa);
  36637. rsa = RSA_new();
  36638. AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 0);
  36639. #endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
  36640. RSA_free(rsa);
  36641. }
  36642. #endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/
  36643. SSL_CTX_free(ctx);
  36644. ctx = NULL;
  36645. BIO_free(bio);
  36646. bio = NULL;
  36647. return TEST_RES_CHECK(1);
  36648. }
  36649. #endif /* OPENSSL_ALL || WOLFSSL_ASIO */
  36650. #endif /* !NO_BIO */
  36651. static int test_wolfSSL_sk_GENERAL_NAME(void)
  36652. {
  36653. int res = TEST_SKIPPED;
  36654. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  36655. !defined(NO_RSA)
  36656. X509* x509;
  36657. GENERAL_NAME* gn;
  36658. unsigned char buf[4096];
  36659. const unsigned char* bufPt;
  36660. int bytes, i;
  36661. int j;
  36662. XFILE f;
  36663. STACK_OF(GENERAL_NAME)* sk;
  36664. f = XFOPEN(cliCertDerFileExt, "rb");
  36665. AssertTrue((f != XBADFILE));
  36666. AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
  36667. XFCLOSE(f);
  36668. for (j = 0; j < 2; ++j) {
  36669. bufPt = buf;
  36670. AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
  36671. AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
  36672. NID_subject_alt_name, NULL, NULL));
  36673. AssertIntEQ(sk_GENERAL_NAME_num(sk), 1);
  36674. for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
  36675. AssertNotNull(gn = sk_GENERAL_NAME_value(sk, i));
  36676. switch (gn->type) {
  36677. case GEN_DNS:
  36678. fprintf(stderr, "found type GEN_DNS\n");
  36679. break;
  36680. case GEN_EMAIL:
  36681. fprintf(stderr, "found type GEN_EMAIL\n");
  36682. break;
  36683. case GEN_URI:
  36684. fprintf(stderr, "found type GEN_URI\n");
  36685. break;
  36686. }
  36687. }
  36688. X509_free(x509);
  36689. if (j == 0) {
  36690. sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
  36691. }
  36692. else {
  36693. /*
  36694. * We had a bug where GENERAL_NAMES_free didn't free all the memory
  36695. * it was supposed to. This is a regression test for that bug.
  36696. */
  36697. GENERAL_NAMES_free(sk);
  36698. }
  36699. }
  36700. res = TEST_RES_CHECK(1);
  36701. #endif
  36702. return res;
  36703. }
  36704. static int test_wolfSSL_GENERAL_NAME_print(void)
  36705. {
  36706. int res = TEST_SKIPPED;
  36707. #if defined(OPENSSL_ALL) && !defined(NO_BIO) && !defined(NO_RSA)
  36708. X509* x509;
  36709. GENERAL_NAME* gn;
  36710. unsigned char buf[4096];
  36711. const unsigned char* bufPt;
  36712. int bytes;
  36713. XFILE f;
  36714. STACK_OF(GENERAL_NAME)* sk;
  36715. BIO* out;
  36716. unsigned char outbuf[128];
  36717. X509_EXTENSION* ext;
  36718. AUTHORITY_INFO_ACCESS* aia;
  36719. ACCESS_DESCRIPTION* ad;
  36720. const unsigned char v4Addr[] = {192,168,53,1};
  36721. const unsigned char v6Addr[] =
  36722. {0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
  36723. 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77};
  36724. const unsigned char email[] =
  36725. {'i', 'n', 'f', 'o', '@', 'w', 'o', 'l',
  36726. 'f', 's', 's', 'l', '.', 'c', 'o', 'm'};
  36727. const char* dnsStr = "DNS:example.com";
  36728. const char* uriStr = "URI:http://127.0.0.1:22220";
  36729. const char* v4addStr = "IP Address:192.168.53.1";
  36730. const char* v6addStr = "IP Address:2021:DB8:0:0:0:FF00:42:7777";
  36731. const char* emailStr = "email:info@wolfssl.com";
  36732. const char* othrStr = "othername:<unsupported>";
  36733. const char* x400Str = "X400Name:<unsupported>";
  36734. const char* ediStr = "EdiPartyName:<unsupported>";
  36735. /* BIO to output */
  36736. AssertNotNull(out = BIO_new(BIO_s_mem()));
  36737. /* test for NULL param */
  36738. gn = NULL;
  36739. AssertIntEQ(GENERAL_NAME_print(NULL, NULL), 0);
  36740. AssertIntEQ(GENERAL_NAME_print(NULL, gn), 0);
  36741. AssertIntEQ(GENERAL_NAME_print(out, NULL), 0);
  36742. /* test for GEN_DNS */
  36743. f = XFOPEN(cliCertDerFileExt, "rb");
  36744. AssertTrue((f != XBADFILE));
  36745. AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
  36746. XFCLOSE(f);
  36747. bufPt = buf;
  36748. AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
  36749. AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
  36750. NID_subject_alt_name, NULL, NULL));
  36751. AssertNotNull(gn = sk_GENERAL_NAME_value(sk, 0));
  36752. AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
  36753. XMEMSET(outbuf,0,sizeof(outbuf));
  36754. BIO_read(out, outbuf, sizeof(outbuf));
  36755. AssertIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0);
  36756. sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
  36757. X509_free(x509);
  36758. /* test for GEN_URI */
  36759. f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb");
  36760. AssertTrue((f != XBADFILE));
  36761. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  36762. XFCLOSE(f);
  36763. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 4));
  36764. aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext);
  36765. AssertNotNull(aia);
  36766. ad = (WOLFSSL_ACCESS_DESCRIPTION *)wolfSSL_sk_value(aia, 0);
  36767. gn = ad->location;
  36768. AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
  36769. XMEMSET(outbuf,0,sizeof(outbuf));
  36770. AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
  36771. AssertIntEQ(XSTRNCMP((const char*)outbuf, uriStr, XSTRLEN(uriStr)), 0);
  36772. wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
  36773. aia = (AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext);
  36774. AssertNotNull(aia);
  36775. AUTHORITY_INFO_ACCESS_pop_free(aia, NULL);
  36776. X509_free(x509);
  36777. /* test for GEN_IPADD */
  36778. /* ip v4 address */
  36779. AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
  36780. gn->type = GEN_IPADD;
  36781. gn->d.iPAddress->length = sizeof(v4Addr);
  36782. AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v4Addr,
  36783. sizeof(v4Addr)), 1);
  36784. AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
  36785. XMEMSET(outbuf,0,sizeof(outbuf));
  36786. AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
  36787. AssertIntEQ(XSTRNCMP((const char*)outbuf, v4addStr, XSTRLEN(v4addStr)), 0);
  36788. GENERAL_NAME_free(gn);
  36789. /* ip v6 address */
  36790. AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
  36791. gn->type = GEN_IPADD;
  36792. gn->d.iPAddress->length = sizeof(v6Addr);
  36793. AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v6Addr,
  36794. sizeof(v6Addr)), 1);
  36795. AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
  36796. XMEMSET(outbuf,0,sizeof(outbuf));
  36797. AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
  36798. AssertIntEQ(XSTRNCMP((const char*)outbuf, v6addStr, XSTRLEN(v6addStr)), 0);
  36799. GENERAL_NAME_free(gn);
  36800. /* test for GEN_EMAIL */
  36801. AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
  36802. gn->type = GEN_EMAIL;
  36803. gn->d.rfc822Name->length = sizeof(email);
  36804. AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.rfc822Name, email,
  36805. sizeof(email)), 1);
  36806. AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
  36807. XMEMSET(outbuf,0,sizeof(outbuf));
  36808. AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
  36809. AssertIntEQ(XSTRNCMP((const char*)outbuf, emailStr, XSTRLEN(emailStr)), 0);
  36810. GENERAL_NAME_free(gn);
  36811. /* test for GEN_OTHERNAME */
  36812. AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
  36813. gn->type = GEN_OTHERNAME;
  36814. AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
  36815. XMEMSET(outbuf,0,sizeof(outbuf));
  36816. AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
  36817. AssertIntEQ(XSTRNCMP((const char*)outbuf, othrStr, XSTRLEN(othrStr)), 0);
  36818. GENERAL_NAME_free(gn);
  36819. /* test for GEN_X400 */
  36820. AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
  36821. gn->type = GEN_X400;
  36822. AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
  36823. XMEMSET(outbuf,0,sizeof(outbuf));
  36824. AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
  36825. AssertIntEQ(XSTRNCMP((const char*)outbuf, x400Str, XSTRLEN(x400Str)), 0);
  36826. GENERAL_NAME_free(gn);
  36827. /* test for GEN_EDIPARTY */
  36828. AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
  36829. gn->type = GEN_EDIPARTY;
  36830. AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
  36831. XMEMSET(outbuf,0,sizeof(outbuf));
  36832. AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
  36833. AssertIntEQ(XSTRNCMP((const char*)outbuf, ediStr, XSTRLEN(ediStr)), 0);
  36834. GENERAL_NAME_free(gn);
  36835. BIO_free(out);
  36836. res = TEST_RES_CHECK(1);
  36837. #endif /* OPENSSL_ALL */
  36838. return res;
  36839. }
  36840. static int test_wolfSSL_sk_DIST_POINT(void)
  36841. {
  36842. int res = TEST_SKIPPED;
  36843. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  36844. !defined(NO_RSA)
  36845. X509* x509;
  36846. unsigned char buf[4096];
  36847. const unsigned char* bufPt;
  36848. int bytes, i, j;
  36849. XFILE f;
  36850. DIST_POINT* dp;
  36851. DIST_POINT_NAME* dpn;
  36852. GENERAL_NAME* gn;
  36853. ASN1_IA5STRING* uri;
  36854. STACK_OF(DIST_POINT)* dps;
  36855. STACK_OF(GENERAL_NAME)* gns;
  36856. const char cliCertDerCrlDistPoint[] = "./certs/client-crl-dist.der";
  36857. f = XFOPEN(cliCertDerCrlDistPoint, "rb");
  36858. AssertTrue((f != XBADFILE));
  36859. AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
  36860. XFCLOSE(f);
  36861. bufPt = buf;
  36862. AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
  36863. AssertNotNull(dps = (STACK_OF(DIST_POINT)*)X509_get_ext_d2i(x509,
  36864. NID_crl_distribution_points, NULL, NULL));
  36865. AssertIntEQ(sk_DIST_POINT_num(dps), 1);
  36866. for (i = 0; i < sk_DIST_POINT_num(dps); i++) {
  36867. AssertNotNull(dp = sk_DIST_POINT_value(dps, i));
  36868. AssertNotNull(dpn = dp->distpoint);
  36869. /* this should be type 0, fullname */
  36870. AssertIntEQ(dpn->type, 0);
  36871. gns = dp->distpoint->name.fullname;
  36872. AssertNotNull(gns);
  36873. AssertIntEQ(sk_GENERAL_NAME_num(gns), 1);
  36874. for (j = 0; j < sk_GENERAL_NAME_num(gns); j++) {
  36875. gn = sk_GENERAL_NAME_value(gns, j);
  36876. AssertIntEQ(gn->type, GEN_URI);
  36877. AssertNotNull(uri = gn->d.uniformResourceIdentifier);
  36878. AssertNotNull(uri->data);
  36879. AssertIntGT(uri->length, 0);
  36880. }
  36881. }
  36882. X509_free(x509);
  36883. CRL_DIST_POINTS_free(dps);
  36884. res = TEST_RES_CHECK(1);
  36885. #endif
  36886. return res;
  36887. }
  36888. static int test_wolfSSL_MD4(void)
  36889. {
  36890. int res = TEST_SKIPPED;
  36891. #if defined(OPENSSL_EXTRA) && !defined(NO_MD4)
  36892. MD4_CTX md4;
  36893. unsigned char out[16]; /* MD4_DIGEST_SIZE */
  36894. const char* msg = "12345678901234567890123456789012345678901234567890123456"
  36895. "789012345678901234567890";
  36896. const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f"
  36897. "\xcc\x05\x36";
  36898. int msgSz = (int)XSTRLEN(msg);
  36899. XMEMSET(out, 0, sizeof(out));
  36900. MD4_Init(&md4);
  36901. MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz);
  36902. MD4_Final(out, &md4);
  36903. AssertIntEQ(XMEMCMP(out, test, sizeof(out)), 0);
  36904. res = TEST_RES_CHECK(1);
  36905. #endif
  36906. return res;
  36907. }
  36908. static int test_wolfSSL_verify_mode(void)
  36909. {
  36910. int res = TEST_SKIPPED;
  36911. #if defined(OPENSSL_ALL) && !defined(NO_RSA)
  36912. WOLFSSL* ssl;
  36913. WOLFSSL_CTX* ctx;
  36914. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  36915. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  36916. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  36917. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
  36918. AssertNotNull(ssl = SSL_new(ctx));
  36919. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
  36920. SSL_free(ssl);
  36921. SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
  36922. AssertNotNull(ssl = SSL_new(ctx));
  36923. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
  36924. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
  36925. wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
  36926. AssertIntEQ(SSL_CTX_get_verify_mode(ctx), SSL_VERIFY_PEER);
  36927. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);
  36928. SSL_free(ssl);
  36929. wolfSSL_CTX_set_verify(ctx,
  36930. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
  36931. AssertNotNull(ssl = SSL_new(ctx));
  36932. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
  36933. AssertIntEQ(SSL_get_verify_mode(ssl),
  36934. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
  36935. wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
  36936. AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
  36937. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
  36938. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
  36939. wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
  36940. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);
  36941. wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
  36942. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
  36943. wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_EXCEPT_PSK, 0);
  36944. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_EXCEPT_PSK);
  36945. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  36946. wolfSSL_set_verify(ssl, SSL_VERIFY_POST_HANDSHAKE, 0);
  36947. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_POST_HANDSHAKE);
  36948. #endif
  36949. AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
  36950. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
  36951. SSL_free(ssl);
  36952. SSL_CTX_free(ctx);
  36953. res = TEST_RES_CHECK(1);
  36954. #endif
  36955. return res;
  36956. }
  36957. static int test_wolfSSL_verify_depth(void)
  36958. {
  36959. int res = TEST_SKIPPED;
  36960. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
  36961. WOLFSSL* ssl;
  36962. WOLFSSL_CTX* ctx;
  36963. long depth;
  36964. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  36965. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  36966. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  36967. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
  36968. AssertIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0);
  36969. AssertNotNull(ssl = SSL_new(ctx));
  36970. AssertIntEQ(SSL_get_verify_depth(ssl), SSL_CTX_get_verify_depth(ctx));
  36971. SSL_free(ssl);
  36972. SSL_CTX_set_verify_depth(ctx, -1);
  36973. AssertIntEQ(depth, SSL_CTX_get_verify_depth(ctx));
  36974. SSL_CTX_set_verify_depth(ctx, 2);
  36975. AssertIntEQ(2, SSL_CTX_get_verify_depth(ctx));
  36976. AssertNotNull(ssl = SSL_new(ctx));
  36977. AssertIntEQ(2, SSL_get_verify_depth(ssl));
  36978. SSL_free(ssl);
  36979. SSL_CTX_free(ctx);
  36980. res = TEST_RES_CHECK(1);
  36981. #endif
  36982. return res;
  36983. }
  36984. #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
  36985. /* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a
  36986. * buffer of 64 bytes.
  36987. *
  36988. * returns the size of the digest buffer on success and a negative value on
  36989. * failure.
  36990. */
  36991. static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest)
  36992. {
  36993. HMAC_CTX ctx1;
  36994. HMAC_CTX ctx2;
  36995. unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  36996. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  36997. unsigned char long_key[] =
  36998. "0123456789012345678901234567890123456789"
  36999. "0123456789012345678901234567890123456789"
  37000. "0123456789012345678901234567890123456789"
  37001. "0123456789012345678901234567890123456789";
  37002. unsigned char msg[] = "message to hash";
  37003. unsigned int digestSz = 64;
  37004. int keySz = sizeof(key);
  37005. int long_keySz = sizeof(long_key);
  37006. int msgSz = sizeof(msg);
  37007. unsigned char digest2[64];
  37008. unsigned int digestSz2 = 64;
  37009. HMAC_CTX_init(&ctx1);
  37010. AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
  37011. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  37012. AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
  37013. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  37014. AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
  37015. HMAC_CTX_cleanup(&ctx1);
  37016. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  37017. AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS);
  37018. HMAC_CTX_cleanup(&ctx2);
  37019. AssertIntEQ(digestSz, digestSz2);
  37020. AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
  37021. /* test HMAC_Init with NULL key */
  37022. /* init after copy */
  37023. HMAC_CTX_init(&ctx1);
  37024. AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
  37025. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  37026. AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
  37027. AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
  37028. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  37029. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  37030. AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
  37031. HMAC_CTX_cleanup(&ctx1);
  37032. AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
  37033. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  37034. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  37035. AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
  37036. HMAC_CTX_cleanup(&ctx2);
  37037. AssertIntEQ(digestSz, digestSz2);
  37038. AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
  37039. /* long key */
  37040. HMAC_CTX_init(&ctx1);
  37041. AssertIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type), SSL_SUCCESS);
  37042. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  37043. AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
  37044. AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
  37045. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  37046. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  37047. AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
  37048. HMAC_CTX_cleanup(&ctx1);
  37049. AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
  37050. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  37051. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  37052. AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
  37053. HMAC_CTX_cleanup(&ctx2);
  37054. AssertIntEQ(digestSz, digestSz2);
  37055. AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
  37056. /* init before copy */
  37057. HMAC_CTX_init(&ctx1);
  37058. AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
  37059. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  37060. AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
  37061. AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
  37062. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  37063. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  37064. AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
  37065. HMAC_CTX_cleanup(&ctx1);
  37066. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  37067. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  37068. AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
  37069. HMAC_CTX_cleanup(&ctx2);
  37070. AssertIntEQ(digestSz, digestSz2);
  37071. AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
  37072. return digestSz;
  37073. }
  37074. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */
  37075. static int test_wolfSSL_HMAC_CTX(void)
  37076. {
  37077. int res = TEST_SKIPPED;
  37078. #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
  37079. unsigned char digest[64];
  37080. int digestSz;
  37081. #ifndef NO_SHA
  37082. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha1(), digest)), 20);
  37083. AssertIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA"
  37084. "\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0);
  37085. #endif /* !NO_SHA */
  37086. #ifdef WOLFSSL_SHA224
  37087. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha224(), digest)), 28);
  37088. AssertIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95"
  37089. "\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD"
  37090. "\x02\x0E", digest, digestSz), 0);
  37091. #endif /* WOLFSSL_SHA224 */
  37092. #ifndef NO_SHA256
  37093. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha256(), digest)), 32);
  37094. AssertIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC"
  37095. "\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2"
  37096. "\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0);
  37097. #endif /* !NO_SHA256 */
  37098. #ifdef WOLFSSL_SHA384
  37099. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha384(), digest)), 48);
  37100. AssertIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7"
  37101. "\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25"
  37102. "\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7"
  37103. "\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB",
  37104. digest, digestSz), 0);
  37105. #endif /* WOLFSSL_SHA384 */
  37106. #ifdef WOLFSSL_SHA512
  37107. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha512(), digest)), 64);
  37108. AssertIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD"
  37109. "\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10"
  37110. "\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60"
  37111. "\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60"
  37112. "\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0",
  37113. digest, digestSz), 0);
  37114. #endif /* WOLFSSL_SHA512 */
  37115. #if !defined(NO_MD5) && (!defined(HAVE_FIPS_VERSION) || HAVE_FIPS_VERSION <= 2)
  37116. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_md5(), digest)), 16);
  37117. AssertIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F"
  37118. "\xE4\x98\xDD", digest, digestSz), 0);
  37119. #endif /* !NO_MD5 */
  37120. res = TEST_RES_CHECK(1);
  37121. #endif
  37122. return res;
  37123. }
  37124. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
  37125. static void sslMsgCb(int w, int version, int type, const void* buf,
  37126. size_t sz, SSL* ssl, void* arg)
  37127. {
  37128. int i;
  37129. unsigned char* pt = (unsigned char*)buf;
  37130. fprintf(stderr, "%s %d bytes of version %d , type %d : ",
  37131. (w)?"Writing":"Reading", (int)sz, version, type);
  37132. for (i = 0; i < (int)sz; i++) fprintf(stderr, "%02X", pt[i]);
  37133. fprintf(stderr, "\n");
  37134. (void)ssl;
  37135. (void)arg;
  37136. }
  37137. #endif /* OPENSSL_EXTRA */
  37138. static int test_wolfSSL_msg_callback(void)
  37139. {
  37140. int res = TEST_SKIPPED;
  37141. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
  37142. WOLFSSL* ssl;
  37143. WOLFSSL_CTX* ctx;
  37144. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  37145. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  37146. SSL_FILETYPE_PEM));
  37147. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  37148. SSL_FILETYPE_PEM));
  37149. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
  37150. SSL_SUCCESS);
  37151. AssertNotNull(ssl = SSL_new(ctx));
  37152. AssertIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS);
  37153. AssertIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS);
  37154. AssertIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE);
  37155. SSL_free(ssl);
  37156. SSL_CTX_free(ctx);
  37157. res = TEST_RES_CHECK(1);
  37158. #endif
  37159. return res;
  37160. }
  37161. static int test_wolfSSL_SHA(void)
  37162. {
  37163. int res = TEST_SKIPPED;
  37164. #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST)
  37165. #if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES) && \
  37166. (!defined(HAVE_FIPS) || \
  37167. (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
  37168. {
  37169. const unsigned char in[] = "abc";
  37170. unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
  37171. "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D";
  37172. unsigned char out[WC_SHA_DIGEST_SIZE];
  37173. XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
  37174. AssertNotNull(SHA1(in, XSTRLEN((char*)in), out));
  37175. AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
  37176. /* SHA interface test */
  37177. XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
  37178. AssertNull(SHA(NULL, XSTRLEN((char*)in), out));
  37179. AssertNotNull(SHA(in, 0, out));
  37180. AssertNotNull(SHA(in, XSTRLEN((char*)in), NULL));
  37181. AssertNotNull(SHA(NULL, 0, out));
  37182. AssertNotNull(SHA(NULL, 0, NULL));
  37183. AssertNotNull(SHA(in, XSTRLEN((char*)in), out));
  37184. AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
  37185. }
  37186. #endif
  37187. #if !defined(NO_SHA256)
  37188. {
  37189. const unsigned char in[] = "abc";
  37190. unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
  37191. "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
  37192. "\x15\xAD";
  37193. unsigned char out[WC_SHA256_DIGEST_SIZE];
  37194. XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
  37195. #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
  37196. AssertNotNull(SHA256(in, XSTRLEN((char*)in), out));
  37197. #else
  37198. AssertNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out));
  37199. #endif
  37200. AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
  37201. }
  37202. #endif
  37203. #if defined(WOLFSSL_SHA384)
  37204. {
  37205. const unsigned char in[] = "abc";
  37206. unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
  37207. "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
  37208. "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
  37209. "\xc8\x25\xa7";
  37210. unsigned char out[WC_SHA384_DIGEST_SIZE];
  37211. XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
  37212. #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
  37213. AssertNotNull(SHA384(in, XSTRLEN((char*)in), out));
  37214. #else
  37215. AssertNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out));
  37216. #endif
  37217. AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
  37218. }
  37219. #endif
  37220. #if defined(WOLFSSL_SHA512)
  37221. {
  37222. const unsigned char in[] = "abc";
  37223. unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
  37224. "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
  37225. "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
  37226. "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
  37227. "\xa5\x4c\xa4\x9f";
  37228. unsigned char out[WC_SHA512_DIGEST_SIZE];
  37229. XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
  37230. #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
  37231. AssertNotNull(SHA512(in, XSTRLEN((char*)in), out));
  37232. #else
  37233. AssertNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out));
  37234. #endif
  37235. AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
  37236. }
  37237. #endif
  37238. res = TEST_RES_CHECK(1);
  37239. #endif
  37240. return res;
  37241. }
  37242. /* test_EVP_Cipher_extra, Extra-test on EVP_CipherUpdate/Final. see also test.c */
  37243. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\
  37244. (!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128))
  37245. static void binary_dump(void *ptr, int size)
  37246. {
  37247. #ifdef WOLFSSL_EVP_PRINT
  37248. int i = 0;
  37249. unsigned char *p = (unsigned char *) ptr;
  37250. fprintf(stderr, "{");
  37251. while ((p != NULL) && (i < size)) {
  37252. if ((i % 8) == 0) {
  37253. fprintf(stderr, "\n");
  37254. fprintf(stderr, " ");
  37255. }
  37256. fprintf(stderr, "0x%02x, ", p[i]);
  37257. i++;
  37258. }
  37259. fprintf(stderr, "\n};\n");
  37260. #else
  37261. (void) ptr;
  37262. (void) size;
  37263. #endif
  37264. }
  37265. static int last_val = 0x0f;
  37266. static int check_result(unsigned char *data, int len)
  37267. {
  37268. int i;
  37269. for ( ; len; ) {
  37270. last_val = (last_val + 1) % 16;
  37271. for (i = 0; i < 16; len--, i++, data++)
  37272. if (*data != last_val) {
  37273. return -1;
  37274. }
  37275. }
  37276. return 0;
  37277. }
  37278. static int r_offset;
  37279. static int w_offset;
  37280. static void init_offset(void)
  37281. {
  37282. r_offset = 0;
  37283. w_offset = 0;
  37284. }
  37285. static void get_record(unsigned char *data, unsigned char *buf, int len)
  37286. {
  37287. XMEMCPY(buf, data+r_offset, len);
  37288. r_offset += len;
  37289. }
  37290. static void set_record(unsigned char *data, unsigned char *buf, int len)
  37291. {
  37292. XMEMCPY(data+w_offset, buf, len);
  37293. w_offset += len;
  37294. }
  37295. static void set_plain(unsigned char *plain, int rec)
  37296. {
  37297. int i, j;
  37298. unsigned char *p = plain;
  37299. #define BLOCKSZ 16
  37300. for (i=0; i<(rec/BLOCKSZ); i++) {
  37301. for (j=0; j<BLOCKSZ; j++)
  37302. *p++ = (i % 16);
  37303. }
  37304. }
  37305. #endif
  37306. static int test_wolfSSL_EVP_Cipher_extra(void)
  37307. {
  37308. int res = TEST_SKIPPED;
  37309. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\
  37310. (!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128))
  37311. /* aes128-cbc, keylen=16, ivlen=16 */
  37312. byte aes128_cbc_key[] = {
  37313. 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef,
  37314. 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef,
  37315. };
  37316. byte aes128_cbc_iv[] = {
  37317. 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
  37318. 0x99, 0x00, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
  37319. };
  37320. /* teset data size table */
  37321. int test_drive1[] = {8, 3, 5, 512, 8, 3, 8, 512, 0};
  37322. int test_drive2[] = {8, 3, 8, 512, 0};
  37323. int test_drive3[] = {512, 512, 504, 512, 512, 8, 512, 0};
  37324. int *test_drive[] = {test_drive1, test_drive2, test_drive3, NULL};
  37325. int test_drive_len[100];
  37326. int ret = 0;
  37327. EVP_CIPHER_CTX *evp = NULL;
  37328. int ilen = 0;
  37329. int klen = 0;
  37330. int i, j;
  37331. const EVP_CIPHER *type;
  37332. byte *iv;
  37333. byte *key;
  37334. int ivlen;
  37335. int keylen;
  37336. #define RECORDS 16
  37337. #define BUFFSZ 512
  37338. byte plain [BUFFSZ * RECORDS];
  37339. byte cipher[BUFFSZ * RECORDS];
  37340. byte inb[BUFFSZ];
  37341. byte outb[BUFFSZ+16];
  37342. int outl, inl;
  37343. iv = aes128_cbc_iv;
  37344. ivlen = sizeof(aes128_cbc_iv);
  37345. key = aes128_cbc_key;
  37346. keylen = sizeof(aes128_cbc_key);
  37347. type = EVP_aes_128_cbc();
  37348. set_plain(plain, BUFFSZ * RECORDS);
  37349. SSL_library_init();
  37350. AssertNotNull(evp = EVP_CIPHER_CTX_new());
  37351. AssertIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0);
  37352. AssertIntEQ(EVP_CIPHER_CTX_nid(evp), NID_aes_128_cbc);
  37353. klen = EVP_CIPHER_CTX_key_length(evp);
  37354. if (klen > 0 && keylen != klen) {
  37355. AssertIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0);
  37356. }
  37357. ilen = EVP_CIPHER_CTX_iv_length(evp);
  37358. if (ilen > 0 && ivlen != ilen) {
  37359. AssertIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0);
  37360. }
  37361. AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);
  37362. for (j = 0; j<RECORDS; j++)
  37363. {
  37364. inl = BUFFSZ;
  37365. get_record(plain, inb, inl);
  37366. AssertIntNE((ret = EVP_CipherUpdate(evp, outb, &outl, inb, inl)), 0);
  37367. set_record(cipher, outb, outl);
  37368. }
  37369. for (i = 0; test_drive[i]; i++) {
  37370. AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);
  37371. init_offset();
  37372. test_drive_len[i] = 0;
  37373. for (j = 0; test_drive[i][j]; j++)
  37374. {
  37375. inl = test_drive[i][j];
  37376. test_drive_len[i] += inl;
  37377. get_record(plain, inb, inl);
  37378. AssertIntNE((ret = EVP_EncryptUpdate(evp, outb, &outl, inb, inl)), 0);
  37379. /* output to cipher buffer, so that following Dec test can detect
  37380. if any error */
  37381. set_record(cipher, outb, outl);
  37382. }
  37383. EVP_CipherFinal(evp, outb, &outl);
  37384. if (outl > 0)
  37385. set_record(cipher, outb, outl);
  37386. }
  37387. for (i = 0; test_drive[i]; i++) {
  37388. last_val = 0x0f;
  37389. AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 0)), 0);
  37390. init_offset();
  37391. for (j = 0; test_drive[i][j]; j++) {
  37392. inl = test_drive[i][j];
  37393. get_record(cipher, inb, inl);
  37394. AssertIntNE((ret = EVP_DecryptUpdate(evp, outb, &outl, inb, inl)), 0);
  37395. binary_dump(outb, outl);
  37396. AssertIntEQ((ret = check_result(outb, outl)), 0);
  37397. AssertFalse(outl > ((inl/16+1)*16) && outl > 16);
  37398. }
  37399. ret = EVP_CipherFinal(evp, outb, &outl);
  37400. binary_dump(outb, outl);
  37401. ret = (((test_drive_len[i] % 16) != 0) && (ret == 0)) ||
  37402. (((test_drive_len[i] % 16) == 0) && (ret == 1));
  37403. AssertTrue(ret);
  37404. }
  37405. EVP_CIPHER_CTX_free(evp);
  37406. /* Do an extra test to verify correct behavior with empty input. */
  37407. AssertNotNull(evp = EVP_CIPHER_CTX_new());
  37408. AssertIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0);
  37409. AssertIntEQ(EVP_CIPHER_CTX_nid(evp), NID_aes_128_cbc);
  37410. klen = EVP_CIPHER_CTX_key_length(evp);
  37411. if (klen > 0 && keylen != klen) {
  37412. AssertIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0);
  37413. }
  37414. ilen = EVP_CIPHER_CTX_iv_length(evp);
  37415. if (ilen > 0 && ivlen != ilen) {
  37416. AssertIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0);
  37417. }
  37418. AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);
  37419. /* outl should be set to 0 after passing NULL, 0 for input args. */
  37420. outl = -1;
  37421. AssertIntNE((ret = EVP_CipherUpdate(evp, outb, &outl, NULL, 0)), 0);
  37422. AssertIntEQ(outl, 0);
  37423. EVP_CIPHER_CTX_free(evp);
  37424. res = TEST_RES_CHECK(1);
  37425. #endif /* test_EVP_Cipher */
  37426. return res;
  37427. }
  37428. static int test_wolfSSL_PEM_read_DHparams(void)
  37429. {
  37430. int res = TEST_SKIPPED;
  37431. #if defined(OPENSSL_ALL) && !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && \
  37432. !defined(NO_FILESYSTEM)
  37433. DH* dh;
  37434. XFILE fp;
  37435. unsigned char derOut[300];
  37436. unsigned char* derOutBuf = derOut;
  37437. int derOutSz = 0;
  37438. unsigned char derExpected[300];
  37439. int derExpectedSz = 0;
  37440. XMEMSET(derOut, 0, sizeof(derOut));
  37441. XMEMSET(derExpected, 0, sizeof(derExpected));
  37442. /* open DH param file, read into DH struct */
  37443. AssertNotNull(fp = XFOPEN(dhParamFile, "rb"));
  37444. /* bad args */
  37445. AssertNull(dh = PEM_read_DHparams(NULL, &dh, NULL, NULL));
  37446. AssertNull(dh = PEM_read_DHparams(NULL, NULL, NULL, NULL));
  37447. /* good args */
  37448. AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
  37449. XFCLOSE(fp);
  37450. /* read in certs/dh2048.der for comparison against exported params */
  37451. fp = XFOPEN("./certs/dh2048.der", "rb");
  37452. AssertTrue(fp != XBADFILE);
  37453. derExpectedSz = (int)XFREAD(derExpected, 1, sizeof(derExpected), fp);
  37454. XFCLOSE(fp);
  37455. /* export DH back to DER and compare */
  37456. derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf);
  37457. AssertIntEQ(derOutSz, derExpectedSz);
  37458. AssertIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0);
  37459. DH_free(dh);
  37460. dh = NULL;
  37461. /* Test parsing with X9.42 header */
  37462. fp = XFOPEN("./certs/x942dh2048.pem", "rb");
  37463. AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
  37464. XFCLOSE(fp);
  37465. DH_free(dh);
  37466. res = TEST_RES_CHECK(1);
  37467. #endif
  37468. return res;
  37469. }
  37470. static int test_wolfSSL_AES_ecb_encrypt(void)
  37471. {
  37472. int res = TEST_SKIPPED;
  37473. #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB)
  37474. AES_KEY aes;
  37475. const byte msg[] =
  37476. {
  37477. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  37478. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  37479. };
  37480. const byte verify[] =
  37481. {
  37482. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  37483. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  37484. };
  37485. const byte key[] =
  37486. {
  37487. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  37488. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  37489. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  37490. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  37491. };
  37492. byte out[AES_BLOCK_SIZE];
  37493. AssertIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0);
  37494. XMEMSET(out, 0, AES_BLOCK_SIZE);
  37495. AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT);
  37496. AssertIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0);
  37497. #ifdef HAVE_AES_DECRYPT
  37498. AssertIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0);
  37499. XMEMSET(out, 0, AES_BLOCK_SIZE);
  37500. AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT);
  37501. AssertIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0);
  37502. #endif
  37503. /* test bad arguments */
  37504. AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT);
  37505. AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT);
  37506. AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT);
  37507. res = TEST_RES_CHECK(1);
  37508. #endif
  37509. return res;
  37510. }
  37511. static int test_wolfSSL_MD5(void)
  37512. {
  37513. int res = TEST_SKIPPED;
  37514. #if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
  37515. byte input1[] = "";
  37516. byte input2[] = "message digest";
  37517. byte hash[WC_MD5_DIGEST_SIZE];
  37518. unsigned char output1[] =
  37519. "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e";
  37520. unsigned char output2[] =
  37521. "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0";
  37522. WOLFSSL_MD5_CTX md5;
  37523. XMEMSET(&md5, 0, sizeof(md5));
  37524. /* Test cases for illegal parameters */
  37525. AssertIntEQ(MD5_Init(NULL), 0);
  37526. AssertIntEQ(MD5_Init(&md5), 1);
  37527. AssertIntEQ(MD5_Update(NULL, input1, 0), 0);
  37528. AssertIntEQ(MD5_Update(NULL, NULL, 0), 0);
  37529. AssertIntEQ(MD5_Update(&md5, NULL, 1), 0);
  37530. AssertIntEQ(MD5_Final(NULL, &md5), 0);
  37531. AssertIntEQ(MD5_Final(hash, NULL), 0);
  37532. AssertIntEQ(MD5_Final(NULL, NULL), 0);
  37533. /* Init MD5 CTX */
  37534. AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
  37535. AssertIntEQ(wolfSSL_MD5_Update(&md5, input1,
  37536. XSTRLEN((const char*)&input1)), 1);
  37537. AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
  37538. AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
  37539. /* Init MD5 CTX */
  37540. AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
  37541. AssertIntEQ(wolfSSL_MD5_Update(&md5, input2,
  37542. (int)XSTRLEN((const char*)input2)), 1);
  37543. AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
  37544. AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
  37545. #if !defined(NO_OLD_NAMES) && \
  37546. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
  37547. AssertPtrNE(MD5(NULL, 1, (byte*)&hash), &hash);
  37548. AssertPtrEq(MD5(input1, 0, (byte*)&hash), &hash);
  37549. AssertPtrNE(MD5(input1, 1, NULL), NULL);
  37550. AssertPtrNE(MD5(NULL, 0, NULL), NULL);
  37551. AssertPtrEq(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash), &hash);
  37552. AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
  37553. AssertPtrEq(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash), &hash);
  37554. AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
  37555. {
  37556. byte data[] = "Data to be hashed.";
  37557. XMEMSET(hash, 0, WC_MD5_DIGEST_SIZE);
  37558. AssertNotNull(MD5(data, sizeof(data), NULL));
  37559. AssertNotNull(MD5(data, sizeof(data), hash));
  37560. AssertNotNull(MD5(NULL, 0, hash));
  37561. AssertNull(MD5(NULL, sizeof(data), hash));
  37562. }
  37563. #endif
  37564. res = TEST_RES_CHECK(1);
  37565. #endif
  37566. return res;
  37567. }
  37568. static int test_wolfSSL_MD5_Transform(void)
  37569. {
  37570. int res = TEST_SKIPPED;
  37571. #if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
  37572. byte input1[] = "";
  37573. byte input2[] = "abc";
  37574. byte local[WC_MD5_BLOCK_SIZE];
  37575. word32 sLen = 0;
  37576. #ifdef BIG_ENDIAN_ORDER
  37577. unsigned char output1[] =
  37578. "\x03\x1f\x1d\xac\x6e\xa5\x8e\xd0\x1f\xab\x67\xb7\x74\x31\x77\x91";
  37579. unsigned char output2[] =
  37580. "\xef\xd3\x79\x8d\x67\x17\x25\x90\xa4\x13\x79\xc7\xe3\xa7\x7b\xbc";
  37581. #else
  37582. unsigned char output1[] =
  37583. "\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74";
  37584. unsigned char output2[] =
  37585. "\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3";
  37586. #endif
  37587. union {
  37588. wc_Md5 native;
  37589. MD5_CTX compat;
  37590. } md5;
  37591. XMEMSET(&md5.compat, 0, sizeof(md5.compat));
  37592. XMEMSET(&local, 0, sizeof(local));
  37593. /* sanity check */
  37594. AssertIntEQ(MD5_Transform(NULL, NULL), 0);
  37595. AssertIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
  37596. AssertIntEQ(MD5_Transform(&md5.compat, NULL), 0);
  37597. AssertIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG);
  37598. AssertIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
  37599. AssertIntEQ(wc_Md5Transform(&md5.native, NULL), BAD_FUNC_ARG);
  37600. /* Init MD5 CTX */
  37601. AssertIntEQ(wolfSSL_MD5_Init(&md5.compat), 1);
  37602. /* Do Transform*/
  37603. sLen = (word32)XSTRLEN((char*)input1);
  37604. XMEMCPY(local, input1, sLen);
  37605. AssertIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1);
  37606. AssertIntEQ(XMEMCMP(md5.native.digest, output1,
  37607. WC_MD5_DIGEST_SIZE), 0);
  37608. /* Init MD5 CTX */
  37609. AssertIntEQ(MD5_Init(&md5.compat), 1);
  37610. sLen = (word32)XSTRLEN((char*)input2);
  37611. XMEMSET(local, 0, WC_MD5_BLOCK_SIZE);
  37612. XMEMCPY(local, input2, sLen);
  37613. AssertIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1);
  37614. AssertIntEQ(XMEMCMP(md5.native.digest, output2,
  37615. WC_MD5_DIGEST_SIZE), 0);
  37616. res = TEST_RES_CHECK(1);
  37617. #endif
  37618. return res;
  37619. }
  37620. static int test_wolfSSL_SHA224(void)
  37621. {
  37622. int res = TEST_SKIPPED;
  37623. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \
  37624. !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  37625. (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
  37626. unsigned char input[] =
  37627. "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  37628. unsigned char output[] =
  37629. "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
  37630. "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
  37631. size_t inLen;
  37632. byte hash[WC_SHA224_DIGEST_SIZE];
  37633. inLen = XSTRLEN((char*)input);
  37634. XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE);
  37635. AssertNull(SHA224(NULL, inLen, hash));
  37636. AssertNotNull(SHA224(input, 0, hash));
  37637. AssertNotNull(SHA224(input, inLen, NULL));
  37638. AssertNotNull(SHA224(NULL, 0, hash));
  37639. AssertNotNull(SHA224(NULL, 0, NULL));
  37640. AssertNotNull(SHA224(input, inLen, hash));
  37641. AssertIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0);
  37642. res = TEST_RES_CHECK(1);
  37643. #endif
  37644. return res;
  37645. }
  37646. static int test_wolfSSL_SHA_Transform(void)
  37647. {
  37648. int res = TEST_SKIPPED;
  37649. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
  37650. #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  37651. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  37652. byte input1[] = "";
  37653. byte input2[] = "abc";
  37654. byte local[WC_SHA_BLOCK_SIZE];
  37655. word32 sLen = 0;
  37656. #ifdef BIG_ENDIAN_ORDER
  37657. unsigned char output1[] =
  37658. "\x92\xb4\x04\xe5\x56\x58\x8c\xed\x6c\x1a\xcd\x4e\xbf\x05\x3f\x68"
  37659. "\x09\xf7\x3a\x93";
  37660. unsigned char output2[] =
  37661. "\x97\xb2\x74\x8b\x4f\x5b\xbc\xca\x5b\xc0\xe6\xea\x2d\x40\xb4\xa0"
  37662. "\x7c\x6e\x08\xb8";
  37663. #else
  37664. unsigned char output1[] =
  37665. "\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf"
  37666. "\x93\x3a\xf7\x09";
  37667. unsigned char output2[] =
  37668. "\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d"
  37669. "\xb8\x08\x6e\x7c";
  37670. #endif
  37671. union {
  37672. wc_Sha native;
  37673. SHA_CTX compat;
  37674. } sha;
  37675. union {
  37676. wc_Sha native;
  37677. SHA_CTX compat;
  37678. } sha1;
  37679. XMEMSET(&sha.compat, 0, sizeof(sha.compat));
  37680. XMEMSET(&local, 0, sizeof(local));
  37681. /* sanity check */
  37682. AssertIntEQ(SHA_Transform(NULL, NULL), 0);
  37683. AssertIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0);
  37684. AssertIntEQ(SHA_Transform(&sha.compat, NULL), 0);
  37685. AssertIntEQ(SHA1_Transform(NULL, NULL), 0);
  37686. AssertIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
  37687. AssertIntEQ(SHA1_Transform(&sha.compat, NULL), 0);
  37688. AssertIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG);
  37689. AssertIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
  37690. AssertIntEQ(wc_ShaTransform(&sha.native, NULL), BAD_FUNC_ARG);
  37691. /* Init SHA CTX */
  37692. AssertIntEQ(SHA_Init(&sha.compat), 1);
  37693. /* Do Transform*/
  37694. sLen = (word32)XSTRLEN((char*)input1);
  37695. XMEMCPY(local, input1, sLen);
  37696. AssertIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1);
  37697. AssertIntEQ(XMEMCMP(sha.native.digest, output1,
  37698. WC_SHA_DIGEST_SIZE), 0);
  37699. AssertIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */
  37700. /* Init SHA CTX */
  37701. AssertIntEQ(SHA_Init(&sha.compat), 1);
  37702. sLen = (word32)XSTRLEN((char*)input2);
  37703. XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
  37704. XMEMCPY(local, input2, sLen);
  37705. AssertIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1);
  37706. AssertIntEQ(XMEMCMP(sha.native.digest, output2,
  37707. WC_SHA_DIGEST_SIZE), 0);
  37708. AssertIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */
  37709. /* SHA1 */
  37710. XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
  37711. /* Init SHA CTX */
  37712. AssertIntEQ(SHA1_Init(&sha1.compat), 1);
  37713. /* Do Transform*/
  37714. sLen = (word32)XSTRLEN((char*)input1);
  37715. XMEMCPY(local, input1, sLen);
  37716. AssertIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1);
  37717. AssertIntEQ(XMEMCMP(sha1.native.digest, output1,
  37718. WC_SHA_DIGEST_SIZE), 0);
  37719. AssertIntEQ(SHA_Final(local, &sha1.compat), 1); /* frees resources */
  37720. /* Init SHA CTX */
  37721. AssertIntEQ(SHA1_Init(&sha1.compat), 1);
  37722. sLen = (word32)XSTRLEN((char*)input2);
  37723. XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
  37724. XMEMCPY(local, input2, sLen);
  37725. AssertIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1);
  37726. AssertIntEQ(XMEMCMP(sha1.native.digest, output2,
  37727. WC_SHA_DIGEST_SIZE), 0);
  37728. AssertIntEQ(SHA_Final(local, &sha1.compat), 1); /* frees resources */
  37729. res = TEST_RES_CHECK(1);
  37730. #endif
  37731. #endif
  37732. return res;
  37733. }
  37734. static int test_wolfSSL_SHA256_Transform(void)
  37735. {
  37736. int res = TEST_SKIPPED;
  37737. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
  37738. #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  37739. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
  37740. !defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH) && \
  37741. !defined(WOLFSSL_KCAPI_HASH)
  37742. byte input1[] = "";
  37743. byte input2[] = "abc";
  37744. byte local[WC_SHA256_BLOCK_SIZE];
  37745. word32 sLen = 0;
  37746. #ifdef BIG_ENDIAN_ORDER
  37747. unsigned char output1[] =
  37748. "\xda\x56\x98\xbe\x17\xb9\xb4\x69\x62\x33\x57\x99\x77\x9f\xbe\xca"
  37749. "\x8c\xe5\xd4\x91\xc0\xd2\x62\x43\xba\xfe\xf9\xea\x18\x37\xa9\xd8";
  37750. unsigned char output2[] =
  37751. "\x1d\x4e\xd4\x67\x67\x7c\x61\x67\x44\x10\x76\x26\x78\x10\xff\xb8"
  37752. "\x40\xc8\x9a\x39\x73\x16\x60\x8c\xa6\x61\xd6\x05\x91\xf2\x8c\x35";
  37753. #else
  37754. unsigned char output1[] =
  37755. "\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77"
  37756. "\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18";
  37757. unsigned char output2[] =
  37758. "\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78"
  37759. "\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91";
  37760. #endif
  37761. union {
  37762. wc_Sha256 native;
  37763. SHA256_CTX compat;
  37764. } sha256;
  37765. XMEMSET(&sha256.compat, 0, sizeof(sha256.compat));
  37766. XMEMSET(&local, 0, sizeof(local));
  37767. /* sanity check */
  37768. AssertIntEQ(SHA256_Transform(NULL, NULL), 0);
  37769. AssertIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
  37770. AssertIntEQ(SHA256_Transform(&sha256.compat, NULL), 0);
  37771. AssertIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG);
  37772. AssertIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
  37773. AssertIntEQ(wc_Sha256Transform(&sha256.native, NULL), BAD_FUNC_ARG);
  37774. /* Init SHA256 CTX */
  37775. AssertIntEQ(SHA256_Init(&sha256.compat), 1);
  37776. /* Do Transform*/
  37777. sLen = (word32)XSTRLEN((char*)input1);
  37778. XMEMCPY(local, input1, sLen);
  37779. AssertIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1);
  37780. AssertIntEQ(XMEMCMP(sha256.native.digest, output1,
  37781. WC_SHA256_DIGEST_SIZE), 0);
  37782. AssertIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */
  37783. /* Init SHA256 CTX */
  37784. AssertIntEQ(SHA256_Init(&sha256.compat), 1);
  37785. sLen = (word32)XSTRLEN((char*)input2);
  37786. XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE);
  37787. XMEMCPY(local, input2, sLen);
  37788. AssertIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1);
  37789. AssertIntEQ(XMEMCMP(sha256.native.digest, output2,
  37790. WC_SHA256_DIGEST_SIZE), 0);
  37791. AssertIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */
  37792. res = TEST_RES_CHECK(1);
  37793. #endif
  37794. #endif
  37795. return res;
  37796. }
  37797. static int test_wolfSSL_SHA256(void)
  37798. {
  37799. int res = TEST_SKIPPED;
  37800. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \
  37801. defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  37802. unsigned char input[] =
  37803. "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  37804. unsigned char output[] =
  37805. "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
  37806. "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
  37807. "\x06\xC1";
  37808. size_t inLen;
  37809. byte hash[WC_SHA256_DIGEST_SIZE];
  37810. inLen = XSTRLEN((char*)input);
  37811. XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
  37812. AssertNotNull(SHA256(input, inLen, hash));
  37813. AssertIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0);
  37814. res = TEST_RES_CHECK(1);
  37815. #endif
  37816. return res;
  37817. }
  37818. static int test_wolfSSL_SHA512_Transform(void)
  37819. {
  37820. int res = TEST_SKIPPED;
  37821. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512)
  37822. #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  37823. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
  37824. !defined(WOLFSSL_KCAPI_HASH)
  37825. byte input1[] = "";
  37826. byte input2[] = "abc";
  37827. byte local[WC_SHA512_BLOCK_SIZE];
  37828. word32 sLen = 0;
  37829. #ifdef BIG_ENDIAN_ORDER
  37830. unsigned char output1[] =
  37831. "\xcf\x78\x81\xd5\x77\x4a\xcb\xe8\x53\x33\x62\xe0\xfb\xc7\x80\x70"
  37832. "\x02\x67\x63\x9d\x87\x46\x0e\xda\x30\x86\xcb\x40\xe8\x59\x31\xb0"
  37833. "\x71\x7d\xc9\x52\x88\xa0\x23\xa3\x96\xba\xb2\xc1\x4c\xe0\xb5\xe0"
  37834. "\x6f\xc4\xfe\x04\xea\xe3\x3e\x0b\x91\xf4\xd8\x0c\xbd\x66\x8b\xee";
  37835. unsigned char output2[] =
  37836. "\x11\x10\x93\x4e\xeb\xa0\xcc\x0d\xfd\x33\x43\x9c\xfb\x04\xc8\x21"
  37837. "\xa9\xb4\x26\x3d\xca\xab\x31\x41\xe2\xc6\xaa\xaf\xe1\x67\xd7\xab"
  37838. "\x31\x8f\x2e\x54\x2c\xba\x4e\x83\xbe\x88\xec\x9d\x8f\x2b\x38\x98"
  37839. "\x14\xd2\x4e\x9d\x53\x8b\x5e\x4d\xde\x68\x6c\x69\xaf\x20\x96\xf0";
  37840. #else
  37841. unsigned char output1[] =
  37842. "\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53"
  37843. "\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30"
  37844. "\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96"
  37845. "\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91";
  37846. unsigned char output2[] =
  37847. "\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd"
  37848. "\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2"
  37849. "\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe"
  37850. "\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde";
  37851. #endif
  37852. union {
  37853. wc_Sha512 native;
  37854. SHA512_CTX compat;
  37855. } sha512;
  37856. XMEMSET(&sha512.compat, 0, sizeof(sha512.compat));
  37857. XMEMSET(&local, 0, sizeof(local));
  37858. /* sanity check */
  37859. AssertIntEQ(SHA512_Transform(NULL, NULL), 0);
  37860. AssertIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
  37861. AssertIntEQ(SHA512_Transform(&sha512.compat, NULL), 0);
  37862. AssertIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG);
  37863. AssertIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
  37864. AssertIntEQ(wc_Sha512Transform(&sha512.native, NULL), BAD_FUNC_ARG);
  37865. /* Init SHA512 CTX */
  37866. AssertIntEQ(wolfSSL_SHA512_Init(&sha512.compat), 1);
  37867. /* Do Transform*/
  37868. sLen = (word32)XSTRLEN((char*)input1);
  37869. XMEMCPY(local, input1, sLen);
  37870. AssertIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1);
  37871. AssertIntEQ(XMEMCMP(sha512.native.digest, output1,
  37872. WC_SHA512_DIGEST_SIZE), 0);
  37873. AssertIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */
  37874. /* Init SHA512 CTX */
  37875. AssertIntEQ(SHA512_Init(&sha512.compat), 1);
  37876. sLen = (word32)XSTRLEN((char*)input2);
  37877. XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
  37878. XMEMCPY(local, input2, sLen);
  37879. AssertIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1);
  37880. AssertIntEQ(XMEMCMP(sha512.native.digest, output2,
  37881. WC_SHA512_DIGEST_SIZE), 0);
  37882. AssertIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */
  37883. (void)input1;
  37884. res = TEST_RES_CHECK(1);
  37885. #endif
  37886. #endif
  37887. return res;
  37888. }
  37889. static int test_wolfSSL_X509_get_serialNumber(void)
  37890. {
  37891. int res = TEST_SKIPPED;
  37892. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
  37893. ASN1_INTEGER* a;
  37894. BIGNUM* bn;
  37895. X509* x509;
  37896. char *serialHex;
  37897. byte serial[3];
  37898. int serialSz;
  37899. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
  37900. SSL_FILETYPE_PEM));
  37901. AssertNotNull(a = X509_get_serialNumber(x509));
  37902. /* check on value of ASN1 Integer */
  37903. AssertNotNull(bn = ASN1_INTEGER_to_BN(a, NULL));
  37904. /* test setting serial number and then retrieving it */
  37905. AssertNotNull(a = ASN1_INTEGER_new());
  37906. ASN1_INTEGER_set(a, 3);
  37907. AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
  37908. serialSz = sizeof(serial);
  37909. AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
  37910. WOLFSSL_SUCCESS);
  37911. AssertIntEQ(serialSz, 1);
  37912. AssertIntEQ(serial[0], 3);
  37913. ASN1_INTEGER_free(a);
  37914. /* test setting serial number with 0's in it */
  37915. serial[0] = 0x01;
  37916. serial[1] = 0x00;
  37917. serial[2] = 0x02;
  37918. AssertNotNull(a = wolfSSL_ASN1_INTEGER_new());
  37919. a->data[0] = ASN_INTEGER;
  37920. a->data[1] = sizeof(serial);
  37921. XMEMCPY(&a->data[2], serial, sizeof(serial));
  37922. a->length = sizeof(serial) + 2;
  37923. AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
  37924. XMEMSET(serial, 0, sizeof(serial));
  37925. serialSz = sizeof(serial);
  37926. AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
  37927. WOLFSSL_SUCCESS);
  37928. AssertIntEQ(serialSz, 3);
  37929. AssertIntEQ(serial[0], 0x01);
  37930. AssertIntEQ(serial[1], 0x00);
  37931. AssertIntEQ(serial[2], 0x02);
  37932. ASN1_INTEGER_free(a);
  37933. X509_free(x509); /* free's a */
  37934. AssertNotNull(serialHex = BN_bn2hex(bn));
  37935. #ifndef WC_DISABLE_RADIX_ZERO_PAD
  37936. AssertStrEQ(serialHex, "01");
  37937. #else
  37938. AssertStrEQ(serialHex, "1");
  37939. #endif
  37940. OPENSSL_free(serialHex);
  37941. AssertIntEQ(BN_get_word(bn), 1);
  37942. BN_free(bn);
  37943. /* hard test free'ing with dynamic buffer to make sure there is no leaks */
  37944. a = ASN1_INTEGER_new();
  37945. if (a) {
  37946. AssertNotNull(a->data = (unsigned char*)XMALLOC(100, NULL,
  37947. DYNAMIC_TYPE_OPENSSL));
  37948. a->isDynamic = 1;
  37949. ASN1_INTEGER_free(a);
  37950. }
  37951. res = TEST_RES_CHECK(1);
  37952. #endif
  37953. return res;
  37954. }
  37955. static int test_wolfSSL_OpenSSL_add_all_algorithms(void)
  37956. {
  37957. int res = TEST_SKIPPED;
  37958. #if defined(OPENSSL_EXTRA)
  37959. AssertIntEQ(wolfSSL_add_all_algorithms(),WOLFSSL_SUCCESS);
  37960. AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS);
  37961. AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_conf(),WOLFSSL_SUCCESS);
  37962. res = TEST_RES_CHECK(1);
  37963. #endif
  37964. return res;
  37965. }
  37966. static int test_wolfSSL_OPENSSL_hexstr2buf(void)
  37967. {
  37968. int res = TEST_SKIPPED;
  37969. #if defined(OPENSSL_EXTRA)
  37970. #define MAX_HEXSTR_BUFSZ 9
  37971. #define NUM_CASES 5
  37972. struct Output {
  37973. const unsigned char buffer[MAX_HEXSTR_BUFSZ];
  37974. long ret;
  37975. };
  37976. int i;
  37977. int j;
  37978. const char* inputs[NUM_CASES] = {
  37979. "aabcd1357e",
  37980. "01:12:23:34:a5:b6:c7:d8:e9",
  37981. ":01:02",
  37982. "012",
  37983. ":ab:ac:d"
  37984. };
  37985. struct Output expectedOutputs[NUM_CASES] = {
  37986. {{0xaa, 0xbc, 0xd1, 0x35, 0x7e}, 5},
  37987. {{0x01, 0x12, 0x23, 0x34, 0xa5, 0xb6, 0xc7, 0xd8, 0xe9}, 9},
  37988. {{0x01, 0x02}, 2},
  37989. {{0x00}, 0},
  37990. {{0x00}, 0}
  37991. };
  37992. long len = 0;
  37993. unsigned char* returnedBuf = NULL;
  37994. for (i = 0; i < NUM_CASES; ++i) {
  37995. returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len);
  37996. if (returnedBuf == NULL) {
  37997. AssertIntEQ(expectedOutputs[i].ret, 0);
  37998. continue;
  37999. }
  38000. AssertIntEQ(expectedOutputs[i].ret, len);
  38001. for (j = 0; j < len; ++j) {
  38002. AssertIntEQ(expectedOutputs[i].buffer[j], returnedBuf[j]);
  38003. }
  38004. OPENSSL_free(returnedBuf);
  38005. }
  38006. res = TEST_RES_CHECK(1);
  38007. #endif
  38008. return res;
  38009. }
  38010. static int test_wolfSSL_ASN1_STRING_print_ex(void)
  38011. {
  38012. int res = TEST_SKIPPED;
  38013. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
  38014. #ifndef NO_BIO
  38015. ASN1_STRING* asn_str;
  38016. const char data[] = "Hello wolfSSL!";
  38017. ASN1_STRING* esc_str;
  38018. const char esc_data[] = "a+;<>";
  38019. BIO *bio;
  38020. unsigned long flags;
  38021. int p_len;
  38022. unsigned char rbuf[255];
  38023. /* setup */
  38024. XMEMSET(rbuf, 0, 255);
  38025. bio = BIO_new(BIO_s_mem());
  38026. BIO_set_write_buf_size(bio,255);
  38027. asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
  38028. ASN1_STRING_set(asn_str, (const void*)data, sizeof(data));
  38029. esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
  38030. ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data));
  38031. /* no flags */
  38032. XMEMSET(rbuf, 0, 255);
  38033. flags = 0;
  38034. p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
  38035. AssertIntEQ(p_len, 15);
  38036. BIO_read(bio, (void*)rbuf, 15);
  38037. AssertStrEQ((char*)rbuf, "Hello wolfSSL!");
  38038. /* RFC2253 Escape */
  38039. XMEMSET(rbuf, 0, 255);
  38040. flags = ASN1_STRFLGS_ESC_2253;
  38041. p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags);
  38042. AssertIntEQ(p_len, 9);
  38043. BIO_read(bio, (void*)rbuf, 9);
  38044. AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>");
  38045. /* Show type */
  38046. XMEMSET(rbuf, 0, 255);
  38047. flags = ASN1_STRFLGS_SHOW_TYPE;
  38048. p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
  38049. AssertIntEQ(p_len, 28);
  38050. BIO_read(bio, (void*)rbuf, 28);
  38051. AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!");
  38052. /* Dump All */
  38053. XMEMSET(rbuf, 0, 255);
  38054. flags = ASN1_STRFLGS_DUMP_ALL;
  38055. p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
  38056. AssertIntEQ(p_len, 31);
  38057. BIO_read(bio, (void*)rbuf, 31);
  38058. AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100");
  38059. /* Dump Der */
  38060. XMEMSET(rbuf, 0, 255);
  38061. flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER;
  38062. p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
  38063. AssertIntEQ(p_len, 35);
  38064. BIO_read(bio, (void*)rbuf, 35);
  38065. AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100");
  38066. /* Dump All + Show type */
  38067. XMEMSET(rbuf, 0, 255);
  38068. flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
  38069. p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
  38070. AssertIntEQ(p_len, 44);
  38071. BIO_read(bio, (void*)rbuf, 44);
  38072. AssertStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100");
  38073. BIO_free(bio);
  38074. ASN1_STRING_free(asn_str);
  38075. ASN1_STRING_free(esc_str);
  38076. res = TEST_RES_CHECK(1);
  38077. #endif /* !NO_BIO */
  38078. #endif
  38079. return res;
  38080. }
  38081. static int test_wolfSSL_ASN1_TIME_to_generalizedtime(void)
  38082. {
  38083. int res = TEST_SKIPPED;
  38084. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
  38085. WOLFSSL_ASN1_TIME *t;
  38086. WOLFSSL_ASN1_TIME *out;
  38087. WOLFSSL_ASN1_TIME *gtime;
  38088. int tlen = 0;
  38089. unsigned char *data;
  38090. /* UTC Time test */
  38091. AssertNotNull(t = wolfSSL_ASN1_TIME_new());
  38092. XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE);
  38093. AssertNotNull(out = wolfSSL_ASN1_TIME_new());
  38094. t->type = ASN_UTC_TIME;
  38095. t->length = ASN_UTC_TIME_SIZE;
  38096. XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
  38097. tlen = wolfSSL_ASN1_TIME_get_length(t);
  38098. AssertIntEQ(tlen, ASN_UTC_TIME_SIZE);
  38099. data = wolfSSL_ASN1_TIME_get_data(t);
  38100. AssertStrEQ((char*)data, "050727123456Z");
  38101. gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
  38102. AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
  38103. AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
  38104. AssertStrEQ((char*)gtime->data, "20050727123456Z");
  38105. /* Generalized Time test */
  38106. XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
  38107. XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE);
  38108. XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE);
  38109. t->type = ASN_GENERALIZED_TIME;
  38110. t->length = ASN_GENERALIZED_TIME_SIZE;
  38111. XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE);
  38112. tlen = wolfSSL_ASN1_TIME_get_length(t);
  38113. AssertIntEQ(tlen, ASN_GENERALIZED_TIME_SIZE);
  38114. data = wolfSSL_ASN1_TIME_get_data(t);
  38115. AssertStrEQ((char*)data, "20050727123456Z");
  38116. gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
  38117. AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
  38118. AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
  38119. AssertStrEQ((char*)gtime->data, "20050727123456Z");
  38120. XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  38121. /* Null parameter test */
  38122. XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
  38123. gtime = NULL;
  38124. out = NULL;
  38125. t->type = ASN_UTC_TIME;
  38126. t->length = ASN_UTC_TIME_SIZE;
  38127. XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
  38128. AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL));
  38129. AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
  38130. AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
  38131. AssertStrEQ((char*)gtime->data, "20050727123456Z");
  38132. XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  38133. XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  38134. res = TEST_RES_CHECK(1);
  38135. #endif
  38136. return res;
  38137. }
  38138. static int test_wolfSSL_X509_CA_num(void)
  38139. {
  38140. int res = TEST_SKIPPED;
  38141. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
  38142. defined(HAVE_ECC) && !defined(NO_RSA)
  38143. WOLFSSL_X509_STORE *store;
  38144. WOLFSSL_X509 *x509_1, *x509_2;
  38145. int ca_num = 0;
  38146. store = wolfSSL_X509_STORE_new();
  38147. x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
  38148. wolfSSL_X509_STORE_add_cert(store, x509_1);
  38149. ca_num = wolfSSL_X509_CA_num(store);
  38150. AssertIntEQ(ca_num, 1);
  38151. x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, WOLFSSL_FILETYPE_PEM);
  38152. wolfSSL_X509_STORE_add_cert(store, x509_2);
  38153. ca_num = wolfSSL_X509_CA_num(store);
  38154. AssertIntEQ(ca_num, 2);
  38155. wolfSSL_X509_free(x509_1);
  38156. wolfSSL_X509_free(x509_2);
  38157. wolfSSL_X509_STORE_free(store);
  38158. res = TEST_RES_CHECK(1);
  38159. #endif
  38160. return res;
  38161. }
  38162. static int test_wolfSSL_X509_check_ca(void)
  38163. {
  38164. int res = TEST_SKIPPED;
  38165. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  38166. WOLFSSL_X509 *x509;
  38167. x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
  38168. AssertIntEQ(wolfSSL_X509_check_ca(x509), 1);
  38169. wolfSSL_X509_free(x509);
  38170. res = TEST_RES_CHECK(1);
  38171. #endif
  38172. return res;
  38173. }
  38174. static int test_wolfSSL_X509_check_ip_asc(void)
  38175. {
  38176. int res = TEST_SKIPPED;
  38177. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  38178. WOLFSSL_X509 *x509;
  38179. x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
  38180. #if 0
  38181. /* TODO: add cert gen for testing positive case */
  38182. AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
  38183. #endif
  38184. AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
  38185. AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
  38186. wolfSSL_X509_free(x509);
  38187. res = TEST_RES_CHECK(1);
  38188. #endif
  38189. return res;
  38190. }
  38191. static int test_wolfSSL_make_cert(void)
  38192. {
  38193. int res = TEST_SKIPPED;
  38194. #if !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
  38195. int ret;
  38196. Cert cert;
  38197. CertName name;
  38198. RsaKey key;
  38199. WC_RNG rng;
  38200. byte der[FOURK_BUF];
  38201. word32 idx;
  38202. const byte mySerial[8] = {1,2,3,4,5,6,7,8};
  38203. #ifdef OPENSSL_EXTRA
  38204. const unsigned char* pt;
  38205. int certSz;
  38206. X509* x509;
  38207. X509_NAME* x509name;
  38208. X509_NAME_ENTRY* entry;
  38209. ASN1_STRING* entryValue;
  38210. #endif
  38211. XMEMSET(&name, 0, sizeof(CertName));
  38212. /* set up cert name */
  38213. XMEMCPY(name.country, "US", sizeof("US"));
  38214. name.countryEnc = CTC_PRINTABLE;
  38215. XMEMCPY(name.state, "Oregon", sizeof("Oregon"));
  38216. name.stateEnc = CTC_UTF8;
  38217. XMEMCPY(name.locality, "Portland", sizeof("Portland"));
  38218. name.localityEnc = CTC_UTF8;
  38219. XMEMCPY(name.sur, "Test", sizeof("Test"));
  38220. name.surEnc = CTC_UTF8;
  38221. XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL"));
  38222. name.orgEnc = CTC_UTF8;
  38223. XMEMCPY(name.unit, "Development", sizeof("Development"));
  38224. name.unitEnc = CTC_UTF8;
  38225. XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
  38226. name.commonNameEnc = CTC_UTF8;
  38227. XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
  38228. name.serialDevEnc = CTC_PRINTABLE;
  38229. XMEMCPY(name.userId, "TestUserID", sizeof("TestUserID"));
  38230. name.userIdEnc = CTC_PRINTABLE;
  38231. #ifdef WOLFSSL_MULTI_ATTRIB
  38232. #if CTC_MAX_ATTRIB > 2
  38233. {
  38234. NameAttrib* n;
  38235. n = &name.name[0];
  38236. n->id = ASN_DOMAIN_COMPONENT;
  38237. n->type = CTC_UTF8;
  38238. n->sz = sizeof("com");
  38239. XMEMCPY(n->value, "com", sizeof("com"));
  38240. n = &name.name[1];
  38241. n->id = ASN_DOMAIN_COMPONENT;
  38242. n->type = CTC_UTF8;
  38243. n->sz = sizeof("wolfssl");
  38244. XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
  38245. }
  38246. #endif
  38247. #endif /* WOLFSSL_MULTI_ATTRIB */
  38248. AssertIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
  38249. #ifndef HAVE_FIPS
  38250. AssertIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0);
  38251. #else
  38252. AssertIntEQ(wc_InitRng(&rng), 0);
  38253. #endif
  38254. /* load test RSA key */
  38255. idx = 0;
  38256. #if defined(USE_CERT_BUFFERS_1024)
  38257. AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_1024, &idx, &key,
  38258. sizeof_server_key_der_1024), 0);
  38259. #elif defined(USE_CERT_BUFFERS_2048)
  38260. AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
  38261. sizeof_server_key_der_2048), 0);
  38262. #else
  38263. /* error case, no RSA key loaded, happens later */
  38264. (void)idx;
  38265. #endif
  38266. XMEMSET(&cert, 0 , sizeof(Cert));
  38267. AssertIntEQ(wc_InitCert(&cert), 0);
  38268. XMEMCPY(&cert.subject, &name, sizeof(CertName));
  38269. XMEMCPY(cert.serial, mySerial, sizeof(mySerial));
  38270. cert.serialSz = (int)sizeof(mySerial);
  38271. cert.isCA = 1;
  38272. #ifndef NO_SHA256
  38273. cert.sigType = CTC_SHA256wRSA;
  38274. #else
  38275. cert.sigType = CTC_SHAwRSA;
  38276. #endif
  38277. /* add SKID from the Public Key */
  38278. AssertIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0);
  38279. /* add AKID from the Public Key */
  38280. AssertIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0);
  38281. ret = 0;
  38282. do {
  38283. #if defined(WOLFSSL_ASYNC_CRYPT)
  38284. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  38285. #endif
  38286. if (ret >= 0) {
  38287. ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng);
  38288. }
  38289. } while (ret == WC_PENDING_E);
  38290. AssertIntGT(ret, 0);
  38291. #ifdef OPENSSL_EXTRA
  38292. /* der holds a certificate with DC's now check X509 parsing of it */
  38293. certSz = ret;
  38294. pt = der;
  38295. AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz));
  38296. AssertNotNull(x509name = X509_get_subject_name(x509));
  38297. #ifdef WOLFSSL_MULTI_ATTRIB
  38298. AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
  38299. -1)), 5);
  38300. AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
  38301. idx)), 6);
  38302. AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
  38303. idx)), -1);
  38304. #endif /* WOLFSSL_MULTI_ATTRIB */
  38305. /* compare DN at index 0 */
  38306. AssertNotNull(entry = X509_NAME_get_entry(x509name, 0));
  38307. AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
  38308. AssertIntEQ(ASN1_STRING_length(entryValue), 2);
  38309. AssertStrEQ((const char*)ASN1_STRING_data(entryValue), "US");
  38310. #ifdef WOLFSSL_MULTI_ATTRIB
  38311. /* get first and second DC and compare result */
  38312. AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
  38313. -1)), 5);
  38314. AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
  38315. AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
  38316. AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "com");
  38317. AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
  38318. idx)), 6);
  38319. AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
  38320. AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
  38321. AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl");
  38322. #endif /* WOLFSSL_MULTI_ATTRIB */
  38323. /* try invalid index locations for regression test and sanity check */
  38324. AssertNull(entry = X509_NAME_get_entry(x509name, 11));
  38325. AssertNull(entry = X509_NAME_get_entry(x509name, 20));
  38326. X509_free(x509);
  38327. #endif /* OPENSSL_EXTRA */
  38328. wc_FreeRsaKey(&key);
  38329. wc_FreeRng(&rng);
  38330. res = TEST_RES_CHECK(1);
  38331. #endif
  38332. return res;
  38333. }
  38334. static int test_wolfSSL_X509_get_version(void)
  38335. {
  38336. int res = TEST_SKIPPED;
  38337. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  38338. WOLFSSL_X509 *x509;
  38339. x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
  38340. AssertNotNull(x509);
  38341. AssertIntEQ((int)wolfSSL_X509_get_version(x509), 2);
  38342. wolfSSL_X509_free(x509);
  38343. res = TEST_RES_CHECK(1);
  38344. #endif
  38345. return res;
  38346. }
  38347. static int test_wolfSSL_DES_ncbc(void)
  38348. {
  38349. int res = TEST_SKIPPED;
  38350. #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
  38351. const_DES_cblock myDes;
  38352. DES_cblock iv = {1};
  38353. DES_key_schedule key = {0};
  38354. unsigned char msg[] = "hello wolfssl";
  38355. unsigned char out[DES_BLOCK_SIZE * 2] = {0};
  38356. unsigned char pln[DES_BLOCK_SIZE * 2] = {0};
  38357. unsigned char exp[] = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4};
  38358. unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58};
  38359. /* partial block test */
  38360. DES_set_key(&key, &myDes);
  38361. DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT);
  38362. AssertIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0);
  38363. AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
  38364. DES_set_key(&key, &myDes);
  38365. XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
  38366. *((byte*)&iv) = 1;
  38367. DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT);
  38368. AssertIntEQ(XMEMCMP(msg, pln, 3), 0);
  38369. AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
  38370. /* full block test */
  38371. DES_set_key(&key, &myDes);
  38372. XMEMSET(pln, 0, DES_BLOCK_SIZE);
  38373. XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
  38374. *((byte*)&iv) = 1;
  38375. DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT);
  38376. AssertIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0);
  38377. AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
  38378. DES_set_key(&key, &myDes);
  38379. XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
  38380. *((byte*)&iv) = 1;
  38381. DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT);
  38382. AssertIntEQ(XMEMCMP(msg, pln, 8), 0);
  38383. AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
  38384. res = TEST_RES_CHECK(1);
  38385. #endif
  38386. return res;
  38387. }
  38388. static int test_wolfSSL_AES_cbc_encrypt(void)
  38389. {
  38390. int res = TEST_SKIPPED;
  38391. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA)
  38392. AES_KEY aes;
  38393. AES_KEY* aesN = NULL;
  38394. size_t len = 0;
  38395. size_t lenB = 0;
  38396. int keySz0 = 0;
  38397. int keySzN = -1;
  38398. byte out[AES_BLOCK_SIZE] = {0};
  38399. byte* outN = NULL;
  38400. /* Test vectors retrieved from:
  38401. * <begin URL>
  38402. * https://csrc.nist.gov/
  38403. * CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/
  38404. * documents/aes/KAT_AES.zip
  38405. * </end URL>
  38406. */
  38407. const byte* pt128N = NULL;
  38408. byte* key128N = NULL;
  38409. byte* iv128N = NULL;
  38410. byte iv128tmp[AES_BLOCK_SIZE] = {0};
  38411. const byte pt128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  38412. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
  38413. const byte ct128[] = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9,
  38414. 0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 };
  38415. const byte iv128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  38416. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
  38417. byte key128[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  38418. 0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 };
  38419. len = sizeof(pt128);
  38420. #define STRESS_T(a, b, c, d, e, f, g, h, i) \
  38421. wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \
  38422. AssertIntNE(XMEMCMP(b, g, h), i)
  38423. #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE)
  38424. /* Stressing wolfSSL_AES_cbc_encrypt() */
  38425. STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
  38426. STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0);
  38427. wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, AES_ENCRYPT);
  38428. AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
  38429. wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, AES_ENCRYPT);
  38430. AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
  38431. STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
  38432. /* Stressing wolfSSL_AES_set_encrypt_key */
  38433. AssertIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0);
  38434. AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0);
  38435. AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0);
  38436. AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0);
  38437. /* Stressing wolfSSL_AES_set_decrypt_key */
  38438. AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0);
  38439. AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0);
  38440. AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0);
  38441. AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0);
  38442. #ifdef WOLFSSL_AES_128
  38443. /* wolfSSL_AES_cbc_encrypt() 128-bit */
  38444. XMEMSET(out, 0, AES_BLOCK_SIZE);
  38445. RESET_IV(iv128tmp, iv128);
  38446. AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
  38447. wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, AES_ENCRYPT);
  38448. AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
  38449. #ifdef HAVE_AES_DECRYPT
  38450. /* wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode */
  38451. XMEMSET(out, 0, AES_BLOCK_SIZE);
  38452. RESET_IV(iv128tmp, iv128);
  38453. len = sizeof(ct128);
  38454. AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
  38455. wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, AES_DECRYPT);
  38456. AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
  38457. #endif
  38458. #endif /* WOLFSSL_AES_128 */
  38459. #ifdef WOLFSSL_AES_192
  38460. {
  38461. /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
  38462. * Appendix F.2.3 */
  38463. byte iv192tmp[AES_BLOCK_SIZE] = {0};
  38464. const byte pt192[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  38465. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
  38466. const byte ct192[] = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
  38467. 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 };
  38468. const byte iv192[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  38469. 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
  38470. byte key192[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  38471. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  38472. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b };
  38473. len = sizeof(pt192);
  38474. /* wolfSSL_AES_cbc_encrypt() 192-bit */
  38475. XMEMSET(out, 0, AES_BLOCK_SIZE);
  38476. RESET_IV(iv192tmp, iv192);
  38477. AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
  38478. wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, AES_ENCRYPT);
  38479. AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
  38480. #ifdef HAVE_AES_DECRYPT
  38481. /* wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode */
  38482. len = sizeof(ct192);
  38483. RESET_IV(iv192tmp, iv192);
  38484. XMEMSET(out, 0, AES_BLOCK_SIZE);
  38485. AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
  38486. wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, AES_DECRYPT);
  38487. AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
  38488. #endif
  38489. }
  38490. #endif /* WOLFSSL_AES_192 */
  38491. #ifdef WOLFSSL_AES_256
  38492. {
  38493. /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
  38494. * Appendix F.2.5 */
  38495. byte iv256tmp[AES_BLOCK_SIZE] = {0};
  38496. const byte pt256[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  38497. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
  38498. const byte ct256[] = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
  38499. 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 };
  38500. const byte iv256[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  38501. 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
  38502. byte key256[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  38503. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  38504. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  38505. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };
  38506. len = sizeof(pt256);
  38507. /* wolfSSL_AES_cbc_encrypt() 256-bit */
  38508. XMEMSET(out, 0, AES_BLOCK_SIZE);
  38509. RESET_IV(iv256tmp, iv256);
  38510. AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
  38511. wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, AES_ENCRYPT);
  38512. AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
  38513. #ifdef HAVE_AES_DECRYPT
  38514. /* wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode */
  38515. len = sizeof(ct256);
  38516. RESET_IV(iv256tmp, iv256);
  38517. XMEMSET(out, 0, AES_BLOCK_SIZE);
  38518. AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
  38519. wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, AES_DECRYPT);
  38520. AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
  38521. #endif
  38522. #if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  38523. {
  38524. byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
  38525. byte wrapPlain[sizeof(key256)] = { 0 };
  38526. byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
  38527. /* wolfSSL_AES_wrap_key() 256-bit NULL iv */
  38528. AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
  38529. AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
  38530. 15), WOLFSSL_FAILURE);
  38531. AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
  38532. sizeof(key256)), sizeof(wrapCipher));
  38533. /* wolfSSL_AES_unwrap_key() 256-bit NULL iv */
  38534. AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
  38535. AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
  38536. 23), WOLFSSL_FAILURE);
  38537. AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
  38538. sizeof(wrapCipher)), sizeof(wrapPlain));
  38539. AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
  38540. XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
  38541. XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
  38542. /* wolfSSL_AES_wrap_key() 256-bit custom iv */
  38543. AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
  38544. AssertIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256,
  38545. sizeof(key256)), sizeof(wrapCipher));
  38546. /* wolfSSL_AES_unwrap_key() 256-bit custom iv */
  38547. AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
  38548. AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
  38549. sizeof(wrapCipher)), sizeof(wrapPlain));
  38550. AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
  38551. }
  38552. #endif /* HAVE_AES_KEYWRAP */
  38553. }
  38554. #endif /* WOLFSSL_AES_256 */
  38555. res = TEST_RES_CHECK(1);
  38556. #endif
  38557. return res;
  38558. }
  38559. static int test_wolfSSL_CRYPTO_cts128(void)
  38560. {
  38561. int res = TEST_SKIPPED;
  38562. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) \
  38563. && defined(HAVE_CTS)
  38564. byte tmp[64]; /* Largest vector size */
  38565. /* Test vectors taken form RFC3962 Appendix B */
  38566. const testVector vects[] = {
  38567. {
  38568. "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
  38569. "\x20",
  38570. "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
  38571. "\x97",
  38572. 17, 17
  38573. },
  38574. {
  38575. "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
  38576. "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
  38577. "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
  38578. "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5",
  38579. 31, 31
  38580. },
  38581. {
  38582. "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
  38583. "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
  38584. "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
  38585. "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
  38586. 32, 32
  38587. },
  38588. {
  38589. "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
  38590. "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
  38591. "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
  38592. "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
  38593. "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
  38594. "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5",
  38595. 47, 47
  38596. },
  38597. {
  38598. "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
  38599. "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
  38600. "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
  38601. "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
  38602. "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
  38603. "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
  38604. 48, 48
  38605. },
  38606. {
  38607. "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
  38608. "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
  38609. "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
  38610. "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
  38611. "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
  38612. "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
  38613. "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
  38614. "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
  38615. 64, 64
  38616. }
  38617. };
  38618. byte keyBytes[AES_128_KEY_SIZE] = {
  38619. 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
  38620. 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
  38621. };
  38622. size_t i;
  38623. XMEMSET(tmp, 0, sizeof(tmp));
  38624. for (i = 0; i < sizeof(vects)/sizeof(vects[0]); i++) {
  38625. AES_KEY encKey;
  38626. AES_KEY decKey;
  38627. byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */
  38628. XMEMSET(iv, 0, sizeof(iv));
  38629. AssertIntEQ(AES_set_encrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &encKey), 0);
  38630. AssertIntEQ(AES_set_decrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &decKey), 0);
  38631. AssertIntEQ(CRYPTO_cts128_encrypt((const unsigned char*)vects[i].input,
  38632. tmp, vects[i].inLen, &encKey, iv, (cbc128_f)AES_cbc_encrypt),
  38633. vects[i].outLen);
  38634. AssertIntEQ(XMEMCMP(tmp, vects[i].output, vects[i].outLen), 0);
  38635. XMEMSET(iv, 0, sizeof(iv));
  38636. AssertIntEQ(CRYPTO_cts128_decrypt((const unsigned char*)vects[i].output,
  38637. tmp, vects[i].outLen, &decKey, iv, (cbc128_f)AES_cbc_encrypt),
  38638. vects[i].inLen);
  38639. AssertIntEQ(XMEMCMP(tmp, vects[i].input, vects[i].inLen), 0);
  38640. }
  38641. res = TEST_RES_CHECK(1);
  38642. #endif /* !NO_AES && HAVE_AES_CBC && OPENSSL_EXTRA && HAVE_CTS */
  38643. return res;
  38644. }
  38645. #if defined(OPENSSL_ALL)
  38646. #if !defined(NO_ASN)
  38647. static int test_wolfSSL_ASN1_STRING_to_UTF8(void)
  38648. {
  38649. int res = TEST_SKIPPED;
  38650. #if !defined(NO_RSA)
  38651. WOLFSSL_X509* x509;
  38652. WOLFSSL_X509_NAME* subject;
  38653. WOLFSSL_X509_NAME_ENTRY* e;
  38654. WOLFSSL_ASN1_STRING* a;
  38655. FILE* file;
  38656. int idx = 0;
  38657. char targetOutput[16] = "www.wolfssl.com";
  38658. unsigned char* actual_output;
  38659. int len = 0;
  38660. int result = 0;
  38661. AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
  38662. AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
  38663. fclose(file);
  38664. /* wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName */
  38665. AssertNotNull(subject = wolfSSL_X509_get_subject_name(x509));
  38666. AssertIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject,
  38667. NID_commonName, -1)), 5);
  38668. AssertNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx));
  38669. AssertNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e));
  38670. AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15);
  38671. result = strncmp((const char*)actual_output, targetOutput, len);
  38672. AssertIntEQ(result, 0);
  38673. /* wolfSSL_ASN1_STRING_to_UTF8(NULL, valid) */
  38674. AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)),
  38675. WOLFSSL_FATAL_ERROR);
  38676. /* wolfSSL_ASN1_STRING_to_UTF8(valid, NULL) */
  38677. AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)),
  38678. WOLFSSL_FATAL_ERROR);
  38679. /* wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL) */
  38680. AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)),
  38681. WOLFSSL_FATAL_ERROR);
  38682. wolfSSL_X509_free(x509);
  38683. XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  38684. res = TEST_RES_CHECK(1);
  38685. #endif
  38686. return res;
  38687. }
  38688. static int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
  38689. {
  38690. ASN1_STRING* asn1str_test;
  38691. ASN1_STRING* asn1str_answer;
  38692. /* Each character is encoded using 4 bytes */
  38693. char input[] = {
  38694. 0, 0, 0, 'T',
  38695. 0, 0, 0, 'e',
  38696. 0, 0, 0, 's',
  38697. 0, 0, 0, 't',
  38698. };
  38699. char output[] = "Test";
  38700. AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING));
  38701. AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1);
  38702. AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1);
  38703. AssertNotNull(asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
  38704. AssertIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1);
  38705. AssertIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0);
  38706. ASN1_STRING_free(asn1str_test);
  38707. ASN1_STRING_free(asn1str_answer);
  38708. return TEST_RES_CHECK(1);
  38709. }
  38710. #endif /* !defined(NO_ASN) */
  38711. static int test_wolfSSL_sk_CIPHER_description(void)
  38712. {
  38713. int res = TEST_SKIPPED;
  38714. #if !defined(NO_RSA)
  38715. const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
  38716. int i,j,k;
  38717. int numCiphers = 0;
  38718. const SSL_METHOD *method = NULL;
  38719. const SSL_CIPHER *cipher = NULL;
  38720. STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
  38721. SSL_CTX *ctx = NULL;
  38722. SSL *ssl = NULL;
  38723. char buf[256];
  38724. char test_str[9] = "0000000";
  38725. const char badStr[] = "unknown";
  38726. const char certPath[] = "./certs/client-cert.pem";
  38727. XMEMSET(buf, 0, sizeof(buf));
  38728. AssertNotNull(method = TLSv1_2_client_method());
  38729. AssertNotNull(ctx = SSL_CTX_new(method));
  38730. SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
  38731. SSL_CTX_set_verify_depth(ctx, 4);
  38732. SSL_CTX_set_options(ctx, flags);
  38733. AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
  38734. WOLFSSL_SUCCESS);
  38735. AssertNotNull(ssl = SSL_new(ctx));
  38736. /* SSL_get_ciphers returns a stack of all configured ciphers
  38737. * A flag, getCipherAtOffset, is set to later have SSL_CIPHER_description
  38738. */
  38739. AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));
  38740. /* loop through the amount of supportedCiphers */
  38741. numCiphers = sk_num(supportedCiphers);
  38742. for (i = 0; i < numCiphers; ++i) {
  38743. /* sk_value increments "sk->data.cipher->cipherOffset".
  38744. * wolfSSL_sk_CIPHER_description sets the description for
  38745. * the cipher based on the provided offset.
