diff --git a/doc/dox_comments/header_files/evp.h b/doc/dox_comments/header_files/evp.h index 840ef50be..3aa6c3a27 100644 --- a/doc/dox_comments/header_files/evp.h +++ b/doc/dox_comments/header_files/evp.h @@ -374,6 +374,28 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher); */ WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); +/*! + \ingroup openSSL + + \brief Clearing function for WOLFSSL_EVP_CIPHER_CTX structure. + + \return none No returns. + + \param ctx structure to clear flag. + \param flag flag value to clear in structure. + + _Example_ + \code + WOLFSSL_EVP_CIPHER_CTX* ctx; + int flag; + // create ctx + wolfSSL_EVP_CIPHER_CTX_clear_flags(ctx, flag); + \endcode + + \sa wolfSSL_EVP_CIPHER_flags +*/ +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); + /*! \ingroup openSSL diff --git a/tests/api.c b/tests/api.c index 66b9ba44a..7cc6edebf 100644 --- a/tests/api.c +++ b/tests/api.c @@ -12191,6 +12191,75 @@ static int test_wc_DsaImportParamsRaw (void) } /* END test_wc_DsaImportParamsRaw */ +/* + * Testing wc_DsaImportParamsRawCheck() + */ +static int test_wc_DsaImportParamsRawCheck (void) +{ + int ret = 0; + +#if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + DsaKey key; + int trusted = 0; + /* [mod = L=1024, N=160], from CAVP KeyPair */ + const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d" + "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c" + "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6" + "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71" + "47123188f8dc551054ee162b634d60f097f719076640e209" + "80a0093113a8bd73"; + const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281"; + const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822" + "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e" + "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786" + "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c" + "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0" + "76341a7e7d9"; + + /* invalid p and q parameters */ + const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"; + const char* invalidQ = "96c5390a"; + + printf(testingFmt, "wc_DsaImportParamsRawCheck()"); + + ret = wc_InitDsaKey(&key); + if (ret == 0) { + ret = wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL); + } + + /* test bad args */ + if (ret == 0) { + /* null key struct */ + ret = wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL); + if (ret == BAD_FUNC_ARG) { + /* null param pointers */ + ret = wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted, NULL); + } + + if (ret == BAD_FUNC_ARG) { + /* illegal p length */ + ret = wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL); + } + + if (ret == BAD_FUNC_ARG) { + /* illegal q length */ + ret = wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL); + if (ret == BAD_FUNC_ARG) + ret = 0; + } + + } + + printf(resultFmt, ret == 0 ? passed : failed); + + wc_FreeDsaKey(&key); + +#endif + + return ret; + +} /* END test_wc_DsaImportParamsRawCheck */ + /* * Testing wc_DsaExportParamsRaw() */ @@ -13023,6 +13092,70 @@ static int test_wc_ed25519_exportKey (void) } /* END test_wc_ed25519_exportKey */ +/* + * Testing wc_Ed25519PublicKeyToDer + */ +static int test_wc_Ed25519PublicKeyToDer (void) +{ + int ret = 0; + +#if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \ + defined(WOLFSSL_KEY_GEN)) + int tmp; + ed25519_key key; + byte derBuf[1024]; + + printf(testingFmt, "wc_Ed25519PublicKeyToDer()"); + + /* Test bad args */ + tmp = wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0); + if (tmp != BAD_FUNC_ARG) { + ret = SSL_FATAL_ERROR; + } + + if (ret == 0) { + wc_ed25519_init(&key); + tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0); + if (tmp != BUFFER_E) { + ret = SSL_FATAL_ERROR; + } + wc_ed25519_free(&key); + } + + /* Test good args */ + if (ret == 0) { + WC_RNG rng; + ret = wc_InitRng(&rng); + if (ret != 0) { + return ret; + } + ret = wc_ed25519_init(&key); + if (ret != 0) { + wc_FreeRng(&rng); + return ret; + } + + ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); + if (ret != 0) { + wc_FreeRng(&rng); + wc_ed25519_free(&key); + return ret; + } + + tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1); + if (tmp <= 0) { + ret = SSL_FATAL_ERROR; + } + + wc_FreeRng(&rng); + wc_ed25519_free(&key); + } + printf(resultFmt, ret == 0 ? passed : failed); +#endif + return ret; + +} /* END testing wc_Ed25519PublicKeyToDer */ + /* * Testing wc_curve25519_init and wc_curve25519_free. */ @@ -16483,6 +16616,66 @@ static void test_wc_CertPemToDer(void) #endif } +static void test_wc_PubKeyPemToDer(void) +{ +#ifdef WOLFSSL_PEM_TO_DER +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) + int ret; + const char* key = "./certs/ecc-client-keyPub.pem"; + byte* cert_buf = NULL; + size_t cert_sz = 0, cert_dersz = 0; + byte* cert_der = NULL; + + printf(testingFmt, "wc_PubKeyPemToDer()"); + + + ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, + cert_der, (int)cert_dersz); + AssertIntGE(ret, BAD_FUNC_ARG); + + ret = load_file(key, &cert_buf, &cert_sz); + if (ret == 0) { + cert_dersz = cert_sz; /* DER will be smaller than PEM */ + cert_der = (byte*)malloc(cert_dersz); + if (cert_der) { + ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, + cert_der, (int)cert_dersz); + AssertIntGE(ret, 0); + } + } + + if (cert_der) + free(cert_der); + if (cert_buf) + free(cert_buf); +#endif +#endif +} + +static void test_wc_PemPubKeyToDer(void) +{ +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) + int ret; + const char* key = "./certs/ecc-client-keyPub.pem"; + size_t cert_dersz = 1024; + byte* cert_der = (byte*)malloc(cert_dersz); + + printf(testingFmt, "wc_PemPubKeyToDer()"); + +#if 0 /* NULL filename causes valgrind failure */ + ret = wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz); + AssertIntGE(ret, BUFFER_E); +#endif + + if (cert_der) { + ret = wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz); + AssertIntGE(ret, 0); + + free(cert_der); + } +#endif +} + static void test_wolfSSL_certs(void) { @@ -18305,6 +18498,36 @@ static void test_wolfSSL_DTLS_either_side(void) #endif } +static void test_generate_cookie(void) +{ +#if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) + SSL_CTX* ctx; + SSL* ssl; + byte buf[FOURK_BUF] = {0}; + + printf(testingFmt, "test_generate_cookie"); + + AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLS_method())); + AssertNotNull(ssl = SSL_new(ctx)); + + /* Test unconnected */ + AssertIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E); + + wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie); + + wolfSSL_SetCookieCtx(ssl, ctx); + + AssertNotNull(wolfSSL_GetCookieCtx(ssl)); + + AssertNull(wolfSSL_GetCookieCtx(NULL)); + + SSL_free(ssl); + SSL_CTX_free(ctx); + + printf(resultFmt, passed); +#endif +} + static void test_wolfSSL_set_options(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ @@ -19625,6 +19848,21 @@ static void test_wolfSSL_SESSION(void) AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_SUCCESS); +#ifdef HAVE_SESSION_TICKET + /* Test set/get session ticket */ + { + char ticket[] = "This is a session ticket"; + char buf[64] = {0}; + word32 bufSz = (word32)sizeof(buf); + + AssertIntEQ(SSL_SUCCESS, + wolfSSL_set_SessionTicket(ssl, (byte *)ticket, (word32)XSTRLEN(ticket))); + AssertIntEQ(SSL_SUCCESS, + wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz)); + AssertStrEQ(ticket, buf); + } +#endif + /* fail case with miss match session context IDs (use compatibility API) */ AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz), SSL_SUCCESS); @@ -21046,6 +21284,77 @@ static void test_wc_SetIssuerRaw(void) #endif } +static void test_wc_SetIssueBuffer(void) +{ +#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) + char joiCertFile[] = "./certs/test/cert-ext-joi.pem"; + WOLFSSL_X509* x509; + int peerCertSz; + const