  38746. */
  38747. if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
  38748. SSL_CIPHER_description(cipher, buf, sizeof(buf));
  38749. }
  38750. /* Search cipher description string for "unknown" descriptor */
  38751. for (j = 0; j < (int)XSTRLEN(buf); j++) {
  38752. k = 0;
  38753. while ((k < (int)XSTRLEN(badStr)) && (buf[j] == badStr[k])) {
  38754. test_str[k] = badStr[k];
  38755. j++;
  38756. k++;
  38757. }
  38758. }
  38759. /* Fail if test_str == badStr == "unknown" */
  38760. AssertStrNE(test_str,badStr);
  38761. }
  38762. SSL_free(ssl);
  38763. SSL_CTX_free(ctx);
  38764. res = TEST_RES_CHECK(1);
  38765. #endif
  38766. return res;
  38767. }
  38768. static int test_wolfSSL_get_ciphers_compat(void)
  38769. {
  38770. int res = TEST_SKIPPED;
  38771. #if !defined(NO_RSA)
  38772. const SSL_METHOD *method = NULL;
  38773. const char certPath[] = "./certs/client-cert.pem";
  38774. STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
  38775. SSL_CTX *ctx = NULL;
  38776. WOLFSSL *ssl = NULL;
  38777. const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
  38778. method = SSLv23_client_method();
  38779. AssertNotNull(method);
  38780. ctx = SSL_CTX_new(method);
  38781. AssertNotNull(ctx);
  38782. SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
  38783. SSL_CTX_set_verify_depth(ctx, 4);
  38784. SSL_CTX_set_options(ctx, flags);
  38785. AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
  38786. WOLFSSL_SUCCESS);
  38787. AssertNotNull(ssl = SSL_new(ctx));
  38788. /* Test Bad NULL input */
  38789. AssertNull(supportedCiphers = SSL_get_ciphers(NULL));
  38790. /* Test for Good input */
  38791. AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));
  38792. /* Further usage of SSL_get_ciphers/wolfSSL_get_ciphers_compat is
  38793. * tested in test_wolfSSL_sk_CIPHER_description according to Qt usage */
  38794. SSL_free(ssl);
  38795. SSL_CTX_free(ctx);
  38796. res = TEST_RES_CHECK(1);
  38797. #endif
  38798. return res;
  38799. }
  38800. static int test_wolfSSL_X509_PUBKEY_get(void)
  38801. {
  38802. WOLFSSL_X509_PUBKEY pubkey;
  38803. WOLFSSL_X509_PUBKEY* key;
  38804. WOLFSSL_EVP_PKEY evpkey ;
  38805. WOLFSSL_EVP_PKEY* evpPkey;
  38806. WOLFSSL_EVP_PKEY* retEvpPkey;
  38807. XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY));
  38808. XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY));
  38809. key = &pubkey;
  38810. evpPkey = &evpkey;
  38811. evpPkey->type = WOLFSSL_SUCCESS;
  38812. key->pkey = evpPkey;
  38813. AssertNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
  38814. AssertIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS);
  38815. AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL));
  38816. key->pkey = NULL;
  38817. AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
  38818. return TEST_RES_CHECK(retEvpPkey == NULL);
  38819. }
  38820. static int test_wolfSSL_EC_KEY_dup(void)
  38821. {
  38822. int res = TEST_SKIPPED;
  38823. #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || \
  38824. defined(OPENSSL_EXTRA_X509_SMALL))
  38825. WOLFSSL_EC_KEY* ecKey;
  38826. WOLFSSL_EC_KEY* dupKey;
  38827. ecc_key* srcKey;
  38828. ecc_key* destKey;
  38829. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  38830. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  38831. /* Valid cases */
  38832. AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  38833. AssertIntEQ(EC_KEY_check_key(dupKey), 1);
  38834. /* Compare pubkey */
  38835. srcKey = (ecc_key*)ecKey->internal;
  38836. destKey = (ecc_key*)dupKey->internal;
  38837. AssertIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0);
  38838. /* compare EC_GROUP */
  38839. AssertIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ);
  38840. /* compare EC_POINT */
  38841. AssertIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \
  38842. dupKey->pub_key, NULL), MP_EQ);
  38843. /* compare BIGNUM */
  38844. AssertIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ);
  38845. wolfSSL_EC_KEY_free(dupKey);
  38846. /* Invalid cases */
  38847. /* NULL key */
  38848. AssertNull(dupKey = wolfSSL_EC_KEY_dup(NULL));
  38849. /* NULL ecc_key */
  38850. wc_ecc_free((ecc_key*)ecKey->internal);
  38851. XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC);
  38852. ecKey->internal = NULL; /* Set ecc_key to NULL */
  38853. AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  38854. wolfSSL_EC_KEY_free(ecKey);
  38855. wolfSSL_EC_KEY_free(dupKey);
  38856. /* NULL Group */
  38857. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  38858. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  38859. wolfSSL_EC_GROUP_free(ecKey->group);
  38860. ecKey->group = NULL; /* Set group to NULL */
  38861. AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  38862. wolfSSL_EC_KEY_free(ecKey);
  38863. wolfSSL_EC_KEY_free(dupKey);
  38864. /* NULL public key */
  38865. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  38866. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  38867. wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal);
  38868. ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */
  38869. AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  38870. wolfSSL_EC_POINT_free(ecKey->pub_key);
  38871. ecKey->pub_key = NULL; /* Set pub_key to NULL */
  38872. AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  38873. wolfSSL_EC_KEY_free(ecKey);
  38874. wolfSSL_EC_KEY_free(dupKey);
  38875. /* NULL private key */
  38876. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  38877. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  38878. wolfSSL_BN_free(ecKey->priv_key);
  38879. ecKey->priv_key = NULL; /* Set priv_key to NULL */
  38880. AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  38881. wolfSSL_EC_KEY_free(ecKey);
  38882. wolfSSL_EC_KEY_free(dupKey);
  38883. /* Test EC_KEY_up_ref */
  38884. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  38885. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), WOLFSSL_SUCCESS);
  38886. AssertIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WOLFSSL_FAILURE);
  38887. AssertIntEQ(wolfSSL_EC_KEY_up_ref(ecKey), WOLFSSL_SUCCESS);
  38888. /* reference count doesn't follow duplicate */
  38889. AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  38890. AssertIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +1 */
  38891. AssertIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +2 */
  38892. wolfSSL_EC_KEY_free(dupKey); /* 3 */
  38893. wolfSSL_EC_KEY_free(dupKey); /* 2 */
  38894. wolfSSL_EC_KEY_free(dupKey); /* 1, free */
  38895. wolfSSL_EC_KEY_free(ecKey); /* 2 */
  38896. wolfSSL_EC_KEY_free(ecKey); /* 1, free */
  38897. res = TEST_RES_CHECK(1);
  38898. #endif
  38899. return res;
  38900. }
  38901. static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
  38902. {
  38903. int res = TEST_SKIPPED;
  38904. #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
  38905. DSA *dsa = NULL;
  38906. DSA *setDsa = NULL;
  38907. EVP_PKEY *pkey = NULL;
  38908. EVP_PKEY *set1Pkey = NULL;
  38909. SHA_CTX sha;
  38910. byte signature[DSA_SIG_SIZE];
  38911. byte hash[WC_SHA_DIGEST_SIZE];
  38912. word32 bytes;
  38913. int answer;
  38914. #ifdef USE_CERT_BUFFERS_1024
  38915. const unsigned char* dsaKeyDer = dsa_key_der_1024;
  38916. int dsaKeySz = sizeof_dsa_key_der_1024;
  38917. byte tmp[ONEK_BUF];
  38918. XMEMSET(tmp, 0, sizeof(tmp));
  38919. XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
  38920. bytes = dsaKeySz;
  38921. #elif defined(USE_CERT_BUFFERS_2048)
  38922. const unsigned char* dsaKeyDer = dsa_key_der_2048;
  38923. int dsaKeySz = sizeof_dsa_key_der_2048;
  38924. byte tmp[TWOK_BUF];
  38925. XMEMSET(tmp, 0, sizeof(tmp));
  38926. XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
  38927. bytes = dsaKeySz;
  38928. #else
  38929. byte tmp[TWOK_BUF];
  38930. const unsigned char* dsaKeyDer = (const unsigned char*)tmp;
  38931. int dsaKeySz;
  38932. XMEMSET(tmp, 0, sizeof(tmp));
  38933. XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
  38934. if (fp == XBADFILE) {
  38935. return WOLFSSL_BAD_FILE;
  38936. }
  38937. dsaKeySz = bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
  38938. XFCLOSE(fp);
  38939. #endif /* END USE_CERT_BUFFERS_1024 */
  38940. /* Create hash to later Sign and Verify */
  38941. AssertIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS);
  38942. AssertIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS);
  38943. AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS);
  38944. /* Initialize pkey with der format dsa key */
  38945. AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey,
  38946. &dsaKeyDer ,(long)dsaKeySz));
  38947. /* Test wolfSSL_EVP_PKEY_get1_DSA */
  38948. /* Should Fail: NULL argument */
  38949. AssertNull(dsa = EVP_PKEY_get0_DSA(NULL));
  38950. AssertNull(dsa = EVP_PKEY_get1_DSA(NULL));
  38951. /* Should Pass: Initialized pkey argument */
  38952. AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey));
  38953. AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey));
  38954. #ifdef USE_CERT_BUFFERS_1024
  38955. AssertIntEQ(DSA_bits(dsa), 1024);
  38956. #else
  38957. AssertIntEQ(DSA_bits(dsa), 2048);
  38958. #endif
  38959. /* Sign */
  38960. AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS);
  38961. /* Verify. */
  38962. AssertIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer),
  38963. WOLFSSL_SUCCESS);
  38964. /* Test wolfSSL_EVP_PKEY_set1_DSA */
  38965. /* Should Fail: set1Pkey not initialized */
  38966. AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
  38967. /* Initialize set1Pkey */
  38968. set1Pkey = EVP_PKEY_new();
  38969. /* Should Fail Verify: setDsa not initialized from set1Pkey */
  38970. AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer),
  38971. WOLFSSL_SUCCESS);
  38972. /* Should Pass: set dsa into set1Pkey */
  38973. AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
  38974. DSA_free(dsa);
  38975. DSA_free(setDsa);
  38976. EVP_PKEY_free(pkey);
  38977. EVP_PKEY_free(set1Pkey);
  38978. res = TEST_RES_CHECK(1);
  38979. #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
  38980. return res;
  38981. } /* END test_EVP_PKEY_set1_get1_DSA */
  38982. static int test_wolfSSL_DSA_SIG(void)
  38983. {
  38984. int res = TEST_SKIPPED;
  38985. #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
  38986. !defined(HAVE_FIPS)
  38987. DSA *dsa = NULL;
  38988. DSA *dsa2 = NULL;
  38989. DSA_SIG *sig = NULL;
  38990. const BIGNUM *p = NULL;
  38991. const BIGNUM *q = NULL;
  38992. const BIGNUM *g = NULL;
  38993. const BIGNUM *pub = NULL;
  38994. const BIGNUM *priv = NULL;
  38995. const byte digest[WC_SHA_DIGEST_SIZE] = {0};
  38996. AssertNotNull(dsa = DSA_generate_parameters(2048,
  38997. NULL, 0, NULL, NULL, NULL, NULL));
  38998. DSA_free(dsa);
  38999. AssertNotNull(dsa = DSA_new());
  39000. AssertIntEQ(DSA_generate_parameters_ex(dsa, 2048,
  39001. NULL, 0, NULL, NULL, NULL), 1);
  39002. AssertIntEQ(DSA_generate_key(dsa), 1);
  39003. DSA_get0_pqg(dsa, &p, &q, &g);
  39004. DSA_get0_key(dsa, &pub, &priv);
  39005. AssertNotNull(p = BN_dup(p));
  39006. AssertNotNull(q = BN_dup(q));
  39007. AssertNotNull(g = BN_dup(g));
  39008. AssertNotNull(pub = BN_dup(pub));
  39009. AssertNotNull(priv = BN_dup(priv));
  39010. AssertNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa));
  39011. AssertNotNull(dsa2 = DSA_new());
  39012. AssertIntEQ(DSA_set0_pqg(dsa2, (BIGNUM*)p, (BIGNUM*)q, (BIGNUM*)g), 1);
  39013. AssertIntEQ(DSA_set0_key(dsa2, (BIGNUM*)pub, (BIGNUM*)priv), 1);
  39014. AssertIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1);
  39015. DSA_free(dsa);
  39016. DSA_free(dsa2);
  39017. DSA_SIG_free(sig);
  39018. res = TEST_RES_CHECK(1);
  39019. #endif
  39020. return res;
  39021. }
  39022. static int test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
  39023. {
  39024. int res = TEST_SKIPPED;
  39025. #ifdef HAVE_ECC
  39026. WOLFSSL_EC_KEY *ecKey = NULL;
  39027. WOLFSSL_EC_KEY *ecGet1 = NULL;
  39028. EVP_PKEY *pkey = NULL;
  39029. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  39030. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  39031. /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
  39032. AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
  39033. AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
  39034. /* Should fail since ecKey is empty */
  39035. AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
  39036. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  39037. AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
  39038. /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */
  39039. AssertNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL));
  39040. AssertNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey));
  39041. wolfSSL_EC_KEY_free(ecKey);
  39042. wolfSSL_EC_KEY_free(ecGet1);
  39043. EVP_PKEY_free(pkey);
  39044. res = TEST_RES_CHECK(1);
  39045. #endif /* HAVE_ECC */
  39046. return res;
  39047. } /* END test_EVP_PKEY_set1_get1_EC_KEY */
  39048. static int test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
  39049. {
  39050. int res = TEST_SKIPPED;
  39051. #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
  39052. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  39053. #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
  39054. DH *dh = NULL;
  39055. DH *setDh = NULL;
  39056. EVP_PKEY *pkey = NULL;
  39057. FILE* f = NULL;
  39058. unsigned char buf[4096];
  39059. const unsigned char* pt = buf;
  39060. const char* dh2048 = "./certs/dh2048.der";
  39061. long len = 0;
  39062. int code = -1;
  39063. XMEMSET(buf, 0, sizeof(buf));
  39064. f = XFOPEN(dh2048, "rb");
  39065. AssertTrue(f != XBADFILE);
  39066. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  39067. XFCLOSE(f);
  39068. /* Load dh2048.der into DH with internal format */
  39069. AssertNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len));
  39070. AssertIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS);
  39071. AssertIntEQ(code, 0);
  39072. code = -1;
  39073. pkey = wolfSSL_EVP_PKEY_new();
  39074. /* Set DH into PKEY */
  39075. AssertIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);
  39076. /* Get DH from PKEY */
  39077. AssertNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey));
  39078. AssertIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS);
  39079. AssertIntEQ(code, 0);
  39080. EVP_PKEY_free(pkey);
  39081. DH_free(setDh);
  39082. DH_free(dh);
  39083. res = TEST_RES_CHECK(1);
  39084. #endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */
  39085. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  39086. #endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
  39087. return res;
  39088. } /* END test_EVP_PKEY_set1_get1_DH */
  39089. static int test_wolfSSL_CTX_ctrl(void)
  39090. {
  39091. int res = TEST_SKIPPED;
  39092. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  39093. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  39094. char caFile[] = "./certs/client-ca.pem";
  39095. char clientFile[] = "./certs/client-cert.pem";
  39096. SSL_CTX* ctx;
  39097. X509* x509 = NULL;
  39098. #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
  39099. byte buf[6000];
  39100. char file[] = "./certs/dsaparams.pem";
  39101. XFILE f;
  39102. int bytes;
  39103. BIO* bio;
  39104. DSA* dsa;
  39105. DH* dh;
  39106. #endif
  39107. #ifdef HAVE_ECC
  39108. WOLFSSL_EC_KEY* ecKey;
  39109. #endif
  39110. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  39111. x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
  39112. AssertNotNull(x509);
  39113. AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
  39114. x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
  39115. AssertNotNull(x509);
  39116. #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
  39117. /* Initialize DH */
  39118. f = XFOPEN(file, "rb");
  39119. AssertTrue((f != XBADFILE));
  39120. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  39121. XFCLOSE(f);
  39122. bio = BIO_new_mem_buf((void*)buf, bytes);
  39123. AssertNotNull(bio);
  39124. dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
  39125. AssertNotNull(dsa);
  39126. dh = wolfSSL_DSA_dup_DH(dsa);
  39127. AssertNotNull(dh);
  39128. #endif
  39129. #ifdef HAVE_ECC
  39130. /* Initialize WOLFSSL_EC_KEY */
  39131. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  39132. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey),1);
  39133. #endif
  39134. #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
  39135. /* additional test of getting EVP_PKEY key size from X509
  39136. * Do not run with user RSA because wolfSSL_RSA_size is not currently
  39137. * allowed with user RSA */
  39138. {
  39139. EVP_PKEY* pkey;
  39140. #if defined(HAVE_ECC)
  39141. X509* ecX509;
  39142. #endif /* HAVE_ECC */
  39143. AssertNotNull(pkey = X509_get_pubkey(x509));
  39144. /* current RSA key is 2048 bit (256 bytes) */
  39145. AssertIntEQ(EVP_PKEY_size(pkey), 256);
  39146. EVP_PKEY_free(pkey);
  39147. #if defined(HAVE_ECC)
  39148. #if defined(USE_CERT_BUFFERS_256)
  39149. AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
  39150. cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
  39151. SSL_FILETYPE_ASN1));
  39152. #else
  39153. AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(
  39154. cliEccCertFile, SSL_FILETYPE_PEM));
  39155. #endif
  39156. AssertNotNull(pkey = X509_get_pubkey(ecX509));
  39157. /* current ECC key is 256 bit (32 bytes) */
  39158. AssertIntEQ(EVP_PKEY_size(pkey), 32);
  39159. X509_free(ecX509);
  39160. EVP_PKEY_free(pkey);
  39161. #endif /* HAVE_ECC */
  39162. }
  39163. #endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
  39164. /* Tests should fail with passed in NULL pointer */
  39165. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,NULL),
  39166. SSL_FAILURE);
  39167. #if !defined(NO_DH) && !defined(NO_DSA)
  39168. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,NULL),
  39169. SSL_FAILURE);
  39170. #endif
  39171. #ifdef HAVE_ECC
  39172. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,NULL),
  39173. SSL_FAILURE);
  39174. #endif
  39175. /* Test with SSL_CTRL_EXTRA_CHAIN_CERT
  39176. * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_add_extra_chain_cert
  39177. */
  39178. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,x509),
  39179. SSL_SUCCESS);
  39180. /* Test with SSL_CTRL_OPTIONS
  39181. * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_set_options
  39182. */
  39183. AssertTrue(wolfSSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,SSL_OP_NO_TLSv1,NULL)
  39184. == SSL_OP_NO_TLSv1);
  39185. AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
  39186. /* Test with SSL_CTRL_SET_TMP_DH
  39187. * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh
  39188. */
  39189. #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
  39190. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,dh),
  39191. SSL_SUCCESS);
  39192. #endif
  39193. /* Test with SSL_CTRL_SET_TMP_ECDH
  39194. * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_ecdh
  39195. */
  39196. #ifdef HAVE_ECC
  39197. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,ecKey),
  39198. SSL_SUCCESS);
  39199. #endif
  39200. #ifdef WOLFSSL_ENCRYPTED_KEYS
  39201. AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
  39202. AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
  39203. #endif
  39204. /* Test for min/max proto */
  39205. #ifndef WOLFSSL_NO_TLS12
  39206. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION,
  39207. 0, NULL), SSL_SUCCESS);
  39208. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION,
  39209. TLS1_2_VERSION, NULL), SSL_SUCCESS);
  39210. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION);
  39211. #endif
  39212. #ifdef WOLFSSL_TLS13
  39213. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
  39214. 0, NULL), SSL_SUCCESS);
  39215. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
  39216. TLS1_3_VERSION, NULL), SSL_SUCCESS);
  39217. AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_3_VERSION);
  39218. #ifndef WOLFSSL_NO_TLS12
  39219. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
  39220. TLS1_2_VERSION, NULL), SSL_SUCCESS);
  39221. AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION);
  39222. #endif
  39223. #endif
  39224. /* Cleanup and Pass */
  39225. #if !defined(NO_DH) && !defined(NO_DSA)
  39226. #ifndef NO_BIO
  39227. BIO_free(bio);
  39228. DSA_free(dsa);
  39229. DH_free(dh);
  39230. #endif
  39231. #endif
  39232. #ifdef HAVE_ECC
  39233. wolfSSL_EC_KEY_free(ecKey);
  39234. #endif
  39235. SSL_CTX_free(ctx);
  39236. res = TEST_RES_CHECK(1);
  39237. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  39238. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  39239. return res;
  39240. }
  39241. static int test_wolfSSL_EVP_PKEY_assign(void)
  39242. {
  39243. int res = TEST_SKIPPED;
  39244. int type;
  39245. WOLFSSL_EVP_PKEY* pkey;
  39246. #ifndef NO_RSA
  39247. WOLFSSL_RSA* rsa;
  39248. #endif
  39249. #ifndef NO_DSA
  39250. WOLFSSL_DSA* dsa;
  39251. #endif
  39252. #ifdef HAVE_ECC
  39253. WOLFSSL_EC_KEY* ecKey;
  39254. #endif
  39255. (void)pkey;
  39256. #ifndef NO_RSA
  39257. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  39258. type = EVP_PKEY_RSA;
  39259. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  39260. AssertNotNull(rsa = wolfSSL_RSA_new());
  39261. AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,rsa), WOLFSSL_FAILURE);
  39262. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
  39263. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,rsa), WOLFSSL_FAILURE);
  39264. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,rsa), WOLFSSL_SUCCESS);
  39265. wolfSSL_EVP_PKEY_free(pkey);
  39266. res = TEST_RES_CHECK(1);
  39267. }
  39268. #endif /* NO_RSA */
  39269. #ifndef NO_DSA
  39270. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  39271. type = EVP_PKEY_DSA;
  39272. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  39273. AssertNotNull(dsa = wolfSSL_DSA_new());
  39274. AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,dsa), WOLFSSL_FAILURE);
  39275. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
  39276. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,dsa), WOLFSSL_FAILURE);
  39277. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,dsa), WOLFSSL_SUCCESS);
  39278. wolfSSL_EVP_PKEY_free(pkey);
  39279. res = TEST_RES_CHECK(1);
  39280. }
  39281. #endif /* NO_DSA */
  39282. #ifdef HAVE_ECC
  39283. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  39284. type = EVP_PKEY_EC;
  39285. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  39286. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  39287. AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE);
  39288. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
  39289. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,ecKey), WOLFSSL_FAILURE);
  39290. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_FAILURE);
  39291. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  39292. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS);
  39293. wolfSSL_EVP_PKEY_free(pkey);
  39294. res = TEST_RES_CHECK(1);
  39295. }
  39296. #endif /* HAVE_ECC */
  39297. (void)type;
  39298. return res;
  39299. }
  39300. static int test_wolfSSL_EVP_PKEY_base_id(void)
  39301. {
  39302. WOLFSSL_EVP_PKEY* pkey;
  39303. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  39304. AssertIntEQ(wolfSSL_EVP_PKEY_base_id(NULL), NID_undef);
  39305. AssertIntEQ(wolfSSL_EVP_PKEY_base_id(pkey), EVP_PKEY_RSA);
  39306. EVP_PKEY_free(pkey);
  39307. return TEST_RES_CHECK(1);
  39308. }
  39309. static int test_wolfSSL_EVP_PKEY_id(void)
  39310. {
  39311. WOLFSSL_EVP_PKEY* pkey;
  39312. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  39313. AssertIntEQ(wolfSSL_EVP_PKEY_id(NULL), 0);
  39314. AssertIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_RSA);
  39315. EVP_PKEY_free(pkey);
  39316. return TEST_RES_CHECK(1);
  39317. }
  39318. static int test_wolfSSL_EVP_PKEY_paramgen(void)
  39319. {
  39320. int res = TEST_SKIPPED;
  39321. #if defined(OPENSSL_ALL) && \
  39322. !defined(NO_ECC_SECP) && \
  39323. /* This last bit is taken from ecc.c. It is the condition that
  39324. * defines ECC256 */ \
  39325. ((!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
  39326. ECC_MIN_KEY_SZ <= 256)
  39327. EVP_PKEY_CTX* ctx;
  39328. EVP_PKEY* pkey = NULL;
  39329. /* Test error conditions. */
  39330. AssertIntEQ(EVP_PKEY_paramgen(NULL, &pkey), WOLFSSL_FAILURE);
  39331. AssertNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL));
  39332. AssertIntEQ(EVP_PKEY_paramgen(ctx, NULL), WOLFSSL_FAILURE);
  39333. #ifndef NO_RSA
  39334. EVP_PKEY_CTX_free(ctx);
  39335. /* Parameter generation for RSA not supported yet. */
  39336. AssertNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL));
  39337. AssertIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_FAILURE);
  39338. #endif
  39339. #ifdef HAVE_ECC
  39340. EVP_PKEY_CTX_free(ctx);
  39341. AssertNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL));
  39342. AssertIntEQ(EVP_PKEY_paramgen_init(ctx), WOLFSSL_SUCCESS);
  39343. AssertIntEQ(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx,
  39344. NID_X9_62_prime256v1), WOLFSSL_SUCCESS);
  39345. AssertIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_SUCCESS);
  39346. AssertIntEQ(EVP_PKEY_CTX_set_ec_param_enc(ctx, OPENSSL_EC_NAMED_CURVE),
  39347. WOLFSSL_SUCCESS);
  39348. AssertIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS);
  39349. AssertIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS);
  39350. #endif
  39351. EVP_PKEY_CTX_free(ctx);
  39352. EVP_PKEY_free(pkey);
  39353. res = TEST_RES_CHECK(1);
  39354. #endif
  39355. return res;
  39356. }
  39357. static int test_wolfSSL_EVP_PKEY_keygen(void)
  39358. {
  39359. WOLFSSL_EVP_PKEY* pkey = NULL;
  39360. EVP_PKEY_CTX* ctx = NULL;
  39361. #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
  39362. WOLFSSL_EVP_PKEY* params = NULL;
  39363. DH* dh = NULL;
  39364. const BIGNUM* pubkey = NULL;
  39365. const BIGNUM* privkey = NULL;
  39366. ASN1_INTEGER* asn1int = NULL;
  39367. unsigned int length = 0;
  39368. byte* derBuffer = NULL;
  39369. #endif
  39370. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  39371. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  39372. /* Bad cases */
  39373. AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG);
  39374. AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG);
  39375. AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG);
  39376. /* Good case */
  39377. AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0);
  39378. EVP_PKEY_CTX_free(ctx);
  39379. EVP_PKEY_free(pkey);
  39380. pkey = NULL;
  39381. #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
  39382. /* Test DH keygen */
  39383. {
  39384. AssertNotNull(params = wolfSSL_EVP_PKEY_new());
  39385. AssertNotNull(dh = DH_get_2048_256());
  39386. AssertIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS);
  39387. AssertNotNull(ctx = EVP_PKEY_CTX_new(params, NULL));
  39388. AssertIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS);
  39389. AssertIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS);
  39390. DH_free(dh);
  39391. EVP_PKEY_CTX_free(ctx);
  39392. EVP_PKEY_free(params);
  39393. /* try exporting generated key to DER, to verify */
  39394. AssertNotNull(dh = EVP_PKEY_get1_DH(pkey));
  39395. DH_get0_key(dh, &pubkey, &privkey);
  39396. AssertNotNull(pubkey);
  39397. AssertNotNull(privkey);
  39398. AssertNotNull(asn1int = BN_to_ASN1_INTEGER(pubkey, NULL));
  39399. AssertIntGT((length = i2d_ASN1_INTEGER(asn1int, &derBuffer)), 0);
  39400. ASN1_INTEGER_free(asn1int);
  39401. DH_free(dh);
  39402. XFREE(derBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  39403. EVP_PKEY_free(pkey);
  39404. }
  39405. #endif
  39406. return TEST_RES_CHECK(1);
  39407. }
  39408. static int test_wolfSSL_EVP_PKEY_keygen_init(void)
  39409. {
  39410. WOLFSSL_EVP_PKEY* pkey;
  39411. EVP_PKEY_CTX *ctx;
  39412. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  39413. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  39414. AssertIntEQ(wolfSSL_EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS);
  39415. EVP_PKEY_CTX_free(ctx);
  39416. EVP_PKEY_free(pkey);
  39417. return TEST_RES_CHECK(1);
  39418. }
  39419. static int test_wolfSSL_EVP_PKEY_missing_parameters(void)
  39420. {
  39421. int res = TEST_SKIPPED;
  39422. #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
  39423. WOLFSSL_EVP_PKEY* pkey;
  39424. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  39425. AssertIntEQ(wolfSSL_EVP_PKEY_missing_parameters(pkey), 0);
  39426. EVP_PKEY_free(pkey);
  39427. res = TEST_RES_CHECK(1);
  39428. #endif
  39429. return res;
  39430. }
  39431. static int test_wolfSSL_EVP_PKEY_copy_parameters(void)
  39432. {
  39433. int res = TEST_SKIPPED;
  39434. #if defined(OPENSSL_EXTRA) && !defined(NO_DH) && defined(WOLFSSL_KEY_GEN) && \
  39435. !defined(HAVE_SELFTEST) && (defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
  39436. defined(WOLFSSL_OPENSSH)) && defined(WOLFSSL_DH_EXTRA) && \
  39437. !defined(NO_FILESYSTEM)
  39438. WOLFSSL_EVP_PKEY* params = NULL;
  39439. WOLFSSL_EVP_PKEY* copy = NULL;
  39440. DH* dh = NULL;
  39441. BIGNUM* p1;
  39442. BIGNUM* g1;
  39443. BIGNUM* q1;
  39444. BIGNUM* p2;
  39445. BIGNUM* g2;
  39446. BIGNUM* q2;
  39447. /* create DH with DH_get_2048_256 params */
  39448. AssertNotNull(params = wolfSSL_EVP_PKEY_new());
  39449. AssertNotNull(dh = DH_get_2048_256());
  39450. AssertIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS);
  39451. DH_get0_pqg(dh, (const BIGNUM**)&p1,
  39452. (const BIGNUM**)&q1,
  39453. (const BIGNUM**)&g1);
  39454. DH_free(dh);
  39455. /* create DH with random generated DH params */
  39456. AssertNotNull(copy = wolfSSL_EVP_PKEY_new());
  39457. AssertNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
  39458. AssertIntEQ(EVP_PKEY_set1_DH(copy, dh), WOLFSSL_SUCCESS);
  39459. DH_free(dh);
  39460. AssertIntEQ(EVP_PKEY_copy_parameters(copy, params), WOLFSSL_SUCCESS);
  39461. AssertNotNull(dh = EVP_PKEY_get1_DH(copy));
  39462. AssertNotNull(dh->p);
  39463. AssertNotNull(dh->g);
  39464. AssertNotNull(dh->q);
  39465. DH_get0_pqg(dh, (const BIGNUM**)&p2,
  39466. (const BIGNUM**)&q2,
  39467. (const BIGNUM**)&g2);
  39468. AssertIntEQ(BN_cmp(p1, p2), 0);
  39469. AssertIntEQ(BN_cmp(q1, q2), 0);
  39470. AssertIntEQ(BN_cmp(g1, g2), 0);
  39471. DH_free(dh);
  39472. EVP_PKEY_free(copy);
  39473. EVP_PKEY_free(params);
  39474. res = TEST_RES_CHECK(1);
  39475. #endif
  39476. return res;
  39477. }
  39478. static int test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void)
  39479. {
  39480. WOLFSSL_EVP_PKEY* pkey;
  39481. EVP_PKEY_CTX *ctx;
  39482. int bits = 2048;
  39483. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  39484. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  39485. AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits),
  39486. WOLFSSL_SUCCESS);
  39487. EVP_PKEY_CTX_free(ctx);
  39488. EVP_PKEY_free(pkey);
  39489. return TEST_RES_CHECK(1);
  39490. }
  39491. static int test_wolfSSL_EVP_CIPHER_CTX_iv_length(void)
  39492. {
  39493. /* This is large enough to be used for all key sizes */
  39494. byte key[AES_256_KEY_SIZE] = {0};
  39495. byte iv[AES_BLOCK_SIZE] = {0};
  39496. int i, enumlen;
  39497. EVP_CIPHER_CTX *ctx;
  39498. const EVP_CIPHER *init;
  39499. int enumArray[] = {
  39500. #ifdef HAVE_AES_CBC
  39501. NID_aes_128_cbc,
  39502. #endif
  39503. #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
  39504. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  39505. #ifdef HAVE_AESGCM
  39506. NID_aes_128_gcm,
  39507. #endif
  39508. #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
  39509. #ifdef WOLFSSL_AES_COUNTER
  39510. NID_aes_128_ctr,
  39511. #endif
  39512. #ifndef NO_DES3
  39513. NID_des_cbc,
  39514. NID_des_ede3_cbc,
  39515. #endif
  39516. };
  39517. int iv_lengths[] = {
  39518. #ifdef HAVE_AES_CBC
  39519. AES_BLOCK_SIZE,
  39520. #endif
  39521. #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
  39522. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  39523. #ifdef HAVE_AESGCM
  39524. GCM_NONCE_MID_SZ,
  39525. #endif
  39526. #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
  39527. #ifdef WOLFSSL_AES_COUNTER
  39528. AES_BLOCK_SIZE,
  39529. #endif
  39530. #ifndef NO_DES3
  39531. DES_BLOCK_SIZE,
  39532. DES_BLOCK_SIZE,
  39533. #endif
  39534. };
  39535. enumlen = (sizeof(enumArray)/sizeof(int));
  39536. for (i = 0; i < enumlen; i++) {
  39537. ctx = EVP_CIPHER_CTX_new();
  39538. init = wolfSSL_EVP_get_cipherbynid(enumArray[i]);
  39539. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  39540. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  39541. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_iv_length(ctx), iv_lengths[i]);
  39542. EVP_CIPHER_CTX_free(ctx);
  39543. }
  39544. return TEST_RES_CHECK(1);
  39545. }
  39546. static int test_wolfSSL_EVP_CIPHER_CTX_key_length(void)
  39547. {
  39548. int res = TEST_SKIPPED;
  39549. #if !defined(NO_DES3)
  39550. byte key[AES_256_KEY_SIZE] = {0};
  39551. byte iv[AES_BLOCK_SIZE] = {0};
  39552. EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  39553. const EVP_CIPHER *init = EVP_des_ede3_cbc();
  39554. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  39555. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  39556. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_key_length(ctx), 24);
  39557. EVP_CIPHER_CTX_free(ctx);
  39558. res = TEST_RES_CHECK(1);
  39559. #endif
  39560. return res;
  39561. }
  39562. static int test_wolfSSL_EVP_CIPHER_CTX_set_key_length(void)
  39563. {
  39564. int res = TEST_SKIPPED;
  39565. #if !defined(NO_DES3)
  39566. byte key[AES_256_KEY_SIZE] = {0};
  39567. byte iv[AES_BLOCK_SIZE] = {0};
  39568. int keylen;
  39569. EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  39570. const EVP_CIPHER *init = EVP_des_ede3_cbc();
  39571. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  39572. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  39573. keylen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx);
  39574. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, keylen),
  39575. WOLFSSL_SUCCESS);
  39576. EVP_CIPHER_CTX_free(ctx);
  39577. res = TEST_RES_CHECK(1);
  39578. #endif
  39579. return res;
  39580. }
  39581. static int test_wolfSSL_EVP_CIPHER_CTX_set_iv(void)
  39582. {
  39583. int res = TEST_SKIPPED;
  39584. #if defined(HAVE_AESGCM) && !defined(NO_DES3)
  39585. byte key[DES3_KEY_SIZE] = {0};
  39586. byte iv[DES_BLOCK_SIZE] = {0};
  39587. int ivLen, keyLen;
  39588. EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  39589. const EVP_CIPHER *init = EVP_des_ede3_cbc();
  39590. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  39591. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  39592. ivLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
  39593. keyLen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx);
  39594. /* Bad cases */
  39595. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen), WOLFSSL_FAILURE);
  39596. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen), WOLFSSL_FAILURE);
  39597. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WOLFSSL_FAILURE);
  39598. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WOLFSSL_FAILURE);
  39599. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen), WOLFSSL_FAILURE);
  39600. /* Good case */
  39601. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1);
  39602. EVP_CIPHER_CTX_free(ctx);
  39603. res = TEST_RES_CHECK(1);
  39604. #endif
  39605. return res;
  39606. }
  39607. static int test_wolfSSL_EVP_PKEY_CTX_new_id(void)
  39608. {
  39609. WOLFSSL_ENGINE* e = NULL;
  39610. int id = 0;
  39611. EVP_PKEY_CTX *ctx;
  39612. AssertNotNull(ctx = wolfSSL_EVP_PKEY_CTX_new_id(id, e));
  39613. EVP_PKEY_CTX_free(ctx);
  39614. return TEST_RES_CHECK(1);
  39615. }
  39616. static int test_wolfSSL_EVP_rc4(void)
  39617. {
  39618. int res = TEST_SKIPPED;
  39619. #if !defined(NO_RC4)
  39620. res = TEST_RES_CHECK(wolfSSL_EVP_rc4() != NULL);
  39621. #endif
  39622. return res;
  39623. }
  39624. static int test_wolfSSL_EVP_enc_null(void)
  39625. {
  39626. return TEST_RES_CHECK(wolfSSL_EVP_enc_null() != NULL);
  39627. }
  39628. static int test_wolfSSL_EVP_rc2_cbc(void)
  39629. {
  39630. int res = TEST_SKIPPED;
  39631. #if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB)
  39632. res = TEST_RES_CHECK(wolfSSL_EVP_rc2_cbc() == NULL);
  39633. #endif
  39634. return res;
  39635. }
  39636. static int test_wolfSSL_EVP_mdc2(void)
  39637. {
  39638. int res = TEST_SKIPPED;
  39639. #if !defined(NO_WOLFSSL_STUB)
  39640. res = TEST_RES_CHECK(wolfSSL_EVP_mdc2() == NULL);
  39641. #endif
  39642. return res;
  39643. }
  39644. static int test_wolfSSL_EVP_md4(void)
  39645. {
  39646. int res = TEST_SKIPPED;
  39647. #if !defined(NO_MD4)
  39648. res = TEST_RES_CHECK(wolfSSL_EVP_md4() != NULL);
  39649. #endif
  39650. return res;
  39651. }
  39652. static int test_wolfSSL_EVP_aes_256_gcm(void)
  39653. {
  39654. int res = TEST_SKIPPED;
  39655. #ifdef HAVE_AESGCM
  39656. res = TEST_RES_CHECK(wolfSSL_EVP_aes_256_gcm() != NULL);
  39657. #endif
  39658. return res;
  39659. }
  39660. static int test_wolfSSL_EVP_aes_192_gcm(void)
  39661. {
  39662. int res = TEST_SKIPPED;
  39663. #ifdef HAVE_AESGCM
  39664. res = TEST_RES_CHECK(wolfSSL_EVP_aes_192_gcm() != NULL);
  39665. #endif
  39666. return res;
  39667. }
  39668. static int test_wolfSSL_EVP_aes_256_ccm(void)
  39669. {
  39670. int res = TEST_SKIPPED;
  39671. #ifdef HAVE_AESCCM
  39672. res = TEST_RES_CHECK(wolfSSL_EVP_aes_256_ccm() != NULL);
  39673. #endif
  39674. return res;
  39675. }
  39676. static int test_wolfSSL_EVP_aes_192_ccm(void)
  39677. {
  39678. int res = TEST_SKIPPED;
  39679. #ifdef HAVE_AESCCM
  39680. res = TEST_RES_CHECK(wolfSSL_EVP_aes_192_ccm() != NULL);
  39681. #endif
  39682. return res;
  39683. }
  39684. static int test_wolfSSL_EVP_aes_128_ccm(void)
  39685. {
  39686. int res = TEST_SKIPPED;
  39687. #ifdef HAVE_AESCCM
  39688. res = TEST_RES_CHECK(wolfSSL_EVP_aes_128_ccm() != NULL);
  39689. #endif
  39690. return res;
  39691. }
  39692. static int test_wolfSSL_EVP_ripemd160(void)
  39693. {
  39694. int res = TEST_SKIPPED;
  39695. #if !defined(NO_WOLFSSL_STUB)
  39696. res = TEST_RES_CHECK(wolfSSL_EVP_ripemd160() == NULL);
  39697. #endif
  39698. return res;
  39699. }
  39700. static int test_wolfSSL_EVP_get_digestbynid(void)
  39701. {
  39702. #ifndef NO_MD5
  39703. AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5));
  39704. #endif
  39705. #ifndef NO_SHA
  39706. AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1));
  39707. #endif
  39708. #ifndef NO_SHA256
  39709. AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha256));
  39710. #endif
  39711. AssertNull(wolfSSL_EVP_get_digestbynid(0));
  39712. return TEST_RES_CHECK(1);
  39713. }
  39714. static int test_wolfSSL_EVP_MD_nid(void)
  39715. {
  39716. #ifndef NO_MD5
  39717. AssertIntEQ(EVP_MD_nid(EVP_md5()), NID_md5);
  39718. #endif
  39719. #ifndef NO_SHA
  39720. AssertIntEQ(EVP_MD_nid(EVP_sha1()), NID_sha1);
  39721. #endif
  39722. #ifndef NO_SHA256
  39723. AssertIntEQ(EVP_MD_nid(EVP_sha256()), NID_sha256);
  39724. #endif
  39725. AssertIntEQ(EVP_MD_nid(NULL), NID_undef);
  39726. return TEST_RES_CHECK(1);
  39727. }
  39728. static int test_wolfSSL_EVP_PKEY_get0_EC_KEY(void)
  39729. {
  39730. int res = TEST_SKIPPED;
  39731. #if defined(HAVE_ECC)
  39732. WOLFSSL_EVP_PKEY* pkey;
  39733. AssertNotNull(pkey = EVP_PKEY_new());
  39734. AssertNull(EVP_PKEY_get0_EC_KEY(pkey));
  39735. EVP_PKEY_free(pkey);
  39736. res = TEST_RES_CHECK(1);
  39737. #endif
  39738. return res;
  39739. }
  39740. static int test_wolfSSL_EVP_X_STATE(void)
  39741. {
  39742. int res = TEST_SKIPPED;
  39743. #if !defined(NO_DES3) && !defined(NO_RC4)
  39744. byte key[DES3_KEY_SIZE] = {0};
  39745. byte iv[DES_IV_SIZE] = {0};
  39746. EVP_CIPHER_CTX *ctx;
  39747. const EVP_CIPHER *init;
  39748. /* Bad test cases */
  39749. ctx = EVP_CIPHER_CTX_new();
  39750. init = EVP_des_ede3_cbc();
  39751. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  39752. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  39753. AssertNull(wolfSSL_EVP_X_STATE(NULL));
  39754. AssertNull(wolfSSL_EVP_X_STATE(ctx));
  39755. EVP_CIPHER_CTX_free(ctx);
  39756. /* Good test case */
  39757. ctx = EVP_CIPHER_CTX_new();
  39758. init = wolfSSL_EVP_rc4();
  39759. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  39760. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  39761. AssertNotNull(wolfSSL_EVP_X_STATE(ctx));
  39762. EVP_CIPHER_CTX_free(ctx);
  39763. res = TEST_RES_CHECK(1);
  39764. #endif
  39765. return res;
  39766. }
  39767. static int test_wolfSSL_EVP_X_STATE_LEN(void)
  39768. {
  39769. int res = TEST_SKIPPED;
  39770. #if !defined(NO_DES3) && !defined(NO_RC4)
  39771. byte key[DES3_KEY_SIZE] = {0};
  39772. byte iv[DES_IV_SIZE] = {0};
  39773. EVP_CIPHER_CTX *ctx;
  39774. const EVP_CIPHER *init;
  39775. /* Bad test cases */
  39776. ctx = EVP_CIPHER_CTX_new();
  39777. init = EVP_des_ede3_cbc();
  39778. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  39779. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  39780. AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(NULL), 0);
  39781. AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), 0);
  39782. EVP_CIPHER_CTX_free(ctx);
  39783. /* Good test case */
  39784. ctx = EVP_CIPHER_CTX_new();
  39785. init = wolfSSL_EVP_rc4();
  39786. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  39787. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  39788. AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), sizeof(Arc4));
  39789. EVP_CIPHER_CTX_free(ctx);
  39790. res = TEST_RES_CHECK(1);
  39791. #endif
  39792. return res;
  39793. }
  39794. static int test_wolfSSL_EVP_CIPHER_block_size(void)
  39795. {
  39796. int res = TEST_SKIPPED;
  39797. #ifdef HAVE_AES_CBC
  39798. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  39799. #ifdef WOLFSSL_AES_128
  39800. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_cbc()), AES_BLOCK_SIZE);
  39801. #endif
  39802. #ifdef WOLFSSL_AES_192
  39803. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_cbc()), AES_BLOCK_SIZE);
  39804. #endif
  39805. #ifdef WOLFSSL_AES_256
  39806. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_cbc()), AES_BLOCK_SIZE);
  39807. #endif
  39808. res = TEST_RES_CHECK(1);
  39809. }
  39810. #endif
  39811. #ifdef HAVE_AESGCM
  39812. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  39813. #ifdef WOLFSSL_AES_128
  39814. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_gcm()), 1);
  39815. #endif
  39816. #ifdef WOLFSSL_AES_192
  39817. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_gcm()), 1);
  39818. #endif
  39819. #ifdef WOLFSSL_AES_256
  39820. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_gcm()), 1);
  39821. #endif
  39822. res = TEST_RES_CHECK(1);
  39823. }
  39824. #endif
  39825. #ifdef HAVE_AESCCM
  39826. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  39827. #ifdef WOLFSSL_AES_128
  39828. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ccm()), 1);
  39829. #endif
  39830. #ifdef WOLFSSL_AES_192
  39831. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ccm()), 1);
  39832. #endif
  39833. #ifdef WOLFSSL_AES_256
  39834. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ccm()), 1);
  39835. #endif
  39836. res = TEST_RES_CHECK(1);
  39837. }
  39838. #endif
  39839. #ifdef WOLFSSL_AES_COUNTER
  39840. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  39841. #ifdef WOLFSSL_AES_128
  39842. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ctr()), 1);
  39843. #endif
  39844. #ifdef WOLFSSL_AES_192
  39845. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ctr()), 1);
  39846. #endif
  39847. #ifdef WOLFSSL_AES_256
  39848. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ctr()), 1);
  39849. #endif
  39850. res = TEST_RES_CHECK(1);
  39851. }
  39852. #endif
  39853. #ifdef HAVE_AES_ECB
  39854. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  39855. #ifdef WOLFSSL_AES_128
  39856. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ecb()), AES_BLOCK_SIZE);
  39857. #endif
  39858. #ifdef WOLFSSL_AES_192
  39859. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ecb()), AES_BLOCK_SIZE);
  39860. #endif
  39861. #ifdef WOLFSSL_AES_256
  39862. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ecb()), AES_BLOCK_SIZE);
  39863. #endif
  39864. res = TEST_RES_CHECK(1);
  39865. }
  39866. #endif
  39867. #ifdef WOLFSSL_AES_OFB
  39868. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  39869. #ifdef WOLFSSL_AES_128
  39870. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ofb()), 1);
  39871. #endif
  39872. #ifdef WOLFSSL_AES_192
  39873. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ofb()), 1);
  39874. #endif
  39875. #ifdef WOLFSSL_AES_256
  39876. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ofb()), 1);
  39877. #endif
  39878. res = TEST_RES_CHECK(1);
  39879. }
  39880. #endif
  39881. #ifndef NO_RC4
  39882. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  39883. AssertIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_rc4()), 1);
  39884. res = TEST_RES_CHECK(1);
  39885. }
  39886. #endif
  39887. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  39888. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  39889. AssertIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_chacha20_poly1305()), 1);
  39890. res = TEST_RES_CHECK(1);
  39891. }
  39892. #endif
  39893. return res;
  39894. }
  39895. static int test_wolfSSL_EVP_CIPHER_iv_length(void)
  39896. {
  39897. int i, enumlen;
  39898. int enumArray[] = {
  39899. #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
  39900. #ifdef WOLFSSL_AES_128
  39901. NID_aes_128_cbc,
  39902. #endif
  39903. #ifdef WOLFSSL_AES_192
  39904. NID_aes_192_cbc,
  39905. #endif
  39906. #ifdef WOLFSSL_AES_256
  39907. NID_aes_256_cbc,
  39908. #endif
  39909. #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
  39910. #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
  39911. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  39912. #ifdef HAVE_AESGCM
  39913. #ifdef WOLFSSL_AES_128
  39914. NID_aes_128_gcm,
  39915. #endif
  39916. #ifdef WOLFSSL_AES_192
  39917. NID_aes_192_gcm,
  39918. #endif
  39919. #ifdef WOLFSSL_AES_256
  39920. NID_aes_256_gcm,
  39921. #endif
  39922. #endif /* HAVE_AESGCM */
  39923. #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
  39924. #ifdef WOLFSSL_AES_COUNTER
  39925. #ifdef WOLFSSL_AES_128
  39926. NID_aes_128_ctr,
  39927. #endif
  39928. #ifdef WOLFSSL_AES_192
  39929. NID_aes_192_ctr,
  39930. #endif
  39931. #ifdef WOLFSSL_AES_256
  39932. NID_aes_256_ctr,
  39933. #endif
  39934. #endif
  39935. #ifndef NO_DES3
  39936. NID_des_cbc,
  39937. NID_des_ede3_cbc,
  39938. #endif
  39939. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  39940. NID_chacha20_poly1305,
  39941. #endif
  39942. };
  39943. int iv_lengths[] = {
  39944. #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
  39945. #ifdef WOLFSSL_AES_128
  39946. AES_BLOCK_SIZE,
  39947. #endif
  39948. #ifdef WOLFSSL_AES_192
  39949. AES_BLOCK_SIZE,
  39950. #endif
  39951. #ifdef WOLFSSL_AES_256
  39952. AES_BLOCK_SIZE,
  39953. #endif
  39954. #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
  39955. #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
  39956. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  39957. #ifdef HAVE_AESGCM
  39958. #ifdef WOLFSSL_AES_128
  39959. GCM_NONCE_MID_SZ,
  39960. #endif
  39961. #ifdef WOLFSSL_AES_192
  39962. GCM_NONCE_MID_SZ,
  39963. #endif
  39964. #ifdef WOLFSSL_AES_256
  39965. GCM_NONCE_MID_SZ,
  39966. #endif
  39967. #endif /* HAVE_AESGCM */
  39968. #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
  39969. #ifdef WOLFSSL_AES_COUNTER
  39970. #ifdef WOLFSSL_AES_128
  39971. AES_BLOCK_SIZE,
  39972. #endif
  39973. #ifdef WOLFSSL_AES_192
  39974. AES_BLOCK_SIZE,
  39975. #endif
  39976. #ifdef WOLFSSL_AES_256
  39977. AES_BLOCK_SIZE,
  39978. #endif
  39979. #endif
  39980. #ifndef NO_DES3
  39981. DES_BLOCK_SIZE,
  39982. DES_BLOCK_SIZE,
  39983. #endif
  39984. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  39985. CHACHA20_POLY1305_AEAD_IV_SIZE,
  39986. #endif
  39987. };
  39988. enumlen = (sizeof(enumArray)/sizeof(int));
  39989. for (i = 0; i < enumlen; i++) {
  39990. const EVP_CIPHER *c = EVP_get_cipherbynid(enumArray[i]);
  39991. AssertIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]);
  39992. }
  39993. return TEST_RES_CHECK(1);
  39994. }
  39995. static int test_wolfSSL_EVP_SignInit_ex(void)
  39996. {
  39997. WOLFSSL_EVP_MD_CTX mdCtx;
  39998. WOLFSSL_ENGINE* e = 0;
  39999. const EVP_MD* md;
  40000. md = "SHA256";
  40001. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  40002. AssertIntEQ(wolfSSL_EVP_SignInit_ex(&mdCtx, md, e), WOLFSSL_SUCCESS);
  40003. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  40004. return TEST_RES_CHECK(1);
  40005. }
  40006. static int test_wolfSSL_EVP_DigestFinal_ex(void)
  40007. {
  40008. int res = TEST_SKIPPED;
  40009. #if !defined(NO_SHA256)
  40010. WOLFSSL_EVP_MD_CTX mdCtx;
  40011. unsigned int s = 0;
  40012. unsigned char md[WC_SHA256_DIGEST_SIZE];
  40013. unsigned char md2[WC_SHA256_DIGEST_SIZE];
  40014. /* Bad Case */
  40015. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  40016. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  40017. AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0);
  40018. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  40019. #else
  40020. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  40021. AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), WOLFSSL_SUCCESS);
  40022. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
  40023. #endif
  40024. /* Good Case */
  40025. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  40026. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), WOLFSSL_SUCCESS);
  40027. AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md2, &s), WOLFSSL_SUCCESS);
  40028. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
  40029. res = TEST_RES_CHECK(1);
  40030. #endif
  40031. return res;
  40032. }
  40033. static int test_wolfSSL_EVP_PKEY_assign_DH(void)
  40034. {
  40035. int res = TEST_SKIPPED;
  40036. #if !defined(NO_DH) && \
  40037. !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  40038. FILE* f = NULL;
  40039. unsigned char buf[4096];
  40040. const unsigned char* pt = buf;
  40041. const char* params1 = "./certs/dh2048.der";
  40042. long len = 0;
  40043. WOLFSSL_DH* dh = NULL;
  40044. WOLFSSL_EVP_PKEY* pkey;
  40045. XMEMSET(buf, 0, sizeof(buf));
  40046. f = XFOPEN(params1, "rb");
  40047. AssertTrue(f != XBADFILE);
  40048. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  40049. XFCLOSE(f);
  40050. AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
  40051. AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
  40052. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  40053. /* Bad cases */
  40054. AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WOLFSSL_FAILURE);
  40055. AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WOLFSSL_FAILURE);
  40056. AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WOLFSSL_FAILURE);
  40057. /* Good case */
  40058. AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS);
  40059. EVP_PKEY_free(pkey);
  40060. res = TEST_RES_CHECK(1);
  40061. #endif
  40062. return res;
  40063. }
  40064. static int test_wolfSSL_QT_EVP_PKEY_CTX_free(void)
  40065. {
  40066. int res = TEST_SKIPPED;
  40067. #if defined(OPENSSL_EXTRA)
  40068. EVP_PKEY* pkey;
  40069. EVP_PKEY_CTX* ctx;
  40070. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  40071. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  40072. #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
  40073. /* void */
  40074. EVP_PKEY_CTX_free(ctx);
  40075. AssertTrue(1);
  40076. #else
  40077. /* int */
  40078. AssertIntEQ(EVP_PKEY_CTX_free(ctx), WOLFSSL_SUCCESS);
  40079. #endif
  40080. EVP_PKEY_free(pkey);
  40081. res = TEST_RES_CHECK(1);
  40082. #endif
  40083. return res;
  40084. }
  40085. static int test_wolfSSL_EVP_PKEY_param_check(void)
  40086. {
  40087. int res = TEST_SKIPPED;
  40088. #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
  40089. #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
  40090. DH *dh = NULL;
  40091. DH *setDh = NULL;
  40092. EVP_PKEY *pkey = NULL;
  40093. EVP_PKEY_CTX* ctx = NULL;
  40094. FILE* f = NULL;
  40095. unsigned char buf[512];
  40096. const unsigned char* pt = buf;
  40097. const char* dh2048 = "./certs/dh2048.der";
  40098. long len = 0;
  40099. int code = -1;
  40100. XMEMSET(buf, 0, sizeof(buf));
  40101. f = XFOPEN(dh2048, "rb");
  40102. AssertTrue(f != XBADFILE);
  40103. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  40104. XFCLOSE(f);
  40105. /* Load dh2048.der into DH with internal format */
  40106. AssertNotNull(setDh = d2i_DHparams(NULL, &pt, len));
  40107. AssertIntEQ(DH_check(setDh, &code), WOLFSSL_SUCCESS);
  40108. AssertIntEQ(code, 0);
  40109. code = -1;
  40110. pkey = wolfSSL_EVP_PKEY_new();
  40111. /* Set DH into PKEY */
  40112. AssertIntEQ(EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);
  40113. /* create ctx from pkey */
  40114. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  40115. AssertIntEQ(EVP_PKEY_param_check(ctx), 1/* valid */);
  40116. /* */
  40117. /* TO DO invlaid case */
  40118. /* */
  40119. EVP_PKEY_CTX_free(ctx);
  40120. EVP_PKEY_free(pkey);
  40121. DH_free(setDh);
  40122. DH_free(dh);
  40123. res = TEST_RES_CHECK(1);
  40124. #endif
  40125. #endif
  40126. return res;
  40127. }
  40128. static int test_wolfSSL_EVP_BytesToKey(void)
  40129. {
  40130. int res = TEST_SKIPPED;
  40131. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  40132. byte key[AES_BLOCK_SIZE] = {0};
  40133. byte iv[AES_BLOCK_SIZE] = {0};
  40134. int sz = 5;
  40135. int count = 0;
  40136. const EVP_MD* md = "SHA256";
  40137. const EVP_CIPHER *type;
  40138. const unsigned char *salt = (unsigned char *)"salt1234";
  40139. const byte data[] = {
  40140. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  40141. 0x72,0x6c,0x64
  40142. };
  40143. type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc);
  40144. /* Bad cases */
  40145. AssertIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv),
  40146. 0);
  40147. AssertIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv),
  40148. 16);
  40149. md = "2";
  40150. AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
  40151. WOLFSSL_FAILURE);
  40152. /* Good case */
  40153. md = "SHA256";
  40154. AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
  40155. 16);
  40156. res = TEST_RES_CHECK(1);
  40157. #endif
  40158. return res;
  40159. }
  40160. static int test_evp_cipher_aes_gcm(void)
  40161. {
  40162. int res = TEST_SKIPPED;
  40163. #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && \
  40164. !defined(HAVE_SELFTEST)) || (defined(HAVE_FIPS_VERSION) && \
  40165. (HAVE_FIPS_VERSION >= 2)))
  40166. /*
  40167. * This test checks data at various points in the encrypt/decrypt process
  40168. * against known values produced using the same test with OpenSSL. This
  40169. * interop testing is critical for verifying the correctness of our
  40170. * EVP_Cipher implementation with AES-GCM. Specifically, this test exercises
  40171. * a flow supported by OpenSSL that uses the control command
  40172. * EVP_CTRL_GCM_IV_GEN to increment the IV between cipher operations without
  40173. * the need to call EVP_CipherInit. OpenSSH uses this flow, for example. We
  40174. * had a bug with OpenSSH where wolfSSL OpenSSH servers could only talk to
  40175. * wolfSSL OpenSSH clients because there was a bug in this flow that
  40176. * happened to "cancel out" if both sides of the connection had the bug.
  40177. */
  40178. enum {
  40179. NUM_ENCRYPTIONS = 3,
  40180. AAD_SIZE = 4
  40181. };
  40182. byte plainText1[] = {
  40183. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  40184. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  40185. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23
  40186. };
  40187. byte plainText2[] = {
  40188. 0x42, 0x49, 0x3b, 0x27, 0x03, 0x35, 0x59, 0x14, 0x41, 0x47, 0x37, 0x14,
  40189. 0x0e, 0x34, 0x0d, 0x28, 0x63, 0x09, 0x0a, 0x5b, 0x22, 0x57, 0x42, 0x22,
  40190. 0x0f, 0x5c, 0x1e, 0x53, 0x45, 0x15, 0x62, 0x08, 0x60, 0x43, 0x50, 0x2c
  40191. };
  40192. byte plainText3[] = {
  40193. 0x36, 0x0d, 0x2b, 0x09, 0x4a, 0x56, 0x3b, 0x4c, 0x21, 0x22, 0x58, 0x0e,
  40194. 0x5b, 0x57, 0x10
  40195. };
  40196. byte* plainTexts[NUM_ENCRYPTIONS] = {
  40197. plainText1,
  40198. plainText2,
  40199. plainText3
  40200. };
  40201. const int plainTextSzs[NUM_ENCRYPTIONS] = {
  40202. sizeof(plainText1),
  40203. sizeof(plainText2),
  40204. sizeof(plainText3)
  40205. };
  40206. byte aad1[AAD_SIZE] = {
  40207. 0x00, 0x00, 0x00, 0x01
  40208. };
  40209. byte aad2[AAD_SIZE] = {
  40210. 0x00, 0x00, 0x00, 0x10
  40211. };
  40212. byte aad3[AAD_SIZE] = {
  40213. 0x00, 0x00, 0x01, 0x00
  40214. };
  40215. byte* aads[NUM_ENCRYPTIONS] = {
  40216. aad1,
  40217. aad2,
  40218. aad3
  40219. };
  40220. const byte iv[GCM_NONCE_MID_SZ] = {
  40221. 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF
  40222. };
  40223. byte currentIv[GCM_NONCE_MID_SZ];
  40224. const byte key[] = {
  40225. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
  40226. 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  40227. 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
  40228. };
  40229. const byte expIvs[NUM_ENCRYPTIONS][GCM_NONCE_MID_SZ] = {
  40230. {
  40231. 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE,
  40232. 0xEF
  40233. },
  40234. {
  40235. 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE,
  40236. 0xF0
  40237. },
  40238. {
  40239. 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE,
  40240. 0xF1
  40241. }
  40242. };
  40243. const byte expTags[NUM_ENCRYPTIONS][AES_BLOCK_SIZE] = {
  40244. {
  40245. 0x65, 0x4F, 0xF7, 0xA0, 0xBB, 0x7B, 0x90, 0xB7, 0x9C, 0xC8, 0x14,
  40246. 0x3D, 0x32, 0x18, 0x34, 0xA9
  40247. },
  40248. {
  40249. 0x50, 0x3A, 0x13, 0x8D, 0x91, 0x1D, 0xEC, 0xBB, 0xBA, 0x5B, 0x57,
  40250. 0xA2, 0xFD, 0x2D, 0x6B, 0x7F
  40251. },
  40252. {
  40253. 0x3B, 0xED, 0x18, 0x9C, 0xB3, 0xE3, 0x61, 0x1E, 0x11, 0xEB, 0x13,
  40254. 0x5B, 0xEC, 0x52, 0x49, 0x32,
  40255. }
  40256. };
  40257. const byte expCipherText1[] = {
  40258. 0xCB, 0x93, 0x4F, 0xC8, 0x22, 0xE2, 0xC0, 0x35, 0xAA, 0x6B, 0x41, 0x15,
  40259. 0x17, 0x30, 0x2F, 0x97, 0x20, 0x74, 0x39, 0x28, 0xF8, 0xEB, 0xC5, 0x51,
  40260. 0x7B, 0xD9, 0x8A, 0x36, 0xB8, 0xDA, 0x24, 0x80, 0xE7, 0x9E, 0x09, 0xDE
  40261. };
  40262. const byte expCipherText2[] = {
  40263. 0xF9, 0x32, 0xE1, 0x87, 0x37, 0x0F, 0x04, 0xC1, 0xB5, 0x59, 0xF0, 0x45,
  40264. 0x3A, 0x0D, 0xA0, 0x26, 0xFF, 0xA6, 0x8D, 0x38, 0xFE, 0xB8, 0xE5, 0xC2,
  40265. 0x2A, 0x98, 0x4A, 0x54, 0x8F, 0x1F, 0xD6, 0x13, 0x03, 0xB2, 0x1B, 0xC0
  40266. };
  40267. const byte expCipherText3[] = {
  40268. 0xD0, 0x37, 0x59, 0x1C, 0x2F, 0x85, 0x39, 0x4D, 0xED, 0xC2, 0x32, 0x5B,
  40269. 0x80, 0x5E, 0x6B,
  40270. };
  40271. const byte* expCipherTexts[NUM_ENCRYPTIONS] = {
  40272. expCipherText1,
  40273. expCipherText2,
  40274. expCipherText3
  40275. };
  40276. byte* cipherText;
  40277. byte* calcPlainText;
  40278. byte tag[AES_BLOCK_SIZE];
  40279. EVP_CIPHER_CTX* encCtx = NULL;
  40280. EVP_CIPHER_CTX* decCtx = NULL;
  40281. int i, j, outl;
  40282. /****************************************************/
  40283. for (i = 0; i < 3; ++i) {
  40284. AssertNotNull(encCtx = EVP_CIPHER_CTX_new());
  40285. AssertNotNull(decCtx = EVP_CIPHER_CTX_new());
  40286. /* First iteration, set key before IV. */
  40287. if (i == 0) {
  40288. AssertIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), key, NULL, 1),
  40289. SSL_SUCCESS);
  40290. /*
  40291. * The call to EVP_CipherInit below (with NULL key) should clear the
  40292. * authIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a
  40293. * subsequent EVP_CTRL_GCM_IV_GEN should fail. This matches OpenSSL
  40294. * behavior.
  40295. */
  40296. AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1,
  40297. (void*)iv), SSL_SUCCESS);
  40298. AssertIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1),
  40299. SSL_SUCCESS);
  40300. AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
  40301. currentIv), SSL_FAILURE);
  40302. AssertIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0),
  40303. SSL_SUCCESS);
  40304. AssertIntEQ(EVP_CipherInit(decCtx, NULL, NULL, iv, 0),
  40305. SSL_SUCCESS);
  40306. }
  40307. /* Second iteration, IV before key. */
  40308. else {
  40309. AssertIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), NULL, iv, 1),
  40310. SSL_SUCCESS);
  40311. AssertIntEQ(EVP_CipherInit(encCtx, NULL, key, NULL, 1),
  40312. SSL_SUCCESS);
  40313. AssertIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), NULL, iv, 0),
  40314. SSL_SUCCESS);
  40315. AssertIntEQ(EVP_CipherInit(decCtx, NULL, key, NULL, 0),
  40316. SSL_SUCCESS);
  40317. }
  40318. /*
  40319. * EVP_CTRL_GCM_IV_GEN should fail if EVP_CTRL_GCM_SET_IV_FIXED hasn't
  40320. * been issued first.
  40321. */
  40322. AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
  40323. currentIv), SSL_FAILURE);
  40324. AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1,
  40325. (void*)iv), SSL_SUCCESS);
  40326. AssertIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1,
  40327. (void*)iv), SSL_SUCCESS);
  40328. for (j = 0; j < NUM_ENCRYPTIONS; ++j) {
  40329. /*************** Encrypt ***************/
  40330. AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
  40331. currentIv), SSL_SUCCESS);
  40332. /* Check current IV against expected. */
  40333. AssertIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0);
  40334. /* Add AAD. */
  40335. if (i == 2) {
  40336. /* Test streaming API. */
  40337. AssertIntEQ(EVP_CipherUpdate(encCtx, NULL, &outl, aads[j],
  40338. AAD_SIZE), SSL_SUCCESS);
  40339. }
  40340. else {
  40341. AssertIntEQ(EVP_Cipher(encCtx, NULL, aads[j], AAD_SIZE),
  40342. AAD_SIZE);
  40343. }
  40344. AssertNotNull(cipherText = (byte*)XMALLOC(plainTextSzs[j], NULL,
  40345. DYNAMIC_TYPE_TMP_BUFFER));
  40346. /* Encrypt plaintext. */
  40347. if (i == 2) {
  40348. AssertIntEQ(EVP_CipherUpdate(encCtx, cipherText, &outl,
  40349. plainTexts[j], plainTextSzs[j]),
  40350. SSL_SUCCESS);
  40351. }
  40352. else {
  40353. AssertIntEQ(EVP_Cipher(encCtx, cipherText, plainTexts[j],
  40354. plainTextSzs[j]), plainTextSzs[j]);
  40355. }
  40356. if (i == 2) {
  40357. AssertIntEQ(EVP_CipherFinal(encCtx, cipherText, &outl),
  40358. SSL_SUCCESS);
  40359. }
  40360. else {
  40361. /*
  40362. * Calling EVP_Cipher with NULL input and output for AES-GCM is
  40363. * akin to calling EVP_CipherFinal.
  40364. */
  40365. AssertIntGE(EVP_Cipher(encCtx, NULL, NULL, 0), 0);
  40366. }
  40367. /* Check ciphertext against expected. */
  40368. AssertIntEQ(XMEMCMP(cipherText, expCipherTexts[j], plainTextSzs[j]),
  40369. 0);
  40370. /* Get and check tag against expected. */
  40371. AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_GET_TAG,
  40372. sizeof(tag), tag), SSL_SUCCESS);
  40373. AssertIntEQ(XMEMCMP(tag, expTags[j], sizeof(tag)), 0);
  40374. /*************** Decrypt ***************/
  40375. AssertIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_IV_GEN, -1,
  40376. currentIv), SSL_SUCCESS);
  40377. /* Check current IV against expected. */
  40378. AssertIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0);
  40379. /* Add AAD. */
  40380. if (i == 2) {
  40381. /* Test streaming API. */
  40382. AssertIntEQ(EVP_CipherUpdate(decCtx, NULL, &outl, aads[j],
  40383. AAD_SIZE), SSL_SUCCESS);
  40384. }
  40385. else {
  40386. AssertIntEQ(EVP_Cipher(decCtx, NULL, aads[j], AAD_SIZE),
  40387. AAD_SIZE);
  40388. }
  40389. /* Set expected tag. */
  40390. AssertIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_TAG,
  40391. sizeof(tag), tag), SSL_SUCCESS);
  40392. /* Decrypt ciphertext. */
  40393. AssertNotNull(calcPlainText = (byte*)XMALLOC(plainTextSzs[j], NULL,
  40394. DYNAMIC_TYPE_TMP_BUFFER));
  40395. if (i == 2) {
  40396. AssertIntEQ(EVP_CipherUpdate(decCtx, calcPlainText, &outl,
  40397. cipherText, plainTextSzs[j]),
  40398. SSL_SUCCESS);
  40399. }
  40400. else {
  40401. /* This first EVP_Cipher call will check the tag, too. */
  40402. AssertIntEQ(EVP_Cipher(decCtx, calcPlainText, cipherText,
  40403. plainTextSzs[j]), plainTextSzs[j]);
  40404. }
  40405. if (i == 2) {
  40406. AssertIntEQ(EVP_CipherFinal(decCtx, calcPlainText, &outl),
  40407. SSL_SUCCESS);
  40408. }
  40409. else {
  40410. AssertIntGE(EVP_Cipher(decCtx, NULL, NULL, 0), 0);
  40411. }
  40412. /* Check plaintext against expected. */
  40413. AssertIntEQ(XMEMCMP(calcPlainText, plainTexts[j], plainTextSzs[j]),
  40414. 0);
  40415. XFREE(cipherText, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  40416. XFREE(calcPlainText, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  40417. }
  40418. EVP_CIPHER_CTX_free(encCtx);
  40419. EVP_CIPHER_CTX_free(decCtx);
  40420. }
  40421. res = TEST_RES_CHECK(1);
  40422. #endif
  40423. return res;
  40424. }
  40425. static int test_wolfSSL_OBJ_ln(void)
  40426. {
  40427. const int nid_set[] = {
  40428. NID_commonName,
  40429. NID_serialNumber,
  40430. NID_countryName,
  40431. NID_localityName,
  40432. NID_stateOrProvinceName,
  40433. NID_organizationName,
  40434. NID_organizationalUnitName,
  40435. NID_domainComponent,
  40436. NID_businessCategory,
  40437. NID_jurisdictionCountryName,
  40438. NID_jurisdictionStateOrProvinceName,
  40439. NID_emailAddress
  40440. };
  40441. const char* ln_set[] = {
  40442. "commonName",
  40443. "serialNumber",
  40444. "countryName",
  40445. "localityName",
  40446. "stateOrProvinceName",
  40447. "organizationName",
  40448. "organizationalUnitName",
  40449. "domainComponent",
  40450. "businessCategory",
  40451. "jurisdictionCountryName",
  40452. "jurisdictionStateOrProvinceName",
  40453. "emailAddress",
  40454. };
  40455. size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*);
  40456. AssertIntEQ(OBJ_ln2nid(NULL), NID_undef);
  40457. #ifdef HAVE_ECC
  40458. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  40459. {
  40460. EC_builtin_curve r[27];
  40461. size_t nCurves = sizeof(r) / sizeof(r[0]);
  40462. nCurves = EC_get_builtin_curves(r,nCurves);
  40463. for (i = 0; i < nCurves; i++) {
  40464. /* skip ECC_CURVE_INVALID */
  40465. if (r[i].nid != ECC_CURVE_INVALID) {
  40466. AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid);
  40467. AssertStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment);
  40468. }
  40469. }
  40470. }
  40471. #endif
  40472. #endif
  40473. for (i = 0; i < maxIdx; i++) {
  40474. AssertIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]);
  40475. AssertStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]);
  40476. }
  40477. return TEST_RES_CHECK(1);
  40478. }
  40479. static int test_wolfSSL_OBJ_sn(void)
  40480. {
  40481. int i = 0, maxIdx = 7;
  40482. const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName,
  40483. NID_stateOrProvinceName,NID_organizationName,
  40484. NID_organizationalUnitName,NID_emailAddress};
  40485. const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"};
  40486. const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME,
  40487. WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME,
  40488. WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME,
  40489. WOLFSSL_EMAIL_ADDR};
  40490. AssertIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef);
  40491. for (i = 0; i < maxIdx; i++) {
  40492. AssertIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]);
  40493. AssertStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]);
  40494. }
  40495. return TEST_RES_CHECK(1);
  40496. }
  40497. #if !defined(NO_BIO)
  40498. static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s)
  40499. {
  40500. return lh_strhash(s[3]);
  40501. }
  40502. static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b)
  40503. {
  40504. return XSTRCMP(a[3], b[3]);
  40505. }
  40506. #endif
  40507. static int test_wolfSSL_TXT_DB(void)
  40508. {
  40509. int res = TEST_SKIPPED;
  40510. #if !defined(NO_FILESYSTEM) && !defined(NO_BIO)
  40511. BIO *bio;
  40512. TXT_DB *db = NULL;
  40513. const int columns = 6;
  40514. const char *fields[6] = {
  40515. "V",
  40516. "320926161116Z",
  40517. "",
  40518. "12BD",
  40519. "unknown",
  40520. "/CN=rsa doe",
  40521. };
  40522. char** fields_copy;
  40523. /* Test read */
  40524. AssertNotNull(bio = BIO_new(BIO_s_file()));
  40525. AssertIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0);
  40526. AssertNotNull(db = TXT_DB_read(bio, columns));
  40527. AssertNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL,
  40528. DYNAMIC_TYPE_OPENSSL));
  40529. XMEMCPY(fields_copy, fields, sizeof(fields));
  40530. AssertIntEQ(TXT_DB_insert(db, fields_copy), 1);
  40531. BIO_free(bio);
  40532. /* Test write */
  40533. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  40534. AssertIntEQ(TXT_DB_write(bio, db), 1484);
  40535. BIO_free(bio);
  40536. /* Test index */
  40537. AssertIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash,
  40538. (wolf_lh_compare_cb)TXT_DB_cmp), 1);
  40539. AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
  40540. fields[3] = "12DA";
  40541. AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
  40542. fields[3] = "FFFF";
  40543. AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
  40544. fields[3] = "";
  40545. AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
  40546. TXT_DB_free(db);
  40547. res = TEST_RES_CHECK(1);
  40548. #endif
  40549. return res;
  40550. }
  40551. static int test_wolfSSL_NCONF(void)
  40552. {
  40553. int res = TEST_SKIPPED;
  40554. #if !defined(NO_FILESYSTEM) && !defined(NO_BIO)
  40555. const char* confFile = "./tests/NCONF_test.cnf";
  40556. CONF* conf = NULL;
  40557. long eline = 0;
  40558. long num = 0;
  40559. AssertNotNull(conf = NCONF_new(NULL));
  40560. AssertIntEQ(NCONF_load(conf, confFile, &eline), 1);
  40561. AssertIntEQ(NCONF_get_number(conf, NULL, "port", &num), 1);
  40562. AssertIntEQ(num, 1234);
  40563. AssertIntEQ(NCONF_get_number(conf, "section2", "port", &num), 1);
  40564. AssertIntEQ(num, 4321);
  40565. AssertStrEQ(NCONF_get_string(conf, NULL, "dir"), "./test-dir");
  40566. AssertStrEQ(NCONF_get_string(conf, "section1", "file1_copy"),
  40567. "./test-dir/file1");
  40568. AssertStrEQ(NCONF_get_string(conf, "section2", "file_list"),
  40569. "./test-dir/file1:./test-dir/file2:./section1:file2");
  40570. NCONF_free(conf);
  40571. res = TEST_RES_CHECK(1);
  40572. #endif
  40573. return res;
  40574. }
  40575. #endif /* OPENSSL_ALL */
  40576. static int test_wolfSSL_EC_KEY_set_group(void)
  40577. {
  40578. int res = TEST_SKIPPED;
  40579. #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \
  40580. defined(OPENSSL_EXTRA)
  40581. EC_KEY *key = NULL;
  40582. EC_GROUP *group = NULL;
  40583. const EC_GROUP *group2 = NULL;
  40584. AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
  40585. AssertNotNull(key = EC_KEY_new());
  40586. AssertIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS);
  40587. AssertNotNull(group2 = EC_KEY_get0_group(key));
  40588. AssertIntEQ(EC_GROUP_cmp(group2, group, NULL), 0);
  40589. EC_GROUP_free(group);
  40590. EC_KEY_free(key);
  40591. res = TEST_RES_CHECK(1);
  40592. #endif
  40593. return res;
  40594. }
  40595. static int test_wolfSSL_EC_KEY_set_conv_form(void)
  40596. {
  40597. int res = TEST_SKIPPED;
  40598. #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) && !defined(NO_BIO)
  40599. BIO* bio;
  40600. EC_KEY* key;
  40601. /* Error condition: NULL key. */
  40602. AssertIntLT(EC_KEY_get_conv_form(NULL), 0);
  40603. AssertNotNull(bio = BIO_new_file("./certs/ecc-keyPub.pem", "rb"));
  40604. AssertNotNull(key = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL));
  40605. /* Conversion form defaults to uncompressed. */
  40606. AssertIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED);
  40607. #ifdef HAVE_COMP_KEY
  40608. /* Explicitly set to compressed. */
  40609. EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
  40610. AssertIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_COMPRESSED);
  40611. #endif
  40612. BIO_free(bio);
  40613. EC_KEY_free(key);
  40614. res = TEST_RES_CHECK(1);
  40615. #endif
  40616. return res;
  40617. }
  40618. static int test_wolfSSL_EC_KEY_print_fp(void)
  40619. {
  40620. int res = TEST_SKIPPED;
  40621. #if defined(HAVE_ECC) && ((defined(HAVE_ECC224) && defined(HAVE_ECC256)) || \
  40622. defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 && \
  40623. defined(OPENSSL_EXTRA) && defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \
  40624. !defined(NO_STDIO_FILESYSTEM)
  40625. EC_KEY* key = NULL;
  40626. /* Bad file pointer. */
  40627. AssertIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WOLFSSL_FAILURE);
  40628. /* NULL key. */
  40629. AssertIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WOLFSSL_FAILURE);
  40630. AssertNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(NID_secp224r1)));
  40631. /* Negative indent. */
  40632. AssertIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WOLFSSL_FAILURE);
  40633. AssertIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
  40634. AssertIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS);
  40635. AssertIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
  40636. wolfSSL_EC_KEY_free(key);
  40637. AssertNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(
  40638. NID_X9_62_prime256v1)));
  40639. AssertIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS);
  40640. AssertIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
  40641. wolfSSL_EC_KEY_free(key);
  40642. res = TEST_RES_CHECK(1);
  40643. #endif
  40644. return res;
  40645. }
  40646. static int test_wolfSSL_X509V3_EXT_get(void) {
  40647. int res = TEST_SKIPPED;
  40648. #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
  40649. FILE* f;
  40650. int numOfExt =0;
  40651. int extNid = 0;
  40652. int i = 0;
  40653. WOLFSSL_X509* x509;
  40654. WOLFSSL_X509_EXTENSION* ext;
  40655. const WOLFSSL_v3_ext_method* method;
  40656. AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
  40657. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  40658. fclose(f);
  40659. /* wolfSSL_X509V3_EXT_get() return struct and nid test */
  40660. AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
  40661. for (i = 0; i < numOfExt; i++) {
  40662. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  40663. AssertIntNE((extNid = ext->obj->nid), NID_undef);
  40664. AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
  40665. AssertIntEQ(method->ext_nid, extNid);
  40666. }
  40667. /* wolfSSL_X509V3_EXT_get() NULL argument test */
  40668. AssertNull(method = wolfSSL_X509V3_EXT_get(NULL));
  40669. wolfSSL_X509_free(x509);
  40670. res = TEST_RES_CHECK(1);
  40671. #endif
  40672. return res;
  40673. }
  40674. static int test_wolfSSL_X509V3_EXT_nconf(void)
  40675. {
  40676. int res = TEST_SKIPPED;
  40677. #ifdef OPENSSL_ALL
  40678. const char *ext_names[] = {
  40679. "subjectKeyIdentifier",
  40680. "authorityKeyIdentifier",
  40681. "subjectAltName",
  40682. "keyUsage",
  40683. };
  40684. size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names);
  40685. int ext_nids[] = {
  40686. NID_subject_key_identifier,
  40687. NID_authority_key_identifier,
  40688. NID_subject_alt_name,
  40689. NID_key_usage,
  40690. };
  40691. size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids);
  40692. const char *ext_values[] = {
  40693. "hash",
  40694. "hash",
  40695. "DNS:example.com, IP:127.0.0.1",
  40696. "digitalSignature,keyEncipherment,dataEncipherment",
  40697. };
  40698. size_t i;
  40699. X509_EXTENSION* ext;
  40700. X509* x509 = X509_new();
  40701. for (i = 0; i < ext_names_count; i++) {
  40702. ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], ext_values[i]);
  40703. AssertNotNull(ext);
  40704. X509_EXTENSION_free(ext);
  40705. }
  40706. for (i = 0; i < ext_nids_count; i++) {
  40707. ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i], ext_values[i]);
  40708. AssertNotNull(ext);
  40709. X509_EXTENSION_free(ext);
  40710. }
  40711. /* Test adding extension to X509 */
  40712. for (i = 0; i < ext_nids_count; i++) {
  40713. ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], ext_values[i]);
  40714. AssertIntEQ(X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
  40715. X509_EXTENSION_free(ext);
  40716. }
  40717. X509_free(x509);
  40718. res = TEST_RES_CHECK(1);
  40719. #endif
  40720. return res;
  40721. }
  40722. static int test_wolfSSL_X509V3_EXT(void) {
  40723. int res = TEST_SKIPPED;
  40724. #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
  40725. FILE* f;
  40726. int numOfExt = 0, nid = 0, i = 0, expected, actual;
  40727. char* str;
  40728. unsigned char* data;
  40729. const WOLFSSL_v3_ext_method* method;
  40730. WOLFSSL_X509* x509;
  40731. WOLFSSL_X509_EXTENSION* ext;
  40732. WOLFSSL_X509_EXTENSION* ext2;
  40733. WOLFSSL_ASN1_OBJECT *obj, *adObj;
  40734. WOLFSSL_ASN1_STRING* asn1str;
  40735. WOLFSSL_AUTHORITY_KEYID* aKeyId;
  40736. WOLFSSL_AUTHORITY_INFO_ACCESS* aia;
  40737. WOLFSSL_BASIC_CONSTRAINTS* bc;
  40738. WOLFSSL_ACCESS_DESCRIPTION* ad;
  40739. WOLFSSL_GENERAL_NAME* gn;
  40740. /* Check NULL argument */
  40741. AssertNull(wolfSSL_X509V3_EXT_d2i(NULL));
  40742. /* Using OCSP cert with X509V3 extensions */
  40743. AssertNotNull(f = fopen("./certs/ocsp/root-ca-cert.pem", "rb"));
  40744. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  40745. fclose(f);
  40746. AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
  40747. /* Basic Constraints */
  40748. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  40749. AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
  40750. AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints);
  40751. AssertNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
  40752. AssertIntEQ(bc->ca, 1);
  40753. AssertNull(bc->pathlen);
  40754. wolfSSL_BASIC_CONSTRAINTS_free(bc);
  40755. i++;
  40756. /* Subject Key Identifier */
  40757. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  40758. AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
  40759. AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier);
  40760. AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
  40761. AssertNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0,
  40762. asn1str));
  40763. X509_EXTENSION_free(ext2);
  40764. AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
  40765. AssertNotNull(method->i2s);
  40766. AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str));
  40767. wolfSSL_ASN1_STRING_free(asn1str);
  40768. actual = strcmp(str,
  40769. "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
  40770. AssertIntEQ(actual, 0);
  40771. XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  40772. i++;
  40773. /* Authority Key Identifier */
  40774. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  40775. AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
  40776. AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier);
  40777. AssertNotNull(aKeyId =
  40778. (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i(ext));
  40779. AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
  40780. AssertNotNull(asn1str = aKeyId->keyid);
  40781. AssertNotNull(str =
  40782. wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, asn1str));
  40783. actual = strcmp(str,
  40784. "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
  40785. AssertIntEQ(actual, 0);
  40786. XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  40787. wolfSSL_AUTHORITY_KEYID_free(aKeyId);
  40788. i++;
  40789. /* Key Usage */
  40790. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  40791. AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
  40792. AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage);
  40793. AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
  40794. #if defined(WOLFSSL_QT)
  40795. AssertNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str));
  40796. #else
  40797. AssertNotNull(data = wolfSSL_ASN1_STRING_data(asn1str));
  40798. #endif
  40799. expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
  40800. #ifdef BIG_ENDIAN_ORDER
  40801. actual = data[1];
  40802. #else
  40803. actual = data[0];
  40804. #endif
  40805. AssertIntEQ(actual, expected);
  40806. wolfSSL_ASN1_STRING_free(asn1str);
  40807. #if 1
  40808. i++;
  40809. /* Authority Info Access */
  40810. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  40811. AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
  40812. AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access);
  40813. AssertNotNull(aia =
  40814. (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext));
  40815. #if defined(WOLFSSL_QT)
  40816. AssertIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
  40817. #else
  40818. AssertIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
  40819. #endif
  40820. /* URI entry is an ACCESS_DESCRIPTION type */
  40821. #if defined(WOLFSSL_QT)
  40822. AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0));
  40823. #else
  40824. AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0));
  40825. #endif
  40826. AssertNotNull(adObj = ad->method);
  40827. /* Make sure nid is OCSP */
  40828. AssertIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP);
  40829. /* GENERAL_NAME stores URI as an ASN1_STRING */
  40830. AssertNotNull(gn = ad->location);
  40831. AssertIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */
  40832. AssertNotNull(asn1str = gn->d.uniformResourceIdentifier);
  40833. AssertIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22);
  40834. #if defined(WOLFSSL_QT)
  40835. str = (char*)ASN1_STRING_get0_data(asn1str);
  40836. #else
  40837. str = (char*)wolfSSL_ASN1_STRING_data(asn1str);
  40838. #endif
  40839. actual = strcmp(str, "http://127.0.0.1:22220");
  40840. AssertIntEQ(actual, 0);
  40841. wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
  40842. #else
  40843. (void) aia; (void) ad; (void) adObj; (void) gn;
  40844. #endif
  40845. wolfSSL_X509_free(x509);
  40846. res = TEST_RES_CHECK(1);
  40847. #endif
  40848. return res;
  40849. }
  40850. static int test_wolfSSL_X509_get_extension_flags(void)
  40851. {
  40852. int res = TEST_SKIPPED;
  40853. #if defined(OPENSSL_ALL) && !defined(NO_RSA)
  40854. XFILE f;
  40855. X509* x509;
  40856. unsigned int extFlags;
  40857. unsigned int keyUsageFlags;
  40858. unsigned int extKeyUsageFlags;
  40859. /* client-int-cert.pem has the following extension flags. */
  40860. extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE;
  40861. /* and the following key usage flags. */
  40862. keyUsageFlags = KU_DIGITAL_SIGNATURE
  40863. | KU_NON_REPUDIATION
  40864. | KU_KEY_ENCIPHERMENT;
  40865. /* and the following extended key usage flags. */
  40866. extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME;
  40867. f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb");
  40868. AssertTrue(f != XBADFILE);
  40869. AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
  40870. XFCLOSE(f);
  40871. AssertIntEQ(X509_get_extension_flags(x509), extFlags);
  40872. AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags);
  40873. AssertIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags);
  40874. X509_free(x509);
  40875. /* client-cert-ext.pem has the following extension flags. */
  40876. extFlags = EXFLAG_KUSAGE;
  40877. /* and the following key usage flags. */
  40878. keyUsageFlags = KU_DIGITAL_SIGNATURE
  40879. | KU_KEY_CERT_SIGN
  40880. | KU_CRL_SIGN;
  40881. AssertNotNull(f = fopen("./certs/client-cert-ext.pem", "rb"));
  40882. AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
  40883. XFCLOSE(f);
  40884. AssertIntEQ(X509_get_extension_flags(x509), extFlags);
  40885. AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags);
  40886. X509_free(x509);
  40887. res = TEST_RES_CHECK(1);
  40888. #endif /* OPENSSL_ALL */
  40889. return res;
  40890. }
  40891. static int test_wolfSSL_X509_get_ext(void)
  40892. {
  40893. int res = TEST_SKIPPED;
  40894. #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
  40895. int ret = 0;
  40896. FILE* f;
  40897. WOLFSSL_X509* x509;
  40898. WOLFSSL_X509_EXTENSION* foundExtension;
  40899. AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
  40900. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  40901. fclose(f);
  40902. AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
  40903. /* wolfSSL_X509_get_ext() valid input */
  40904. AssertNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0));
  40905. /* wolfSSL_X509_get_ext() valid x509, idx out of bounds */
  40906. AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, -1));
  40907. AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, 100));
  40908. /* wolfSSL_X509_get_ext() NULL x509, idx out of bounds */
  40909. AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1));
  40910. AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100));
  40911. /* wolfSSL_X509_get_ext() NULL x509, valid idx */
  40912. AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0));
  40913. wolfSSL_X509_free(x509);
  40914. res = TEST_RES_CHECK(1);
  40915. #endif
  40916. return res;
  40917. }
  40918. static int test_wolfSSL_X509_get_ext_by_NID(void)
  40919. {
  40920. int res = TEST_SKIPPED;
  40921. #if defined(OPENSSL_ALL) && !defined(NO_RSA)
  40922. int rc;
  40923. FILE* f;
  40924. WOLFSSL_X509* x509;
  40925. ASN1_OBJECT* obj = NULL;
  40926. AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
  40927. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  40928. fclose(f);
  40929. rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
  40930. AssertIntGE(rc, 0);
  40931. /* Start search from last location (should fail) */
  40932. rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, rc);
  40933. AssertIntGE(rc, -1);
  40934. rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -2);
  40935. AssertIntGE(rc, -1);
  40936. rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, -1);
  40937. AssertIntEQ(rc, -1);
  40938. rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1);
  40939. AssertIntEQ(rc, -1);
  40940. /* NID_ext_key_usage, check also its nid and oid */
  40941. rc = wolfSSL_X509_get_ext_by_NID(x509, NID_ext_key_usage, -1);
  40942. AssertIntGT(rc, -1);
  40943. AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(wolfSSL_X509_get_ext(x509, rc)));
  40944. AssertIntEQ(obj->nid, NID_ext_key_usage);
  40945. AssertIntEQ(obj->type, EXT_KEY_USAGE_OID);
  40946. wolfSSL_X509_free(x509);
  40947. res = TEST_RES_CHECK(1);
  40948. #endif
  40949. return res;
  40950. }
  40951. static int test_wolfSSL_X509_get_ext_subj_alt_name(void)
  40952. {
  40953. int res = TEST_SKIPPED;
  40954. #if defined(OPENSSL_ALL) && !defined(NO_RSA)
  40955. int rc;
  40956. XFILE f;
  40957. WOLFSSL_X509* x509;
  40958. WOLFSSL_X509_EXTENSION* ext;
  40959. WOLFSSL_ASN1_STRING* sanString;
  40960. byte* sanDer;
  40961. const byte expectedDer[] = {
  40962. 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
  40963. 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01};
  40964. f = XFOPEN("./certs/server-cert.pem", "rb");
  40965. AssertTrue(f != XBADFILE);
  40966. AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
  40967. fclose(f);
  40968. rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1);
  40969. AssertIntNE(rc, -1);
  40970. AssertNotNull(ext = X509_get_ext(x509, rc));
  40971. AssertNotNull(sanString = X509_EXTENSION_get_data(ext));
  40972. AssertIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer));
  40973. AssertNotNull(sanDer = ASN1_STRING_data(sanString));
  40974. AssertIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0);
  40975. X509_free(x509);
  40976. res = TEST_RES_CHECK(1);
  40977. #endif
  40978. return res;
  40979. }
  40980. static int test_wolfSSL_X509_EXTENSION_new(void)
  40981. {
  40982. int res = TEST_SKIPPED;
  40983. #if defined (OPENSSL_ALL)
  40984. WOLFSSL_X509_EXTENSION* ext;
  40985. AssertNotNull(ext = wolfSSL_X509_EXTENSION_new());
  40986. AssertNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new());
  40987. ext->obj->nid = WOLFSSL_SUCCESS;
  40988. AssertIntEQ(WOLFSSL_SUCCESS, ext->obj->nid);
  40989. wolfSSL_X509_EXTENSION_free(ext);
  40990. res = TEST_RES_CHECK(1);
  40991. #endif
  40992. return res;
  40993. }
  40994. static int test_wolfSSL_X509_EXTENSION_get_object(void)
  40995. {
  40996. int res = TEST_SKIPPED;
  40997. #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
  40998. WOLFSSL_X509* x509;
  40999. WOLFSSL_X509_EXTENSION* ext;
  41000. WOLFSSL_ASN1_OBJECT* o;
  41001. FILE* file;
  41002. AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
  41003. AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
  41004. fclose(file);
  41005. /* wolfSSL_X509_EXTENSION_get_object() testing ext idx 0 */
  41006. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
  41007. AssertNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
  41008. AssertIntEQ(o->nid, 128);
  41009. /* wolfSSL_X509_EXTENSION_get_object() NULL argument */
  41010. AssertNull(o = wolfSSL_X509_EXTENSION_get_object(NULL));
  41011. wolfSSL_X509_free(x509);
  41012. res = TEST_RES_CHECK(1);
  41013. #endif
  41014. return res;
  41015. }
  41016. static int test_wolfSSL_X509_EXTENSION_get_data(void)
  41017. {
  41018. int res = TEST_SKIPPED;
  41019. #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
  41020. WOLFSSL_X509* x509;
  41021. WOLFSSL_X509_EXTENSION* ext;
  41022. WOLFSSL_ASN1_STRING* str;
  41023. FILE* file;
  41024. AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
  41025. AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
  41026. fclose(file);
  41027. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
  41028. AssertNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
  41029. wolfSSL_X509_free(x509);
  41030. res = TEST_RES_CHECK(1);
  41031. #endif
  41032. return res;
  41033. }
  41034. static int test_wolfSSL_X509_EXTENSION_get_critical(void)
  41035. {
  41036. int res = TEST_SKIPPED;
  41037. #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
  41038. WOLFSSL_X509* x509;
  41039. WOLFSSL_X509_EXTENSION* ext;
  41040. FILE* file;
  41041. int crit;
  41042. AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
  41043. AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
  41044. fclose(file);
  41045. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
  41046. crit = wolfSSL_X509_EXTENSION_get_critical(ext);
  41047. AssertIntEQ(crit, 0);
  41048. wolfSSL_X509_free(x509);
  41049. res = TEST_RES_CHECK(1);
  41050. #endif
  41051. return res;
  41052. }
  41053. static int test_wolfSSL_X509V3_EXT_print(void)
  41054. {
  41055. int res = TEST_SKIPPED;
  41056. #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \
  41057. !defined(NO_RSA)
  41058. {
  41059. FILE* f;
  41060. WOLFSSL_X509* x509;
  41061. X509_EXTENSION * ext = NULL;
  41062. int loc;
  41063. BIO *bio = NULL;
  41064. AssertNotNull(f = fopen(svrCertFile, "rb"));
  41065. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  41066. fclose(f);
  41067. AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));
  41068. loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
  41069. AssertIntGT(loc, -1);
  41070. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
  41071. AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
  41072. loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1);
  41073. AssertIntGT(loc, -1);
  41074. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
  41075. AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
  41076. loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1);
  41077. AssertIntGT(loc, -1);
  41078. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
  41079. AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
  41080. wolfSSL_BIO_free(bio);
  41081. wolfSSL_X509_free(x509);
  41082. }
  41083. {
  41084. X509 *x509;
  41085. BIO *bio;
  41086. X509_EXTENSION *ext;
  41087. unsigned int i;
  41088. unsigned int idx;
  41089. /* Some NIDs to test with */
  41090. int nids[] = {
  41091. /* NID_key_usage, currently X509_get_ext returns this as a bit
  41092. * string, which messes up X509V3_EXT_print */
  41093. /* NID_ext_key_usage, */
  41094. NID_subject_alt_name,
  41095. };
  41096. int* n;
  41097. AssertNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
  41098. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt,
  41099. WOLFSSL_FILETYPE_PEM));
  41100. fprintf(stderr, "\nPrinting extension values:\n");
  41101. for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) {
  41102. /* X509_get_ext_by_NID should return 3 for now. If that changes then
  41103. * update the index */
  41104. AssertIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3);
  41105. AssertNotNull(ext = X509_get_ext(x509, idx));
  41106. AssertIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1);
  41107. fprintf(stderr, "\n");
  41108. }
  41109. BIO_free(bio);
  41110. X509_free(x509);
  41111. }
  41112. res = TEST_RES_CHECK(1);
  41113. #endif
  41114. return res;
  41115. }
  41116. static int test_wolfSSL_X509_cmp(void)
  41117. {
  41118. int res = TEST_SKIPPED;
  41119. #if defined(OPENSSL_ALL) && !defined(NO_RSA)
  41120. FILE* file1;
  41121. FILE* file2;
  41122. WOLFSSL_X509* cert1;
  41123. WOLFSSL_X509* cert2;
  41124. AssertNotNull(file1=fopen("./certs/server-cert.pem", "rb"));
  41125. AssertNotNull(file2=fopen("./certs/3072/client-cert.pem", "rb"));
  41126. AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
  41127. AssertNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL));
  41128. fclose(file1);
  41129. fclose(file2);
  41130. /* wolfSSL_X509_cmp() testing matching certs */
  41131. AssertIntEQ(0, wolfSSL_X509_cmp(cert1, cert1));
  41132. /* wolfSSL_X509_cmp() testing mismatched certs */
  41133. AssertIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2));
  41134. /* wolfSSL_X509_cmp() testing NULL, valid args */
  41135. AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2));
  41136. /* wolfSSL_X509_cmp() testing valid, NULL args */
  41137. AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL));
  41138. /* wolfSSL_X509_cmp() testing NULL, NULL args */
  41139. AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL));
  41140. wolfSSL_X509_free(cert1);
  41141. wolfSSL_X509_free(cert2);
  41142. res = TEST_RES_CHECK(1);
  41143. #endif
  41144. return res;
  41145. }
  41146. static int test_wolfSSL_PKEY_up_ref(void)
  41147. {
  41148. int res = TEST_SKIPPED;
  41149. #if defined(OPENSSL_ALL)
  41150. EVP_PKEY* pkey;
  41151. pkey = EVP_PKEY_new();
  41152. AssertIntEQ(EVP_PKEY_up_ref(NULL), 0);
  41153. AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
  41154. EVP_PKEY_free(pkey);
  41155. AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
  41156. EVP_PKEY_free(pkey);
  41157. EVP_PKEY_free(pkey);
  41158. res = TEST_RES_CHECK(1);
  41159. #endif
  41160. return res;
  41161. }
  41162. static int test_wolfSSL_d2i_and_i2d_PublicKey(void)
  41163. {
  41164. int res = TEST_SKIPPED;
  41165. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  41166. EVP_PKEY* pkey;
  41167. const unsigned char* p;
  41168. unsigned char* der = NULL;
  41169. int derLen;
  41170. p = client_keypub_der_2048;
  41171. /* Check that key can be successfully decoded. */
  41172. AssertNotNull(pkey = wolfSSL_d2i_PublicKey(EVP_PKEY_RSA, NULL, &p,
  41173. sizeof_client_keypub_der_2048));
  41174. /* Check that key can be successfully encoded. */
  41175. AssertIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0);
  41176. /* Ensure that the encoded version matches the original. */
  41177. AssertIntEQ(derLen, sizeof_client_keypub_der_2048);
  41178. AssertIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0);
  41179. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
  41180. EVP_PKEY_free(pkey);
  41181. res = TEST_RES_CHECK(1);
  41182. #endif
  41183. return res;
  41184. }
  41185. static int test_wolfSSL_d2i_and_i2d_DSAparams(void)
  41186. {
  41187. int res = TEST_SKIPPED;
  41188. #if defined(OPENSSL_EXTRA) && !defined(NO_DSA)
  41189. DSA* dsa;
  41190. char file[] = "./certs/dsaparams.der";
  41191. XFILE f;
  41192. int derInLen;
  41193. byte* derIn;
  41194. int derOutLen;
  41195. byte* derOut = NULL;
  41196. f = XFOPEN(file, "rb");
  41197. AssertTrue(f != XBADFILE);
  41198. AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
  41199. derInLen = (int)XFTELL(f);
  41200. XREWIND(f);
  41201. AssertNotNull(derIn = (byte*)XMALLOC(derInLen, HEAP_HINT,
  41202. DYNAMIC_TYPE_TMP_BUFFER));
  41203. AssertIntEQ(XFREAD(derIn, 1, derInLen, f), derInLen);
  41204. XFCLOSE(f);
  41205. /* Check that params can be successfully decoded. */
  41206. AssertNotNull(dsa = d2i_DSAparams(NULL, (const byte**)&derIn, derInLen));
  41207. /* Check that params can be successfully encoded. */
  41208. AssertIntGE((derOutLen = i2d_DSAparams(dsa, &derOut)), 0);
  41209. /* Ensure that the encoded version matches the original. */
  41210. AssertIntEQ(derInLen, derOutLen);
  41211. AssertIntEQ(XMEMCMP(derIn, derOut, derInLen), 0);
  41212. XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  41213. XFREE(derOut, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
  41214. DSA_free(dsa);
  41215. res = TEST_RES_CHECK(1);
  41216. #endif
  41217. return res;
  41218. }
  41219. static int test_wolfSSL_i2d_PrivateKey(void)
  41220. {
  41221. int res = TEST_SKIPPED;
  41222. #if (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_PWDBASED)
  41223. #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
  41224. {
  41225. EVP_PKEY* pkey;
  41226. const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
  41227. unsigned char buf[FOURK_BUF];
  41228. unsigned char* pt = NULL;
  41229. int bufSz;
  41230. AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key,
  41231. (long)sizeof_server_key_der_2048));
  41232. AssertIntEQ(i2d_PrivateKey(pkey, NULL), 1193);
  41233. pt = buf;
  41234. AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 1193);
  41235. AssertIntNE((pt - buf), 0);
  41236. AssertIntEQ(XMEMCMP(buf, server_key_der_2048, bufSz), 0);
  41237. EVP_PKEY_free(pkey);
  41238. }
  41239. #endif
  41240. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  41241. {
  41242. EVP_PKEY* pkey;
  41243. const unsigned char* client_key =
  41244. (const unsigned char*)ecc_clikey_der_256;
  41245. unsigned char buf[FOURK_BUF];
  41246. unsigned char* pt = NULL;
  41247. int bufSz;
  41248. AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key,
  41249. sizeof_ecc_clikey_der_256)));
  41250. AssertIntEQ(i2d_PrivateKey(pkey, NULL), 121);
  41251. pt = buf;
  41252. AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 121);
  41253. AssertIntNE((pt - buf), 0);
  41254. AssertIntEQ(XMEMCMP(buf, ecc_clikey_der_256, bufSz), 0);
  41255. EVP_PKEY_free(pkey);
  41256. }
  41257. #endif
  41258. res = TEST_RES_CHECK(1);
  41259. #endif
  41260. return res;
  41261. }
  41262. static int test_wolfSSL_OCSP_id_get0_info(void)
  41263. {
  41264. int res = TEST_SKIPPED;
  41265. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) && \
  41266. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  41267. X509* cert;
  41268. X509* issuer;
  41269. OCSP_CERTID* id;
  41270. OCSP_CERTID* id2;
  41271. ASN1_STRING* name = NULL;
  41272. ASN1_OBJECT* pmd = NULL;
  41273. ASN1_STRING* keyHash = NULL;
  41274. ASN1_INTEGER* serial = NULL;
  41275. ASN1_INTEGER* x509Int;
  41276. AssertNotNull(cert =
  41277. wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM));
  41278. AssertNotNull(issuer =
  41279. wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM));
  41280. id = OCSP_cert_to_id(NULL, cert, issuer);
  41281. AssertNotNull(id);
  41282. id2 = OCSP_cert_to_id(NULL, cert, issuer);
  41283. AssertNotNull(id2);
  41284. AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, NULL), 0);
  41285. AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, id), 1);
  41286. /* name, pmd, keyHash not supported yet, expect failure if not NULL */
  41287. AssertIntEQ(OCSP_id_get0_info(&name, NULL, NULL, NULL, id), 0);
  41288. AssertIntEQ(OCSP_id_get0_info(NULL, &pmd, NULL, NULL, id), 0);
  41289. AssertIntEQ(OCSP_id_get0_info(NULL, NULL, &keyHash, NULL, id), 0);
  41290. AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, &serial, id), 1);
  41291. AssertNotNull(serial);
  41292. /* compare serial number to one in cert, should be equal */
  41293. x509Int = X509_get_serialNumber(cert);
  41294. AssertNotNull(x509Int);
  41295. AssertIntEQ(x509Int->length, serial->length);
  41296. AssertIntEQ(XMEMCMP(x509Int->data, serial->data, serial->length), 0);
  41297. /* test OCSP_id_cmp */
  41298. AssertIntNE(OCSP_id_cmp(NULL, NULL), 0);
  41299. AssertIntNE(OCSP_id_cmp(id, NULL), 0);
  41300. AssertIntNE(OCSP_id_cmp(NULL, id2), 0);
  41301. AssertIntEQ(OCSP_id_cmp(id, id2), 0);
  41302. id->issuerHash[0] = ~id->issuerHash[0];
  41303. AssertIntNE(OCSP_id_cmp(id, id2), 0);
  41304. OCSP_CERTID_free(id);
  41305. OCSP_CERTID_free(id2);
  41306. X509_free(cert); /* free's x509Int */
  41307. X509_free(issuer);
  41308. res = TEST_RES_CHECK(1);
  41309. #endif
  41310. return res;
  41311. }
  41312. static int test_wolfSSL_i2d_OCSP_CERTID(void)
  41313. {
  41314. int res = TEST_SKIPPED;
  41315. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP)
  41316. WOLFSSL_OCSP_CERTID certId;
  41317. byte* targetBuffer;
  41318. byte* beginTargetBuffer;
  41319. /* OCSP CertID bytes taken from PCAP */
  41320. byte rawCertId[] = {
  41321. 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
  41322. 0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d,
  41323. 0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04,
  41324. 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3,
  41325. 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01,
  41326. 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b,
  41327. 0xcf, 0xbc, 0x91
  41328. };
  41329. int ret, i;
  41330. XMEMSET(&certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
  41331. certId.rawCertId = rawCertId;
  41332. certId.rawCertIdSize = sizeof(rawCertId);
  41333. targetBuffer = (byte*)XMALLOC(sizeof(rawCertId), NULL, DYNAMIC_TYPE_TMP_BUFFER);
  41334. beginTargetBuffer = targetBuffer;
  41335. ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer);
  41336. /* If target buffer is not null, function increments targetBuffer to point
  41337. just past the end of the encoded data. */
  41338. AssertPtrEq(targetBuffer, (beginTargetBuffer + sizeof(rawCertId)));
  41339. /* Function returns the size of the encoded data. */
  41340. AssertIntEQ(ret, sizeof(rawCertId));
  41341. for (i = 0; i < ret; ++i)
  41342. {
  41343. AssertIntEQ(beginTargetBuffer[i], rawCertId[i]);
  41344. }
  41345. XFREE(beginTargetBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  41346. targetBuffer = NULL;
  41347. ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer);
  41348. /* If target buffer is null, function allocates memory for a buffer and
  41349. copies the encoded data into it. targetBuffer then points to the start of
  41350. this newly allocate buffer. */
  41351. AssertIntEQ(ret, sizeof(rawCertId));
  41352. for (i = 0; i < ret; ++i)
  41353. {
  41354. AssertIntEQ(targetBuffer[i], rawCertId[i]);
  41355. }
  41356. XFREE(targetBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
  41357. res = TEST_RES_CHECK(1);
  41358. #endif
  41359. return res;
  41360. }
  41361. static int test_wolfSSL_d2i_OCSP_CERTID(void)
  41362. {
  41363. int res = TEST_SKIPPED;
  41364. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP)
  41365. WOLFSSL_OCSP_CERTID* certId;
  41366. WOLFSSL_OCSP_CERTID* certIdBad;
  41367. const unsigned char* rawCertIdPtr;
  41368. const unsigned char rawCertId[] = {
  41369. 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
  41370. 0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d,
  41371. 0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04,
  41372. 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3,
  41373. 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01,
  41374. 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b,
  41375. 0xcf, 0xbc, 0x91
  41376. };
  41377. rawCertIdPtr = &rawCertId[0];
  41378. /* If the cert ID is NULL the function should allocate it and copy the
  41379. * data to it. */
  41380. certId = NULL;
  41381. certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, sizeof(rawCertId));
  41382. AssertNotNull(certId);
  41383. AssertIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
  41384. XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
  41385. XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
  41386. /* If the cert ID is not NULL the function will just copy the data to it. */
  41387. certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*certId), NULL,
  41388. DYNAMIC_TYPE_TMP_BUFFER);
  41389. AssertNotNull(certId);
  41390. XMEMSET(certId, 0, sizeof(*certId));
  41391. /* Reset rawCertIdPtr since it was push forward in the previous call. */
  41392. rawCertIdPtr = &rawCertId[0];
  41393. certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, sizeof(rawCertId));
  41394. AssertNotNull(certId);
  41395. AssertIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
  41396. XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
  41397. XFREE(certId, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  41398. /* The below tests should fail when passed bad parameters. NULL should
  41399. * always be returned. */
  41400. certIdBad = wolfSSL_d2i_OCSP_CERTID(NULL, &rawCertIdPtr, sizeof(rawCertId));
  41401. AssertNull(certIdBad);
  41402. certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, NULL, sizeof(rawCertId));
  41403. AssertNull(certIdBad);
  41404. certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, 0);
  41405. AssertNull(certIdBad);
  41406. res = TEST_RES_CHECK(1);
  41407. #endif
  41408. return res;
  41409. }
  41410. static int test_wolfSSL_OCSP_id_cmp(void)
  41411. {
  41412. int res = TEST_SKIPPED;
  41413. #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
  41414. OCSP_CERTID id1;
  41415. OCSP_CERTID id2;
  41416. XMEMSET(&id1, 0, sizeof(id1));
  41417. XMEMSET(&id2, 0, sizeof(id2));
  41418. AssertIntEQ(OCSP_id_cmp(&id1, &id2), 0);
  41419. res = TEST_RES_CHECK(1);
  41420. #endif
  41421. return res;
  41422. }
  41423. static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
  41424. {
  41425. int res = TEST_SKIPPED;
  41426. #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
  41427. WOLFSSL_OCSP_SINGLERESP single;
  41428. const WOLFSSL_OCSP_CERTID* certId;
  41429. XMEMSET(&single, 0, sizeof(single));
  41430. certId = wolfSSL_OCSP_SINGLERESP_get0_id(&single);
  41431. AssertPtrEq(&single, certId);
  41432. res = TEST_RES_CHECK(1);
  41433. #endif
  41434. return res;
  41435. }
  41436. static int test_wolfSSL_OCSP_single_get0_status(void)
  41437. {
  41438. int res = TEST_SKIPPED;
  41439. #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
  41440. WOLFSSL_OCSP_SINGLERESP single;
  41441. CertStatus certStatus;
  41442. WOLFSSL_ASN1_TIME* thisDate;
  41443. WOLFSSL_ASN1_TIME* nextDate;
  41444. int ret, i;
  41445. XMEMSET(&single, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
  41446. XMEMSET(&certStatus, 0, sizeof(CertStatus));
  41447. /* Fill the date fields with some dummy data. */
  41448. for (i = 0; i < CTC_DATE_SIZE; ++i) {
  41449. certStatus.thisDateParsed.data[i] = i;
  41450. certStatus.nextDateParsed.data[i] = i;
  41451. }
  41452. certStatus.status = CERT_GOOD;
  41453. single.status = &certStatus;
  41454. ret = wolfSSL_OCSP_single_get0_status(&single, NULL, NULL, &thisDate,
  41455. &nextDate);
  41456. AssertIntEQ(ret, CERT_GOOD);
  41457. AssertPtrEq(thisDate, &certStatus.thisDateParsed);
  41458. AssertPtrEq(nextDate, &certStatus.nextDateParsed);
  41459. res = TEST_RES_CHECK(1);
  41460. #endif
  41461. return res;
  41462. }
  41463. static int test_wolfSSL_OCSP_resp_count(void)
  41464. {
  41465. int res = TEST_SKIPPED;
  41466. #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
  41467. WOLFSSL_OCSP_BASICRESP basicResp;
  41468. WOLFSSL_OCSP_SINGLERESP singleRespOne;
  41469. WOLFSSL_OCSP_SINGLERESP singleRespTwo;
  41470. int count;
  41471. XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP));
  41472. XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
  41473. XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
  41474. count = wolfSSL_OCSP_resp_count(&basicResp);
  41475. AssertIntEQ(count, 0);
  41476. basicResp.single = &singleRespOne;
  41477. count = wolfSSL_OCSP_resp_count(&basicResp);
  41478. AssertIntEQ(count, 1);
  41479. singleRespOne.next = &singleRespTwo;
  41480. count = wolfSSL_OCSP_resp_count(&basicResp);
  41481. AssertIntEQ(count, 2);
  41482. res = TEST_RES_CHECK(1);
  41483. #endif
  41484. return res;
  41485. }
  41486. static int test_wolfSSL_OCSP_resp_get0(void)
  41487. {
  41488. int res = TEST_SKIPPED;
  41489. #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
  41490. WOLFSSL_OCSP_BASICRESP basicResp;
  41491. WOLFSSL_OCSP_SINGLERESP singleRespOne;
  41492. WOLFSSL_OCSP_SINGLERESP singleRespTwo;
  41493. WOLFSSL_OCSP_SINGLERESP* ret;
  41494. XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP));
  41495. XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
  41496. XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
  41497. basicResp.single = &singleRespOne;
  41498. singleRespOne.next = &singleRespTwo;
  41499. ret = wolfSSL_OCSP_resp_get0(&basicResp, 0);
  41500. AssertPtrEq(ret, &singleRespOne);
  41501. ret = wolfSSL_OCSP_resp_get0(&basicResp, 1);
  41502. AssertPtrEq(ret, &singleRespTwo);
  41503. res = TEST_RES_CHECK(1);
  41504. #endif
  41505. return res;
  41506. }
  41507. static int test_wolfSSL_EVP_PKEY_derive(void)
  41508. {
  41509. int res = TEST_SKIPPED;
  41510. #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
  41511. #if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC)
  41512. EVP_PKEY_CTX *ctx;
  41513. unsigned char *skey;
  41514. size_t skeylen;
  41515. EVP_PKEY *pkey, *peerkey;
  41516. const unsigned char* key;
  41517. #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
  41518. /* DH */
  41519. key = dh_key_der_2048;
  41520. AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
  41521. sizeof_dh_key_der_2048)));
  41522. AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1);
  41523. key = dh_key_der_2048;
  41524. AssertNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
  41525. sizeof_dh_key_der_2048)));
  41526. AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1);
  41527. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  41528. AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
  41529. AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
  41530. AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
  41531. AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
  41532. AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
  41533. EVP_PKEY_CTX_free(ctx);
  41534. EVP_PKEY_free(peerkey);
  41535. EVP_PKEY_free(pkey);
  41536. XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
  41537. #endif
  41538. #ifdef HAVE_ECC
  41539. /* ECDH */
  41540. key = ecc_clikey_der_256;
  41541. AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key,
  41542. sizeof_ecc_clikey_der_256)));
  41543. key = ecc_clikeypub_der_256;
  41544. AssertNotNull((peerkey = d2i_PUBKEY(NULL, &key,
  41545. sizeof_ecc_clikeypub_der_256)));
  41546. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  41547. AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
  41548. AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
  41549. AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
  41550. AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
  41551. AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
  41552. EVP_PKEY_CTX_free(ctx);
  41553. EVP_PKEY_free(peerkey);
  41554. EVP_PKEY_free(pkey);
  41555. XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
  41556. #endif /* HAVE_ECC */
  41557. res = TEST_RES_CHECK(1);
  41558. #endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */
  41559. #endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
  41560. return res;
  41561. }
  41562. static int test_wolfSSL_EVP_PBE_scrypt(void)
  41563. {
  41564. int res = TEST_SKIPPED;
  41565. #if defined(OPENSSL_EXTRA) && defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && \
  41566. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 5))
  41567. #if !defined(NO_PWDBASED) && !defined(NO_SHA256)
  41568. int ret;
  41569. const char pwd[] = {'p','a','s','s','w','o','r','d'};
  41570. int pwdlen = sizeof(pwd);
  41571. const byte salt[] = {'N','a','C','l'};
  41572. int saltlen = sizeof(salt);
  41573. byte key[80];
  41574. word64 numOvr32 = (word64)INT32_MAX + 1;
  41575. /* expected derived key for N:16, r:1, p:1 */
  41576. const byte expectedKey[] = {
  41577. 0xAE, 0xC6, 0xB7, 0x48, 0x3E, 0xD2, 0x6E, 0x08, 0x80, 0x2B,
  41578. 0x41, 0xF4, 0x03, 0x20, 0x86, 0xA0, 0xE8, 0x86, 0xBE, 0x7A,
  41579. 0xC4, 0x8F, 0xCF, 0xD9, 0x2F, 0xF0, 0xCE, 0xF8, 0x10, 0x97,
  41580. 0x52, 0xF4, 0xAC, 0x74, 0xB0, 0x77, 0x26, 0x32, 0x56, 0xA6,
  41581. 0x5A, 0x99, 0x70, 0x1B, 0x7A, 0x30, 0x4D, 0x46, 0x61, 0x1C,
  41582. 0x8A, 0xA3, 0x91, 0xE7, 0x99, 0xCE, 0x10, 0xA2, 0x77, 0x53,
  41583. 0xE7, 0xE9, 0xC0, 0x9A};
  41584. /* N r p mx key keylen */
  41585. ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 0, 1, 1, 0, key, 64);
  41586. AssertIntEQ(ret, 0); /* N must be greater than 1 */
  41587. ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 3, 1, 1, 0, key, 64);
  41588. AssertIntEQ(ret, 0); /* N must be power of 2 */
  41589. ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 0, 1, 0, key, 64);
  41590. AssertIntEQ(ret, 0); /* r must be greater than 0 */
  41591. ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 0, 0, key, 64);
  41592. AssertIntEQ(ret, 0); /* p must be greater than 0 */
  41593. ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 0);
  41594. AssertIntEQ(ret, 0); /* keylen must be greater than 0 */
  41595. ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 9, 1, 0, key, 64);
  41596. AssertIntEQ(ret, 0); /* r must be smaller than 9 */
  41597. ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, NULL, 64);
  41598. AssertIntEQ(ret, 1); /* should succeed if key is NULL */
  41599. ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 64);
  41600. AssertIntEQ(ret, 1); /* should succeed */
  41601. ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, numOvr32, 1, 0,
  41602. key, 64);
  41603. AssertIntEQ(ret, 0); /* should fail since r is greater than INT32_MAC */
  41604. ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, numOvr32, 0,
  41605. key, 64);
  41606. AssertIntEQ(ret, 0); /* should fail since p is greater than INT32_MAC */
  41607. ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 0, 2, 1, 1, 0, key, 64);
  41608. AssertIntEQ(ret, 1); /* should succeed even if salt is NULL */
  41609. ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 4, 2, 1, 1, 0, key, 64);
  41610. AssertIntEQ(ret, 0); /* if salt is NULL, saltlen must be 0, otherwise fail*/
  41611. ret = EVP_PBE_scrypt(NULL, 0, salt, saltlen, 2, 1, 1, 0, key, 64);
  41612. AssertIntEQ(ret, 1); /* should succeed if pwd is NULL and pwdlen is 0*/
  41613. ret = EVP_PBE_scrypt(NULL, 4, salt, saltlen, 2, 1, 1, 0, key, 64);
  41614. AssertIntEQ(ret, 0); /* if pwd is NULL, pwdlen must be 0 */
  41615. ret = EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 1, 1, 0, key, 64);
  41616. AssertIntEQ(ret, 1); /* should succeed even both pwd and salt are NULL */
  41617. ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 16, 1, 1, 0, key, 64);
  41618. AssertIntEQ(ret, 1);
  41619. ret = XMEMCMP(expectedKey, key, sizeof(expectedKey));
  41620. AssertIntEQ(ret, 0); /* derived key must be the same as expected-key */
  41621. res = TEST_RES_CHECK(1);
  41622. #endif /* !NO_PWDBASED && !NO_SHA256 */
  41623. #endif /* OPENSSL_EXTRA && HAVE_SCRYPT && HAVE_PBKDF2 */
  41624. return res;
  41625. }
  41626. static int test_wolfSSL_EC_get_builtin_curves(void)
  41627. {
  41628. int res = TEST_SKIPPED;
  41629. #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
  41630. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  41631. EC_builtin_curve* curves = NULL;
  41632. size_t crv_len = 0;
  41633. size_t i = 0;
  41634. AssertIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0);
  41635. AssertNotNull(curves = (EC_builtin_curve*)
  41636. XMALLOC(sizeof(EC_builtin_curve)*crv_len, NULL,
  41637. DYNAMIC_TYPE_TMP_BUFFER));
  41638. AssertIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len);
  41639. for (i = 0; i < crv_len; i++)
  41640. {
  41641. if (curves[i].comment != NULL)
  41642. AssertStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment);
  41643. }
  41644. XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  41645. res = TEST_RES_CHECK(1);
  41646. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  41647. #endif /* defined(HAVE_ECC) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
  41648. return res;
  41649. }
  41650. static int test_no_op_functions(void)
  41651. {
  41652. int res = TEST_SKIPPED;
  41653. #if defined(OPENSSL_EXTRA)
  41654. /* this makes sure wolfSSL can compile and run these no-op functions */
  41655. SSL_load_error_strings();
  41656. ENGINE_load_builtin_engines();
  41657. OpenSSL_add_all_ciphers();
  41658. AssertIntEQ(CRYPTO_malloc_init(), 0);
  41659. res = TEST_RES_CHECK(1);
  41660. #endif
  41661. return res;
  41662. }
  41663. static int test_wolfSSL_CRYPTO_memcmp(void)
  41664. {
  41665. int res = TEST_SKIPPED;
  41666. #ifdef OPENSSL_EXTRA
  41667. char a[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
  41668. "implementation of TLS/SSL for embedded devices to the cloud.";
  41669. char b[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
  41670. "implementation of TLS/SSL for embedded devices to the cloud.";
  41671. char c[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
  41672. "implementation of TLS/SSL for embedded devices to the cloud!";
  41673. AssertIntEQ(CRYPTO_memcmp(a, b, sizeof(a)), 0);
  41674. AssertIntNE(CRYPTO_memcmp(a, c, sizeof(a)), 0);
  41675. res = TEST_RES_CHECK(1);
  41676. #endif
  41677. return res;
  41678. }
  41679. /*----------------------------------------------------------------------------*
  41680. | wolfCrypt ASN
  41681. *----------------------------------------------------------------------------*/
  41682. static int test_wc_CreateEncryptedPKCS8Key(void)
  41683. {
  41684. int res = TEST_SKIPPED;
  41685. #if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \
  41686. && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA)
  41687. WC_RNG rng;
  41688. byte* encKey = NULL;
  41689. word32 encKeySz = 0;
  41690. word32 decKeySz = 0;
  41691. const char password[] = "Lorem ipsum dolor sit amet";
  41692. word32 passwordSz = (word32)XSTRLEN(password);
  41693. word32 tradIdx = 0;
  41694. AssertIntEQ(wc_InitRng(&rng), 0);
  41695. /* Call with NULL for out buffer to get necessary length. */
  41696. AssertIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
  41697. sizeof_server_key_der_2048, NULL, &encKeySz, password, passwordSz,
  41698. PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
  41699. LENGTH_ONLY_E);
  41700. AssertNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT,
  41701. DYNAMIC_TYPE_TMP_BUFFER));
  41702. /* Call with the allocated out buffer. */
  41703. AssertIntGT(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
  41704. sizeof_server_key_der_2048, encKey, &encKeySz, password, passwordSz,
  41705. PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
  41706. 0);
  41707. /* Decrypt the encrypted PKCS8 key we just made. */
  41708. AssertIntGT((decKeySz = wc_DecryptPKCS8Key(encKey, encKeySz, password,
  41709. passwordSz)), 0);
  41710. /* encKey now holds the decrypted key (decrypted in place). */
  41711. AssertIntGT(wc_GetPkcs8TraditionalOffset(encKey, &tradIdx, decKeySz), 0);
  41712. /* Check that the decrypted key matches the key prior to encryption. */
  41713. AssertIntEQ(XMEMCMP(encKey + tradIdx, server_key_der_2048,
  41714. sizeof_server_key_der_2048), 0);
  41715. if (encKey != NULL)
  41716. XFREE(encKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  41717. wc_FreeRng(&rng);
  41718. res = TEST_RES_CHECK(1);
  41719. #endif
  41720. return res;
  41721. }
  41722. static int test_wc_GetPkcs8TraditionalOffset(void)
  41723. {
  41724. int res = TEST_SKIPPED;
  41725. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(HAVE_PKCS8)
  41726. int length, derSz;
  41727. word32 inOutIdx;
  41728. const char* path = "./certs/server-keyPkcs8.der";
  41729. XFILE file;
  41730. byte der[2048];
  41731. file = XFOPEN(path, "rb");
  41732. AssertTrue(file != XBADFILE);
  41733. derSz = (int)XFREAD(der, 1, sizeof(der), file);
  41734. XFCLOSE(file);
  41735. /* valid case */
  41736. inOutIdx = 0;
  41737. length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
  41738. AssertIntGT(length, 0);
  41739. /* inOutIdx > sz */
  41740. inOutIdx = 4000;
  41741. length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
  41742. AssertIntEQ(length, BAD_FUNC_ARG);
  41743. /* null input */
  41744. inOutIdx = 0;
  41745. length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0);
  41746. AssertIntEQ(length, BAD_FUNC_ARG);
  41747. /* invalid input, fill buffer with 1's */
  41748. XMEMSET(der, 1, sizeof(der));
  41749. inOutIdx = 0;
  41750. length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
  41751. AssertIntEQ(length, ASN_PARSE_E);
  41752. res = TEST_RES_CHECK(1);
  41753. #endif /* NO_ASN */
  41754. return res;
  41755. }
  41756. static int test_wc_SetSubjectRaw(void)
  41757. {
  41758. int res = TEST_SKIPPED;
  41759. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  41760. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
  41761. const char* joiCertFile = "./certs/test/cert-ext-joi.der";
  41762. WOLFSSL_X509* x509;
  41763. int peerCertSz;
  41764. const byte* peerCertBuf;
  41765. Cert forgedCert;
  41766. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));
  41767. AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
  41768. AssertIntEQ(0, wc_InitCert(&forgedCert));
  41769. AssertIntEQ(0, wc_SetSubjectRaw(&forgedCert, peerCertBuf, peerCertSz));
  41770. wolfSSL_FreeX509(x509);
  41771. res = TEST_RES_CHECK(1);
  41772. #endif
  41773. return res;
  41774. }
  41775. static int test_wc_GetSubjectRaw(void)
  41776. {
  41777. int res = TEST_SKIPPED;
  41778. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  41779. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
  41780. Cert cert;
  41781. byte *subjectRaw;
  41782. AssertIntEQ(0, wc_InitCert(&cert));
  41783. AssertIntEQ(0, wc_GetSubjectRaw(&subjectRaw, &cert));
  41784. res = TEST_RES_CHECK(1);
  41785. #endif
  41786. return res;
  41787. }
  41788. static int test_wc_SetIssuerRaw(void)
  41789. {
  41790. int res = TEST_SKIPPED;
  41791. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  41792. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
  41793. const char* joiCertFile = "./certs/test/cert-ext-joi.der";
  41794. WOLFSSL_X509* x509;
  41795. int peerCertSz;
  41796. const byte* peerCertBuf;
  41797. Cert forgedCert;
  41798. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));
  41799. AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
  41800. AssertIntEQ(0, wc_InitCert(&forgedCert));
  41801. AssertIntEQ(0, wc_SetIssuerRaw(&forgedCert, peerCertBuf, peerCertSz));
  41802. wolfSSL_FreeX509(x509);
  41803. res = TEST_RES_CHECK(1);
  41804. #endif
  41805. return res;
  41806. }
  41807. static int test_wc_SetIssueBuffer(void)
  41808. {
  41809. int res = TEST_SKIPPED;
  41810. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  41811. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
  41812. const char* joiCertFile = "./certs/test/cert-ext-joi.der";
  41813. WOLFSSL_X509* x509;
  41814. int peerCertSz;
  41815. const byte* peerCertBuf;
  41816. Cert forgedCert;
  41817. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));
  41818. AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
  41819. AssertIntEQ(0, wc_InitCert(&forgedCert));
  41820. AssertIntEQ(0, wc_SetIssuerBuffer(&forgedCert, peerCertBuf, peerCertSz));
  41821. wolfSSL_FreeX509(x509);
  41822. res = TEST_RES_CHECK(1);
  41823. #endif
  41824. return res;
  41825. }
  41826. /*
  41827. * Testing wc_SetSubjectKeyId
  41828. */
  41829. static int test_wc_SetSubjectKeyId(void)
  41830. {
  41831. int res = TEST_SKIPPED;
  41832. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  41833. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && defined(HAVE_ECC)
  41834. Cert cert;
  41835. const char* file = "certs/ecc-client-keyPub.pem";
  41836. AssertIntEQ(0, wc_InitCert(&cert));
  41837. AssertIntEQ(0, wc_SetSubjectKeyId(&cert, file));
  41838. AssertIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file));
  41839. AssertIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name"));
  41840. res = TEST_RES_CHECK(1);
  41841. #endif
  41842. return res;
  41843. } /* END test_wc_SetSubjectKeyId */
  41844. /*
  41845. * Testing wc_SetSubject
  41846. */
  41847. static int test_wc_SetSubject(void)
  41848. {
  41849. int res = TEST_SKIPPED;
  41850. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  41851. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && defined(HAVE_ECC)
  41852. Cert cert;
  41853. const char* file = "./certs/ca-ecc-cert.pem";
  41854. AssertIntEQ(0, wc_InitCert(&cert));
  41855. AssertIntEQ(0, wc_SetSubject(&cert, file));
  41856. AssertIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file));
  41857. AssertIntGT(0, wc_SetSubject(&cert, "badfile.name"));
  41858. res = TEST_RES_CHECK(1);
  41859. #endif
  41860. return res;
  41861. } /* END test_wc_SetSubject */
  41862. static int test_CheckCertSignature(void)
  41863. {
  41864. int res = TEST_SKIPPED;
  41865. #if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY)
  41866. WOLFSSL_CERT_MANAGER* cm = NULL;
  41867. #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
  41868. FILE* fp;
  41869. byte cert[4096];
  41870. int certSz;
  41871. #endif
  41872. AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL));
  41873. AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
  41874. AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm));
  41875. #ifndef NO_RSA
  41876. #ifdef USE_CERT_BUFFERS_1024
  41877. AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024,
  41878. sizeof_server_cert_der_1024, NULL, cm));
  41879. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
  41880. ca_cert_der_1024, sizeof_ca_cert_der_1024,
  41881. WOLFSSL_FILETYPE_ASN1));
  41882. AssertIntEQ(0, CheckCertSignature(server_cert_der_1024,
  41883. sizeof_server_cert_der_1024, NULL, cm));
  41884. #elif defined(USE_CERT_BUFFERS_2048)
  41885. AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048,
  41886. sizeof_server_cert_der_2048, NULL, cm));
  41887. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
  41888. ca_cert_der_2048, sizeof_ca_cert_der_2048,
  41889. WOLFSSL_FILETYPE_ASN1));
  41890. AssertIntEQ(0, CheckCertSignature(server_cert_der_2048,
  41891. sizeof_server_cert_der_2048, NULL, cm));
  41892. #endif
  41893. #endif
  41894. #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  41895. AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256,
  41896. sizeof_serv_ecc_der_256, NULL, cm));
  41897. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
  41898. ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
  41899. WOLFSSL_FILETYPE_ASN1));
  41900. AssertIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
  41901. NULL, cm));
  41902. #endif
  41903. #if !defined(NO_FILESYSTEM)
  41904. wolfSSL_CertManagerFree(cm);
  41905. AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
  41906. #ifndef NO_RSA
  41907. AssertNotNull(fp = XFOPEN("./certs/server-cert.der", "rb"));
  41908. AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
  41909. XFCLOSE(fp);
  41910. AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
  41911. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
  41912. "./certs/ca-cert.pem", NULL));
  41913. AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
  41914. #endif
  41915. #ifdef HAVE_ECC
  41916. AssertNotNull(fp = XFOPEN("./certs/server-ecc.der", "rb"));
  41917. AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
  41918. XFCLOSE(fp);
  41919. AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
  41920. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
  41921. "./certs/ca-ecc-cert.pem", NULL));
  41922. AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
  41923. #endif
  41924. #endif
  41925. #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
  41926. (void)fp;
  41927. (void)cert;
  41928. (void)certSz;
  41929. #endif
  41930. wolfSSL_CertManagerFree(cm);
  41931. res = TEST_RES_CHECK(1);
  41932. #endif
  41933. return res;
  41934. }
  41935. static int test_wc_ParseCert(void)
  41936. {
  41937. int res = TEST_SKIPPED;
  41938. #if !defined(NO_CERTS) && !defined(NO_RSA)
  41939. DecodedCert decodedCert;
  41940. const byte* rawCert = client_cert_der_2048;
  41941. const int rawCertSize = sizeof_client_cert_der_2048;
  41942. wc_InitDecodedCert(&decodedCert, rawCert, rawCertSize, NULL);
  41943. AssertIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0);
  41944. #ifndef IGNORE_NAME_CONSTRAINTS
  41945. /* check that the subjects emailAddress was not put in the alt name list */
  41946. AssertNotNull(decodedCert.subjectEmail);
  41947. AssertNull(decodedCert.altEmailNames);
  41948. #endif
  41949. wc_FreeDecodedCert(&decodedCert);
  41950. res = TEST_RES_CHECK(1);
  41951. #endif
  41952. return res;
  41953. }
  41954. static int test_MakeCertWithPathLen(void)
  41955. {
  41956. int res = TEST_SKIPPED;
  41957. #if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && defined(HAVE_ECC)
  41958. const byte expectedPathLen = 7;
  41959. Cert cert;
  41960. DecodedCert decodedCert;
  41961. byte der[FOURK_BUF];
  41962. int derSize = 0;
  41963. WC_RNG rng;
  41964. ecc_key key;
  41965. AssertIntEQ(wc_InitRng(&rng), 0);
  41966. AssertIntEQ(wc_ecc_init(&key), 0);
  41967. AssertIntEQ(wc_ecc_make_key(&rng, 32, &key), 0);
  41968. AssertIntEQ(wc_InitCert(&cert), 0);
  41969. (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE);
  41970. (void)XSTRNCPY(cert.subject.state, "state", CTC_NAME_SIZE);
  41971. (void)XSTRNCPY(cert.subject.locality, "Bozeman", CTC_NAME_SIZE);
  41972. (void)XSTRNCPY(cert.subject.org, "yourOrgNameHere", CTC_NAME_SIZE);
  41973. (void)XSTRNCPY(cert.subject.unit, "yourUnitNameHere", CTC_NAME_SIZE);
  41974. (void)XSTRNCPY(cert.subject.commonName, "www.yourDomain.com", CTC_NAME_SIZE);
  41975. (void)XSTRNCPY(cert.subject.email, "yourEmail@yourDomain.com", CTC_NAME_SIZE);
  41976. cert.selfSigned = 1;
  41977. cert.isCA = 1;
  41978. cert.pathLen = expectedPathLen;
  41979. cert.pathLenSet = 1;
  41980. cert.sigType = CTC_SHA256wECDSA;
  41981. #ifdef WOLFSSL_CERT_EXT
  41982. cert.keyUsage |= KEYUSE_KEY_CERT_SIGN;
  41983. #endif
  41984. AssertIntGE(wc_MakeCert(&cert, der, FOURK_BUF, NULL, &key, &rng), 0);
  41985. derSize = wc_SignCert(cert.bodySz, cert.sigType, der, FOURK_BUF, NULL,
  41986. &key, &rng);
  41987. AssertIntGE(derSize, 0);
  41988. wc_InitDecodedCert(&decodedCert, der, derSize, NULL);
  41989. AssertIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0);
  41990. AssertIntEQ(decodedCert.pathLength, expectedPathLen);
  41991. wc_FreeDecodedCert(&decodedCert);
  41992. AssertIntEQ(wc_ecc_free(&key), 0);
  41993. AssertIntEQ(wc_FreeRng(&rng), 0);
  41994. res = TEST_RES_CHECK(1);
  41995. #endif
  41996. return res;
  41997. }
  41998. /*----------------------------------------------------------------------------*
  41999. | wolfCrypt ECC
  42000. *----------------------------------------------------------------------------*/
  42001. static int test_wc_ecc_get_curve_size_from_name(void)
  42002. {
  42003. int res = TEST_SKIPPED;
  42004. #ifdef HAVE_ECC
  42005. int ret;
  42006. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  42007. ret = wc_ecc_get_curve_size_from_name("SECP256R1");
  42008. AssertIntEQ(ret, 32);
  42009. #endif
  42010. /* invalid case */
  42011. ret = wc_ecc_get_curve_size_from_name("BADCURVE");
  42012. AssertIntEQ(ret, -1);
  42013. /* NULL input */
  42014. ret = wc_ecc_get_curve_size_from_name(NULL);
  42015. AssertIntEQ(ret, BAD_FUNC_ARG);
  42016. res = TEST_RES_CHECK(1);
  42017. #endif /* HAVE_ECC */
  42018. return res;
  42019. }
  42020. static int test_wc_ecc_get_curve_id_from_name(void)
  42021. {
  42022. int res = TEST_SKIPPED;
  42023. #ifdef HAVE_ECC
  42024. int id;
  42025. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  42026. id = wc_ecc_get_curve_id_from_name("SECP256R1");
  42027. AssertIntEQ(id, ECC_SECP256R1);
  42028. #endif
  42029. /* invalid case */
  42030. id = wc_ecc_get_curve_id_from_name("BADCURVE");
  42031. AssertIntEQ(id, -1);
  42032. /* NULL input */
  42033. id = wc_ecc_get_curve_id_from_name(NULL);
  42034. AssertIntEQ(id, BAD_FUNC_ARG);
  42035. res = TEST_RES_CHECK(1);
  42036. #endif /* HAVE_ECC */
  42037. return res;
  42038. }
  42039. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
  42040. !defined(HAVE_SELFTEST) && \
  42041. !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
  42042. static int test_wc_ecc_get_curve_id_from_dp_params(void)
  42043. {
  42044. int id;
  42045. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  42046. int curve_id;
  42047. ecc_key* key;
  42048. const ecc_set_type* params;
  42049. int ret;
  42050. #endif
  42051. WOLFSSL_EC_KEY *ecKey = NULL;
  42052. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  42053. id = wc_ecc_get_curve_id_from_name("SECP256R1");
  42054. AssertIntEQ(id, ECC_SECP256R1);
  42055. ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  42056. AssertNotNull(ecKey);
  42057. ret = EC_KEY_generate_key(ecKey);
  42058. if (ret == 0) {
  42059. /* normal test */
  42060. key = (ecc_key*)ecKey->internal;
  42061. params = key->dp;
  42062. curve_id = wc_ecc_get_curve_id_from_dp_params(params);
  42063. AssertIntEQ(curve_id, id);
  42064. }
  42065. #endif
  42066. /* invalid case, NULL input*/
  42067. id = wc_ecc_get_curve_id_from_dp_params(NULL);
  42068. AssertIntEQ(id, BAD_FUNC_ARG);
  42069. wolfSSL_EC_KEY_free(ecKey);
  42070. return TEST_RES_CHECK(1);
  42071. }
  42072. #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
  42073. static int test_wc_ecc_get_curve_id_from_params(void)
  42074. {
  42075. int res = TEST_SKIPPED;
  42076. #ifdef HAVE_ECC
  42077. int id;
  42078. const byte prime[] =
  42079. {
  42080. 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
  42081. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  42082. 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
  42083. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
  42084. };
  42085. const byte primeInvalid[] =
  42086. {
  42087. 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
  42088. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  42089. 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
  42090. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01
  42091. };
  42092. const byte Af[] =
  42093. {
  42094. 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
  42095. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  42096. 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
  42097. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC
  42098. };
  42099. const byte Bf[] =
  42100. {
  42101. 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,
  42102. 0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC,
  42103. 0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,
  42104. 0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B
  42105. };
  42106. const byte order[] =
  42107. {
  42108. 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
  42109. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
  42110. 0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,
  42111. 0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51
  42112. };
  42113. const byte Gx[] =
  42114. {
  42115. 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,
  42116. 0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2,
  42117. 0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,
  42118. 0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96
  42119. };
  42120. const byte Gy[] =
  42121. {
  42122. 0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,
  42123. 0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16,
  42124. 0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,
  42125. 0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5
  42126. };
  42127. int cofactor = 1;
  42128. int fieldSize = 256;
  42129. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  42130. id = wc_ecc_get_curve_id_from_params(fieldSize, prime, sizeof(prime),
  42131. Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
  42132. Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
  42133. AssertIntEQ(id, ECC_SECP256R1);
  42134. #endif
  42135. /* invalid case, fieldSize = 0 */
  42136. id = wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime),
  42137. Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
  42138. Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
  42139. AssertIntEQ(id, ECC_CURVE_INVALID);
  42140. /* invalid case, NULL prime */
  42141. id = wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime),
  42142. Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
  42143. Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
  42144. AssertIntEQ(id, BAD_FUNC_ARG);
  42145. /* invalid case, invalid prime */
  42146. id = wc_ecc_get_curve_id_from_params(fieldSize,
  42147. primeInvalid, sizeof(primeInvalid),
  42148. Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
  42149. Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
  42150. AssertIntEQ(id, ECC_CURVE_INVALID);
  42151. res = TEST_RES_CHECK(1);
  42152. #endif
  42153. return res;
  42154. }
  42155. static int test_wolfSSL_EVP_PKEY_encrypt(void)
  42156. {
  42157. int res = TEST_SKIPPED;
  42158. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
  42159. !defined(HAVE_FAST_RSA)
  42160. WOLFSSL_RSA* rsa = NULL;
  42161. WOLFSSL_EVP_PKEY* pkey = NULL;
  42162. WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
  42163. const char* in = "What is easy to do is easy not to do.";
  42164. size_t inlen = XSTRLEN(in);
  42165. size_t outEncLen = 0;
  42166. byte* outEnc = NULL;
  42167. byte* outDec = NULL;
  42168. size_t outDecLen = 0;
  42169. size_t rsaKeySz = 2048/8; /* Bytes */
  42170. #if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING)
  42171. byte* inTmp = NULL;
  42172. byte* outEncTmp = NULL;
  42173. byte* outDecTmp = NULL;
  42174. #endif
  42175. AssertNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  42176. XMEMSET(outEnc, 0, rsaKeySz);
  42177. AssertNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  42178. XMEMSET(outDec, 0, rsaKeySz);
  42179. AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  42180. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  42181. AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
  42182. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  42183. AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
  42184. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
  42185. WOLFSSL_SUCCESS);
  42186. /* Test pkey references count is decremented. pkey shouldn't be destroyed
  42187. since ctx uses it.*/
  42188. AssertIntEQ(pkey->references, 2);
  42189. EVP_PKEY_free(pkey);
  42190. AssertIntEQ(pkey->references, 1);
  42191. /* Encrypt data */
  42192. /* Check that we can get the required output buffer length by passing in a
  42193. * NULL output buffer. */
  42194. AssertIntEQ(EVP_PKEY_encrypt(ctx, NULL, &outEncLen,
  42195. (const unsigned char*)in, inlen), WOLFSSL_SUCCESS);
  42196. AssertIntEQ(rsaKeySz, outEncLen);
  42197. /* Now do the actual encryption. */
  42198. AssertIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen,
  42199. (const unsigned char*)in, inlen), WOLFSSL_SUCCESS);
  42200. /* Decrypt data */
  42201. AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
  42202. /* Check that we can get the required output buffer length by passing in a
  42203. * NULL output buffer. */
  42204. AssertIntEQ(EVP_PKEY_decrypt(ctx, NULL, &outDecLen, outEnc, outEncLen),
  42205. WOLFSSL_SUCCESS);
  42206. AssertIntEQ(rsaKeySz, outDecLen);
  42207. /* Now do the actual decryption. */
  42208. AssertIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen),
  42209. WOLFSSL_SUCCESS);
  42210. AssertIntEQ(XMEMCMP(in, outDec, outDecLen), 0);
  42211. #if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING)
  42212. /* The input length must be the same size as the RSA key.*/
  42213. AssertNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  42214. XMEMSET(inTmp, 9, rsaKeySz);
  42215. AssertNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  42216. XMEMSET(outEncTmp, 0, rsaKeySz);
  42217. AssertNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  42218. XMEMSET(outDecTmp, 0, rsaKeySz);
  42219. AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
  42220. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING),
  42221. WOLFSSL_SUCCESS);
  42222. AssertIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz),
  42223. WOLFSSL_SUCCESS);
  42224. AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
  42225. AssertIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp, outEncLen),
  42226. WOLFSSL_SUCCESS);
  42227. AssertIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0);
  42228. #endif
  42229. EVP_PKEY_CTX_free(ctx);
  42230. XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42231. XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42232. #if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING)
  42233. XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42234. XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42235. XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42236. #endif
  42237. res = TEST_RES_CHECK(1);
  42238. #endif
  42239. return res;
  42240. }
  42241. static int test_wolfSSL_EVP_PKEY_sign_verify(void)
  42242. {
  42243. int res = TEST_SKIPPED;
  42244. #if defined(OPENSSL_EXTRA)
  42245. #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
  42246. WOLFSSL_DSA* dsa = NULL;
  42247. #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
  42248. WOLFSSL_EVP_PKEY* pkey = NULL;
  42249. WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
  42250. WOLFSSL_EVP_PKEY_CTX* ctx_verify = NULL;
  42251. const char* in = "What is easy to do is easy not to do.";
  42252. size_t inlen = XSTRLEN(in);
  42253. byte hash[SHA256_DIGEST_LENGTH] = {0};
  42254. byte zero[SHA256_DIGEST_LENGTH] = {0};
  42255. SHA256_CTX c;
  42256. byte* sig = NULL;
  42257. byte* sigVerify = NULL;
  42258. size_t siglen;
  42259. size_t siglenOnlyLen;
  42260. size_t keySz = 2048/8; /* Bytes */
  42261. int i;
  42262. int encs[3] = {0};
  42263. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
  42264. !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
  42265. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  42266. encs[0] = EVP_PKEY_RSA;
  42267. #endif
  42268. #endif
  42269. #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
  42270. encs[1] = EVP_PKEY_DSA;
  42271. #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
  42272. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
  42273. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  42274. encs[2] = EVP_PKEY_EC;
  42275. #endif
  42276. #endif
  42277. AssertNotNull(sig =
  42278. (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  42279. AssertNotNull(sigVerify =
  42280. (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  42281. for (i = 0; i < 3; i++) {
  42282. if (encs[i] == 0)
  42283. continue;
  42284. siglen = keySz;
  42285. XMEMSET(sig, 0, keySz);
  42286. XMEMSET(sigVerify, 0, keySz);
  42287. /* Generate hash */
  42288. SHA256_Init(&c);
  42289. SHA256_Update(&c, in, inlen);
  42290. SHA256_Final(hash, &c);
  42291. #ifdef WOLFSSL_SMALL_STACK_CACHE
  42292. /* workaround for small stack cache case */
  42293. wc_Sha256Free((wc_Sha256*)&c);
  42294. #endif
  42295. /* Generate key */
  42296. AssertNotNull(pkey = EVP_PKEY_new());
  42297. switch (encs[i]) {
  42298. case EVP_PKEY_RSA:
  42299. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
  42300. !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
  42301. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  42302. {
  42303. WOLFSSL_RSA* rsa = NULL;
  42304. AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  42305. AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
  42306. }
  42307. #endif
  42308. #endif
  42309. break;
  42310. case EVP_PKEY_DSA:
  42311. #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
  42312. AssertNotNull(dsa = DSA_new());
  42313. AssertIntEQ(DSA_generate_parameters_ex(dsa, 2048,
  42314. NULL, 0, NULL, NULL, NULL), 1);
  42315. AssertIntEQ(DSA_generate_key(dsa), 1);
  42316. AssertIntEQ(EVP_PKEY_set1_DSA(pkey, dsa), WOLFSSL_SUCCESS);
  42317. #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
  42318. break;
  42319. case EVP_PKEY_EC:
  42320. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
  42321. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  42322. {
  42323. WOLFSSL_EC_KEY* ecKey = NULL;
  42324. AssertNotNull(ecKey = EC_KEY_new());
  42325. AssertIntEQ(EC_KEY_generate_key(ecKey), 1);
  42326. AssertIntEQ(
  42327. EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
  42328. }
  42329. #endif
  42330. #endif
  42331. break;
  42332. }
  42333. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  42334. AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
  42335. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
  42336. !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
  42337. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  42338. if (encs[i] == EVP_PKEY_RSA)
  42339. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
  42340. WOLFSSL_SUCCESS);
  42341. #endif
  42342. #endif
  42343. /* Check returning only length */
  42344. AssertIntEQ(EVP_PKEY_sign(ctx, NULL, &siglenOnlyLen, hash,
  42345. SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS);
  42346. AssertIntGT(siglenOnlyLen, 0);
  42347. /* Sign data */
  42348. AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash,
  42349. SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS);
  42350. AssertIntGE(siglenOnlyLen, siglen);
  42351. /* Verify signature */
  42352. AssertNotNull(ctx_verify = EVP_PKEY_CTX_new(pkey, NULL));
  42353. AssertIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS);
  42354. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
  42355. !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
  42356. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  42357. if (encs[i] == EVP_PKEY_RSA)
  42358. AssertIntEQ(
  42359. EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING),
  42360. WOLFSSL_SUCCESS);
  42361. #endif
  42362. #endif
  42363. AssertIntEQ(EVP_PKEY_verify(
  42364. ctx_verify, sig, siglen, hash, SHA256_DIGEST_LENGTH),
  42365. WOLFSSL_SUCCESS);
  42366. AssertIntEQ(EVP_PKEY_verify(
  42367. ctx_verify, sig, siglen, zero, SHA256_DIGEST_LENGTH),
  42368. WOLFSSL_FAILURE);
  42369. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
  42370. !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
  42371. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  42372. if (encs[i] == EVP_PKEY_RSA) {
  42373. #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT)
  42374. /* Try RSA sign/verify with no padding. */
  42375. AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
  42376. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING),
  42377. WOLFSSL_SUCCESS);
  42378. AssertIntEQ(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig,
  42379. siglen), WOLFSSL_SUCCESS);
  42380. AssertIntGE(siglenOnlyLen, siglen);
  42381. AssertIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS);
  42382. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify,
  42383. RSA_NO_PADDING), WOLFSSL_SUCCESS);
  42384. AssertIntEQ(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig,
  42385. siglen), WOLFSSL_SUCCESS);
  42386. #endif
  42387. /* Wrong padding schemes. */
  42388. AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
  42389. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx,
  42390. RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS);
  42391. AssertIntNE(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig,
  42392. siglen), WOLFSSL_SUCCESS);
  42393. AssertIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS);
  42394. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify,
  42395. RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS);
  42396. AssertIntNE(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig,
  42397. siglen), WOLFSSL_SUCCESS);
  42398. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
  42399. WOLFSSL_SUCCESS);
  42400. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify,
  42401. RSA_PKCS1_PADDING), WOLFSSL_SUCCESS);
  42402. }
  42403. #endif
  42404. #endif
  42405. /* error cases */
  42406. siglen = keySz; /* Reset because sig size may vary slightly */
  42407. AssertIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS);
  42408. AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
  42409. AssertIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen),
  42410. WOLFSSL_SUCCESS);
  42411. AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen),
  42412. WOLFSSL_SUCCESS);
  42413. EVP_PKEY_free(pkey);
  42414. #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
  42415. DSA_free(dsa);
  42416. dsa = NULL;
  42417. #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
  42418. EVP_PKEY_CTX_free(ctx_verify);
  42419. EVP_PKEY_CTX_free(ctx);
  42420. }
  42421. XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42422. XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42423. res = TEST_RES_CHECK(1);
  42424. #endif /* OPENSSL_EXTRA */
  42425. return res;
  42426. }
  42427. static int test_EVP_PKEY_rsa(void)
  42428. {
  42429. int res = TEST_SKIPPED;
  42430. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  42431. WOLFSSL_RSA* rsa;
  42432. WOLFSSL_EVP_PKEY* pkey;
  42433. AssertNotNull(rsa = wolfSSL_RSA_new());
  42434. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  42435. AssertIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
  42436. AssertIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
  42437. AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
  42438. AssertPtrEq(EVP_PKEY_get0_RSA(pkey), rsa);
  42439. wolfSSL_EVP_PKEY_free(pkey);
  42440. res = TEST_RES_CHECK(1);
  42441. #endif
  42442. return res;
  42443. }
  42444. static int test_EVP_PKEY_ec(void)
  42445. {
  42446. int res = TEST_SKIPPED;
  42447. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
  42448. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  42449. WOLFSSL_EC_KEY* ecKey;
  42450. WOLFSSL_EVP_PKEY* pkey;
  42451. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  42452. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  42453. AssertIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
  42454. AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
  42455. /* Should fail since ecKey is empty */
  42456. AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
  42457. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  42458. AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
  42459. wolfSSL_EVP_PKEY_free(pkey);
  42460. res = TEST_RES_CHECK(1);
  42461. #endif
  42462. #endif
  42463. return res;
  42464. }
  42465. static int test_EVP_PKEY_cmp(void)
  42466. {
  42467. int res = TEST_SKIPPED;
  42468. #if defined(OPENSSL_EXTRA)
  42469. EVP_PKEY *a, *b;
  42470. const unsigned char *in;
  42471. #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
  42472. in = client_key_der_2048;
  42473. AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  42474. &in, (long)sizeof_client_key_der_2048));
  42475. in = client_key_der_2048;
  42476. AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  42477. &in, (long)sizeof_client_key_der_2048));
  42478. /* Test success case RSA */
  42479. #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
  42480. AssertIntEQ(EVP_PKEY_cmp(a, b), 1);
  42481. #else
  42482. AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
  42483. #endif /* WOLFSSL_ERROR_CODE_OPENSSL */
  42484. EVP_PKEY_free(b);
  42485. EVP_PKEY_free(a);
  42486. #endif
  42487. #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  42488. in = ecc_clikey_der_256;
  42489. AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
  42490. &in, (long)sizeof_ecc_clikey_der_256));
  42491. in = ecc_clikey_der_256;
  42492. AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
  42493. &in, (long)sizeof_ecc_clikey_der_256));
  42494. /* Test success case ECC */
  42495. #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
  42496. AssertIntEQ(EVP_PKEY_cmp(a, b), 1);
  42497. #else
  42498. AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
  42499. #endif /* WOLFSSL_ERROR_CODE_OPENSSL */
  42500. EVP_PKEY_free(b);
  42501. EVP_PKEY_free(a);
  42502. #endif
  42503. /* Test failure cases */
  42504. #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \
  42505. defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  42506. in = client_key_der_2048;
  42507. AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  42508. &in, (long)sizeof_client_key_der_2048));
  42509. in = ecc_clikey_der_256;
  42510. AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
  42511. &in, (long)sizeof_ecc_clikey_der_256));
  42512. #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
  42513. AssertIntEQ(EVP_PKEY_cmp(a, b), -1);
  42514. #else
  42515. AssertIntNE(EVP_PKEY_cmp(a, b), 0);
  42516. #endif /* WOLFSSL_ERROR_CODE_OPENSSL */
  42517. EVP_PKEY_free(b);
  42518. EVP_PKEY_free(a);
  42519. #endif
  42520. /* invalid or empty failure cases */
  42521. a = EVP_PKEY_new();
  42522. b = EVP_PKEY_new();
  42523. #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
  42524. AssertIntEQ(EVP_PKEY_cmp(NULL, NULL), 0);
  42525. AssertIntEQ(EVP_PKEY_cmp(a, NULL), 0);
  42526. AssertIntEQ(EVP_PKEY_cmp(NULL, b), 0);
  42527. #ifdef NO_RSA
  42528. /* Type check will fail since RSA is the default EVP key type */
  42529. AssertIntEQ(EVP_PKEY_cmp(a, b), -2);
  42530. #else
  42531. AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
  42532. #endif
  42533. #else
  42534. AssertIntNE(EVP_PKEY_cmp(NULL, NULL), 0);
  42535. AssertIntNE(EVP_PKEY_cmp(a, NULL), 0);
  42536. AssertIntNE(EVP_PKEY_cmp(NULL, b), 0);
  42537. AssertIntNE(EVP_PKEY_cmp(a, b), 0);
  42538. #endif
  42539. EVP_PKEY_free(b);
  42540. EVP_PKEY_free(a);
  42541. (void)in;
  42542. res = TEST_RES_CHECK(1);
  42543. #endif
  42544. return res;
  42545. }
  42546. static int test_ERR_load_crypto_strings(void)
  42547. {
  42548. int res = TEST_SKIPPED;
  42549. #if defined(OPENSSL_ALL)
  42550. ERR_load_crypto_strings();
  42551. res = TEST_RES_CHECK(1);
  42552. #endif
  42553. return res;
  42554. }
  42555. #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
  42556. static void free_x509(X509* x)
  42557. {
  42558. AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1);
  42559. }
  42560. #endif
  42561. static int test_sk_X509(void)
  42562. {
  42563. int res = TEST_SKIPPED;
  42564. #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
  42565. {
  42566. STACK_OF(X509)* s;
  42567. AssertNotNull(s = sk_X509_new_null());
  42568. AssertIntEQ(sk_X509_num(s), 0);
  42569. sk_X509_pop_free(s, NULL);
  42570. AssertNotNull(s = sk_X509_new_null());
  42571. AssertIntEQ(sk_X509_num(s), 0);
  42572. sk_X509_pop_free(s, NULL);
  42573. AssertNotNull(s = sk_X509_new_null());
  42574. sk_X509_push(s, (X509*)1);
  42575. AssertIntEQ(sk_X509_num(s), 1);
  42576. AssertIntEQ((sk_X509_value(s, 0) == (X509*)1), 1);
  42577. sk_X509_push(s, (X509*)2);
  42578. AssertIntEQ(sk_X509_num(s), 2);
  42579. AssertIntEQ((sk_X509_value(s, 0) == (X509*)2), 1);
  42580. AssertIntEQ((sk_X509_value(s, 1) == (X509*)1), 1);
  42581. sk_X509_push(s, (X509*)2);
  42582. sk_X509_pop_free(s, free_x509);
  42583. }
  42584. {
  42585. /* Push a list of 10 X509s onto stack, then verify that
  42586. * value(), push(), shift(), and pop() behave as expected. */
  42587. STACK_OF(X509)* s;
  42588. X509* xList[10];
  42589. int i = 0;
  42590. const int len = (sizeof(xList) / sizeof(xList[0]));
  42591. for (i = 0; i < len; ++i)
  42592. AssertNotNull(xList[i] = X509_new());
  42593. /* test push, pop, and free */
  42594. AssertNotNull(s = sk_X509_new_null());
  42595. for (i = 0; i < len; ++i) {
  42596. sk_X509_push(s, xList[i]);
  42597. AssertIntEQ(sk_X509_num(s), i + 1);
  42598. AssertIntEQ((sk_X509_value(s, 0) == xList[i]), 1);
  42599. AssertIntEQ((sk_X509_value(s, i) == xList[0]), 1);
  42600. }
  42601. /* pop returns and removes last pushed on stack, which is index 0
  42602. * in sk_x509_value */
  42603. for (i = 0; i < len; ++i) {
  42604. X509 * x = sk_X509_value(s, 0);
  42605. X509 * y = sk_X509_pop(s);
  42606. X509 * z = xList[len - 1 - i];
  42607. AssertIntEQ((x == y), 1);
  42608. AssertIntEQ((x == z), 1);
  42609. AssertIntEQ(sk_X509_num(s), len - 1 - i);
  42610. }
  42611. sk_free(s);
  42612. /* test push, shift, and free */
  42613. AssertNotNull(s = sk_X509_new_null());
  42614. for (i = 0; i < len; ++i) {
  42615. sk_X509_push(s, xList[i]);
  42616. AssertIntEQ(sk_X509_num(s), i + 1);
  42617. AssertIntEQ((sk_X509_value(s, 0) == xList[i]), 1);
  42618. AssertIntEQ((sk_X509_value(s, i) == xList[0]), 1);
  42619. }
  42620. /* shift returns and removes first pushed on stack, which is index i
  42621. * in sk_x509_value() */
  42622. for (i = 0; i < len; ++i) {
  42623. X509 * x = sk_X509_value(s, len - 1 - i);
  42624. X509 * y = sk_X509_shift(s);
  42625. X509 * z = xList[i];
  42626. AssertIntEQ((x == y), 1);
  42627. AssertIntEQ((x == z), 1);
  42628. AssertIntEQ(sk_X509_num(s), len - 1 - i);
  42629. }
  42630. sk_free(s);
  42631. for (i = 0; i < len; ++i)
  42632. X509_free(xList[i]);
  42633. }
  42634. res = TEST_RES_CHECK(1);
  42635. #endif
  42636. return res;
  42637. }
  42638. static int test_sk_X509_CRL(void)
  42639. {
  42640. int res = TEST_SKIPPED;
  42641. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(HAVE_CRL)
  42642. X509_CRL* crl;
  42643. XFILE fp;
  42644. STACK_OF(X509_CRL)* s;
  42645. fp = XFOPEN("./certs/crl/crl.pem", "rb");
  42646. AssertTrue((fp != XBADFILE));
  42647. AssertNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
  42648. XFCLOSE(fp);
  42649. AssertNotNull(s = sk_X509_CRL_new());
  42650. AssertIntEQ(sk_X509_CRL_num(s), 0);
  42651. AssertIntEQ(sk_X509_CRL_push(s, crl), 1);
  42652. AssertIntEQ(sk_X509_CRL_num(s), 1);
  42653. AssertPtrEq(sk_X509_CRL_value(s, 0), crl);
  42654. sk_X509_CRL_free(s);
  42655. res = TEST_RES_CHECK(1);
  42656. #endif
  42657. return res;
  42658. }
  42659. static int test_X509_get_signature_nid(void)
  42660. {
  42661. int res = TEST_SKIPPED;
  42662. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  42663. X509* x509;
  42664. AssertIntEQ(X509_get_signature_nid(NULL), 0);
  42665. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
  42666. SSL_FILETYPE_PEM));
  42667. AssertIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption);
  42668. X509_free(x509);
  42669. res = TEST_RES_CHECK(1);
  42670. #endif
  42671. return res;
  42672. }
  42673. static int test_X509_REQ(void)
  42674. {
  42675. int res = TEST_SKIPPED;
  42676. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  42677. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
  42678. X509_NAME* name;
  42679. #ifndef NO_RSA
  42680. X509_NAME* subject;
  42681. #endif
  42682. #if !defined(NO_RSA) || defined(HAVE_ECC)
  42683. X509_REQ* req;
  42684. EVP_PKEY* priv;
  42685. EVP_PKEY* pub;
  42686. unsigned char* der = NULL;
  42687. int len;
  42688. #endif
  42689. #ifndef NO_RSA
  42690. EVP_MD_CTX *mctx = NULL;
  42691. EVP_PKEY_CTX *pkctx = NULL;
  42692. #ifdef USE_CERT_BUFFERS_1024
  42693. const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024;
  42694. const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024;
  42695. #elif defined(USE_CERT_BUFFERS_2048)
  42696. const unsigned char* rsaPriv = (const unsigned char*)client_key_der_2048;
  42697. const unsigned char* rsaPub = (unsigned char*)client_keypub_der_2048;
  42698. #endif
  42699. #endif
  42700. #ifdef HAVE_ECC
  42701. const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
  42702. const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
  42703. #endif
  42704. AssertNotNull(name = X509_NAME_new());
  42705. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  42706. (byte*)"wolfssl.com", 11, 0, 1),
  42707. WOLFSSL_SUCCESS);
  42708. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
  42709. (byte*)"support@wolfssl.com", 19, -1,
  42710. 1), WOLFSSL_SUCCESS);
  42711. #ifndef NO_RSA
  42712. AssertNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
  42713. (long)sizeof_client_key_der_2048));
  42714. AssertNotNull(pub = d2i_PUBKEY(NULL, &rsaPub,
  42715. (long)sizeof_client_keypub_der_2048));
  42716. AssertNotNull(req = X509_REQ_new());
  42717. AssertIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE);
  42718. AssertIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE);
  42719. AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
  42720. AssertIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE);
  42721. AssertIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE);
  42722. AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
  42723. AssertIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE);
  42724. AssertIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE);
  42725. AssertIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE);
  42726. AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
  42727. len = i2d_X509_REQ(req, &der);
  42728. DEBUG_WRITE_DER(der, len, "req.der");
  42729. #ifdef USE_CERT_BUFFERS_1024
  42730. AssertIntEQ(len, 381);
  42731. #else
  42732. AssertIntEQ(len, 643);
  42733. #endif
  42734. XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
  42735. der = NULL;
  42736. mctx = EVP_MD_CTX_new();
  42737. AssertIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv), WOLFSSL_SUCCESS);
  42738. AssertIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS);
  42739. EVP_MD_CTX_free(mctx);
  42740. X509_REQ_free(NULL);
  42741. X509_REQ_free(req);
  42742. /* Test getting the subject from a newly created X509_REQ */
  42743. AssertNotNull(req = X509_REQ_new());
  42744. AssertNotNull(subject = X509_REQ_get_subject_name(req));
  42745. AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_commonName,
  42746. MBSTRING_UTF8, (unsigned char*)"www.wolfssl.com", -1, -1, 0), 1);
  42747. AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_countryName,
  42748. MBSTRING_UTF8, (unsigned char*)"US", -1, -1, 0), 1);
  42749. AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_localityName,
  42750. MBSTRING_UTF8, (unsigned char*)"Bozeman", -1, -1, 0), 1);
  42751. AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_stateOrProvinceName,
  42752. MBSTRING_UTF8, (unsigned char*)"Montana", -1, -1, 0), 1);
  42753. AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_organizationName,
  42754. MBSTRING_UTF8, (unsigned char*)"wolfSSL", -1, -1, 0), 1);
  42755. AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_organizationalUnitName,
  42756. MBSTRING_UTF8, (unsigned char*)"Testing", -1, -1, 0), 1);
  42757. AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
  42758. AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
  42759. len = i2d_X509_REQ(req, &der);
  42760. DEBUG_WRITE_DER(der, len, "req2.der");
  42761. #ifdef USE_CERT_BUFFERS_1024
  42762. AssertIntEQ(len, 435);
  42763. #else
  42764. AssertIntEQ(len, 696);
  42765. #endif
  42766. XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
  42767. der = NULL;
  42768. EVP_PKEY_free(pub);
  42769. EVP_PKEY_free(priv);
  42770. X509_REQ_free(req);
  42771. #endif
  42772. #ifdef HAVE_ECC
  42773. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &ecPriv,
  42774. sizeof_ecc_clikey_der_256));
  42775. AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &ecPub,
  42776. sizeof_ecc_clikeypub_der_256));
  42777. AssertNotNull(req = X509_REQ_new());
  42778. AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
  42779. AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
  42780. AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
  42781. /* Signature is random and may be shorter or longer. */
  42782. AssertIntGE((len = i2d_X509_REQ(req, &der)), 245);
  42783. AssertIntLE(len, 253);
  42784. XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
  42785. X509_REQ_free(req);
  42786. EVP_PKEY_free(pub);
  42787. EVP_PKEY_free(priv);
  42788. #ifdef FP_ECC
  42789. wc_ecc_fp_free();
  42790. #endif
  42791. #endif /* HAVE_ECC */
  42792. X509_NAME_free(name);
  42793. res = TEST_RES_CHECK(1);
  42794. #endif
  42795. return res;
  42796. }
  42797. static int test_wolfssl_PKCS7(void)
  42798. {
  42799. int res = TEST_SKIPPED;
  42800. #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO)
  42801. PKCS7* pkcs7;
  42802. byte data[FOURK_BUF];
  42803. word32 len = sizeof(data);
  42804. const byte* p = data;
  42805. byte content[] = "Test data to encode.";
  42806. #if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
  42807. BIO* bio;
  42808. byte key[sizeof(client_key_der_2048)];
  42809. word32 keySz = (word32)sizeof(key);
  42810. byte* out = NULL;
  42811. #endif
  42812. AssertIntGT((len = CreatePKCS7SignedData(data, len, content,
  42813. (word32)sizeof(content),
  42814. 0, 0, 0, RSA_TYPE)), 0);
  42815. AssertNull(pkcs7 = d2i_PKCS7(NULL, NULL, len));
  42816. AssertNull(pkcs7 = d2i_PKCS7(NULL, &p, 0));
  42817. AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
  42818. AssertIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL,
  42819. PKCS7_NOVERIFY), WOLFSSL_FAILURE);
  42820. PKCS7_free(pkcs7);
  42821. /* fail case, without PKCS7_NOVERIFY */
  42822. p = data;
  42823. AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
  42824. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
  42825. 0), WOLFSSL_FAILURE);
  42826. PKCS7_free(pkcs7);
  42827. /* success case, with PKCS7_NOVERIFY */
  42828. p = data;
  42829. AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
  42830. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
  42831. PKCS7_NOVERIFY), WOLFSSL_SUCCESS);
  42832. #if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
  42833. /* test i2d */
  42834. XMEMCPY(key, client_key_der_2048, keySz);
  42835. pkcs7->privateKey = key;
  42836. pkcs7->privateKeySz = (word32)sizeof(key);
  42837. pkcs7->encryptOID = RSAk;
  42838. #ifdef NO_SHA
  42839. pkcs7->hashOID = SHA256h;
  42840. #else
  42841. pkcs7->hashOID = SHAh;
  42842. #endif
  42843. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  42844. AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
  42845. AssertIntEQ(i2d_PKCS7(pkcs7, &out), 655);
  42846. XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  42847. BIO_free(bio);
  42848. #endif
  42849. PKCS7_free(NULL);
  42850. PKCS7_free(pkcs7);
  42851. res = TEST_RES_CHECK(1);
  42852. #endif
  42853. return res;
  42854. }
  42855. static int test_wolfSSL_PKCS7_sign(void)
  42856. {
  42857. int res = TEST_SKIPPED;
  42858. #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \
  42859. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  42860. PKCS7* p7 = NULL;
  42861. PKCS7* p7Ver = NULL;
  42862. byte* out = NULL;
  42863. byte* tmpPtr = NULL;
  42864. int outLen = 0;
  42865. int flags = 0;
  42866. byte data[] = "Test data to encode.";
  42867. const char* cert = "./certs/server-cert.pem";
  42868. const char* key = "./certs/server-key.pem";
  42869. const char* ca = "./certs/ca-cert.pem";
  42870. WOLFSSL_BIO* certBio = NULL;
  42871. WOLFSSL_BIO* keyBio = NULL;
  42872. WOLFSSL_BIO* caBio = NULL;
  42873. WOLFSSL_BIO* inBio = NULL;
  42874. X509* signCert = NULL;
  42875. EVP_PKEY* signKey = NULL;
  42876. X509* caCert = NULL;
  42877. X509_STORE* store = NULL;
  42878. /* read signer cert/key into BIO */
  42879. AssertNotNull(certBio = BIO_new_file(cert, "r"));
  42880. AssertNotNull(keyBio = BIO_new_file(key, "r"));
  42881. AssertNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL));
  42882. AssertNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL));
  42883. /* read CA cert into store (for verify) */
  42884. AssertNotNull(caBio = BIO_new_file(ca, "r"));
  42885. AssertNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL));
  42886. AssertNotNull(store = X509_STORE_new());
  42887. AssertIntEQ(X509_STORE_add_cert(store, caCert), 1);
  42888. /* data to be signed into BIO */
  42889. AssertNotNull(inBio = BIO_new(BIO_s_mem()));
  42890. AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
  42891. /* PKCS7_sign, bad args: signer NULL */
  42892. AssertNull(p7 = PKCS7_sign(NULL, signKey, NULL, inBio, 0));
  42893. /* PKCS7_sign, bad args: signer key NULL */
  42894. AssertNull(p7 = PKCS7_sign(signCert, NULL, NULL, inBio, 0));
  42895. /* PKCS7_sign, bad args: in data NULL without PKCS7_STREAM */
  42896. AssertNull(p7 = PKCS7_sign(signCert, signKey, NULL, NULL, 0));
  42897. /* PKCS7_sign, bad args: PKCS7_NOCERTS flag not supported */
  42898. AssertNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_NOCERTS));
  42899. /* PKCS7_sign, bad args: PKCS7_PARTIAL flag not supported */
  42900. AssertNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_PARTIAL));
  42901. /* TEST SUCCESS: Not detached, not streaming, not MIME */
  42902. {
  42903. flags = PKCS7_BINARY;
  42904. AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
  42905. AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
  42906. /* verify with d2i_PKCS7 */
  42907. tmpPtr = out;
  42908. AssertNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
  42909. AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
  42910. PKCS7_free(p7Ver);
  42911. /* verify with wc_PKCS7_VerifySignedData */
  42912. AssertNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
  42913. AssertIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
  42914. AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
  42915. /* compare the signer found to expected signer */
  42916. AssertIntNE(p7Ver->verifyCertSz, 0);
  42917. tmpPtr = NULL;
  42918. AssertIntEQ(i2d_X509(signCert, &tmpPtr), p7Ver->verifyCertSz);
  42919. AssertIntEQ(XMEMCMP(tmpPtr, p7Ver->verifyCert, p7Ver->verifyCertSz), 0);
  42920. XFREE(tmpPtr, NULL, DYNAMIC_TYPE_OPENSSL);
  42921. tmpPtr = NULL;
  42922. wc_PKCS7_Free(p7Ver);
  42923. AssertNotNull(out);
  42924. XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  42925. out = NULL;
  42926. PKCS7_free(p7);
  42927. }
  42928. /* TEST SUCCESS: Not detached, streaming, not MIME. Also bad arg
  42929. * tests for PKCS7_final() while we have a PKCS7 pointer to use */
  42930. {
  42931. /* re-populate input BIO, may have been consumed */
  42932. BIO_free(inBio);
  42933. AssertNotNull(inBio = BIO_new(BIO_s_mem()));
  42934. AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
  42935. flags = PKCS7_BINARY | PKCS7_STREAM;
  42936. AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
  42937. AssertIntEQ(PKCS7_final(p7, inBio, flags), 1);
  42938. AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
  42939. /* PKCS7_final, bad args: PKCS7 null */
  42940. AssertIntEQ(PKCS7_final(NULL, inBio, 0), 0);
  42941. /* PKCS7_final, bad args: PKCS7 null */
  42942. AssertIntEQ(PKCS7_final(p7, NULL, 0), 0);
  42943. tmpPtr = out;
  42944. AssertNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
  42945. AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
  42946. PKCS7_free(p7Ver);
  42947. AssertNotNull(out);
  42948. XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  42949. out = NULL;
  42950. PKCS7_free(p7);
  42951. }
  42952. /* TEST SUCCESS: Detached, not streaming, not MIME */
  42953. {
  42954. /* re-populate input BIO, may have been consumed */
  42955. BIO_free(inBio);
  42956. AssertNotNull(inBio = BIO_new(BIO_s_mem()));
  42957. AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
  42958. flags = PKCS7_BINARY | PKCS7_DETACHED;
  42959. AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
  42960. AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
  42961. /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */
  42962. AssertNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
  42963. p7Ver->content = data;
  42964. p7Ver->contentSz = sizeof(data);
  42965. AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
  42966. wc_PKCS7_Free(p7Ver);
  42967. /* verify expected failure (NULL return) from d2i_PKCS7, it does not
  42968. * yet support detached content */
  42969. tmpPtr = out;
  42970. AssertNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
  42971. PKCS7_free(p7Ver);
  42972. AssertNotNull(out);
  42973. XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  42974. out = NULL;
  42975. PKCS7_free(p7);
  42976. }
  42977. /* TEST SUCCESS: Detached, streaming, not MIME */
  42978. {
  42979. /* re-populate input BIO, may have been consumed */
  42980. BIO_free(inBio);
  42981. AssertNotNull(inBio = BIO_new(BIO_s_mem()));
  42982. AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
  42983. flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM;
  42984. AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
  42985. AssertIntEQ(PKCS7_final(p7, inBio, flags), 1);
  42986. AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
  42987. /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */
  42988. AssertNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
  42989. p7Ver->content = data;
  42990. p7Ver->contentSz = sizeof(data);
  42991. AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
  42992. wc_PKCS7_Free(p7Ver);
  42993. AssertNotNull(out);
  42994. XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  42995. PKCS7_free(p7);
  42996. }
  42997. X509_STORE_free(store);
  42998. X509_free(caCert);
  42999. X509_free(signCert);
  43000. EVP_PKEY_free(signKey);
  43001. BIO_free(inBio);
  43002. BIO_free(keyBio);
  43003. BIO_free(certBio);
  43004. BIO_free(caBio);
  43005. res = TEST_RES_CHECK(1);
  43006. #endif
  43007. return res;
  43008. }
  43009. static int test_wolfSSL_PKCS7_SIGNED_new(void)
  43010. {
  43011. int res = TEST_SKIPPED;
  43012. #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
  43013. PKCS7_SIGNED* pkcs7;
  43014. pkcs7 = PKCS7_SIGNED_new();
  43015. AssertNotNull(pkcs7);
  43016. AssertIntEQ(pkcs7->contentOID, SIGNED_DATA);
  43017. PKCS7_SIGNED_free(pkcs7);
  43018. res = TEST_RES_CHECK(1);
  43019. #endif
  43020. return res;
  43021. }
  43022. #ifndef NO_BIO
  43023. static int test_wolfSSL_PEM_write_bio_PKCS7(void)
  43024. {
  43025. int res = TEST_SKIPPED;
  43026. #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
  43027. PKCS7* pkcs7 = NULL;
  43028. BIO* bio = NULL;
  43029. const byte* cert_buf = NULL;
  43030. int ret = 0;
  43031. WC_RNG rng;
  43032. const byte data[] = { /* Hello World */
  43033. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  43034. 0x72,0x6c,0x64
  43035. };
  43036. #ifndef NO_RSA
  43037. #if defined(USE_CERT_BUFFERS_2048)
  43038. byte key[sizeof(client_key_der_2048)];
  43039. byte cert[sizeof(client_cert_der_2048)];
  43040. word32 keySz = (word32)sizeof(key);
  43041. word32 certSz = (word32)sizeof(cert);
  43042. XMEMSET(key, 0, keySz);
  43043. XMEMSET(cert, 0, certSz);
  43044. XMEMCPY(key, client_key_der_2048, keySz);
  43045. XMEMCPY(cert, client_cert_der_2048, certSz);
  43046. #elif defined(USE_CERT_BUFFERS_1024)
  43047. byte key[sizeof_client_key_der_1024];
  43048. byte cert[sizeof(sizeof_client_cert_der_1024)];
  43049. word32 keySz = (word32)sizeof(key);
  43050. word32 certSz = (word32)sizeof(cert);
  43051. XMEMSET(key, 0, keySz);
  43052. XMEMSET(cert, 0, certSz);
  43053. XMEMCPY(key, client_key_der_1024, keySz);
  43054. XMEMCPY(cert, client_cert_der_1024, certSz);
  43055. #else
  43056. unsigned char cert[ONEK_BUF];
  43057. unsigned char key[ONEK_BUF];
  43058. XFILE fp;
  43059. int certSz;
  43060. int keySz;
  43061. fp = XFOPEN("./certs/1024/client-cert.der", "rb");
  43062. AssertTrue((fp != XBADFILE));
  43063. certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
  43064. XFCLOSE(fp);
  43065. fp = XFOPEN("./certs/1024/client-key.der", "rb");
  43066. AssertTrue(fp != XBADFILE);
  43067. keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
  43068. XFCLOSE(fp);
  43069. #endif
  43070. #elif defined(HAVE_ECC)
  43071. #if defined(USE_CERT_BUFFERS_256)
  43072. unsigned char cert[sizeof(cliecc_cert_der_256)];
  43073. unsigned char key[sizeof(ecc_clikey_der_256)];
  43074. int certSz = (int)sizeof(cert);
  43075. int keySz = (int)sizeof(key);
  43076. XMEMSET(cert, 0, certSz);
  43077. XMEMSET(key, 0, keySz);
  43078. XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  43079. XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
  43080. #else
  43081. unsigned char cert[ONEK_BUF];
  43082. unsigned char key[ONEK_BUF];
  43083. XFILE fp;
  43084. int certSz, keySz;
  43085. fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
  43086. AssertTrue(fp != XBADFILE);
  43087. certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
  43088. XFCLOSE(fp);
  43089. fp = XFOPEN("./certs/client-ecc-key.der", "rb");
  43090. AssertTrue(fp != XBADFILE);
  43091. keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
  43092. XFCLOSE(fp);
  43093. #endif
  43094. #else
  43095. #error PKCS7 requires ECC or RSA
  43096. #endif
  43097. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
  43098. /* initialize with DER encoded cert */
  43099. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
  43100. /* init rng */
  43101. AssertIntEQ(wc_InitRng(&rng), 0);
  43102. pkcs7->rng = &rng;
  43103. pkcs7->content = (byte*)data; /* not used for ex */
  43104. pkcs7->contentSz = (word32)sizeof(data);
  43105. pkcs7->contentOID = SIGNED_DATA;
  43106. pkcs7->privateKey = key;
  43107. pkcs7->privateKeySz = (word32)sizeof(key);
  43108. pkcs7->encryptOID = RSAk;
  43109. #ifdef NO_SHA
  43110. pkcs7->hashOID = SHA256h;
  43111. #else
  43112. pkcs7->hashOID = SHAh;
  43113. #endif
  43114. pkcs7->signedAttribs = NULL;
  43115. pkcs7->signedAttribsSz = 0;
  43116. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  43117. /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/
  43118. AssertIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS);
  43119. /* Read PKCS#7 PEM from BIO */
  43120. ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf);
  43121. AssertIntGE(ret, 0);
  43122. BIO_free(bio);
  43123. wc_PKCS7_Free(pkcs7);
  43124. wc_FreeRng(&rng);
  43125. res = TEST_RES_CHECK(1);
  43126. #endif
  43127. return res;
  43128. }
  43129. #ifdef HAVE_SMIME
  43130. static int test_wolfSSL_SMIME_read_PKCS7(void)
  43131. {
  43132. int res = TEST_SKIPPED;
  43133. #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
  43134. !defined(NO_RSA)
  43135. PKCS7* pkcs7 = NULL;
  43136. BIO* bio = NULL;
  43137. BIO* bcont = NULL;
  43138. BIO* out = NULL;
  43139. const byte* outBuf = NULL;
  43140. int outBufLen = 0;
  43141. static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
  43142. XFILE smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r");
  43143. /* smime-test.p7s */
  43144. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
  43145. AssertNotNull(bio);
  43146. AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  43147. pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  43148. AssertNotNull(pkcs7);
  43149. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
  43150. PKCS7_NOVERIFY), SSL_SUCCESS);
  43151. XFCLOSE(smimeTestFile);
  43152. if (bcont) BIO_free(bcont);
  43153. wolfSSL_PKCS7_free(pkcs7);
  43154. /* smime-test-multipart.p7s */
  43155. smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r");
  43156. AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  43157. pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  43158. AssertNotNull(pkcs7);
  43159. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
  43160. PKCS7_NOVERIFY), SSL_SUCCESS);
  43161. XFCLOSE(smimeTestFile);
  43162. if (bcont) BIO_free(bcont);
  43163. wolfSSL_PKCS7_free(pkcs7);
  43164. /* smime-test-multipart-badsig.p7s */
  43165. smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
  43166. AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  43167. pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  43168. AssertNull(pkcs7);
  43169. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
  43170. PKCS7_NOVERIFY), SSL_FAILURE);
  43171. XFCLOSE(smimeTestFile);
  43172. if (bcont) BIO_free(bcont);
  43173. wolfSSL_PKCS7_free(pkcs7);
  43174. /* smime-test-canon.p7s */
  43175. smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
  43176. AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  43177. pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  43178. AssertNotNull(pkcs7);
  43179. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
  43180. PKCS7_NOVERIFY), SSL_SUCCESS);
  43181. XFCLOSE(smimeTestFile);
  43182. if (bcont) BIO_free(bcont);
  43183. wolfSSL_PKCS7_free(pkcs7);
  43184. /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */
  43185. smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
  43186. AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  43187. pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  43188. AssertNotNull(pkcs7);
  43189. out = wolfSSL_BIO_new(BIO_s_mem());
  43190. AssertNotNull(out);
  43191. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, out,
  43192. PKCS7_NOVERIFY | PKCS7_TEXT), SSL_SUCCESS);
  43193. AssertIntGT((outBufLen = BIO_get_mem_data(out, &outBuf)), 0);
  43194. /* Content-Type should not show up at beginning of output buffer */
  43195. AssertIntGT(outBufLen, XSTRLEN(contTypeText));
  43196. AssertIntGT(XMEMCMP(outBuf, contTypeText, XSTRLEN(contTypeText)), 0);
  43197. BIO_free(out);
  43198. BIO_free(bio);
  43199. if (bcont) BIO_free(bcont);
  43200. wolfSSL_PKCS7_free(pkcs7);
  43201. res = TEST_RES_CHECK(1);
  43202. #endif
  43203. return res;
  43204. }
  43205. static int test_wolfSSL_SMIME_write_PKCS7(void)
  43206. {
  43207. int res = TEST_SKIPPED;
  43208. #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_RSA)
  43209. PKCS7* p7 = NULL;
  43210. PKCS7* p7Ver = NULL;
  43211. int flags = 0;
  43212. byte data[] = "Test data to encode.";
  43213. const char* cert = "./certs/server-cert.pem";
  43214. const char* key = "./certs/server-key.pem";
  43215. const char* ca = "./certs/ca-cert.pem";
  43216. WOLFSSL_BIO* certBio = NULL;
  43217. WOLFSSL_BIO* keyBio = NULL;
  43218. WOLFSSL_BIO* caBio = NULL;
  43219. WOLFSSL_BIO* inBio = NULL;
  43220. WOLFSSL_BIO* outBio = NULL;
  43221. WOLFSSL_BIO* content = NULL;
  43222. X509* signCert = NULL;
  43223. EVP_PKEY* signKey = NULL;
  43224. X509* caCert = NULL;
  43225. X509_STORE* store = NULL;
  43226. /* read signer cert/key into BIO */
  43227. AssertNotNull(certBio = BIO_new_file(cert, "r"));
  43228. AssertNotNull(keyBio = BIO_new_file(key, "r"));
  43229. AssertNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL));
  43230. AssertNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL));
  43231. /* read CA cert into store (for verify) */
  43232. AssertNotNull(caBio = BIO_new_file(ca, "r"));
  43233. AssertNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL));
  43234. AssertNotNull(store = X509_STORE_new());
  43235. AssertIntEQ(X509_STORE_add_cert(store, caCert), 1);
  43236. /* generate and verify SMIME: not detached */
  43237. {
  43238. AssertNotNull(inBio = BIO_new(BIO_s_mem()));
  43239. AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
  43240. flags = PKCS7_STREAM;
  43241. AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
  43242. AssertNotNull(outBio = BIO_new(BIO_s_mem()));
  43243. AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
  43244. /* bad arg: out NULL */
  43245. AssertIntEQ(SMIME_write_PKCS7(NULL, p7, inBio, flags), 0);
  43246. /* bad arg: pkcs7 NULL */
  43247. AssertIntEQ(SMIME_write_PKCS7(outBio, NULL, inBio, flags), 0);
  43248. AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
  43249. AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
  43250. BIO_free(content);
  43251. BIO_free(inBio);
  43252. BIO_free(outBio);
  43253. PKCS7_free(p7Ver);
  43254. PKCS7_free(p7);
  43255. }
  43256. /* generate and verify SMIME: not detached, add Content-Type */
  43257. {
  43258. AssertNotNull(inBio = BIO_new(BIO_s_mem()));
  43259. AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
  43260. flags = PKCS7_STREAM | PKCS7_TEXT;
  43261. AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
  43262. AssertNotNull(outBio = BIO_new(BIO_s_mem()));
  43263. AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
  43264. AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
  43265. AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
  43266. BIO_free(content);
  43267. BIO_free(inBio);
  43268. BIO_free(outBio);
  43269. PKCS7_free(p7Ver);
  43270. PKCS7_free(p7);
  43271. }
  43272. /* generate and verify SMIME: detached */
  43273. {
  43274. AssertNotNull(inBio = BIO_new(BIO_s_mem()));
  43275. AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
  43276. flags = PKCS7_DETACHED | PKCS7_STREAM;
  43277. AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
  43278. AssertNotNull(outBio = BIO_new(BIO_s_mem()));
  43279. AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
  43280. AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
  43281. AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1);
  43282. BIO_free(content);
  43283. BIO_free(inBio);
  43284. BIO_free(outBio);
  43285. PKCS7_free(p7Ver);
  43286. PKCS7_free(p7);
  43287. }
  43288. /* generate and verify SMIME: PKCS7_TEXT to add Content-Type header */
  43289. {
  43290. AssertNotNull(inBio = BIO_new(BIO_s_mem()));
  43291. AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
  43292. flags = PKCS7_STREAM | PKCS7_DETACHED | PKCS7_TEXT;
  43293. AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
  43294. AssertNotNull(outBio = BIO_new(BIO_s_mem()));
  43295. AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
  43296. AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
  43297. AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1);
  43298. BIO_free(content);
  43299. BIO_free(inBio);
  43300. BIO_free(outBio);
  43301. PKCS7_free(p7Ver);
  43302. PKCS7_free(p7);
  43303. }
  43304. X509_STORE_free(store);
  43305. X509_free(caCert);
  43306. X509_free(signCert);
  43307. EVP_PKEY_free(signKey);
  43308. BIO_free(keyBio);
  43309. BIO_free(certBio);
  43310. BIO_free(caBio);
  43311. res = TEST_RES_CHECK(1);
  43312. #endif
  43313. return res;
  43314. }
  43315. #endif /* HAVE_SMIME */
  43316. #endif /* !NO_BIO */
  43317. /* Test of X509 store use outside of SSL context w/ CRL lookup (ALWAYS
  43318. * returns 0) */
  43319. static int test_X509_STORE_No_SSL_CTX(void)
  43320. {
  43321. int res = TEST_SKIPPED;
  43322. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && \
  43323. !defined(NO_WOLFSSL_DIR) && defined(HAVE_CRL) && \
  43324. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
  43325. (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
  43326. X509_STORE * store;
  43327. X509_STORE_CTX * storeCtx;
  43328. X509_CRL * crl;
  43329. X509 * ca;
  43330. X509 * cert;
  43331. const char cliCrlPem[] = "./certs/crl/cliCrl.pem";
  43332. const char srvCert[] = "./certs/server-cert.pem";
  43333. const char caCert[] = "./certs/ca-cert.pem";
  43334. const char caDir[] = "./certs/crl/hash_pem";
  43335. XFILE fp;
  43336. X509_LOOKUP * lookup;
  43337. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  43338. /* Set up store with CA */
  43339. AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
  43340. SSL_FILETYPE_PEM)));
  43341. AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
  43342. /* Add CRL lookup directory to store
  43343. * NOTE: test uses ./certs/crl/hash_pem/0fdb2da4.r0, which is a copy
  43344. * of crl.pem */
  43345. AssertNotNull((lookup = X509_STORE_add_lookup(store,
  43346. X509_LOOKUP_hash_dir())));
  43347. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, caDir,
  43348. X509_FILETYPE_PEM, NULL), SSL_SUCCESS);
  43349. AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),
  43350. SSL_SUCCESS);
  43351. /* Add CRL to store NOT containing the verified certificate, which
  43352. * forces use of the CRL lookup directory */
  43353. fp = XFOPEN(cliCrlPem, "rb");
  43354. AssertTrue((fp != XBADFILE));
  43355. AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
  43356. NULL, NULL));
  43357. XFCLOSE(fp);
  43358. AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
  43359. /* Create verification context outside of an SSL session */
  43360. AssertNotNull((storeCtx = X509_STORE_CTX_new()));
  43361. AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
  43362. SSL_FILETYPE_PEM)));
  43363. AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
  43364. /* Perform verification, which should NOT indicate CRL missing due to the
  43365. * store CM's X509 store pointer being NULL */
  43366. AssertIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
  43367. X509_CRL_free(crl);
  43368. X509_STORE_free(store);
  43369. X509_STORE_CTX_free(storeCtx);
  43370. X509_free(cert);
  43371. X509_free(ca);
  43372. res = TEST_RES_CHECK(1);
  43373. #endif
  43374. return res;
  43375. }
  43376. /* Test of X509 store use outside of SSL context w/ CRL lookup, but
  43377. * with X509_LOOKUP_add_dir and X509_FILETYPE_ASN1. */
  43378. static int test_X509_LOOKUP_add_dir(void)
  43379. {
  43380. int res = TEST_SKIPPED;
  43381. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && \
  43382. !defined(NO_WOLFSSL_DIR) && defined(HAVE_CRL) && \
  43383. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
  43384. (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
  43385. X509_STORE * store;
  43386. X509_STORE_CTX * storeCtx;
  43387. X509_CRL * crl;
  43388. X509 * ca;
  43389. X509 * cert;
  43390. const char cliCrlPem[] = "./certs/crl/cliCrl.pem";
  43391. const char srvCert[] = "./certs/server-cert.pem";
  43392. const char caCert[] = "./certs/ca-cert.pem";
  43393. const char caDir[] = "./certs/crl/hash_der";
  43394. XFILE fp;
  43395. X509_LOOKUP * lookup;
  43396. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  43397. /* Set up store with CA */
  43398. AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
  43399. SSL_FILETYPE_PEM)));
  43400. AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
  43401. /* Add CRL lookup directory to store.
  43402. * Test uses ./certs/crl/hash_der/0fdb2da4.r0, which is a copy
  43403. * of crl.der */
  43404. AssertNotNull((lookup = X509_STORE_add_lookup(store,
  43405. X509_LOOKUP_hash_dir())));
  43406. AssertIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_ASN1),
  43407. SSL_SUCCESS);
  43408. AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),
  43409. SSL_SUCCESS);
  43410. /* Add CRL to store NOT containing the verified certificate, which
  43411. * forces use of the CRL lookup directory */
  43412. fp = XFOPEN(cliCrlPem, "rb");
  43413. AssertTrue((fp != XBADFILE));
  43414. AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
  43415. NULL, NULL));
  43416. XFCLOSE(fp);
  43417. AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
  43418. /* Create verification context outside of an SSL session */
  43419. AssertNotNull((storeCtx = X509_STORE_CTX_new()));
  43420. AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
  43421. SSL_FILETYPE_PEM)));
  43422. AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
  43423. /* Perform verification, which should NOT return CRL missing */
  43424. AssertIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
  43425. X509_CRL_free(crl);
  43426. X509_STORE_free(store);
  43427. X509_STORE_CTX_free(storeCtx);
  43428. X509_free(cert);
  43429. X509_free(ca);
  43430. /* Now repeat the same, but look for X509_FILETYPE_PEM.
  43431. * We should get CRL_MISSING at the end, because the lookup
  43432. * dir has only ASN1 CRLs. */
  43433. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  43434. AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
  43435. SSL_FILETYPE_PEM)));
  43436. AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
  43437. AssertNotNull((lookup = X509_STORE_add_lookup(store,
  43438. X509_LOOKUP_hash_dir())));
  43439. AssertIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_PEM),
  43440. SSL_SUCCESS);
  43441. AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),
  43442. SSL_SUCCESS);
  43443. fp = XFOPEN(cliCrlPem, "rb");
  43444. AssertTrue((fp != XBADFILE));
  43445. AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
  43446. NULL, NULL));
  43447. XFCLOSE(fp);
  43448. AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
  43449. AssertNotNull((storeCtx = X509_STORE_CTX_new()));
  43450. AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
  43451. SSL_FILETYPE_PEM)));
  43452. AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
  43453. /* Now we SHOULD get CRL_MISSING, because we looked for PEM
  43454. * in dir containing only ASN1/DER. */
  43455. AssertIntEQ(X509_verify_cert(storeCtx), CRL_MISSING);
  43456. X509_CRL_free(crl);
  43457. X509_STORE_free(store);
  43458. X509_STORE_CTX_free(storeCtx);
  43459. X509_free(cert);
  43460. X509_free(ca);
  43461. res = TEST_RES_CHECK(1);
  43462. #endif
  43463. return res;
  43464. }
  43465. /*----------------------------------------------------------------------------*
  43466. | Certificate Failure Checks
  43467. *----------------------------------------------------------------------------*/
  43468. #if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
  43469. !defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM)
  43470. /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
  43471. static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
  43472. int type)
  43473. {
  43474. int ret;
  43475. WOLFSSL_CERT_MANAGER* cm = NULL;
  43476. switch (type) {
  43477. case TESTING_RSA:
  43478. #ifdef NO_RSA
  43479. fprintf(stderr, "RSA disabled, skipping test\n");
  43480. return ASN_SIG_CONFIRM_E;
  43481. #else
  43482. break;
  43483. #endif
  43484. case TESTING_ECC:
  43485. #ifndef HAVE_ECC
  43486. fprintf(stderr, "ECC disabled, skipping test\n");
  43487. return ASN_SIG_CONFIRM_E;
  43488. #else
  43489. break;
  43490. #endif
  43491. default:
  43492. fprintf(stderr, "Bad function argument\n");
  43493. return BAD_FUNC_ARG;
  43494. }
  43495. cm = wolfSSL_CertManagerNew();
  43496. if (cm == NULL) {
  43497. fprintf(stderr, "wolfSSL_CertManagerNew failed\n");
  43498. return -1;
  43499. }
  43500. #ifndef NO_FILESYSTEM
  43501. ret = wolfSSL_CertManagerLoadCA(cm, ca, 0);
  43502. if (ret != WOLFSSL_SUCCESS) {
  43503. fprintf(stderr, "wolfSSL_CertManagerLoadCA failed\n");
  43504. wolfSSL_CertManagerFree(cm);
  43505. return ret;
  43506. }
  43507. #else
  43508. (void)ca;
  43509. #endif
  43510. ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, cert_sz, WOLFSSL_FILETYPE_ASN1);
  43511. /* Let AssertIntEQ handle return code */
  43512. wolfSSL_CertManagerFree(cm);
  43513. return ret;
  43514. }
  43515. #if !defined(NO_FILESYSTEM)
  43516. static int test_RsaSigFailure_cm(void)
  43517. {
  43518. int ret = 0;
  43519. const char* ca_cert = "./certs/ca-cert.pem";
  43520. const char* server_cert = "./certs/server-cert.der";
  43521. byte* cert_buf = NULL;
  43522. size_t cert_sz = 0;
  43523. ret = load_file(server_cert, &cert_buf, &cert_sz);
  43524. if (ret == 0) {
  43525. /* corrupt DER - invert last byte, which is signature */
  43526. cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
  43527. /* test bad cert */
  43528. ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA);
  43529. }
  43530. if (cert_buf)
  43531. free(cert_buf);
  43532. #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
  43533. if (ret == WOLFSSL_FATAL_ERROR) {
  43534. ret = 0;
  43535. }
  43536. #else
  43537. if (ret == ASN_SIG_CONFIRM_E) {
  43538. ret = 0;
  43539. }
  43540. #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */
  43541. return TEST_RES_CHECK(ret == 0);
  43542. }
  43543. static int test_EccSigFailure_cm(void)
  43544. {
  43545. int ret = 0;
  43546. /* self-signed ECC cert, so use server cert as CA */
  43547. const char* ca_cert = "./certs/ca-ecc-cert.pem";
  43548. const char* server_cert = "./certs/server-ecc.der";
  43549. byte* cert_buf = NULL;
  43550. size_t cert_sz = 0;
  43551. ret = load_file(server_cert, &cert_buf, &cert_sz);
  43552. if (ret == 0) {
  43553. /* corrupt DER - invert last byte, which is signature */
  43554. cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
  43555. /* test bad cert */
  43556. ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC);
  43557. }
  43558. if (cert_buf)
  43559. free(cert_buf);
  43560. #ifdef FP_ECC
  43561. wc_ecc_fp_free();
  43562. #endif
  43563. #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
  43564. if (ret == WOLFSSL_FATAL_ERROR) {
  43565. ret = 0;
  43566. }
  43567. #else
  43568. if (ret == ASN_SIG_CONFIRM_E) {
  43569. ret = 0;
  43570. }
  43571. #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */
  43572. return TEST_RES_CHECK(ret == 0);
  43573. }
  43574. #endif /* !NO_FILESYSTEM */
  43575. #endif /* NO_CERTS */
  43576. #ifdef WOLFSSL_TLS13
  43577. #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
  43578. #ifdef WC_SHA384_DIGEST_SIZE
  43579. static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, };
  43580. #else
  43581. static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, };
  43582. #endif
  43583. #endif
  43584. #ifdef WOLFSSL_EARLY_DATA
  43585. static const char earlyData[] = "Early Data";
  43586. static char earlyDataBuffer[1];
  43587. #endif
  43588. static int test_tls13_apis(void)
  43589. {
  43590. int ret = 0;
  43591. #ifndef WOLFSSL_NO_TLS12
  43592. #ifndef NO_WOLFSSL_CLIENT
  43593. WOLFSSL_CTX* clientTls12Ctx;
  43594. WOLFSSL* clientTls12Ssl;
  43595. #endif
  43596. #ifndef NO_WOLFSSL_SERVER
  43597. WOLFSSL_CTX* serverTls12Ctx;
  43598. WOLFSSL* serverTls12Ssl;
  43599. #endif
  43600. #endif
  43601. #ifndef NO_WOLFSSL_CLIENT
  43602. WOLFSSL_CTX* clientCtx;
  43603. WOLFSSL* clientSsl;
  43604. #endif
  43605. #ifndef NO_WOLFSSL_SERVER
  43606. WOLFSSL_CTX* serverCtx;
  43607. WOLFSSL* serverSsl;
  43608. #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
  43609. const char* ourCert = svrCertFile;
  43610. const char* ourKey = svrKeyFile;
  43611. #endif
  43612. #endif
  43613. int required;
  43614. #ifdef WOLFSSL_EARLY_DATA
  43615. int outSz;
  43616. #endif
  43617. #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
  43618. int groups[2] = { WOLFSSL_ECC_SECP256R1,
  43619. #ifdef HAVE_PQC
  43620. WOLFSSL_KYBER_LEVEL1
  43621. #else
  43622. WOLFSSL_ECC_SECP256R1
  43623. #endif
  43624. };
  43625. #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
  43626. int bad_groups[2] = { 0xDEAD, 0xBEEF };
  43627. #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
  43628. int numGroups = 2;
  43629. #endif
  43630. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
  43631. char groupList[] =
  43632. #ifndef NO_ECC_SECP
  43633. #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
  43634. "P-521:"
  43635. #endif
  43636. #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
  43637. "P-384:"
  43638. #endif
  43639. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  43640. "P-256"
  43641. #ifdef HAVE_PQC
  43642. ":P256_KYBER_LEVEL1"
  43643. #endif
  43644. #endif
  43645. #ifdef HAVE_PQC
  43646. ":KYBER_LEVEL1"
  43647. #endif
  43648. "";
  43649. #endif /* !defined(NO_ECC_SECP) */
  43650. #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
  43651. (void)ret;
  43652. #ifndef WOLFSSL_NO_TLS12
  43653. #ifndef NO_WOLFSSL_CLIENT
  43654. clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
  43655. clientTls12Ssl = wolfSSL_new(clientTls12Ctx);
  43656. #endif
  43657. #ifndef NO_WOLFSSL_SERVER
  43658. serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
  43659. #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
  43660. wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
  43661. wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM);
  43662. #endif
  43663. serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
  43664. #endif
  43665. #endif
  43666. #ifndef NO_WOLFSSL_CLIENT
  43667. clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
  43668. clientSsl = wolfSSL_new(clientCtx);
  43669. #endif
  43670. #ifndef NO_WOLFSSL_SERVER
  43671. serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
  43672. #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
  43673. wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
  43674. wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM);
  43675. #endif
  43676. serverSsl = wolfSSL_new(serverCtx);
  43677. #endif
  43678. #ifdef WOLFSSL_SEND_HRR_COOKIE
  43679. AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG);
  43680. #ifndef NO_WOLFSSL_CLIENT
  43681. AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR);
  43682. #endif
  43683. #ifndef NO_WOLFSSL_SERVER
  43684. #ifndef WOLFSSL_NO_TLS12
  43685. AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG);
  43686. #endif
  43687. AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
  43688. AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)),
  43689. WOLFSSL_SUCCESS);
  43690. #endif
  43691. #endif
  43692. #ifdef HAVE_SUPPORTED_CURVES
  43693. #ifdef HAVE_ECC
  43694. AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
  43695. #ifndef NO_WOLFSSL_SERVER
  43696. do {
  43697. ret = wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1);
  43698. #ifdef WOLFSSL_ASYNC_CRYPT
  43699. if (ret == WC_PENDING_E)
  43700. wolfSSL_AsyncPoll(serverSsl, WOLF_POLL_FLAG_CHECK_HW);
  43701. #endif
  43702. } while (ret == WC_PENDING_E);
  43703. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  43704. #endif
  43705. #ifndef NO_WOLFSSL_CLIENT
  43706. #ifndef WOLFSSL_NO_TLS12
  43707. do {
  43708. ret = wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1);
  43709. #ifdef WOLFSSL_ASYNC_CRYPT
  43710. if (ret == WC_PENDING_E)
  43711. wolfSSL_AsyncPoll(clientTls12Ssl, WOLF_POLL_FLAG_CHECK_HW);
  43712. #endif
  43713. } while (ret == WC_PENDING_E);
  43714. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  43715. #endif
  43716. do {
  43717. ret = wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1);
  43718. #ifdef WOLFSSL_ASYNC_CRYPT
  43719. if (ret == WC_PENDING_E)
  43720. wolfSSL_AsyncPoll(clientSsl, WOLF_POLL_FLAG_CHECK_HW);
  43721. #endif
  43722. } while (ret == WC_PENDING_E);
  43723. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  43724. #endif
  43725. #elif defined(HAVE_CURVE25519)
  43726. AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
  43727. #ifndef NO_WOLFSSL_SERVER
  43728. AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
  43729. WOLFSSL_SUCCESS);
  43730. #endif
  43731. #ifndef NO_WOLFSSL_CLIENT
  43732. #ifndef WOLFSSL_NO_TLS12
  43733. AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
  43734. WOLFSSL_SUCCESS);
  43735. #endif
  43736. AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
  43737. WOLFSSL_SUCCESS);
  43738. #endif
  43739. #elif defined(HAVE_CURVE448)
  43740. AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG);
  43741. #ifndef NO_WOLFSSL_SERVER
  43742. AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
  43743. WOLFSSL_SUCCESS);
  43744. #endif
  43745. #ifndef NO_WOLFSSL_CLIENT
  43746. #ifndef WOLFSSL_NO_TLS12
  43747. AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448),
  43748. WOLFSSL_SUCCESS);
  43749. #endif
  43750. AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448),
  43751. WOLFSSL_SUCCESS);
  43752. #endif
  43753. #else
  43754. AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
  43755. #ifndef NO_WOLFSSL_CLIENT
  43756. #ifndef WOLFSSL_NO_TLS12
  43757. AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
  43758. NOT_COMPILED_IN);
  43759. #endif
  43760. AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
  43761. NOT_COMPILED_IN);
  43762. #endif
  43763. #endif
  43764. #if defined(HAVE_PQC)
  43765. AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG);
  43766. #ifndef NO_WOLFSSL_SERVER
  43767. AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3),
  43768. WOLFSSL_SUCCESS);
  43769. #endif
  43770. #ifndef NO_WOLFSSL_CLIENT
  43771. #ifndef WOLFSSL_NO_TLS12
  43772. AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_KYBER_LEVEL3),
  43773. BAD_FUNC_ARG);
  43774. #endif
  43775. AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_KYBER_LEVEL3),
  43776. WOLFSSL_SUCCESS);
  43777. #endif
  43778. #endif
  43779. AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG);
  43780. #ifndef NO_WOLFSSL_SERVER
  43781. AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR);
  43782. #endif
  43783. #ifndef NO_WOLFSSL_CLIENT
  43784. #ifndef WOLFSSL_NO_TLS12
  43785. AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS);
  43786. #endif
  43787. AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
  43788. #endif
  43789. #endif /* HAVE_SUPPORTED_CURVES */
  43790. AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
  43791. #ifndef NO_WOLFSSL_CLIENT
  43792. AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR);
  43793. #endif
  43794. #ifndef NO_WOLFSSL_SERVER
  43795. #ifndef WOLFSSL_NO_TLS12
  43796. AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG);
  43797. #endif
  43798. AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
  43799. #endif
  43800. AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
  43801. #ifndef NO_WOLFSSL_CLIENT
  43802. AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR);
  43803. #endif
  43804. #ifndef NO_WOLFSSL_SERVER
  43805. #ifndef WOLFSSL_NO_TLS12
  43806. AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG);
  43807. #endif
  43808. AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
  43809. #endif
  43810. AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG);
  43811. #ifndef NO_WOLFSSL_CLIENT
  43812. #ifndef WOLFSSL_NO_TLS12
  43813. AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG);
  43814. #endif
  43815. AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
  43816. #endif
  43817. #ifndef NO_WOLFSSL_SERVER
  43818. AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
  43819. #endif
  43820. AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG);
  43821. #ifndef NO_WOLFSSL_CLIENT
  43822. #ifndef WOLFSSL_NO_TLS12
  43823. AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG);
  43824. #endif
  43825. AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
  43826. #endif
  43827. #ifndef NO_WOLFSSL_SERVER
  43828. AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
  43829. #endif
  43830. AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG);
  43831. #ifndef NO_WOLFSSL_CLIENT
  43832. #ifndef WOLFSSL_NO_TLS12
  43833. AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG);
  43834. #endif
  43835. AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR);
  43836. #endif
  43837. #ifndef NO_WOLFSSL_SERVER
  43838. AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR);
  43839. #endif
  43840. AssertIntEQ(wolfSSL_key_update_response(NULL, NULL), BAD_FUNC_ARG);
  43841. AssertIntEQ(wolfSSL_key_update_response(NULL, &required), BAD_FUNC_ARG);
  43842. #ifndef NO_WOLFSSL_CLIENT
  43843. #ifndef WOLFSSL_NO_TLS12
  43844. AssertIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required),
  43845. BAD_FUNC_ARG);
  43846. #endif
  43847. AssertIntEQ(wolfSSL_key_update_response(clientSsl, NULL), BAD_FUNC_ARG);
  43848. #endif
  43849. #ifndef NO_WOLFSSL_SERVER
  43850. AssertIntEQ(wolfSSL_key_update_response(serverSsl, NULL), BAD_FUNC_ARG);
  43851. #endif
  43852. #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  43853. AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
  43854. #ifndef NO_WOLFSSL_SERVER
  43855. AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR);
  43856. #endif
  43857. #ifndef NO_WOLFSSL_CLIENT
  43858. #ifndef WOLFSSL_NO_TLS12
  43859. AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
  43860. BAD_FUNC_ARG);
  43861. #endif
  43862. AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
  43863. #endif
  43864. AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
  43865. #ifndef NO_WOLFSSL_SERVER
  43866. AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR);
  43867. #endif
  43868. #ifndef NO_WOLFSSL_CLIENT
  43869. #ifndef WOLFSSL_NO_TLS12
  43870. AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
  43871. BAD_FUNC_ARG);
  43872. #endif
  43873. AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
  43874. #endif
  43875. AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG);
  43876. #ifndef NO_WOLFSSL_CLIENT
  43877. AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR);
  43878. #endif
  43879. #ifndef NO_WOLFSSL_SERVER
  43880. #ifndef WOLFSSL_NO_TLS12
  43881. AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
  43882. BAD_FUNC_ARG);
  43883. #endif
  43884. AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR);
  43885. #endif
  43886. #endif
  43887. #ifdef HAVE_ECC
  43888. #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
  43889. AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG);
  43890. #ifndef NO_WOLFSSL_SERVER
  43891. AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR);
  43892. #endif
  43893. #ifndef NO_WOLFSSL_CLIENT
  43894. #ifndef WOLFSSL_NO_TLS12
  43895. AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG);
  43896. #endif
  43897. AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR);
  43898. #endif
  43899. #endif
  43900. #ifdef HAVE_SUPPORTED_CURVES
  43901. AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
  43902. #ifndef NO_WOLFSSL_CLIENT
  43903. AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
  43904. #endif
  43905. AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
  43906. #ifndef NO_WOLFSSL_CLIENT
  43907. #ifndef WOLFSSL_NO_TLS12
  43908. AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
  43909. BAD_FUNC_ARG);
  43910. #endif
  43911. AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
  43912. WOLFSSL_MAX_GROUP_COUNT + 1),
  43913. BAD_FUNC_ARG);
  43914. AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
  43915. WOLFSSL_SUCCESS);
  43916. AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
  43917. BAD_FUNC_ARG);
  43918. #endif
  43919. #ifndef NO_WOLFSSL_SERVER
  43920. AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
  43921. WOLFSSL_SUCCESS);
  43922. AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups),
  43923. BAD_FUNC_ARG);
  43924. #endif
  43925. AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
  43926. #ifndef NO_WOLFSSL_CLIENT
  43927. AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG);
  43928. #endif
  43929. AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
  43930. #ifndef NO_WOLFSSL_CLIENT
  43931. #ifndef WOLFSSL_NO_TLS12
  43932. AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
  43933. BAD_FUNC_ARG);
  43934. #endif
  43935. AssertIntEQ(wolfSSL_set_groups(clientSsl, groups,
  43936. WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
  43937. AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
  43938. WOLFSSL_SUCCESS);
  43939. AssertIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
  43940. BAD_FUNC_ARG);
  43941. #endif
  43942. #ifndef NO_WOLFSSL_SERVER
  43943. AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
  43944. WOLFSSL_SUCCESS);
  43945. AssertIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups),
  43946. BAD_FUNC_ARG);
  43947. #endif
  43948. #ifdef OPENSSL_EXTRA
  43949. AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
  43950. #ifndef NO_WOLFSSL_CLIENT
  43951. AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL), WOLFSSL_FAILURE);
  43952. #endif
  43953. AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
  43954. #ifndef NO_WOLFSSL_CLIENT
  43955. #ifndef WOLFSSL_NO_TLS12
  43956. AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
  43957. WOLFSSL_FAILURE);
  43958. #endif
  43959. AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList),
  43960. WOLFSSL_SUCCESS);
  43961. #endif
  43962. #ifndef NO_WOLFSSL_SERVER
  43963. AssertIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList),
  43964. WOLFSSL_SUCCESS);
  43965. #endif
  43966. AssertIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
  43967. #ifndef NO_WOLFSSL_CLIENT
  43968. AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE);
  43969. #endif
  43970. AssertIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
  43971. #ifndef NO_WOLFSSL_CLIENT
  43972. #ifndef WOLFSSL_NO_TLS12
  43973. AssertIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
  43974. WOLFSSL_FAILURE);
  43975. #endif
  43976. AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList),
  43977. WOLFSSL_SUCCESS);
  43978. #endif
  43979. #ifndef NO_WOLFSSL_SERVER
  43980. AssertIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList),
  43981. WOLFSSL_SUCCESS);
  43982. #endif
  43983. #endif /* OPENSSL_EXTRA */
  43984. #endif /* HAVE_SUPPORTED_CURVES */
  43985. #endif /* HAVE_ECC */
  43986. #ifdef WOLFSSL_EARLY_DATA
  43987. #ifndef OPENSSL_EXTRA
  43988. AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
  43989. AssertIntEQ(wolfSSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
  43990. #else
  43991. AssertIntEQ(SSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
  43992. AssertIntEQ(SSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
  43993. #endif
  43994. #ifndef NO_WOLFSSL_CLIENT
  43995. #ifndef OPENSSL_EXTRA
  43996. AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
  43997. AssertIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
  43998. #else
  43999. AssertIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
  44000. AssertIntEQ(SSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
  44001. #endif
  44002. #endif
  44003. #ifndef NO_WOLFSSL_SERVER
  44004. #ifndef WOLFSSL_NO_TLS12
  44005. #ifndef OPENSSL_EXTRA
  44006. AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
  44007. BAD_FUNC_ARG);
  44008. AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
  44009. #else
  44010. AssertIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0),
  44011. BAD_FUNC_ARG);
  44012. AssertIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
  44013. #endif
  44014. #endif
  44015. #ifndef OPENSSL_EXTRA
  44016. AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0);
  44017. AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32);
  44018. #else
  44019. AssertIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1);
  44020. AssertIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32);
  44021. #endif
  44022. #endif
  44023. #ifndef OPENSSL_EXTRA
  44024. AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
  44025. AssertIntEQ(wolfSSL_get_max_early_data(NULL), BAD_FUNC_ARG);
  44026. #else
  44027. AssertIntEQ(SSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
  44028. AssertIntEQ(SSL_get_max_early_data(NULL), BAD_FUNC_ARG);
  44029. #endif
  44030. #ifndef NO_WOLFSSL_CLIENT
  44031. #ifndef OPENSSL_EXTRA
  44032. AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), 0);
  44033. AssertIntEQ(wolfSSL_get_max_early_data(clientSsl), 17);
  44034. #else
  44035. AssertIntEQ(SSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS);
  44036. AssertIntEQ(SSL_get_max_early_data(clientSsl), 17);
  44037. #endif
  44038. #endif
  44039. #ifndef NO_WOLFSSL_SERVER
  44040. #ifndef WOLFSSL_NO_TLS12
  44041. #ifndef OPENSSL_EXTRA
  44042. AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
  44043. AssertIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
  44044. #else
  44045. AssertIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
  44046. AssertIntEQ(SSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
  44047. #endif
  44048. #endif
  44049. #ifndef OPENSSL_EXTRA
  44050. AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0);
  44051. AssertIntEQ(wolfSSL_get_max_early_data(serverSsl), 16);
  44052. #else
  44053. AssertIntEQ(SSL_set_max_early_data(serverSsl, 16), 1);
  44054. AssertIntEQ(SSL_get_max_early_data(serverSsl), 16);
  44055. #endif
  44056. #endif
  44057. AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
  44058. &outSz), BAD_FUNC_ARG);
  44059. #ifndef NO_WOLFSSL_CLIENT
  44060. AssertIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
  44061. &outSz), BAD_FUNC_ARG);
  44062. AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
  44063. BAD_FUNC_ARG);
  44064. AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
  44065. sizeof(earlyData), NULL),
  44066. BAD_FUNC_ARG);
  44067. #endif
  44068. #ifndef NO_WOLFSSL_SERVER
  44069. AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
  44070. sizeof(earlyData), &outSz),
  44071. SIDE_ERROR);
  44072. #endif
  44073. #ifndef NO_WOLFSSL_CLIENT
  44074. #ifndef WOLFSSL_NO_TLS12
  44075. AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
  44076. sizeof(earlyData), &outSz),
  44077. BAD_FUNC_ARG);
  44078. #endif
  44079. AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
  44080. sizeof(earlyData), &outSz),
  44081. WOLFSSL_FATAL_ERROR);
  44082. #endif
  44083. AssertIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
  44084. sizeof(earlyDataBuffer), &outSz),
  44085. BAD_FUNC_ARG);
  44086. #ifndef NO_WOLFSSL_SERVER
  44087. AssertIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
  44088. sizeof(earlyDataBuffer), &outSz),
  44089. BAD_FUNC_ARG);
  44090. AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1, &outSz),
  44091. BAD_FUNC_ARG);
  44092. AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
  44093. sizeof(earlyDataBuffer), NULL),
  44094. BAD_FUNC_ARG);
  44095. #endif
  44096. #ifndef NO_WOLFSSL_CLIENT
  44097. AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
  44098. sizeof(earlyDataBuffer), &outSz),
  44099. SIDE_ERROR);
  44100. #endif
  44101. #ifndef NO_WOLFSSL_SERVER
  44102. #ifndef WOLFSSL_NO_TLS12
  44103. AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
  44104. sizeof(earlyDataBuffer), &outSz),
  44105. BAD_FUNC_ARG);
  44106. #endif
  44107. AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
  44108. sizeof(earlyDataBuffer), &outSz),
  44109. WOLFSSL_FATAL_ERROR);
  44110. #endif
  44111. #endif
  44112. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA)
  44113. AssertIntLT(SSL_get_early_data_status(NULL), 0);
  44114. #endif
  44115. #ifndef NO_WOLFSSL_SERVER
  44116. wolfSSL_free(serverSsl);
  44117. wolfSSL_CTX_free(serverCtx);
  44118. #endif
  44119. #ifndef NO_WOLFSSL_CLIENT
  44120. wolfSSL_free(clientSsl);
  44121. wolfSSL_CTX_free(clientCtx);
  44122. #endif
  44123. #ifndef WOLFSSL_NO_TLS12
  44124. #ifndef NO_WOLFSSL_SERVER
  44125. wolfSSL_free(serverTls12Ssl);
  44126. wolfSSL_CTX_free(serverTls12Ctx);
  44127. #endif
  44128. #ifndef NO_WOLFSSL_CLIENT
  44129. wolfSSL_free(clientTls12Ssl);
  44130. wolfSSL_CTX_free(clientTls12Ctx);
  44131. #endif
  44132. #endif
  44133. return TEST_RES_CHECK(1);
  44134. }
  44135. #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
  44136. defined(HAVE_ECC) && defined(BUILD_TLS_AES_128_GCM_SHA256) && \
  44137. defined(BUILD_TLS_AES_256_GCM_SHA384)
  44138. /* Called when writing. */
  44139. static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
  44140. {
  44141. (void)ssl;
  44142. (void)buf;
  44143. (void)sz;
  44144. (void)ctx;
  44145. /* Force error return from wolfSSL_accept_TLSv13(). */
  44146. return WANT_WRITE;
  44147. }
  44148. /* Called when reading. */
  44149. static int CsRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
  44150. {
  44151. WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx;
  44152. int len = (int)msg->length;
  44153. (void)ssl;
  44154. (void)sz;
  44155. /* Pass back as much of message as will fit in buffer. */
  44156. if (len > sz)
  44157. len = sz;
  44158. XMEMCPY(buf, msg->buffer, len);
  44159. /* Move over returned data. */
  44160. msg->buffer += len;
  44161. msg->length -= len;
  44162. /* Amount actually copied. */
  44163. return len;
  44164. }
  44165. #endif
  44166. static int test_tls13_cipher_suites(void)
  44167. {
  44168. int res = TEST_SKIPPED;
  44169. #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
  44170. defined(HAVE_ECC) && defined(BUILD_TLS_AES_128_GCM_SHA256) && \
  44171. defined(BUILD_TLS_AES_256_GCM_SHA384)
  44172. WOLFSSL_CTX* ctx;
  44173. WOLFSSL *ssl;
  44174. int i;
  44175. byte clientHello[] = {
  44176. 0x16, 0x03, 0x03, 0x01, 0x9b, 0x01, 0x00, 0x01,
  44177. 0x97, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe,
  44178. 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55,
  44179. 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8,
  44180. 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c,
  44181. 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b,
  44182. 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda,
  44183. 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00,
  44184. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  44185. 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
  44186. /* Cipher suites: 0x13, 0x01 = TLS13-AES128-GCM-SHA256, twice. */
  44187. 0x13, 0x01,
  44188. 0x13, 0x01, 0x01, 0x00, 0x01, 0x4a, 0x00, 0x2d,
  44189. 0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x33, 0x00,
  44190. 0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04,
  44191. 0x90, 0xfc, 0xe2, 0x97, 0x05, 0x7c, 0xb5, 0x23,
  44192. 0x5d, 0x5f, 0x5b, 0xcd, 0x0c, 0x1e, 0xe0, 0xe9,
  44193. 0xab, 0x38, 0x6b, 0x1e, 0x20, 0x5c, 0x1c, 0x90,
  44194. 0x2a, 0x9e, 0x68, 0x8e, 0x70, 0x05, 0x10, 0xa8,
  44195. 0x02, 0x1b, 0xf9, 0x5c, 0xef, 0xc9, 0xaf, 0xca,
  44196. 0x1a, 0x3b, 0x16, 0x8b, 0xe4, 0x1b, 0x3c, 0x15,
  44197. 0xb8, 0x0d, 0xbd, 0xaf, 0x62, 0x8d, 0xa7, 0x13,
  44198. 0xa0, 0x7c, 0xe0, 0x59, 0x0c, 0x4f, 0x8a, 0x6d,
  44199. 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04, 0x00,
  44200. 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x03, 0x05,
  44201. 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, 0x08,
  44202. 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08,
  44203. 0x09, 0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03,
  44204. 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00,
  44205. 0x02, 0x00, 0x17, 0x00, 0x16, 0x00, 0x00, 0x00,
  44206. 0x23, 0x00, 0x00, 0x00, 0x29, 0x00, 0xb9, 0x00,
  44207. 0x94, 0x00, 0x8e, 0x0f, 0x12, 0xfa, 0x84, 0x1f,
  44208. 0x76, 0x94, 0xd7, 0x09, 0x5e, 0xad, 0x08, 0x51,
  44209. 0xb6, 0x80, 0x28, 0x31, 0x8b, 0xfd, 0xc6, 0xbd,
  44210. 0x9e, 0xf5, 0x3b, 0x4d, 0x02, 0xbe, 0x1d, 0x73,
  44211. 0xea, 0x13, 0x68, 0x00, 0x4c, 0xfd, 0x3d, 0x48,
  44212. 0x51, 0xf9, 0x06, 0xbb, 0x92, 0xed, 0x42, 0x9f,
  44213. 0x7f, 0x2c, 0x73, 0x9f, 0xd9, 0xb4, 0xef, 0x05,
  44214. 0x26, 0x5b, 0x60, 0x5c, 0x0a, 0xfc, 0xa3, 0xbd,
  44215. 0x2d, 0x2d, 0x8b, 0xf9, 0xaa, 0x5c, 0x96, 0x3a,
  44216. 0xf2, 0xec, 0xfa, 0xe5, 0x57, 0x2e, 0x87, 0xbe,
  44217. 0x27, 0xc5, 0x3d, 0x4f, 0x5d, 0xdd, 0xde, 0x1c,
  44218. 0x1b, 0xb3, 0xcc, 0x27, 0x27, 0x57, 0x5a, 0xd9,
  44219. 0xea, 0x99, 0x27, 0x23, 0xa6, 0x0e, 0xea, 0x9c,
  44220. 0x0d, 0x85, 0xcb, 0x72, 0xeb, 0xd7, 0x93, 0xe3,
  44221. 0xfe, 0xf7, 0x5c, 0xc5, 0x5b, 0x75, 0x8c, 0x47,
  44222. 0x0a, 0x0e, 0xc4, 0x1a, 0xda, 0xef, 0x75, 0xe5,
  44223. 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  44224. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  44225. 0x00, 0xfb, 0x92, 0xce, 0xaa, 0x00, 0x21, 0x20,
  44226. 0xcb, 0x73, 0x25, 0x80, 0x46, 0x78, 0x4f, 0xe5,
  44227. 0x34, 0xf6, 0x91, 0x13, 0x7f, 0xc8, 0x8d, 0xdc,
  44228. 0x81, 0x04, 0xb7, 0x0d, 0x49, 0x85, 0x2e, 0x12,
  44229. 0x7a, 0x07, 0x23, 0xe9, 0x13, 0xa4, 0x6d, 0x8c
  44230. };
  44231. WOLFSSL_BUFFER_INFO msg;
  44232. /* Offset into ClientHello message data of first cipher suite. */
  44233. const int csOff = 78;
  44234. /* Server cipher list. */
  44235. const char* serverCs = "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256";
  44236. /* Suite list with duplicates. */
  44237. const char* dupCs = "TLS13-AES128-GCM-SHA256:"
  44238. "TLS13-AES128-GCM-SHA256:"
  44239. "TLS13-AES256-GCM-SHA384:"
  44240. "TLS13-AES256-GCM-SHA384:"
  44241. "TLS13-AES128-GCM-SHA256";
  44242. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
  44243. const byte dupCsBytes[] = { TLS13_BYTE, TLS_AES_256_GCM_SHA384,
  44244. TLS13_BYTE, TLS_AES_256_GCM_SHA384,
  44245. TLS13_BYTE, TLS_AES_128_GCM_SHA256,
  44246. TLS13_BYTE, TLS_AES_128_GCM_SHA256,
  44247. TLS13_BYTE, TLS_AES_256_GCM_SHA384 };
  44248. #endif
  44249. /* Set up wolfSSL context. */
  44250. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
  44251. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
  44252. WOLFSSL_FILETYPE_PEM));
  44253. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
  44254. WOLFSSL_FILETYPE_PEM));
  44255. /* Read from 'msg'. */
  44256. wolfSSL_SetIORecv(ctx, CsRecv);
  44257. /* No where to send to - dummy sender. */
  44258. wolfSSL_SetIOSend(ctx, CsSend);
  44259. /* Test cipher suite list with many copies of a cipher suite. */
  44260. AssertNotNull(ssl = wolfSSL_new(ctx));
  44261. msg.buffer = clientHello;
  44262. msg.length = (unsigned int)sizeof(clientHello);
  44263. wolfSSL_SetIOReadCtx(ssl, &msg);
  44264. /* Force server to have as many occurrences of same cipher suite as
  44265. * possible. */
  44266. ssl->suites->suiteSz = WOLFSSL_MAX_SUITE_SZ;
  44267. for (i = 0; i < ssl->suites->suiteSz; i += 2) {
  44268. ssl->suites->suites[i + 0] = TLS13_BYTE;
  44269. ssl->suites->suites[i + 1] = TLS_AES_128_GCM_SHA256;
  44270. }
  44271. /* Test multiple occurrences of same cipher suite. */
  44272. wolfSSL_accept_TLSv13(ssl);
  44273. wolfSSL_free(ssl);
  44274. /* Set client order opposite to server order:
  44275. * TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384 */
  44276. clientHello[csOff + 0] = TLS13_BYTE;
  44277. clientHello[csOff + 1] = TLS_AES_128_GCM_SHA256;
  44278. clientHello[csOff + 2] = TLS13_BYTE;
  44279. clientHello[csOff + 3] = TLS_AES_256_GCM_SHA384;
  44280. /* Test server order negotiation. */
  44281. AssertNotNull(ssl = wolfSSL_new(ctx));
  44282. msg.buffer = clientHello;
  44283. msg.length = (unsigned int)sizeof(clientHello);
  44284. wolfSSL_SetIOReadCtx(ssl, &msg);
  44285. /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */
  44286. AssertIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
  44287. /* Negotiate cipher suites in server order: TLS13-AES256-GCM-SHA384 */
  44288. wolfSSL_accept_TLSv13(ssl);
  44289. /* Check refined order - server order. */
  44290. AssertIntEQ(ssl->suites->suiteSz, 4);
  44291. AssertIntEQ(ssl->suites->suites[0], TLS13_BYTE);
  44292. AssertIntEQ(ssl->suites->suites[1], TLS_AES_256_GCM_SHA384);
  44293. AssertIntEQ(ssl->suites->suites[2], TLS13_BYTE);
  44294. AssertIntEQ(ssl->suites->suites[3], TLS_AES_128_GCM_SHA256);
  44295. wolfSSL_free(ssl);
  44296. /* Test client order negotiation. */
  44297. AssertNotNull(ssl = wolfSSL_new(ctx));
  44298. msg.buffer = clientHello;
  44299. msg.length = (unsigned int)sizeof(clientHello);
  44300. wolfSSL_SetIOReadCtx(ssl, &msg);
  44301. /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */
  44302. AssertIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
  44303. AssertIntEQ(wolfSSL_UseClientSuites(ssl), 0);
  44304. /* Negotiate cipher suites in client order: TLS13-AES128-GCM-SHA256 */
  44305. wolfSSL_accept_TLSv13(ssl);
  44306. /* Check refined order - client order. */
  44307. AssertIntEQ(ssl->suites->suiteSz, 4);
  44308. AssertIntEQ(ssl->suites->suites[0], TLS13_BYTE);
  44309. AssertIntEQ(ssl->suites->suites[1], TLS_AES_128_GCM_SHA256);
  44310. AssertIntEQ(ssl->suites->suites[2], TLS13_BYTE);
  44311. AssertIntEQ(ssl->suites->suites[3], TLS_AES_256_GCM_SHA384);
  44312. wolfSSL_free(ssl);
  44313. /* Check duplicate detection is working. */
  44314. AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, dupCs), WOLFSSL_SUCCESS);
  44315. AssertIntEQ(ctx->suites->suiteSz, 4);
  44316. AssertIntEQ(ctx->suites->suites[0], TLS13_BYTE);
  44317. AssertIntEQ(ctx->suites->suites[1], TLS_AES_128_GCM_SHA256);
  44318. AssertIntEQ(ctx->suites->suites[2], TLS13_BYTE);
  44319. AssertIntEQ(ctx->suites->suites[3], TLS_AES_256_GCM_SHA384);
  44320. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
  44321. AssertIntEQ(wolfSSL_CTX_set_cipher_list_bytes(ctx, dupCsBytes,
  44322. sizeof(dupCsBytes)), WOLFSSL_SUCCESS);
  44323. AssertIntEQ(ctx->suites->suiteSz, 4);
  44324. AssertIntEQ(ctx->suites->suites[0], TLS13_BYTE);
  44325. AssertIntEQ(ctx->suites->suites[1], TLS_AES_256_GCM_SHA384);
  44326. AssertIntEQ(ctx->suites->suites[2], TLS13_BYTE);
  44327. AssertIntEQ(ctx->suites->suites[3], TLS_AES_128_GCM_SHA256);
  44328. #endif
  44329. wolfSSL_CTX_free(ctx);
  44330. res = TEST_RES_CHECK(1);
  44331. #endif
  44332. return res;
  44333. }
  44334. #endif
  44335. #if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \
  44336. !defined(NO_OLD_TLS))
  44337. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  44338. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
  44339. !defined(NO_AES) && defined(HAVE_AES_CBC) && \
  44340. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
  44341. static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
  44342. const unsigned char* priv, unsigned int privSz,
  44343. const unsigned char* pubKeyDer, unsigned int pubKeySz,
  44344. unsigned char* out, unsigned int* outlen,
  44345. void* ctx)
  44346. {
  44347. int result;
  44348. /* Test fail when context associated with WOLFSSL is NULL */
  44349. if (ctx == NULL) {
  44350. return -1;
  44351. }
  44352. (void)ssl;
  44353. /* return 0 on success */
  44354. PRIVATE_KEY_UNLOCK();
  44355. result = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
  44356. PRIVATE_KEY_LOCK();
  44357. return result;
  44358. }
  44359. static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) {
  44360. wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback);
  44361. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  44362. AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"),
  44363. WOLFSSL_SUCCESS);
  44364. #endif
  44365. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
  44366. AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"),
  44367. WOLFSSL_SUCCESS);
  44368. #endif
  44369. }
  44370. static void test_dh_ssl_setup(WOLFSSL* ssl)
  44371. {
  44372. static int dh_test_ctx = 1;
  44373. int ret;
  44374. wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx);
  44375. AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx);
  44376. ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  44377. if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
  44378. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  44379. }
  44380. }
  44381. static void test_dh_ssl_setup_fail(WOLFSSL* ssl)
  44382. {
  44383. int ret;
  44384. wolfSSL_SetDhAgreeCtx(ssl, NULL);
  44385. AssertNull(wolfSSL_GetDhAgreeCtx(ssl));
  44386. ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  44387. if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
  44388. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  44389. }
  44390. }
  44391. #endif
  44392. static int test_DhCallbacks(void)
  44393. {
  44394. int res = TEST_SKIPPED;
  44395. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  44396. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
  44397. !defined(NO_AES) && defined(HAVE_AES_CBC) && \
  44398. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
  44399. WOLFSSL_CTX *ctx;
  44400. WOLFSSL *ssl;
  44401. tcp_ready ready;
  44402. func_args server_args;
  44403. func_args client_args;
  44404. THREAD_TYPE serverThread;
  44405. callback_functions func_cb_client;
  44406. callback_functions func_cb_server;
  44407. int test;
  44408. #ifndef NO_WOLFSSL_CLIENT
  44409. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  44410. #else
  44411. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  44412. #endif
  44413. AssertIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE);
  44414. wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback);
  44415. /* load client ca cert */
  44416. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
  44417. WOLFSSL_SUCCESS);
  44418. /* test with NULL arguments */
  44419. wolfSSL_SetDhAgreeCtx(NULL, &test);
  44420. AssertNull(wolfSSL_GetDhAgreeCtx(NULL));
  44421. /* test success case */
  44422. test = 1;
  44423. AssertNotNull(ssl = wolfSSL_new(ctx));
  44424. wolfSSL_SetDhAgreeCtx(ssl, &test);
  44425. AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), test);
  44426. wolfSSL_free(ssl);
  44427. wolfSSL_CTX_free(ctx);
  44428. /* test a connection where callback is used */
  44429. #ifdef WOLFSSL_TIRTOS
  44430. fdOpenSession(Task_self());
  44431. #endif
  44432. XMEMSET(&server_args, 0, sizeof(func_args));
  44433. XMEMSET(&client_args, 0, sizeof(func_args));
  44434. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  44435. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  44436. StartTCP();
  44437. InitTcpReady(&ready);
  44438. #if defined(USE_WINDOWS_API)
  44439. /* use RNG to get random port if using windows */
  44440. ready.port = GetRandomPort();
  44441. #endif
  44442. server_args.signal = &ready;
  44443. client_args.signal = &ready;
  44444. server_args.return_code = TEST_FAIL;
  44445. client_args.return_code = TEST_FAIL;
  44446. /* set callbacks to use DH functions */
  44447. func_cb_client.ctx_ready = &test_dh_ctx_setup;
  44448. func_cb_client.ssl_ready = &test_dh_ssl_setup;
  44449. #ifndef WOLFSSL_NO_TLS12
  44450. func_cb_client.method = wolfTLSv1_2_client_method;
  44451. #else
  44452. func_cb_client.method = wolfTLSv1_3_client_method;
  44453. #endif
  44454. client_args.callbacks = &func_cb_client;
  44455. func_cb_server.ctx_ready = &test_dh_ctx_setup;
  44456. func_cb_server.ssl_ready = &test_dh_ssl_setup;
  44457. #ifndef WOLFSSL_NO_TLS12
  44458. func_cb_server.method = wolfTLSv1_2_server_method;
  44459. #else
  44460. func_cb_server.method = wolfTLSv1_3_server_method;
  44461. #endif
  44462. server_args.callbacks = &func_cb_server;
  44463. start_thread(test_server_nofail, &server_args, &serverThread);
  44464. wait_tcp_ready(&server_args);
  44465. test_client_nofail(&client_args, NULL);
  44466. join_thread(serverThread);
  44467. AssertTrue(client_args.return_code);
  44468. AssertTrue(server_args.return_code);
  44469. FreeTcpReady(&ready);
  44470. #ifdef WOLFSSL_TIRTOS
  44471. fdOpenSession(Task_self());
  44472. #endif
  44473. /* now set user ctx to not be 1 so that the callback returns fail case */
  44474. #ifdef WOLFSSL_TIRTOS
  44475. fdOpenSession(Task_self());
  44476. #endif
  44477. XMEMSET(&server_args, 0, sizeof(func_args));
  44478. XMEMSET(&client_args, 0, sizeof(func_args));
  44479. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  44480. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  44481. StartTCP();
  44482. InitTcpReady(&ready);
  44483. #if defined(USE_WINDOWS_API)
  44484. /* use RNG to get random port if using windows */
  44485. ready.port = GetRandomPort();
  44486. #endif
  44487. server_args.signal = &ready;
  44488. client_args.signal = &ready;
  44489. server_args.return_code = TEST_FAIL;
  44490. client_args.return_code = TEST_FAIL;
  44491. /* set callbacks to use DH functions */
  44492. func_cb_client.ctx_ready = &test_dh_ctx_setup;
  44493. func_cb_client.ssl_ready = &test_dh_ssl_setup_fail;
  44494. #ifndef WOLFSSL_NO_TLS12
  44495. func_cb_client.method = wolfTLSv1_2_client_method;
  44496. #else
  44497. func_cb_client.method = wolfTLSv1_3_client_method;
  44498. #endif
  44499. client_args.callbacks = &func_cb_client;
  44500. func_cb_server.ctx_ready = &test_dh_ctx_setup;
  44501. func_cb_server.ssl_ready = &test_dh_ssl_setup_fail;
  44502. #ifndef WOLFSSL_NO_TLS12
  44503. func_cb_server.method = wolfTLSv1_2_server_method;
  44504. #else
  44505. func_cb_server.method = wolfTLSv1_3_server_method;
  44506. #endif
  44507. server_args.callbacks = &func_cb_server;
  44508. start_thread(test_server_nofail, &server_args, &serverThread);
  44509. wait_tcp_ready(&server_args);
  44510. test_client_nofail(&client_args, NULL);
  44511. join_thread(serverThread);
  44512. AssertIntEQ(client_args.return_code, TEST_FAIL);
  44513. AssertIntEQ(server_args.return_code, TEST_FAIL);
  44514. FreeTcpReady(&ready);
  44515. #ifdef WOLFSSL_TIRTOS
  44516. fdOpenSession(Task_self());
  44517. #endif
  44518. res = TEST_RES_CHECK(1);
  44519. #endif
  44520. return res;
  44521. }
  44522. #endif /* HAVE_PK_CALLBACKS */
  44523. #ifdef HAVE_HASHDRBG
  44524. #ifdef TEST_RESEED_INTERVAL
  44525. static int test_wc_RNG_GenerateBlock_Reseed(void)
  44526. {
  44527. int i, ret;
  44528. WC_RNG rng;
  44529. byte key[32];
  44530. ret = wc_InitRng(&rng);
  44531. if (ret == 0) {
  44532. for (i = 0; i < WC_RESEED_INTERVAL + 10; i++) {
  44533. ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
  44534. if (ret != 0) {
  44535. break;
  44536. }
  44537. }
  44538. }
  44539. wc_FreeRng(&rng);
  44540. return TEST_RES_CHECK(ret == 0);
  44541. }
  44542. #endif /* TEST_RESEED_INTERVAL */
  44543. static int test_wc_RNG_GenerateBlock(void)
  44544. {
  44545. int i, ret;
  44546. WC_RNG rng;
  44547. byte key[32];
  44548. ret = wc_InitRng(&rng);
  44549. if (ret == 0) {
  44550. for (i = 0; i < 10; i++) {
  44551. ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
  44552. if (ret != 0) {
  44553. break;
  44554. }
  44555. }
  44556. }
  44557. wc_FreeRng(&rng);
  44558. (void)rng; /* for WC_NO_RNG case */
  44559. (void)key;
  44560. return TEST_RES_CHECK(ret == 0);
  44561. }
  44562. #endif
  44563. /*
  44564. * Testing get_rand_digit
  44565. */
  44566. static int test_get_rand_digit(void)
  44567. {
  44568. int res = TEST_SKIPPED;
  44569. #if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)
  44570. int ret = 0;
  44571. WC_RNG rng;
  44572. mp_digit d;
  44573. ret = wc_InitRng(&rng);
  44574. if (ret == 0) {
  44575. ret = get_rand_digit(&rng, &d);
  44576. }
  44577. if (ret == 0) {
  44578. ret = get_rand_digit(NULL, NULL);
  44579. if (ret == BAD_FUNC_ARG) {
  44580. ret = 0;
  44581. }
  44582. }
  44583. if (ret == 0) {
  44584. ret = get_rand_digit(NULL, &d);
  44585. if (ret == BAD_FUNC_ARG) {
  44586. ret = 0;
  44587. }
  44588. }
  44589. if (ret == 0) {
  44590. ret = get_rand_digit(&rng, NULL);
  44591. if (ret == BAD_FUNC_ARG) {
  44592. ret = 0;
  44593. }
  44594. }
  44595. if (ret == 0) {
  44596. ret = wc_FreeRng(&rng);
  44597. }
  44598. res = TEST_RES_CHECK(ret == 0);
  44599. #endif
  44600. return res;
  44601. }/* End test_get_rand_digit*/
  44602. /*
  44603. * Testing get_digit_count
  44604. */
  44605. static int test_get_digit_count(void)
  44606. {
  44607. int res = TEST_SKIPPED;
  44608. #if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP)
  44609. int ret = 0;
  44610. mp_int a;
  44611. if (mp_init(&a) != MP_OKAY) {
  44612. ret = -1;
  44613. }
  44614. if (ret == 0) {
  44615. ret = get_digit_count(NULL);
  44616. }
  44617. if (ret == 0) {
  44618. ret = get_digit_count(&a);
  44619. }
  44620. mp_clear(&a);
  44621. res = TEST_RES_CHECK(ret == 0);
  44622. #endif
  44623. return res;
  44624. }/* End test_get_digit_count*/
  44625. /*
  44626. * Testing mp_cond_copy
  44627. */
  44628. static int test_mp_cond_copy(void)
  44629. {
  44630. int res = TEST_SKIPPED;
  44631. #if (defined(HAVE_ECC) || defined(WOLFSSL_MP_COND_COPY)) && \
  44632. defined(WOLFSSL_PUBLIC_MP)
  44633. int ret = 0;
  44634. mp_int a;
  44635. mp_int b;
  44636. int copy = 0;
  44637. if (mp_init(&a) != MP_OKAY) {
  44638. ret = -1;
  44639. }
  44640. if (ret == 0) {
  44641. if (mp_init(&b) != MP_OKAY) {
  44642. ret = -1;
  44643. }
  44644. }
  44645. if (ret == 0) {
  44646. ret = mp_cond_copy(NULL, copy, NULL);
  44647. if (ret == BAD_FUNC_ARG) {
  44648. ret = 0;
  44649. }
  44650. }
  44651. if (ret == 0) {
  44652. ret = mp_cond_copy(NULL, copy, &b);
  44653. if (ret == BAD_FUNC_ARG) {
  44654. ret = 0;
  44655. }
  44656. }
  44657. if (ret == 0) {
  44658. ret = mp_cond_copy(&a, copy, NULL);
  44659. if (ret == BAD_FUNC_ARG) {
  44660. ret = 0;
  44661. }
  44662. }
  44663. if (ret == 0) {
  44664. ret = mp_cond_copy(&a, copy, &b);
  44665. }
  44666. mp_clear(&a);
  44667. mp_clear(&b);
  44668. res = TEST_RES_CHECK(ret == 0);
  44669. #endif
  44670. return res;
  44671. }/* End test_mp_cond_copy*/
  44672. /*
  44673. * Testing mp_rand
  44674. */
  44675. static int test_mp_rand(void)
  44676. {
  44677. int res = TEST_SKIPPED;
  44678. #if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP)
  44679. int ret = 0;
  44680. mp_int a;
  44681. int digits = 1;
  44682. WC_RNG rng;
  44683. if (mp_init(&a) != MP_OKAY) {
  44684. ret = -1;
  44685. }
  44686. if (ret == 0) {
  44687. ret = wc_InitRng(&rng);
  44688. }
  44689. if (ret == 0) {
  44690. ret = mp_rand(&a, digits, NULL);
  44691. if (ret == MISSING_RNG_E) {
  44692. ret = 0;
  44693. }
  44694. }
  44695. if (ret == 0) {
  44696. ret = mp_rand(NULL, digits, &rng);
  44697. if (ret == BAD_FUNC_ARG) {
  44698. ret = 0;
  44699. }
  44700. }
  44701. if (ret == 0) {
  44702. ret = mp_rand(&a, 0, &rng);
  44703. if (ret == BAD_FUNC_ARG) {
  44704. ret = 0;
  44705. }
  44706. }
  44707. if (ret == 0) {
  44708. ret = mp_rand(&a, digits, &rng);
  44709. }
  44710. mp_clear(&a);
  44711. wc_FreeRng(&rng);
  44712. res = TEST_RES_CHECK(ret == 0);
  44713. #endif
  44714. return res;
  44715. }/* End test_mp_rand*/
  44716. /*
  44717. * Testing get_digit
  44718. */
  44719. static int test_get_digit(void)
  44720. {
  44721. int res = TEST_SKIPPED;
  44722. #if defined(WOLFSSL_PUBLIC_MP)
  44723. int ret = 0;
  44724. mp_int a;
  44725. int n = 0;
  44726. if (mp_init(&a) != MP_OKAY) {
  44727. ret = -1;
  44728. }
  44729. if (ret == 0) {
  44730. if (get_digit(NULL, n) != 0) { /* Should not hit this */
  44731. ret = -1;
  44732. }
  44733. }
  44734. if (ret == 0) {
  44735. if (get_digit(NULL, n) == 0) { /* Should hit this */
  44736. ret = 0;
  44737. }
  44738. }
  44739. if (ret == 0) {
  44740. if (get_digit(&a, n) != 0) { /* Should not hit this */
  44741. ret = -1;
  44742. }
  44743. }
  44744. if (ret == 0) {
  44745. if (get_digit(&a, n) == 0) { /* Should hit this */
  44746. ret = 0;
  44747. }
  44748. }
  44749. mp_clear(&a);
  44750. res = TEST_RES_CHECK(ret == 0);
  44751. #endif
  44752. return res;
  44753. }/* End test_get_digit*/
  44754. /*
  44755. * Testing wc_export_int
  44756. */
  44757. static int test_wc_export_int(void)
  44758. {
  44759. int res = TEST_SKIPPED;
  44760. #if (defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT)) && \
  44761. defined(WOLFSSL_PUBLIC_MP)
  44762. int ret = 0;
  44763. mp_int mp;
  44764. byte buf[32];
  44765. word32 keySz = (word32)sizeof(buf);
  44766. word32 len = (word32)sizeof(buf);
  44767. if (mp_init(&mp) != MP_OKAY) {
  44768. ret = -1;
  44769. }
  44770. if (ret == 0) {
  44771. ret = mp_set(&mp, 1234);
  44772. }
  44773. if (ret == 0) {
  44774. ret = wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
  44775. if (ret == BAD_FUNC_ARG) {
  44776. ret = 0;
  44777. }
  44778. }
  44779. if (ret == 0) {
  44780. len = sizeof(buf)-1;
  44781. ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
  44782. if (ret == BUFFER_E) {
  44783. ret = 0;
  44784. }
  44785. }
  44786. if (ret == 0) {
  44787. len = sizeof(buf);
  44788. ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
  44789. }
  44790. if (ret == 0) {
  44791. len = 4; /* test input too small */
  44792. ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR);
  44793. if (ret == BUFFER_E) {
  44794. ret = 0;
  44795. }
  44796. }
  44797. if (ret == 0) {
  44798. len = sizeof(buf);
  44799. ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR);
  44800. /* hex version of 1234 is 04D2 and should be 4 digits + 1 null */
  44801. if (ret == 0 && len != 5) {
  44802. ret = BAD_FUNC_ARG;
  44803. }
  44804. }
  44805. mp_clear(&mp);
  44806. res = TEST_RES_CHECK(ret == 0);
  44807. #endif
  44808. return res;
  44809. }/* End test_wc_export_int*/
  44810. static int test_wc_InitRngNonce(void)
  44811. {
  44812. int res = TEST_SKIPPED;
  44813. #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
  44814. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
  44815. int ret;
  44816. WC_RNG rng;
  44817. byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
  44818. "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
  44819. word32 nonceSz = sizeof(nonce);
  44820. ret = wc_InitRngNonce(&rng, nonce, nonceSz);
  44821. wc_FreeRng(&rng);
  44822. res = TEST_RES_CHECK(ret == 0);
  44823. #endif
  44824. return res;
  44825. }/* End test_wc_InitRngNonce*/
  44826. /*
  44827. * Testing wc_InitRngNonce_ex
  44828. */
  44829. static int test_wc_InitRngNonce_ex(void)
  44830. {
  44831. int res = TEST_SKIPPED;
  44832. #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
  44833. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
  44834. int ret;
  44835. WC_RNG rng;
  44836. byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
  44837. "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
  44838. word32 nonceSz = sizeof(nonce);
  44839. ret = wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, testDevId);
  44840. wc_FreeRng(&rng);
  44841. res = TEST_RES_CHECK(ret == 0);
  44842. #endif
  44843. return res;
  44844. }/*End test_wc_InitRngNonce_ex*/
  44845. static int test_wolfSSL_X509_CRL(void)
  44846. {
  44847. int res = TEST_SKIPPED;
  44848. #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
  44849. X509_CRL *crl;
  44850. char pem[][100] = {
  44851. "./certs/crl/crl.pem",
  44852. "./certs/crl/crl2.pem",
  44853. "./certs/crl/caEccCrl.pem",
  44854. "./certs/crl/eccCliCRL.pem",
  44855. "./certs/crl/eccSrvCRL.pem",
  44856. ""
  44857. };
  44858. #ifndef NO_BIO
  44859. BIO *bio;
  44860. #endif
  44861. #ifdef HAVE_TEST_d2i_X509_CRL_fp
  44862. char der[][100] = {
  44863. "./certs/crl/crl.der",
  44864. "./certs/crl/crl2.der",
  44865. ""};
  44866. #endif
  44867. XFILE fp;
  44868. int i;
  44869. for (i = 0; pem[i][0] != '\0'; i++)
  44870. {
  44871. fp = XFOPEN(pem[i], "rb");
  44872. AssertTrue((fp != XBADFILE));
  44873. AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
  44874. AssertNotNull(crl);
  44875. X509_CRL_free(crl);
  44876. XFCLOSE(fp);
  44877. fp = XFOPEN(pem[i], "rb");
  44878. AssertTrue((fp != XBADFILE));
  44879. AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL));
  44880. AssertNotNull(crl);
  44881. X509_CRL_free(crl);
  44882. XFCLOSE(fp);
  44883. }
  44884. #ifndef NO_BIO
  44885. for (i = 0; pem[i][0] != '\0'; i++)
  44886. {
  44887. AssertNotNull(bio = BIO_new_file(pem[i], "rb"));
  44888. AssertNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL));
  44889. X509_CRL_free(crl);
  44890. BIO_free(bio);
  44891. }
  44892. #endif
  44893. #ifdef HAVE_TEST_d2i_X509_CRL_fp
  44894. for (i = 0; der[i][0] != '\0'; i++) {
  44895. fp = XFOPEN(der[i], "rb");
  44896. AssertTrue((fp != XBADFILE));
  44897. AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL));
  44898. AssertNotNull(crl);
  44899. X509_CRL_free(crl);
  44900. XFCLOSE(fp);
  44901. fp = XFOPEN(der[i], "rb");
  44902. AssertTrue((fp != XBADFILE));
  44903. AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl));
  44904. AssertNotNull(crl);
  44905. X509_CRL_free(crl);
  44906. XFCLOSE(fp);
  44907. }
  44908. #endif
  44909. res = TEST_RES_CHECK(1);
  44910. #endif
  44911. return res;
  44912. }
  44913. static int test_wolfSSL_X509_load_crl_file(void)
  44914. {
  44915. int res = TEST_SKIPPED;
  44916. #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
  44917. !defined(NO_RSA) && !defined(NO_BIO)
  44918. int i;
  44919. char pem[][100] = {
  44920. "./certs/crl/crl.pem",
  44921. "./certs/crl/crl2.pem",
  44922. "./certs/crl/caEccCrl.pem",
  44923. "./certs/crl/eccCliCRL.pem",
  44924. "./certs/crl/eccSrvCRL.pem",
  44925. ""
  44926. };
  44927. char der[][100] = {
  44928. "./certs/crl/crl.der",
  44929. "./certs/crl/crl2.der",
  44930. ""
  44931. };
  44932. WOLFSSL_X509_STORE* store;
  44933. WOLFSSL_X509_LOOKUP* lookup;
  44934. AssertNotNull(store = wolfSSL_X509_STORE_new());
  44935. AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
  44936. AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
  44937. X509_FILETYPE_PEM), 1);
  44938. AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
  44939. X509_FILETYPE_PEM), 1);
  44940. if (store) {
  44941. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
  44942. WOLFSSL_FILETYPE_PEM), 1);
  44943. /* since store hasn't yet known the revoked cert*/
  44944. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
  44945. WOLFSSL_FILETYPE_PEM), 1);
  44946. }
  44947. for (i = 0; pem[i][0] != '\0'; i++)
  44948. {
  44949. AssertIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1);
  44950. }
  44951. if (store) {
  44952. /* since store knows crl list */
  44953. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
  44954. WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
  44955. }
  44956. /* once feeing store */
  44957. X509_STORE_free(store);
  44958. store = NULL;
  44959. AssertNotNull(store = wolfSSL_X509_STORE_new());
  44960. AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
  44961. AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
  44962. X509_FILETYPE_PEM), 1);
  44963. AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
  44964. X509_FILETYPE_PEM), 1);
  44965. if (store) {
  44966. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
  44967. WOLFSSL_FILETYPE_PEM), 1);
  44968. /* since store hasn't yet known the revoked cert*/
  44969. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
  44970. WOLFSSL_FILETYPE_PEM), 1);
  44971. }
  44972. for (i = 0; der[i][0] != '\0'; i++)
  44973. {
  44974. AssertIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1);
  44975. }
  44976. if (store) {
  44977. /* since store knows crl list */
  44978. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
  44979. WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
  44980. }
  44981. /* test for incorrect parameter */
  44982. AssertIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0);
  44983. AssertIntEQ(X509_load_crl_file(lookup, NULL, 0), 0);
  44984. AssertIntEQ(X509_load_crl_file(NULL, NULL, 0), 0);
  44985. X509_STORE_free(store);
  44986. store = NULL;
  44987. res = TEST_RES_CHECK(1);
  44988. #endif
  44989. return res;
  44990. }
  44991. static int test_wolfSSL_d2i_X509_REQ(void)
  44992. {
  44993. int res = TEST_SKIPPED;
  44994. #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_BIO) && \
  44995. (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \
  44996. !defined(WOLFSSL_SP_MATH)
  44997. /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were
  44998. * generated by libest
  44999. * ./certs/csr.attr.der contains sample attributes
  45000. * ./certs/csr.ext.der contains sample extensions */
  45001. const char* csrFile = "./certs/csr.signed.der";
  45002. const char* csrPopFile = "./certs/csr.attr.der";
  45003. const char* csrExtFile = "./certs/csr.ext.der";
  45004. /* ./certs/csr.dsa.pem is generated using
  45005. * openssl req -newkey dsa:certs/dsaparams.pem \
  45006. * -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \
  45007. * -outform PEM
  45008. * with the passphrase "wolfSSL"
  45009. */
  45010. #if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
  45011. const char* csrDsaFile = "./certs/csr.dsa.pem";
  45012. XFILE f;
  45013. #endif
  45014. BIO* bio = NULL;
  45015. X509* req = NULL;
  45016. EVP_PKEY *pub_key = NULL;
  45017. {
  45018. AssertNotNull(bio = BIO_new_file(csrFile, "rb"));
  45019. AssertNotNull(d2i_X509_REQ_bio(bio, &req));
  45020. /*
  45021. * Extract the public key from the CSR
  45022. */
  45023. AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
  45024. /*
  45025. * Verify the signature in the CSR
  45026. */
  45027. AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
  45028. X509_free(req);
  45029. BIO_free(bio);
  45030. EVP_PKEY_free(pub_key);
  45031. }
  45032. {
  45033. #ifdef OPENSSL_ALL
  45034. X509_ATTRIBUTE* attr;
  45035. ASN1_TYPE *at;
  45036. #endif
  45037. AssertNotNull(bio = BIO_new_file(csrPopFile, "rb"));
  45038. AssertNotNull(d2i_X509_REQ_bio(bio, &req));
  45039. /*
  45040. * Extract the public key from the CSR
  45041. */
  45042. AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
  45043. /*
  45044. * Verify the signature in the CSR
  45045. */
  45046. AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
  45047. #ifdef OPENSSL_ALL
  45048. /*
  45049. * Obtain the challenge password from the CSR
  45050. */
  45051. AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
  45052. 1);
  45053. AssertNotNull(attr = X509_REQ_get_attr(req, 1));
  45054. AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
  45055. AssertNotNull(at->value.asn1_string);
  45056. AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
  45057. AssertIntEQ(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), -1);
  45058. #endif
  45059. X509_free(req);
  45060. BIO_free(bio);
  45061. EVP_PKEY_free(pub_key);
  45062. }
  45063. {
  45064. #ifdef OPENSSL_ALL
  45065. X509_ATTRIBUTE* attr;
  45066. ASN1_TYPE *at;
  45067. STACK_OF(X509_EXTENSION) *exts = NULL;
  45068. #endif
  45069. AssertNotNull(bio = BIO_new_file(csrExtFile, "rb"));
  45070. /* This CSR contains an Extension Request attribute so
  45071. * we test extension parsing in a CSR attribute here. */
  45072. AssertNotNull(d2i_X509_REQ_bio(bio, &req));
  45073. /*
  45074. * Extract the public key from the CSR
  45075. */
  45076. AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
  45077. /*
  45078. * Verify the signature in the CSR
  45079. */
  45080. AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
  45081. #ifdef OPENSSL_ALL
  45082. AssertNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(req));
  45083. AssertIntEQ(sk_X509_EXTENSION_num(exts), 2);
  45084. sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
  45085. /*
  45086. * Obtain the challenge password from the CSR
  45087. */
  45088. AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
  45089. 0);
  45090. AssertNotNull(attr = X509_REQ_get_attr(req, 0));
  45091. AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
  45092. AssertNotNull(at->value.asn1_string);
  45093. AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
  45094. AssertIntGE(X509_get_ext_by_NID(req, NID_key_usage, -1), 0);
  45095. AssertIntGE(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), 0);
  45096. #endif
  45097. X509_free(req);
  45098. BIO_free(bio);
  45099. EVP_PKEY_free(pub_key);
  45100. }
  45101. #if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
  45102. {
  45103. AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb"));
  45104. AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL));
  45105. /*
  45106. * Extract the public key from the CSR
  45107. */
  45108. AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
  45109. /*
  45110. * Verify the signature in the CSR
  45111. */
  45112. AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
  45113. X509_free(req);
  45114. BIO_free(bio);
  45115. /* Run the same test, but with a file pointer instead of a BIO.
  45116. * (PEM_read_X509_REQ)*/
  45117. AssertTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE);
  45118. AssertNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL));
  45119. AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
  45120. X509_free(req);
  45121. EVP_PKEY_free(pub_key);
  45122. }
  45123. res = TEST_RES_CHECK(1);
  45124. #endif /* !NO_DSA && !HAVE_SELFTEST */
  45125. #endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */
  45126. return res;
  45127. }
  45128. static int test_wolfSSL_PEM_read_X509(void)
  45129. {
  45130. int res = TEST_SKIPPED;
  45131. #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
  45132. !defined(NO_RSA)
  45133. X509 *x509 = NULL;
  45134. XFILE fp;
  45135. fp = XFOPEN(svrCertFile, "rb");
  45136. AssertTrue((fp != XBADFILE));
  45137. AssertNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL));
  45138. X509_free(x509);
  45139. XFCLOSE(fp);
  45140. res = TEST_RES_CHECK(1);
  45141. #endif
  45142. return res;
  45143. }
  45144. static int test_wolfSSL_PEM_read(void)
  45145. {
  45146. int res = TEST_SKIPPED;
  45147. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO)
  45148. const char* filename = "./certs/server-keyEnc.pem";
  45149. XFILE fp;
  45150. char* name = NULL;
  45151. char* header = NULL;
  45152. byte* data = NULL;
  45153. long len;
  45154. EVP_CIPHER_INFO cipher;
  45155. WOLFSSL_BIO* bio;
  45156. byte* fileData;
  45157. size_t fileDataSz;
  45158. byte* out;
  45159. fp = XFOPEN(filename, "rb");
  45160. AssertTrue((fp != XBADFILE));
  45161. /* Fail cases. */
  45162. AssertIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE);
  45163. AssertIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE);
  45164. AssertIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE);
  45165. AssertIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE);
  45166. AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
  45167. AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
  45168. AssertIntGT(XSTRLEN(header), 0);
  45169. AssertIntGT(len, 0);
  45170. AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
  45171. AssertIntGT((fileDataSz = XFTELL(fp)), 0);
  45172. AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
  45173. AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
  45174. DYNAMIC_TYPE_TMP_BUFFER));
  45175. AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
  45176. XFCLOSE(fp);
  45177. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  45178. /* Fail cases. */
  45179. AssertIntEQ(PEM_write_bio(NULL, name, header, data, len), 0);
  45180. AssertIntEQ(PEM_write_bio(bio, NULL, header, data, len), 0);
  45181. AssertIntEQ(PEM_write_bio(bio, name, NULL, data, len), 0);
  45182. AssertIntEQ(PEM_write_bio(bio, name, header, NULL, len), 0);
  45183. AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
  45184. AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
  45185. AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
  45186. /* Fail cases. */
  45187. AssertIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE);
  45188. AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE);
  45189. AssertIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE);
  45190. #ifndef NO_DES3
  45191. AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS);
  45192. #endif
  45193. /* Fail cases. */
  45194. AssertIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack,
  45195. (void*)"yassl123"), WOLFSSL_FAILURE);
  45196. AssertIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack,
  45197. (void*)"yassl123"), WOLFSSL_FAILURE);
  45198. AssertIntEQ(PEM_do_header(&cipher, data, &len, NULL,
  45199. (void*)"yassl123"), WOLFSSL_FAILURE);
  45200. #if !defined(NO_DES3) && !defined(NO_MD5)
  45201. AssertIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
  45202. (void*)"yassl123"), WOLFSSL_SUCCESS);
  45203. #endif
  45204. BIO_free(bio);
  45205. XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  45206. XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  45207. XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  45208. XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  45209. name = NULL;
  45210. header = NULL;
  45211. data = NULL;
  45212. fp = XFOPEN(svrKeyFile, "rb");
  45213. AssertTrue((fp != XBADFILE));
  45214. AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
  45215. AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
  45216. AssertIntEQ(XSTRLEN(header), 0);
  45217. AssertIntGT(len, 0);
  45218. AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
  45219. AssertIntGT((fileDataSz = XFTELL(fp)), 0);
  45220. AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
  45221. AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
  45222. DYNAMIC_TYPE_TMP_BUFFER));
  45223. AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
  45224. XFCLOSE(fp);
  45225. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  45226. AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
  45227. AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
  45228. AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
  45229. BIO_free(bio);
  45230. XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  45231. XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  45232. XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  45233. XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  45234. res = TEST_RES_CHECK(1);
  45235. #endif
  45236. return res;
  45237. }
  45238. static int test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
  45239. {
  45240. int res = TEST_SKIPPED;
  45241. #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
  45242. !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  45243. const byte iv[12] = { 0 };
  45244. const byte key[16] = { 0 };
  45245. const byte cleartext[16] = { 0 };
  45246. const byte aad[] = {
  45247. 0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00,
  45248. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
  45249. 0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93,
  45250. 0x4f
  45251. };
  45252. byte out1Part[16];
  45253. byte outTag1Part[16];
  45254. byte out2Part[16];
  45255. byte outTag2Part[16];
  45256. byte decryptBuf[16];
  45257. int len;
  45258. int tlen;
  45259. EVP_CIPHER_CTX* ctx = NULL;
  45260. /* ENCRYPT */
  45261. /* Send AAD and data in 1 part */
  45262. AssertNotNull(ctx = EVP_CIPHER_CTX_new());
  45263. tlen = 0;
  45264. AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
  45265. 1);
  45266. AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
  45267. AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
  45268. AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext,
  45269. sizeof(cleartext)), 1);
  45270. tlen += len;
  45271. AssertIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1);
  45272. tlen += len;
  45273. AssertIntEQ(tlen, sizeof(cleartext));
  45274. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
  45275. outTag1Part), 1);
  45276. EVP_CIPHER_CTX_free(ctx);
  45277. /* DECRYPT */
  45278. /* Send AAD and data in 1 part */
  45279. AssertNotNull(ctx = EVP_CIPHER_CTX_new());
  45280. tlen = 0;
  45281. AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
  45282. 1);
  45283. AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
  45284. AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
  45285. AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part,
  45286. sizeof(cleartext)), 1);
  45287. tlen += len;
  45288. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
  45289. outTag1Part), 1);
  45290. AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1);
  45291. tlen += len;
  45292. AssertIntEQ(tlen, sizeof(cleartext));
  45293. EVP_CIPHER_CTX_free(ctx);
  45294. AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
  45295. /* ENCRYPT */
  45296. /* Send AAD and data in 2 parts */
  45297. AssertNotNull(ctx = EVP_CIPHER_CTX_new());
  45298. tlen = 0;
  45299. AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
  45300. 1);
  45301. AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
  45302. AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1);
  45303. AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
  45304. 1);
  45305. AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1);
  45306. tlen += len;
  45307. AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1,
  45308. sizeof(cleartext) - 1), 1);
  45309. tlen += len;
  45310. AssertIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1);
  45311. tlen += len;
  45312. AssertIntEQ(tlen, sizeof(cleartext));
  45313. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
  45314. outTag2Part), 1);
  45315. AssertIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0);
  45316. AssertIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0);
  45317. EVP_CIPHER_CTX_free(ctx);
  45318. /* DECRYPT */
  45319. /* Send AAD and data in 2 parts */
  45320. AssertNotNull(ctx = EVP_CIPHER_CTX_new());
  45321. tlen = 0;
  45322. AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
  45323. 1);
  45324. AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
  45325. AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1);
  45326. AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
  45327. 1);
  45328. AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1);
  45329. tlen += len;
  45330. AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1,
  45331. sizeof(cleartext) - 1), 1);
  45332. tlen += len;
  45333. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
  45334. outTag1Part), 1);
  45335. AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1);
  45336. tlen += len;
  45337. AssertIntEQ(tlen, sizeof(cleartext));
  45338. AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
  45339. /* Test AAD re-use */
  45340. EVP_CIPHER_CTX_free(ctx);
  45341. res = TEST_RES_CHECK(1);
  45342. #endif
  45343. return res;
  45344. }
  45345. static int test_wolfssl_EVP_aes_gcm_zeroLen(void)
  45346. {
  45347. int res = TEST_SKIPPED;
  45348. #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
  45349. !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  45350. /* Zero length plain text */
  45351. byte key[] = {
  45352. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  45353. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  45354. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  45355. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  45356. }; /* align */
  45357. byte iv[] = {
  45358. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  45359. }; /* align */
  45360. byte plaintxt[1];
  45361. int ivSz = 12;
  45362. int plaintxtSz = 0;
  45363. unsigned char tag[16];
  45364. unsigned char tag_kat[] =
  45365. {0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9,
  45366. 0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b};
  45367. byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
  45368. byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
  45369. int ciphertxtSz = 0;
  45370. int decryptedtxtSz = 0;
  45371. int len = 0;
  45372. EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new();
  45373. EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();
  45374. AssertIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv));
  45375. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
  45376. AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt,
  45377. plaintxtSz));
  45378. AssertIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len));
  45379. ciphertxtSz += len;
  45380. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag));
  45381. AssertIntEQ(1, EVP_CIPHER_CTX_cleanup(en));
  45382. AssertIntEQ(0, ciphertxtSz);
  45383. AssertIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag)));
  45384. EVP_CIPHER_CTX_init(de);
  45385. AssertIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv));
  45386. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
  45387. AssertIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len));
  45388. decryptedtxtSz = len;
  45389. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag));
  45390. AssertIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len));
  45391. decryptedtxtSz += len;
  45392. AssertIntEQ(0, decryptedtxtSz);
  45393. EVP_CIPHER_CTX_free(en);
  45394. EVP_CIPHER_CTX_free(de);
  45395. res = TEST_RES_CHECK(1);
  45396. #endif
  45397. return res;
  45398. }
  45399. static int test_wolfssl_EVP_aes_gcm(void)
  45400. {
  45401. int res = TEST_SKIPPED;
  45402. #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
  45403. !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  45404. /* A 256 bit key, AES_128 will use the first 128 bit*/
  45405. byte *key = (byte*)"01234567890123456789012345678901";
  45406. /* A 128 bit IV */
  45407. byte *iv = (byte*)"0123456789012345";
  45408. int ivSz = AES_BLOCK_SIZE;
  45409. /* Message to be encrypted */
  45410. byte *plaintxt = (byte*)"for things to change you have to change";
  45411. /* Additional non-confidential data */
  45412. byte *aad = (byte*)"Don't spend major time on minor things.";
  45413. unsigned char tag[AES_BLOCK_SIZE] = {0};
  45414. int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
  45415. int aadSz = (int)XSTRLEN((char*)aad);
  45416. byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
  45417. byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
  45418. int ciphertxtSz = 0;
  45419. int decryptedtxtSz = 0;
  45420. int len = 0;
  45421. int i = 0;
  45422. EVP_CIPHER_CTX en[2];
  45423. EVP_CIPHER_CTX de[2];
  45424. for (i = 0; i < 2; i++) {
  45425. EVP_CIPHER_CTX_init(&en[i]);
  45426. if (i == 0) {
  45427. /* Default uses 96-bits IV length */
  45428. #ifdef WOLFSSL_AES_128
  45429. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, key, iv));
  45430. #elif defined(WOLFSSL_AES_192)
  45431. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, key, iv));
  45432. #elif defined(WOLFSSL_AES_256)
  45433. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, key, iv));
  45434. #endif
  45435. }
  45436. else {
  45437. #ifdef WOLFSSL_AES_128
  45438. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
  45439. #elif defined(WOLFSSL_AES_192)
  45440. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
  45441. #elif defined(WOLFSSL_AES_256)
  45442. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
  45443. #endif
  45444. /* non-default must to set the IV length first */
  45445. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
  45446. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
  45447. }
  45448. AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
  45449. AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz));
  45450. ciphertxtSz = len;
  45451. AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
  45452. ciphertxtSz += len;
  45453. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag));
  45454. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
  45455. EVP_CIPHER_CTX_init(&de[i]);
  45456. if (i == 0) {
  45457. /* Default uses 96-bits IV length */
  45458. #ifdef WOLFSSL_AES_128
  45459. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv));
  45460. #elif defined(WOLFSSL_AES_192)
  45461. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv));
  45462. #elif defined(WOLFSSL_AES_256)
  45463. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv));
  45464. #endif
  45465. }
  45466. else {
  45467. #ifdef WOLFSSL_AES_128
  45468. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
  45469. #elif defined(WOLFSSL_AES_192)
  45470. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
  45471. #elif defined(WOLFSSL_AES_256)
  45472. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
  45473. #endif
  45474. /* non-default must to set the IV length first */
  45475. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
  45476. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
  45477. }
  45478. AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
  45479. AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
  45480. decryptedtxtSz = len;
  45481. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
  45482. AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
  45483. decryptedtxtSz += len;
  45484. AssertIntEQ(ciphertxtSz, decryptedtxtSz);
  45485. AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
  45486. /* modify tag*/
  45487. tag[AES_BLOCK_SIZE-1]+=0xBB;
  45488. AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
  45489. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
  45490. /* fail due to wrong tag */
  45491. AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
  45492. AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
  45493. AssertIntEQ(0, len);
  45494. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
  45495. }
  45496. res = TEST_RES_CHECK(1);
  45497. #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
  45498. return res;
  45499. }
  45500. static int test_wolfssl_EVP_aes_ccm_zeroLen(void)
  45501. {
  45502. int res = TEST_SKIPPED;
  45503. #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \
  45504. !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  45505. /* Zero length plain text */
  45506. byte key[] = {
  45507. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  45508. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  45509. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  45510. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  45511. }; /* align */
  45512. byte iv[] = {
  45513. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  45514. }; /* align */
  45515. byte plaintxt[1];
  45516. int ivSz = 12;
  45517. int plaintxtSz = 0;
  45518. unsigned char tag[16];
  45519. byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
  45520. byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
  45521. int ciphertxtSz = 0;
  45522. int decryptedtxtSz = 0;
  45523. int len = 0;
  45524. EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new();
  45525. EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();
  45526. AssertIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_ccm(), NULL, key, iv));
  45527. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL));
  45528. AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt,
  45529. plaintxtSz));
  45530. AssertIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len));
  45531. ciphertxtSz += len;
  45532. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag));
  45533. AssertIntEQ(1, EVP_CIPHER_CTX_cleanup(en));
  45534. AssertIntEQ(0, ciphertxtSz);
  45535. EVP_CIPHER_CTX_init(de);
  45536. AssertIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_ccm(), NULL, key, iv));
  45537. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL));
  45538. AssertIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len));
  45539. decryptedtxtSz = len;
  45540. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag));
  45541. AssertIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len));
  45542. decryptedtxtSz += len;
  45543. AssertIntEQ(0, decryptedtxtSz);
  45544. EVP_CIPHER_CTX_free(en);
  45545. EVP_CIPHER_CTX_free(de);
  45546. res = TEST_RES_CHECK(1);
  45547. #endif
  45548. return res;
  45549. }
  45550. static int test_wolfssl_EVP_aes_ccm(void)
  45551. {
  45552. int res = TEST_SKIPPED;
  45553. #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \
  45554. !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  45555. /* A 256 bit key, AES_128 will use the first 128 bit*/
  45556. byte *key = (byte*)"01234567890123456789012345678901";
  45557. /* A 128 bit IV */
  45558. byte *iv = (byte*)"0123456789012";
  45559. int ivSz = (int)XSTRLEN((char*)iv);
  45560. /* Message to be encrypted */
  45561. byte *plaintxt = (byte*)"for things to change you have to change";
  45562. /* Additional non-confidential data */
  45563. byte *aad = (byte*)"Don't spend major time on minor things.";
  45564. unsigned char tag[AES_BLOCK_SIZE] = {0};
  45565. int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
  45566. int aadSz = (int)XSTRLEN((char*)aad);
  45567. byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
  45568. byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
  45569. int ciphertxtSz = 0;
  45570. int decryptedtxtSz = 0;
  45571. int len = 0;
  45572. int i = 0;
  45573. EVP_CIPHER_CTX en[2];
  45574. EVP_CIPHER_CTX de[2];
  45575. for (i = 0; i < 2; i++) {
  45576. EVP_CIPHER_CTX_init(&en[i]);
  45577. if (i == 0) {
  45578. /* Default uses 96-bits IV length */
  45579. #ifdef WOLFSSL_AES_128
  45580. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i],
  45581. EVP_aes_128_ccm(), NULL, key, iv));
  45582. #elif defined(WOLFSSL_AES_192)
  45583. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i],
  45584. EVP_aes_192_ccm(), NULL, key, iv));
  45585. #elif defined(WOLFSSL_AES_256)
  45586. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i],
  45587. EVP_aes_256_ccm(), NULL, key, iv));
  45588. #endif
  45589. }
  45590. else {
  45591. #ifdef WOLFSSL_AES_128
  45592. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i],
  45593. EVP_aes_128_ccm(), NULL, NULL, NULL));
  45594. #elif defined(WOLFSSL_AES_192)
  45595. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i],
  45596. EVP_aes_192_ccm(), NULL, NULL, NULL));
  45597. #elif defined(WOLFSSL_AES_256)
  45598. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i],
  45599. EVP_aes_256_ccm(), NULL, NULL, NULL));
  45600. #endif
  45601. /* non-default must to set the IV length first */
  45602. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i],
  45603. EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL));
  45604. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i],
  45605. NULL, NULL, key, iv));
  45606. }
  45607. AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
  45608. AssertIntEQ(1, EVP_EncryptUpdate(&en[i],
  45609. ciphertxt, &len, plaintxt, plaintxtSz));
  45610. ciphertxtSz = len;
  45611. AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
  45612. ciphertxtSz += len;
  45613. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i],
  45614. EVP_CTRL_CCM_GET_TAG, AES_BLOCK_SIZE, tag));
  45615. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
  45616. EVP_CIPHER_CTX_init(&de[i]);
  45617. if (i == 0) {
  45618. /* Default uses 96-bits IV length */
  45619. #ifdef WOLFSSL_AES_128
  45620. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i],
  45621. EVP_aes_128_ccm(), NULL, key, iv));
  45622. #elif defined(WOLFSSL_AES_192)
  45623. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i],
  45624. EVP_aes_192_ccm(), NULL, key, iv));
  45625. #elif defined(WOLFSSL_AES_256)
  45626. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i],
  45627. EVP_aes_256_ccm(), NULL, key, iv));
  45628. #endif
  45629. }
  45630. else {
  45631. #ifdef WOLFSSL_AES_128
  45632. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i],
  45633. EVP_aes_128_ccm(), NULL, NULL, NULL));
  45634. #elif defined(WOLFSSL_AES_192)
  45635. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i],
  45636. EVP_aes_192_ccm(), NULL, NULL, NULL));
  45637. #elif defined(WOLFSSL_AES_256)
  45638. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i],
  45639. EVP_aes_256_ccm(), NULL, NULL, NULL));
  45640. #endif
  45641. /* non-default must to set the IV length first */
  45642. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i],
  45643. EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL));
  45644. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
  45645. }
  45646. AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
  45647. AssertIntEQ(1, EVP_DecryptUpdate(&de[i],
  45648. decryptedtxt, &len, ciphertxt, ciphertxtSz));
  45649. decryptedtxtSz = len;
  45650. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i],
  45651. EVP_CTRL_CCM_SET_TAG, AES_BLOCK_SIZE, tag));
  45652. AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i],
  45653. decryptedtxt, &len));
  45654. decryptedtxtSz += len;
  45655. AssertIntEQ(ciphertxtSz, decryptedtxtSz);
  45656. AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
  45657. /* modify tag*/
  45658. tag[AES_BLOCK_SIZE-1]+=0xBB;
  45659. AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
  45660. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i],
  45661. EVP_CTRL_CCM_SET_TAG, AES_BLOCK_SIZE, tag));
  45662. /* fail due to wrong tag */
  45663. AssertIntEQ(1, EVP_DecryptUpdate(&de[i],
  45664. decryptedtxt, &len, ciphertxt, ciphertxtSz));
  45665. AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
  45666. AssertIntEQ(0, len);
  45667. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
  45668. }
  45669. res = TEST_RES_CHECK(1);
  45670. #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESCCM */
  45671. return res;
  45672. }
  45673. static int test_wolfssl_EVP_chacha20_poly1305(void)
  45674. {
  45675. int res = TEST_SKIPPED;
  45676. #if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  45677. byte key[CHACHA20_POLY1305_AEAD_KEYSIZE];
  45678. byte iv [CHACHA20_POLY1305_AEAD_IV_SIZE];
  45679. byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF};
  45680. byte aad[] = {0xAA, 0XBB, 0xCC, 0xDD, 0xEE, 0xFF};
  45681. byte cipherText[sizeof(plainText)];
  45682. byte decryptedText[sizeof(plainText)];
  45683. byte tag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
  45684. EVP_CIPHER_CTX* ctx;
  45685. int outSz;
  45686. /* Encrypt. */
  45687. AssertNotNull((ctx = EVP_CIPHER_CTX_new()));
  45688. AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL,
  45689. NULL), WOLFSSL_SUCCESS);
  45690. /* Invalid IV length. */
  45691. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
  45692. CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WOLFSSL_FAILURE);
  45693. /* Valid IV length. */
  45694. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
  45695. CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS);
  45696. /* Invalid tag length. */
  45697. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  45698. CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WOLFSSL_FAILURE);
  45699. /* Valid tag length. */
  45700. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  45701. CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, NULL), WOLFSSL_SUCCESS);
  45702. AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
  45703. AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)),
  45704. WOLFSSL_SUCCESS);
  45705. AssertIntEQ(outSz, sizeof(aad));
  45706. AssertIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
  45707. sizeof(plainText)), WOLFSSL_SUCCESS);
  45708. AssertIntEQ(outSz, sizeof(plainText));
  45709. AssertIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS);
  45710. AssertIntEQ(outSz, 0);
  45711. /* Invalid tag length. */
  45712. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
  45713. CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WOLFSSL_FAILURE);
  45714. /* Valid tag length. */
  45715. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
  45716. CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS);
  45717. EVP_CIPHER_CTX_free(ctx);
  45718. /* Decrypt. */
  45719. AssertNotNull((ctx = EVP_CIPHER_CTX_new()));
  45720. AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL,
  45721. NULL), WOLFSSL_SUCCESS);
  45722. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
  45723. CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS);
  45724. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  45725. CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS);
  45726. AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
  45727. AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)),
  45728. WOLFSSL_SUCCESS);
  45729. AssertIntEQ(outSz, sizeof(aad));
  45730. AssertIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
  45731. sizeof(cipherText)), WOLFSSL_SUCCESS);
  45732. AssertIntEQ(outSz, sizeof(cipherText));
  45733. AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz),
  45734. WOLFSSL_SUCCESS);
  45735. AssertIntEQ(outSz, 0);
  45736. EVP_CIPHER_CTX_free(ctx);
  45737. /* Test partial Inits. CipherInit() allow setting of key and iv
  45738. * in separate calls. */
  45739. AssertNotNull((ctx = EVP_CIPHER_CTX_new()));
  45740. AssertIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20_poly1305(),
  45741. key, NULL, 1), WOLFSSL_SUCCESS);
  45742. AssertIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1),
  45743. WOLFSSL_SUCCESS);
  45744. AssertIntEQ(wolfSSL_EVP_CipherUpdate(ctx, NULL, &outSz,
  45745. aad, sizeof(aad)), WOLFSSL_SUCCESS);
  45746. AssertIntEQ(outSz, sizeof(aad));
  45747. AssertIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
  45748. sizeof(cipherText)), WOLFSSL_SUCCESS);
  45749. AssertIntEQ(outSz, sizeof(cipherText));
  45750. AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz),
  45751. WOLFSSL_SUCCESS);
  45752. AssertIntEQ(outSz, 0);
  45753. EVP_CIPHER_CTX_free(ctx);
  45754. res = TEST_RES_CHECK(1);
  45755. #endif
  45756. return res;
  45757. }
  45758. static int test_wolfssl_EVP_chacha20(void)
  45759. {
  45760. int res = TEST_SKIPPED;
  45761. #if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA)
  45762. byte key[CHACHA_MAX_KEY_SZ];
  45763. byte iv [WOLFSSL_EVP_CHACHA_IV_BYTES];
  45764. byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF};
  45765. byte cipherText[sizeof(plainText)];
  45766. byte decryptedText[sizeof(plainText)];
  45767. EVP_CIPHER_CTX* ctx;
  45768. int outSz;
  45769. /* Encrypt. */
  45770. AssertNotNull((ctx = EVP_CIPHER_CTX_new()));
  45771. AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20(), NULL, NULL,
  45772. NULL), WOLFSSL_SUCCESS);
  45773. /* Any tag length must fail - not an AEAD cipher. */
  45774. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  45775. 16, NULL), WOLFSSL_FAILURE);
  45776. AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
  45777. AssertIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
  45778. sizeof(plainText)), WOLFSSL_SUCCESS);
  45779. AssertIntEQ(outSz, sizeof(plainText));
  45780. AssertIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS);
  45781. AssertIntEQ(outSz, 0);
  45782. EVP_CIPHER_CTX_free(ctx);
  45783. /* Decrypt. */
  45784. AssertNotNull((ctx = EVP_CIPHER_CTX_new()));
  45785. AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20(), NULL, NULL,
  45786. NULL), WOLFSSL_SUCCESS);
  45787. AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
  45788. AssertIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
  45789. sizeof(cipherText)), WOLFSSL_SUCCESS);
  45790. AssertIntEQ(outSz, sizeof(cipherText));
  45791. AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz),
  45792. WOLFSSL_SUCCESS);
  45793. AssertIntEQ(outSz, 0);
  45794. EVP_CIPHER_CTX_free(ctx);
  45795. /* Test partial Inits. CipherInit() allow setting of key and iv
  45796. * in separate calls. */
  45797. AssertNotNull((ctx = EVP_CIPHER_CTX_new()));
  45798. AssertIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20(),
  45799. key, NULL, 1), WOLFSSL_SUCCESS);
  45800. AssertIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1),
  45801. WOLFSSL_SUCCESS);
  45802. AssertIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
  45803. sizeof(cipherText)), WOLFSSL_SUCCESS);
  45804. AssertIntEQ(outSz, sizeof(cipherText));
  45805. AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz),
  45806. WOLFSSL_SUCCESS);
  45807. AssertIntEQ(outSz, 0);
  45808. EVP_CIPHER_CTX_free(ctx);
  45809. res = TEST_RES_CHECK(1);
  45810. #endif
  45811. return res;
  45812. }
  45813. static int test_wolfSSL_EVP_PKEY_hkdf(void)
  45814. {
  45815. int res = TEST_SKIPPED;
  45816. #if defined(OPENSSL_EXTRA) && defined(HAVE_HKDF)
  45817. EVP_PKEY_CTX* ctx;
  45818. byte salt[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  45819. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
  45820. byte key[] = {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  45821. 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
  45822. byte info[] = {0X01, 0x02, 0x03, 0x04, 0x05};
  45823. byte info2[] = {0X06, 0x07, 0x08, 0x09, 0x0A};
  45824. byte outKey[34];
  45825. size_t outKeySz = sizeof(outKey);
  45826. /* These expected outputs were gathered by running the same test below using
  45827. * OpenSSL. */
  45828. const byte extractAndExpand[] = {
  45829. 0x8B, 0xEB, 0x90, 0xA9, 0x04, 0xFF, 0x05, 0x10, 0xE4, 0xB5, 0xB1, 0x10,
  45830. 0x31, 0x34, 0xFF, 0x07, 0x5B, 0xE3, 0xC6, 0x93, 0xD4, 0xF8, 0xC7, 0xEE,
  45831. 0x96, 0xDA, 0x78, 0x7A, 0xE2, 0x9A, 0x2D, 0x05, 0x4B, 0xF6
  45832. };
  45833. const byte extractOnly[] = {
  45834. 0xE7, 0x6B, 0x9E, 0x0F, 0xE4, 0x02, 0x1D, 0x62, 0xEA, 0x97, 0x74, 0x5E,
  45835. 0xF4, 0x3C, 0x65, 0x4D, 0xC1, 0x46, 0x98, 0xAA, 0x79, 0x9A, 0xCB, 0x9C,
  45836. 0xCC, 0x3E, 0x7F, 0x2A, 0x2B, 0x41, 0xA1, 0x9E
  45837. };
  45838. const byte expandOnly[] = {
  45839. 0xFF, 0x29, 0x29, 0x56, 0x9E, 0xA7, 0x66, 0x02, 0xDB, 0x4F, 0xDB, 0x53,
  45840. 0x7D, 0x21, 0x67, 0x52, 0xC3, 0x0E, 0xF3, 0xFC, 0x71, 0xCE, 0x67, 0x2B,
  45841. 0xEA, 0x3B, 0xE9, 0xFC, 0xDD, 0xC8, 0xCC, 0xB7, 0x42, 0x74
  45842. };
  45843. const byte extractAndExpandAddInfo[] = {
  45844. 0x5A, 0x74, 0x79, 0x83, 0xA3, 0xA4, 0x2E, 0xB7, 0xD4, 0x08, 0xC2, 0x6A,
  45845. 0x2F, 0xA5, 0xE3, 0x4E, 0xF1, 0xF4, 0x87, 0x3E, 0xA6, 0xC7, 0x88, 0x45,
  45846. 0xD7, 0xE2, 0x15, 0xBC, 0xB8, 0x10, 0xEF, 0x6C, 0x4D, 0x7A
  45847. };
  45848. AssertNotNull((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)));
  45849. AssertIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
  45850. /* NULL ctx. */
  45851. AssertIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WOLFSSL_FAILURE);
  45852. /* NULL md. */
  45853. AssertIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WOLFSSL_FAILURE);
  45854. AssertIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()), WOLFSSL_SUCCESS);
  45855. /* NULL ctx. */
  45856. AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(NULL, salt, sizeof(salt)),
  45857. WOLFSSL_FAILURE);
  45858. /* NULL salt is ok. */
  45859. AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, sizeof(salt)),
  45860. WOLFSSL_SUCCESS);
  45861. /* Salt length <= 0. */
  45862. /* Length 0 salt is ok. */
  45863. AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, 0), WOLFSSL_SUCCESS);
  45864. AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WOLFSSL_FAILURE);
  45865. AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)),
  45866. WOLFSSL_SUCCESS);
  45867. /* NULL ctx. */
  45868. AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(NULL, key, sizeof(key)),
  45869. WOLFSSL_FAILURE);
  45870. /* NULL key. */
  45871. AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, NULL, sizeof(key)),
  45872. WOLFSSL_FAILURE);
  45873. /* Key length <= 0 */
  45874. AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WOLFSSL_FAILURE);
  45875. AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WOLFSSL_FAILURE);
  45876. AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, sizeof(key)),
  45877. WOLFSSL_SUCCESS);
  45878. /* NULL ctx. */
  45879. AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(NULL, info, sizeof(info)),
  45880. WOLFSSL_FAILURE);
  45881. /* NULL info is ok. */
  45882. AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, NULL, sizeof(info)),
  45883. WOLFSSL_SUCCESS);
  45884. /* Info length <= 0 */
  45885. /* Length 0 info is ok. */
  45886. AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, 0), WOLFSSL_SUCCESS);
  45887. AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WOLFSSL_FAILURE);
  45888. AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)),
  45889. WOLFSSL_SUCCESS);
  45890. /* NULL ctx. */
  45891. AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(NULL, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY),
  45892. WOLFSSL_FAILURE);
  45893. /* Extract and expand (default). */
  45894. AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
  45895. AssertIntEQ(outKeySz, sizeof(extractAndExpand));
  45896. AssertIntEQ(XMEMCMP(outKey, extractAndExpand, outKeySz), 0);
  45897. /* Extract only. */
  45898. AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY),
  45899. WOLFSSL_SUCCESS);
  45900. AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
  45901. AssertIntEQ(outKeySz, sizeof(extractOnly));
  45902. AssertIntEQ(XMEMCMP(outKey, extractOnly, outKeySz), 0);
  45903. outKeySz = sizeof(outKey);
  45904. /* Expand only. */
  45905. AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY),
  45906. WOLFSSL_SUCCESS);
  45907. AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
  45908. AssertIntEQ(outKeySz, sizeof(expandOnly));
  45909. AssertIntEQ(XMEMCMP(outKey, expandOnly, outKeySz), 0);
  45910. outKeySz = sizeof(outKey);
  45911. /* Extract and expand with appended additional info. */
  45912. AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info2, sizeof(info2)),
  45913. WOLFSSL_SUCCESS);
  45914. AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx,
  45915. EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND), WOLFSSL_SUCCESS);
  45916. AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
  45917. AssertIntEQ(outKeySz, sizeof(extractAndExpandAddInfo));
  45918. AssertIntEQ(XMEMCMP(outKey, extractAndExpandAddInfo, outKeySz), 0);
  45919. EVP_PKEY_CTX_free(ctx);
  45920. res = TEST_RES_CHECK(1);
  45921. #endif /* OPENSSL_EXTRA && HAVE_HKDF */
  45922. return res;
  45923. }
  45924. #ifndef NO_BIO
  45925. static int test_wolfSSL_PEM_X509_INFO_read_bio(void)
  45926. {
  45927. int res = TEST_SKIPPED;
  45928. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  45929. BIO* bio;
  45930. X509_INFO* info;
  45931. STACK_OF(X509_INFO)* sk;
  45932. char* subject;
  45933. char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
  45934. char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
  45935. AssertNotNull(bio = BIO_new(BIO_s_file()));
  45936. AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
  45937. AssertNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
  45938. AssertIntEQ(sk_X509_INFO_num(sk), 2);
  45939. /* using dereference to maintain testing for Apache port*/
  45940. AssertNotNull(info = sk_X509_INFO_pop(sk));
  45941. AssertNotNull(subject =
  45942. X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));
  45943. AssertIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1)));
  45944. XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
  45945. X509_INFO_free(info);
  45946. AssertNotNull(info = sk_X509_INFO_pop(sk));
  45947. AssertNotNull(subject =
  45948. X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));
  45949. AssertIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2)));
  45950. XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
  45951. X509_INFO_free(info);
  45952. AssertNull(info = sk_X509_INFO_pop(sk));
  45953. sk_X509_INFO_pop_free(sk, X509_INFO_free);
  45954. BIO_free(bio);
  45955. res = TEST_RES_CHECK(1);
  45956. #endif
  45957. return res;
  45958. }
  45959. #endif /* !NO_BIO */
  45960. static int test_wolfSSL_X509_NAME_ENTRY_get_object(void)
  45961. {
  45962. int res = TEST_SKIPPED;
  45963. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  45964. X509 *x509;
  45965. X509_NAME* name;
  45966. int idx = 0;
  45967. X509_NAME_ENTRY *ne;
  45968. ASN1_OBJECT *object = NULL;
  45969. x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
  45970. AssertNotNull(x509);
  45971. name = X509_get_subject_name(x509);
  45972. idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
  45973. AssertIntGE(idx, 0);
  45974. ne = X509_NAME_get_entry(name, idx);
  45975. AssertNotNull(ne);
  45976. AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
  45977. X509_free(x509);
  45978. res = TEST_RES_CHECK(1);
  45979. #endif
  45980. return res;
  45981. }
  45982. static int test_wolfSSL_ASN1_INTEGER_get_set(void)
  45983. {
  45984. int res = TEST_SKIPPED;
  45985. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
  45986. ASN1_INTEGER *a;
  45987. long val;
  45988. int ret;
  45989. a = ASN1_INTEGER_new();
  45990. val = 0;
  45991. ret = ASN1_INTEGER_set(NULL, val);
  45992. AssertIntEQ(ret, 0);
  45993. ASN1_INTEGER_free(a);
  45994. /* 0 */
  45995. a = ASN1_INTEGER_new();
  45996. val = 0;
  45997. ret = ASN1_INTEGER_set(a, val);
  45998. AssertIntEQ(ret, 1);
  45999. AssertIntEQ(ASN1_INTEGER_get(a), val);
  46000. ASN1_INTEGER_free(a);
  46001. /* 40 */
  46002. a = ASN1_INTEGER_new();
  46003. val = 40;
  46004. ret = ASN1_INTEGER_set(a, val);
  46005. AssertIntEQ(ret, 1);
  46006. AssertIntEQ(ASN1_INTEGER_get(a), val);
  46007. ASN1_INTEGER_free(a);
  46008. /* -40 */
  46009. a = ASN1_INTEGER_new();
  46010. val = -40;
  46011. ret = ASN1_INTEGER_set(a, val);
  46012. AssertIntEQ(ret, 1);
  46013. AssertIntEQ(ASN1_INTEGER_get(a), val);
  46014. ASN1_INTEGER_free(a);
  46015. /* 128 */
  46016. a = ASN1_INTEGER_new();
  46017. val = 128;
  46018. ret = ASN1_INTEGER_set(a, val);
  46019. AssertIntEQ(ret, 1);
  46020. AssertIntEQ(ASN1_INTEGER_get(a), val);
  46021. ASN1_INTEGER_free(a);
  46022. /* -128 */
  46023. a = ASN1_INTEGER_new();
  46024. val = -128;
  46025. ret = ASN1_INTEGER_set(a, val);
  46026. AssertIntEQ(ret, 1);
  46027. AssertIntEQ(ASN1_INTEGER_get(a), val);
  46028. ASN1_INTEGER_free(a);
  46029. /* 200 */
  46030. a = ASN1_INTEGER_new();
  46031. val = 200;
  46032. ret = ASN1_INTEGER_set(a, val);
  46033. AssertIntEQ(ret, 1);
  46034. AssertIntEQ(ASN1_INTEGER_get(a), val);
  46035. ASN1_INTEGER_free(a);
  46036. /* int max (2147483647) */
  46037. a = ASN1_INTEGER_new();
  46038. val = 2147483647;
  46039. ret = ASN1_INTEGER_set(a, val);
  46040. AssertIntEQ(ret, 1);
  46041. AssertIntEQ(ASN1_INTEGER_get(a), val);
  46042. ASN1_INTEGER_free(a);
  46043. /* int min (-2147483648) */
  46044. a = ASN1_INTEGER_new();
  46045. val = -2147483647 - 1;
  46046. ret = ASN1_INTEGER_set(a, val);
  46047. AssertIntEQ(ret, 1);
  46048. AssertIntEQ(ASN1_INTEGER_get(a), val);
  46049. ASN1_INTEGER_free(a);
  46050. res = TEST_RES_CHECK(1);
  46051. #endif
  46052. return res;
  46053. }
  46054. #if defined(OPENSSL_EXTRA)
  46055. typedef struct ASN1IntTestVector {
  46056. const byte* der;
  46057. const size_t derSz;
  46058. const long value;
  46059. } ASN1IntTestVector;
  46060. #endif
  46061. static int test_wolfSSL_d2i_ASN1_INTEGER(void)
  46062. {
  46063. int res = TEST_SKIPPED;
  46064. #if defined(OPENSSL_EXTRA)
  46065. size_t i;
  46066. WOLFSSL_ASN1_INTEGER* a = NULL;
  46067. WOLFSSL_ASN1_INTEGER* b = NULL;
  46068. WOLFSSL_ASN1_INTEGER* c = NULL;
  46069. const byte* p = NULL;
  46070. byte* reEncoded = NULL;
  46071. int reEncodedSz;
  46072. static const byte zeroDer[] = {
  46073. 0x02, 0x01, 0x00
  46074. };
  46075. static const byte oneDer[] = {
  46076. 0x02, 0x01, 0x01
  46077. };
  46078. static const byte negativeDer[] = {
  46079. 0x02, 0x03, 0xC1, 0x16, 0x0D
  46080. };
  46081. static const byte positiveDer[] = {
  46082. 0x02, 0x03, 0x01, 0x00, 0x01
  46083. };
  46084. static const byte primeDer[] = {
  46085. 0x02, 0x82, 0x01, 0x01, 0x00, 0xc0, 0x95, 0x08, 0xe1, 0x57, 0x41,
  46086. 0xf2, 0x71, 0x6d, 0xb7, 0xd2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xc6,
  46087. 0x45, 0xae, 0xf2, 0xbc, 0x24, 0x30, 0xb8, 0x95, 0xce, 0x2f, 0x4e,
  46088. 0xd6, 0xf6, 0x1c, 0x88, 0xbc, 0x7c, 0x9f, 0xfb, 0xa8, 0x67, 0x7f,
  46089. 0xfe, 0x5c, 0x9c, 0x51, 0x75, 0xf7, 0x8a, 0xca, 0x07, 0xe7, 0x35,
  46090. 0x2f, 0x8f, 0xe1, 0xbd, 0x7b, 0xc0, 0x2f, 0x7c, 0xab, 0x64, 0xa8,
  46091. 0x17, 0xfc, 0xca, 0x5d, 0x7b, 0xba, 0xe0, 0x21, 0xe5, 0x72, 0x2e,
  46092. 0x6f, 0x2e, 0x86, 0xd8, 0x95, 0x73, 0xda, 0xac, 0x1b, 0x53, 0xb9,
  46093. 0x5f, 0x3f, 0xd7, 0x19, 0x0d, 0x25, 0x4f, 0xe1, 0x63, 0x63, 0x51,
  46094. 0x8b, 0x0b, 0x64, 0x3f, 0xad, 0x43, 0xb8, 0xa5, 0x1c, 0x5c, 0x34,
  46095. 0xb3, 0xae, 0x00, 0xa0, 0x63, 0xc5, 0xf6, 0x7f, 0x0b, 0x59, 0x68,
  46096. 0x78, 0x73, 0xa6, 0x8c, 0x18, 0xa9, 0x02, 0x6d, 0xaf, 0xc3, 0x19,
  46097. 0x01, 0x2e, 0xb8, 0x10, 0xe3, 0xc6, 0xcc, 0x40, 0xb4, 0x69, 0xa3,
  46098. 0x46, 0x33, 0x69, 0x87, 0x6e, 0xc4, 0xbb, 0x17, 0xa6, 0xf3, 0xe8,
  46099. 0xdd, 0xad, 0x73, 0xbc, 0x7b, 0x2f, 0x21, 0xb5, 0xfd, 0x66, 0x51,
  46100. 0x0c, 0xbd, 0x54, 0xb3, 0xe1, 0x6d, 0x5f, 0x1c, 0xbc, 0x23, 0x73,
  46101. 0xd1, 0x09, 0x03, 0x89, 0x14, 0xd2, 0x10, 0xb9, 0x64, 0xc3, 0x2a,
  46102. 0xd0, 0xa1, 0x96, 0x4a, 0xbc, 0xe1, 0xd4, 0x1a, 0x5b, 0xc7, 0xa0,
  46103. 0xc0, 0xc1, 0x63, 0x78, 0x0f, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80,
  46104. 0x32, 0x23, 0x95, 0xa1, 0x77, 0xba, 0x13, 0xd2, 0x97, 0x73, 0xe2,
  46105. 0x5d, 0x25, 0xc9, 0x6a, 0x0d, 0xc3, 0x39, 0x60, 0xa4, 0xb4, 0xb0,
  46106. 0x69, 0x42, 0x42, 0x09, 0xe9, 0xd8, 0x08, 0xbc, 0x33, 0x20, 0xb3,
  46107. 0x58, 0x22, 0xa7, 0xaa, 0xeb, 0xc4, 0xe1, 0xe6, 0x61, 0x83, 0xc5,
  46108. 0xd2, 0x96, 0xdf, 0xd9, 0xd0, 0x4f, 0xad, 0xd7
  46109. };
  46110. static const byte garbageDer[] = {0xDE, 0xAD, 0xBE, 0xEF};
  46111. static const ASN1IntTestVector testVectors[] = {
  46112. {zeroDer, sizeof(zeroDer), 0},
  46113. {oneDer, sizeof(oneDer), 1},
  46114. {negativeDer, sizeof(negativeDer), -4123123},
  46115. {positiveDer, sizeof(positiveDer), 65537},
  46116. {primeDer, sizeof(primeDer), 0}
  46117. };
  46118. static const size_t NUM_TEST_VECTORS = sizeof(testVectors)/sizeof(testVectors[0]);
  46119. /* Check d2i error conditions */
  46120. /* NULL pointer to input. */
  46121. AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, NULL, 1)));
  46122. AssertNull(b);
  46123. /* NULL input. */
  46124. AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 1)));
  46125. AssertNull(b);
  46126. /* 0 length. */
  46127. p = testVectors[0].der;
  46128. AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 0)));
  46129. AssertNull(b);
  46130. /* Negative length. */
  46131. p = testVectors[0].der;
  46132. AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, -1)));
  46133. AssertNull(b);
  46134. /* Garbage DER input. */
  46135. p = garbageDer;
  46136. AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, sizeof(garbageDer))));
  46137. AssertNull(b);
  46138. {
  46139. /* Check i2d error conditions */
  46140. /* NULL input. */
  46141. byte* p2 = NULL;
  46142. AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(NULL, &p2), 0);
  46143. /* 0 length input data buffer (a->length == 0). */
  46144. AssertNotNull((a = wolfSSL_ASN1_INTEGER_new()));
  46145. AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0);
  46146. a->data = NULL;
  46147. /* NULL input data buffer. */
  46148. AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0);
  46149. /* Reset a->data. */
  46150. a->data = a->intData;
  46151. /* Set a to valid value. */
  46152. AssertIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS);
  46153. /* NULL output buffer. */
  46154. AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 0);
  46155. wolfSSL_ASN1_INTEGER_free(a);
  46156. }
  46157. for (i = 0; i < NUM_TEST_VECTORS; ++i) {
  46158. p = testVectors[i].der;
  46159. a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, testVectors[i].derSz);
  46160. AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
  46161. if (testVectors[i].derSz <= sizeof(long)) {
  46162. c = wolfSSL_ASN1_INTEGER_new();
  46163. wolfSSL_ASN1_INTEGER_set(c, testVectors[i].value);
  46164. AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, c), 0);
  46165. wolfSSL_ASN1_INTEGER_free(c);
  46166. }
  46167. /* Convert to DER without a pre-allocated output buffer. */
  46168. AssertIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0);
  46169. AssertIntEQ(reEncodedSz, testVectors[i].derSz);
  46170. AssertIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0);
  46171. /* Convert to DER with a pre-allocated output buffer. In this case, the
  46172. * output buffer pointer should be incremented just past the end of the
  46173. * encoded data. */
  46174. p = reEncoded;
  46175. AssertIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0);
  46176. AssertIntEQ(reEncodedSz, testVectors[i].derSz);
  46177. AssertPtrEq(p, reEncoded - reEncodedSz);
  46178. AssertIntEQ(XMEMCMP(p, testVectors[i].der, reEncodedSz), 0);
  46179. XFREE(reEncoded - reEncodedSz, NULL, DYNAMIC_TYPE_ASN1);
  46180. reEncoded = NULL;
  46181. wolfSSL_ASN1_INTEGER_free(a);
  46182. }
  46183. res = TEST_RES_CHECK(1);
  46184. #endif /* OPENSSL_EXTRA */
  46185. return res;
  46186. }
  46187. static int test_wolfSSL_X509_STORE_get1_certs(void)
  46188. {
  46189. int res = TEST_SKIPPED;
  46190. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \
  46191. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  46192. X509_STORE_CTX *storeCtx;
  46193. X509_STORE *store;
  46194. X509 *caX509;
  46195. X509 *svrX509;
  46196. X509_NAME *subject;
  46197. WOLF_STACK_OF(WOLFSSL_X509) *certs;
  46198. AssertNotNull(caX509 =
  46199. X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM));
  46200. AssertNotNull((svrX509 =
  46201. wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
  46202. AssertNotNull(storeCtx = X509_STORE_CTX_new());
  46203. AssertNotNull(store = X509_STORE_new());
  46204. AssertNotNull(subject = X509_get_subject_name(caX509));
  46205. /* Errors */
  46206. AssertNull(X509_STORE_get1_certs(storeCtx, subject));
  46207. AssertNull(X509_STORE_get1_certs(NULL, subject));
  46208. AssertNull(X509_STORE_get1_certs(storeCtx, NULL));
  46209. AssertIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS);
  46210. AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), SSL_SUCCESS);
  46211. /* Should find the cert */
  46212. AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
  46213. AssertIntEQ(1, wolfSSL_sk_X509_num(certs));
  46214. sk_X509_pop_free(certs, NULL);
  46215. /* Should not find the cert */
  46216. AssertNotNull(subject = X509_get_subject_name(svrX509));
  46217. AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
  46218. AssertIntEQ(0, wolfSSL_sk_X509_num(certs));
  46219. sk_X509_pop_free(certs, NULL);
  46220. X509_STORE_free(store);
  46221. X509_STORE_CTX_free(storeCtx);
  46222. X509_free(svrX509);
  46223. X509_free(caX509);
  46224. res = TEST_RES_CHECK(1);
  46225. #endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */
  46226. return res;
  46227. }
  46228. /* Testing code used in dpp.c in hostap */
  46229. #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  46230. typedef struct {
  46231. /* AlgorithmIdentifier ecPublicKey with optional parameters present
  46232. * as an OID identifying the curve */
  46233. X509_ALGOR *alg;
  46234. /* Compressed format public key per ANSI X9.63 */
  46235. ASN1_BIT_STRING *pub_key;
  46236. } DPP_BOOTSTRAPPING_KEY;
  46237. ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
  46238. ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR),
  46239. ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING)
  46240. } ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY)
  46241. IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY)
  46242. #endif
  46243. static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
  46244. {
  46245. int res = TEST_SKIPPED;
  46246. /* Testing code used in dpp.c in hostap */
  46247. #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  46248. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  46249. EC_KEY *eckey;
  46250. EVP_PKEY *key;
  46251. size_t len;
  46252. unsigned char *der = NULL;
  46253. DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
  46254. const unsigned char *in = ecc_clikey_der_256;
  46255. const EC_GROUP *group;
  46256. const EC_POINT *point;
  46257. int nid;
  46258. AssertNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
  46259. AssertNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
  46260. (long)sizeof_ecc_clikey_der_256));
  46261. AssertNotNull(eckey = EVP_PKEY_get1_EC_KEY(key));
  46262. AssertNotNull(group = EC_KEY_get0_group(eckey));
  46263. AssertNotNull(point = EC_KEY_get0_public_key(eckey));
  46264. nid = EC_GROUP_get_curve_name(group);
  46265. AssertIntEQ(X509_ALGOR_set0(bootstrap->alg, OBJ_nid2obj(EVP_PKEY_EC),
  46266. V_ASN1_OBJECT, OBJ_nid2obj(nid)), 1);
  46267. #ifdef HAVE_COMP_KEY
  46268. AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
  46269. NULL, 0, NULL)), 0);
  46270. #else
  46271. AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
  46272. NULL, 0, NULL)), 0);
  46273. #endif
  46274. AssertNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1));
  46275. #ifdef HAVE_COMP_KEY
  46276. AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
  46277. der, len, NULL), len);
  46278. #else
  46279. AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
  46280. der, len, NULL), len);
  46281. #endif
  46282. bootstrap->pub_key->data = der;
  46283. bootstrap->pub_key->length = (int)len;
  46284. /* Not actually used */
  46285. bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
  46286. bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
  46287. der = NULL;
  46288. AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
  46289. XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
  46290. EVP_PKEY_free(key);
  46291. EC_KEY_free(eckey);
  46292. DPP_BOOTSTRAPPING_KEY_free(bootstrap);
  46293. res = TEST_RES_CHECK(1);
  46294. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  46295. #endif /* WOLFSSL_WPAS && HAVE_ECC && USE_CERT_BUFFERS_256 */
  46296. return res;
  46297. }
  46298. static int test_wolfSSL_i2c_ASN1_INTEGER(void)
  46299. {
  46300. int res = TEST_SKIPPED;
  46301. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
  46302. ASN1_INTEGER *a;
  46303. unsigned char *pp,*tpp;
  46304. int ret;
  46305. a = wolfSSL_ASN1_INTEGER_new();
  46306. /* 40 */
  46307. a->intData[0] = ASN_INTEGER;
  46308. a->intData[1] = 1;
  46309. a->intData[2] = 40;
  46310. ret = i2c_ASN1_INTEGER(a, NULL);
  46311. AssertIntEQ(ret, 1);
  46312. AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
  46313. DYNAMIC_TYPE_TMP_BUFFER));
  46314. tpp = pp;
  46315. XMEMSET(pp, 0, ret + 1);
  46316. i2c_ASN1_INTEGER(a, &pp);
  46317. pp--;
  46318. AssertIntEQ(*pp, 40);
  46319. XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  46320. /* 128 */
  46321. a->intData[0] = ASN_INTEGER;
  46322. a->intData[1] = 1;
  46323. a->intData[2] = 128;
  46324. ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
  46325. AssertIntEQ(ret, 2);
  46326. AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
  46327. DYNAMIC_TYPE_TMP_BUFFER));
  46328. tpp = pp;
  46329. XMEMSET(pp, 0, ret + 1);
  46330. wolfSSL_i2c_ASN1_INTEGER(a, &pp);
  46331. pp--;
  46332. AssertIntEQ(*(pp--), 128);
  46333. AssertIntEQ(*pp, 0);
  46334. XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  46335. /* -40 */
  46336. a->intData[0] = ASN_INTEGER;
  46337. a->intData[1] = 1;
  46338. a->intData[2] = 40;
  46339. a->negative = 1;
  46340. ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
  46341. AssertIntEQ(ret, 1);
  46342. AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
  46343. DYNAMIC_TYPE_TMP_BUFFER));
  46344. tpp = pp;
  46345. XMEMSET(pp, 0, ret + 1);
  46346. wolfSSL_i2c_ASN1_INTEGER(a, &pp);
  46347. pp--;
  46348. AssertIntEQ(*pp, 216);
  46349. XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  46350. /* -128 */
  46351. a->intData[0] = ASN_INTEGER;
  46352. a->intData[1] = 1;
  46353. a->intData[2] = 128;
  46354. a->negative = 1;
  46355. ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
  46356. AssertIntEQ(ret, 1);
  46357. AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
  46358. DYNAMIC_TYPE_TMP_BUFFER));
  46359. tpp = pp;
  46360. XMEMSET(pp, 0, ret + 1);
  46361. wolfSSL_i2c_ASN1_INTEGER(a, &pp);
  46362. pp--;
  46363. AssertIntEQ(*pp, 128);
  46364. XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  46365. /* -200 */
  46366. a->intData[0] = ASN_INTEGER;
  46367. a->intData[1] = 1;
  46368. a->intData[2] = 200;
  46369. a->negative = 1;
  46370. ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
  46371. AssertIntEQ(ret, 2);
  46372. AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
  46373. DYNAMIC_TYPE_TMP_BUFFER));
  46374. tpp = pp;
  46375. XMEMSET(pp, 0, ret + 1);
  46376. wolfSSL_i2c_ASN1_INTEGER(a, &pp);
  46377. pp--;
  46378. AssertIntEQ(*(pp--), 56);
  46379. AssertIntEQ(*pp, 255);
  46380. XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  46381. wolfSSL_ASN1_INTEGER_free(a);
  46382. res = TEST_RES_CHECK(1);
  46383. #endif /* OPENSSL_EXTRA && !NO_ASN */
  46384. return res;
  46385. }
  46386. #ifndef NO_INLINE
  46387. #define WOLFSSL_MISC_INCLUDED
  46388. #include <wolfcrypt/src/misc.c>
  46389. #else
  46390. #include <wolfssl/wolfcrypt/misc.h>
  46391. #endif
  46392. static int test_ForceZero(void)
  46393. {
  46394. unsigned char data[32];
  46395. unsigned int i, j, len;
  46396. /* Test case with 0 length */
  46397. ForceZero(data, 0);
  46398. /* Test ForceZero */
  46399. for (i = 0; i < sizeof(data); i++) {
  46400. for (len = 1; len < sizeof(data) - i; len++) {
  46401. for (j = 0; j < sizeof(data); j++)
  46402. data[j] = j + 1;
  46403. ForceZero(data + i, len);
  46404. for (j = 0; j < sizeof(data); j++) {
  46405. if (j < i || j >= i + len) {
  46406. if (data[j] == 0x00)
  46407. return -10200;
  46408. }
  46409. else if (data[j] != 0x00)
  46410. return -10201;
  46411. }
  46412. }
  46413. }
  46414. return TEST_RES_CHECK(1);
  46415. }
  46416. #ifndef NO_BIO
  46417. static int test_wolfSSL_X509_print(void)
  46418. {
  46419. int res = TEST_SKIPPED;
  46420. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
  46421. !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
  46422. X509 *x509;
  46423. BIO *bio;
  46424. #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
  46425. const X509_ALGOR *cert_sig_alg;
  46426. #endif
  46427. x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
  46428. AssertNotNull(x509);
  46429. /* print to memory */
  46430. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  46431. AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
  46432. #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
  46433. #if defined(WC_DISABLE_RADIX_ZERO_PAD)
  46434. /* Will print IP address subject alt name. */
  46435. AssertIntEQ(BIO_get_mem_data(bio, NULL), 3349);
  46436. #else
  46437. /* Will print IP address subject alt name. */
  46438. AssertIntEQ(BIO_get_mem_data(bio, NULL), 3350);
  46439. #endif
  46440. #else
  46441. AssertIntEQ(BIO_get_mem_data(bio, NULL), 3328);
  46442. #endif
  46443. BIO_free(bio);
  46444. AssertNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
  46445. #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
  46446. /* Print signature */
  46447. AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509));
  46448. AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS);
  46449. #endif
  46450. /* print to stderr */
  46451. #if !defined(NO_WOLFSSL_DIR)
  46452. AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
  46453. #endif
  46454. /* print again */
  46455. AssertIntEQ(X509_print_fp(stderr, x509), SSL_SUCCESS);
  46456. X509_free(x509);
  46457. BIO_free(bio);
  46458. res = TEST_RES_CHECK(1);
  46459. #endif
  46460. return res;
  46461. }
  46462. static int test_wolfSSL_X509_CRL_print(void)
  46463. {
  46464. int res = TEST_SKIPPED;
  46465. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_CRL)\
  46466. && !defined(NO_FILESYSTEM) && defined(XSNPRINTF)
  46467. X509_CRL* crl;
  46468. BIO *bio;
  46469. XFILE fp;
  46470. fp = XFOPEN("./certs/crl/crl.pem", "rb");
  46471. AssertTrue((fp != XBADFILE));
  46472. AssertNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
  46473. NULL, NULL));
  46474. XFCLOSE(fp);
  46475. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  46476. AssertIntEQ(X509_CRL_print(bio, crl), SSL_SUCCESS);
  46477. X509_CRL_free(crl);
  46478. BIO_free(bio);
  46479. res = TEST_RES_CHECK(1);
  46480. #endif
  46481. return res;
  46482. }
  46483. static int test_wolfSSL_BIO_get_len(void)
  46484. {
  46485. int res = TEST_SKIPPED;
  46486. #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
  46487. BIO *bio = NULL;
  46488. const char txt[] = "Some example text to push to the BIO.";
  46489. AssertIntEQ(wolfSSL_BIO_get_len(bio), BAD_FUNC_ARG);
  46490. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  46491. AssertIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt));
  46492. AssertIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt));
  46493. BIO_free(bio);
  46494. AssertNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
  46495. AssertIntEQ(wolfSSL_BIO_get_len(bio), WOLFSSL_BAD_FILE);
  46496. BIO_free(bio);
  46497. res = TEST_RES_CHECK(1);
  46498. #endif
  46499. return res;
  46500. }
  46501. static int test_wolfSSL_ASN1_STRING_print(void)
  46502. {
  46503. int res = TEST_SKIPPED;
  46504. #if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS)
  46505. ASN1_STRING* asnStr = NULL;
  46506. const char HELLO_DATA[]= \
  46507. {'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'};
  46508. #define MAX_UNPRINTABLE_CHAR 32
  46509. #define MAX_BUF 255
  46510. unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)];
  46511. unsigned char expected[sizeof(unprintableData)+1];
  46512. unsigned char rbuf[MAX_BUF];
  46513. BIO *bio;
  46514. int p_len, i;
  46515. /* setup */
  46516. for (i = 0; i < (int)sizeof(HELLO_DATA); i++) {
  46517. unprintableData[i] = HELLO_DATA[i];
  46518. expected[i] = HELLO_DATA[i];
  46519. }
  46520. for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) {
  46521. unprintableData[sizeof(HELLO_DATA)+i] = i;
  46522. if (i == (int)'\n' || i == (int)'\r')
  46523. expected[sizeof(HELLO_DATA)+i] = i;
  46524. else
  46525. expected[sizeof(HELLO_DATA)+i] = '.';
  46526. }
  46527. unprintableData[sizeof(unprintableData)-1] = '\0';
  46528. expected[sizeof(expected)-1] = '\0';
  46529. XMEMSET(rbuf, 0, MAX_BUF);
  46530. bio = BIO_new(BIO_s_mem());
  46531. BIO_set_write_buf_size(bio, MAX_BUF);
  46532. asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
  46533. ASN1_STRING_set(asnStr,(const void*)unprintableData,
  46534. (int)sizeof(unprintableData));
  46535. /* test */
  46536. p_len = wolfSSL_ASN1_STRING_print(bio, asnStr);
  46537. AssertIntEQ(p_len, 46);
  46538. BIO_read(bio, (void*)rbuf, 46);
  46539. AssertStrEQ((char*)rbuf, (const char*)expected);
  46540. BIO_free(bio);
  46541. ASN1_STRING_free(asnStr);
  46542. res = TEST_RES_CHECK(1);
  46543. #endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS */
  46544. return res;
  46545. }
  46546. #endif /* !NO_BIO */
  46547. static int test_wolfSSL_ASN1_get_object(void)
  46548. {
  46549. int res = TEST_SKIPPED;
  46550. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  46551. const unsigned char* derBuf = cliecc_cert_der_256;
  46552. int len = sizeof_cliecc_cert_der_256;
  46553. long asnLen = 0;
  46554. int tag = 0, cls = 0;
  46555. ASN1_OBJECT *a;
  46556. /* Read a couple TLV triplets and make sure they match the expected values */
  46557. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
  46558. AssertIntEQ(asnLen, 862);
  46559. AssertIntEQ(tag, 0x10);
  46560. AssertIntEQ(cls, 0);
  46561. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
  46562. len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
  46563. AssertIntEQ(asnLen, 772);
  46564. AssertIntEQ(tag, 0x10);
  46565. AssertIntEQ(cls, 0);
  46566. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
  46567. len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
  46568. AssertIntEQ(asnLen, 3);
  46569. AssertIntEQ(tag, 0);
  46570. AssertIntEQ(cls, 0x80);
  46571. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
  46572. len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
  46573. AssertIntEQ(asnLen, 1);
  46574. AssertIntEQ(tag, 0x2);
  46575. AssertIntEQ(cls, 0);
  46576. derBuf += asnLen;
  46577. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
  46578. len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
  46579. AssertIntEQ(asnLen, 20);
  46580. AssertIntEQ(tag, 0x2);
  46581. AssertIntEQ(cls, 0);
  46582. derBuf += asnLen;
  46583. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
  46584. len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
  46585. AssertIntEQ(asnLen, 10);
  46586. AssertIntEQ(tag, 0x10);
  46587. AssertIntEQ(cls, 0);
  46588. /* Read an ASN OBJECT */
  46589. AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len));
  46590. ASN1_OBJECT_free(a);
  46591. res = TEST_RES_CHECK(1);
  46592. #endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */
  46593. return res;
  46594. }
  46595. static int test_wolfSSL_RSA(void)
  46596. {
  46597. int res = TEST_SKIPPED;
  46598. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
  46599. defined(WOLFSSL_KEY_GEN)
  46600. RSA* rsa;
  46601. const BIGNUM *n;
  46602. const BIGNUM *e;
  46603. const BIGNUM *d;
  46604. const BIGNUM *p;
  46605. const BIGNUM *q;
  46606. const BIGNUM *dmp1;
  46607. const BIGNUM *dmq1;
  46608. const BIGNUM *iqmp;
  46609. AssertNotNull(rsa = RSA_new());
  46610. AssertIntEQ(RSA_size(NULL), 0);
  46611. AssertIntEQ(RSA_size(rsa), 0);
  46612. AssertIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 0);
  46613. AssertIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 0);
  46614. AssertIntEQ(RSA_set0_factors(rsa, NULL, NULL), 0);
  46615. #ifdef WOLFSSL_RSA_KEY_CHECK
  46616. AssertIntEQ(RSA_check_key(rsa), 0);
  46617. #endif
  46618. RSA_free(rsa);
  46619. AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  46620. AssertIntEQ(RSA_size(rsa), 256);
  46621. #ifdef WOLFSSL_RSA_KEY_CHECK
  46622. AssertIntEQ(RSA_check_key(NULL), 0);
  46623. AssertIntEQ(RSA_check_key(rsa), 1);
  46624. #endif
  46625. /* sanity check */
  46626. AssertIntEQ(RSA_bits(NULL), 0);
  46627. /* key */
  46628. AssertIntEQ(RSA_bits(rsa), 2048);
  46629. RSA_get0_key(rsa, &n, &e, &d);
  46630. AssertPtrEq(rsa->n, n);
  46631. AssertPtrEq(rsa->e, e);
  46632. AssertPtrEq(rsa->d, d);
  46633. AssertNotNull(n = BN_new());
  46634. AssertNotNull(e = BN_new());
  46635. AssertNotNull(d = BN_new());
  46636. AssertIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1);
  46637. AssertPtrEq(rsa->n, n);
  46638. AssertPtrEq(rsa->e, e);
  46639. AssertPtrEq(rsa->d, d);
  46640. AssertIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 1);
  46641. AssertIntEQ(RSA_set0_key(NULL, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 0);
  46642. /* crt_params */
  46643. RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
  46644. AssertPtrEq(rsa->dmp1, dmp1);
  46645. AssertPtrEq(rsa->dmq1, dmq1);
  46646. AssertPtrEq(rsa->iqmp, iqmp);
  46647. AssertNotNull(dmp1 = BN_new());
  46648. AssertNotNull(dmq1 = BN_new());
  46649. AssertNotNull(iqmp = BN_new());
  46650. AssertIntEQ(RSA_set0_crt_params(rsa, (BIGNUM*)dmp1, (BIGNUM*)dmq1,
  46651. (BIGNUM*)iqmp), 1);
  46652. AssertPtrEq(rsa->dmp1, dmp1);
  46653. AssertPtrEq(rsa->dmq1, dmq1);
  46654. AssertPtrEq(rsa->iqmp, iqmp);
  46655. AssertIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 1);
  46656. AssertIntEQ(RSA_set0_crt_params(NULL, (BIGNUM*)dmp1, (BIGNUM*)dmq1,
  46657. (BIGNUM*)iqmp), 0);
  46658. RSA_get0_crt_params(NULL, NULL, NULL, NULL);
  46659. RSA_get0_crt_params(rsa, NULL, NULL, NULL);
  46660. RSA_get0_crt_params(NULL, &dmp1, &dmq1, &iqmp);
  46661. AssertNull(dmp1);
  46662. AssertNull(dmq1);
  46663. AssertNull(iqmp);
  46664. /* factors */
  46665. RSA_get0_factors(rsa, NULL, NULL);
  46666. RSA_get0_factors(rsa, &p, &q);
  46667. AssertPtrEq(rsa->p, p);
  46668. AssertPtrEq(rsa->q, q);
  46669. AssertNotNull(p = BN_new());
  46670. AssertNotNull(q = BN_new());
  46671. AssertIntEQ(RSA_set0_factors(rsa, (BIGNUM*)p, (BIGNUM*)q), 1);
  46672. AssertPtrEq(rsa->p, p);
  46673. AssertPtrEq(rsa->q, q);
  46674. AssertIntEQ(RSA_set0_factors(rsa, NULL, NULL), 1);
  46675. AssertIntEQ(RSA_set0_factors(NULL, (BIGNUM*)p, (BIGNUM*)q), 0);
  46676. RSA_get0_factors(NULL, NULL, NULL);
  46677. RSA_get0_factors(NULL, &p, &q);
  46678. AssertNull(p);
  46679. AssertNull(q);
  46680. AssertIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1);
  46681. AssertIntEQ(RSA_bits(rsa), 21);
  46682. RSA_free(rsa);
  46683. #if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
  46684. AssertNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
  46685. AssertIntEQ(RSA_size(rsa), 384);
  46686. AssertIntEQ(RSA_bits(rsa), 3072);
  46687. RSA_free(rsa);
  46688. #endif
  46689. /* remove for now with odd key size until adjusting rsa key size check with
  46690. wc_MakeRsaKey()
  46691. AssertNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL));
  46692. RSA_free(rsa);
  46693. */
  46694. AssertNull(RSA_generate_key(-1, 3, NULL, NULL));
  46695. AssertNull(RSA_generate_key(RSA_MIN_SIZE - 1, 3, NULL, NULL));
  46696. AssertNull(RSA_generate_key(RSA_MAX_SIZE + 1, 3, NULL, NULL));
  46697. AssertNull(RSA_generate_key(2048, 0, NULL, NULL));
  46698. #if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
  46699. {
  46700. byte buff[FOURK_BUF];
  46701. byte der[FOURK_BUF];
  46702. const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
  46703. XFILE f;
  46704. int bytes;
  46705. /* test loading encrypted RSA private pem w/o password */
  46706. f = XFOPEN(PrivKeyPemFile, "rb");
  46707. AssertTrue((f != XBADFILE));
  46708. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  46709. XFCLOSE(f);
  46710. XMEMSET(der, 0, sizeof(der));
  46711. /* test that error value is returned with no password */
  46712. AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""), 0);
  46713. }
  46714. #endif
  46715. res = TEST_RES_CHECK(1);
  46716. #endif
  46717. return res;
  46718. }
  46719. static int test_wolfSSL_RSA_DER(void)
  46720. {
  46721. int res = TEST_SKIPPED;
  46722. #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
  46723. !defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA)
  46724. RSA *rsa;
  46725. int i;
  46726. const unsigned char *buff = NULL;
  46727. unsigned char *newBuff = NULL;
  46728. struct tbl_s
  46729. {
  46730. const unsigned char *der;
  46731. int sz;
  46732. } tbl[] = {
  46733. #ifdef USE_CERT_BUFFERS_1024
  46734. {client_key_der_1024, sizeof_client_key_der_1024},
  46735. {server_key_der_1024, sizeof_server_key_der_1024},
  46736. #endif
  46737. #ifdef USE_CERT_BUFFERS_2048
  46738. {client_key_der_2048, sizeof_client_key_der_2048},
  46739. {server_key_der_2048, sizeof_server_key_der_2048},
  46740. #endif
  46741. {NULL, 0}
  46742. };
  46743. /* Public Key DER */
  46744. struct tbl_s pub[] = {
  46745. #ifdef USE_CERT_BUFFERS_1024
  46746. {client_keypub_der_1024, sizeof_client_keypub_der_1024},
  46747. #endif
  46748. #ifdef USE_CERT_BUFFERS_2048
  46749. {client_keypub_der_2048, sizeof_client_keypub_der_2048},
  46750. #endif
  46751. {NULL, 0}
  46752. };
  46753. AssertNull(d2i_RSAPublicKey(&rsa, NULL, pub[0].sz));
  46754. buff = pub[0].der;
  46755. AssertNull(d2i_RSAPublicKey(&rsa, &buff, 1));
  46756. AssertNull(d2i_RSAPrivateKey(&rsa, NULL, tbl[0].sz));
  46757. buff = tbl[0].der;
  46758. AssertNull(d2i_RSAPrivateKey(&rsa, &buff, 1));
  46759. AssertIntEQ(i2d_RSAPublicKey(NULL, NULL), BAD_FUNC_ARG);
  46760. rsa = RSA_new();
  46761. AssertIntEQ(i2d_RSAPublicKey(rsa, NULL), 0);
  46762. RSA_free(rsa);
  46763. for (i = 0; tbl[i].der != NULL; i++)
  46764. {
  46765. /* Passing in pointer results in pointer moving. */
  46766. buff = tbl[i].der;
  46767. AssertNotNull(d2i_RSAPublicKey(&rsa, &buff, tbl[i].sz));
  46768. AssertNotNull(rsa);
  46769. RSA_free(rsa);
  46770. }
  46771. for (i = 0; tbl[i].der != NULL; i++)
  46772. {
  46773. /* Passing in pointer results in pointer moving. */
  46774. buff = tbl[i].der;
  46775. AssertNotNull(d2i_RSAPrivateKey(&rsa, &buff, tbl[i].sz));
  46776. AssertNotNull(rsa);
  46777. RSA_free(rsa);
  46778. }
  46779. for (i = 0; pub[i].der != NULL; i++)
  46780. {
  46781. buff = pub[i].der;
  46782. AssertNotNull(d2i_RSAPublicKey(&rsa, &buff, pub[i].sz));
  46783. AssertNotNull(rsa);
  46784. AssertIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz);
  46785. newBuff = NULL;
  46786. AssertIntEQ(i2d_RSAPublicKey(rsa, &newBuff), pub[i].sz);
  46787. AssertNotNull(newBuff);
  46788. AssertIntEQ(XMEMCMP((void *)newBuff, (void *)pub[i].der, pub[i].sz), 0);
  46789. XFREE((void *)newBuff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  46790. RSA_free(rsa);
  46791. }
  46792. res = TEST_RES_CHECK(1);
  46793. #endif
  46794. return res;
  46795. }
  46796. static int test_wolfSSL_RSA_print(void)
  46797. {
  46798. int res = TEST_SKIPPED;
  46799. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
  46800. !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
  46801. !defined(HAVE_FAST_RSA) && !defined(NO_BIO) && defined(XFPRINTF)
  46802. BIO *bio;
  46803. WOLFSSL_RSA* rsa = NULL;
  46804. AssertNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
  46805. AssertNotNull(rsa = RSA_new());
  46806. AssertIntEQ(RSA_print(NULL, rsa, 0), -1);
  46807. AssertIntEQ(RSA_print_fp(XBADFILE, rsa, 0), 0);
  46808. AssertIntEQ(RSA_print(bio, NULL, 0), -1);
  46809. AssertIntEQ(RSA_print_fp(stderr, NULL, 0), 0);
  46810. /* Some very large number of indent spaces. */
  46811. AssertIntEQ(RSA_print(bio, rsa, 128), -1);
  46812. /* RSA is empty. */
  46813. AssertIntEQ(RSA_print(bio, rsa, 0), 0);
  46814. AssertIntEQ(RSA_print_fp(stderr, rsa, 0), 0);
  46815. RSA_free(rsa);
  46816. AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  46817. AssertIntEQ(RSA_print(bio, rsa, 0), 1);
  46818. AssertIntEQ(RSA_print(bio, rsa, 4), 1);
  46819. AssertIntEQ(RSA_print(bio, rsa, -1), 1);
  46820. AssertIntEQ(RSA_print_fp(stderr, rsa, 0), 1);
  46821. AssertIntEQ(RSA_print_fp(stderr, rsa, 4), 1);
  46822. AssertIntEQ(RSA_print_fp(stderr, rsa, -1), 1);
  46823. BIO_free(bio);
  46824. RSA_free(rsa);
  46825. res = TEST_RES_CHECK(1);
  46826. #endif
  46827. return res;
  46828. }
  46829. #ifndef NO_RSA
  46830. static int test_wolfSSL_RSA_padding_add_PKCS1_PSS(void)
  46831. {
  46832. int res = TEST_SKIPPED;
  46833. #if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
  46834. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  46835. RSA *rsa;
  46836. const unsigned char *derBuf = client_key_der_2048;
  46837. unsigned char em[256] = {0}; /* len = 2048/8 */
  46838. /* Random data simulating a hash */
  46839. const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = {
  46840. 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
  46841. 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
  46842. 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
  46843. };
  46844. AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
  46845. AssertIntEQ(RSA_padding_add_PKCS1_PSS(NULL, em, mHash, EVP_sha256(),
  46846. RSA_PSS_SALTLEN_DIGEST), 0);
  46847. AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, NULL, mHash, EVP_sha256(),
  46848. RSA_PSS_SALTLEN_DIGEST), 0);
  46849. AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, NULL, EVP_sha256(),
  46850. RSA_PSS_SALTLEN_DIGEST), 0);
  46851. AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, NULL,
  46852. RSA_PSS_SALTLEN_DIGEST), 0);
  46853. AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -5), 0);
  46854. AssertIntEQ(RSA_verify_PKCS1_PSS(NULL, mHash, EVP_sha256(), em,
  46855. RSA_PSS_SALTLEN_MAX_SIGN), 0);
  46856. AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, NULL, EVP_sha256(), em,
  46857. RSA_PSS_SALTLEN_MAX_SIGN), 0);
  46858. AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, NULL, em,
  46859. RSA_PSS_SALTLEN_MAX_SIGN), 0);
  46860. AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), NULL,
  46861. RSA_PSS_SALTLEN_MAX_SIGN), 0);
  46862. AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
  46863. RSA_PSS_SALTLEN_MAX_SIGN), 0);
  46864. AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -5), 0);
  46865. AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
  46866. RSA_PSS_SALTLEN_DIGEST), 1);
  46867. AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
  46868. RSA_PSS_SALTLEN_DIGEST), 1);
  46869. AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
  46870. RSA_PSS_SALTLEN_MAX_SIGN), 1);
  46871. AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
  46872. RSA_PSS_SALTLEN_MAX_SIGN), 1);
  46873. AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
  46874. RSA_PSS_SALTLEN_MAX), 1);
  46875. AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
  46876. RSA_PSS_SALTLEN_MAX), 1);
  46877. AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), 10), 1);
  46878. AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, 10), 1);
  46879. RSA_free(rsa);
  46880. res = TEST_RES_CHECK(1);
  46881. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  46882. #endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
  46883. return res;
  46884. }
  46885. #endif
  46886. static int test_wolfSSL_RSA_sign_sha3(void)
  46887. {
  46888. int res = TEST_SKIPPED;
  46889. #if !defined(NO_RSA) && defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
  46890. #if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
  46891. RSA *rsa;
  46892. const unsigned char *derBuf = client_key_der_2048;
  46893. unsigned char sigRet[256] = {0};
  46894. unsigned int sigLen = sizeof(sigRet);
  46895. /* Random data simulating a hash */
  46896. const unsigned char mHash[WC_SHA3_256_DIGEST_SIZE] = {
  46897. 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
  46898. 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
  46899. 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
  46900. };
  46901. AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
  46902. AssertIntEQ(RSA_sign(NID_sha3_256, mHash, sizeof(mHash), sigRet,
  46903. &sigLen, rsa), 1);
  46904. RSA_free(rsa);
  46905. res = TEST_RES_CHECK(1);
  46906. #endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
  46907. #endif /* !NO_RSA && WOLFSSL_SHA3 && !WOLFSSL_NOSHA3_256*/
  46908. return res;
  46909. }
  46910. static int test_wolfSSL_RSA_get0_key(void)
  46911. {
  46912. int res = TEST_SKIPPED;
  46913. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
  46914. RSA *rsa = NULL;
  46915. const BIGNUM* n = NULL;
  46916. const BIGNUM* e = NULL;
  46917. const BIGNUM* d = NULL;
  46918. const unsigned char* der;
  46919. int derSz;
  46920. #ifdef USE_CERT_BUFFERS_1024
  46921. der = client_key_der_1024;
  46922. derSz = sizeof_client_key_der_1024;
  46923. #elif defined(USE_CERT_BUFFERS_2048)
  46924. der = client_key_der_2048;
  46925. derSz = sizeof_client_key_der_2048;
  46926. #else
  46927. der = NULL;
  46928. derSz = 0;
  46929. #endif
  46930. if (der != NULL) {
  46931. RSA_get0_key(NULL, NULL, NULL, NULL);
  46932. RSA_get0_key(rsa, NULL, NULL, NULL);
  46933. RSA_get0_key(NULL, &n, &e, &d);
  46934. AssertNull(n);
  46935. AssertNull(e);
  46936. AssertNull(d);
  46937. AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz));
  46938. AssertNotNull(rsa);
  46939. RSA_get0_key(rsa, NULL, NULL, NULL);
  46940. RSA_get0_key(rsa, &n, NULL, NULL);
  46941. AssertNotNull(n);
  46942. RSA_get0_key(rsa, NULL, &e, NULL);
  46943. AssertNotNull(e);
  46944. RSA_get0_key(rsa, NULL, NULL, &d);
  46945. AssertNotNull(d);
  46946. RSA_get0_key(rsa, &n, &e, &d);
  46947. AssertNotNull(n);
  46948. AssertNotNull(e);
  46949. AssertNotNull(d);
  46950. RSA_free(rsa);
  46951. }
  46952. res = TEST_RES_CHECK(1);
  46953. #endif
  46954. return res;
  46955. }
  46956. static int test_wolfSSL_RSA_meth(void)
  46957. {
  46958. int res = TEST_SKIPPED;
  46959. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
  46960. RSA *rsa;
  46961. RSA_METHOD *rsa_meth;
  46962. #ifdef WOLFSSL_KEY_GEN
  46963. AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  46964. RSA_free(rsa);
  46965. #else
  46966. AssertNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  46967. #endif
  46968. AssertNotNull(RSA_get_default_method());
  46969. wolfSSL_RSA_meth_free(NULL);
  46970. AssertNull(wolfSSL_RSA_meth_new(NULL, 0));
  46971. AssertNotNull(rsa_meth =
  46972. RSA_meth_new("placeholder RSA method", RSA_METHOD_FLAG_NO_CHECK));
  46973. #ifndef NO_WOLFSSL_STUB
  46974. AssertIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1);
  46975. AssertIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1);
  46976. AssertIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1);
  46977. AssertIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1);
  46978. AssertIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1);
  46979. AssertIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1);
  46980. AssertIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1);
  46981. #endif
  46982. AssertIntEQ(RSA_flags(NULL), 0);
  46983. RSA_set_flags(NULL, RSA_FLAG_CACHE_PUBLIC);
  46984. RSA_clear_flags(NULL, RSA_FLAG_CACHE_PUBLIC);
  46985. AssertIntEQ(RSA_test_flags(NULL, RSA_FLAG_CACHE_PUBLIC), 0);
  46986. AssertNotNull(rsa = RSA_new());
  46987. /* No method set. */
  46988. AssertIntEQ(RSA_flags(rsa), 0);
  46989. RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
  46990. RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
  46991. AssertIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
  46992. AssertIntEQ(RSA_set_method(NULL, rsa_meth), 1);
  46993. AssertIntEQ(RSA_set_method(rsa, rsa_meth), 1);
  46994. AssertNull(RSA_get_method(NULL));
  46995. AssertPtrEq(RSA_get_method(rsa), rsa_meth);
  46996. AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
  46997. RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
  46998. AssertIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
  46999. AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC |
  47000. RSA_METHOD_FLAG_NO_CHECK);
  47001. RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
  47002. AssertIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
  47003. AssertIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
  47004. /* rsa_meth is freed here */
  47005. RSA_free(rsa);
  47006. res = TEST_RES_CHECK(1);
  47007. #endif
  47008. return res;
  47009. }
  47010. static int test_wolfSSL_RSA_verify(void)
  47011. {
  47012. int res = TEST_SKIPPED;
  47013. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \
  47014. !defined(NO_FILESYSTEM)
  47015. #ifndef NO_BIO
  47016. XFILE fp;
  47017. RSA *pKey, *pubKey;
  47018. X509 *cert;
  47019. const char *text = "Hello wolfSSL !";
  47020. unsigned char hash[SHA256_DIGEST_LENGTH];
  47021. unsigned char signature[2048/8];
  47022. unsigned int signatureLength;
  47023. byte *buf;
  47024. BIO *bio;
  47025. SHA256_CTX c;
  47026. EVP_PKEY *evpPkey, *evpPubkey;
  47027. size_t sz;
  47028. /* generate hash */
  47029. SHA256_Init(&c);
  47030. SHA256_Update(&c, text, strlen(text));
  47031. SHA256_Final(hash, &c);
  47032. #ifdef WOLFSSL_SMALL_STACK_CACHE
  47033. /* workaround for small stack cache case */
  47034. wc_Sha256Free((wc_Sha256*)&c);
  47035. #endif
  47036. /* read privete key file */
  47037. fp = XFOPEN(svrKeyFile, "rb");
  47038. AssertTrue((fp != XBADFILE));
  47039. AssertIntGE(XFSEEK(fp, 0, XSEEK_END), 0);
  47040. sz = XFTELL(fp);
  47041. XREWIND(fp);
  47042. AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
  47043. AssertIntEQ(XFREAD(buf, 1, sz, fp), sz);
  47044. XFCLOSE(fp);
  47045. /* read private key and sign hash data */
  47046. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  47047. AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL));
  47048. AssertNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey));
  47049. AssertIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH,
  47050. signature, &signatureLength, pKey), SSL_SUCCESS);
  47051. /* read public key and verify signed data */
  47052. fp = XFOPEN(svrCertFile,"rb");
  47053. AssertTrue((fp != XBADFILE));
  47054. cert = PEM_read_X509(fp, 0, 0, 0 );
  47055. XFCLOSE(fp);
  47056. evpPubkey = X509_get_pubkey(cert);
  47057. pubKey = EVP_PKEY_get1_RSA(evpPubkey);
  47058. AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
  47059. signatureLength, pubKey), SSL_SUCCESS);
  47060. AssertIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, NULL,
  47061. signatureLength, NULL), SSL_FAILURE);
  47062. AssertIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, signature,
  47063. signatureLength, pubKey), SSL_FAILURE);
  47064. AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, NULL,
  47065. signatureLength, pubKey), SSL_FAILURE);
  47066. AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
  47067. signatureLength, NULL), SSL_FAILURE);
  47068. RSA_free(pKey);
  47069. EVP_PKEY_free(evpPkey);
  47070. RSA_free(pubKey);
  47071. EVP_PKEY_free(evpPubkey);
  47072. X509_free(cert);
  47073. BIO_free(bio);
  47074. XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
  47075. res = TEST_RES_CHECK(1);
  47076. #endif
  47077. #endif
  47078. return res;
  47079. }
  47080. static int test_wolfSSL_RSA_sign(void)
  47081. {
  47082. int res = TEST_SKIPPED;
  47083. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
  47084. RSA *rsa;
  47085. unsigned char hash[SHA256_DIGEST_LENGTH];
  47086. #ifdef USE_CERT_BUFFERS_1024
  47087. const unsigned char* privDer = client_key_der_1024;
  47088. size_t privDerSz = sizeof_client_key_der_1024;
  47089. const unsigned char* pubDer = client_keypub_der_1024;
  47090. size_t pubDerSz = sizeof_client_keypub_der_1024;
  47091. unsigned char signature[1024/8];
  47092. #else
  47093. const unsigned char* privDer = client_key_der_2048;
  47094. size_t privDerSz = sizeof_client_key_der_2048;
  47095. const unsigned char* pubDer = client_keypub_der_2048;
  47096. size_t pubDerSz = sizeof_client_keypub_der_2048;
  47097. unsigned char signature[2048/8];
  47098. #endif
  47099. unsigned int signatureLen;
  47100. const unsigned char* der;
  47101. XMEMSET(hash, 0, sizeof(hash));
  47102. der = privDer;
  47103. rsa = NULL;
  47104. AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
  47105. AssertIntEQ(RSA_sign(NID_rsaEncryption, NULL, 0, NULL, NULL, NULL), 0);
  47106. AssertIntEQ(RSA_sign(NID_rsaEncryption, hash, sizeof(hash), signature,
  47107. &signatureLen, rsa), 0);
  47108. AssertIntEQ(RSA_sign(NID_sha256, NULL, sizeof(hash), signature,
  47109. &signatureLen, rsa), 0);
  47110. AssertIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), NULL,
  47111. &signatureLen, rsa), 0);
  47112. AssertIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
  47113. NULL, rsa), 0);
  47114. AssertIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
  47115. &signatureLen, NULL), 0);
  47116. AssertIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
  47117. &signatureLen, rsa), 1);
  47118. RSA_free(rsa);
  47119. der = pubDer;
  47120. rsa = NULL;
  47121. AssertNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
  47122. AssertIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
  47123. signatureLen, rsa), 1);
  47124. RSA_free(rsa);
  47125. res = TEST_RES_CHECK(1);
  47126. #endif
  47127. return res;
  47128. }
  47129. static int test_wolfSSL_RSA_sign_ex(void)
  47130. {
  47131. int res = TEST_SKIPPED;
  47132. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
  47133. RSA *rsa;
  47134. unsigned char hash[SHA256_DIGEST_LENGTH];
  47135. #ifdef USE_CERT_BUFFERS_1024
  47136. const unsigned char* privDer = client_key_der_1024;
  47137. size_t privDerSz = sizeof_client_key_der_1024;
  47138. const unsigned char* pubDer = client_keypub_der_1024;
  47139. size_t pubDerSz = sizeof_client_keypub_der_1024;
  47140. unsigned char signature[1024/8];
  47141. #else
  47142. const unsigned char* privDer = client_key_der_2048;
  47143. size_t privDerSz = sizeof_client_key_der_2048;
  47144. const unsigned char* pubDer = client_keypub_der_2048;
  47145. size_t pubDerSz = sizeof_client_keypub_der_2048;
  47146. unsigned char signature[2048/8];
  47147. #endif
  47148. unsigned int signatureLen;
  47149. const unsigned char* der;
  47150. unsigned char encodedHash[51];
  47151. unsigned int encodedHashLen;
  47152. const unsigned char expEncHash[] = {
  47153. 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
  47154. 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
  47155. 0x00, 0x04, 0x20,
  47156. /* Hash data */
  47157. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  47158. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  47159. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  47160. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  47161. };
  47162. XMEMSET(hash, 0, sizeof(hash));
  47163. AssertNotNull(rsa = wolfSSL_RSA_new());
  47164. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
  47165. &signatureLen, rsa, 1), 0);
  47166. wolfSSL_RSA_free(rsa);
  47167. der = privDer;
  47168. rsa = NULL;
  47169. AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
  47170. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption,NULL, 0, NULL, NULL, NULL,
  47171. -1), 0);
  47172. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption, hash, sizeof(hash),
  47173. signature, &signatureLen, rsa, 1), 0);
  47174. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature,
  47175. &signatureLen, rsa, 1), 0);
  47176. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL,
  47177. &signatureLen, rsa, 1), 0);
  47178. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
  47179. NULL, rsa, 1), 0);
  47180. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
  47181. &signatureLen, NULL, 1), 0);
  47182. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
  47183. &signatureLen, rsa, -1), 0);
  47184. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature,
  47185. &signatureLen, rsa, 0), 0);
  47186. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL,
  47187. &signatureLen, rsa, 0), 0);
  47188. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
  47189. NULL, rsa, 0), 0);
  47190. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
  47191. &signatureLen, rsa, 1), 1);
  47192. /* Test returning encoded hash. */
  47193. AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), encodedHash,
  47194. &encodedHashLen, rsa, 0), 1);
  47195. AssertIntEQ(encodedHashLen, sizeof(expEncHash));
  47196. AssertIntEQ(XMEMCMP(encodedHash, expEncHash, sizeof(expEncHash)), 0);
  47197. RSA_free(rsa);
  47198. der = pubDer;
  47199. rsa = NULL;
  47200. AssertNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
  47201. AssertIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
  47202. signatureLen, rsa), 1);
  47203. RSA_free(rsa);
  47204. res = TEST_RES_CHECK(1);
  47205. #endif
  47206. return res;
  47207. }
  47208. static int test_wolfSSL_RSA_public_decrypt(void)
  47209. {
  47210. int res = TEST_SKIPPED;
  47211. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
  47212. RSA *rsa;
  47213. unsigned char msg[SHA256_DIGEST_LENGTH];
  47214. #ifdef USE_CERT_BUFFERS_1024
  47215. const unsigned char* pubDer = client_keypub_der_1024;
  47216. size_t pubDerSz = sizeof_client_keypub_der_1024;
  47217. unsigned char decMsg[1024/8];
  47218. const unsigned char encMsg[] = {
  47219. 0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36,
  47220. 0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54,
  47221. 0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa,
  47222. 0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a,
  47223. 0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7,
  47224. 0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81,
  47225. 0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7,
  47226. 0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde,
  47227. 0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d,
  47228. 0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f,
  47229. 0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a,
  47230. 0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8,
  47231. 0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1,
  47232. 0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8,
  47233. 0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39,
  47234. 0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43
  47235. };
  47236. #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  47237. (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
  47238. defined(WC_RSA_NO_PADDING)
  47239. const unsigned char encMsgNoPad[] = {
  47240. 0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6,
  47241. 0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc,
  47242. 0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62,
  47243. 0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee,
  47244. 0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43,
  47245. 0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06,
  47246. 0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1,
  47247. 0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4,
  47248. 0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89,
  47249. 0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54,
  47250. 0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7,
  47251. 0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d,
  47252. 0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba,
  47253. 0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f,
  47254. 0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2,
  47255. 0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31
  47256. };
  47257. #endif
  47258. #else
  47259. const unsigned char* pubDer = client_keypub_der_2048;
  47260. size_t pubDerSz = sizeof_client_keypub_der_2048;
  47261. unsigned char decMsg[2048/8];
  47262. const unsigned char encMsg[] = {
  47263. 0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34,
  47264. 0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5,
  47265. 0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31,
  47266. 0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e,
  47267. 0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24,
  47268. 0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce,
  47269. 0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb,
  47270. 0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3,
  47271. 0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac,
  47272. 0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0,
  47273. 0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44,
  47274. 0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f,
  47275. 0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32,
  47276. 0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4,
  47277. 0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b,
  47278. 0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70,
  47279. 0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b,
  47280. 0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9,
  47281. 0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96,
  47282. 0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0,
  47283. 0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb,
  47284. 0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d,
  47285. 0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61,
  47286. 0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b,
  47287. 0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81,
  47288. 0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80,
  47289. 0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5,
  47290. 0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7,
  47291. 0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0,
  47292. 0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79,
  47293. 0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34,
  47294. 0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8
  47295. };
  47296. #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  47297. (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
  47298. defined(WC_RSA_NO_PADDING)
  47299. const unsigned char encMsgNoPad[] = {
  47300. 0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91,
  47301. 0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c,
  47302. 0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1,
  47303. 0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea,
  47304. 0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde,
  47305. 0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00,
  47306. 0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca,
  47307. 0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50,
  47308. 0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50,
  47309. 0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce,
  47310. 0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b,
  47311. 0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e,
  47312. 0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5,
  47313. 0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b,
  47314. 0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93,
  47315. 0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd,
  47316. 0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89,
  47317. 0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f,
  47318. 0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13,
  47319. 0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c,
  47320. 0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17,
  47321. 0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f,
  47322. 0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70,
  47323. 0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed,
  47324. 0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e,
  47325. 0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12,
  47326. 0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc,
  47327. 0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f,
  47328. 0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a,
  47329. 0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03,
  47330. 0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5,
  47331. 0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1
  47332. };
  47333. #endif
  47334. #endif
  47335. const unsigned char* der;
  47336. #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  47337. (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
  47338. defined(WC_RSA_NO_PADDING)
  47339. int i;
  47340. #endif
  47341. XMEMSET(msg, 0, sizeof(msg));
  47342. der = pubDer;
  47343. rsa = NULL;
  47344. AssertNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
  47345. AssertIntEQ(RSA_public_decrypt(0, NULL, NULL, NULL, 0), -1);
  47346. AssertIntEQ(RSA_public_decrypt(-1, encMsg, decMsg, rsa,
  47347. RSA_PKCS1_PADDING), -1);
  47348. AssertIntEQ(RSA_public_decrypt(sizeof(encMsg), NULL, decMsg, rsa,
  47349. RSA_PKCS1_PADDING), -1);
  47350. AssertIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, NULL, rsa,
  47351. RSA_PKCS1_PADDING), -1);
  47352. AssertIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, NULL,
  47353. RSA_PKCS1_PADDING), -1);
  47354. AssertIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa,
  47355. RSA_PKCS1_PSS_PADDING), -1);
  47356. AssertIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa,
  47357. RSA_PKCS1_PADDING), 32);
  47358. AssertIntEQ(XMEMCMP(decMsg, msg, sizeof(msg)), 0);
  47359. #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  47360. (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
  47361. defined(WC_RSA_NO_PADDING)
  47362. AssertIntEQ(RSA_public_decrypt(sizeof(encMsgNoPad), encMsgNoPad, decMsg,
  47363. rsa, RSA_NO_PADDING), sizeof(decMsg));
  47364. /* Zeros before actual data. */
  47365. for (i = 0; i < (int)(sizeof(decMsg) - sizeof(msg)); i += sizeof(msg)) {
  47366. AssertIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0);
  47367. }
  47368. /* Check actual data. */
  47369. XMEMSET(msg, 0x01, sizeof(msg));
  47370. AssertIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0);
  47371. #endif
  47372. RSA_free(rsa);
  47373. res = TEST_RES_CHECK(1);
  47374. #endif
  47375. return res;
  47376. }
  47377. static int test_wolfSSL_RSA_private_encrypt(void)
  47378. {
  47379. int res = TEST_SKIPPED;
  47380. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
  47381. RSA *rsa;
  47382. unsigned char msg[SHA256_DIGEST_LENGTH];
  47383. #ifdef USE_CERT_BUFFERS_1024
  47384. const unsigned char* privDer = client_key_der_1024;
  47385. size_t privDerSz = sizeof_client_key_der_1024;
  47386. unsigned char encMsg[1024/8];
  47387. const unsigned char expEncMsg[] = {
  47388. 0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36,
  47389. 0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54,
  47390. 0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa,
  47391. 0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a,
  47392. 0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7,
  47393. 0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81,
  47394. 0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7,
  47395. 0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde,
  47396. 0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d,
  47397. 0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f,
  47398. 0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a,
  47399. 0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8,
  47400. 0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1,
  47401. 0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8,
  47402. 0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39,
  47403. 0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43
  47404. };
  47405. #ifdef WC_RSA_NO_PADDING
  47406. const unsigned char expEncMsgNoPad[] = {
  47407. 0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6,
  47408. 0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc,
  47409. 0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62,
  47410. 0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee,
  47411. 0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43,
  47412. 0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06,
  47413. 0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1,
  47414. 0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4,
  47415. 0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89,
  47416. 0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54,
  47417. 0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7,
  47418. 0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d,
  47419. 0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba,
  47420. 0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f,
  47421. 0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2,
  47422. 0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31
  47423. };
  47424. #endif
  47425. #else
  47426. const unsigned char* privDer = client_key_der_2048;
  47427. size_t privDerSz = sizeof_client_key_der_2048;
  47428. unsigned char encMsg[2048/8];
  47429. const unsigned char expEncMsg[] = {
  47430. 0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34,
  47431. 0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5,
  47432. 0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31,
  47433. 0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e,
  47434. 0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24,
  47435. 0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce,
  47436. 0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb,
  47437. 0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3,
  47438. 0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac,
  47439. 0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0,
  47440. 0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44,
  47441. 0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f,
  47442. 0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32,
  47443. 0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4,
  47444. 0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b,
  47445. 0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70,
  47446. 0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b,
  47447. 0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9,
  47448. 0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96,
  47449. 0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0,
  47450. 0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb,
  47451. 0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d,
  47452. 0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61,
  47453. 0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b,
  47454. 0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81,
  47455. 0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80,
  47456. 0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5,
  47457. 0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7,
  47458. 0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0,
  47459. 0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79,
  47460. 0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34,
  47461. 0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8
  47462. };
  47463. #ifdef WC_RSA_NO_PADDING
  47464. const unsigned char expEncMsgNoPad[] = {
  47465. 0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91,
  47466. 0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c,
  47467. 0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1,
  47468. 0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea,
  47469. 0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde,
  47470. 0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00,
  47471. 0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca,
  47472. 0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50,
  47473. 0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50,
  47474. 0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce,
  47475. 0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b,
  47476. 0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e,
  47477. 0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5,
  47478. 0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b,
  47479. 0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93,
  47480. 0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd,
  47481. 0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89,
  47482. 0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f,
  47483. 0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13,
  47484. 0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c,
  47485. 0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17,
  47486. 0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f,
  47487. 0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70,
  47488. 0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed,
  47489. 0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e,
  47490. 0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12,
  47491. 0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc,
  47492. 0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f,
  47493. 0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a,
  47494. 0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03,
  47495. 0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5,
  47496. 0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1
  47497. };
  47498. #endif
  47499. #endif
  47500. const unsigned char* der;
  47501. XMEMSET(msg, 0x00, sizeof(msg));
  47502. der = privDer;
  47503. rsa = NULL;
  47504. AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
  47505. AssertIntEQ(RSA_private_encrypt(0, NULL, NULL, NULL, 0), -1);
  47506. AssertIntEQ(RSA_private_encrypt(0, msg, encMsg, rsa, RSA_PKCS1_PADDING),
  47507. -1);
  47508. AssertIntEQ(RSA_private_encrypt(sizeof(msg), NULL, encMsg, rsa,
  47509. RSA_PKCS1_PADDING), -1);
  47510. AssertIntEQ(RSA_private_encrypt(sizeof(msg), msg, NULL, rsa,
  47511. RSA_PKCS1_PADDING), -1);
  47512. AssertIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, NULL,
  47513. RSA_PKCS1_PADDING), -1);
  47514. AssertIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
  47515. RSA_PKCS1_PSS_PADDING), -1);
  47516. AssertIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
  47517. RSA_PKCS1_PADDING), sizeof(encMsg));
  47518. AssertIntEQ(XMEMCMP(encMsg, expEncMsg, sizeof(expEncMsg)), 0);
  47519. #ifdef WC_RSA_NO_PADDING
  47520. /* Non-zero message. */
  47521. XMEMSET(msg, 0x01, sizeof(msg));
  47522. AssertIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
  47523. RSA_NO_PADDING), sizeof(encMsg));
  47524. AssertIntEQ(XMEMCMP(encMsg, expEncMsgNoPad, sizeof(expEncMsgNoPad)), 0);
  47525. #endif
  47526. RSA_free(rsa);
  47527. res = TEST_RES_CHECK(1);
  47528. #endif
  47529. return res;
  47530. }
  47531. static int test_wolfSSL_RSA_public_encrypt(void)
  47532. {
  47533. int res = TEST_SKIPPED;
  47534. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
  47535. RSA* rsa;
  47536. const unsigned char msg[2048/8] = { 0 };
  47537. unsigned char encMsg[2048/8];
  47538. AssertNotNull(rsa = RSA_new());
  47539. AssertIntEQ(RSA_public_encrypt(-1, msg, encMsg, rsa,
  47540. RSA_PKCS1_PADDING), -1);
  47541. AssertIntEQ(RSA_public_encrypt(sizeof(msg), NULL, encMsg, rsa,
  47542. RSA_PKCS1_PADDING), -1);
  47543. AssertIntEQ(RSA_public_encrypt(sizeof(msg), msg, NULL, rsa,
  47544. RSA_PKCS1_PADDING), -1);
  47545. AssertIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, NULL,
  47546. RSA_PKCS1_PADDING), -1);
  47547. AssertIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa,
  47548. RSA_PKCS1_PSS_PADDING), -1);
  47549. /* Empty RSA key. */
  47550. AssertIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa,
  47551. RSA_PKCS1_PADDING), -1);
  47552. RSA_free(rsa);
  47553. res = TEST_RES_CHECK(1);
  47554. #endif
  47555. return res;
  47556. }
  47557. static int test_wolfSSL_RSA_private_decrypt(void)
  47558. {
  47559. int res = TEST_SKIPPED;
  47560. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
  47561. RSA* rsa;
  47562. unsigned char msg[2048/8];
  47563. const unsigned char encMsg[2048/8] = { 0 };
  47564. AssertNotNull(rsa = RSA_new());
  47565. AssertIntEQ(RSA_private_decrypt(-1, encMsg, msg, rsa,
  47566. RSA_PKCS1_PADDING), -1);
  47567. AssertIntEQ(RSA_private_decrypt(sizeof(encMsg), NULL, msg, rsa,
  47568. RSA_PKCS1_PADDING), -1);
  47569. AssertIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, NULL, rsa,
  47570. RSA_PKCS1_PADDING), -1);
  47571. AssertIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, NULL,
  47572. RSA_PKCS1_PADDING), -1);
  47573. AssertIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa,
  47574. RSA_PKCS1_PSS_PADDING), -1);
  47575. /* Empty RSA key. */
  47576. AssertIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa,
  47577. RSA_PKCS1_PADDING), -1);
  47578. RSA_free(rsa);
  47579. res = TEST_RES_CHECK(1);
  47580. #endif
  47581. return res;
  47582. }
  47583. static int test_wolfSSL_RSA_GenAdd(void)
  47584. {
  47585. int res = TEST_SKIPPED;
  47586. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  47587. RSA *rsa;
  47588. #ifdef USE_CERT_BUFFERS_1024
  47589. const unsigned char* privDer = client_key_der_1024;
  47590. size_t privDerSz = sizeof_client_key_der_1024;
  47591. const unsigned char* pubDer = client_keypub_der_1024;
  47592. size_t pubDerSz = sizeof_client_keypub_der_1024;
  47593. #else
  47594. const unsigned char* privDer = client_key_der_2048;
  47595. size_t privDerSz = sizeof_client_key_der_2048;
  47596. const unsigned char* pubDer = client_keypub_der_2048;
  47597. size_t pubDerSz = sizeof_client_keypub_der_2048;
  47598. #endif
  47599. const unsigned char* der;
  47600. der = privDer;
  47601. rsa = NULL;
  47602. AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
  47603. AssertIntEQ(wolfSSL_RSA_GenAdd(NULL), -1);
  47604. #ifndef RSA_LOW_MEM
  47605. AssertIntEQ(wolfSSL_RSA_GenAdd(rsa), 1);
  47606. #else
  47607. /* dmp1 and dmq1 are not set (allocated) when RSA_LOW_MEM. */
  47608. AssertIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
  47609. #endif
  47610. RSA_free(rsa);
  47611. der = pubDer;
  47612. rsa = NULL;
  47613. AssertNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
  47614. /* Need private values. */
  47615. AssertIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
  47616. RSA_free(rsa);
  47617. res = TEST_RES_CHECK(1);
  47618. #endif
  47619. return res;
  47620. }
  47621. static int test_wolfSSL_RSA_blinding_on(void)
  47622. {
  47623. int res = TEST_SKIPPED;
  47624. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_STUB)
  47625. RSA *rsa;
  47626. WOLFSSL_BN_CTX *bnCtx;
  47627. #ifdef USE_CERT_BUFFERS_1024
  47628. const unsigned char* privDer = client_key_der_1024;
  47629. size_t privDerSz = sizeof_client_key_der_1024;
  47630. #else
  47631. const unsigned char* privDer = client_key_der_2048;
  47632. size_t privDerSz = sizeof_client_key_der_2048;
  47633. #endif
  47634. const unsigned char* der;
  47635. der = privDer;
  47636. rsa = NULL;
  47637. AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
  47638. AssertNotNull(bnCtx = wolfSSL_BN_CTX_new());
  47639. /* Does nothing so all parameters are valid. */
  47640. AssertIntEQ(wolfSSL_RSA_blinding_on(NULL, NULL), 1);
  47641. AssertIntEQ(wolfSSL_RSA_blinding_on(rsa, NULL), 1);
  47642. AssertIntEQ(wolfSSL_RSA_blinding_on(NULL, bnCtx), 1);
  47643. AssertIntEQ(wolfSSL_RSA_blinding_on(rsa, bnCtx), 1);
  47644. wolfSSL_BN_CTX_free(bnCtx);
  47645. RSA_free(rsa);
  47646. res = TEST_RES_CHECK(1);
  47647. #endif
  47648. return res;
  47649. }
  47650. static int test_wolfSSL_RSA_ex_data(void)
  47651. {
  47652. int res = TEST_SKIPPED;
  47653. #if !defined(NO_RSA) && defined(OPENSSL_EXTRA)
  47654. RSA* rsa;
  47655. unsigned char data[1];
  47656. rsa = RSA_new();
  47657. AssertNull(wolfSSL_RSA_get_ex_data(NULL, 0));
  47658. AssertNull(wolfSSL_RSA_get_ex_data(rsa, 0));
  47659. #ifdef MAX_EX_DATA
  47660. AssertNull(wolfSSL_RSA_get_ex_data(rsa, MAX_EX_DATA));
  47661. AssertIntEQ(wolfSSL_RSA_set_ex_data(rsa, MAX_EX_DATA, data), 0);
  47662. #endif
  47663. AssertIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, NULL), 0);
  47664. AssertIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, data), 0);
  47665. #ifdef HAVE_EX_DATA
  47666. AssertIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 1);
  47667. AssertIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 1);
  47668. AssertPtrEq(wolfSSL_RSA_get_ex_data(rsa, 0), data);
  47669. #else
  47670. AssertIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 0);
  47671. AssertIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 0);
  47672. AssertNull(wolfSSL_RSA_get_ex_data(rsa, 0));
  47673. #endif
  47674. RSA_free(rsa);
  47675. res = TEST_RES_CHECK(1);
  47676. #endif /* !NO_RSA && OPENSSL_EXTRA */
  47677. return res;
  47678. }
  47679. static int test_wolfSSL_RSA_LoadDer(void)
  47680. {
  47681. int res = TEST_SKIPPED;
  47682. #if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || \
  47683. defined(OPENSSL_EXTRA_X509_SMALL))
  47684. RSA *rsa;
  47685. #ifdef USE_CERT_BUFFERS_1024
  47686. const unsigned char* privDer = client_key_der_1024;
  47687. size_t privDerSz = sizeof_client_key_der_1024;
  47688. #else
  47689. const unsigned char* privDer = client_key_der_2048;
  47690. size_t privDerSz = sizeof_client_key_der_2048;
  47691. #endif
  47692. AssertNotNull(rsa = RSA_new());
  47693. AssertIntEQ(wolfSSL_RSA_LoadDer(NULL, privDer, (int)privDerSz), -1);
  47694. AssertIntEQ(wolfSSL_RSA_LoadDer(rsa, NULL, (int)privDerSz), -1);
  47695. AssertIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, 0), -1);
  47696. AssertIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, (int)privDerSz), 1);
  47697. RSA_free(rsa);
  47698. res = TEST_RES_CHECK(1);
  47699. #endif /* !NO_RSA && OPENSSL_EXTRA */
  47700. return res;
  47701. }
  47702. /* Local API. */
  47703. static int test_wolfSSL_RSA_To_Der(void)
  47704. {
  47705. int res = TEST_SKIPPED;
  47706. #ifdef WOLFSSL_TEST_STATIC_BUILD
  47707. #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && \
  47708. defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  47709. RSA* rsa;
  47710. #ifdef USE_CERT_BUFFERS_1024
  47711. const unsigned char* privDer = client_key_der_1024;
  47712. size_t privDerSz = sizeof_client_key_der_1024;
  47713. const unsigned char* pubDer = client_keypub_der_1024;
  47714. size_t pubDerSz = sizeof_client_keypub_der_1024;
  47715. unsigned char out[sizeof(client_key_der_1024)];
  47716. #else
  47717. const unsigned char* privDer = client_key_der_2048;
  47718. size_t privDerSz = sizeof_client_key_der_2048;
  47719. const unsigned char* pubDer = client_keypub_der_2048;
  47720. size_t pubDerSz = sizeof_client_keypub_der_2048;
  47721. unsigned char out[sizeof(client_key_der_2048)];
  47722. #endif
  47723. const unsigned char* der;
  47724. unsigned char* outDer = NULL;
  47725. der = privDer;
  47726. rsa = NULL;
  47727. AssertNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
  47728. AssertIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
  47729. AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), BAD_FUNC_ARG);
  47730. AssertIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 0, HEAP_HINT), privDerSz);
  47731. outDer = out;
  47732. AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz);
  47733. AssertIntEQ(XMEMCMP(out, privDer, privDerSz), 0);
  47734. outDer = NULL;
  47735. AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz);
  47736. AssertNotNull(outDer);
  47737. AssertIntEQ(XMEMCMP(outDer, privDer, privDerSz), 0);
  47738. XFREE(outDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  47739. AssertIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 1, HEAP_HINT), pubDerSz);
  47740. outDer = out;
  47741. AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), pubDerSz);
  47742. AssertIntEQ(XMEMCMP(out, pubDer, pubDerSz), 0);
  47743. RSA_free(rsa);
  47744. AssertNotNull(rsa = RSA_new());
  47745. AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
  47746. AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), BAD_FUNC_ARG);
  47747. RSA_free(rsa);
  47748. der = pubDer;
  47749. rsa = NULL;
  47750. AssertNotNull(wolfSSL_d2i_RSAPublicKey(&rsa, &der, pubDerSz));
  47751. AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
  47752. RSA_free(rsa);
  47753. res = TEST_RES_CHECK(1);
  47754. #endif
  47755. #endif
  47756. return res;
  47757. }
  47758. /* wolfSSL_PEM_read_RSAPublicKey is a stub function. */
  47759. static int test_wolfSSL_PEM_read_RSAPublicKey(void)
  47760. {
  47761. int res = TEST_SKIPPED;
  47762. #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
  47763. XFILE file;
  47764. const char* fname = "./certs/server-keyPub.pem";
  47765. RSA *rsa;
  47766. AssertNull(wolfSSL_PEM_read_RSAPublicKey(XBADFILE, NULL, NULL, NULL));
  47767. file = XFOPEN(fname, "rb");
  47768. AssertTrue((file != XBADFILE));
  47769. AssertNotNull((rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL)));
  47770. AssertIntEQ(RSA_size(rsa), 256);
  47771. RSA_free(rsa);
  47772. XFCLOSE(file);
  47773. res = TEST_RES_CHECK(1);
  47774. #endif
  47775. return res;
  47776. }
  47777. /* wolfSSL_PEM_read_RSAPublicKey is a stub function. */
  47778. static int test_wolfSSL_PEM_write_RSA_PUBKEY(void)
  47779. {
  47780. int res = TEST_SKIPPED;
  47781. #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
  47782. defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
  47783. RSA* rsa = NULL;
  47784. AssertIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(XBADFILE, NULL), 0);
  47785. AssertIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, NULL), 0);
  47786. /* Valid but stub so returns 0. */
  47787. AssertIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, rsa), 0);
  47788. res = TEST_RES_CHECK(1);
  47789. #endif
  47790. return res;
  47791. }
  47792. static int test_wolfSSL_PEM_write_RSAPrivateKey(void)
  47793. {
  47794. int res = TEST_SKIPPED;
  47795. #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
  47796. !defined(HAVE_USER_RSA) && (defined(WOLFSSL_PEM_TO_DER) || \
  47797. defined(WOLFSSL_DER_TO_PEM)) && !defined(NO_FILESYSTEM)
  47798. RSA* rsa;
  47799. #ifdef USE_CERT_BUFFERS_1024
  47800. const unsigned char* privDer = client_key_der_1024;
  47801. size_t privDerSz = sizeof_client_key_der_1024;
  47802. #else
  47803. const unsigned char* privDer = client_key_der_2048;
  47804. size_t privDerSz = sizeof_client_key_der_2048;
  47805. #endif
  47806. const unsigned char* der;
  47807. #ifndef NO_AES
  47808. unsigned char passwd[] = "password";
  47809. #endif
  47810. AssertNotNull(rsa = RSA_new());
  47811. AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0,
  47812. NULL, NULL), 0);
  47813. RSA_free(rsa);
  47814. der = privDer;
  47815. rsa = NULL;
  47816. AssertNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
  47817. AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0,
  47818. NULL, NULL), 0);
  47819. AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0,
  47820. NULL, NULL), 0);
  47821. AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0,
  47822. NULL, NULL), 1);
  47823. #ifndef NO_AES
  47824. AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(),
  47825. NULL, 0, NULL, NULL), 1);
  47826. AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(),
  47827. passwd, sizeof(passwd) - 1, NULL, NULL), 1);
  47828. #endif
  47829. RSA_free(rsa);
  47830. res = TEST_RES_CHECK(1);
  47831. #endif
  47832. return res;
  47833. }
  47834. static int test_wolfSSL_PEM_write_mem_RSAPrivateKey(void)
  47835. {
  47836. int res = TEST_SKIPPED;
  47837. #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
  47838. !defined(HAVE_USER_RSA) && (defined(WOLFSSL_PEM_TO_DER) || \
  47839. defined(WOLFSSL_DER_TO_PEM))
  47840. RSA* rsa;
  47841. #ifdef USE_CERT_BUFFERS_1024
  47842. const unsigned char* privDer = client_key_der_1024;
  47843. size_t privDerSz = sizeof_client_key_der_1024;
  47844. #else
  47845. const unsigned char* privDer = client_key_der_2048;
  47846. size_t privDerSz = sizeof_client_key_der_2048;
  47847. #endif
  47848. const unsigned char* der;
  47849. #ifndef NO_AES
  47850. unsigned char passwd[] = "password";
  47851. #endif
  47852. unsigned char* pem;
  47853. int plen;
  47854. AssertNotNull(rsa = RSA_new());
  47855. AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
  47856. &plen), 0);
  47857. RSA_free(rsa);
  47858. der = privDer;
  47859. rsa = NULL;
  47860. AssertNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
  47861. AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(NULL, NULL, NULL, 0, &pem,
  47862. &plen), 0);
  47863. AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, NULL,
  47864. &plen), 0);
  47865. AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
  47866. NULL), 0);
  47867. AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
  47868. &plen), 1);
  47869. XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
  47870. #ifndef NO_AES
  47871. AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(),
  47872. NULL, 0, &pem, &plen), 1);
  47873. XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
  47874. AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(),
  47875. passwd, sizeof(passwd) - 1, &pem, &plen), 1);
  47876. XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
  47877. #endif
  47878. RSA_free(rsa);
  47879. res = TEST_RES_CHECK(1);
  47880. #endif
  47881. return res;
  47882. }
  47883. static int test_wolfSSL_DH(void)
  47884. {
  47885. int res = TEST_SKIPPED;
  47886. #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
  47887. DH *dh = NULL;
  47888. BIGNUM* p;
  47889. BIGNUM* q;
  47890. BIGNUM* g;
  47891. BIGNUM* pub;
  47892. BIGNUM* priv;
  47893. #if defined(OPENSSL_ALL)
  47894. #if !defined(HAVE_FIPS) || \
  47895. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  47896. FILE* f = NULL;
  47897. unsigned char buf[268];
  47898. const unsigned char* pt = buf;
  47899. long len = 0;
  47900. dh = NULL;
  47901. XMEMSET(buf, 0, sizeof(buf));
  47902. /* Test 2048 bit parameters */
  47903. f = XFOPEN("./certs/dh2048.der", "rb");
  47904. AssertTrue(f != XBADFILE);
  47905. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  47906. XFCLOSE(f);
  47907. AssertNotNull(dh = d2i_DHparams(NULL, &pt, len));
  47908. AssertNotNull(dh->p);
  47909. AssertNotNull(dh->g);
  47910. AssertTrue(pt == buf);
  47911. AssertIntEQ(DH_generate_key(dh), 1);
  47912. AssertIntEQ(DH_generate_key(dh), 1);
  47913. AssertIntEQ(DH_compute_key(NULL, NULL, NULL), -1);
  47914. AssertNotNull(pub = BN_new());
  47915. AssertIntEQ(BN_set_word(pub, 1), 1);
  47916. AssertIntEQ(DH_compute_key(buf, NULL, NULL), -1);
  47917. AssertIntEQ(DH_compute_key(NULL, pub, NULL), -1);
  47918. AssertIntEQ(DH_compute_key(NULL, NULL, dh), -1);
  47919. AssertIntEQ(DH_compute_key(buf, pub, NULL), -1);
  47920. AssertIntEQ(DH_compute_key(buf, NULL, dh), -1);
  47921. AssertIntEQ(DH_compute_key(NULL, pub, dh), -1);
  47922. AssertIntEQ(DH_compute_key(buf, pub, dh), -1);
  47923. BN_free(pub);
  47924. DH_get0_pqg(dh, (const BIGNUM**)&p,
  47925. (const BIGNUM**)&q,
  47926. (const BIGNUM**)&g);
  47927. AssertPtrEq(p, dh->p);
  47928. AssertPtrEq(q, dh->q);
  47929. AssertPtrEq(g, dh->g);
  47930. DH_get0_key(NULL, (const BIGNUM**)&pub, (const BIGNUM**)&priv);
  47931. DH_get0_key(dh, (const BIGNUM**)&pub, (const BIGNUM**)&priv);
  47932. AssertPtrEq(pub, dh->pub_key);
  47933. AssertPtrEq(priv, dh->priv_key);
  47934. DH_get0_key(dh, (const BIGNUM**)&pub, NULL);
  47935. AssertPtrEq(pub, dh->pub_key);
  47936. DH_get0_key(dh, NULL, (const BIGNUM**)&priv);
  47937. AssertPtrEq(priv, dh->priv_key);
  47938. AssertNotNull(pub = BN_new());
  47939. AssertNotNull(priv = BN_new());
  47940. AssertIntEQ(DH_set0_key(NULL, pub, priv), 0);
  47941. AssertIntEQ(DH_set0_key(dh, pub, priv), 1);
  47942. AssertNotNull(pub = BN_new());
  47943. AssertIntEQ(DH_set0_key(dh, pub, NULL), 1);
  47944. AssertNotNull(priv = BN_new());
  47945. AssertIntEQ(DH_set0_key(dh, NULL, priv), 1);
  47946. AssertPtrEq(pub, dh->pub_key);
  47947. AssertPtrEq(priv, dh->priv_key);
  47948. DH_free(dh);
  47949. AssertNotNull(dh = DH_new());
  47950. AssertNotNull(p = BN_new());
  47951. AssertIntEQ(BN_set_word(p, 1), 1);
  47952. AssertIntEQ(DH_compute_key(buf, p, dh), -1);
  47953. AssertNotNull(pub = BN_new());
  47954. AssertNotNull(priv = BN_new());
  47955. AssertIntEQ(DH_set0_key(dh, pub, priv), 1);
  47956. AssertIntEQ(DH_compute_key(buf, p, dh), -1);
  47957. BN_free(p);
  47958. DH_free(dh);
  47959. #ifdef WOLFSSL_KEY_GEN
  47960. AssertNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
  47961. AssertIntEQ(wolfSSL_DH_generate_parameters_ex(NULL, 2048, 2, NULL), 0);
  47962. DH_free(dh);
  47963. #endif
  47964. #endif /* !HAVE_FIPS || (HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2) */
  47965. #endif /* OPENSSL_ALL */
  47966. (void)dh;
  47967. (void)p;
  47968. (void)q;
  47969. (void)g;
  47970. (void)pub;
  47971. (void)priv;
  47972. dh = wolfSSL_DH_new();
  47973. AssertNotNull(dh);
  47974. /* invalid parameters test */
  47975. DH_get0_pqg(NULL, (const BIGNUM**)&p,
  47976. (const BIGNUM**)&q,
  47977. (const BIGNUM**)&g);
  47978. DH_get0_pqg(dh, NULL,
  47979. (const BIGNUM**)&q,
  47980. (const BIGNUM**)&g);
  47981. DH_get0_pqg(dh, NULL, NULL, (const BIGNUM**)&g);
  47982. DH_get0_pqg(dh, NULL, NULL, NULL);
  47983. AssertTrue(1);
  47984. DH_get0_pqg(dh, (const BIGNUM**)&p,
  47985. (const BIGNUM**)&q,
  47986. (const BIGNUM**)&g);
  47987. AssertPtrEq(p, NULL);
  47988. AssertPtrEq(q, NULL);
  47989. AssertPtrEq(g, NULL);
  47990. DH_free(dh);
  47991. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && !defined(WOLFSSL_DH_EXTRA)) \
  47992. || (defined(HAVE_FIPS_VERSION) && FIPS_VERSION_GT(2,0))
  47993. #if defined(OPENSSL_ALL) || \
  47994. defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
  47995. dh = wolfSSL_DH_new();
  47996. AssertNotNull(dh);
  47997. p = wolfSSL_BN_new();
  47998. AssertNotNull(p);
  47999. AssertIntEQ(BN_set_word(p, 11), 1);
  48000. g = wolfSSL_BN_new();
  48001. AssertNotNull(g);
  48002. AssertIntEQ(BN_set_word(g, 2), 1);
  48003. q = wolfSSL_BN_new();
  48004. AssertNotNull(q);
  48005. AssertIntEQ(BN_set_word(q, 5), 1);
  48006. AssertIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, NULL), 0);
  48007. AssertIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 0);
  48008. AssertIntEQ(wolfSSL_DH_set0_pqg(NULL, p, NULL, NULL), 0);
  48009. AssertIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, q, NULL), 0);
  48010. AssertIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, g), 0);
  48011. AssertIntEQ(wolfSSL_DH_set0_pqg(NULL, p, q, g), 0);
  48012. AssertIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, g), 0);
  48013. AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, NULL), 0);
  48014. /* Don't need q. */
  48015. AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
  48016. /* Setting again will free the p and g. */
  48017. wolfSSL_BN_free(q);
  48018. DH_free(dh);
  48019. dh = wolfSSL_DH_new();
  48020. AssertNotNull(dh);
  48021. p = wolfSSL_BN_new();
  48022. AssertNotNull(p);
  48023. AssertIntEQ(BN_set_word(p, 11), 1);
  48024. g = wolfSSL_BN_new();
  48025. AssertNotNull(g);
  48026. AssertIntEQ(BN_set_word(g, 2), 1);
  48027. q = wolfSSL_BN_new();
  48028. AssertNotNull(q);
  48029. AssertIntEQ(BN_set_word(q, 5), 1);
  48030. AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, g), 1);
  48031. /* p, q and g are now owned by dh - don't free. */
  48032. p = wolfSSL_BN_new();
  48033. AssertNotNull(p);
  48034. AssertIntEQ(BN_set_word(p, 11), 1);
  48035. g = wolfSSL_BN_new();
  48036. AssertNotNull(g);
  48037. AssertIntEQ(BN_set_word(g, 2), 1);
  48038. q = wolfSSL_BN_new();
  48039. AssertNotNull(q);
  48040. AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, NULL), 1);
  48041. AssertIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, NULL), 1);
  48042. AssertIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, g), 1);
  48043. AssertIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 1);
  48044. /* p, q and g are now owned by dh - don't free. */
  48045. DH_free(dh);
  48046. AssertIntEQ(DH_generate_key(NULL), 0);
  48047. AssertNotNull(dh = DH_new());
  48048. AssertIntEQ(DH_generate_key(dh), 0);
  48049. p = wolfSSL_BN_new();
  48050. AssertNotNull(p);
  48051. AssertIntEQ(BN_set_word(p, 0), 1);
  48052. g = wolfSSL_BN_new();
  48053. AssertNotNull(g);
  48054. AssertIntEQ(BN_set_word(g, 2), 1);
  48055. AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
  48056. AssertIntEQ(DH_generate_key(dh), 0);
  48057. DH_free(dh);
  48058. #endif
  48059. #endif
  48060. /* Test DH_up_ref() */
  48061. dh = wolfSSL_DH_new();
  48062. AssertNotNull(dh);
  48063. AssertIntEQ(wolfSSL_DH_up_ref(NULL), WOLFSSL_FAILURE);
  48064. AssertIntEQ(wolfSSL_DH_up_ref(dh), WOLFSSL_SUCCESS);
  48065. DH_free(dh); /* decrease ref count */
  48066. DH_free(dh); /* free WOLFSSL_DH */
  48067. AssertNull((dh = DH_new_by_nid(NID_sha1)));
  48068. #if (defined(HAVE_PUBLIC_FFDHE) || (defined(HAVE_FIPS) && \
  48069. FIPS_VERSION_EQ(2,0))) || (!defined(HAVE_PUBLIC_FFDHE) && \
  48070. (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)))
  48071. #ifdef HAVE_FFDHE_2048
  48072. AssertNotNull((dh = DH_new_by_nid(NID_ffdhe2048)));
  48073. DH_free(dh);
  48074. #endif
  48075. #ifdef HAVE_FFDHE_3072
  48076. AssertNotNull((dh = DH_new_by_nid(NID_ffdhe3072)));
  48077. DH_free(dh);
  48078. #endif
  48079. #ifdef HAVE_FFDHE_4096
  48080. AssertNotNull((dh = DH_new_by_nid(NID_ffdhe4096)));
  48081. DH_free(dh);
  48082. #endif
  48083. #else
  48084. AssertNull((dh = DH_new_by_nid(NID_ffdhe2048)));
  48085. #endif /* (HAVE_PUBLIC_FFDHE || (HAVE_FIPS && HAVE_FIPS_VERSION == 2)) ||
  48086. * (!HAVE_PUBLIC_FFDHE && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2))*/
  48087. AssertIntEQ(wolfSSL_DH_size(NULL), -1);
  48088. res = TEST_RES_CHECK(1);
  48089. #endif /* OPENSSL_EXTRA && !NO_DH */
  48090. return res;
  48091. }
  48092. static int test_wolfSSL_DH_dup(void)
  48093. {
  48094. int res = TEST_SKIPPED;
  48095. #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
  48096. #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
  48097. defined(OPENSSL_EXTRA)
  48098. DH *dh;
  48099. DH *dhDup;
  48100. WOLFSSL_BIGNUM* p;
  48101. WOLFSSL_BIGNUM* g;
  48102. AssertNotNull(p = wolfSSL_BN_new());
  48103. AssertNotNull(g = wolfSSL_BN_new());
  48104. AssertIntEQ(wolfSSL_BN_set_word(p, 11), WOLFSSL_SUCCESS);
  48105. AssertIntEQ(wolfSSL_BN_set_word(g, 2), WOLFSSL_SUCCESS);
  48106. dhDup = wolfSSL_DH_dup(NULL);
  48107. AssertNull(dhDup);
  48108. dh = wolfSSL_DH_new();
  48109. AssertNotNull(dh);
  48110. dhDup = wolfSSL_DH_dup(dh);
  48111. AssertNull(dhDup);
  48112. #if defined(OPENSSL_ALL) || \
  48113. defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
  48114. AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
  48115. dhDup = wolfSSL_DH_dup(dh);
  48116. AssertNotNull(dhDup);
  48117. wolfSSL_DH_free(dhDup);
  48118. #else
  48119. wolfSSL_BN_free(p);
  48120. wolfSSL_BN_free(g);
  48121. #endif
  48122. wolfSSL_DH_free(dh);
  48123. res = TEST_RES_CHECK(1);
  48124. #endif
  48125. #endif
  48126. return res;
  48127. }
  48128. static int test_wolfSSL_DH_check(void)
  48129. {
  48130. int res = TEST_SKIPPED;
  48131. #ifdef OPENSSL_ALL
  48132. #ifndef NO_DH
  48133. #ifndef NO_BIO
  48134. #ifndef NO_DSA
  48135. byte buf[6000];
  48136. char file[] = "./certs/dsaparams.pem";
  48137. XFILE f;
  48138. int bytes;
  48139. BIO* bio;
  48140. DSA* dsa;
  48141. #elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
  48142. static const byte dh2048[] = {
  48143. 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01,
  48144. 0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13,
  48145. 0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5,
  48146. 0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a,
  48147. 0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53,
  48148. 0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84,
  48149. 0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1,
  48150. 0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91,
  48151. 0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66,
  48152. 0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9,
  48153. 0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e,
  48154. 0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d,
  48155. 0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d,
  48156. 0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75,
  48157. 0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa,
  48158. 0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93,
  48159. 0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c,
  48160. 0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35,
  48161. 0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e,
  48162. 0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76,
  48163. 0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62,
  48164. 0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0,
  48165. 0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40,
  48166. 0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a,
  48167. 0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4,
  48168. 0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4,
  48169. 0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90,
  48170. 0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58,
  48171. 0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f,
  48172. 0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6,
  48173. 0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67,
  48174. 0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7,
  48175. 0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f,
  48176. 0x93, 0x02, 0x01, 0x02
  48177. };
  48178. const byte* params;
  48179. #endif
  48180. DH* dh = NULL;
  48181. WOLFSSL_BIGNUM* p;
  48182. WOLFSSL_BIGNUM* g;
  48183. WOLFSSL_BIGNUM* pTmp = NULL;
  48184. WOLFSSL_BIGNUM* gTmp = NULL;
  48185. int codes = -1;
  48186. #ifndef NO_DSA
  48187. /* Initialize DH */
  48188. f = XFOPEN(file, "rb");
  48189. AssertTrue((f != XBADFILE));
  48190. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  48191. XFCLOSE(f);
  48192. bio = BIO_new_mem_buf((void*)buf, bytes);
  48193. AssertNotNull(bio);
  48194. dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
  48195. AssertNotNull(dsa);
  48196. dh = wolfSSL_DSA_dup_DH(dsa);
  48197. AssertNotNull(dh);
  48198. BIO_free(bio);
  48199. DSA_free(dsa);
  48200. #elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
  48201. params = dh2048;
  48202. dh = wolfSSL_d2i_DHparams(NULL, &params, (long)sizeof(dh2048));
  48203. AssertNotNull(dh);
  48204. #else
  48205. dh = wolfSSL_DH_new_by_nid(NID_ffdhe2048);
  48206. AssertNotNull(dh);
  48207. #endif
  48208. /* Test assumed to be valid dh.
  48209. * Should return WOLFSSL_SUCCESS
  48210. * codes should be 0
  48211. * Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME}
  48212. */
  48213. AssertIntEQ(wolfSSL_DH_check(dh, &codes), 1);
  48214. AssertIntEQ(codes, 0);
  48215. /* Test NULL dh: expected BAD_FUNC_ARG */
  48216. AssertIntEQ(wolfSSL_DH_check(NULL, &codes), 0);
  48217. /* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */
  48218. pTmp = dh->p;
  48219. dh->p = NULL;
  48220. AssertIntEQ(wolfSSL_DH_check(dh, &codes), 1);
  48221. AssertIntEQ(wolfSSL_DH_check(dh, NULL), 0);
  48222. AssertIntEQ(codes, DH_CHECK_P_NOT_PRIME);
  48223. /* set dh->p back to normal so it wont fail on next tests */
  48224. dh->p = pTmp;
  48225. pTmp = NULL;
  48226. /* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */
  48227. gTmp = dh->g;
  48228. dh->g = NULL;
  48229. AssertIntEQ(wolfSSL_DH_check(dh, &codes), 1);
  48230. AssertIntEQ(wolfSSL_DH_check(dh, NULL), 0);
  48231. AssertIntEQ(codes, DH_NOT_SUITABLE_GENERATOR);
  48232. dh->g = gTmp;
  48233. gTmp = NULL;
  48234. /* Cleanup */
  48235. DH_free(dh);
  48236. dh = DH_new();
  48237. AssertNotNull(dh);
  48238. /* Check empty DH. */
  48239. AssertIntEQ(wolfSSL_DH_check(dh, &codes), 1);
  48240. AssertIntEQ(wolfSSL_DH_check(dh, NULL), 0);
  48241. AssertIntEQ(codes, DH_NOT_SUITABLE_GENERATOR | DH_CHECK_P_NOT_PRIME);
  48242. /* Check non-prime valued p. */
  48243. AssertNotNull(p = BN_new());
  48244. AssertIntEQ(BN_set_word(p, 4), 1);
  48245. AssertNotNull(g = BN_new());
  48246. AssertIntEQ(BN_set_word(g, 2), 1);
  48247. AssertIntEQ(DH_set0_pqg(dh, p, NULL, g), 1);
  48248. AssertIntEQ(wolfSSL_DH_check(dh, &codes), 1);
  48249. AssertIntEQ(wolfSSL_DH_check(dh, NULL), 0);
  48250. AssertIntEQ(codes, DH_CHECK_P_NOT_PRIME);
  48251. DH_free(dh);
  48252. res = TEST_RES_CHECK(1);
  48253. #endif
  48254. #endif /* !NO_DH && !NO_DSA */
  48255. #endif
  48256. return res;
  48257. }
  48258. static int test_wolfSSL_DH_prime(void)
  48259. {
  48260. int res = TEST_SKIPPED;
  48261. #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
  48262. WOLFSSL_BIGNUM* bn;
  48263. #if WOLFSSL_MAX_BN_BITS >= 768
  48264. WOLFSSL_BIGNUM* bn2;
  48265. #endif
  48266. bn = wolfSSL_DH_768_prime(NULL);
  48267. #if WOLFSSL_MAX_BN_BITS >= 768
  48268. AssertNotNull(bn);
  48269. bn2 = wolfSSL_DH_768_prime(bn);
  48270. AssertNotNull(bn2);
  48271. AssertTrue(bn == bn2);
  48272. wolfSSL_BN_free(bn);
  48273. #else
  48274. AssertNull(bn);
  48275. #endif
  48276. bn = wolfSSL_DH_1024_prime(NULL);
  48277. #if WOLFSSL_MAX_BN_BITS >= 1024
  48278. AssertNotNull(bn);
  48279. wolfSSL_BN_free(bn);
  48280. #else
  48281. AssertNull(bn);
  48282. #endif
  48283. bn = wolfSSL_DH_2048_prime(NULL);
  48284. #if WOLFSSL_MAX_BN_BITS >= 2048
  48285. AssertNotNull(bn);
  48286. wolfSSL_BN_free(bn);
  48287. #else
  48288. AssertNull(bn);
  48289. #endif
  48290. bn = wolfSSL_DH_3072_prime(NULL);
  48291. #if WOLFSSL_MAX_BN_BITS >= 3072
  48292. AssertNotNull(bn);
  48293. wolfSSL_BN_free(bn);
  48294. #else
  48295. AssertNull(bn);
  48296. #endif
  48297. bn = wolfSSL_DH_4096_prime(NULL);
  48298. #if WOLFSSL_MAX_BN_BITS >= 4096
  48299. AssertNotNull(bn);
  48300. wolfSSL_BN_free(bn);
  48301. #else
  48302. AssertNull(bn);
  48303. #endif
  48304. bn = wolfSSL_DH_6144_prime(NULL);
  48305. #if WOLFSSL_MAX_BN_BITS >= 6144
  48306. AssertNotNull(bn);
  48307. wolfSSL_BN_free(bn);
  48308. #else
  48309. AssertNull(bn);
  48310. #endif
  48311. bn = wolfSSL_DH_8192_prime(NULL);
  48312. #if WOLFSSL_MAX_BN_BITS >= 8192
  48313. AssertNotNull(bn);
  48314. wolfSSL_BN_free(bn);
  48315. #else
  48316. AssertNull(bn);
  48317. #endif
  48318. res = TEST_RES_CHECK(1);
  48319. #endif
  48320. return res;
  48321. }
  48322. static int test_wolfSSL_DH_1536_prime(void)
  48323. {
  48324. int res = TEST_SKIPPED;
  48325. #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
  48326. BIGNUM* bn;
  48327. unsigned char bits[200];
  48328. int sz = 192; /* known binary size */
  48329. const byte expected[] = {
  48330. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
  48331. 0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
  48332. 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
  48333. 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
  48334. 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
  48335. 0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
  48336. 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
  48337. 0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
  48338. 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
  48339. 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
  48340. 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
  48341. 0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
  48342. 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
  48343. 0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
  48344. 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
  48345. 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
  48346. 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
  48347. 0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
  48348. 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
  48349. 0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
  48350. 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
  48351. 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
  48352. 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,
  48353. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
  48354. };
  48355. bn = get_rfc3526_prime_1536(NULL);
  48356. AssertNotNull(bn);
  48357. AssertIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits));
  48358. AssertIntEQ(0, XMEMCMP(expected, bits, sz));
  48359. BN_free(bn);
  48360. res = TEST_RES_CHECK(1);
  48361. #endif
  48362. return res;
  48363. }
  48364. static int test_wolfSSL_DH_get_2048_256(void)
  48365. {
  48366. int res = TEST_SKIPPED;
  48367. #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
  48368. WOLFSSL_DH* dh;
  48369. const WOLFSSL_BIGNUM* pBn;
  48370. const WOLFSSL_BIGNUM* gBn;
  48371. const WOLFSSL_BIGNUM* qBn;
  48372. const byte pExpected[] = {
  48373. 0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C, 0xFF, 0xBB, 0xD1, 0x9C,
  48374. 0x65, 0x19, 0x59, 0x99, 0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2,
  48375. 0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00, 0xE0, 0x0D, 0xF8, 0xF1,
  48376. 0xD6, 0x19, 0x57, 0xD4, 0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30,
  48377. 0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA, 0x3B, 0xF4, 0x29, 0x6D,
  48378. 0x83, 0x0E, 0x9A, 0x7C, 0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD,
  48379. 0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED, 0x91, 0xF9, 0xE6, 0x72,
  48380. 0x5B, 0x47, 0x58, 0xC0, 0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B,
  48381. 0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88, 0xB9, 0x41, 0xF5, 0x4E,
  48382. 0xB1, 0xE5, 0x9B, 0xB8, 0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C,
  48383. 0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76, 0xB6, 0x3A, 0xCA, 0xE1,
  48384. 0xCA, 0xA6, 0xB7, 0x90, 0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E,
  48385. 0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB, 0x3A, 0xD8, 0x34, 0x77,
  48386. 0x96, 0x52, 0x4D, 0x8E, 0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9,
  48387. 0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25, 0x1C, 0xCA, 0xCB, 0x83,
  48388. 0xE6, 0xB4, 0x86, 0xF6, 0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26,
  48389. 0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56, 0xDE, 0xD4, 0x01, 0x0A,
  48390. 0xBD, 0x0B, 0xE6, 0x21, 0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3,
  48391. 0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03, 0xA4, 0xB5, 0x43, 0x30,
  48392. 0xC1, 0x98, 0xAF, 0x12, 0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F,
  48393. 0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA, 0xDB, 0x09, 0x4A, 0xE9,
  48394. 0x1E, 0x1A, 0x15, 0x97
  48395. };
  48396. const byte gExpected[] = {
  48397. 0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B, 0x2E, 0x77, 0x50, 0x66,
  48398. 0x60, 0xED, 0xBD, 0x48, 0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54,
  48399. 0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25, 0x10, 0xDB, 0xC1, 0x50,
  48400. 0x77, 0xBE, 0x46, 0x3F, 0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55,
  48401. 0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1, 0xBC, 0x37, 0x73, 0xBF,
  48402. 0x7E, 0x8C, 0x6F, 0x62, 0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18,
  48403. 0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65, 0x01, 0x96, 0xF9, 0x31,
  48404. 0xC7, 0x7A, 0x57, 0xF2, 0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B,
  48405. 0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62, 0x8A, 0xC3, 0x76, 0xD2,
  48406. 0x82, 0xD6, 0xED, 0x38, 0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83,
  48407. 0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93, 0xB5, 0x04, 0x5A, 0xF2,
  48408. 0x76, 0x71, 0x64, 0xE1, 0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55,
  48409. 0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80, 0xD0, 0x52, 0xB9, 0x85,
  48410. 0xD1, 0x82, 0xEA, 0x0A, 0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14,
  48411. 0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9, 0xB7, 0xD2, 0xBB, 0xD2,
  48412. 0xDF, 0x01, 0x61, 0x99, 0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15,
  48413. 0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37, 0x7F, 0xD0, 0x28, 0x37,
  48414. 0x0D, 0xF9, 0x2B, 0x52, 0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6,
  48415. 0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3, 0x2F, 0x63, 0x07, 0x84,
  48416. 0x90, 0xF0, 0x0E, 0xF8, 0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51,
  48417. 0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82, 0x66, 0x4B, 0x4C, 0x0F,
  48418. 0x6C, 0xC4, 0x16, 0x59
  48419. };
  48420. const byte qExpected[] = {
  48421. 0x8C, 0xF8, 0x36, 0x42, 0xA7, 0x09, 0xA0, 0x97, 0xB4, 0x47, 0x99, 0x76,
  48422. 0x40, 0x12, 0x9D, 0xA2, 0x99, 0xB1, 0xA4, 0x7D, 0x1E, 0xB3, 0x75, 0x0B,
  48423. 0xA3, 0x08, 0xB0, 0xFE, 0x64, 0xF5, 0xFB, 0xD3
  48424. };
  48425. int pSz;
  48426. int qSz;
  48427. int gSz;
  48428. byte* pReturned;
  48429. byte* qReturned;
  48430. byte* gReturned;
  48431. AssertNotNull((dh = wolfSSL_DH_get_2048_256()));
  48432. wolfSSL_DH_get0_pqg(dh, &pBn, &qBn, &gBn);
  48433. AssertIntGT((pSz = wolfSSL_BN_num_bytes(pBn)), 0);
  48434. AssertNotNull(pReturned = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
  48435. AssertIntGT((pSz = wolfSSL_BN_bn2bin(pBn, pReturned)), 0);
  48436. AssertIntEQ(pSz, sizeof(pExpected));
  48437. AssertIntEQ(XMEMCMP(pExpected, pReturned, pSz), 0);
  48438. AssertIntGT((qSz = wolfSSL_BN_num_bytes(qBn)), 0);
  48439. AssertNotNull(qReturned = (byte*)XMALLOC(qSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
  48440. AssertIntGT((qSz = wolfSSL_BN_bn2bin(qBn, qReturned)), 0);
  48441. AssertIntEQ(qSz, sizeof(qExpected));
  48442. AssertIntEQ(XMEMCMP(qExpected, qReturned, qSz), 0);
  48443. AssertIntGT((gSz = wolfSSL_BN_num_bytes(gBn)), 0);
  48444. AssertNotNull(gReturned = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
  48445. AssertIntGT((gSz = wolfSSL_BN_bn2bin(gBn, gReturned)), 0);
  48446. AssertIntEQ(gSz, sizeof(gExpected));
  48447. AssertIntEQ(XMEMCMP(gExpected, gReturned, gSz), 0);
  48448. wolfSSL_DH_free(dh);
  48449. XFREE(pReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  48450. XFREE(gReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  48451. XFREE(qReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  48452. res = TEST_RES_CHECK(1);
  48453. #endif
  48454. return res;
  48455. }
  48456. static int test_wolfSSL_PEM_write_DHparams(void)
  48457. {
  48458. int res = TEST_SKIPPED;
  48459. #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \
  48460. !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
  48461. DH* dh;
  48462. BIO* bio;
  48463. XFILE fp;
  48464. byte pem[2048];
  48465. int pemSz;
  48466. const char expected[] =
  48467. "-----BEGIN DH PARAMETERS-----\n"
  48468. "MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n"
  48469. "v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n"
  48470. "nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n"
  48471. "joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n"
  48472. "wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n"
  48473. "tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n"
  48474. "-----END DH PARAMETERS-----\n";
  48475. const char badPem[] =
  48476. "-----BEGIN DH PARAMETERS-----\n"
  48477. "-----END DH PARAMETERS-----\n";
  48478. const char emptySeqPem[] =
  48479. "-----BEGIN DH PARAMETERS-----\n"
  48480. "MAA=\n"
  48481. "-----END DH PARAMETERS-----\n";
  48482. AssertNotNull(fp = XFOPEN(dhParamFile, "rb"));
  48483. AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
  48484. XFCLOSE(fp);
  48485. AssertNull(PEM_read_bio_DHparams(NULL, NULL, NULL, NULL));
  48486. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  48487. AssertNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
  48488. AssertIntEQ(BIO_write(bio, badPem, (int)sizeof(badPem)),
  48489. (int)sizeof(badPem));
  48490. AssertNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
  48491. BIO_free(bio);
  48492. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  48493. AssertNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
  48494. AssertIntEQ(BIO_write(bio, emptySeqPem, (int)sizeof(emptySeqPem)),
  48495. (int)sizeof(emptySeqPem));
  48496. AssertNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
  48497. BIO_free(bio);
  48498. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  48499. AssertIntEQ(BIO_write(bio, pem, pemSz), pemSz);
  48500. AssertNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
  48501. BIO_free(bio);
  48502. AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
  48503. AssertIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
  48504. AssertIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE);
  48505. DH_free(dh);
  48506. dh = wolfSSL_DH_new();
  48507. AssertIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_FAILURE);
  48508. XFCLOSE(fp);
  48509. wolfSSL_DH_free(dh);
  48510. /* check results */
  48511. XMEMSET(pem, 0, sizeof(pem));
  48512. AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "rb"));
  48513. AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
  48514. AssertIntEQ(XMEMCMP(pem, expected, pemSz), 0);
  48515. XFCLOSE(fp);
  48516. res = TEST_RES_CHECK(1);
  48517. #endif
  48518. return res;
  48519. }
  48520. static int test_wolfSSL_d2i_DHparams(void)
  48521. {
  48522. int res = TEST_SKIPPED;
  48523. #ifdef OPENSSL_ALL
  48524. #if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
  48525. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  48526. FILE* f = NULL;
  48527. unsigned char buf[4096];
  48528. const unsigned char* pt = buf;
  48529. #ifdef HAVE_FFDHE_2048
  48530. const char* params1 = "./certs/dh2048.der";
  48531. #endif
  48532. #ifdef HAVE_FFDHE_3072
  48533. const char* params2 = "./certs/dh3072.der";
  48534. #endif
  48535. long len = 0;
  48536. WOLFSSL_DH* dh = NULL;
  48537. XMEMSET(buf, 0, sizeof(buf));
  48538. /* Test 2048 bit parameters */
  48539. #ifdef HAVE_FFDHE_2048
  48540. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  48541. f = XFOPEN(params1, "rb");
  48542. AssertTrue(f != XBADFILE);
  48543. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  48544. XFCLOSE(f);
  48545. /* Valid case */
  48546. AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
  48547. AssertNotNull(dh->p);
  48548. AssertNotNull(dh->g);
  48549. AssertTrue(pt == buf);
  48550. AssertIntEQ(DH_set_length(NULL, BN_num_bits(dh->p)), 0);
  48551. AssertIntEQ(DH_set_length(dh, BN_num_bits(dh->p)), 1);
  48552. AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
  48553. /* Invalid cases */
  48554. AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
  48555. AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
  48556. AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, 10));
  48557. DH_free(dh);
  48558. *buf = 0;
  48559. pt = buf;
  48560. res = TEST_RES_CHECK(1);
  48561. }
  48562. #endif /* HAVE_FFDHE_2048 */
  48563. /* Test 3072 bit parameters */
  48564. #ifdef HAVE_FFDHE_3072
  48565. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  48566. f = XFOPEN(params2, "rb");
  48567. AssertTrue(f != XBADFILE);
  48568. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  48569. XFCLOSE(f);
  48570. /* Valid case */
  48571. AssertNotNull(dh = wolfSSL_d2i_DHparams(&dh, &pt, len));
  48572. AssertNotNull(dh->p);
  48573. AssertNotNull(dh->g);
  48574. AssertTrue(pt != buf);
  48575. AssertIntEQ(DH_generate_key(dh), 1);
  48576. /* Invalid cases */
  48577. AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
  48578. AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
  48579. DH_free(dh);
  48580. res = TEST_RES_CHECK(1);
  48581. }
  48582. #endif /* HAVE_FFDHE_3072 */
  48583. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  48584. #endif /* !NO_DH */
  48585. #endif
  48586. return res;
  48587. }
  48588. static int test_wolfSSL_DH_LoadDer(void)
  48589. {
  48590. int res = TEST_SKIPPED;
  48591. #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) && \
  48592. defined(OPENSSL_EXTRA)
  48593. static const byte dh2048[] = {
  48594. 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01,
  48595. 0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13,
  48596. 0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5,
  48597. 0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a,
  48598. 0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53,
  48599. 0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84,
  48600. 0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1,
  48601. 0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91,
  48602. 0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66,
  48603. 0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9,
  48604. 0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e,
  48605. 0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d,
  48606. 0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d,
  48607. 0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75,
  48608. 0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa,
  48609. 0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93,
  48610. 0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c,
  48611. 0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35,
  48612. 0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e,
  48613. 0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76,
  48614. 0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62,
  48615. 0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0,
  48616. 0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40,
  48617. 0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a,
  48618. 0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4,
  48619. 0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4,
  48620. 0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90,
  48621. 0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58,
  48622. 0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f,
  48623. 0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6,
  48624. 0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67,
  48625. 0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7,
  48626. 0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f,
  48627. 0x93, 0x02, 0x01, 0x02
  48628. };
  48629. WOLFSSL_DH* dh;
  48630. dh = wolfSSL_DH_new();
  48631. AssertNotNull(dh);
  48632. AssertIntEQ(wolfSSL_DH_LoadDer(NULL, NULL, 0), -1);
  48633. AssertIntEQ(wolfSSL_DH_LoadDer(dh, NULL, 0), -1);
  48634. AssertIntEQ(wolfSSL_DH_LoadDer(NULL, dh2048, sizeof(dh2048)), -1);
  48635. AssertIntEQ(wolfSSL_DH_LoadDer(dh, dh2048, sizeof(dh2048)), 1);
  48636. wolfSSL_DH_free(dh);
  48637. res = TEST_RES_CHECK(1);
  48638. #endif
  48639. return res;
  48640. }
  48641. static int test_wolfSSL_i2d_DHparams(void)
  48642. {
  48643. int res = TEST_SKIPPED;
  48644. #ifdef OPENSSL_ALL
  48645. #if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
  48646. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  48647. FILE* f;
  48648. unsigned char buf[4096];
  48649. const unsigned char* pt;
  48650. unsigned char* pt2;
  48651. #ifdef HAVE_FFDHE_2048
  48652. const char* params1 = "./certs/dh2048.der";
  48653. #endif
  48654. #ifdef HAVE_FFDHE_3072
  48655. const char* params2 = "./certs/dh3072.der";
  48656. #endif
  48657. long len;
  48658. WOLFSSL_DH* dh;
  48659. /* Test 2048 bit parameters */
  48660. #ifdef HAVE_FFDHE_2048
  48661. pt = buf;
  48662. pt2 = buf;
  48663. f = XFOPEN(params1, "rb");
  48664. AssertTrue(f != XBADFILE);
  48665. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  48666. XFCLOSE(f);
  48667. /* Valid case */
  48668. AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
  48669. AssertTrue(pt == buf);
  48670. AssertIntEQ(DH_generate_key(dh), 1);
  48671. AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268);
  48672. /* Invalid case */
  48673. AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
  48674. /* Return length only */
  48675. AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268);
  48676. DH_free(dh);
  48677. *buf = 0;
  48678. #endif
  48679. /* Test 3072 bit parameters */
  48680. #ifdef HAVE_FFDHE_3072
  48681. pt = buf;
  48682. pt2 = buf;
  48683. f = XFOPEN(params2, "rb");
  48684. AssertTrue(f != XBADFILE);
  48685. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  48686. XFCLOSE(f);
  48687. /* Valid case */
  48688. AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
  48689. AssertTrue(pt == buf);
  48690. AssertIntEQ(DH_generate_key(dh), 1);
  48691. AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396);
  48692. /* Invalid case */
  48693. AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
  48694. /* Return length only */
  48695. AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396);
  48696. DH_free(dh);
  48697. #endif
  48698. dh = DH_new();
  48699. AssertNotNull(dh);
  48700. pt2 = buf;
  48701. AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 0);
  48702. DH_free(dh);
  48703. res = TEST_RES_CHECK(1);
  48704. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  48705. #endif /* !NO_DH && (HAVE_FFDHE_2048 || HAVE_FFDHE_3072) */
  48706. #endif
  48707. return res;
  48708. }
  48709. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  48710. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
  48711. static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
  48712. {
  48713. X509* x509 = NULL;
  48714. BIGNUM* serial_number = NULL;
  48715. X509_NAME* name = NULL;
  48716. time_t epoch_off = 0;
  48717. ASN1_INTEGER* asn1_serial_number;
  48718. long not_before, not_after;
  48719. AssertNotNull(x509 = X509_new());
  48720. AssertIntNE(X509_set_pubkey(x509, pkey), 0);
  48721. AssertNotNull(serial_number = BN_new());
  48722. AssertIntNE(BN_pseudo_rand(serial_number, 64, 0, 0), 0);
  48723. AssertNotNull(asn1_serial_number = X509_get_serialNumber(x509));
  48724. AssertNotNull(BN_to_ASN1_INTEGER(serial_number, asn1_serial_number));
  48725. /* version 3 */
  48726. AssertIntNE(X509_set_version(x509, 2L), 0);
  48727. AssertNotNull(name = X509_NAME_new());
  48728. AssertIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8,
  48729. (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0);
  48730. AssertIntNE(X509_set_subject_name(x509, name), 0);
  48731. AssertIntNE(X509_set_issuer_name(x509, name), 0);
  48732. not_before = (long)wc_Time(NULL);
  48733. not_after = not_before + (365 * 24 * 60 * 60);
  48734. AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &epoch_off));
  48735. AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &epoch_off));
  48736. AssertIntNE(X509_sign(x509, pkey, EVP_sha256()), 0);
  48737. BN_free(serial_number);
  48738. X509_NAME_free(name);
  48739. X509_free(x509);
  48740. return 0;
  48741. }
  48742. #endif
  48743. static int test_openssl_generate_key_and_cert(void)
  48744. {
  48745. int res = TEST_SKIPPED;
  48746. #if defined(OPENSSL_EXTRA)
  48747. #if !defined(NO_RSA)
  48748. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  48749. EVP_PKEY* pkey = EVP_PKEY_new();
  48750. int key_length = 2048;
  48751. BIGNUM* exponent = BN_new();
  48752. RSA* rsa = RSA_new();
  48753. AssertNotNull(pkey);
  48754. AssertNotNull(exponent);
  48755. AssertNotNull(rsa);
  48756. AssertIntNE(BN_set_word(exponent, WC_RSA_EXPONENT), 0);
  48757. #ifndef WOLFSSL_KEY_GEN
  48758. AssertIntEQ(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0);
  48759. #if defined(USE_CERT_BUFFERS_1024)
  48760. AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_1024,
  48761. sizeof_server_key_der_1024, WOLFSSL_RSA_LOAD_PRIVATE), 0);
  48762. key_length = 1024;
  48763. #elif defined(USE_CERT_BUFFERS_2048)
  48764. AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_2048,
  48765. sizeof_server_key_der_2048, WOLFSSL_RSA_LOAD_PRIVATE), 0);
  48766. #else
  48767. RSA_free(rsa);
  48768. rsa = NULL;
  48769. #endif
  48770. #else
  48771. AssertIntEQ(RSA_generate_key_ex(NULL, key_length, exponent, NULL), 0);
  48772. AssertIntEQ(RSA_generate_key_ex(rsa, 0, exponent, NULL), 0);
  48773. AssertIntEQ(RSA_generate_key_ex(rsa, key_length, NULL, NULL), 0);
  48774. AssertIntNE(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0);
  48775. #endif
  48776. if (rsa) {
  48777. AssertIntNE(EVP_PKEY_assign_RSA(pkey, rsa), 0);
  48778. BN_free(exponent);
  48779. #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
  48780. defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
  48781. test_openssl_make_self_signed_certificate(pkey);
  48782. #endif
  48783. }
  48784. EVP_PKEY_free(pkey);
  48785. res = TEST_RES_CHECK(1);
  48786. }
  48787. #endif /* !NO_RSA */
  48788. #ifdef HAVE_ECC
  48789. if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
  48790. EVP_PKEY* pkey = EVP_PKEY_new();
  48791. EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  48792. AssertNotNull(pkey);
  48793. AssertNotNull(ec_key);
  48794. #ifndef NO_WOLFSSL_STUB
  48795. EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
  48796. #endif
  48797. AssertIntNE(EC_KEY_generate_key(ec_key), 0);
  48798. AssertIntNE(EVP_PKEY_assign_EC_KEY(pkey, ec_key), 0);
  48799. #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
  48800. defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
  48801. test_openssl_make_self_signed_certificate(pkey);
  48802. #endif
  48803. EVP_PKEY_free(pkey);
  48804. res = TEST_RES_CHECK(1);
  48805. }
  48806. #endif /* HAVE_ECC */
  48807. #endif /* OPENSSL_EXTRA */
  48808. return res;
  48809. }
  48810. static int test_stubs_are_stubs(void)
  48811. {
  48812. int res = TEST_SKIPPED;
  48813. #if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB)
  48814. WOLFSSL_CTX* ctx = NULL;
  48815. WOLFSSL_CTX* ctxN = NULL;
  48816. #ifndef NO_WOLFSSL_CLIENT
  48817. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  48818. AssertNotNull(ctx);
  48819. #elif !defined(NO_WOLFSSL_SERVER)
  48820. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  48821. AssertNotNull(ctx);
  48822. #else
  48823. return res;
  48824. #endif
  48825. #define CHECKZERO_RET(x, y, z) AssertIntEQ((int) x(y), 0); \
  48826. AssertIntEQ((int) x(z), 0)
  48827. /* test logic, all stubs return same result regardless of ctx being NULL
  48828. * as there are no sanity checks, it's just a stub! If at some
  48829. * point a stub is not a stub it should begin to return BAD_FUNC_ARG
  48830. * if invalid inputs are supplied. Test calling both
  48831. * with and without valid inputs, if a stub functionality remains unchanged.
  48832. */
  48833. CHECKZERO_RET(wolfSSL_CTX_sess_accept, ctx, ctxN);
  48834. CHECKZERO_RET(wolfSSL_CTX_sess_connect, ctx, ctxN);
  48835. CHECKZERO_RET(wolfSSL_CTX_sess_accept_good, ctx, ctxN);
  48836. CHECKZERO_RET(wolfSSL_CTX_sess_connect_good, ctx, ctxN);
  48837. CHECKZERO_RET(wolfSSL_CTX_sess_accept_renegotiate, ctx, ctxN);
  48838. CHECKZERO_RET(wolfSSL_CTX_sess_connect_renegotiate, ctx, ctxN);
  48839. CHECKZERO_RET(wolfSSL_CTX_sess_hits, ctx, ctxN);
  48840. CHECKZERO_RET(wolfSSL_CTX_sess_cb_hits, ctx, ctxN);
  48841. CHECKZERO_RET(wolfSSL_CTX_sess_cache_full, ctx, ctxN);
  48842. CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN);
  48843. CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN);
  48844. wolfSSL_CTX_free(ctx);
  48845. ctx = NULL;
  48846. res = TEST_RES_CHECK(1);
  48847. #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB */
  48848. return res;
  48849. }
  48850. static int test_CONF_modules_xxx(void)
  48851. {
  48852. int res = TEST_SKIPPED;
  48853. #if defined(OPENSSL_EXTRA)
  48854. CONF_modules_free();
  48855. AssertTrue(1); /* to confirm previous call gives no harm */
  48856. CONF_modules_unload(0);
  48857. AssertTrue(1);
  48858. CONF_modules_unload(1);
  48859. AssertTrue(1);
  48860. CONF_modules_unload(-1);
  48861. AssertTrue(1);
  48862. res = TEST_RES_CHECK(1);
  48863. #endif /* OPENSSL_EXTRA */
  48864. return res;
  48865. }
  48866. static int test_CRYPTO_set_dynlock_xxx(void)
  48867. {
  48868. int res = TEST_SKIPPED;
  48869. #if defined(OPENSSL_EXTRA)
  48870. CRYPTO_set_dynlock_create_callback(
  48871. (struct CRYPTO_dynlock_value *(*)(const char*, int))NULL);
  48872. CRYPTO_set_dynlock_create_callback(
  48873. (struct CRYPTO_dynlock_value *(*)(const char*, int))1);
  48874. CRYPTO_set_dynlock_destroy_callback(
  48875. (void (*)(struct CRYPTO_dynlock_value*, const char*, int))NULL);
  48876. CRYPTO_set_dynlock_destroy_callback(
  48877. (void (*)(struct CRYPTO_dynlock_value*, const char*, int))1);
  48878. CRYPTO_set_dynlock_lock_callback(
  48879. (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))NULL);
  48880. CRYPTO_set_dynlock_lock_callback(
  48881. (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))1);
  48882. AssertTrue(1); /* to confirm previous call gives no harm */
  48883. res = TEST_RES_CHECK(1);
  48884. #endif /* OPENSSL_EXTRA */
  48885. return res;
  48886. }
  48887. static int test_CRYPTO_THREADID_xxx(void)
  48888. {
  48889. int res = TEST_SKIPPED;
  48890. #if defined(OPENSSL_EXTRA)
  48891. CRYPTO_THREADID_current((CRYPTO_THREADID*)NULL);
  48892. CRYPTO_THREADID_current((CRYPTO_THREADID*)1);
  48893. AssertIntEQ(CRYPTO_THREADID_hash((const CRYPTO_THREADID*)NULL), 0);
  48894. res = TEST_RES_CHECK(1);
  48895. #endif /* OPENSSL_EXTRA */
  48896. return res;
  48897. }
  48898. static int test_ENGINE_cleanup(void)
  48899. {
  48900. int res = TEST_SKIPPED;
  48901. #if defined(OPENSSL_EXTRA)
  48902. ENGINE_cleanup();
  48903. AssertTrue(1); /* to confirm previous call gives no harm */
  48904. res = TEST_RES_CHECK(1);
  48905. #endif /* OPENSSL_EXTRA */
  48906. return res;
  48907. }
  48908. static int test_wolfSSL_CTX_LoadCRL(void)
  48909. {
  48910. int res = TEST_SKIPPED;
  48911. #if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  48912. WOLFSSL_CTX* ctx = NULL;
  48913. WOLFSSL* ssl = NULL;
  48914. const char* badPath = "dummypath";
  48915. const char* validPath = "./certs/crl";
  48916. const char* validFilePath = "./certs/crl/cliCrl.pem";
  48917. const char* issuerCert = "./certs/client-cert.pem";
  48918. int derType = WOLFSSL_FILETYPE_ASN1;
  48919. int pemType = WOLFSSL_FILETYPE_PEM;
  48920. int monitor = WOLFSSL_CRL_MONITOR;
  48921. WOLFSSL_CERT_MANAGER* cm = NULL;
  48922. #define FAIL_T1(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
  48923. BAD_FUNC_ARG)
  48924. #define SUCC_T(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
  48925. WOLFSSL_SUCCESS)
  48926. FAIL_T1(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
  48927. #ifndef NO_WOLFSSL_CLIENT
  48928. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  48929. #elif !defined(NO_WOLFSSL_SERVER)
  48930. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  48931. #else
  48932. return;
  48933. #endif
  48934. SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
  48935. SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor);
  48936. SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor);
  48937. wolfSSL_CTX_free(ctx);
  48938. #ifndef NO_WOLFSSL_CLIENT
  48939. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  48940. #elif !defined(NO_WOLFSSL_SERVER)
  48941. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  48942. #else
  48943. return;
  48944. #endif
  48945. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL),
  48946. WOLFSSL_SUCCESS);
  48947. AssertIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, validFilePath, pemType), WOLFSSL_SUCCESS);
  48948. wolfSSL_CTX_free(ctx);
  48949. #ifndef NO_WOLFSSL_CLIENT
  48950. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  48951. #elif !defined(NO_WOLFSSL_SERVER)
  48952. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  48953. #else
  48954. return;
  48955. #endif
  48956. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL),
  48957. WOLFSSL_SUCCESS);
  48958. AssertNotNull(ssl = wolfSSL_new(ctx));
  48959. AssertIntEQ(wolfSSL_LoadCRLFile(ssl, validFilePath, pemType), WOLFSSL_SUCCESS);
  48960. wolfSSL_free(ssl);
  48961. wolfSSL_CTX_free(ctx);
  48962. AssertNotNull(cm = wolfSSL_CertManagerNew());
  48963. AssertIntEQ(wolfSSL_CertManagerLoadCA(cm, issuerCert, NULL),
  48964. WOLFSSL_SUCCESS);
  48965. AssertIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, validFilePath, pemType), WOLFSSL_SUCCESS);
  48966. wolfSSL_CertManagerFree(cm);
  48967. res = TEST_RES_CHECK(1);
  48968. #endif
  48969. return res;
  48970. }
  48971. static int test_SetTmpEC_DHE_Sz(void)
  48972. {
  48973. int res = TEST_SKIPPED;
  48974. #if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT)
  48975. WOLFSSL_CTX *ctx;
  48976. WOLFSSL *ssl;
  48977. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  48978. AssertNotNull(ctx);
  48979. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32));
  48980. ssl = wolfSSL_new(ctx);
  48981. AssertNotNull(ssl);
  48982. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32));
  48983. wolfSSL_free(ssl);
  48984. wolfSSL_CTX_free(ctx);
  48985. res = TEST_RES_CHECK(1);
  48986. #endif
  48987. return res;
  48988. }
  48989. static int test_wolfSSL_CTX_get0_privatekey(void)
  48990. {
  48991. int res = TEST_SKIPPED;
  48992. #ifdef OPENSSL_ALL
  48993. WOLFSSL_CTX* ctx = NULL;
  48994. #ifndef NO_RSA
  48995. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
  48996. AssertNull(SSL_CTX_get0_privatekey(ctx));
  48997. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  48998. WOLFSSL_FILETYPE_PEM));
  48999. AssertNull(SSL_CTX_get0_privatekey(ctx));
  49000. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  49001. WOLFSSL_FILETYPE_PEM));
  49002. AssertNotNull(SSL_CTX_get0_privatekey(ctx));
  49003. wolfSSL_CTX_free(ctx);
  49004. #endif
  49005. #ifdef HAVE_ECC
  49006. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
  49007. AssertNull(SSL_CTX_get0_privatekey(ctx));
  49008. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
  49009. WOLFSSL_FILETYPE_PEM));
  49010. AssertNull(SSL_CTX_get0_privatekey(ctx));
  49011. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
  49012. WOLFSSL_FILETYPE_PEM));
  49013. AssertNotNull(SSL_CTX_get0_privatekey(ctx));
  49014. wolfSSL_CTX_free(ctx);
  49015. #endif
  49016. res = TEST_RES_CHECK(1);
  49017. #endif
  49018. return res;
  49019. }
  49020. static int test_wolfSSL_dtls_set_mtu(void)
  49021. {
  49022. int res = TEST_SKIPPED;
  49023. #if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \
  49024. !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_DTLS)
  49025. WOLFSSL_CTX* ctx = NULL;
  49026. WOLFSSL* ssl = NULL;
  49027. const char* testCertFile;
  49028. const char* testKeyFile;
  49029. AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
  49030. #ifndef NO_RSA
  49031. testCertFile = svrCertFile;
  49032. testKeyFile = svrKeyFile;
  49033. #elif defined(HAVE_ECC)
  49034. testCertFile = eccCertFile;
  49035. testKeyFile = eccKeyFile;
  49036. #endif
  49037. if (testCertFile != NULL && testKeyFile != NULL) {
  49038. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
  49039. WOLFSSL_FILETYPE_PEM));
  49040. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
  49041. WOLFSSL_FILETYPE_PEM));
  49042. }
  49043. AssertNotNull(ssl = wolfSSL_new(ctx));
  49044. AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
  49045. AssertIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
  49046. AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG);
  49047. AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE);
  49048. AssertIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG);
  49049. AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS);
  49050. AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);
  49051. wolfSSL_free(ssl);
  49052. wolfSSL_CTX_free(ctx);
  49053. res = TEST_RES_CHECK(1);
  49054. #endif
  49055. return res;
  49056. }
  49057. #if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
  49058. defined(WOLFSSL_DTLS)
  49059. static WC_INLINE void generateDTLSMsg(byte* out, int outSz, word32 seq,
  49060. enum HandShakeType hsType, word16 length)
  49061. {
  49062. size_t idx = 0;
  49063. byte* l;
  49064. /* record layer */
  49065. /* handshake type */
  49066. out[idx++] = handshake;
  49067. /* protocol version */
  49068. out[idx++] = 0xfe;
  49069. out[idx++] = 0xfd; /* DTLS 1.2 */
  49070. /* epoch 0 */
  49071. XMEMSET(out + idx, 0, 2);
  49072. idx += 2;
  49073. /* sequence number */
  49074. XMEMSET(out + idx, 0, 6);
  49075. c32toa(seq, out + idx + 2);
  49076. idx += 6;
  49077. /* length in BE */
  49078. if (length)
  49079. c16toa(length, out + idx);
  49080. else
  49081. c16toa(outSz - idx - 2, out + idx);
  49082. idx += 2;
  49083. /* handshake layer */
  49084. /* handshake type */
  49085. out[idx++] = (byte)hsType;
  49086. /* length */
  49087. l = out + idx;
  49088. idx += 3;
  49089. /* message seq */
  49090. c16toa(0, out + idx);
  49091. idx += 2;
  49092. /* frag offset */
  49093. c32to24(0, out + idx);
  49094. idx += 3;
  49095. /* frag length */
  49096. c32to24((word32)outSz - (word32)idx - 3, l);
  49097. c32to24((word32)outSz - (word32)idx - 3, out + idx);
  49098. idx += 3;
  49099. XMEMSET(out + idx, 0, outSz - idx);
  49100. }
  49101. static void test_wolfSSL_dtls_plaintext_server(WOLFSSL* ssl)
  49102. {
  49103. byte msg[] = "This is a msg for the client";
  49104. byte reply[40];
  49105. AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)),0);
  49106. reply[sizeof(reply) - 1] = '\0';
  49107. fprintf(stderr, "Client message: %s\n", reply);
  49108. AssertIntEQ(wolfSSL_write(ssl, msg, sizeof(msg)), sizeof(msg));
  49109. }
  49110. static void test_wolfSSL_dtls_plaintext_client(WOLFSSL* ssl)
  49111. {
  49112. byte ch[50];
  49113. int fd = wolfSSL_get_fd(ssl);
  49114. byte msg[] = "This is a msg for the server";
  49115. byte reply[40];
  49116. generateDTLSMsg(ch, sizeof(ch), 20, client_hello, 0);
  49117. /* Server should ignore this datagram */
  49118. AssertIntEQ(send(fd, ch, sizeof(ch), 0), sizeof(ch));
  49119. generateDTLSMsg(ch, sizeof(ch), 20, client_hello, 10000);
  49120. /* Server should ignore this datagram */
  49121. AssertIntEQ(send(fd, ch, sizeof(ch), 0), sizeof(ch));
  49122. AssertIntEQ(wolfSSL_write(ssl, msg, sizeof(msg)), sizeof(msg));
  49123. AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)),0);
  49124. reply[sizeof(reply) - 1] = '\0';
  49125. fprintf(stderr, "Server response: %s\n", reply);
  49126. }
  49127. static int test_wolfSSL_dtls_plaintext(void)
  49128. {
  49129. callback_functions func_cb_client;
  49130. callback_functions func_cb_server;
  49131. size_t i;
  49132. struct test_params {
  49133. method_provider client_meth;
  49134. method_provider server_meth;
  49135. ssl_callback on_result_server;
  49136. ssl_callback on_result_client;
  49137. } params[] = {
  49138. {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method,
  49139. test_wolfSSL_dtls_plaintext_server,
  49140. test_wolfSSL_dtls_plaintext_client},
  49141. };
  49142. for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
  49143. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  49144. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  49145. func_cb_client.doUdp = func_cb_server.doUdp = 1;
  49146. func_cb_server.method = params[i].server_meth;
  49147. func_cb_client.method = params[i].client_meth;
  49148. func_cb_client.on_result = params[i].on_result_client;
  49149. func_cb_server.on_result = params[i].on_result_server;
  49150. test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
  49151. if (!func_cb_client.return_code)
  49152. return TEST_FAIL;
  49153. if (!func_cb_server.return_code)
  49154. return TEST_FAIL;
  49155. }
  49156. return TEST_RES_CHECK(1);
  49157. }
  49158. #else
  49159. static int test_wolfSSL_dtls_plaintext(void) {
  49160. return TEST_SKIPPED;
  49161. }
  49162. #endif
  49163. #if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
  49164. defined(WOLFSSL_DTLS)
  49165. static void test_wolfSSL_dtls12_fragments_spammer(WOLFSSL* ssl)
  49166. {
  49167. byte b[1100]; /* buffer for the messages to send */
  49168. size_t idx = 0;
  49169. size_t seq_offset = 0;
  49170. size_t msg_offset = 0;
  49171. int i;
  49172. int fd = wolfSSL_get_fd(ssl);
  49173. int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */
  49174. word32 seq_number = 100; /* start high so server definitely reads this */
  49175. word16 msg_number = 50; /* start high so server has to buffer this */
  49176. AssertIntEQ(ret, 1);
  49177. /* Now let's start spamming the peer with fragments it needs to store */
  49178. XMEMSET(b, -1, sizeof(b));
  49179. /* record layer */
  49180. /* handshake type */
  49181. b[idx++] = 22;
  49182. /* protocol version */
  49183. b[idx++] = 0xfe;
  49184. b[idx++] = 0xfd; /* DTLS 1.2 */
  49185. /* epoch 0 */
  49186. XMEMSET(b + idx, 0, 2);
  49187. idx += 2;
  49188. /* sequence number */
  49189. XMEMSET(b + idx, 0, 6);
  49190. seq_offset = idx + 2; /* increment only the low 32 bits */
  49191. idx += 6;
  49192. /* static length in BE */
  49193. c16toa(42, b + idx);
  49194. idx += 2;
  49195. /* handshake layer */
  49196. /* cert type */
  49197. b[idx++] = 11;
  49198. /* length */
  49199. c32to24(1000, b + idx);
  49200. idx += 3;
  49201. /* message seq */
  49202. c16toa(0, b + idx);
  49203. msg_offset = idx;
  49204. idx += 2;
  49205. /* frag offset */
  49206. c32to24(500, b + idx);
  49207. idx += 3;
  49208. /* frag length */
  49209. c32to24(30, b + idx);
  49210. idx += 3;
  49211. (void)idx; /* inhibit clang-analyzer-deadcode.DeadStores */
  49212. for (i = 0; i < DTLS_POOL_SZ * 2 && ret > 0;
  49213. seq_number++, msg_number++, i++) {
  49214. struct timespec delay;
  49215. XMEMSET(&delay, 0, sizeof(delay));
  49216. delay.tv_nsec = 10000000; /* wait 0.01 seconds */
  49217. c32toa(seq_number, b + seq_offset);
  49218. c16toa(msg_number, b + msg_offset);
  49219. ret = (int)send(fd, b, 55, 0);
  49220. nanosleep(&delay, NULL);
  49221. }
  49222. }
  49223. #ifdef WOLFSSL_DTLS13
  49224. static void test_wolfSSL_dtls13_fragments_spammer(WOLFSSL* ssl)
  49225. {
  49226. byte b[150]; /* buffer for the messages to send */
  49227. size_t idx = 0;
  49228. size_t msg_offset = 0;
  49229. int fd = wolfSSL_get_fd(ssl);
  49230. word16 msg_number = 10; /* start high so server has to buffer this */
  49231. int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */
  49232. AssertIntEQ(ret, 1);
  49233. /* Now let's start spamming the peer with fragments it needs to store */
  49234. XMEMSET(b, -1, sizeof(b));
  49235. /* handshake type */
  49236. b[idx++] = 11;
  49237. /* length */
  49238. c32to24(10000, b + idx);
  49239. idx += 3;
  49240. /* message_seq */
  49241. msg_offset = idx;
  49242. idx += 2;
  49243. /* fragment_offset */
  49244. c32to24(5000, b + idx);
  49245. idx += 3;
  49246. /* fragment_length */
  49247. c32to24(100, b + idx);
  49248. idx += 3;
  49249. /* fragment contents */
  49250. idx += 100;
  49251. for (; ret > 0; msg_number++) {
  49252. byte sendBuf[150];
  49253. int sendSz = sizeof(sendBuf);
  49254. struct timespec delay;
  49255. XMEMSET(&delay, 0, sizeof(delay));
  49256. delay.tv_nsec = 10000000; /* wait 0.01 seconds */
  49257. c16toa(msg_number, b + msg_offset);
  49258. sendSz = BuildTls13Message(ssl, sendBuf, sendSz, b,
  49259. (int)idx, handshake, 0, 0, 0);
  49260. ret = (int)send(fd, sendBuf, (size_t)sendSz, 0);
  49261. nanosleep(&delay, NULL);
  49262. }
  49263. }
  49264. #endif
  49265. static int test_wolfSSL_dtls_fragments(void)
  49266. {
  49267. callback_functions func_cb_client;
  49268. callback_functions func_cb_server;
  49269. size_t i;
  49270. struct test_params {
  49271. method_provider client_meth;
  49272. method_provider server_meth;
  49273. ssl_callback spammer;
  49274. } params[] = {
  49275. {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method,
  49276. test_wolfSSL_dtls12_fragments_spammer},
  49277. #ifdef WOLFSSL_DTLS13
  49278. {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
  49279. test_wolfSSL_dtls13_fragments_spammer},
  49280. #endif
  49281. };
  49282. for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
  49283. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  49284. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  49285. func_cb_client.doUdp = func_cb_server.doUdp = 1;
  49286. func_cb_server.method = params[i].server_meth;
  49287. func_cb_client.method = params[i].client_meth;
  49288. func_cb_client.ssl_ready = params[i].spammer;
  49289. test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
  49290. AssertFalse(func_cb_client.return_code);
  49291. AssertFalse(func_cb_server.return_code);
  49292. /* The socket should be closed by the server resulting in a
  49293. * socket error */
  49294. AssertIntEQ(func_cb_client.last_err, SOCKET_ERROR_E);
  49295. /* Check the server returned an error indicating the msg buffer
  49296. * was full */
  49297. AssertIntEQ(func_cb_server.last_err, DTLS_TOO_MANY_FRAGMENTS_E);
  49298. }
  49299. return TEST_RES_CHECK(1);
  49300. }
  49301. static void test_wolfSSL_dtls_send_alert(WOLFSSL* ssl)
  49302. {
  49303. int fd, ret;
  49304. byte alert_msg[] = {
  49305. 0x15, /* alert type */
  49306. 0xfe, 0xfd, /* version */
  49307. 0x00, 0x00, /* epoch */
  49308. 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, /* seq number */
  49309. 0x00, 0x02, /* length */
  49310. 0x02, /* level: fatal */
  49311. 0x46 /* protocol version */
  49312. };
  49313. fd = wolfSSL_get_fd(ssl);
  49314. ret = (int)send(fd, alert_msg, sizeof(alert_msg), 0);
  49315. AssertIntGT(ret, 0);
  49316. }
  49317. static int _test_wolfSSL_ignore_alert_before_cookie(byte version12)
  49318. {
  49319. callback_functions client_cbs, server_cbs;
  49320. XMEMSET(&client_cbs, 0, sizeof(client_cbs));
  49321. XMEMSET(&server_cbs, 0, sizeof(server_cbs));
  49322. client_cbs.doUdp = server_cbs.doUdp = 1;
  49323. if (version12) {
  49324. client_cbs.method = wolfDTLSv1_2_client_method;
  49325. server_cbs.method = wolfDTLSv1_2_server_method;
  49326. }
  49327. else {
  49328. #ifdef WOLFSSL_DTLS13
  49329. client_cbs.method = wolfDTLSv1_3_client_method;
  49330. server_cbs.method = wolfDTLSv1_3_server_method;
  49331. #else
  49332. return TEST_SKIPPED;
  49333. #endif /* WOLFSSL_DTLS13 */
  49334. }
  49335. client_cbs.ssl_ready = test_wolfSSL_dtls_send_alert;
  49336. test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
  49337. if (!client_cbs.return_code)
  49338. return TEST_FAIL;
  49339. if (!server_cbs.return_code)
  49340. return TEST_FAIL;
  49341. return TEST_SUCCESS;
  49342. }
  49343. static int test_wolfSSL_ignore_alert_before_cookie(void)
  49344. {
  49345. int ret;
  49346. ret =_test_wolfSSL_ignore_alert_before_cookie(0);
  49347. if (ret != 0)
  49348. return ret;
  49349. ret =_test_wolfSSL_ignore_alert_before_cookie(1);
  49350. if (ret != 0)
  49351. return ret;
  49352. return 0;
  49353. }
  49354. static void test_wolfSSL_send_bad_record(WOLFSSL* ssl)
  49355. {
  49356. int ret;
  49357. int fd;
  49358. byte bad_msg[] = {
  49359. 0x17, /* app data */
  49360. 0xaa, 0xfd, /* bad version */
  49361. 0x00, 0x01, /* epoch 1 */
  49362. 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, /* not seen seq number */
  49363. 0x00, 0x26, /* length: 38 bytes */
  49364. 0xae, 0x30, 0x31, 0xb1, 0xf1, 0xb9, 0x6f, 0xda, 0x17, 0x19, 0xd9, 0x57,
  49365. 0xa9, 0x9d, 0x5c, 0x51, 0x9b, 0x53, 0x63, 0xa5, 0x24, 0x70, 0xa1,
  49366. 0xae, 0xdf, 0x1c, 0xb9, 0xfc, 0xe3, 0xd7, 0x77, 0x6d, 0xb6, 0x89, 0x0f,
  49367. 0x03, 0x18, 0x72
  49368. };
  49369. fd = wolfSSL_get_fd(ssl);
  49370. AssertIntGE(fd, 0);
  49371. ret = (int)send(fd, bad_msg, sizeof(bad_msg), 0);
  49372. AssertIntEQ(ret, sizeof(bad_msg));
  49373. ret = wolfSSL_write(ssl, "badrecordtest", sizeof("badrecordtest"));
  49374. AssertIntEQ(ret, sizeof("badrecordtest"));
  49375. }
  49376. static void test_wolfSSL_read_string(WOLFSSL* ssl)
  49377. {
  49378. byte buf[100];
  49379. int ret;
  49380. ret = wolfSSL_read(ssl, buf, sizeof(buf));
  49381. AssertIntGT(ret, 0);
  49382. AssertIntEQ(strcmp((char*)buf, "badrecordtest"), 0);
  49383. }
  49384. static int _test_wolfSSL_dtls_bad_record(
  49385. method_provider client_method, method_provider server_method)
  49386. {
  49387. callback_functions client_cbs, server_cbs;
  49388. XMEMSET(&client_cbs, 0, sizeof(client_cbs));
  49389. XMEMSET(&server_cbs, 0, sizeof(server_cbs));
  49390. client_cbs.doUdp = server_cbs.doUdp = 1;
  49391. client_cbs.method = client_method;
  49392. server_cbs.method = server_method;
  49393. client_cbs.on_result = test_wolfSSL_send_bad_record;
  49394. server_cbs.on_result = test_wolfSSL_read_string;
  49395. test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
  49396. if (!client_cbs.return_code)
  49397. return TEST_FAIL;
  49398. if (!server_cbs.return_code)
  49399. return TEST_FAIL;
  49400. return TEST_SUCCESS;
  49401. }
  49402. static int test_wolfSSL_dtls_bad_record(void)
  49403. {
  49404. int ret;
  49405. ret = _test_wolfSSL_dtls_bad_record(wolfDTLSv1_2_client_method,
  49406. wolfDTLSv1_2_server_method);
  49407. #ifdef WOLFSSL_DTLS13
  49408. if (ret != TEST_SUCCESS)
  49409. return ret;
  49410. return _test_wolfSSL_dtls_bad_record(wolfDTLSv1_3_client_method,
  49411. wolfDTLSv1_3_server_method);
  49412. #else
  49413. return ret;
  49414. #endif /* WOLFSSL_DTLS13 */
  49415. }
  49416. #else
  49417. static int test_wolfSSL_dtls_fragments(void) {
  49418. return TEST_SKIPPED;
  49419. }
  49420. static int test_wolfSSL_ignore_alert_before_cookie(void) {
  49421. return TEST_SKIPPED;
  49422. }
  49423. static int test_wolfSSL_dtls_bad_record(void) {
  49424. return TEST_SKIPPED;
  49425. }
  49426. #endif
  49427. #if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
  49428. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
  49429. defined(HAVE_IO_TESTS_DEPENDENCIES)
  49430. static byte test_AEAD_fail_decryption = 0;
  49431. static byte test_AEAD_seq_num = 0;
  49432. static byte test_AEAD_done = 0;
  49433. static int test_AEAD_cbiorecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
  49434. {
  49435. int ret = (int)recv(wolfSSL_get_fd(ssl), buf, sz, 0);
  49436. if (ret > 0) {
  49437. if (test_AEAD_fail_decryption) {
  49438. /* Modify the packet to trigger a decryption failure */
  49439. buf[ret/2] ^= 0xFF;
  49440. if (test_AEAD_fail_decryption == 1)
  49441. test_AEAD_fail_decryption = 0;
  49442. }
  49443. }
  49444. (void)ctx;
  49445. return ret;
  49446. }
  49447. static void test_AEAD_get_limits(WOLFSSL* ssl, w64wrapper* hardLimit,
  49448. w64wrapper* keyUpdateLimit, w64wrapper* sendLimit)
  49449. {
  49450. if (sendLimit)
  49451. w64Zero(sendLimit);
  49452. switch (ssl->specs.bulk_cipher_algorithm) {
  49453. case wolfssl_aes_gcm:
  49454. if (sendLimit)
  49455. *sendLimit = AEAD_AES_LIMIT;
  49456. FALL_THROUGH;
  49457. case wolfssl_chacha:
  49458. if (hardLimit)
  49459. *hardLimit = DTLS_AEAD_AES_GCM_CHACHA_FAIL_LIMIT;
  49460. if (keyUpdateLimit)
  49461. *keyUpdateLimit = DTLS_AEAD_AES_GCM_CHACHA_FAIL_KU_LIMIT;
  49462. break;
  49463. case wolfssl_aes_ccm:
  49464. if (sendLimit)
  49465. *sendLimit = DTLS_AEAD_AES_CCM_LIMIT;
  49466. if (ssl->specs.aead_mac_size == AES_CCM_8_AUTH_SZ) {
  49467. if (hardLimit)
  49468. *hardLimit = DTLS_AEAD_AES_CCM_8_FAIL_LIMIT;
  49469. if (keyUpdateLimit)
  49470. *keyUpdateLimit = DTLS_AEAD_AES_CCM_8_FAIL_KU_LIMIT;
  49471. }
  49472. else {
  49473. if (hardLimit)
  49474. *hardLimit = DTLS_AEAD_AES_CCM_FAIL_LIMIT;
  49475. if (keyUpdateLimit)
  49476. *keyUpdateLimit = DTLS_AEAD_AES_CCM_FAIL_KU_LIMIT;
  49477. }
  49478. break;
  49479. default:
  49480. fprintf(stderr, "Unrecognized bulk cipher");
  49481. AssertFalse(1);
  49482. break;
  49483. }
  49484. }
  49485. static void test_AEAD_limit_client(WOLFSSL* ssl)
  49486. {
  49487. int ret;
  49488. int i;
  49489. int didReKey = 0;
  49490. char msgBuf[20];
  49491. w64wrapper hardLimit;
  49492. w64wrapper keyUpdateLimit;
  49493. w64wrapper counter;
  49494. w64wrapper sendLimit;
  49495. test_AEAD_get_limits(ssl, &hardLimit, &keyUpdateLimit, &sendLimit);
  49496. w64Zero(&counter);
  49497. AssertTrue(w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->dropCount, counter));
  49498. wolfSSL_SSLSetIORecv(ssl, test_AEAD_cbiorecv);
  49499. for (i = 0; i < 10; i++) {
  49500. /* Test some failed decryptions */
  49501. test_AEAD_fail_decryption = 1;
  49502. w64Increment(&counter);
  49503. ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
  49504. /* Should succeed since decryption failures are dropped */
  49505. AssertIntGT(ret, 0);
  49506. AssertTrue(w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount, counter));
  49507. }
  49508. test_AEAD_fail_decryption = 1;
  49509. Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount = keyUpdateLimit;
  49510. w64Increment(&Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount);
  49511. /* 100 read calls should be enough to complete the key update */
  49512. w64Zero(&counter);
  49513. for (i = 0; i < 100; i++) {
  49514. /* Key update should be sent and negotiated */
  49515. ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
  49516. AssertIntGT(ret, 0);
  49517. /* Epoch after one key update is 4 */
  49518. if (w64Equal(ssl->dtls13PeerEpoch, w64From32(0, 4)) &&
  49519. w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount, counter)) {
  49520. didReKey = 1;
  49521. break;
  49522. }
  49523. }
  49524. AssertTrue(didReKey);
  49525. if (!w64IsZero(sendLimit)) {
  49526. /* Test the sending limit for AEAD ciphers */
  49527. Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit;
  49528. test_AEAD_seq_num = 1;
  49529. ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf));
  49530. AssertIntGT(ret, 0);
  49531. didReKey = 0;
  49532. w64Zero(&counter);
  49533. /* 100 read calls should be enough to complete the key update */
  49534. for (i = 0; i < 100; i++) {
  49535. /* Key update should be sent and negotiated */
  49536. ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
  49537. AssertIntGT(ret, 0);
  49538. /* Epoch after another key update is 5 */
  49539. if (w64Equal(ssl->dtls13Epoch, w64From32(0, 5)) &&
  49540. w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->dropCount, counter)) {
  49541. didReKey = 1;
  49542. break;
  49543. }
  49544. }
  49545. AssertTrue(didReKey);
  49546. }
  49547. test_AEAD_fail_decryption = 2;
  49548. Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount = hardLimit;
  49549. w64Decrement(&Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount);
  49550. /* Connection should fail with a DECRYPT_ERROR */
  49551. ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
  49552. AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
  49553. AssertIntEQ(wolfSSL_get_error(ssl, ret), DECRYPT_ERROR);
  49554. test_AEAD_done = 1;
  49555. }
  49556. int counter = 0;
  49557. static void test_AEAD_limit_server(WOLFSSL* ssl)
  49558. {
  49559. char msgBuf[] = "Sending data";
  49560. int ret = WOLFSSL_SUCCESS;
  49561. w64wrapper sendLimit;
  49562. SOCKET_T fd = wolfSSL_get_fd(ssl);
  49563. struct timespec delay;
  49564. XMEMSET(&delay, 0, sizeof(delay));
  49565. delay.tv_nsec = 100000000; /* wait 0.1 seconds */
  49566. tcp_set_nonblocking(&fd); /* So that read doesn't block */
  49567. test_AEAD_get_limits(ssl, NULL, NULL, &sendLimit);
  49568. while (!test_AEAD_done && ret > 0) {
  49569. counter++;
  49570. if (test_AEAD_seq_num) {
  49571. /* We need to update the seq number so that we can understand the
  49572. * peer. Otherwise we will incorrectly interpret the seq number. */
  49573. Dtls13Epoch* e = Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch);
  49574. AssertNotNull(e);
  49575. e->nextPeerSeqNumber = sendLimit;
  49576. test_AEAD_seq_num = 0;
  49577. }
  49578. (void)wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
  49579. ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf));
  49580. nanosleep(&delay, NULL);
  49581. }
  49582. }
  49583. static int test_wolfSSL_dtls_AEAD_limit(void)
  49584. {
  49585. callback_functions func_cb_client;
  49586. callback_functions func_cb_server;
  49587. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  49588. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  49589. func_cb_client.doUdp = func_cb_server.doUdp = 1;
  49590. func_cb_server.method = wolfDTLSv1_3_server_method;
  49591. func_cb_client.method = wolfDTLSv1_3_client_method;
  49592. func_cb_server.on_result = test_AEAD_limit_server;
  49593. func_cb_client.on_result = test_AEAD_limit_client;
  49594. test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
  49595. if (!func_cb_client.return_code)
  49596. return TEST_FAIL;
  49597. if (!func_cb_server.return_code)
  49598. return TEST_FAIL;
  49599. return TEST_SUCCESS;
  49600. }
  49601. #else
  49602. static int test_wolfSSL_dtls_AEAD_limit(void)
  49603. {
  49604. return TEST_SKIPPED;
  49605. }
  49606. #endif
  49607. #if defined(WOLFSSL_DTLS) && \
  49608. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
  49609. static void test_wolfSSL_dtls_send_ch(WOLFSSL* ssl)
  49610. {
  49611. int fd, ret;
  49612. byte ch_msg[] = {
  49613. 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
  49614. 0xfa, 0x01, 0x00, 0x01, 0xee, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
  49615. 0xee, 0xfe, 0xfd, 0xc0, 0xca, 0xb5, 0x6f, 0x3d, 0x23, 0xcc, 0x53, 0x9a,
  49616. 0x67, 0x17, 0x70, 0xd3, 0xfb, 0x23, 0x16, 0x9e, 0x4e, 0xd6, 0x7e, 0x29,
  49617. 0xab, 0xfa, 0x4c, 0xa5, 0x84, 0x95, 0xc3, 0xdb, 0x21, 0x9a, 0x52, 0x00,
  49618. 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0,
  49619. 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc,
  49620. 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
  49621. 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00,
  49622. 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x01,
  49623. 0x8e, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x0d, 0x00, 0x20,
  49624. 0x00, 0x1e, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06,
  49625. 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01,
  49626. 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x0c,
  49627. 0x00, 0x0a, 0x00, 0x19, 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01, 0x00,
  49628. 0x00, 0x16, 0x00, 0x00, 0x00, 0x33, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17,
  49629. 0x00, 0x41, 0x04, 0x96, 0xcb, 0x2e, 0x4e, 0xd9, 0x88, 0x71, 0xc7, 0xf3,
  49630. 0x1a, 0x16, 0xdd, 0x7a, 0x7c, 0xf7, 0x67, 0x8a, 0x5d, 0x9a, 0x55, 0xa6,
  49631. 0x4a, 0x90, 0xd9, 0xfb, 0xc7, 0xfb, 0xbe, 0x09, 0xa9, 0x8a, 0xb5, 0x7a,
  49632. 0xd1, 0xde, 0x83, 0x74, 0x27, 0x31, 0x1c, 0xaa, 0xae, 0xef, 0x58, 0x43,
  49633. 0x13, 0x7d, 0x15, 0x4d, 0x7f, 0x68, 0xf6, 0x8a, 0x38, 0xef, 0x0e, 0xb3,
  49634. 0xcf, 0xb8, 0x4a, 0xa9, 0xb4, 0xd7, 0xcb, 0x01, 0x00, 0x01, 0x00, 0x1d,
  49635. 0x0a, 0x22, 0x8a, 0xd1, 0x78, 0x85, 0x1e, 0x5a, 0xe1, 0x1d, 0x1e, 0xb7,
  49636. 0x2d, 0xbc, 0x5f, 0x52, 0xbc, 0x97, 0x5d, 0x8b, 0x6a, 0x8b, 0x9d, 0x1e,
  49637. 0xb1, 0xfc, 0x8a, 0xb2, 0x56, 0xcd, 0xed, 0x4b, 0xfb, 0x66, 0x3f, 0x59,
  49638. 0x3f, 0x15, 0x5d, 0x09, 0x9e, 0x2f, 0x60, 0x5b, 0x31, 0x81, 0x27, 0xf0,
  49639. 0x1c, 0xda, 0xcd, 0x48, 0x66, 0xc6, 0xbb, 0x25, 0xf0, 0x5f, 0xda, 0x4c,
  49640. 0xcf, 0x1d, 0x88, 0xc8, 0xda, 0x1b, 0x53, 0xea, 0xbd, 0xce, 0x6d, 0xf6,
  49641. 0x4a, 0x76, 0xdb, 0x75, 0x99, 0xaf, 0xcf, 0x76, 0x4a, 0xfb, 0xe3, 0xef,
  49642. 0xb2, 0xcb, 0xae, 0x4a, 0xc0, 0xe8, 0x63, 0x1f, 0xd6, 0xe8, 0xe6, 0x45,
  49643. 0xf9, 0xea, 0x0d, 0x06, 0x19, 0xfc, 0xb1, 0xfd, 0x5d, 0x92, 0x89, 0x7b,
  49644. 0xc7, 0x9f, 0x1a, 0xb3, 0x2b, 0xc7, 0xad, 0x0e, 0xfb, 0x13, 0x41, 0x83,
  49645. 0x84, 0x58, 0x3a, 0x25, 0xb9, 0x49, 0x35, 0x1c, 0x23, 0xcb, 0xd6, 0xe7,
  49646. 0xc2, 0x8c, 0x4b, 0x2a, 0x73, 0xa1, 0xdf, 0x4f, 0x73, 0x9b, 0xb3, 0xd2,
  49647. 0xb2, 0x95, 0x00, 0x3c, 0x26, 0x09, 0x89, 0x71, 0x05, 0x39, 0xc8, 0x98,
  49648. 0x8f, 0xed, 0x32, 0x15, 0x78, 0xcd, 0xd3, 0x7e, 0xfb, 0x5a, 0x78, 0x2a,
  49649. 0xdc, 0xca, 0x20, 0x09, 0xb5, 0x14, 0xf9, 0xd4, 0x58, 0xf6, 0x69, 0xf8,
  49650. 0x65, 0x9f, 0xb7, 0xe4, 0x93, 0xf1, 0xa3, 0x84, 0x7e, 0x1b, 0x23, 0x5d,
  49651. 0xea, 0x59, 0x3e, 0x4d, 0xca, 0xfd, 0xa5, 0x55, 0xdd, 0x99, 0xb5, 0x02,
  49652. 0xf8, 0x0d, 0xe5, 0xf4, 0x06, 0xb0, 0x43, 0x9e, 0x2e, 0xbf, 0x05, 0x33,
  49653. 0x65, 0x7b, 0x13, 0x8c, 0xf9, 0x16, 0x4d, 0xc5, 0x15, 0x0b, 0x40, 0x2f,
  49654. 0x66, 0x94, 0xf2, 0x43, 0x95, 0xe7, 0xa9, 0xb6, 0x39, 0x99, 0x73, 0xb3,
  49655. 0xb0, 0x06, 0xfe, 0x52, 0x9e, 0x57, 0xba, 0x75, 0xfd, 0x76, 0x7b, 0x20,
  49656. 0x31, 0x68, 0x4c
  49657. };
  49658. fd = wolfSSL_get_fd(ssl);
  49659. ret = (int)send(fd, ch_msg, sizeof(ch_msg), 0);
  49660. AssertIntGT(ret, 0);
  49661. /* consume the HRR otherwise handshake will fail */
  49662. ret = (int)recv(fd, ch_msg, sizeof(ch_msg), 0);
  49663. AssertIntGT(ret, 0);
  49664. }
  49665. #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
  49666. static void test_wolfSSL_dtls_enable_hrrcookie(WOLFSSL* ssl)
  49667. {
  49668. int ret;
  49669. ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0);
  49670. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  49671. }
  49672. #endif
  49673. static int test_wolfSSL_dtls_stateless(void)
  49674. {
  49675. callback_functions client_cbs, server_cbs;
  49676. size_t i;
  49677. struct {
  49678. method_provider client_meth;
  49679. method_provider server_meth;
  49680. ssl_callback client_ssl_ready;
  49681. ssl_callback server_ssl_ready;
  49682. } test_params[] = {
  49683. {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method,
  49684. test_wolfSSL_dtls_send_ch, NULL},
  49685. #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
  49686. {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
  49687. test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_enable_hrrcookie},
  49688. #endif
  49689. };
  49690. for (i = 0; i < sizeof(test_params)/sizeof(*test_params); i++) {
  49691. XMEMSET(&client_cbs, 0, sizeof(client_cbs));
  49692. XMEMSET(&server_cbs, 0, sizeof(server_cbs));
  49693. client_cbs.doUdp = server_cbs.doUdp = 1;
  49694. client_cbs.method = test_params[i].client_meth;
  49695. server_cbs.method = test_params[i].server_meth;
  49696. client_cbs.ssl_ready = test_params[i].client_ssl_ready;
  49697. server_cbs.ssl_ready = test_params[i].server_ssl_ready;
  49698. test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
  49699. if (!client_cbs.return_code)
  49700. return TEST_FAIL;
  49701. if (!server_cbs.return_code)
  49702. return TEST_FAIL;
  49703. }
  49704. return TEST_SUCCESS;
  49705. }
  49706. #else
  49707. static int test_wolfSSL_dtls_stateless(void)
  49708. {
  49709. return TEST_SKIPPED;
  49710. }
  49711. #endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE &&
  49712. * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */
  49713. #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
  49714. !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
  49715. !defined(WOLFSSL_NO_CLIENT_AUTH))
  49716. static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
  49717. {
  49718. int ret;
  49719. if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) {
  49720. fprintf(stderr, "loading cert %s failed\n", certA);
  49721. fprintf(stderr, "Error: (%d): %s\n", ret,
  49722. wolfSSL_ERR_reason_error_string(ret));
  49723. return -1;
  49724. }
  49725. return 0;
  49726. }
  49727. static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
  49728. {
  49729. int ret;
  49730. if ((ret = wolfSSL_CertManagerVerify(cm, certA, WOLFSSL_FILETYPE_PEM))
  49731. != WOLFSSL_SUCCESS) {
  49732. fprintf(stderr, "could not verify the cert: %s\n", certA);
  49733. fprintf(stderr, "Error: (%d): %s\n", ret,
  49734. wolfSSL_ERR_reason_error_string(ret));
  49735. return -1;
  49736. }
  49737. else {
  49738. fprintf(stderr, "successfully verified: %s\n", certA);
  49739. }
  49740. return 0;
  49741. }
  49742. #define LOAD_ONE_CA(a, b, c, d) \
  49743. do { \
  49744. (a) = load_ca_into_cm(c, d); \
  49745. if ((a) != 0) \
  49746. return (b); \
  49747. else \
  49748. (b)--; \
  49749. } while(0)
  49750. #define VERIFY_ONE_CERT(a, b, c, d) \
  49751. do { \
  49752. (a) = verify_cert_with_cm(c, d); \
  49753. if ((a) != 0) \
  49754. return (b); \
  49755. else \
  49756. (b)--; \
  49757. } while(0)
  49758. static int test_chainG(WOLFSSL_CERT_MANAGER* cm)
  49759. {
  49760. int ret;
  49761. int i = -1;
  49762. /* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */
  49763. char chainGArr[9][50] = {"certs/ca-cert.pem",
  49764. "certs/test-pathlen/chainG-ICA7-pathlen100.pem",
  49765. "certs/test-pathlen/chainG-ICA6-pathlen10.pem",
  49766. "certs/test-pathlen/chainG-ICA5-pathlen20.pem",
  49767. "certs/test-pathlen/chainG-ICA4-pathlen5.pem",
  49768. "certs/test-pathlen/chainG-ICA3-pathlen99.pem",
  49769. "certs/test-pathlen/chainG-ICA2-pathlen1.pem",
  49770. "certs/test-pathlen/chainG-ICA1-pathlen0.pem",
  49771. "certs/test-pathlen/chainG-entity.pem"};
  49772. LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */
  49773. LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */
  49774. LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */
  49775. LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */
  49776. LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */
  49777. LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */
  49778. LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */
  49779. LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */
  49780. VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */
  49781. VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */
  49782. VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */
  49783. VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */
  49784. VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */
  49785. VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */
  49786. VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */
  49787. VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */
  49788. /* test validating the entity twice, should have no effect on pathLen since
  49789. * entity/leaf cert */
  49790. VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */
  49791. return ret;
  49792. }
  49793. static int test_chainH(WOLFSSL_CERT_MANAGER* cm)
  49794. {
  49795. int ret;
  49796. int i = -1;
  49797. /* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9:
  49798. * ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2)
  49799. * ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1)
  49800. * ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0)
  49801. * ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR)
  49802. * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
  49803. */
  49804. char chainHArr[6][50] = {"certs/ca-cert.pem",
  49805. "certs/test-pathlen/chainH-ICA4-pathlen2.pem",
  49806. "certs/test-pathlen/chainH-ICA3-pathlen2.pem",
  49807. "certs/test-pathlen/chainH-ICA2-pathlen2.pem",
  49808. "certs/test-pathlen/chainH-ICA1-pathlen0.pem",
  49809. "certs/test-pathlen/chainH-entity.pem"};
  49810. LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */
  49811. LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */
  49812. LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */
  49813. LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */
  49814. LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */
  49815. VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */
  49816. VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */
  49817. VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */
  49818. VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */
  49819. VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */
  49820. return ret;
  49821. }
  49822. static int test_chainI(WOLFSSL_CERT_MANAGER* cm)
  49823. {
  49824. int ret;
  49825. int i = -1;
  49826. /* Chain I is a valid chain per RFC5280 section 4.2.1.9:
  49827. * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2)
  49828. * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1)
  49829. * ICA1-no_pathlen signing entity (reduce maxPathLen to 0)
  49830. * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
  49831. */
  49832. char chainIArr[5][50] = {"certs/ca-cert.pem",
  49833. "certs/test-pathlen/chainI-ICA3-pathlen2.pem",
  49834. "certs/test-pathlen/chainI-ICA2-no_pathlen.pem",
  49835. "certs/test-pathlen/chainI-ICA1-no_pathlen.pem",
  49836. "certs/test-pathlen/chainI-entity.pem"};
  49837. LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */
  49838. LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */
  49839. LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */
  49840. LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */
  49841. VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */
  49842. VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */
  49843. VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */
  49844. VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */
  49845. return ret;
  49846. }
  49847. static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
  49848. {
  49849. int ret;
  49850. int i = -1;
  49851. /* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9:
  49852. * ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2)
  49853. * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1)
  49854. * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0)
  49855. * ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert)
  49856. */
  49857. char chainJArr[6][50] = {"certs/ca-cert.pem",
  49858. "certs/test-pathlen/chainJ-ICA4-pathlen2.pem",
  49859. "certs/test-pathlen/chainJ-ICA3-no_pathlen.pem",
  49860. "certs/test-pathlen/chainJ-ICA2-no_pathlen.pem",
  49861. "certs/test-pathlen/chainJ-ICA1-no_pathlen.pem",
  49862. "certs/test-pathlen/chainJ-entity.pem"};
  49863. LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */
  49864. LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */
  49865. LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */
  49866. LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */
  49867. LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */
  49868. VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */
  49869. VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */
  49870. VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */
  49871. VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */
  49872. VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */
  49873. return ret;
  49874. }
  49875. static int test_various_pathlen_chains(void)
  49876. {
  49877. int ret;
  49878. WOLFSSL_CERT_MANAGER* cm;
  49879. /* Test chain G (large chain with varying pathLens) */
  49880. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  49881. fprintf(stderr, "cert manager new failed\n");
  49882. return -1;
  49883. }
  49884. #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
  49885. AssertIntEQ(test_chainG(cm), -1);
  49886. #else
  49887. AssertIntEQ(test_chainG(cm), 0);
  49888. #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */
  49889. ret = wolfSSL_CertManagerUnloadCAs(cm);
  49890. if (ret != WOLFSSL_SUCCESS)
  49891. return -1;
  49892. wolfSSL_CertManagerFree(cm);
  49893. /* end test chain G */
  49894. /* Test chain H (5 chain with same pathLens) */
  49895. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  49896. fprintf(stderr, "cert manager new failed\n");
  49897. return -1;
  49898. }
  49899. AssertIntLT(test_chainH(cm), 0);
  49900. wolfSSL_CertManagerUnloadCAs(cm);
  49901. wolfSSL_CertManagerFree(cm);
  49902. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  49903. fprintf(stderr, "cert manager new failed\n");
  49904. return -1;
  49905. }
  49906. ret = wolfSSL_CertManagerUnloadCAs(cm);
  49907. if (ret != WOLFSSL_SUCCESS)
  49908. return -1;
  49909. wolfSSL_CertManagerFree(cm);
  49910. /* end test chain H */
  49911. /* Test chain I (only first ICA has pathLen set and it's set to 2,
  49912. * followed by 2 ICA's, should pass) */
  49913. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  49914. fprintf(stderr, "cert manager new failed\n");
  49915. return -1;
  49916. }
  49917. #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
  49918. AssertIntEQ(test_chainI(cm), -1);
  49919. #else
  49920. AssertIntEQ(test_chainI(cm), 0);
  49921. #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */
  49922. wolfSSL_CertManagerUnloadCAs(cm);
  49923. wolfSSL_CertManagerFree(cm);
  49924. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  49925. fprintf(stderr, "cert manager new failed\n");
  49926. return -1;
  49927. }
  49928. ret = wolfSSL_CertManagerUnloadCAs(cm);
  49929. if (ret != WOLFSSL_SUCCESS)
  49930. return -1;
  49931. wolfSSL_CertManagerFree(cm);
  49932. /* Test chain J (Again only first ICA has pathLen set and it's set to 2,
  49933. * this time followed by 3 ICA's, should fail */
  49934. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  49935. fprintf(stderr, "cert manager new failed\n");
  49936. return -1;
  49937. }
  49938. AssertIntLT(test_chainJ(cm), 0);
  49939. wolfSSL_CertManagerUnloadCAs(cm);
  49940. wolfSSL_CertManagerFree(cm);
  49941. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  49942. fprintf(stderr, "cert manager new failed\n");
  49943. return -1;
  49944. }
  49945. ret = wolfSSL_CertManagerUnloadCAs(cm);
  49946. wolfSSL_CertManagerFree(cm);
  49947. return TEST_RES_CHECK(ret == WOLFSSL_SUCCESS);
  49948. }
  49949. #endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */
  49950. #if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES)
  49951. static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
  49952. {
  49953. byte ekm[100] = {0};
  49954. (void)ctx;
  49955. /* Succes Cases */
  49956. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  49957. "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 0), 1);
  49958. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  49959. "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 1), 1);
  49960. /* Use some random context */
  49961. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  49962. "Test label", XSTR_SIZEOF("Test label"), ekm, 10, 1), 1);
  49963. /* Failure cases */
  49964. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  49965. "client finished", XSTR_SIZEOF("client finished"), NULL, 0, 0), 0);
  49966. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  49967. "server finished", XSTR_SIZEOF("server finished"), NULL, 0, 0), 0);
  49968. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  49969. "master secret", XSTR_SIZEOF("master secret"), NULL, 0, 0), 0);
  49970. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  49971. "extended master secret", XSTR_SIZEOF("extended master secret"), NULL, 0, 0), 0);
  49972. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  49973. "key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0);
  49974. return TEST_RES_CHECK(1);
  49975. }
  49976. static void test_export_keying_material_ssl_cb(WOLFSSL* ssl)
  49977. {
  49978. wolfSSL_KeepArrays(ssl);
  49979. }
  49980. static int test_export_keying_material(void)
  49981. {
  49982. int res = TEST_SKIPPED;
  49983. #ifndef SINGLE_THREADED
  49984. tcp_ready ready;
  49985. callback_functions clientCb;
  49986. func_args client_args;
  49987. func_args server_args;
  49988. THREAD_TYPE serverThread;
  49989. XMEMSET(&client_args, 0, sizeof(func_args));
  49990. XMEMSET(&server_args, 0, sizeof(func_args));
  49991. XMEMSET(&clientCb, 0, sizeof(callback_functions));
  49992. #ifdef WOLFSSL_TIRTOS
  49993. fdOpenSession(Task_self());
  49994. #endif
  49995. StartTCP();
  49996. InitTcpReady(&ready);
  49997. #if defined(USE_WINDOWS_API)
  49998. /* use RNG to get random port if using windows */
  49999. ready.port = GetRandomPort();
  50000. #endif
  50001. server_args.signal = &ready;
  50002. client_args.signal = &ready;
  50003. clientCb.ssl_ready = test_export_keying_material_ssl_cb;
  50004. client_args.callbacks = &clientCb;
  50005. start_thread(test_server_nofail, &server_args, &serverThread);
  50006. wait_tcp_ready(&server_args);
  50007. test_client_nofail(&client_args, test_export_keying_material_cb);
  50008. join_thread(serverThread);
  50009. AssertTrue(client_args.return_code);
  50010. AssertTrue(server_args.return_code);
  50011. FreeTcpReady(&ready);
  50012. #ifdef WOLFSSL_TIRTOS
  50013. fdOpenSession(Task_self());
  50014. #endif
  50015. res = TEST_RES_CHECK(1);
  50016. #endif /* !SINGLE_THREADED */
  50017. return res;
  50018. }
  50019. #endif /* HAVE_KEYING_MATERIAL */
  50020. static int test_wolfSSL_THREADID_hash(void)
  50021. {
  50022. int result = TEST_SKIPPED;
  50023. #if defined(OPENSSL_EXTRA)
  50024. unsigned long res;
  50025. CRYPTO_THREADID id;
  50026. CRYPTO_THREADID_current(NULL);
  50027. AssertTrue(1);
  50028. res = CRYPTO_THREADID_hash(NULL);
  50029. AssertTrue( res == 0UL);
  50030. XMEMSET(&id, 0, sizeof(id));
  50031. res = CRYPTO_THREADID_hash(&id);
  50032. AssertTrue( res == 0UL);
  50033. result = TEST_RES_CHECK(1);
  50034. #endif /* OPENSSL_EXTRA */
  50035. return result;
  50036. }
  50037. static int test_wolfSSL_CTX_set_ecdh_auto(void)
  50038. {
  50039. int res = TEST_SKIPPED;
  50040. #if defined(OPENSSL_EXTRA)
  50041. WOLFSSL_CTX* ctx = NULL;
  50042. AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,0),1);
  50043. AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,1),1);
  50044. AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,0),1);
  50045. AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,1),1);
  50046. res = TEST_RES_CHECK(1);
  50047. #endif /* OPENSSL_EXTRA */
  50048. return res;
  50049. }
  50050. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) && \
  50051. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
  50052. static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
  50053. {
  50054. callback_functions* callbacks = NULL;
  50055. WOLFSSL_CTX* ctx = NULL;
  50056. WOLFSSL* ssl = NULL;
  50057. SOCKET_T sfd = 0;
  50058. SOCKET_T cfd = 0;
  50059. word16 port;
  50060. char msg[] = "I hear you fa shizzle!";
  50061. int len = (int) XSTRLEN(msg);
  50062. char input[1024];
  50063. int ret, err;
  50064. if (!args)
  50065. return 0;
  50066. ((func_args*)args)->return_code = TEST_FAIL;
  50067. callbacks = ((func_args*)args)->callbacks;
  50068. ctx = wolfSSL_CTX_new(callbacks->method());
  50069. #if defined(USE_WINDOWS_API)
  50070. port = ((func_args*)args)->signal->port;
  50071. #else
  50072. /* Let tcp_listen assign port */
  50073. port = 0;
  50074. #endif
  50075. #ifdef WOLFSSL_TIRTOS
  50076. fdOpenSession(Task_self());
  50077. #endif
  50078. AssertIntEQ(WOLFSSL_SUCCESS,
  50079. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  50080. AssertIntEQ(WOLFSSL_SUCCESS,
  50081. wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  50082. WOLFSSL_FILETYPE_PEM));
  50083. AssertIntEQ(WOLFSSL_SUCCESS,
  50084. wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  50085. WOLFSSL_FILETYPE_PEM));
  50086. #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
  50087. AssertIntEQ(wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
  50088. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  50089. #elif !defined(NO_DH)
  50090. SetDHCtx(ctx); /* will repick suites with DHE, higher priority than PSK */
  50091. #endif
  50092. if (callbacks->ctx_ready)
  50093. callbacks->ctx_ready(ctx);
  50094. ssl = wolfSSL_new(ctx);
  50095. AssertNotNull(ssl);
  50096. /* listen and accept */
  50097. tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
  50098. CloseSocket(sfd);
  50099. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
  50100. if (callbacks->ssl_ready)
  50101. callbacks->ssl_ready(ssl);
  50102. do {
  50103. err = 0; /* Reset error */
  50104. ret = wolfSSL_accept(ssl);
  50105. if (ret != WOLFSSL_SUCCESS) {
  50106. err = wolfSSL_get_error(ssl, 0);
  50107. }
  50108. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  50109. if (ret != WOLFSSL_SUCCESS) {
  50110. wolfSSL_free(ssl);
  50111. wolfSSL_CTX_free(ctx);
  50112. CloseSocket(cfd);
  50113. ((func_args*)args)->return_code = TEST_FAIL;
  50114. return 0;
  50115. }
  50116. /* read and write data */
  50117. XMEMSET( input, 0, sizeof(input));
  50118. while (1) {
  50119. ret = wolfSSL_read(ssl, input, sizeof(input));
  50120. if (ret > 0) {
  50121. break;
  50122. }
  50123. else {
  50124. err = wolfSSL_get_error(ssl,ret);
  50125. if (err == WOLFSSL_ERROR_WANT_READ) {
  50126. continue;
  50127. }
  50128. break;
  50129. }
  50130. }
  50131. if (err == WOLFSSL_ERROR_ZERO_RETURN) {
  50132. do {
  50133. ret = wolfSSL_write(ssl, msg, len);
  50134. if (ret > 0) {
  50135. break;
  50136. }
  50137. } while (ret < 0);
  50138. }
  50139. /* bidirectional shutdown */
  50140. while (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) {
  50141. continue;
  50142. }
  50143. /* wait for the peer to disconnect the tcp connection */
  50144. do {
  50145. ret = wolfSSL_read(ssl, input, sizeof(input));
  50146. err = wolfSSL_get_error(ssl, ret);
  50147. } while (ret > 0 || err != WOLFSSL_ERROR_ZERO_RETURN);
  50148. /* detect TCP disconnect */
  50149. AssertIntLE(ret,WOLFSSL_FAILURE);
  50150. AssertIntEQ(wolfSSL_get_error(ssl, ret), WOLFSSL_ERROR_ZERO_RETURN);
  50151. ((func_args*)args)->return_code = TEST_SUCCESS;
  50152. wolfSSL_free(ssl);
  50153. wolfSSL_CTX_free(ctx);
  50154. CloseSocket(cfd);
  50155. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
  50156. wc_ecc_fp_free(); /* free per thread cache */
  50157. #endif
  50158. return 0;
  50159. }
  50160. static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args)
  50161. {
  50162. callback_functions* callbacks = NULL;
  50163. WOLFSSL_CTX* ctx = NULL;
  50164. WOLFSSL* ssl = NULL;
  50165. SOCKET_T sfd = 0;
  50166. char msg[] = "hello wolfssl server!";
  50167. int len = (int) XSTRLEN(msg);
  50168. char input[1024];
  50169. int idx;
  50170. int ret, err;
  50171. if (!args)
  50172. return 0;
  50173. ((func_args*)args)->return_code = TEST_FAIL;
  50174. callbacks = ((func_args*)args)->callbacks;
  50175. ctx = wolfSSL_CTX_new(callbacks->method());
  50176. #ifdef WOLFSSL_TIRTOS
  50177. fdOpenSession(Task_self());
  50178. #endif
  50179. AssertIntEQ(WOLFSSL_SUCCESS,
  50180. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  50181. AssertIntEQ(WOLFSSL_SUCCESS,
  50182. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  50183. WOLFSSL_FILETYPE_PEM));
  50184. AssertIntEQ(WOLFSSL_SUCCESS,
  50185. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  50186. WOLFSSL_FILETYPE_PEM));
  50187. AssertNotNull((ssl = wolfSSL_new(ctx)));
  50188. tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, ssl);
  50189. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
  50190. do {
  50191. err = 0; /* Reset error */
  50192. ret = wolfSSL_connect(ssl);
  50193. if (ret != WOLFSSL_SUCCESS) {
  50194. err = wolfSSL_get_error(ssl, 0);
  50195. }
  50196. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  50197. AssertIntGE(wolfSSL_write(ssl, msg, len), 0);
  50198. if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
  50199. input[idx] = 0;
  50200. }
  50201. ret = wolfSSL_shutdown(ssl);
  50202. if ( ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
  50203. ret = wolfSSL_shutdown(ssl);
  50204. }
  50205. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  50206. ((func_args*)args)->return_code = TEST_SUCCESS;
  50207. wolfSSL_free(ssl);
  50208. wolfSSL_CTX_free(ctx);
  50209. CloseSocket(sfd);
  50210. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
  50211. wc_ecc_fp_free(); /* free per thread cache */
  50212. #endif
  50213. return 0;
  50214. }
  50215. #endif /* OPENSSL_EXTRA && WOLFSSL_ERROR_CODE_OPENSSL &&
  50216. HAVE_IO_TESTS_DEPENDENCIES && !WOLFSSL_NO_TLS12 */
  50217. /* This test is to check wolfSSL_read behaves as same as
  50218. * openSSL when it is called after SSL_shutdown completes.
  50219. */
  50220. static int test_wolfSSL_read_detect_TCP_disconnect(void)
  50221. {
  50222. int res = TEST_SKIPPED;
  50223. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) && \
  50224. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
  50225. tcp_ready ready;
  50226. func_args client_args;
  50227. func_args server_args;
  50228. THREAD_TYPE serverThread;
  50229. THREAD_TYPE clientThread;
  50230. callback_functions server_cbf;
  50231. callback_functions client_cbf;
  50232. #ifdef WOLFSSL_TIRTOS
  50233. fdOpenSession(Task_self());
  50234. #endif
  50235. StartTCP();
  50236. InitTcpReady(&ready);
  50237. #if defined(USE_WINDOWS_API)
  50238. /* use RNG to get random port if using windows */
  50239. ready.port = GetRandomPort();
  50240. #endif
  50241. XMEMSET(&client_args, 0, sizeof(func_args));
  50242. XMEMSET(&server_args, 0, sizeof(func_args));
  50243. XMEMSET(&server_cbf, 0, sizeof(callback_functions));
  50244. XMEMSET(&client_cbf, 0, sizeof(callback_functions));
  50245. server_cbf.method = wolfTLSv1_2_server_method;
  50246. client_cbf.method = wolfTLSv1_2_client_method;
  50247. server_args.callbacks = &server_cbf;
  50248. client_args.callbacks = &client_cbf;
  50249. server_args.signal = &ready;
  50250. client_args.signal = &ready;
  50251. start_thread(SSL_read_test_server_thread, &server_args, &serverThread);
  50252. wait_tcp_ready(&server_args);
  50253. start_thread(SSL_read_test_client_thread, &client_args, &clientThread);
  50254. join_thread(clientThread);
  50255. join_thread(serverThread);
  50256. AssertTrue(client_args.return_code);
  50257. AssertTrue(server_args.return_code);
  50258. FreeTcpReady(&ready);
  50259. res = TEST_RES_CHECK(1);
  50260. #endif
  50261. return res;
  50262. }
  50263. static int test_wolfSSL_CTX_get_min_proto_version(void)
  50264. {
  50265. int res = TEST_SKIPPED;
  50266. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
  50267. WOLFSSL_CTX *ctx;
  50268. (void)ctx;
  50269. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
  50270. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, SSL3_VERSION), WOLFSSL_SUCCESS);
  50271. #ifdef WOLFSSL_ALLOW_SSLV3
  50272. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION);
  50273. #else
  50274. AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION);
  50275. #endif
  50276. wolfSSL_CTX_free(ctx);
  50277. #ifdef WOLFSSL_ALLOW_TLSV10
  50278. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_method()));
  50279. #else
  50280. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
  50281. #endif
  50282. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_VERSION), WOLFSSL_SUCCESS);
  50283. #ifdef WOLFSSL_ALLOW_TLSV10
  50284. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION);
  50285. #else
  50286. AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION);
  50287. #endif
  50288. wolfSSL_CTX_free(ctx);
  50289. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
  50290. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION), WOLFSSL_SUCCESS);
  50291. #ifndef NO_OLD_TLS
  50292. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION);
  50293. #else
  50294. AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION);
  50295. #endif
  50296. wolfSSL_CTX_free(ctx);
  50297. #ifndef WOLFSSL_NO_TLS12
  50298. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_method()));
  50299. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION), WOLFSSL_SUCCESS);
  50300. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION);
  50301. wolfSSL_CTX_free(ctx);
  50302. #endif
  50303. #ifdef WOLFSSL_TLS13
  50304. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_method()));
  50305. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION), WOLFSSL_SUCCESS);
  50306. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_3_VERSION);
  50307. wolfSSL_CTX_free(ctx);
  50308. #endif
  50309. res = TEST_RES_CHECK(1);
  50310. #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
  50311. return res;
  50312. }
  50313. #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
  50314. (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
  50315. defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
  50316. defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))
  50317. static int test_wolfSSL_set_SSL_CTX(void)
  50318. {
  50319. int res = TEST_SKIPPED;
  50320. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) \
  50321. && !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_TLS13)
  50322. WOLFSSL_CTX *ctx1, *ctx2;
  50323. WOLFSSL *ssl;
  50324. const byte *session_id1 = (const byte *)"CTX1";
  50325. const byte *session_id2 = (const byte *)"CTX2";
  50326. AssertNotNull(ctx1 = wolfSSL_CTX_new(wolfTLS_server_method()));
  50327. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx1, svrCertFile,
  50328. WOLFSSL_FILETYPE_PEM));
  50329. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx1, svrKeyFile,
  50330. WOLFSSL_FILETYPE_PEM));
  50331. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx1, TLS1_2_VERSION),
  50332. WOLFSSL_SUCCESS);
  50333. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx1), TLS1_2_VERSION);
  50334. AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx1), TLS1_3_VERSION);
  50335. AssertIntEQ(wolfSSL_CTX_set_session_id_context(ctx1, session_id1, 4),
  50336. WOLFSSL_SUCCESS);
  50337. AssertNotNull(ctx2 = wolfSSL_CTX_new(wolfTLS_server_method()));
  50338. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx2, svrCertFile,
  50339. WOLFSSL_FILETYPE_PEM));
  50340. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx2, svrKeyFile,
  50341. WOLFSSL_FILETYPE_PEM));
  50342. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx2, TLS1_2_VERSION),
  50343. WOLFSSL_SUCCESS);
  50344. AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx2, TLS1_2_VERSION),
  50345. WOLFSSL_SUCCESS);
  50346. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx2), TLS1_2_VERSION);
  50347. AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx2), TLS1_2_VERSION);
  50348. AssertIntEQ(wolfSSL_CTX_set_session_id_context(ctx2, session_id2, 4),
  50349. WOLFSSL_SUCCESS);
  50350. #ifdef HAVE_SESSION_TICKET
  50351. AssertIntEQ((wolfSSL_CTX_get_options(ctx1) & SSL_OP_NO_TICKET), 0);
  50352. wolfSSL_CTX_set_options(ctx2, SSL_OP_NO_TICKET);
  50353. AssertIntNE((wolfSSL_CTX_get_options(ctx2) & SSL_OP_NO_TICKET), 0);
  50354. #endif
  50355. AssertNotNull(ssl = wolfSSL_new(ctx2));
  50356. AssertIntNE((wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_3), 0);
  50357. #ifdef WOLFSSL_INT_H
  50358. AssertIntEQ(XMEMCMP(ssl->sessionCtx, session_id2, 4), 0);
  50359. AssertTrue(ssl->buffers.certificate == ctx2->certificate);
  50360. AssertTrue(ssl->buffers.certChain == ctx2->certChain);
  50361. #endif
  50362. #ifdef HAVE_SESSION_TICKET
  50363. AssertIntNE((wolfSSL_get_options(ssl) & SSL_OP_NO_TICKET), 0);
  50364. #endif
  50365. /* Set the ctx1 that has TLSv1.3 as max proto version */
  50366. AssertNotNull(wolfSSL_set_SSL_CTX(ssl, ctx1));
  50367. /* MUST not change proto versions of ssl */
  50368. AssertIntNE((wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_3), 0);
  50369. #ifdef HAVE_SESSION_TICKET
  50370. /* MUST not change */
  50371. AssertIntNE((wolfSSL_get_options(ssl) & SSL_OP_NO_TICKET), 0);
  50372. #endif
  50373. /* MUST change */
  50374. #ifdef WOLFSSL_INT_H
  50375. AssertTrue(ssl->buffers.certificate == ctx1->certificate);
  50376. AssertTrue(ssl->buffers.certChain == ctx1->certChain);
  50377. AssertIntEQ(XMEMCMP(ssl->sessionCtx, session_id1, 4), 0);
  50378. #endif
  50379. wolfSSL_free(ssl);
  50380. wolfSSL_CTX_free(ctx1);
  50381. wolfSSL_CTX_free(ctx2);
  50382. res = TEST_RES_CHECK(1);
  50383. #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
  50384. return res;
  50385. }
  50386. #endif /* defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
  50387. (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
  50388. defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
  50389. defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) */
  50390. static int test_wolfSSL_security_level(void)
  50391. {
  50392. int res = TEST_SKIPPED;
  50393. #if defined(OPENSSL_EXTRA)
  50394. SSL_CTX *ctx;
  50395. #ifdef WOLFSSL_TLS13
  50396. #ifdef NO_WOLFSSL_SERVER
  50397. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
  50398. #else
  50399. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
  50400. #endif
  50401. SSL_CTX_set_security_level(ctx, 1);
  50402. AssertTrue(1);
  50403. AssertIntEQ(SSL_CTX_get_security_level(ctx), 0);
  50404. SSL_CTX_free(ctx);
  50405. #else
  50406. (void)ctx;
  50407. #endif
  50408. res = TEST_RES_CHECK(1);
  50409. #endif
  50410. return res;
  50411. }
  50412. static int test_wolfSSL_SSL_in_init(void)
  50413. {
  50414. int res = TEST_SKIPPED;
  50415. #if defined(OPENSSL_ALL) && !defined(NO_BIO)
  50416. SSL_CTX* ctx;
  50417. SSL* ssl;
  50418. const char* testCertFile;
  50419. const char* testKeyFile;
  50420. #ifdef WOLFSSL_TLS13
  50421. #ifdef NO_WOLFSSL_SERVER
  50422. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
  50423. #else
  50424. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
  50425. #endif
  50426. #ifndef NO_RSA
  50427. testCertFile = svrCertFile;
  50428. testKeyFile = svrKeyFile;
  50429. #elif defined(HAVE_ECC)
  50430. testCertFile = eccCertFile;
  50431. testKeyFile = eccKeyFile;
  50432. #else
  50433. testCertFile = NULL;
  50434. testKeyFile = NULL;
  50435. #endif
  50436. if (testCertFile != NULL && testKeyFile != NULL) {
  50437. AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
  50438. SSL_FILETYPE_PEM));
  50439. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
  50440. SSL_FILETYPE_PEM));
  50441. }
  50442. ssl = SSL_new(ctx);
  50443. AssertNotNull(ssl);
  50444. AssertIntEQ(SSL_in_init(ssl), 1);
  50445. SSL_CTX_free(ctx);
  50446. SSL_free(ssl);
  50447. #else
  50448. (void)ctx;
  50449. (void)ssl;
  50450. (void)testCertFile;
  50451. (void)testKeyFile;
  50452. #endif
  50453. res = TEST_RES_CHECK(1);
  50454. #endif
  50455. return res;
  50456. }
  50457. static int test_wolfSSL_EC_curve(void)
  50458. {
  50459. int res = TEST_SKIPPED;
  50460. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
  50461. int nid = NID_secp160k1;
  50462. const char* nid_name;
  50463. AssertNotNull(nid_name = EC_curve_nid2nist(nid));
  50464. AssertIntEQ(XMEMCMP(nid_name, "K-160", XSTRLEN("K-160")), 0);
  50465. AssertIntEQ(EC_curve_nist2nid(nid_name), nid);
  50466. res = TEST_RES_CHECK(1);
  50467. #endif
  50468. return res;
  50469. }
  50470. static int test_wolfSSL_CTX_set_timeout(void)
  50471. {
  50472. int res = TEST_SKIPPED;
  50473. #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_SESSION_CACHE)
  50474. int timeout;
  50475. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  50476. (void)timeout;
  50477. AssertNotNull(ctx);
  50478. #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
  50479. /* in WOLFSSL_ERROR_CODE_OPENSSL macro guard,
  50480. * wolfSSL_CTX_set_timeout returns previous timeout value on success.
  50481. */
  50482. AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
  50483. /* giving 0 as timeout value sets default timeout */
  50484. timeout = wolfSSL_CTX_set_timeout(ctx, 0);
  50485. AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout);
  50486. AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20);
  50487. #else
  50488. AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
  50489. AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1);
  50490. AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1);
  50491. #endif
  50492. wolfSSL_CTX_free(ctx);
  50493. res = TEST_RES_CHECK(1);
  50494. #endif /* !NO_WOLFSSL_SERVER && !NO_SESSION_CACHE*/
  50495. return res;
  50496. }
  50497. static int test_wolfSSL_OpenSSL_version(void)
  50498. {
  50499. int res = TEST_SKIPPED;
  50500. #if defined(OPENSSL_EXTRA)
  50501. const char* ver;
  50502. #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
  50503. AssertNotNull(ver = OpenSSL_version(0));
  50504. #else
  50505. AssertNotNull(ver = OpenSSL_version());
  50506. #endif
  50507. AssertIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING,
  50508. XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0);
  50509. res = TEST_RES_CHECK(1);
  50510. #endif
  50511. return res;
  50512. }
  50513. static int test_CONF_CTX_CMDLINE(void)
  50514. {
  50515. int res = TEST_SKIPPED;
  50516. #if defined(OPENSSL_ALL)
  50517. SSL_CTX* ctx = NULL;
  50518. SSL_CONF_CTX* cctx = NULL;
  50519. AssertNotNull(cctx = SSL_CONF_CTX_new());
  50520. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  50521. SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
  50522. AssertTrue(1);
  50523. /* set flags */
  50524. AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CMDLINE),
  50525. WOLFSSL_CONF_FLAG_CMDLINE);
  50526. AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE),
  50527. WOLFSSL_CONF_FLAG_CMDLINE | WOLFSSL_CONF_FLAG_CERTIFICATE);
  50528. /* cmd invalid command */
  50529. AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
  50530. AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
  50531. AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
  50532. AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
  50533. AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
  50534. /* cmd Certificate and Private Key*/
  50535. {
  50536. #if !defined(NO_CERTS) && !defined(NO_RSA)
  50537. const char* ourCert = svrCertFile;
  50538. const char* ourKey = svrKeyFile;
  50539. AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", NULL), -3);
  50540. AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", ourCert),
  50541. WOLFSSL_SUCCESS);
  50542. AssertIntEQ(SSL_CONF_cmd(cctx, "-key", NULL), -3);
  50543. AssertIntEQ(SSL_CONF_cmd(cctx, "-key", ourKey), WOLFSSL_SUCCESS);
  50544. AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
  50545. #endif
  50546. }
  50547. /* cmd curves */
  50548. {
  50549. #if defined(HAVE_ECC)
  50550. const char* curve = "secp256r1";
  50551. AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", NULL), -3);
  50552. AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", curve), WOLFSSL_SUCCESS);
  50553. AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
  50554. #endif
  50555. }
  50556. /* cmd CipherString */
  50557. {
  50558. char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);
  50559. AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", NULL), -3);
  50560. AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", cipher), WOLFSSL_SUCCESS);
  50561. AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
  50562. }
  50563. /* cmd DH parameter */
  50564. {
  50565. #if !defined(NO_DH) && !defined(NO_BIO)
  50566. const char* ourdhcert = "./certs/dh2048.pem";
  50567. AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL),
  50568. -3);
  50569. AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", ourdhcert),
  50570. WOLFSSL_SUCCESS);
  50571. AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
  50572. #endif
  50573. }
  50574. SSL_CTX_free(ctx);
  50575. SSL_CONF_CTX_free(cctx);
  50576. res = TEST_RES_CHECK(1);
  50577. #endif /* OPENSSL_EXTRA */
  50578. return res;
  50579. }
  50580. static int test_CONF_CTX_FILE(void)
  50581. {
  50582. int res = TEST_SKIPPED;
  50583. #if defined(OPENSSL_ALL)
  50584. SSL_CTX* ctx = NULL;
  50585. SSL_CONF_CTX* cctx = NULL;
  50586. AssertNotNull(cctx = SSL_CONF_CTX_new());
  50587. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  50588. SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
  50589. AssertTrue(1);
  50590. /* set flags */
  50591. AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE),
  50592. WOLFSSL_CONF_FLAG_FILE);
  50593. AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE),
  50594. WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE);
  50595. /* sanity check */
  50596. AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
  50597. AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
  50598. AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
  50599. AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
  50600. AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
  50601. /* cmd Certificate and Private Key*/
  50602. {
  50603. #if !defined(NO_CERTS) && !defined(NO_RSA)
  50604. const char* ourCert = svrCertFile;
  50605. const char* ourKey = svrKeyFile;
  50606. AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", NULL), -3);
  50607. AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", NULL), -3);
  50608. AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert),
  50609. WOLFSSL_SUCCESS);
  50610. AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS);
  50611. AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
  50612. #endif
  50613. }
  50614. /* cmd curves */
  50615. {
  50616. #if defined(HAVE_ECC)
  50617. const char* curve = "secp256r1";
  50618. AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", NULL), -3);
  50619. AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS);
  50620. AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
  50621. #endif
  50622. }
  50623. /* cmd CipherString */
  50624. {
  50625. char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);
  50626. AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", NULL), -3);
  50627. AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), WOLFSSL_SUCCESS);
  50628. AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
  50629. }
  50630. /* cmd DH parameter */
  50631. {
  50632. #if !defined(NO_DH) && !defined(NO_BIO) && defined(HAVE_FFDHE_3072)
  50633. const char* ourdhcert = "./certs/dh3072.pem";
  50634. AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", NULL), -3);
  50635. AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert),
  50636. WOLFSSL_SUCCESS);
  50637. AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
  50638. #endif
  50639. }
  50640. SSL_CTX_free(ctx);
  50641. SSL_CONF_CTX_free(cctx);
  50642. res = TEST_RES_CHECK(1);
  50643. #endif /* OPENSSL_EXTRA */
  50644. return res;
  50645. }
  50646. static int test_wolfSSL_CRYPTO_get_ex_new_index(void)
  50647. {
  50648. int res = TEST_SKIPPED;
  50649. #ifdef HAVE_EX_DATA
  50650. int idx1, idx2;
  50651. /* test for unsupported class index */
  50652. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509_STORE,
  50653. 0,NULL, NULL, NULL, NULL ), -1);
  50654. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509_STORE_CTX,
  50655. 0,NULL, NULL, NULL, NULL ), -1);
  50656. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DH,
  50657. 0,NULL, NULL, NULL, NULL ), -1);
  50658. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DSA,
  50659. 0,NULL, NULL, NULL, NULL ), -1);
  50660. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_EC_KEY,
  50661. 0,NULL, NULL, NULL, NULL ), -1);
  50662. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_RSA,
  50663. 0,NULL, NULL, NULL, NULL ), -1);
  50664. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_ENGINE,
  50665. 0,NULL, NULL, NULL, NULL ), -1);
  50666. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_UI,
  50667. 0,NULL, NULL, NULL, NULL ), -1);
  50668. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_BIO,
  50669. 0,NULL, NULL, NULL, NULL ), -1);
  50670. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_APP,
  50671. 0,NULL, NULL, NULL, NULL ), -1);
  50672. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_UI_METHOD,
  50673. 0,NULL, NULL, NULL, NULL ), -1);
  50674. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DRBG,
  50675. 0,NULL, NULL, NULL, NULL ), -1);
  50676. AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(20, 0,NULL, NULL, NULL, NULL ), -1);
  50677. /* test for supported class index */
  50678. idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL,
  50679. 0,NULL, NULL, NULL, NULL );
  50680. idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL,
  50681. 0,NULL, NULL, NULL, NULL );
  50682. AssertIntNE(idx1, -1);
  50683. AssertIntNE(idx2, -1);
  50684. AssertIntNE(idx1, idx2);
  50685. idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_CTX,
  50686. 0,NULL, NULL, NULL, NULL );
  50687. idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_CTX,
  50688. 0,NULL, NULL, NULL, NULL );
  50689. AssertIntNE(idx1, -1);
  50690. AssertIntNE(idx2, -1);
  50691. AssertIntNE(idx1, idx2);
  50692. idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509,
  50693. 0,NULL, NULL, NULL, NULL );
  50694. idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509,
  50695. 0,NULL, NULL, NULL, NULL );
  50696. AssertIntNE(idx1, -1);
  50697. AssertIntNE(idx2, -1);
  50698. AssertIntNE(idx1, idx2);
  50699. idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION,
  50700. 0,NULL, NULL, NULL, NULL );
  50701. idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION,
  50702. 0,NULL, NULL, NULL, NULL );
  50703. AssertIntNE(idx1, -1);
  50704. AssertIntNE(idx2, -1);
  50705. AssertIntNE(idx1, idx2);
  50706. res = TEST_RES_CHECK(1);
  50707. #endif /* HAVE_EX_DATA */
  50708. return res;
  50709. }
  50710. static int test_wolfSSL_set_psk_use_session_callback(void)
  50711. {
  50712. int res = TEST_SKIPPED;
  50713. #if defined(OPENSSL_EXTRA) && !defined(NO_PSK)
  50714. SSL_CTX* ctx;
  50715. SSL* ssl;
  50716. const char* testCertFile;
  50717. const char* testKeyFile;
  50718. #ifdef WOLFSSL_TLS13
  50719. #ifdef NO_WOLFSSL_SERVER
  50720. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
  50721. #else
  50722. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
  50723. #endif
  50724. #ifndef NO_RSA
  50725. testCertFile = svrCertFile;
  50726. testKeyFile = svrKeyFile;
  50727. #elif defined(HAVE_ECC)
  50728. testCertFile = eccCertFile;
  50729. testKeyFile = eccKeyFile;
  50730. #else
  50731. testCertFile = NULL;
  50732. testKeyFile = NULL;
  50733. #endif
  50734. if (testCertFile != NULL && testKeyFile != NULL) {
  50735. AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
  50736. SSL_FILETYPE_PEM));
  50737. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
  50738. SSL_FILETYPE_PEM));
  50739. }
  50740. ssl = SSL_new(ctx);
  50741. AssertNotNull(ssl);
  50742. SSL_set_psk_use_session_callback(ssl,
  50743. my_psk_use_session_cb);
  50744. AssertTrue(1);
  50745. SSL_CTX_free(ctx);
  50746. SSL_free(ssl);
  50747. #else
  50748. (void)ctx;
  50749. (void)ssl;
  50750. (void)testCertFile;
  50751. (void)testKeyFile;
  50752. #endif
  50753. res = TEST_RES_CHECK(1);
  50754. #endif
  50755. return res;
  50756. }
  50757. static int test_wolfSSL_ERR_strings(void)
  50758. {
  50759. int res = TEST_SKIPPED;
  50760. #if !defined(NO_ERROR_STRINGS)
  50761. const char* err1 = "unsupported cipher suite";
  50762. const char* err2 = "wolfSSL PEM routines";
  50763. const char* err = NULL;
  50764. (void)err;
  50765. (void)err1;
  50766. (void)err2;
  50767. #if defined(OPENSSL_EXTRA)
  50768. err = ERR_reason_error_string(UNSUPPORTED_SUITE);
  50769. AssertTrue(err != NULL);
  50770. AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
  50771. err = ERR_func_error_string(UNSUPPORTED_SUITE);
  50772. AssertTrue(err != NULL);
  50773. AssertIntEQ((*err == '\0'), 1);
  50774. err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD);
  50775. AssertTrue(err != NULL);
  50776. AssertIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0);
  50777. #else
  50778. err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE);
  50779. AssertTrue(err != NULL);
  50780. AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
  50781. err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE);
  50782. AssertTrue(err != NULL);
  50783. AssertIntEQ((*err == '\0'), 1);
  50784. /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */
  50785. err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2);
  50786. AssertTrue(err != NULL);
  50787. AssertIntEQ((*err == '\0'), 1);
  50788. #endif
  50789. res = TEST_RES_CHECK(1);
  50790. #endif
  50791. return res;
  50792. }
  50793. static int test_wolfSSL_EVP_shake128(void)
  50794. {
  50795. int res = TEST_SKIPPED;
  50796. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \
  50797. defined(WOLFSSL_SHAKE128)
  50798. const EVP_MD* md = NULL;
  50799. md = EVP_shake128();
  50800. AssertTrue(md != NULL);
  50801. AssertIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0);
  50802. res = TEST_RES_CHECK(1);
  50803. #endif
  50804. return res;
  50805. }
  50806. static int test_wolfSSL_EVP_shake256(void)
  50807. {
  50808. int res = TEST_SKIPPED;
  50809. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \
  50810. defined(WOLFSSL_SHAKE256)
  50811. const EVP_MD* md = NULL;
  50812. md = EVP_shake256();
  50813. AssertTrue(md != NULL);
  50814. AssertIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0);
  50815. res = TEST_RES_CHECK(1);
  50816. #endif
  50817. return res;
  50818. }
  50819. static int test_EVP_blake2(void)
  50820. {
  50821. int res = TEST_SKIPPED;
  50822. #if defined(OPENSSL_EXTRA) && (defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S))
  50823. const EVP_MD* md = NULL;
  50824. (void)md;
  50825. #if defined(HAVE_BLAKE2)
  50826. md = EVP_blake2b512();
  50827. AssertTrue(md != NULL);
  50828. AssertIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0);
  50829. #endif
  50830. #if defined(HAVE_BLAKE2S)
  50831. md = EVP_blake2s256();
  50832. AssertTrue(md != NULL);
  50833. AssertIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0);
  50834. #endif
  50835. res = TEST_RES_CHECK(1);
  50836. #endif
  50837. return res;
  50838. }
  50839. #if defined(OPENSSL_EXTRA)
  50840. static void list_md_fn(const EVP_MD* m, const char* from,
  50841. const char* to, void* arg)
  50842. {
  50843. const char* mn;
  50844. BIO *bio;
  50845. (void) from;
  50846. (void) to;
  50847. (void) arg;
  50848. (void) mn;
  50849. (void) bio;
  50850. if (!m) {
  50851. /* alias */
  50852. AssertNull(m);
  50853. AssertNotNull(to);
  50854. }
  50855. else {
  50856. AssertNotNull(m);
  50857. AssertNull(to);
  50858. }
  50859. AssertNotNull(from);
  50860. #if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE)
  50861. mn = EVP_get_digestbyname(from);
  50862. /* print to stderr */
  50863. AssertNotNull(arg);
  50864. bio = BIO_new(BIO_s_file());
  50865. BIO_set_fp(bio, arg, BIO_NOCLOSE);
  50866. BIO_printf(bio, "Use %s message digest algorithm\n", mn);
  50867. BIO_free(bio);
  50868. #endif
  50869. }
  50870. #endif
  50871. static int test_EVP_MD_do_all(void)
  50872. {
  50873. int res = TEST_SKIPPED;
  50874. #if defined(OPENSSL_EXTRA)
  50875. EVP_MD_do_all(NULL, stderr);
  50876. /* to confirm previous call gives no harm */
  50877. AssertTrue(1);
  50878. EVP_MD_do_all(list_md_fn, stderr);
  50879. /* to confirm previous call gives no harm */
  50880. AssertTrue(1);
  50881. res = TEST_RES_CHECK(1);
  50882. #endif
  50883. return res;
  50884. }
  50885. #if defined(OPENSSL_EXTRA)
  50886. static void obj_name_t(const OBJ_NAME* nm, void* arg)
  50887. {
  50888. (void)arg;
  50889. (void)nm;
  50890. AssertIntGT(nm->type, OBJ_NAME_TYPE_UNDEF);
  50891. #if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE)
  50892. /* print to stderr */
  50893. AssertNotNull(arg);
  50894. bio = BIO_new(BIO_s_file());
  50895. BIO_set_fp(bio, arg, BIO_NOCLOSE);
  50896. BIO_printf(bio, "%s\n", mn);
  50897. BIO_free(bio);
  50898. #endif
  50899. }
  50900. #endif
  50901. static int test_OBJ_NAME_do_all(void)
  50902. {
  50903. int res = TEST_SKIPPED;
  50904. #if defined(OPENSSL_EXTRA)
  50905. OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NULL, NULL);
  50906. /* to confirm previous call gives no harm */
  50907. AssertTrue(1);
  50908. OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NULL, stderr);
  50909. /* to confirm previous call gives no harm */
  50910. AssertTrue(1);
  50911. OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_t, stderr);
  50912. AssertTrue(1);
  50913. OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_t, stderr);
  50914. AssertTrue(1);
  50915. OBJ_NAME_do_all(OBJ_NAME_TYPE_COMP_METH, obj_name_t, stderr);
  50916. AssertTrue(1);
  50917. OBJ_NAME_do_all(OBJ_NAME_TYPE_NUM, obj_name_t, stderr);
  50918. AssertTrue(1);
  50919. OBJ_NAME_do_all(OBJ_NAME_TYPE_UNDEF, obj_name_t, stderr);
  50920. AssertTrue(1);
  50921. OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_t, stderr);
  50922. AssertTrue(1);
  50923. OBJ_NAME_do_all(-1, obj_name_t, stderr);
  50924. AssertTrue(1);
  50925. res = TEST_RES_CHECK(1);
  50926. #endif
  50927. return res;
  50928. }
  50929. static int test_SSL_CIPHER_get_xxx(void)
  50930. {
  50931. int res = TEST_SKIPPED;
  50932. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  50933. !defined(NO_FILESYSTEM)
  50934. const SSL_CIPHER* cipher = NULL;
  50935. STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
  50936. int i, numCiphers = 0;
  50937. SSL_CTX* ctx = NULL;
  50938. SSL* ssl = NULL;
  50939. const char* testCertFile;
  50940. const char* testKeyFile;
  50941. char buf[256] = {0};
  50942. const char* cipher_id = NULL;
  50943. int expect_nid1 = NID_undef;
  50944. int expect_nid2 = NID_undef;
  50945. int expect_nid3 = NID_undef;
  50946. int expect_nid4 = NID_undef;
  50947. int expect_nid5 = 0;
  50948. const char* cipher_id2 = NULL;
  50949. int expect_nid21 = NID_undef;
  50950. int expect_nid22 = NID_undef;
  50951. int expect_nid23 = NID_undef;
  50952. int expect_nid24 = NID_undef;
  50953. int expect_nid25 = 0;
  50954. (void)cipher;
  50955. (void)supportedCiphers;
  50956. (void)i;
  50957. (void)numCiphers;
  50958. (void)ctx;
  50959. (void)ssl;
  50960. (void)testCertFile;
  50961. (void)testKeyFile;
  50962. #if defined(WOLFSSL_TLS13)
  50963. cipher_id = "TLS13-AES128-GCM-SHA256";
  50964. expect_nid1 = NID_auth_rsa;
  50965. expect_nid2 = NID_aes_128_gcm;
  50966. expect_nid3 = NID_sha256;
  50967. expect_nid4 = NID_kx_any;
  50968. expect_nid5 = 1;
  50969. #if !defined(WOLFSSL_NO_TLS12)
  50970. cipher_id2 = "ECDHE-RSA-AES256-GCM-SHA384";
  50971. expect_nid21 = NID_auth_rsa;
  50972. expect_nid22 = NID_aes_256_gcm;
  50973. expect_nid23 = NID_sha384;
  50974. expect_nid24 = NID_kx_ecdhe;
  50975. expect_nid25 = 1;
  50976. #endif
  50977. #endif
  50978. #ifdef NO_WOLFSSL_SERVER
  50979. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  50980. #else
  50981. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  50982. #endif
  50983. if (cipher_id) {
  50984. #ifndef NO_RSA
  50985. testCertFile = svrCertFile;
  50986. testKeyFile = svrKeyFile;
  50987. #elif defined(HAVE_ECC)
  50988. testCertFile = eccCertFile;
  50989. testKeyFile = eccKeyFile;
  50990. #else
  50991. testCertFile = NULL;
  50992. testKeyFile = NULL;
  50993. #endif
  50994. if (testCertFile != NULL && testKeyFile != NULL) {
  50995. AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
  50996. SSL_FILETYPE_PEM));
  50997. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
  50998. SSL_FILETYPE_PEM));
  50999. }
  51000. ssl = SSL_new(ctx);
  51001. AssertNotNull(ssl);
  51002. AssertIntEQ(SSL_in_init(ssl), 1);
  51003. supportedCiphers = SSL_get_ciphers(ssl);
  51004. numCiphers = sk_num(supportedCiphers);
  51005. for (i = 0; i < numCiphers; ++i) {
  51006. if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
  51007. SSL_CIPHER_description(cipher, buf, sizeof(buf));
  51008. }
  51009. if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) {
  51010. break;
  51011. }
  51012. }
  51013. /* test case for */
  51014. if (i != numCiphers) {
  51015. AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid1);
  51016. AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid2);
  51017. AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid3);
  51018. AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid4);
  51019. AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid5);
  51020. }
  51021. if (cipher_id2) {
  51022. for (i = 0; i < numCiphers; ++i) {
  51023. if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
  51024. SSL_CIPHER_description(cipher, buf, sizeof(buf));
  51025. }
  51026. if (XMEMCMP(cipher_id2, buf, XSTRLEN(cipher_id2)) == 0) {
  51027. break;
  51028. }
  51029. }
  51030. /* test case for */
  51031. if (i != numCiphers) {
  51032. AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid21);
  51033. AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid22);
  51034. AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid23);
  51035. AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid24);
  51036. AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid25);
  51037. }
  51038. }
  51039. }
  51040. if (ctx)
  51041. SSL_CTX_free(ctx);
  51042. if (ssl)
  51043. SSL_free(ssl);
  51044. res = TEST_RES_CHECK(1);
  51045. #endif
  51046. return res;
  51047. }
  51048. #if defined(WOLF_CRYPTO_CB) && defined(HAVE_IO_TESTS_DEPENDENCIES)
  51049. static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer,
  51050. int* keyFormat)
  51051. {
  51052. int ret;
  51053. byte* key_buf = NULL;
  51054. size_t key_sz = 0;
  51055. EncryptedInfo encInfo;
  51056. XMEMSET(&encInfo, 0, sizeof(encInfo));
  51057. ret = load_file(privKeyFile, &key_buf, &key_sz);
  51058. if (ret == 0) {
  51059. ret = wc_PemToDer(key_buf, key_sz, PRIVATEKEY_TYPE, pDer,
  51060. NULL, &encInfo, keyFormat);
  51061. }
  51062. if (key_buf != NULL) {
  51063. free(key_buf); key_buf = NULL;
  51064. }
  51065. (void)encInfo; /* not used in this test */
  51066. #ifdef DEBUG_WOLFSSL
  51067. fprintf(stderr, "%s (%d): Loading PEM %s (len %d) to DER (len %d)\n",
  51068. (ret == 0) ? "Success" : "Failure", ret, privKeyFile, (int)key_sz,
  51069. (*pDer)->length);
  51070. #endif
  51071. return ret;
  51072. }
  51073. static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
  51074. {
  51075. int ret = CRYPTOCB_UNAVAILABLE;
  51076. const char* privKeyFile = (const char*)ctx;
  51077. DerBuffer* pDer = NULL;
  51078. int keyFormat = 0;
  51079. if (info->algo_type == WC_ALGO_TYPE_PK) {
  51080. #ifdef DEBUG_WOLFSSL
  51081. fprintf(stderr, "test_CryptoCb_Func: Pk Type %d\n", info->pk.type);
  51082. #endif
  51083. #ifndef NO_RSA
  51084. if (info->pk.type == WC_PK_TYPE_RSA) {
  51085. switch (info->pk.rsa.type) {
  51086. case RSA_PUBLIC_ENCRYPT:
  51087. case RSA_PUBLIC_DECRYPT:
  51088. /* perform software based RSA public op */
  51089. ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */
  51090. break;
  51091. case RSA_PRIVATE_ENCRYPT:
  51092. case RSA_PRIVATE_DECRYPT:
  51093. {
  51094. RsaKey key;
  51095. /* perform software based RSA private op */
  51096. #ifdef DEBUG_WOLFSSL
  51097. fprintf(stderr, "test_CryptoCb_Func: RSA Priv\n");
  51098. #endif
  51099. ret = load_pem_key_file_as_der(privKeyFile, &pDer,
  51100. &keyFormat);
  51101. if (ret != 0) {
  51102. return ret;
  51103. }
  51104. ret = wc_InitRsaKey(&key, HEAP_HINT);
  51105. if (ret == 0) {
  51106. word32 keyIdx = 0;
  51107. /* load RSA private key and perform private transform */
  51108. ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx,
  51109. &key, pDer->length);
  51110. if (ret == 0) {
  51111. ret = wc_RsaFunction(
  51112. info->pk.rsa.in, info->pk.rsa.inLen,
  51113. info->pk.rsa.out, info->pk.rsa.outLen,
  51114. info->pk.rsa.type, &key, info->pk.rsa.rng);
  51115. }
  51116. else {
  51117. /* if decode fails, then fall-back to software based crypto */
  51118. fprintf(stderr, "test_CryptoCb_Func: RSA private "
  51119. "key decode failed %d, falling back to "
  51120. "software\n", ret);
  51121. ret = CRYPTOCB_UNAVAILABLE;
  51122. }
  51123. wc_FreeRsaKey(&key);
  51124. }
  51125. wc_FreeDer(&pDer); pDer = NULL;
  51126. break;
  51127. }
  51128. }
  51129. #ifdef DEBUG_WOLFSSL
  51130. fprintf(stderr, "test_CryptoCb_Func: RSA Type %d, Ret %d, Out %d\n",
  51131. info->pk.rsa.type, ret, *info->pk.rsa.outLen);
  51132. #endif
  51133. }
  51134. #endif /* !NO_RSA */
  51135. #ifdef HAVE_ECC
  51136. if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
  51137. /* mark this key as ephemeral */
  51138. if (info->pk.eckg.key != NULL) {
  51139. XSTRNCPY(info->pk.eckg.key->label, "ephemeral",
  51140. sizeof(info->pk.eckg.key->label));
  51141. info->pk.eckg.key->labelLen = (int)XSTRLEN(info->pk.eckg.key->label);
  51142. }
  51143. }
  51144. else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
  51145. ecc_key key;
  51146. /* perform software based ECC sign */
  51147. #ifdef DEBUG_WOLFSSL
  51148. fprintf(stderr, "test_CryptoCb_Func: ECC Sign\n");
  51149. #endif
  51150. if (info->pk.eccsign.key != NULL &&
  51151. XSTRCMP(info->pk.eccsign.key->label, "ephemeral") == 0) {
  51152. /* this is an empheral key */
  51153. #ifdef DEBUG_WOLFSSL
  51154. fprintf(stderr, "test_CryptoCb_Func: skipping signing op on "
  51155. "ephemeral key\n");
  51156. #endif
  51157. return CRYPTOCB_UNAVAILABLE;
  51158. }
  51159. ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat);
  51160. if (ret != 0) {
  51161. return ret;
  51162. }
  51163. ret = wc_ecc_init(&key);
  51164. if (ret == 0) {
  51165. word32 keyIdx = 0;
  51166. /* load ECC private key and perform private transform */
  51167. ret = wc_EccPrivateKeyDecode(pDer->buffer, &keyIdx,
  51168. &key, pDer->length);
  51169. if (ret == 0) {
  51170. ret = wc_ecc_sign_hash(
  51171. info->pk.eccsign.in, info->pk.eccsign.inlen,
  51172. info->pk.eccsign.out, info->pk.eccsign.outlen,
  51173. info->pk.eccsign.rng, &key);
  51174. }
  51175. else {
  51176. /* if decode fails, then fall-back to software based crypto */
  51177. fprintf(stderr, "test_CryptoCb_Func: ECC private key "
  51178. "decode failed %d, falling back to software\n", ret);
  51179. ret = CRYPTOCB_UNAVAILABLE;
  51180. }
  51181. wc_ecc_free(&key);
  51182. }
  51183. wc_FreeDer(&pDer); pDer = NULL;
  51184. #ifdef DEBUG_WOLFSSL
  51185. fprintf(stderr, "test_CryptoCb_Func: ECC Ret %d, Out %d\n",
  51186. ret, *info->pk.eccsign.outlen);
  51187. #endif
  51188. }
  51189. #endif /* HAVE_ECC */
  51190. #ifdef HAVE_ED25519
  51191. if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
  51192. ed25519_key key;
  51193. /* perform software based ED25519 sign */
  51194. #ifdef DEBUG_WOLFSSL
  51195. fprintf(stderr, "test_CryptoCb_Func: ED25519 Sign\n");
  51196. #endif
  51197. ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat);
  51198. if (ret != 0) {
  51199. return ret;
  51200. }
  51201. ret = wc_ed25519_init(&key);
  51202. if (ret == 0) {
  51203. word32 keyIdx = 0;
  51204. /* load ED25519 private key and perform private transform */
  51205. ret = wc_Ed25519PrivateKeyDecode(pDer->buffer, &keyIdx,
  51206. &key, pDer->length);
  51207. if (ret == 0) {
  51208. /* calculate public key */
  51209. ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE);
  51210. if (ret == 0) {
  51211. key.pubKeySet = 1;
  51212. ret = wc_ed25519_sign_msg_ex(
  51213. info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
  51214. info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
  51215. &key, info->pk.ed25519sign.type,
  51216. info->pk.ed25519sign.context,
  51217. info->pk.ed25519sign.contextLen);
  51218. }
  51219. }
  51220. else {
  51221. /* if decode fails, then fall-back to software based crypto */
  51222. fprintf(stderr, "test_CryptoCb_Func: ED25519 private key "
  51223. "decode failed %d, falling back to software\n", ret);
  51224. ret = CRYPTOCB_UNAVAILABLE;
  51225. }
  51226. wc_ed25519_free(&key);
  51227. }
  51228. wc_FreeDer(&pDer); pDer = NULL;
  51229. #ifdef DEBUG_WOLFSSL
  51230. fprintf(stderr, "test_CryptoCb_Func: ED25519 Ret %d, Out %d\n",
  51231. ret, *info->pk.ed25519sign.outLen);
  51232. #endif
  51233. }
  51234. #endif /* HAVE_ED25519 */
  51235. }
  51236. (void)thisDevId;
  51237. (void)keyFormat;
  51238. return ret;
  51239. }
  51240. /* tlsVer: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
  51241. static void test_wc_CryptoCb_TLS(int tlsVer,
  51242. const char* cliCaPemFile, const char* cliCertPemFile,
  51243. const char* cliPrivKeyPemFile, const char* cliPubKeyPemFile,
  51244. const char* svrCaPemFile, const char* svrCertPemFile,
  51245. const char* svrPrivKeyPemFile, const char* svrPubKeyPemFile)
  51246. {
  51247. callback_functions client_cbf;
  51248. callback_functions server_cbf;
  51249. XMEMSET(&client_cbf, 0, sizeof(client_cbf));
  51250. XMEMSET(&server_cbf, 0, sizeof(server_cbf));
  51251. if (tlsVer == WOLFSSL_TLSV1_3) {
  51252. #ifdef WOLFSSL_TLS13
  51253. server_cbf.method = wolfTLSv1_3_server_method;
  51254. client_cbf.method = wolfTLSv1_3_client_method;
  51255. #endif
  51256. }
  51257. else if (tlsVer == WOLFSSL_TLSV1_2) {
  51258. #ifndef WOLFSSL_NO_TLS12
  51259. server_cbf.method = wolfTLSv1_2_server_method;
  51260. client_cbf.method = wolfTLSv1_2_client_method;
  51261. #endif
  51262. }
  51263. else if (tlsVer == WOLFSSL_TLSV1_1) {
  51264. #ifndef NO_OLD_TLS
  51265. server_cbf.method = wolfTLSv1_1_server_method;
  51266. client_cbf.method = wolfTLSv1_1_client_method;
  51267. #endif
  51268. }
  51269. else if (tlsVer == WOLFSSL_TLSV1) {
  51270. #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
  51271. server_cbf.method = wolfTLSv1_server_method;
  51272. client_cbf.method = wolfTLSv1_client_method;
  51273. #endif
  51274. }
  51275. else if (tlsVer == WOLFSSL_SSLV3) {
  51276. #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \
  51277. defined(WOLFSSL_STATIC_RSA)
  51278. server_cbf.method = wolfSSLv3_server_method;
  51279. client_cbf.method = wolfSSLv3_client_method;
  51280. #endif
  51281. }
  51282. else if (tlsVer == WOLFSSL_DTLSV1_2) {
  51283. #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
  51284. server_cbf.method = wolfDTLSv1_2_server_method;
  51285. client_cbf.method = wolfDTLSv1_2_client_method;
  51286. #endif
  51287. }
  51288. else if (tlsVer == WOLFSSL_DTLSV1) {
  51289. #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
  51290. server_cbf.method = wolfDTLSv1_server_method;
  51291. client_cbf.method = wolfDTLSv1_client_method;
  51292. #endif
  51293. }
  51294. if (server_cbf.method == NULL) {
  51295. /* not enabled */
  51296. return;
  51297. }
  51298. /* Setup the keys for the TLS test */
  51299. client_cbf.certPemFile = cliCertPemFile;
  51300. client_cbf.keyPemFile = cliPubKeyPemFile;
  51301. client_cbf.caPemFile = cliCaPemFile;
  51302. server_cbf.certPemFile = svrCertPemFile;
  51303. server_cbf.keyPemFile = svrPubKeyPemFile;
  51304. server_cbf.caPemFile = svrCaPemFile;
  51305. /* Setup a crypto callback with pointer to private key file for testing */
  51306. client_cbf.devId = 1;
  51307. wc_CryptoCb_RegisterDevice(client_cbf.devId, test_CryptoCb_Func,
  51308. (void*)cliPrivKeyPemFile);
  51309. server_cbf.devId = 2;
  51310. wc_CryptoCb_RegisterDevice(server_cbf.devId, test_CryptoCb_Func,
  51311. (void*)svrPrivKeyPemFile);
  51312. /* Perform TLS server and client test */
  51313. /* First test is at WOLFSSL_CTX level */
  51314. test_wolfSSL_client_server(&client_cbf, &server_cbf);
  51315. /* Check for success */
  51316. AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
  51317. AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
  51318. /* Second test is a WOLFSSL object level */
  51319. client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1;
  51320. test_wolfSSL_client_server(&client_cbf, &server_cbf);
  51321. /* Check for success */
  51322. AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
  51323. AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
  51324. /* Un register the devId's */
  51325. wc_CryptoCb_UnRegisterDevice(client_cbf.devId);
  51326. client_cbf.devId = INVALID_DEVID;
  51327. wc_CryptoCb_UnRegisterDevice(server_cbf.devId);
  51328. server_cbf.devId = INVALID_DEVID;
  51329. }
  51330. #endif /* WOLF_CRYPTO_CB && HAVE_IO_TESTS_DEPENDENCIES */
  51331. static int test_wc_CryptoCb(void)
  51332. {
  51333. int res = TEST_SKIPPED;
  51334. #ifdef WOLF_CRYPTO_CB
  51335. /* TODO: Add crypto callback API tests */
  51336. #ifdef HAVE_IO_TESTS_DEPENDENCIES
  51337. #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
  51338. int tlsVer;
  51339. #endif
  51340. #ifndef NO_RSA
  51341. for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
  51342. test_wc_CryptoCb_TLS(tlsVer,
  51343. svrCertFile, cliCertFile, cliKeyFile, cliKeyPubFile,
  51344. cliCertFile, svrCertFile, svrKeyFile, svrKeyPubFile);
  51345. }
  51346. #endif
  51347. #ifdef HAVE_ECC
  51348. for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
  51349. test_wc_CryptoCb_TLS(tlsVer,
  51350. caEccCertFile, cliEccCertFile, cliEccKeyFile, cliEccKeyPubFile,
  51351. cliEccCertFile, eccCertFile, eccKeyFile, eccKeyPubFile);
  51352. }
  51353. #endif
  51354. #ifdef HAVE_ED25519
  51355. for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) {
  51356. if (tlsVer == WOLFSSL_DTLSV1) continue;
  51357. test_wc_CryptoCb_TLS(tlsVer,
  51358. caEdCertFile, cliEdCertFile, cliEdKeyFile, cliEdKeyPubFile,
  51359. cliEdCertFile, edCertFile, edKeyFile, edKeyPubFile);
  51360. }
  51361. #endif
  51362. #endif /* HAVE_IO_TESTS_DEPENDENCIES */
  51363. res = TEST_RES_CHECK(1);
  51364. #endif /* WOLF_CRYPTO_CB */
  51365. return res;
  51366. }
  51367. #if defined(WOLFSSL_STATIC_MEMORY) && defined(HAVE_IO_TESTS_DEPENDENCIES)
  51368. /* tlsVer: Example: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
  51369. static void test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer,
  51370. const char* cliCaPemFile, const char* cliCertPemFile,
  51371. const char* cliPrivKeyPemFile,
  51372. const char* svrCaPemFile, const char* svrCertPemFile,
  51373. const char* svrPrivKeyPemFile,
  51374. byte* cliMem, word32 cliMemSz, byte* svrMem, word32 svrMemSz)
  51375. {
  51376. callback_functions client_cbf;
  51377. callback_functions server_cbf;
  51378. XMEMSET(&client_cbf, 0, sizeof(client_cbf));
  51379. XMEMSET(&server_cbf, 0, sizeof(server_cbf));
  51380. if (tlsVer == WOLFSSL_TLSV1_3) {
  51381. #ifdef WOLFSSL_TLS13
  51382. server_cbf.method_ex = wolfTLSv1_3_server_method_ex;
  51383. client_cbf.method_ex = wolfTLSv1_3_client_method_ex;
  51384. #endif
  51385. }
  51386. else if (tlsVer == WOLFSSL_TLSV1_2) {
  51387. #ifndef WOLFSSL_NO_TLS12
  51388. server_cbf.method_ex = wolfTLSv1_2_server_method_ex;
  51389. client_cbf.method_ex = wolfTLSv1_2_client_method_ex;
  51390. #endif
  51391. }
  51392. else if (tlsVer == WOLFSSL_TLSV1_1) {
  51393. #ifndef NO_OLD_TLS
  51394. server_cbf.method_ex = wolfTLSv1_1_server_method_ex;
  51395. client_cbf.method_ex = wolfTLSv1_1_client_method_ex;
  51396. #endif
  51397. }
  51398. else if (tlsVer == WOLFSSL_TLSV1) {
  51399. #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
  51400. server_cbf.method_ex = wolfTLSv1_server_method_ex;
  51401. client_cbf.method_ex = wolfTLSv1_client_method_ex;
  51402. #endif
  51403. }
  51404. else if (tlsVer == WOLFSSL_SSLV3) {
  51405. #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \
  51406. defined(WOLFSSL_STATIC_RSA)
  51407. server_cbf.method_ex = wolfSSLv3_server_method_ex;
  51408. client_cbf.method_ex = wolfSSLv3_client_method_ex;
  51409. #endif
  51410. }
  51411. else if (tlsVer == WOLFSSL_DTLSV1_2) {
  51412. #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
  51413. server_cbf.method_ex = wolfDTLSv1_2_server_method_ex;
  51414. client_cbf.method_ex = wolfDTLSv1_2_client_method_ex;
  51415. #endif
  51416. }
  51417. else if (tlsVer == WOLFSSL_DTLSV1) {
  51418. #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
  51419. server_cbf.method_ex = wolfDTLSv1_server_method_ex;
  51420. client_cbf.method_ex = wolfDTLSv1_client_method_ex;
  51421. #endif
  51422. }
  51423. if (server_cbf.method_ex == NULL) {
  51424. /* not enabled */
  51425. return;
  51426. }
  51427. /* Setup the keys for the TLS test */
  51428. client_cbf.certPemFile = cliCertPemFile;
  51429. client_cbf.keyPemFile = cliPrivKeyPemFile;
  51430. client_cbf.caPemFile = cliCaPemFile;
  51431. server_cbf.certPemFile = svrCertPemFile;
  51432. server_cbf.keyPemFile = svrPrivKeyPemFile;
  51433. server_cbf.caPemFile = svrCaPemFile;
  51434. client_cbf.mem = cliMem;
  51435. client_cbf.memSz = cliMemSz;
  51436. server_cbf.mem = svrMem;
  51437. server_cbf.memSz = svrMemSz;
  51438. client_cbf.devId = INVALID_DEVID;
  51439. server_cbf.devId = INVALID_DEVID;
  51440. /* Perform TLS server and client test */
  51441. /* First test is at WOLFSSL_CTX level */
  51442. test_wolfSSL_client_server(&client_cbf, &server_cbf);
  51443. /* Check for success */
  51444. AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
  51445. AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
  51446. /* Second test is a WOLFSSL object level */
  51447. client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1;
  51448. test_wolfSSL_client_server(&client_cbf, &server_cbf);
  51449. /* Check for success */
  51450. AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
  51451. AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
  51452. }
  51453. #endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */
  51454. #ifdef WOLFSSL_STATIC_MEMORY
  51455. #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \
  51456. defined(SESSION_CERTS)
  51457. #ifdef OPENSSL_EXTRA
  51458. #define TEST_TLS_STATIC_MEMSZ (400000)
  51459. #else
  51460. #define TEST_TLS_STATIC_MEMSZ (320000)
  51461. #endif
  51462. #else
  51463. #define TEST_TLS_STATIC_MEMSZ (80000)
  51464. #endif
  51465. static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx)
  51466. {
  51467. WOLFSSL *ssl1 = NULL, *ssl2 = NULL, *ssl3 = NULL;
  51468. WOLFSSL_MEM_STATS mem_stats;
  51469. WOLFSSL_MEM_CONN_STATS ssl_stats;
  51470. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
  51471. AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  51472. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  51473. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  51474. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  51475. #endif
  51476. AssertNotNull((ssl1 = wolfSSL_new(ctx)));
  51477. AssertNotNull((ssl2 = wolfSSL_new(ctx)));
  51478. /* this should fail because kMaxCtxClients == 2 */
  51479. AssertNull((ssl3 = wolfSSL_new(ctx)));
  51480. if (wolfSSL_is_static_memory(ssl1, &ssl_stats) == 1) {
  51481. #ifdef DEBUG_WOLFSSL
  51482. wolfSSL_PrintStatsConn(&ssl_stats);
  51483. #endif
  51484. (void)ssl_stats;
  51485. }
  51486. /* display collected statistics */
  51487. if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) == 1) {
  51488. #ifdef DEBUG_WOLFSSL
  51489. wolfSSL_PrintStats(&mem_stats);
  51490. #endif
  51491. (void)mem_stats;
  51492. }
  51493. wolfSSL_free(ssl1);
  51494. wolfSSL_free(ssl2);
  51495. return TEST_RES_CHECK(1);
  51496. }
  51497. #endif /* WOLFSSL_STATIC_MEMORY */
  51498. static int test_wolfSSL_CTX_StaticMemory(void)
  51499. {
  51500. int res = TEST_SKIPPED;
  51501. #ifdef WOLFSSL_STATIC_MEMORY
  51502. wolfSSL_method_func method_func;
  51503. WOLFSSL_CTX* ctx;
  51504. const int kMaxCtxClients = 2;
  51505. #ifdef HAVE_IO_TESTS_DEPENDENCIES
  51506. #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
  51507. int tlsVer;
  51508. byte cliMem[TEST_TLS_STATIC_MEMSZ];
  51509. #endif
  51510. #endif
  51511. byte svrMem[TEST_TLS_STATIC_MEMSZ];
  51512. #ifndef NO_WOLFSSL_SERVER
  51513. #ifndef WOLFSSL_NO_TLS12
  51514. method_func = wolfTLSv1_2_server_method_ex;
  51515. #else
  51516. method_func = wolfTLSv1_3_server_method_ex;
  51517. #endif
  51518. #else
  51519. #ifndef WOLFSSL_NO_TLS12
  51520. method_func = wolfTLSv1_2_client_method_ex;
  51521. #else
  51522. method_func = wolfTLSv1_3_client_method_ex;
  51523. #endif
  51524. #endif
  51525. /* Test creating CTX directly from static memory pool */
  51526. ctx = NULL;
  51527. AssertIntEQ(wolfSSL_CTX_load_static_memory(
  51528. &ctx, method_func, svrMem, sizeof(svrMem),
  51529. 0, kMaxCtxClients), WOLFSSL_SUCCESS);
  51530. test_wolfSSL_CTX_StaticMemory_SSL(ctx);
  51531. wolfSSL_CTX_free(ctx);
  51532. ctx = NULL;
  51533. /* Test for heap allocated CTX, then assigning static pool to it */
  51534. AssertNotNull(ctx = wolfSSL_CTX_new(method_func(NULL)));
  51535. AssertIntEQ(wolfSSL_CTX_load_static_memory(&ctx,
  51536. NULL, svrMem, sizeof(svrMem),
  51537. 0, kMaxCtxClients), WOLFSSL_SUCCESS);
  51538. test_wolfSSL_CTX_StaticMemory_SSL(ctx);
  51539. wolfSSL_CTX_free(ctx);
  51540. /* TLS Level Tests using static memory */
  51541. #ifdef HAVE_IO_TESTS_DEPENDENCIES
  51542. #ifndef NO_RSA
  51543. for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
  51544. test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
  51545. svrCertFile, cliCertFile, cliKeyFile,
  51546. cliCertFile, svrCertFile, svrKeyFile,
  51547. cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
  51548. }
  51549. #endif
  51550. #ifdef HAVE_ECC
  51551. for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
  51552. test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
  51553. caEccCertFile, cliEccCertFile, cliEccKeyFile,
  51554. cliEccCertFile, eccCertFile, eccKeyFile,
  51555. cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
  51556. }
  51557. #endif
  51558. #ifdef HAVE_ED25519
  51559. for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) {
  51560. if (tlsVer == WOLFSSL_DTLSV1) continue;
  51561. test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
  51562. caEdCertFile, cliEdCertFile, cliEdKeyFile,
  51563. cliEdCertFile, edCertFile, edKeyFile,
  51564. cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
  51565. }
  51566. #endif
  51567. #endif /* HAVE_IO_TESTS_DEPENDENCIES */
  51568. res = TEST_RES_CHECK(1);
  51569. #endif
  51570. return res;
  51571. }
  51572. static int test_openssl_FIPS_drbg(void)
  51573. {
  51574. int res = TEST_SKIPPED;
  51575. #if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG)
  51576. DRBG_CTX* dctx;
  51577. byte data1[32], data2[32], zeroData[32];
  51578. byte testSeed[16];
  51579. size_t dlen = sizeof(data1);
  51580. int i;
  51581. XMEMSET(data1, 0, dlen);
  51582. XMEMSET(data2, 0, dlen);
  51583. XMEMSET(zeroData, 0, sizeof(zeroData));
  51584. for (i=0; i<(int)sizeof(testSeed); i++) {
  51585. testSeed[i] = (byte)i;
  51586. }
  51587. AssertNotNull(dctx = FIPS_get_default_drbg());
  51588. AssertIntEQ(FIPS_drbg_init(dctx, 0, 0), WOLFSSL_SUCCESS);
  51589. AssertIntEQ(FIPS_drbg_set_callbacks(dctx, NULL, NULL, 20, NULL, NULL),
  51590. WOLFSSL_SUCCESS);
  51591. AssertIntEQ(FIPS_drbg_instantiate(dctx, NULL, 0), WOLFSSL_SUCCESS);
  51592. AssertIntEQ(FIPS_drbg_generate(dctx, data1, dlen, 0, NULL, 0),
  51593. WOLFSSL_SUCCESS);
  51594. AssertIntNE(XMEMCMP(data1, zeroData, dlen), 0);
  51595. AssertIntEQ(FIPS_drbg_reseed(dctx, testSeed, sizeof(testSeed)),
  51596. WOLFSSL_SUCCESS);
  51597. AssertIntEQ(FIPS_drbg_generate(dctx, data2, dlen, 0, NULL, 0),
  51598. WOLFSSL_SUCCESS);
  51599. AssertIntNE(XMEMCMP(data1, zeroData, dlen), 0);
  51600. AssertIntNE(XMEMCMP(data1, data2, dlen), 0);
  51601. AssertIntEQ(FIPS_drbg_uninstantiate(dctx), WOLFSSL_SUCCESS);
  51602. res = TEST_RES_CHECK(1);
  51603. #endif
  51604. return res;
  51605. }
  51606. static int test_wolfSSL_FIPS_mode(void)
  51607. {
  51608. int res = TEST_SKIPPED;
  51609. #if defined(OPENSSL_ALL)
  51610. #ifdef HAVE_FIPS
  51611. AssertIntEQ(wolfSSL_FIPS_mode(), 1);
  51612. AssertIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_FAILURE);
  51613. AssertIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_SUCCESS);
  51614. #else
  51615. AssertIntEQ(wolfSSL_FIPS_mode(), 0);
  51616. AssertIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_SUCCESS);
  51617. AssertIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_FAILURE);
  51618. #endif
  51619. res = TEST_RES_CHECK(1);
  51620. #endif
  51621. return res;
  51622. }
  51623. #ifdef WOLFSSL_DTLS
  51624. /* Prints out the current window */
  51625. static void DUW_TEST_print_window_binary(word32 h, word32 l, word32* w) {
  51626. #ifdef WOLFSSL_DEBUG_DTLS_WINDOW
  51627. int i;
  51628. for (i = WOLFSSL_DTLS_WINDOW_WORDS - 1; i >= 0; i--) {
  51629. word32 b = w[i];
  51630. int j;
  51631. /* Prints out a 32 bit binary number in big endian order */
  51632. for (j = 0; j < 32; j++, b <<= 1) {
  51633. if (b & (((word32)1) << 31))
  51634. fprintf(stderr, "1");
  51635. else
  51636. fprintf(stderr, "0");
  51637. }
  51638. fprintf(stderr, " ");
  51639. }
  51640. fprintf(stderr, "cur_hi %u cur_lo %u\n", h, l);
  51641. #else
  51642. (void)h;
  51643. (void)l;
  51644. (void)w;
  51645. #endif
  51646. }
  51647. /* a - cur_hi
  51648. * b - cur_lo
  51649. * c - next_hi
  51650. * d - next_lo
  51651. * e - window
  51652. * f - expected next_hi
  51653. * g - expected next_lo
  51654. * h - expected window[1]
  51655. * i - expected window[0]
  51656. */
  51657. #define DUW_TEST(a,b,c,d,e,f,g,h,i) do { \
  51658. wolfSSL_DtlsUpdateWindow((a), (b), &(c), &(d), (e)); \
  51659. DUW_TEST_print_window_binary((a), (b), (e)); \
  51660. AssertIntEQ((c), (f)); \
  51661. AssertIntEQ((d), (g)); \
  51662. AssertIntEQ((e)[1], (h)); \
  51663. AssertIntEQ((e)[0], (i)); \
  51664. } while (0)
  51665. static int test_wolfSSL_DtlsUpdateWindow(void)
  51666. {
  51667. word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
  51668. word32 next_lo = 0;
  51669. word16 next_hi = 0;
  51670. #ifdef WOLFSSL_DEBUG_DTLS_WINDOW
  51671. fprintf(stderr, "\n");
  51672. #endif
  51673. XMEMSET(window, 0, sizeof window);
  51674. DUW_TEST(0, 0, next_hi, next_lo, window, 0, 1, 0, 0x01);
  51675. DUW_TEST(0, 1, next_hi, next_lo, window, 0, 2, 0, 0x03);
  51676. DUW_TEST(0, 5, next_hi, next_lo, window, 0, 6, 0, 0x31);
  51677. DUW_TEST(0, 4, next_hi, next_lo, window, 0, 6, 0, 0x33);
  51678. DUW_TEST(0, 100, next_hi, next_lo, window, 0, 101, 0, 0x01);
  51679. DUW_TEST(0, 101, next_hi, next_lo, window, 0, 102, 0, 0x03);
  51680. DUW_TEST(0, 133, next_hi, next_lo, window, 0, 134, 0x03, 0x01);
  51681. DUW_TEST(0, 200, next_hi, next_lo, window, 0, 201, 0, 0x01);
  51682. DUW_TEST(0, 264, next_hi, next_lo, window, 0, 265, 0, 0x01);
  51683. DUW_TEST(0, 0xFFFFFFFF, next_hi, next_lo, window, 1, 0, 0, 0x01);
  51684. DUW_TEST(0, 0xFFFFFFFD, next_hi, next_lo, window, 1, 0, 0, 0x05);
  51685. DUW_TEST(0, 0xFFFFFFFE, next_hi, next_lo, window, 1, 0, 0, 0x07);
  51686. DUW_TEST(1, 3, next_hi, next_lo, window, 1, 4, 0, 0x71);
  51687. DUW_TEST(1, 0, next_hi, next_lo, window, 1, 4, 0, 0x79);
  51688. DUW_TEST(1, 0xFFFFFFFF, next_hi, next_lo, window, 2, 0, 0, 0x01);
  51689. DUW_TEST(2, 3, next_hi, next_lo, window, 2, 4, 0, 0x11);
  51690. DUW_TEST(2, 0, next_hi, next_lo, window, 2, 4, 0, 0x19);
  51691. DUW_TEST(2, 25, next_hi, next_lo, window, 2, 26, 0, 0x6400001);
  51692. DUW_TEST(2, 27, next_hi, next_lo, window, 2, 28, 0, 0x19000005);
  51693. DUW_TEST(2, 29, next_hi, next_lo, window, 2, 30, 0, 0x64000015);
  51694. DUW_TEST(2, 33, next_hi, next_lo, window, 2, 34, 6, 0x40000151);
  51695. DUW_TEST(2, 60, next_hi, next_lo, window, 2, 61, 0x3200000A, 0x88000001);
  51696. DUW_TEST(1, 0xFFFFFFF0, next_hi, next_lo, window, 2, 61, 0x3200000A, 0x88000001);
  51697. DUW_TEST(2, 0xFFFFFFFD, next_hi, next_lo, window, 2, 0xFFFFFFFE, 0, 0x01);
  51698. DUW_TEST(3, 1, next_hi, next_lo, window, 3, 2, 0, 0x11);
  51699. DUW_TEST(99, 66, next_hi, next_lo, window, 99, 67, 0, 0x01);
  51700. DUW_TEST(50, 66, next_hi, next_lo, window, 99, 67, 0, 0x01);
  51701. DUW_TEST(100, 68, next_hi, next_lo, window, 100, 69, 0, 0x01);
  51702. DUW_TEST(99, 50, next_hi, next_lo, window, 100, 69, 0, 0x01);
  51703. DUW_TEST(99, 0xFFFFFFFF, next_hi, next_lo, window, 100, 69, 0, 0x01);
  51704. DUW_TEST(150, 0xFFFFFFFF, next_hi, next_lo, window, 151, 0, 0, 0x01);
  51705. DUW_TEST(152, 0xFFFFFFFF, next_hi, next_lo, window, 153, 0, 0, 0x01);
  51706. return TEST_RES_CHECK(1);
  51707. }
  51708. #endif /* WOLFSSL_DTLS */
  51709. #ifdef WOLFSSL_DTLS
  51710. static int DFB_TEST(WOLFSSL* ssl, word32 seq, word32 len, word32 f_offset,
  51711. word32 f_len, word32 f_count, byte ready, word32 bytesReceived)
  51712. {
  51713. DtlsMsg* cur;
  51714. static byte msg[100];
  51715. static byte msgInit = 0;
  51716. if (!msgInit) {
  51717. int i;
  51718. for (i = 0; i < 100; i++)
  51719. msg[i] = i + 1;
  51720. msgInit = 1;
  51721. }
  51722. /* Sanitize test parameters */
  51723. if (len > sizeof(msg))
  51724. return -1;
  51725. if (f_offset + f_len > sizeof(msg))
  51726. return -1;
  51727. DtlsMsgStore(ssl, 0, seq, msg + f_offset, len, certificate, f_offset, f_len, NULL);
  51728. if (ssl->dtls_rx_msg_list == NULL)
  51729. return -100;
  51730. if ((cur = DtlsMsgFind(ssl->dtls_rx_msg_list, 0, seq)) == NULL)
  51731. return -200;
  51732. if (cur->fragBucketListCount != f_count)
  51733. return -300;
  51734. if (cur->ready != ready)
  51735. return -400;
  51736. if (cur->bytesReceived != bytesReceived)
  51737. return -500;
  51738. if (ready) {
  51739. if (cur->fragBucketList != NULL)
  51740. return -600;
  51741. if (XMEMCMP(cur->fullMsg, msg, cur->sz) != 0)
  51742. return -700;
  51743. }
  51744. else {
  51745. DtlsFragBucket* fb;
  51746. if (cur->fragBucketList == NULL)
  51747. return -800;
  51748. for (fb = cur->fragBucketList; fb != NULL; fb = fb->m.m.next) {
  51749. if (XMEMCMP(fb->buf, msg + fb->m.m.offset, fb->m.m.sz) != 0)
  51750. return -900;
  51751. }
  51752. }
  51753. return 0;
  51754. }
  51755. static void DFB_TEST_RESET(WOLFSSL* ssl)
  51756. {
  51757. DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
  51758. ssl->dtls_rx_msg_list = NULL;
  51759. ssl->dtls_rx_msg_list_sz = 0;
  51760. }
  51761. static int test_wolfSSL_DTLS_fragment_buckets(void)
  51762. {
  51763. WOLFSSL ssl[1];
  51764. XMEMSET(ssl, 0, sizeof(*ssl));
  51765. AssertIntEQ(DFB_TEST(ssl, 0, 100, 0, 100, 0, 1, 100), 0); /* 0-100 */
  51766. AssertIntEQ(DFB_TEST(ssl, 1, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */
  51767. AssertIntEQ(DFB_TEST(ssl, 1, 100, 20, 20, 1, 0, 40), 0); /* 20-40 */
  51768. AssertIntEQ(DFB_TEST(ssl, 1, 100, 40, 20, 1, 0, 60), 0); /* 40-60 */
  51769. AssertIntEQ(DFB_TEST(ssl, 1, 100, 60, 20, 1, 0, 80), 0); /* 60-80 */
  51770. AssertIntEQ(DFB_TEST(ssl, 1, 100, 80, 20, 0, 1, 100), 0); /* 80-100 */
  51771. /* Test all permutations of 3 regions */
  51772. /* 1 2 3 */
  51773. AssertIntEQ(DFB_TEST(ssl, 2, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */
  51774. AssertIntEQ(DFB_TEST(ssl, 2, 100, 30, 30, 1, 0, 60), 0); /* 30-60 */
  51775. AssertIntEQ(DFB_TEST(ssl, 2, 100, 60, 40, 0, 1, 100), 0); /* 60-100 */
  51776. /* 1 3 2 */
  51777. AssertIntEQ(DFB_TEST(ssl, 3, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */
  51778. AssertIntEQ(DFB_TEST(ssl, 3, 100, 60, 40, 2, 0, 70), 0); /* 60-100 */
  51779. AssertIntEQ(DFB_TEST(ssl, 3, 100, 30, 30, 0, 1, 100), 0); /* 30-60 */
  51780. /* 2 1 3 */
  51781. AssertIntEQ(DFB_TEST(ssl, 4, 100, 30, 30, 1, 0, 30), 0); /* 30-60 */
  51782. AssertIntEQ(DFB_TEST(ssl, 4, 100, 0, 30, 1, 0, 60), 0); /* 0-30 */
  51783. AssertIntEQ(DFB_TEST(ssl, 4, 100, 60, 40, 0, 1, 100), 0); /* 60-100 */
  51784. /* 2 3 1 */
  51785. AssertIntEQ(DFB_TEST(ssl, 5, 100, 30, 30, 1, 0, 30), 0); /* 30-60 */
  51786. AssertIntEQ(DFB_TEST(ssl, 5, 100, 60, 40, 1, 0, 70), 0); /* 60-100 */
  51787. AssertIntEQ(DFB_TEST(ssl, 5, 100, 0, 30, 0, 1, 100), 0); /* 0-30 */
  51788. /* 3 1 2 */
  51789. AssertIntEQ(DFB_TEST(ssl, 6, 100, 60, 40, 1, 0, 40), 0); /* 60-100 */
  51790. AssertIntEQ(DFB_TEST(ssl, 6, 100, 0, 30, 2, 0, 70), 0); /* 0-30 */
  51791. AssertIntEQ(DFB_TEST(ssl, 6, 100, 30, 30, 0, 1, 100), 0); /* 30-60 */
  51792. /* 3 2 1 */
  51793. AssertIntEQ(DFB_TEST(ssl, 7, 100, 60, 40, 1, 0, 40), 0); /* 60-100 */
  51794. AssertIntEQ(DFB_TEST(ssl, 7, 100, 30, 30, 1, 0, 70), 0); /* 30-60 */
  51795. AssertIntEQ(DFB_TEST(ssl, 7, 100, 0, 30, 0, 1, 100), 0); /* 0-30 */
  51796. /* Test overlapping regions */
  51797. AssertIntEQ(DFB_TEST(ssl, 8, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */
  51798. AssertIntEQ(DFB_TEST(ssl, 8, 100, 20, 10, 1, 0, 30), 0); /* 20-30 */
  51799. AssertIntEQ(DFB_TEST(ssl, 8, 100, 70, 10, 2, 0, 40), 0); /* 70-80 */
  51800. AssertIntEQ(DFB_TEST(ssl, 8, 100, 20, 30, 2, 0, 60), 0); /* 20-50 */
  51801. AssertIntEQ(DFB_TEST(ssl, 8, 100, 40, 60, 0, 1, 100), 0); /* 40-100 */
  51802. /* Test overlapping multiple regions */
  51803. AssertIntEQ(DFB_TEST(ssl, 9, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */
  51804. AssertIntEQ(DFB_TEST(ssl, 9, 100, 30, 5, 2, 0, 25), 0); /* 30-35 */
  51805. AssertIntEQ(DFB_TEST(ssl, 9, 100, 40, 5, 3, 0, 30), 0); /* 40-45 */
  51806. AssertIntEQ(DFB_TEST(ssl, 9, 100, 50, 5, 4, 0, 35), 0); /* 50-55 */
  51807. AssertIntEQ(DFB_TEST(ssl, 9, 100, 60, 5, 5, 0, 40), 0); /* 60-65 */
  51808. AssertIntEQ(DFB_TEST(ssl, 9, 100, 70, 5, 6, 0, 45), 0); /* 70-75 */
  51809. AssertIntEQ(DFB_TEST(ssl, 9, 100, 30, 25, 4, 0, 55), 0); /* 30-55 */
  51810. AssertIntEQ(DFB_TEST(ssl, 9, 100, 55, 15, 2, 0, 65), 0); /* 55-70 */
  51811. AssertIntEQ(DFB_TEST(ssl, 9, 100, 75, 25, 2, 0, 90), 0); /* 75-100 */
  51812. AssertIntEQ(DFB_TEST(ssl, 9, 100, 10, 25, 0, 1, 100), 0); /* 10-35 */
  51813. AssertIntEQ(DFB_TEST(ssl, 10, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */
  51814. AssertIntEQ(DFB_TEST(ssl, 10, 100, 30, 20, 2, 0, 40), 0); /* 30-50 */
  51815. AssertIntEQ(DFB_TEST(ssl, 10, 100, 0, 40, 1, 0, 50), 0); /* 0-40 */
  51816. AssertIntEQ(DFB_TEST(ssl, 10, 100, 50, 50, 0, 1, 100), 0); /* 10-35 */
  51817. DFB_TEST_RESET(ssl);
  51818. return TEST_RES_CHECK(1);
  51819. }
  51820. #endif
  51821. #if !defined(NO_FILESYSTEM) && \
  51822. defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
  51823. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
  51824. static int test_wolfSSL_dtls_stateless2(void)
  51825. {
  51826. WOLFSSL *ssl_c, *ssl_c2, *ssl_s;
  51827. struct test_memio_ctx test_ctx;
  51828. WOLFSSL_CTX *ctx_c, *ctx_s;
  51829. int ret;
  51830. XMEMSET(&test_ctx, 0, sizeof(test_ctx));
  51831. ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
  51832. wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method);
  51833. if (ret != 0)
  51834. return -1;
  51835. ssl_c2 = wolfSSL_new(ctx_c);
  51836. if (ssl_c2 == NULL)
  51837. return -2;
  51838. wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
  51839. wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
  51840. /* send CH */
  51841. ret = wolfSSL_connect(ssl_c2);
  51842. if (ret == 0 || ssl_c2->error != WANT_READ)
  51843. return -3;
  51844. ret = wolfSSL_accept(ssl_s);
  51845. if (ret == 0 || ssl_s->error != WANT_READ)
  51846. return -4;
  51847. if (test_ctx.c_len == 0)
  51848. return -5;
  51849. /* consume HRR */
  51850. test_ctx.c_len = 0;
  51851. ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
  51852. if (ret != 0)
  51853. return -6;
  51854. wolfSSL_free(ssl_c2);
  51855. wolfSSL_free(ssl_c);
  51856. wolfSSL_free(ssl_s);
  51857. wolfSSL_CTX_free(ctx_c);
  51858. wolfSSL_CTX_free(ctx_s);
  51859. return TEST_SUCCESS;
  51860. }
  51861. #ifdef HAVE_MAX_FRAGMENT
  51862. static int test_wolfSSL_dtls_stateless_maxfrag(void)
  51863. {
  51864. WOLFSSL *ssl_c, *ssl_c2, *ssl_s;
  51865. struct test_memio_ctx test_ctx;
  51866. WOLFSSL_CTX *ctx_c, *ctx_s;
  51867. word16 max_fragment;
  51868. int ret;
  51869. XMEMSET(&test_ctx, 0, sizeof(test_ctx));
  51870. ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
  51871. wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method);
  51872. if (ret != 0)
  51873. return -1;
  51874. ssl_c2 = wolfSSL_new(ctx_c);
  51875. if (ssl_c2 == NULL)
  51876. return -2;
  51877. ret = wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8);
  51878. if (ret != WOLFSSL_SUCCESS)
  51879. return -3;
  51880. wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
  51881. wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
  51882. max_fragment = ssl_s->max_fragment;
  51883. /* send CH */
  51884. ret = wolfSSL_connect(ssl_c2);
  51885. if (ret == 0 || ssl_c2->error != WANT_READ)
  51886. return -4;
  51887. ret = wolfSSL_accept(ssl_s);
  51888. if (ret == 0 || ssl_s->error != WANT_READ)
  51889. return -5;
  51890. /* CH without cookie shouldn't change state */
  51891. if (ssl_s->max_fragment != max_fragment)
  51892. return -6;
  51893. if (test_ctx.c_len == 0)
  51894. return -7;
  51895. /* consume HRR from buffer */
  51896. test_ctx.c_len = 0;
  51897. ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
  51898. if (ret != 0)
  51899. return -8;
  51900. wolfSSL_free(ssl_c2);
  51901. wolfSSL_free(ssl_c);
  51902. wolfSSL_free(ssl_s);
  51903. wolfSSL_CTX_free(ctx_c);
  51904. wolfSSL_CTX_free(ctx_s);
  51905. return TEST_SUCCESS;
  51906. }
  51907. #endif /* HAVE_MAX_FRAGMENT */
  51908. #if defined(WOLFSSL_DTLS_NO_HVR_ON_RESUME)
  51909. #define ROUNDS_WITH_HVR 4
  51910. #define ROUNDS_WITHOUT_HVR 2
  51911. #define HANDSHAKE_TYPE_OFFSET DTLS_RECORD_HEADER_SZ
  51912. static int buf_is_hvr(const byte *data, int len)
  51913. {
  51914. if (len < DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ)
  51915. return 0;
  51916. return data[HANDSHAKE_TYPE_OFFSET] == hello_verify_request;
  51917. }
  51918. static int _test_wolfSSL_dtls_stateless_resume(byte useticket, byte bad)
  51919. {
  51920. struct test_memio_ctx test_ctx;
  51921. WOLFSSL_CTX *ctx_c, *ctx_s;
  51922. WOLFSSL *ssl_c, *ssl_s;
  51923. WOLFSSL_SESSION *sess;
  51924. int ret, round_trips;
  51925. XMEMSET(&test_ctx, 0, sizeof(test_ctx));
  51926. ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
  51927. wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method);
  51928. if (ret != 0)
  51929. return -1;
  51930. #ifdef HAVE_SESSION_TICKET
  51931. if (useticket) {
  51932. ret = wolfSSL_UseSessionTicket(ssl_c);
  51933. if (ret != WOLFSSL_SUCCESS)
  51934. return -2;
  51935. }
  51936. #endif
  51937. round_trips = ROUNDS_WITH_HVR;
  51938. ret = test_memio_do_handshake(ssl_c, ssl_s, round_trips, &round_trips);
  51939. if (ret != 0)
  51940. return -3;
  51941. if (round_trips != ROUNDS_WITH_HVR)
  51942. return -4;
  51943. sess = wolfSSL_get1_session(ssl_c);
  51944. if (sess == NULL)
  51945. return -5;
  51946. wolfSSL_shutdown(ssl_c);
  51947. wolfSSL_shutdown(ssl_s);
  51948. wolfSSL_free(ssl_c);
  51949. wolfSSL_free(ssl_s);
  51950. test_ctx.c_len = test_ctx.s_len = 0;
  51951. /* make resumption invalid */
  51952. if (bad) {
  51953. if (useticket) {
  51954. #ifdef HAVE_SESSION_TICKET
  51955. sess->ticket[0] = !sess->ticket[0];
  51956. #endif /* HAVE_SESSION_TICKET */
  51957. }
  51958. else {
  51959. sess->sessionID[0] = !sess->sessionID[0];
  51960. }
  51961. }
  51962. ssl_c = wolfSSL_new(ctx_c);
  51963. ssl_s = wolfSSL_new(ctx_s);
  51964. wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx);
  51965. wolfSSL_SetIOReadCtx(ssl_c, &test_ctx);
  51966. wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx);
  51967. wolfSSL_SetIOReadCtx(ssl_s, &test_ctx);
  51968. ret = wolfSSL_set_session(ssl_c, sess);
  51969. if (ret != WOLFSSL_SUCCESS)
  51970. return -6;
  51971. ret = wolfSSL_connect(ssl_c);
  51972. if (ret == WOLFSSL_SUCCESS || ssl_c->error != WANT_READ)
  51973. return -7;
  51974. ret = wolfSSL_accept(ssl_s);
  51975. if (ret == WOLFSSL_SUCCESS || ssl_s->error != WANT_READ)
  51976. return -8;
  51977. if (bad && !buf_is_hvr(test_ctx.c_buff, test_ctx.c_len))
  51978. return -9;
  51979. if (!bad && buf_is_hvr(test_ctx.c_buff, test_ctx.c_len))
  51980. return -10;
  51981. if (!useticket) {
  51982. ret = test_memio_do_handshake(ssl_c, ssl_s, 10, &round_trips);
  51983. if (ret != 0)
  51984. return -11;
  51985. if (bad && round_trips != ROUNDS_WITH_HVR - 1)
  51986. return -12;
  51987. if (!bad && round_trips != ROUNDS_WITHOUT_HVR - 1)
  51988. return -13;
  51989. }
  51990. wolfSSL_SESSION_free(sess);
  51991. wolfSSL_free(ssl_c);
  51992. wolfSSL_free(ssl_s);
  51993. wolfSSL_CTX_free(ctx_c);
  51994. wolfSSL_CTX_free(ctx_s);
  51995. return 0;
  51996. }
  51997. static int test_wolfSSL_dtls_stateless_resume(void)
  51998. {
  51999. int ret;
  52000. #ifdef HAVE_SESSION_TICKET
  52001. ret = _test_wolfSSL_dtls_stateless_resume(1, 0);
  52002. if (ret != 0)
  52003. return TEST_RES_CHECK(ret);
  52004. ret = _test_wolfSSL_dtls_stateless_resume(1, 1);
  52005. if (ret != 0)
  52006. return TEST_RES_CHECK(ret - 100);
  52007. #endif /* HAVE_SESION_TICKET */
  52008. ret = _test_wolfSSL_dtls_stateless_resume(0, 0);
  52009. if (ret != 0)
  52010. return TEST_RES_CHECK(ret - 200);
  52011. ret = _test_wolfSSL_dtls_stateless_resume(0, 1);
  52012. if (ret != 0)
  52013. return TEST_RES_CHECK(ret - 300);
  52014. return TEST_RES_CHECK(TEST_SUCCESS);
  52015. }
  52016. #endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */
  52017. #if !defined(NO_OLD_TLS)
  52018. static int test_wolfSSL_dtls_stateless_downgrade(void)
  52019. {
  52020. WOLFSSL_CTX *ctx_c, *ctx_c2, *ctx_s;
  52021. WOLFSSL *ssl_c, *ssl_c2, *ssl_s;
  52022. struct test_memio_ctx test_ctx;
  52023. int ret;
  52024. XMEMSET(&test_ctx, 0, sizeof(test_ctx));
  52025. ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
  52026. wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method);
  52027. if (ret != 0)
  52028. return -1;
  52029. ret = wolfSSL_CTX_SetMinVersion(ctx_s, WOLFSSL_DTLSV1);
  52030. if (ret != WOLFSSL_SUCCESS)
  52031. return -2;
  52032. ctx_c2 = wolfSSL_CTX_new(wolfDTLSv1_client_method());
  52033. if (ctx_c2 == NULL)
  52034. return -3;
  52035. wolfSSL_SetIORecv(ctx_c2, test_memio_read_cb);
  52036. wolfSSL_SetIOSend(ctx_c2, test_memio_write_cb);
  52037. ssl_c2 = wolfSSL_new(ctx_c2);
  52038. if (ssl_c2 == NULL)
  52039. return -4;
  52040. wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
  52041. wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
  52042. /* send CH */
  52043. ret = wolfSSL_connect(ssl_c2);
  52044. if (ret == 0 || ssl_c2->error != WANT_READ)
  52045. return -5;
  52046. ret = wolfSSL_accept(ssl_s);
  52047. if (ret == 0 || ssl_s->error != WANT_READ)
  52048. return -6;
  52049. if (test_ctx.c_len == 0)
  52050. return -7;
  52051. /* consume HRR */
  52052. test_ctx.c_len = 0;
  52053. ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
  52054. if (ret != 0)
  52055. return -8;
  52056. wolfSSL_free(ssl_c2);
  52057. wolfSSL_free(ssl_c);
  52058. wolfSSL_free(ssl_s);
  52059. wolfSSL_CTX_free(ctx_c);
  52060. wolfSSL_CTX_free(ctx_c2);
  52061. wolfSSL_CTX_free(ctx_s);
  52062. return TEST_SUCCESS;
  52063. }
  52064. #endif /* !defined(NO_OLD_TLS) */
  52065. #endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
  52066. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)*/
  52067. #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
  52068. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
  52069. !defined(NO_OLD_TLS)
  52070. static int test_WOLFSSL_dtls_version_alert(void)
  52071. {
  52072. struct test_memio_ctx test_ctx;
  52073. WOLFSSL_CTX *ctx_c, *ctx_s;
  52074. WOLFSSL *ssl_c, *ssl_s;
  52075. int ret;
  52076. XMEMSET(&test_ctx, 0, sizeof(test_ctx));
  52077. ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
  52078. wolfDTLSv1_2_client_method, wolfDTLSv1_server_method);
  52079. if (ret != 0)
  52080. return -1;
  52081. /* client hello */
  52082. ret = wolfSSL_connect(ssl_c);
  52083. if (ret == 0 || ssl_c->error != WANT_READ )
  52084. return -2;
  52085. /* hrr */
  52086. ret = wolfSSL_accept(ssl_s);
  52087. if (ret == 0 || ssl_s->error != WANT_READ )
  52088. return -3;
  52089. /* client hello 1 */
  52090. ret = wolfSSL_connect(ssl_c);
  52091. if (ret == 0 || ssl_c->error != WANT_READ )
  52092. return -4;
  52093. /* server hello */
  52094. ret = wolfSSL_accept(ssl_s);
  52095. if (ret == 0 || ssl_s->error != WANT_READ )
  52096. return -5;
  52097. /* should fail */
  52098. ret = wolfSSL_connect(ssl_c);
  52099. if (ret == 0 || ssl_c->error != VERSION_ERROR)
  52100. return -6;
  52101. /* shuould fail */
  52102. ret = wolfSSL_accept(ssl_s);
  52103. if (ret == 0 ||
  52104. (ssl_s->error != VERSION_ERROR && ssl_s->error != FATAL_ERROR))
  52105. return -7;
  52106. wolfSSL_free(ssl_c);
  52107. wolfSSL_free(ssl_s);
  52108. wolfSSL_CTX_free(ctx_c);
  52109. wolfSSL_CTX_free(ctx_s);
  52110. return TEST_RES_CHECK(1);
  52111. }
  52112. #else
  52113. static int test_WOLFSSL_dtls_version_alert(void)
  52114. {
  52115. return TEST_SKIPPED;
  52116. }
  52117. #endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) &&
  52118. * !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) &&
  52119. * !defined(NO_OLD_TLS)
  52120. */
  52121. #if defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \
  52122. && defined(WOLFSSL_TLS13) && \
  52123. (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
  52124. static int send_new_session_ticket(WOLFSSL *ssl, byte nonceLength, byte filler)
  52125. {
  52126. struct test_memio_ctx *test_ctx;
  52127. byte buf[2048];
  52128. int idx, sz;
  52129. word32 tmp;
  52130. int ret;
  52131. idx = 5; /* space for record header */
  52132. buf[idx] = session_ticket; /* type */
  52133. idx++;
  52134. tmp = OPAQUE32_LEN +
  52135. OPAQUE32_LEN +
  52136. OPAQUE8_LEN + nonceLength +
  52137. OPAQUE16_LEN + OPAQUE8_LEN + OPAQUE16_LEN;
  52138. c32to24(tmp, buf + idx);
  52139. idx += OPAQUE24_LEN;
  52140. c32toa((word32)12345, buf+idx); /* lifetime */
  52141. idx += OPAQUE32_LEN;
  52142. c32toa((word32)12345, buf+idx); /* add */
  52143. idx += OPAQUE32_LEN;
  52144. buf[idx] = nonceLength; /* nonce length */
  52145. idx++;
  52146. XMEMSET(&buf[idx], filler, nonceLength); /* nonce */
  52147. idx += nonceLength;
  52148. tmp = 1; /* ticket len */
  52149. c16toa((word16)tmp, buf+idx);
  52150. idx += 2;
  52151. buf[idx] = 0xFF; /* ticket */
  52152. idx++;
  52153. tmp = 0; /* ext len */
  52154. c16toa((word16)tmp, buf+idx);
  52155. idx += 2;
  52156. sz = BuildTls13Message(ssl, buf, 2048, buf+5, idx - 5,
  52157. handshake, 0, 0, 0);
  52158. test_ctx = (struct test_memio_ctx*)wolfSSL_GetIOWriteCtx(ssl);
  52159. ret = test_memio_write_cb(ssl, (char*)buf, sz, test_ctx);
  52160. return !(ret == sz);
  52161. }
  52162. static int test_ticket_nonce_check(WOLFSSL_SESSION *sess, byte len)
  52163. {
  52164. int i;
  52165. if (sess == NULL)
  52166. return -1;
  52167. if (sess->ticketNonce.len != len)
  52168. return -1;
  52169. for (i = 0; i < len; i++)
  52170. if (sess->ticketNonce.data[i] != len)
  52171. return -1;
  52172. return 0;
  52173. }
  52174. static int test_ticket_nonce_malloc_do(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len)
  52175. {
  52176. char *buf[1024];
  52177. int ret;
  52178. ret = send_new_session_ticket(ssl_s, len, len);
  52179. if (ret != 0)
  52180. return -1;
  52181. ret = wolfSSL_recv(ssl_c, buf, 1024, 0);
  52182. if (ret != WOLFSSL_SUCCESS && ssl_c->error != WANT_READ)
  52183. return -1;
  52184. return test_ticket_nonce_check(ssl_c->session, len);
  52185. }
  52186. static int test_ticket_nonce_cache(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len)
  52187. {
  52188. WOLFSSL_SESSION *sess, *cached;
  52189. WOLFSSL_CTX *ctx;
  52190. int ret;
  52191. ctx = ssl_c->ctx;
  52192. ret = test_ticket_nonce_malloc_do(ssl_s, ssl_c, len);
  52193. if (ret != 0)
  52194. return -1;
  52195. sess = wolfSSL_get1_session(ssl_c);
  52196. if (sess == NULL)
  52197. return -1;
  52198. ret = AddSessionToCache(ctx, sess, sess->sessionID, sess->sessionIDSz,
  52199. NULL, ssl_c->options.side, 1,NULL);
  52200. if (ret != 0)
  52201. return -1;
  52202. cached = wolfSSL_SESSION_new();
  52203. if (cached == NULL)
  52204. return -1;
  52205. ret = wolfSSL_GetSessionFromCache(ssl_c, cached);
  52206. if (ret != WOLFSSL_SUCCESS)
  52207. return -1;
  52208. ret = test_ticket_nonce_check(cached, len);
  52209. if (ret != 0)
  52210. return -1;
  52211. wolfSSL_SESSION_free(cached);
  52212. wolfSSL_SESSION_free(sess);
  52213. return 0;
  52214. }
  52215. static int test_ticket_nonce_malloc(void)
  52216. {
  52217. struct test_memio_ctx test_ctx;
  52218. WOLFSSL_CTX *ctx_c, *ctx_s;
  52219. byte small, medium, big;
  52220. WOLFSSL *ssl_c, *ssl_s;
  52221. int ret;
  52222. XMEMSET(&test_ctx, 0, sizeof(test_ctx));
  52223. ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
  52224. wolfTLSv1_3_client_method, wolfTLSv1_3_server_method);
  52225. if (ret != 0)
  52226. return -1;
  52227. /* will send ticket manually */
  52228. wolfSSL_no_ticket_TLSv13(ssl_s);
  52229. wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_NONE, 0);
  52230. wolfSSL_set_verify(ssl_c, WOLFSSL_VERIFY_NONE, 0);
  52231. while (!ssl_c->options.handShakeDone && !ssl_s->options.handShakeDone) {
  52232. ret = wolfSSL_connect(ssl_c);
  52233. if (ret != WOLFSSL_SUCCESS && ssl_c->error != WANT_READ)
  52234. return -2;
  52235. ret = wolfSSL_accept(ssl_s);
  52236. if (ret != WOLFSSL_SUCCESS && ssl_s->error != WANT_READ)
  52237. return -3;
  52238. }
  52239. small = TLS13_TICKET_NONCE_STATIC_SZ;
  52240. medium = small + 20 <= 255 ? small + 20 : 255;
  52241. big = medium + 20 <= 255 ? small + 20 : 255;
  52242. if (test_ticket_nonce_malloc_do(ssl_s, ssl_c, small))
  52243. return -1;
  52244. if (ssl_c->session->ticketNonce.data !=
  52245. ssl_c->session->ticketNonce.dataStatic)
  52246. return -1;
  52247. if (test_ticket_nonce_malloc_do(ssl_s, ssl_c, medium))
  52248. return -1;
  52249. if (test_ticket_nonce_malloc_do(ssl_s, ssl_c, big))
  52250. return -1;
  52251. if (test_ticket_nonce_malloc_do(ssl_s, ssl_c, medium))
  52252. return -5;
  52253. if (test_ticket_nonce_malloc_do(ssl_s, ssl_c, small))
  52254. return -6;
  52255. if (test_ticket_nonce_cache(ssl_s, ssl_c, small))
  52256. return -1;
  52257. if (test_ticket_nonce_cache(ssl_s, ssl_c, medium))
  52258. return -1;
  52259. if (test_ticket_nonce_cache(ssl_s, ssl_c, big))
  52260. return -1;
  52261. if (test_ticket_nonce_cache(ssl_s, ssl_c, medium))
  52262. return -1;
  52263. if (test_ticket_nonce_cache(ssl_s, ssl_c, small))
  52264. return -1;
  52265. wolfSSL_free(ssl_c);
  52266. wolfSSL_free(ssl_s);
  52267. wolfSSL_CTX_free(ctx_c);
  52268. wolfSSL_CTX_free(ctx_s);
  52269. return 0;
  52270. }
  52271. #endif /* WOLFSSL_TICKET_NONCE_MALLOC */
  52272. /*----------------------------------------------------------------------------*
  52273. | Main
  52274. *----------------------------------------------------------------------------*/
  52275. typedef int (*TEST_FUNC)(void);
  52276. typedef struct {
  52277. const char *name;
  52278. TEST_FUNC func;
  52279. byte run:1;
  52280. } TEST_CASE;
  52281. #define TEST_DECL(func) { #func, func, 0 }
  52282. int testAll = 1;
  52283. TEST_CASE testCases[] = {
  52284. TEST_DECL(test_fileAccess),
  52285. TEST_DECL(test_wolfSSL_Init),
  52286. TEST_DECL(test_wolfSSL_Method_Allocators),
  52287. #ifndef NO_WOLFSSL_SERVER
  52288. TEST_DECL(test_wolfSSL_CTX_new),
  52289. #endif
  52290. #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
  52291. (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM)
  52292. TEST_DECL(test_for_double_Free),
  52293. #endif
  52294. #ifdef HAVE_IO_TESTS_DEPENDENCIES
  52295. TEST_DECL(test_wolfSSL_get_finished),
  52296. TEST_DECL(test_wolfSSL_CTX_add_session),
  52297. #endif
  52298. TEST_DECL(test_SSL_CIPHER_get_xxx),
  52299. TEST_DECL(test_wolfSSL_ERR_strings),
  52300. TEST_DECL(test_wolfSSL_EVP_shake128),
  52301. TEST_DECL(test_wolfSSL_EVP_shake256),
  52302. TEST_DECL(test_EVP_blake2),
  52303. TEST_DECL(test_EVP_MD_do_all),
  52304. TEST_DECL(test_OBJ_NAME_do_all),
  52305. TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes),
  52306. TEST_DECL(test_wolfSSL_CTX_use_certificate_file),
  52307. TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer),
  52308. TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file),
  52309. TEST_DECL(test_wolfSSL_CTX_load_verify_locations),
  52310. TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs),
  52311. TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse),
  52312. TEST_DECL(test_wolfSSL_CheckOCSPResponse),
  52313. TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer),
  52314. TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer_ex),
  52315. TEST_DECL(test_wolfSSL_CertManagerGetCerts),
  52316. TEST_DECL(test_wolfSSL_CertManagerSetVerify),
  52317. TEST_DECL(test_wolfSSL_CertManagerNameConstraint),
  52318. TEST_DECL(test_wolfSSL_CertManagerNameConstraint2),
  52319. TEST_DECL(test_wolfSSL_CertManagerNameConstraint3),
  52320. TEST_DECL(test_wolfSSL_CertManagerNameConstraint4),
  52321. TEST_DECL(test_wolfSSL_CertManagerNameConstraint5),
  52322. TEST_DECL(test_wolfSSL_FPKI),
  52323. TEST_DECL(test_wolfSSL_OtherName),
  52324. TEST_DECL(test_wolfSSL_CertRsaPss),
  52325. TEST_DECL(test_wolfSSL_CertManagerCRL),
  52326. TEST_DECL(test_wolfSSL_CTX_load_verify_locations_ex),
  52327. TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex),
  52328. TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format),
  52329. TEST_DECL(test_wolfSSL_CTX_add1_chain_cert),
  52330. TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_file_format),
  52331. TEST_DECL(test_wolfSSL_CTX_trust_peer_cert),
  52332. TEST_DECL(test_wolfSSL_CTX_SetTmpDH_file),
  52333. TEST_DECL(test_wolfSSL_CTX_SetTmpDH_buffer),
  52334. TEST_DECL(test_wolfSSL_CTX_SetMinMaxDhKey_Sz),
  52335. TEST_DECL(test_wolfSSL_CTX_der_load_verify_locations),
  52336. TEST_DECL(test_wolfSSL_CTX_enable_disable),
  52337. TEST_DECL(test_wolfSSL_CTX_ticket_API),
  52338. TEST_DECL(test_server_wolfSSL_new),
  52339. TEST_DECL(test_client_wolfSSL_new),
  52340. TEST_DECL(test_wolfSSL_SetTmpDH_file),
  52341. TEST_DECL(test_wolfSSL_SetTmpDH_buffer),
  52342. TEST_DECL(test_wolfSSL_SetMinMaxDhKey_Sz),
  52343. TEST_DECL(test_SetTmpEC_DHE_Sz),
  52344. TEST_DECL(test_wolfSSL_CTX_get0_privatekey),
  52345. TEST_DECL(test_wolfSSL_dtls_set_mtu),
  52346. TEST_DECL(test_wolfSSL_dtls_plaintext),
  52347. #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
  52348. defined(HAVE_IO_TESTS_DEPENDENCIES)
  52349. TEST_DECL(test_wolfSSL_read_write),
  52350. TEST_DECL(test_wolfSSL_reuse_WOLFSSLobj),
  52351. TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient),
  52352. TEST_DECL(test_wolfSSL_CTX_set_cipher_list),
  52353. TEST_DECL(test_wolfSSL_dtls_export),
  52354. TEST_DECL(test_wolfSSL_tls_export),
  52355. #endif
  52356. TEST_DECL(test_wolfSSL_SetMinVersion),
  52357. TEST_DECL(test_wolfSSL_CTX_SetMinVersion),
  52358. /* TLS extensions tests */
  52359. #ifdef HAVE_IO_TESTS_DEPENDENCIES
  52360. #ifdef HAVE_SNI
  52361. TEST_DECL(test_wolfSSL_UseSNI_params),
  52362. TEST_DECL(test_wolfSSL_UseSNI_connection),
  52363. TEST_DECL(test_wolfSSL_SNI_GetFromBuffer),
  52364. #endif /* HAVE_SNI */
  52365. #endif
  52366. TEST_DECL(test_wolfSSL_UseTrustedCA),
  52367. TEST_DECL(test_wolfSSL_UseMaxFragment),
  52368. TEST_DECL(test_wolfSSL_UseTruncatedHMAC),
  52369. TEST_DECL(test_wolfSSL_UseSupportedCurve),
  52370. #if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES)
  52371. TEST_DECL(test_wolfSSL_UseALPN_connection),
  52372. TEST_DECL(test_wolfSSL_UseALPN_params),
  52373. #endif
  52374. #ifdef HAVE_ALPN_PROTOS_SUPPORT
  52375. TEST_DECL(test_wolfSSL_set_alpn_protos),
  52376. #endif
  52377. TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret),
  52378. TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation),
  52379. TEST_DECL(test_tls_ext_duplicate),
  52380. #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
  52381. TEST_DECL(test_wolfSSL_Tls13_ECH_params),
  52382. TEST_DECL(test_wolfSSL_Tls13_ECH),
  52383. #endif
  52384. /* X509 tests */
  52385. TEST_DECL(test_wolfSSL_X509_NAME_get_entry),
  52386. TEST_DECL(test_wolfSSL_PKCS12),
  52387. TEST_DECL(test_wolfSSL_no_password_cb),
  52388. TEST_DECL(test_wolfSSL_PKCS8),
  52389. TEST_DECL(test_wolfSSL_PKCS8_ED25519),
  52390. TEST_DECL(test_wolfSSL_PKCS8_ED448),
  52391. TEST_DECL(test_wolfSSL_PKCS5),
  52392. TEST_DECL(test_wolfSSL_URI),
  52393. TEST_DECL(test_wolfSSL_TBS),
  52394. TEST_DECL(test_wolfSSL_X509_verify),
  52395. TEST_DECL(test_wolfSSL_X509_TLS_version),
  52396. TEST_DECL(test_wc_PemToDer),
  52397. TEST_DECL(test_wc_AllocDer),
  52398. TEST_DECL(test_wc_CertPemToDer),
  52399. TEST_DECL(test_wc_PubKeyPemToDer),
  52400. TEST_DECL(test_wc_PemPubKeyToDer),
  52401. TEST_DECL(test_wc_GetPubKeyDerFromCert),
  52402. TEST_DECL(test_wc_CheckCertSigPubKey),
  52403. /* OCSP Stapling */
  52404. TEST_DECL(test_wolfSSL_UseOCSPStapling),
  52405. TEST_DECL(test_wolfSSL_UseOCSPStaplingV2),
  52406. /* Multicast */
  52407. TEST_DECL(test_wolfSSL_mcast),
  52408. /* compatibility tests */
  52409. TEST_DECL(test_wolfSSL_lhash),
  52410. TEST_DECL(test_wolfSSL_X509_NAME),
  52411. TEST_DECL(test_wolfSSL_X509_NAME_hash),
  52412. TEST_DECL(test_wolfSSL_X509_NAME_print_ex),
  52413. #ifndef NO_BIO
  52414. TEST_DECL(test_wolfSSL_X509_INFO_multiple_info),
  52415. TEST_DECL(test_wolfSSL_X509_INFO),
  52416. #endif
  52417. TEST_DECL(test_wolfSSL_X509_subject_name_hash),
  52418. TEST_DECL(test_wolfSSL_X509_issuer_name_hash),
  52419. TEST_DECL(test_wolfSSL_X509_check_host),
  52420. TEST_DECL(test_wolfSSL_X509_check_email),
  52421. TEST_DECL(test_wolfSSL_DES),
  52422. TEST_DECL(test_wolfSSL_certs),
  52423. TEST_DECL(test_wolfSSL_X509_check_private_key),
  52424. TEST_DECL(test_wolfSSL_ASN1_TIME_print),
  52425. TEST_DECL(test_wolfSSL_ASN1_UTCTIME_print),
  52426. TEST_DECL(test_wolfSSL_ASN1_TIME_diff_compare),
  52427. TEST_DECL(test_wolfSSL_ASN1_GENERALIZEDTIME_free),
  52428. TEST_DECL(test_wolfSSL_private_keys),
  52429. TEST_DECL(test_wolfSSL_PEM_read_PrivateKey),
  52430. #ifndef NO_BIO
  52431. TEST_DECL(test_wolfSSL_PEM_read_RSA_PUBKEY),
  52432. #endif
  52433. TEST_DECL(test_wolfSSL_PEM_read_PUBKEY),
  52434. TEST_DECL(test_wolfSSL_PEM_PrivateKey),
  52435. TEST_DECL(test_wolfSSL_PEM_file_RSAKey),
  52436. TEST_DECL(test_wolfSSL_PEM_file_RSAPrivateKey),
  52437. #ifndef NO_BIO
  52438. TEST_DECL(test_wolfSSL_PEM_bio_RSAKey),
  52439. TEST_DECL(test_wolfSSL_PEM_bio_DSAKey),
  52440. TEST_DECL(test_wolfSSL_PEM_bio_ECKey),
  52441. TEST_DECL(test_wolfSSL_PEM_bio_RSAPrivateKey),
  52442. TEST_DECL(test_wolfSSL_PEM_PUBKEY),
  52443. #endif
  52444. TEST_DECL(test_DSA_do_sign_verify),
  52445. TEST_DECL(test_wolfSSL_tmp_dh),
  52446. TEST_DECL(test_wolfSSL_ctrl),
  52447. TEST_DECL(test_wolfSSL_EVP_MD_size),
  52448. TEST_DECL(test_wolfSSL_EVP_MD_pkey_type),
  52449. TEST_DECL(test_wolfSSL_EVP_Digest),
  52450. TEST_DECL(test_wolfSSL_EVP_Digest_all),
  52451. TEST_DECL(test_wolfSSL_EVP_PKEY_new_mac_key),
  52452. TEST_DECL(test_wolfSSL_EVP_PKEY_new_CMAC_key),
  52453. TEST_DECL(test_wolfSSL_EVP_MD_hmac_signing),
  52454. TEST_DECL(test_wolfSSL_EVP_MD_rsa_signing),
  52455. TEST_DECL(test_wolfSSL_EVP_MD_ecc_signing),
  52456. TEST_DECL(test_wolfSSL_EVP_PKEY_print_public),
  52457. TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_new),
  52458. TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_free),
  52459. TEST_DECL(test_wolfSSL_EVP_EncodeInit),
  52460. TEST_DECL(test_wolfSSL_EVP_EncodeUpdate),
  52461. TEST_DECL(test_wolfSSL_EVP_EncodeFinal),
  52462. TEST_DECL(test_wolfSSL_EVP_DecodeInit),
  52463. TEST_DECL(test_wolfSSL_EVP_DecodeUpdate),
  52464. TEST_DECL(test_wolfSSL_EVP_DecodeFinal),
  52465. TEST_DECL(test_wolfSSL_CTX_add_extra_chain_cert),
  52466. #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
  52467. TEST_DECL(test_wolfSSL_ERR_peek_last_error_line),
  52468. #endif
  52469. #ifndef NO_BIO
  52470. TEST_DECL(test_wolfSSL_ERR_print_errors_cb),
  52471. TEST_DECL(test_wolfSSL_GetLoggingCb),
  52472. TEST_DECL(test_WOLFSSL_ERROR_MSG),
  52473. TEST_DECL(test_wc_ERR_remove_state),
  52474. TEST_DECL(test_wc_ERR_print_errors_fp),
  52475. #endif
  52476. TEST_DECL(test_wolfSSL_set_options),
  52477. TEST_DECL(test_wolfSSL_sk_SSL_CIPHER),
  52478. TEST_DECL(test_wolfSSL_set1_curves_list),
  52479. TEST_DECL(test_wolfSSL_set1_sigalgs_list),
  52480. TEST_DECL(test_wolfSSL_PKCS7_certs),
  52481. TEST_DECL(test_wolfSSL_X509_STORE_CTX),
  52482. TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup),
  52483. TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_current_issuer),
  52484. TEST_DECL(test_wolfSSL_msgCb),
  52485. TEST_DECL(test_wolfSSL_either_side),
  52486. TEST_DECL(test_wolfSSL_DTLS_either_side),
  52487. TEST_DECL(test_wolfSSL_dtls_fragments),
  52488. TEST_DECL(test_wolfSSL_dtls_AEAD_limit),
  52489. TEST_DECL(test_wolfSSL_ignore_alert_before_cookie),
  52490. TEST_DECL(test_wolfSSL_dtls_bad_record),
  52491. TEST_DECL(test_wolfSSL_dtls_stateless),
  52492. TEST_DECL(test_generate_cookie),
  52493. TEST_DECL(test_wolfSSL_X509_STORE_set_flags),
  52494. TEST_DECL(test_wolfSSL_X509_LOOKUP_load_file),
  52495. TEST_DECL(test_wolfSSL_X509_Name_canon),
  52496. TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_file),
  52497. TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_hash_dir),
  52498. TEST_DECL(test_wolfSSL_X509_NID),
  52499. TEST_DECL(test_wolfSSL_X509_STORE_CTX_set_time),
  52500. TEST_DECL(test_wolfSSL_get0_param),
  52501. TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_host),
  52502. TEST_DECL(test_wolfSSL_set1_host),
  52503. TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_ip),
  52504. TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_store),
  52505. TEST_DECL(test_wolfSSL_X509_STORE),
  52506. TEST_DECL(test_wolfSSL_X509_STORE_load_locations),
  52507. TEST_DECL(test_X509_STORE_get0_objects),
  52508. TEST_DECL(test_wolfSSL_X509_load_crl_file),
  52509. TEST_DECL(test_wolfSSL_BN),
  52510. TEST_DECL(test_wolfSSL_CTX_get0_set1_param),
  52511. #ifndef NO_BIO
  52512. TEST_DECL(test_wolfSSL_PEM_read_bio),
  52513. TEST_DECL(test_wolfSSL_BIO),
  52514. #endif
  52515. TEST_DECL(test_wolfSSL_ASN1_STRING),
  52516. TEST_DECL(test_wolfSSL_ASN1_BIT_STRING),
  52517. TEST_DECL(test_wolfSSL_a2i_ASN1_INTEGER),
  52518. TEST_DECL(test_wolfSSL_a2i_IPADDRESS),
  52519. TEST_DECL(test_wolfSSL_X509),
  52520. TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM),
  52521. TEST_DECL(test_wolfSSL_X509_sign),
  52522. TEST_DECL(test_wolfSSL_X509_sign2),
  52523. TEST_DECL(test_wolfSSL_X509_get0_tbs_sigalg),
  52524. TEST_DECL(test_wolfSSL_X509_ALGOR_get0),
  52525. #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)
  52526. TEST_DECL(test_wolfSSL_check_domain),
  52527. #endif
  52528. TEST_DECL(test_wolfSSL_X509_get_X509_PUBKEY),
  52529. TEST_DECL(test_wolfSSL_X509_PUBKEY_RSA),
  52530. TEST_DECL(test_wolfSSL_X509_PUBKEY_EC),
  52531. TEST_DECL(test_wolfSSL_X509_PUBKEY_DSA),
  52532. TEST_DECL(test_wolfSSL_RAND),
  52533. TEST_DECL(test_wolfSSL_BUF),
  52534. TEST_DECL(test_wolfSSL_set_tlsext_status_type),
  52535. TEST_DECL(test_wolfSSL_ASN1_TIME_adj),
  52536. TEST_DECL(test_wolfSSL_ASN1_TIME_to_tm),
  52537. TEST_DECL(test_wolfSSL_X509_cmp_time),
  52538. TEST_DECL(test_wolfSSL_X509_time_adj),
  52539. TEST_DECL(test_wolfSSL_CTX_set_client_CA_list),
  52540. TEST_DECL(test_wolfSSL_CTX_add_client_CA),
  52541. TEST_DECL(test_wolfSSL_CTX_set_srp_username),
  52542. TEST_DECL(test_wolfSSL_CTX_set_srp_password),
  52543. TEST_DECL(test_wolfSSL_CTX_set_keylog_callback),
  52544. TEST_DECL(test_wolfSSL_CTX_get_keylog_callback),
  52545. TEST_DECL(test_wolfSSL_Tls12_Key_Logging_test),
  52546. TEST_DECL(test_wolfSSL_Tls13_Key_Logging_test),
  52547. TEST_DECL(test_wolfSSL_Tls13_postauth),
  52548. TEST_DECL(test_wolfSSL_CTX_set_ecdh_auto),
  52549. TEST_DECL(test_wolfSSL_set_minmax_proto_version),
  52550. TEST_DECL(test_wolfSSL_THREADID_hash),
  52551. TEST_DECL(test_wolfSSL_RAND_set_rand_method),
  52552. TEST_DECL(test_wolfSSL_RAND_bytes),
  52553. TEST_DECL(test_wolfSSL_BN_rand),
  52554. TEST_DECL(test_wolfSSL_pseudo_rand),
  52555. TEST_DECL(test_wolfSSL_PKCS8_Compat),
  52556. TEST_DECL(test_wolfSSL_PKCS8_d2i),
  52557. TEST_DECL(test_error_queue_per_thread),
  52558. TEST_DECL(test_wolfSSL_ERR_put_error),
  52559. TEST_DECL(test_wolfSSL_ERR_get_error_order),
  52560. #ifndef NO_BIO
  52561. TEST_DECL(test_wolfSSL_ERR_print_errors),
  52562. #endif
  52563. TEST_DECL(test_wolfSSL_HMAC),
  52564. TEST_DECL(test_wolfSSL_CMAC),
  52565. TEST_DECL(test_wolfSSL_OBJ),
  52566. TEST_DECL(test_wolfSSL_i2a_ASN1_OBJECT),
  52567. TEST_DECL(test_wolfSSL_OBJ_cmp),
  52568. TEST_DECL(test_wolfSSL_OBJ_txt2nid),
  52569. TEST_DECL(test_wolfSSL_OBJ_txt2obj),
  52570. TEST_DECL(test_wolfSSL_i2t_ASN1_OBJECT),
  52571. TEST_DECL(test_wolfSSL_PEM_write_bio_X509),
  52572. TEST_DECL(test_wolfSSL_X509_NAME_ENTRY),
  52573. TEST_DECL(test_wolfSSL_X509_set_name),
  52574. TEST_DECL(test_wolfSSL_X509_set_notAfter),
  52575. TEST_DECL(test_wolfSSL_X509_set_notBefore),
  52576. TEST_DECL(test_wolfSSL_X509_set_version),
  52577. #ifndef NO_BIO
  52578. TEST_DECL(test_wolfSSL_BIO_gets),
  52579. TEST_DECL(test_wolfSSL_BIO_puts),
  52580. TEST_DECL(test_wolfSSL_BIO_dump),
  52581. TEST_DECL(test_wolfSSL_BIO_should_retry),
  52582. TEST_DECL(test_wolfSSL_d2i_PUBKEY),
  52583. TEST_DECL(test_wolfSSL_BIO_write),
  52584. TEST_DECL(test_wolfSSL_BIO_connect),
  52585. TEST_DECL(test_wolfSSL_BIO_accept),
  52586. TEST_DECL(test_wolfSSL_BIO_printf),
  52587. TEST_DECL(test_wolfSSL_BIO_f_md),
  52588. TEST_DECL(test_wolfSSL_BIO_up_ref),
  52589. TEST_DECL(test_wolfSSL_BIO_tls),
  52590. #endif
  52591. TEST_DECL(test_wolfSSL_cert_cb),
  52592. TEST_DECL(test_wolfSSL_SESSION),
  52593. TEST_DECL(test_wolfSSL_CTX_sess_set_remove_cb),
  52594. TEST_DECL(test_wolfSSL_ticket_keys),
  52595. TEST_DECL(test_wolfSSL_DES_ecb_encrypt),
  52596. TEST_DECL(test_wolfSSL_sk_GENERAL_NAME),
  52597. TEST_DECL(test_wolfSSL_GENERAL_NAME_print),
  52598. TEST_DECL(test_wolfSSL_sk_DIST_POINT),
  52599. TEST_DECL(test_wolfSSL_MD4),
  52600. TEST_DECL(test_wolfSSL_verify_mode),
  52601. TEST_DECL(test_wolfSSL_verify_depth),
  52602. TEST_DECL(test_wolfSSL_HMAC_CTX),
  52603. TEST_DECL(test_wolfSSL_msg_callback),
  52604. TEST_DECL(test_wolfSSL_SHA),
  52605. TEST_DECL(test_wolfSSL_AES_ecb_encrypt),
  52606. TEST_DECL(test_wolfSSL_MD5),
  52607. TEST_DECL(test_wolfSSL_MD5_Transform),
  52608. TEST_DECL(test_wolfSSL_SHA_Transform),
  52609. TEST_DECL(test_wolfSSL_SHA256),
  52610. TEST_DECL(test_wolfSSL_SHA256_Transform),
  52611. TEST_DECL(test_wolfSSL_SHA224),
  52612. TEST_DECL(test_wolfSSL_SHA512_Transform),
  52613. TEST_DECL(test_wolfSSL_X509_get_serialNumber),
  52614. TEST_DECL(test_wolfSSL_X509_CRL),
  52615. TEST_DECL(test_wolfSSL_d2i_X509_REQ),
  52616. TEST_DECL(test_wolfSSL_PEM_read_X509),
  52617. TEST_DECL(test_wolfSSL_PEM_read),
  52618. #ifndef NO_BIO
  52619. TEST_DECL(test_wolfSSL_PEM_X509_INFO_read_bio),
  52620. TEST_DECL(test_wolfSSL_PEM_read_bio_ECPKParameters),
  52621. #endif
  52622. TEST_DECL(test_wolfSSL_X509_STORE_get1_certs),
  52623. TEST_DECL(test_wolfSSL_X509_NAME_ENTRY_get_object),
  52624. TEST_DECL(test_wolfSSL_OpenSSL_add_all_algorithms),
  52625. TEST_DECL(test_wolfSSL_OPENSSL_hexstr2buf),
  52626. TEST_DECL(test_wolfSSL_ASN1_STRING_print_ex),
  52627. TEST_DECL(test_wolfSSL_ASN1_TIME_to_generalizedtime),
  52628. TEST_DECL(test_wolfSSL_ASN1_INTEGER_get_set),
  52629. TEST_DECL(test_wolfSSL_d2i_ASN1_INTEGER),
  52630. TEST_DECL(test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS),
  52631. TEST_DECL(test_wolfSSL_i2c_ASN1_INTEGER),
  52632. TEST_DECL(test_wolfSSL_X509_check_ca),
  52633. TEST_DECL(test_wolfSSL_X509_check_ip_asc),
  52634. TEST_DECL(test_wolfSSL_make_cert),
  52635. TEST_DECL(test_wolfSSL_DES_ncbc),
  52636. TEST_DECL(test_wolfSSL_AES_cbc_encrypt),
  52637. TEST_DECL(test_wolfSSL_CRYPTO_cts128),
  52638. TEST_DECL(test_wolfssl_EVP_aes_gcm_AAD_2_parts),
  52639. TEST_DECL(test_wolfssl_EVP_aes_gcm),
  52640. TEST_DECL(test_wolfssl_EVP_aes_gcm_zeroLen),
  52641. TEST_DECL(test_wolfssl_EVP_aes_ccm),
  52642. TEST_DECL(test_wolfssl_EVP_aes_ccm_zeroLen),
  52643. TEST_DECL(test_wolfssl_EVP_chacha20_poly1305),
  52644. TEST_DECL(test_wolfssl_EVP_chacha20),
  52645. TEST_DECL(test_wolfSSL_EVP_PKEY_hkdf),
  52646. TEST_DECL(test_wolfSSL_PKEY_up_ref),
  52647. TEST_DECL(test_wolfSSL_EVP_Cipher_extra),
  52648. TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey),
  52649. TEST_DECL(test_wolfSSL_d2i_and_i2d_DSAparams),
  52650. TEST_DECL(test_wolfSSL_i2d_PrivateKey),
  52651. TEST_DECL(test_wolfSSL_OCSP_id_get0_info),
  52652. TEST_DECL(test_wolfSSL_i2d_OCSP_CERTID),
  52653. TEST_DECL(test_wolfSSL_d2i_OCSP_CERTID),
  52654. TEST_DECL(test_wolfSSL_OCSP_id_cmp),
  52655. TEST_DECL(test_wolfSSL_OCSP_SINGLERESP_get0_id),
  52656. TEST_DECL(test_wolfSSL_OCSP_single_get0_status),
  52657. TEST_DECL(test_wolfSSL_OCSP_resp_count),
  52658. TEST_DECL(test_wolfSSL_OCSP_resp_get0),
  52659. TEST_DECL(test_wolfSSL_EVP_PKEY_derive),
  52660. TEST_DECL(test_wolfSSL_EVP_PBE_scrypt),
  52661. TEST_DECL(test_CONF_modules_xxx),
  52662. TEST_DECL(test_CRYPTO_set_dynlock_xxx),
  52663. TEST_DECL(test_CRYPTO_THREADID_xxx),
  52664. TEST_DECL(test_ENGINE_cleanup),
  52665. TEST_DECL(test_wolfSSL_EC_KEY_set_group),
  52666. TEST_DECL(test_wolfSSL_EC_KEY_set_conv_form),
  52667. TEST_DECL(test_wolfSSL_EC_KEY_print_fp),
  52668. #ifdef OPENSSL_ALL
  52669. TEST_DECL(test_wolfSSL_X509_PUBKEY_get),
  52670. TEST_DECL(test_wolfSSL_sk_CIPHER_description),
  52671. TEST_DECL(test_wolfSSL_get_ciphers_compat),
  52672. TEST_DECL(test_wolfSSL_ASN1_STRING_to_UTF8),
  52673. TEST_DECL(test_wolfSSL_ASN1_UNIVERSALSTRING_to_string),
  52674. TEST_DECL(test_wolfSSL_EC_KEY_dup),
  52675. TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_DSA),
  52676. TEST_DECL(test_wolfSSL_DSA_SIG),
  52677. TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY),
  52678. TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_DH),
  52679. TEST_DECL(test_wolfSSL_CTX_ctrl),
  52680. TEST_DECL(test_wolfSSL_EVP_PKEY_assign),
  52681. TEST_DECL(test_wolfSSL_EVP_PKEY_base_id),
  52682. TEST_DECL(test_wolfSSL_EVP_PKEY_id),
  52683. TEST_DECL(test_wolfSSL_EVP_PKEY_paramgen),
  52684. TEST_DECL(test_wolfSSL_EVP_PKEY_keygen),
  52685. TEST_DECL(test_wolfSSL_EVP_PKEY_keygen_init),
  52686. TEST_DECL(test_wolfSSL_EVP_PKEY_missing_parameters),
  52687. TEST_DECL(test_wolfSSL_EVP_PKEY_copy_parameters),
  52688. TEST_DECL(test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits),
  52689. TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_iv_length),
  52690. TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_key_length),
  52691. TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_set_key_length),
  52692. TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_set_iv),
  52693. TEST_DECL(test_wolfSSL_EVP_PKEY_CTX_new_id),
  52694. TEST_DECL(test_wolfSSL_EVP_rc4),
  52695. TEST_DECL(test_wolfSSL_EVP_enc_null),
  52696. TEST_DECL(test_wolfSSL_EVP_rc2_cbc),
  52697. TEST_DECL(test_wolfSSL_EVP_mdc2),
  52698. TEST_DECL(test_wolfSSL_EVP_md4),
  52699. TEST_DECL(test_wolfSSL_EVP_aes_256_gcm),
  52700. TEST_DECL(test_wolfSSL_EVP_aes_192_gcm),
  52701. TEST_DECL(test_wolfSSL_EVP_aes_256_ccm),
  52702. TEST_DECL(test_wolfSSL_EVP_aes_192_ccm),
  52703. TEST_DECL(test_wolfSSL_EVP_aes_128_ccm),
  52704. TEST_DECL(test_wolfSSL_EVP_ripemd160),
  52705. TEST_DECL(test_wolfSSL_EVP_get_digestbynid),
  52706. TEST_DECL(test_wolfSSL_EVP_MD_nid),
  52707. TEST_DECL(test_wolfSSL_EVP_PKEY_get0_EC_KEY),
  52708. TEST_DECL(test_wolfSSL_EVP_X_STATE),
  52709. TEST_DECL(test_wolfSSL_EVP_X_STATE_LEN),
  52710. TEST_DECL(test_wolfSSL_EVP_CIPHER_block_size),
  52711. TEST_DECL(test_wolfSSL_EVP_CIPHER_iv_length),
  52712. TEST_DECL(test_wolfSSL_EVP_SignInit_ex),
  52713. TEST_DECL(test_wolfSSL_EVP_DigestFinal_ex),
  52714. TEST_DECL(test_wolfSSL_EVP_PKEY_assign_DH),
  52715. TEST_DECL(test_wolfSSL_EVP_BytesToKey),
  52716. TEST_DECL(test_wolfSSL_EVP_PKEY_param_check),
  52717. TEST_DECL(test_wolfSSL_QT_EVP_PKEY_CTX_free),
  52718. TEST_DECL(test_evp_cipher_aes_gcm),
  52719. TEST_DECL(test_wolfSSL_OBJ_ln),
  52720. TEST_DECL(test_wolfSSL_OBJ_sn),
  52721. TEST_DECL(test_wolfSSL_TXT_DB),
  52722. TEST_DECL(test_wolfSSL_NCONF),
  52723. #endif /* OPENSSL_ALL */
  52724. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
  52725. TEST_DECL(test_wolfSSL_CTX_use_certificate_ASN1),
  52726. #ifndef NO_BIO
  52727. TEST_DECL(test_wolfSSL_d2i_PrivateKeys_bio),
  52728. #endif /* !NO_BIO */
  52729. #endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */
  52730. TEST_DECL(test_wolfSSL_X509_CA_num),
  52731. TEST_DECL(test_wolfSSL_X509_get_version),
  52732. #ifndef NO_BIO
  52733. TEST_DECL(test_wolfSSL_X509_print),
  52734. TEST_DECL(test_wolfSSL_X509_CRL_print),
  52735. TEST_DECL(test_wolfSSL_BIO_get_len),
  52736. #endif
  52737. TEST_DECL(test_wolfSSL_RSA),
  52738. TEST_DECL(test_wolfSSL_RSA_DER),
  52739. TEST_DECL(test_wolfSSL_RSA_print),
  52740. #ifndef NO_RSA
  52741. TEST_DECL(test_wolfSSL_RSA_padding_add_PKCS1_PSS),
  52742. #endif
  52743. TEST_DECL(test_wolfSSL_RSA_sign_sha3),
  52744. TEST_DECL(test_wolfSSL_RSA_get0_key),
  52745. TEST_DECL(test_wolfSSL_RSA_meth),
  52746. TEST_DECL(test_wolfSSL_RSA_verify),
  52747. TEST_DECL(test_wolfSSL_RSA_sign),
  52748. TEST_DECL(test_wolfSSL_RSA_sign_ex),
  52749. TEST_DECL(test_wolfSSL_RSA_public_decrypt),
  52750. TEST_DECL(test_wolfSSL_RSA_private_encrypt),
  52751. TEST_DECL(test_wolfSSL_RSA_public_encrypt),
  52752. TEST_DECL(test_wolfSSL_RSA_private_decrypt),
  52753. TEST_DECL(test_wolfSSL_RSA_GenAdd),
  52754. TEST_DECL(test_wolfSSL_RSA_blinding_on),
  52755. TEST_DECL(test_wolfSSL_RSA_ex_data),
  52756. TEST_DECL(test_wolfSSL_RSA_LoadDer),
  52757. TEST_DECL(test_wolfSSL_RSA_To_Der),
  52758. TEST_DECL(test_wolfSSL_PEM_read_RSAPublicKey),
  52759. TEST_DECL(test_wolfSSL_PEM_write_RSA_PUBKEY),
  52760. TEST_DECL(test_wolfSSL_PEM_write_RSAPrivateKey),
  52761. TEST_DECL(test_wolfSSL_PEM_write_mem_RSAPrivateKey),
  52762. TEST_DECL(test_wolfSSL_DH),
  52763. TEST_DECL(test_wolfSSL_DH_dup),
  52764. TEST_DECL(test_wolfSSL_DH_check),
  52765. TEST_DECL(test_wolfSSL_DH_prime),
  52766. TEST_DECL(test_wolfSSL_DH_1536_prime),
  52767. TEST_DECL(test_wolfSSL_DH_get_2048_256),
  52768. TEST_DECL(test_wolfSSL_PEM_write_DHparams),
  52769. TEST_DECL(test_wolfSSL_PEM_read_DHparams),
  52770. TEST_DECL(test_wolfSSL_d2i_DHparams),
  52771. TEST_DECL(test_wolfSSL_DH_LoadDer),
  52772. TEST_DECL(test_wolfSSL_i2d_DHparams),
  52773. TEST_DECL(test_wolfSSL_X509V3_EXT_get),
  52774. TEST_DECL(test_wolfSSL_X509V3_EXT_nconf),
  52775. TEST_DECL(test_wolfSSL_X509V3_EXT),
  52776. TEST_DECL(test_wolfSSL_X509_get_extension_flags),
  52777. TEST_DECL(test_wolfSSL_X509_get_ext),
  52778. TEST_DECL(test_wolfSSL_X509_get_ext_by_NID),
  52779. TEST_DECL(test_wolfSSL_X509_get_ext_subj_alt_name),
  52780. TEST_DECL(test_wolfSSL_X509_get_ext_count),
  52781. TEST_DECL(test_wolfSSL_X509_EXTENSION_new),
  52782. TEST_DECL(test_wolfSSL_X509_EXTENSION_get_object),
  52783. TEST_DECL(test_wolfSSL_X509_EXTENSION_get_data),
  52784. TEST_DECL(test_wolfSSL_X509_EXTENSION_get_critical),
  52785. TEST_DECL(test_wolfSSL_X509V3_EXT_print),
  52786. TEST_DECL(test_wolfSSL_X509_cmp),
  52787. #ifndef NO_BIO
  52788. TEST_DECL(test_wolfSSL_ASN1_STRING_print),
  52789. #endif
  52790. TEST_DECL(test_wolfSSL_ASN1_get_object),
  52791. TEST_DECL(test_openssl_generate_key_and_cert),
  52792. TEST_DECL(test_wolfSSL_EC_get_builtin_curves),
  52793. TEST_DECL(test_wolfSSL_CRYPTO_memcmp),
  52794. TEST_DECL(test_wolfSSL_read_detect_TCP_disconnect),
  52795. /* test the no op functions for compatibility */
  52796. TEST_DECL(test_no_op_functions),
  52797. /* OpenSSL EVP_PKEY API tests */
  52798. TEST_DECL(test_EVP_PKEY_rsa),
  52799. TEST_DECL(test_wolfSSL_EVP_PKEY_encrypt),
  52800. TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify),
  52801. TEST_DECL(test_EVP_PKEY_ec),
  52802. TEST_DECL(test_EVP_PKEY_cmp),
  52803. /* OpenSSL error API tests */
  52804. TEST_DECL(test_ERR_load_crypto_strings),
  52805. /* OpenSSL sk_X509 API test */
  52806. TEST_DECL(test_sk_X509),
  52807. /* OpenSSL sk_X509_CRL API test */
  52808. TEST_DECL(test_sk_X509_CRL),
  52809. /* OpenSSL X509 API test */
  52810. TEST_DECL(test_X509_get_signature_nid),
  52811. /* OpenSSL X509 REQ API test */
  52812. TEST_DECL(test_X509_REQ),
  52813. /* OpenSSL PKCS7 API test */
  52814. TEST_DECL(test_wolfssl_PKCS7),
  52815. TEST_DECL(test_wolfSSL_PKCS7_sign),
  52816. TEST_DECL(test_wolfSSL_PKCS7_SIGNED_new),
  52817. #ifndef NO_BIO
  52818. TEST_DECL(test_wolfSSL_PEM_write_bio_PKCS7),
  52819. #ifdef HAVE_SMIME
  52820. TEST_DECL(test_wolfSSL_SMIME_read_PKCS7),
  52821. TEST_DECL(test_wolfSSL_SMIME_write_PKCS7),
  52822. #endif /* HAVE_SMIME */
  52823. #endif /* !NO_BIO */
  52824. /* OpenSSL compatibility outside SSL context w/ CRL lookup directory */
  52825. TEST_DECL(test_X509_STORE_No_SSL_CTX),
  52826. TEST_DECL(test_X509_LOOKUP_add_dir),
  52827. /* wolfCrypt ASN tests */
  52828. TEST_DECL(test_wc_CreateEncryptedPKCS8Key),
  52829. TEST_DECL(test_wc_GetPkcs8TraditionalOffset),
  52830. TEST_DECL(test_wc_SetSubjectRaw),
  52831. TEST_DECL(test_wc_GetSubjectRaw),
  52832. TEST_DECL(test_wc_SetIssuerRaw),
  52833. TEST_DECL(test_wc_SetIssueBuffer),
  52834. TEST_DECL(test_wc_SetSubjectKeyId),
  52835. TEST_DECL(test_wc_SetSubject),
  52836. TEST_DECL(test_CheckCertSignature),
  52837. TEST_DECL(test_wc_ParseCert),
  52838. TEST_DECL(test_MakeCertWithPathLen),
  52839. /* wolfCrypt ECC tests */
  52840. TEST_DECL(test_wc_ecc_get_curve_size_from_name),
  52841. TEST_DECL(test_wc_ecc_get_curve_id_from_name),
  52842. TEST_DECL(test_wc_ecc_get_curve_id_from_params),
  52843. #ifdef WOLFSSL_TLS13
  52844. /* TLS v1.3 API tests */
  52845. TEST_DECL(test_tls13_apis),
  52846. TEST_DECL(test_tls13_cipher_suites),
  52847. #endif
  52848. #if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
  52849. !defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM)
  52850. /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
  52851. /* Bad certificate signature tests */
  52852. TEST_DECL(test_EccSigFailure_cm),
  52853. TEST_DECL(test_RsaSigFailure_cm),
  52854. #endif /* NO_CERTS */
  52855. #if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \
  52856. !defined(NO_OLD_TLS))
  52857. TEST_DECL(test_DhCallbacks),
  52858. #endif
  52859. #if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES)
  52860. TEST_DECL(test_export_keying_material),
  52861. #endif
  52862. TEST_DECL(test_wolfSSL_CTX_get_min_proto_version),
  52863. #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
  52864. (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
  52865. defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
  52866. defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))
  52867. TEST_DECL(test_wolfSSL_set_SSL_CTX),
  52868. #endif
  52869. TEST_DECL(test_wolfSSL_security_level),
  52870. TEST_DECL(test_wolfSSL_SSL_in_init),
  52871. TEST_DECL(test_wolfSSL_EC_curve),
  52872. TEST_DECL(test_wolfSSL_CTX_set_timeout),
  52873. TEST_DECL(test_wolfSSL_OpenSSL_version),
  52874. TEST_DECL(test_wolfSSL_set_psk_use_session_callback),
  52875. TEST_DECL(test_CONF_CTX_FILE),
  52876. TEST_DECL(test_CONF_CTX_CMDLINE),
  52877. TEST_DECL(test_wolfSSL_CRYPTO_get_ex_new_index),
  52878. /* wolfcrypt */
  52879. TEST_DECL(test_wolfCrypt_Init),
  52880. TEST_DECL(test_wc_InitMd5),
  52881. TEST_DECL(test_wc_Md5Update),
  52882. TEST_DECL(test_wc_Md5Final),
  52883. TEST_DECL(test_wc_InitSha),
  52884. TEST_DECL(test_wc_ShaUpdate),
  52885. TEST_DECL(test_wc_ShaFinal),
  52886. TEST_DECL(test_wc_InitSha256),
  52887. TEST_DECL(test_wc_Sha256Update),
  52888. TEST_DECL(test_wc_Sha256Final),
  52889. TEST_DECL(test_wc_Sha256FinalRaw),
  52890. TEST_DECL(test_wc_Sha256GetFlags),
  52891. TEST_DECL(test_wc_Sha256Free),
  52892. TEST_DECL(test_wc_Sha256GetHash),
  52893. TEST_DECL(test_wc_Sha256Copy),
  52894. TEST_DECL(test_wc_InitSha512),
  52895. TEST_DECL(test_wc_Sha512Update),
  52896. TEST_DECL(test_wc_Sha512Final),
  52897. TEST_DECL(test_wc_Sha512GetFlags),
  52898. TEST_DECL(test_wc_Sha512FinalRaw),
  52899. TEST_DECL(test_wc_Sha512Free),
  52900. TEST_DECL(test_wc_Sha512GetHash),
  52901. TEST_DECL(test_wc_Sha512Copy),
  52902. TEST_DECL(test_wc_InitSha512_224),
  52903. TEST_DECL(test_wc_Sha512_224Update),
  52904. TEST_DECL(test_wc_Sha512_224Final),
  52905. TEST_DECL(test_wc_Sha512_224GetFlags),
  52906. TEST_DECL(test_wc_Sha512_224FinalRaw),
  52907. TEST_DECL(test_wc_Sha512_224Free),
  52908. TEST_DECL(test_wc_Sha512_224GetHash),
  52909. TEST_DECL(test_wc_Sha512_224Copy),
  52910. TEST_DECL(test_wc_InitSha512_256),
  52911. TEST_DECL(test_wc_Sha512_256Update),
  52912. TEST_DECL(test_wc_Sha512_256Final),
  52913. TEST_DECL(test_wc_Sha512_256GetFlags),
  52914. TEST_DECL(test_wc_Sha512_256FinalRaw),
  52915. TEST_DECL(test_wc_Sha512_256Free),
  52916. TEST_DECL(test_wc_Sha512_256GetHash),
  52917. TEST_DECL(test_wc_Sha512_256Copy),
  52918. TEST_DECL(test_wc_InitSha384),
  52919. TEST_DECL(test_wc_Sha384Update),
  52920. TEST_DECL(test_wc_Sha384Final),
  52921. TEST_DECL(test_wc_Sha384GetFlags),
  52922. TEST_DECL(test_wc_Sha384FinalRaw),
  52923. TEST_DECL(test_wc_Sha384Free),
  52924. TEST_DECL(test_wc_Sha384GetHash),
  52925. TEST_DECL(test_wc_Sha384Copy),
  52926. TEST_DECL(test_wc_InitSha224),
  52927. TEST_DECL(test_wc_Sha224Update),
  52928. TEST_DECL(test_wc_Sha224Final),
  52929. TEST_DECL(test_wc_Sha224SetFlags),
  52930. TEST_DECL(test_wc_Sha224GetFlags),
  52931. TEST_DECL(test_wc_Sha224Free),
  52932. TEST_DECL(test_wc_Sha224GetHash),
  52933. TEST_DECL(test_wc_Sha224Copy),
  52934. TEST_DECL(test_wc_InitBlake2b),
  52935. TEST_DECL(test_wc_InitBlake2b_WithKey),
  52936. TEST_DECL(test_wc_InitBlake2s_WithKey),
  52937. TEST_DECL(test_wc_InitRipeMd),
  52938. TEST_DECL(test_wc_RipeMdUpdate),
  52939. TEST_DECL(test_wc_RipeMdFinal),
  52940. TEST_DECL(test_wc_InitSha3),
  52941. TEST_DECL(testing_wc_Sha3_Update),
  52942. TEST_DECL(test_wc_Sha3_224_Final),
  52943. TEST_DECL(test_wc_Sha3_256_Final),
  52944. TEST_DECL(test_wc_Sha3_384_Final),
  52945. TEST_DECL(test_wc_Sha3_512_Final),
  52946. TEST_DECL(test_wc_Sha3_224_Copy),
  52947. TEST_DECL(test_wc_Sha3_256_Copy),
  52948. TEST_DECL(test_wc_Sha3_384_Copy),
  52949. TEST_DECL(test_wc_Sha3_512_Copy),
  52950. TEST_DECL(test_wc_Sha3_GetFlags),
  52951. TEST_DECL(test_wc_InitShake256),
  52952. TEST_DECL(testing_wc_Shake256_Update),
  52953. TEST_DECL(test_wc_Shake256_Final),
  52954. TEST_DECL(test_wc_Shake256_Copy),
  52955. TEST_DECL(test_wc_Shake256Hash),
  52956. TEST_DECL(test_wc_Md5HmacSetKey),
  52957. TEST_DECL(test_wc_Md5HmacUpdate),
  52958. TEST_DECL(test_wc_Md5HmacFinal),
  52959. TEST_DECL(test_wc_ShaHmacSetKey),
  52960. TEST_DECL(test_wc_ShaHmacUpdate),
  52961. TEST_DECL(test_wc_ShaHmacFinal),
  52962. TEST_DECL(test_wc_Sha224HmacSetKey),
  52963. TEST_DECL(test_wc_Sha224HmacUpdate),
  52964. TEST_DECL(test_wc_Sha224HmacFinal),
  52965. TEST_DECL(test_wc_Sha256HmacSetKey),
  52966. TEST_DECL(test_wc_Sha256HmacUpdate),
  52967. TEST_DECL(test_wc_Sha256HmacFinal),
  52968. TEST_DECL(test_wc_Sha384HmacSetKey),
  52969. TEST_DECL(test_wc_Sha384HmacUpdate),
  52970. TEST_DECL(test_wc_Sha384HmacFinal),
  52971. TEST_DECL(test_wc_HashInit),
  52972. TEST_DECL(test_wc_HashSetFlags),
  52973. TEST_DECL(test_wc_HashGetFlags),
  52974. TEST_DECL(test_wc_InitCmac),
  52975. TEST_DECL(test_wc_CmacUpdate),
  52976. TEST_DECL(test_wc_CmacFinal),
  52977. TEST_DECL(test_wc_AesCmacGenerate),
  52978. TEST_DECL(test_wc_AesGcmStream),
  52979. TEST_DECL(test_wc_Des3_SetIV),
  52980. TEST_DECL(test_wc_Des3_SetKey),
  52981. TEST_DECL(test_wc_Des3_CbcEncryptDecrypt),
  52982. TEST_DECL(test_wc_Des3_CbcEncryptDecryptWithKey),
  52983. TEST_DECL(test_wc_Des3_EcbEncrypt),
  52984. TEST_DECL(test_wc_Chacha_SetKey),
  52985. TEST_DECL(test_wc_Chacha_Process),
  52986. TEST_DECL(test_wc_ChaCha20Poly1305_aead),
  52987. TEST_DECL(test_wc_Poly1305SetKey),
  52988. TEST_DECL(test_wc_CamelliaSetKey),
  52989. TEST_DECL(test_wc_CamelliaSetIV),
  52990. TEST_DECL(test_wc_CamelliaEncryptDecryptDirect),
  52991. TEST_DECL(test_wc_CamelliaCbcEncryptDecrypt),
  52992. TEST_DECL(test_wc_Arc4SetKey),
  52993. TEST_DECL(test_wc_Arc4Process),
  52994. TEST_DECL(test_wc_Rc2SetKey),
  52995. TEST_DECL(test_wc_Rc2SetIV),
  52996. TEST_DECL(test_wc_Rc2EcbEncryptDecrypt),
  52997. TEST_DECL(test_wc_Rc2CbcEncryptDecrypt),
  52998. TEST_DECL(test_wc_AesSetKey),
  52999. TEST_DECL(test_wc_AesSetIV),
  53000. TEST_DECL(test_wc_AesCbcEncryptDecrypt),
  53001. TEST_DECL(test_wc_AesCtrEncryptDecrypt),
  53002. TEST_DECL(test_wc_AesGcmSetKey),
  53003. TEST_DECL(test_wc_AesGcmEncryptDecrypt),
  53004. TEST_DECL(test_wc_GmacSetKey),
  53005. TEST_DECL(test_wc_GmacUpdate),
  53006. TEST_DECL(test_wc_InitRsaKey),
  53007. TEST_DECL(test_wc_RsaPrivateKeyDecode),
  53008. TEST_DECL(test_wc_RsaPublicKeyDecode),
  53009. TEST_DECL(test_wc_RsaPublicKeyDecodeRaw),
  53010. TEST_DECL(test_wc_MakeRsaKey),
  53011. TEST_DECL(test_wc_SetKeyUsage),
  53012. TEST_DECL(test_wc_CheckProbablePrime),
  53013. TEST_DECL(test_wc_RsaPSS_Verify),
  53014. TEST_DECL(test_wc_RsaPSS_VerifyCheck),
  53015. TEST_DECL(test_wc_RsaPSS_VerifyCheckInline),
  53016. TEST_DECL(test_wc_SetMutexCb),
  53017. TEST_DECL(test_wc_LockMutex_ex),
  53018. TEST_DECL(test_wc_RsaKeyToDer),
  53019. TEST_DECL(test_wc_RsaKeyToPublicDer),
  53020. TEST_DECL(test_wc_RsaPublicEncryptDecrypt),
  53021. TEST_DECL(test_wc_RsaPublicEncryptDecrypt_ex),
  53022. TEST_DECL(test_wc_RsaEncryptSize),
  53023. TEST_DECL(test_wc_RsaSSL_SignVerify),
  53024. TEST_DECL(test_wc_RsaFlattenPublicKey),
  53025. TEST_DECL(test_RsaDecryptBoundsCheck),
  53026. TEST_DECL(test_wc_AesCcmSetKey),
  53027. TEST_DECL(test_wc_AesCcmEncryptDecrypt),
  53028. TEST_DECL(test_wc_InitDsaKey),
  53029. TEST_DECL(test_wc_DsaSignVerify),
  53030. TEST_DECL(test_wc_DsaPublicPrivateKeyDecode),
  53031. TEST_DECL(test_wc_MakeDsaKey),
  53032. TEST_DECL(test_wc_DsaKeyToDer),
  53033. TEST_DECL(test_wc_DsaKeyToPublicDer),
  53034. TEST_DECL(test_wc_DsaImportParamsRaw),
  53035. TEST_DECL(test_wc_DsaImportParamsRawCheck),
  53036. TEST_DECL(test_wc_DsaExportParamsRaw),
  53037. TEST_DECL(test_wc_DsaExportKeyRaw),
  53038. TEST_DECL(test_wc_SignatureGetSize_ecc),
  53039. TEST_DECL(test_wc_SignatureGetSize_rsa),
  53040. /*
  53041. * test_wolfCrypt_Cleanup needs to come after the above wolfCrypt tests to
  53042. * avoid memory leaks.
  53043. */
  53044. TEST_DECL(test_wolfCrypt_Cleanup),
  53045. #ifdef OPENSSL_EXTRA
  53046. TEST_DECL(test_wolfSSL_EVP_get_cipherbynid),
  53047. TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX),
  53048. TEST_DECL(test_wolfSSL_EC),
  53049. TEST_DECL(test_wolfSSL_ECDSA_SIG),
  53050. TEST_DECL(test_ECDSA_size_sign),
  53051. TEST_DECL(test_ED25519),
  53052. TEST_DECL(test_ED448),
  53053. TEST_DECL(test_EC_i2d),
  53054. #endif
  53055. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
  53056. !defined(HAVE_SELFTEST) && \
  53057. !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
  53058. TEST_DECL(test_wc_ecc_get_curve_id_from_dp_params),
  53059. #endif
  53060. #ifdef HAVE_HASHDRBG
  53061. #ifdef TEST_RESEED_INTERVAL
  53062. TEST_DECL(test_wc_RNG_GenerateBlock_Reseed),
  53063. #endif
  53064. TEST_DECL(test_wc_RNG_GenerateBlock),
  53065. #endif
  53066. TEST_DECL(test_get_rand_digit),
  53067. TEST_DECL(test_get_digit_count),
  53068. TEST_DECL(test_mp_cond_copy),
  53069. TEST_DECL(test_mp_rand),
  53070. TEST_DECL(test_get_digit),
  53071. TEST_DECL(test_wc_export_int),
  53072. TEST_DECL(test_wc_InitRngNonce),
  53073. TEST_DECL(test_wc_InitRngNonce_ex),
  53074. TEST_DECL(test_wc_ed25519_make_key),
  53075. TEST_DECL(test_wc_ed25519_init),
  53076. TEST_DECL(test_wc_ed25519_sign_msg),
  53077. TEST_DECL(test_wc_ed25519_import_public),
  53078. TEST_DECL(test_wc_ed25519_import_private_key),
  53079. TEST_DECL(test_wc_ed25519_export),
  53080. TEST_DECL(test_wc_ed25519_size),
  53081. TEST_DECL(test_wc_ed25519_exportKey),
  53082. TEST_DECL(test_wc_Ed25519PublicKeyToDer),
  53083. TEST_DECL(test_wc_curve25519_init),
  53084. TEST_DECL(test_wc_curve25519_size),
  53085. TEST_DECL(test_wc_curve25519_export_key_raw),
  53086. TEST_DECL(test_wc_curve25519_export_key_raw_ex),
  53087. TEST_DECL(test_wc_curve25519_make_key),
  53088. TEST_DECL(test_wc_curve25519_shared_secret_ex),
  53089. TEST_DECL(test_wc_curve25519_make_pub),
  53090. TEST_DECL(test_wc_curve25519_export_public_ex),
  53091. TEST_DECL(test_wc_curve25519_export_private_raw_ex),
  53092. TEST_DECL(test_wc_curve25519_import_private_raw_ex),
  53093. TEST_DECL(test_wc_curve25519_import_private),
  53094. TEST_DECL(test_wc_ed448_make_key),
  53095. TEST_DECL(test_wc_ed448_init),
  53096. TEST_DECL(test_wc_ed448_sign_msg),
  53097. TEST_DECL(test_wc_ed448_import_public),
  53098. TEST_DECL(test_wc_ed448_import_private_key),
  53099. TEST_DECL(test_wc_ed448_export),
  53100. TEST_DECL(test_wc_ed448_size),
  53101. TEST_DECL(test_wc_ed448_exportKey),
  53102. TEST_DECL(test_wc_Ed448PublicKeyToDer),
  53103. TEST_DECL(test_wc_curve448_make_key),
  53104. TEST_DECL(test_wc_curve448_shared_secret_ex),
  53105. TEST_DECL(test_wc_curve448_export_public_ex),
  53106. TEST_DECL(test_wc_curve448_export_private_raw_ex),
  53107. TEST_DECL(test_wc_curve448_export_key_raw),
  53108. TEST_DECL(test_wc_curve448_import_private_raw_ex),
  53109. TEST_DECL(test_wc_curve448_import_private),
  53110. TEST_DECL(test_wc_curve448_init),
  53111. TEST_DECL(test_wc_curve448_size),
  53112. TEST_DECL(test_wc_ecc_make_key),
  53113. TEST_DECL(test_wc_ecc_init),
  53114. TEST_DECL(test_wc_ecc_check_key),
  53115. TEST_DECL(test_wc_ecc_get_generator),
  53116. TEST_DECL(test_wc_ecc_size),
  53117. TEST_DECL(test_wc_ecc_params),
  53118. TEST_DECL(test_wc_ecc_signVerify_hash),
  53119. TEST_DECL(test_wc_ecc_shared_secret),
  53120. TEST_DECL(test_wc_ecc_export_x963),
  53121. TEST_DECL(test_wc_ecc_export_x963_ex),
  53122. TEST_DECL(test_wc_ecc_import_x963),
  53123. TEST_DECL(ecc_import_private_key),
  53124. TEST_DECL(test_wc_ecc_export_private_only),
  53125. TEST_DECL(test_wc_ecc_rs_to_sig),
  53126. TEST_DECL(test_wc_ecc_import_raw),
  53127. TEST_DECL(test_wc_ecc_import_unsigned),
  53128. TEST_DECL(test_wc_ecc_sig_size),
  53129. TEST_DECL(test_wc_ecc_ctx_new),
  53130. TEST_DECL(test_wc_ecc_ctx_reset),
  53131. TEST_DECL(test_wc_ecc_ctx_set_peer_salt),
  53132. TEST_DECL(test_wc_ecc_ctx_set_info),
  53133. TEST_DECL(test_wc_ecc_encryptDecrypt),
  53134. TEST_DECL(test_wc_ecc_del_point),
  53135. TEST_DECL(test_wc_ecc_pointFns),
  53136. TEST_DECL(test_wc_ecc_shared_secret_ssh),
  53137. TEST_DECL(test_wc_ecc_verify_hash_ex),
  53138. TEST_DECL(test_wc_ecc_mulmod),
  53139. TEST_DECL(test_wc_ecc_is_valid_idx),
  53140. TEST_DECL(test_wc_ecc_get_curve_id_from_oid),
  53141. TEST_DECL(test_wc_ecc_sig_size_calc),
  53142. TEST_DECL(test_ToTraditional),
  53143. TEST_DECL(test_wc_EccPrivateKeyToDer),
  53144. TEST_DECL(test_wc_DhPublicKeyDecode),
  53145. TEST_DECL(test_wc_Ed25519KeyToDer),
  53146. TEST_DECL(test_wc_Ed25519PrivateKeyToDer),
  53147. TEST_DECL(test_wc_Ed448KeyToDer),
  53148. TEST_DECL(test_wc_Ed448PrivateKeyToDer),
  53149. TEST_DECL(test_wc_SetAuthKeyIdFromPublicKey_ex),
  53150. TEST_DECL(test_wc_SetSubjectBuffer),
  53151. TEST_DECL(test_wc_SetSubjectKeyIdFromPublicKey_ex),
  53152. TEST_DECL(test_wc_PKCS7_New),
  53153. TEST_DECL(test_wc_PKCS7_Init),
  53154. TEST_DECL(test_wc_PKCS7_InitWithCert),
  53155. TEST_DECL(test_wc_PKCS7_EncodeData),
  53156. TEST_DECL(test_wc_PKCS7_EncodeSignedData),
  53157. TEST_DECL(test_wc_PKCS7_EncodeSignedData_ex),
  53158. TEST_DECL(test_wc_PKCS7_VerifySignedData),
  53159. TEST_DECL(test_wc_PKCS7_EncodeDecodeEnvelopedData),
  53160. TEST_DECL(test_wc_PKCS7_EncodeEncryptedData),
  53161. TEST_DECL(test_wc_PKCS7_Degenerate),
  53162. TEST_DECL(test_wc_PKCS7_BER),
  53163. TEST_DECL(test_PKCS7_signed_enveloped),
  53164. TEST_DECL(test_wc_PKCS7_NoDefaultSignedAttribs),
  53165. TEST_DECL(test_wc_PKCS7_SetOriEncryptCtx),
  53166. TEST_DECL(test_wc_PKCS7_SetOriDecryptCtx),
  53167. TEST_DECL(test_wc_PKCS7_DecodeCompressedData),
  53168. TEST_DECL(test_wc_i2d_PKCS12),
  53169. TEST_DECL(test_wolfSSL_CTX_LoadCRL),
  53170. TEST_DECL(test_openssl_FIPS_drbg),
  53171. TEST_DECL(test_wc_CryptoCb),
  53172. TEST_DECL(test_wolfSSL_CTX_StaticMemory),
  53173. TEST_DECL(test_wolfSSL_FIPS_mode),
  53174. #ifdef WOLFSSL_DTLS
  53175. TEST_DECL(test_wolfSSL_DtlsUpdateWindow),
  53176. TEST_DECL(test_wolfSSL_DTLS_fragment_buckets),
  53177. #endif
  53178. #if !defined(NO_FILESYSTEM) && \
  53179. defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
  53180. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
  53181. #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME
  53182. TEST_DECL(test_wolfSSL_dtls_stateless_resume),
  53183. #endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */
  53184. #ifdef HAVE_MAX_FRAGMENT
  53185. TEST_DECL(test_wolfSSL_dtls_stateless_maxfrag),
  53186. #endif /* HAVE_MAX_FRAGMENT */
  53187. TEST_DECL(test_wolfSSL_dtls_stateless2),
  53188. #if !defined(NO_OLD_TLS)
  53189. TEST_DECL(test_wolfSSL_dtls_stateless_downgrade),
  53190. #endif /* !defined(NO_OLD_TLS) */
  53191. #endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
  53192. * !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) */
  53193. TEST_DECL(test_WOLFSSL_dtls_version_alert),
  53194. TEST_DECL(test_ForceZero),
  53195. TEST_DECL(test_wolfSSL_Cleanup),
  53196. #if defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \
  53197. && defined(WOLFSSL_TLS13) && \
  53198. (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
  53199. TEST_DECL(test_ticket_nonce_malloc),
  53200. #endif
  53201. #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
  53202. !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
  53203. !defined(WOLFSSL_NO_CLIENT_AUTH))
  53204. TEST_DECL(test_various_pathlen_chains),
  53205. #endif
  53206. /* If at some point a stub get implemented this test should fail indicating
  53207. * a need to implement a new test case
  53208. */
  53209. TEST_DECL(test_stubs_are_stubs)
  53210. };
  53211. #define TEST_CASE_CNT (int)(sizeof(testCases) / sizeof(*testCases))
  53212. static void TestSetup(void)
  53213. {
  53214. /* Stub, for now. Add common test setup code here. */
  53215. }
  53216. static void TestCleanup(void)
  53217. {
  53218. #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
  53219. /* Clear any errors added to the error queue during the test run. */
  53220. wolfSSL_ERR_clear_error();
  53221. #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */
  53222. }
  53223. /* Print out all API test cases with numeric identifier.
  53224. */
  53225. void ApiTest_PrintTestCases(void)
  53226. {
  53227. int i;
  53228. printf("All Test Cases:");
  53229. for (i = 0; i < TEST_CASE_CNT; i++) {
  53230. printf("%3d: %s\n", i + 1, testCases[i].name);
  53231. }
  53232. }
  53233. /* Add test case with index to the list to run.
  53234. *
  53235. * @param [in] idx Index of test case to run starting at 1.
  53236. * @return 0 on success.
  53237. * @return BAD_FUNC_ARG when index is out of range of test case identifiers.
  53238. */
  53239. int ApiTest_RunIdx(int idx)
  53240. {
  53241. if (idx < 1 || idx > TEST_CASE_CNT) {
  53242. printf("Index out of range (1 - %d): %d\n", TEST_CASE_CNT, idx);
  53243. return BAD_FUNC_ARG;
  53244. }
  53245. testAll = 0;
  53246. testCases[idx-1].run = 1;
  53247. return 0;
  53248. }
  53249. /* Add test case with name to the list to run.
  53250. *
  53251. * @param [in] name Name of test case to run.
  53252. * @return 0 on success.
  53253. * @return BAD_FUNC_ARG when name is not a known test case name.
  53254. */
  53255. int ApiTest_RunName(char* name)
  53256. {
  53257. int i;
  53258. for (i = 0; i < TEST_CASE_CNT; i++) {
  53259. if (XSTRCMP(testCases[i].name, name) == 0) {
  53260. testAll = 0;
  53261. testCases[i].run = 1;
  53262. return 0;
  53263. }
  53264. }
  53265. printf("Test case name not found: %s\n", name);
  53266. printf("Use -list to see all test case names.\n");
  53267. return BAD_FUNC_ARG;
  53268. }
  53269. /* Converts the result code to a string.
  53270. *
  53271. * @param [in] res Test result code.
  53272. * @return String describing test result.
  53273. */
  53274. static const char* apitest_res_string(int res)
  53275. {
  53276. const char* str = "invalid result";
  53277. switch (res) {
  53278. case TEST_SUCCESS:
  53279. str = "passed";
  53280. break;
  53281. case TEST_FAIL:
  53282. str = "failed";
  53283. break;
  53284. case TEST_SKIPPED:
  53285. str = "skipped";
  53286. break;
  53287. }
  53288. return str;
  53289. }
  53290. #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
  53291. static double gettime_secs(void)
  53292. {
  53293. struct timeval tv;
  53294. LIBCALL_CHECK_RET(gettimeofday(&tv, 0));
  53295. return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
  53296. }
  53297. #endif
  53298. void ApiTest(void)
  53299. {
  53300. int i;
  53301. int ret;
  53302. #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
  53303. double timeDiff;
  53304. #endif
  53305. printf(" Begin API Tests\n");
  53306. fflush(stdout);
  53307. for (i = 0; i < TEST_CASE_CNT; ++i) {
  53308. /* When not testing all cases then skip if not marked for running. */
  53309. if (!testAll && !testCases[i].run) {
  53310. continue;
  53311. }
  53312. TestSetup();
  53313. printf(" %3d: %-52s:", i + 1, testCases[i].name);
  53314. fflush(stdout);
  53315. #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
  53316. timeDiff = gettime_secs();
  53317. #endif
  53318. ret = testCases[i].func();
  53319. #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
  53320. timeDiff = gettime_secs() - timeDiff;
  53321. #endif
  53322. #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
  53323. if (ret != TEST_SKIPPED) {
  53324. printf(" %s (%9.5lf)\n", apitest_res_string(ret), timeDiff);
  53325. }
  53326. else
  53327. #endif
  53328. {
  53329. printf(" %s\n", apitest_res_string(ret));
  53330. }
  53331. fflush(stdout);
  53332. /* if return code is < 0 and not skipped then assert error */
  53333. Assert((ret > 0 || ret == TEST_SKIPPED),
  53334. ("Test failed\n"),
  53335. ("ret %d", ret));
  53336. TestCleanup();
  53337. }
  53338. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
  53339. && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
  53340. wc_ecc_fp_free(); /* free per thread cache */
  53341. #endif
  53342. wolfSSL_Cleanup();
  53343. (void)testDevId;
  53344. printf(" End API Tests\n");
  53345. fflush(stdout);
  53346. }