byte* peerCertBuf; + Cert forgedCert; + + printf(testingFmt, "test_wc_SetIssuerBuffer()"); + + AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_PEM)); + + AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz)); + + AssertIntEQ(0, wc_InitCert(&forgedCert)); + + AssertIntEQ(0, wc_SetIssuerBuffer(&forgedCert, peerCertBuf, peerCertSz)); + + wolfSSL_FreeX509(x509); + + printf(resultFmt, passed); +#endif +} + +/* + * Testing wc_SetSubjectKeyId + */ +static void test_wc_SetSubjectKeyId(void) +{ +#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) + Cert cert; + char file[] = "certs/ecc-client-keyPub.pem"; + + printf(testingFmt, "wc_SetSubjectKeyId()"); + + AssertIntEQ(0, wc_InitCert(&cert)); + AssertIntEQ(0, wc_SetSubjectKeyId(&cert, file)); + + AssertIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file)); + AssertIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name")); + + printf(resultFmt, passed); +#endif +} /* END test_wc_SetSubjectKeyId */ + +/* + * Testing wc_SetSubject + */ +static void test_wc_SetSubject(void) +{ +#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) + Cert cert; + char file[] = "./certs/ca-ecc-cert.pem"; + + printf(testingFmt, "wc_SetSubject()"); + + AssertIntEQ(0, wc_InitCert(&cert)); + AssertIntEQ(0, wc_SetSubject(&cert, file)); + + AssertIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file)); + AssertIntGT(0, wc_SetSubject(&cert, "badfile.name")); + + printf(resultFmt, passed); +#endif +} /* END test_wc_SetSubject */ + + static void test_CheckCertSignature(void) { #if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY) @@ -22806,6 +23115,8 @@ void ApiTest(void) test_wc_PemToDer(); test_wc_AllocDer(); test_wc_CertPemToDer(); + test_wc_PubKeyPemToDer(); + test_wc_PemPubKeyToDer(); /*OCSP Stapling. */ AssertIntEQ(test_wolfSSL_UseOCSPStapling(), WOLFSSL_SUCCESS); @@ -22839,6 +23150,7 @@ void ApiTest(void) test_wolfSSL_msgCb(); test_wolfSSL_either_side(); test_wolfSSL_DTLS_either_side(); + test_generate_cookie(); test_wolfSSL_X509_STORE_set_flags(); test_wolfSSL_X509_LOOKUP_load_file(); test_wolfSSL_X509_NID(); @@ -22922,6 +23234,9 @@ void ApiTest(void) test_wc_SetSubjectRaw(); test_wc_GetSubjectRaw(); test_wc_SetIssuerRaw(); + test_wc_SetIssueBuffer(); + test_wc_SetSubjectKeyId(); + test_wc_SetSubject(); test_CheckCertSignature(); /* wolfCrypt ECC tests */ @@ -23064,6 +23379,7 @@ void ApiTest(void) AssertIntEQ(test_wc_MakeDsaKey(), 0); AssertIntEQ(test_wc_DsaKeyToDer(), 0); AssertIntEQ(test_wc_DsaImportParamsRaw(), 0); + AssertIntEQ(test_wc_DsaImportParamsRawCheck(), 0); AssertIntEQ(test_wc_DsaExportParamsRaw(), 0); AssertIntEQ(test_wc_DsaExportKeyRaw(), 0); AssertIntEQ(test_wc_SignatureGetSize_ecc(), 0); @@ -23091,6 +23407,7 @@ void ApiTest(void) AssertIntEQ(test_wc_ed25519_export(), 0); AssertIntEQ(test_wc_ed25519_size(), 0); AssertIntEQ(test_wc_ed25519_exportKey(), 0); + AssertIntEQ(test_wc_Ed25519PublicKeyToDer(), 0); AssertIntEQ(test_wc_curve25519_init(), 0); AssertIntEQ(test_wc_curve25519_size (), 0); AssertIntEQ(test_wc_ecc_make_key(), 0); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ea2388a68..db37644de 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13017,8 +13017,13 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile) { int ret; int derSz; - byte* der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); + byte* der; + if (cert == NULL) { + return BAD_FUNC_ARG; + } + + der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); if (der == NULL) { WOLFSSL_MSG("wc_SetIssuer OOF Problem"); return MEMORY_E; @@ -13037,12 +13042,18 @@ int wc_SetSubject(Cert* cert, const char* subjectFile) { int ret; int derSz; - byte* der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); + byte* der; + if (cert == NULL) { + return BAD_FUNC_ARG; + } + + der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); if (der == NULL) { WOLFSSL_MSG("wc_SetSubject OOF Problem"); return MEMORY_E; } + derSz = wc_PemCertToDer(subjectFile, der, EIGHTK_BUF); ret = SetNameFromCert(&cert->subject, der, derSz); XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); @@ -13057,8 +13068,13 @@ int wc_SetAltNames(Cert* cert, const char* file) { int ret; int derSz; - byte* der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); + byte* der; + if (cert == NULL) { + return BAD_FUNC_ARG; + } + + der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); if (der == NULL) { WOLFSSL_MSG("wc_SetAltNames OOF Problem"); return MEMORY_E; @@ -13077,6 +13093,10 @@ int wc_SetAltNames(Cert* cert, const char* file) /* Set cert issuer from DER buffer */ int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz) { + if (cert == NULL) { + return BAD_FUNC_ARG; + } + cert->selfSigned = 0; return SetNameFromCert(&cert->issuer, der, derSz); } @@ -13084,6 +13104,10 @@ int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz) /* Set cert subject from DER buffer */ int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz) { + if (cert == NULL) { + return BAD_FUNC_ARG; + } + return SetNameFromCert(&cert->subject, der, derSz); } #ifdef WOLFSSL_CERT_EXT diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 4900d0e67..b38bbdc84 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -175,23 +175,25 @@ WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - if (ctx && ctx->enc) - return WOLFSSL_FAILURE; - else { - WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal"); - return wolfSSL_EVP_CipherFinal(ctx, out, outl); - } + if (ctx && ctx->enc) { + WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal"); + return wolfSSL_EVP_CipherFinal(ctx, out, outl); + } + else { + return WOLFSSL_FAILURE; + } } WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - if (ctx && ctx->enc) - return WOLFSSL_FAILURE; - else { + if (ctx && ctx->enc) { WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal_ex"); return wolfSSL_EVP_CipherFinal(ctx, out, outl); } + else { + return WOLFSSL_FAILURE; + } } @@ -613,7 +615,14 @@ WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *ciph WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) { if (ctx != NULL) { - ctx->flags = flags; + ctx->flags |= flags; + } +} + +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) +{ + if (ctx != NULL) { + ctx->flags &= ~flags; } } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index f86ce1fe5..c913893cf 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4872,6 +4872,38 @@ int des_test(void) if (XMEMCMP(cipher, verify, sizeof(cipher))) return -4605; + ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv); + if (ret != 0) + return -4606; + +#ifdef WOLFSSL_ENCRYPTED_KEYS + { + EncryptedInfo info; + XMEMSET(&info, 0, sizeof(EncryptedInfo)); + XMEMCPY(info.iv, iv, sizeof(iv)); + info.ivSz = sizeof(iv); + info.keySz = sizeof(key); + info.cipherType = WC_CIPHER_DES; + + ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key, + sizeof(key), WC_HASH_TYPE_SHA); + if (ret != 0) + return -4607; + + /* Test invalid info ptr */ + ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key, + sizeof(key), WC_HASH_TYPE_SHA); + if (ret != BAD_FUNC_ARG) + return -4608; + + /* Test invalid hash type */ + ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key, + sizeof(key), WC_HASH_TYPE_NONE); + if (ret == 0) + return -4609; + } +#endif + return 0; } #endif /* NO_DES3 */ @@ -4978,6 +5010,22 @@ int des3_test(void) wc_Des3Free(&enc); wc_Des3Free(&dec); +#ifdef WOLFSSL_ENCRYPTED_KEYS + { + EncryptedInfo info; + XMEMSET(&info, 0, sizeof(EncryptedInfo)); + XMEMCPY(info.iv, iv3, sizeof(iv3)); + info.ivSz = sizeof(iv3); + info.keySz = sizeof(key3); + info.cipherType = WC_CIPHER_DES3; + + ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3, + sizeof(key3), WC_HASH_TYPE_SHA); + if (ret != 0) + return -4710; + } +#endif + return 0; } #endif /* NO_DES */ @@ -11573,6 +11621,11 @@ int rsa_test(void) goto exit_rsa; } + derSz = wc_MakeCertReq_ex(&req, der, FOURK_BUF, RSA_TYPE, &key); + if (derSz < 0) { + ERROR_OUT(-7074, exit_rsa); + } + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); pem = NULL; XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -12025,6 +12078,22 @@ int dh_test(void) ERROR_OUT(-7114, done); } +#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + if (wc_DhCheckPrivKey(NULL, NULL, 0) != BAD_FUNC_ARG) + return -7115; + + if (wc_DhCheckPrivKey(&key, priv, privSz) != 0) + return -7116; + + if (wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL) != BAD_FUNC_ARG) + return -7117; + { + word32 pSz, qSz, gSz; + if (wc_DhExportParamsRaw(&key, NULL, &pSz, NULL, &qSz, NULL, &gSz) != LENGTH_ONLY_E) + return -7118; + } +#endif + ret = dh_generate_test(&rng); if (ret == 0) ret = dh_fips_generate_test(&rng); @@ -12189,6 +12258,9 @@ int dsa_test(void) } #endif /* WOLFSSL_KEY_GEN */ + if (wc_InitDsaKey_h(&key, NULL) != 0) + return -7216; + wc_FreeRng(&rng); return 0; } @@ -13682,6 +13754,77 @@ int openssl_test(void) if (XMEMCMP(plain, cbcPlain, 18)) return -7502; + if (EVP_CIPHER_key_length(NULL) != 0) + return -7503; + + if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16) + return -7504; + + if (EVP_CIPHER_CTX_mode(NULL) != 0) + return -7505; + + if (EVP_CIPHER_CTX_mode(&en) != (en.flags & WOLFSSL_EVP_CIPH_MODE)) + return -7506; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit_ex(&en, EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return -7507; + + EVP_CIPHER_CTX_init(&en); + if (EVP_EncryptInit_ex(&en, EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv) == 0) + return -7508; + + if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE) + return -7509; + + if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE) + return -7510; + + EVP_CIPHER_CTX_init(&de); + if (EVP_DecryptInit_ex(&de, EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv) == 0) + return -7511; + + if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE) + return -7512; + + if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE) + return -7513; + + if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG) + return -7514; + + EVP_CIPHER_CTX_init(&en); + EVP_EncryptInit_ex(&en, EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv); + if (EVP_CIPHER_CTX_block_size(&en) != en.block_size) + return -7514; + + if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG) + return -7515; + + if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE) + return -7516; + + if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0) + return -7517; + + if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE) + return -7518; + + EVP_CIPHER_CTX_clear_flags(&en, 0xFFFFFFFF); + EVP_CIPHER_CTX_set_flags(&en, 42); + if (en.flags != 42) + return -7519; + + if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG) + return -7520; + if (EVP_CIPHER_CTX_set_padding(&en, 0) != WOLFSSL_SUCCESS) + return -7521; + if (EVP_CIPHER_CTX_set_padding(&en, 1) != WOLFSSL_SUCCESS) + return -7522; } #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ @@ -13743,6 +13886,21 @@ int openSSL_evpMD_test(void) goto openSSL_evpMD_test_done; } + if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) { + ret = -7608; + goto openSSL_evpMD_test_done; + } + + if (EVP_add_digest(NULL) != 0) { + ret = -7609; + goto openSSL_evpMD_test_done; + } + + if (wolfSSL_EVP_add_cipher(NULL) != 0) { + ret = -7610; + goto openSSL_evpMD_test_done; + } + ret = 0; /* got to success state without jumping to end with a fail */ openSSL_evpMD_test_done: diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 34be7ae22..ef011fa48 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -414,6 +414,7 @@ WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *ciph WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad); WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest); @@ -585,6 +586,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CIPHER_block_size wolfSSL_EVP_CIPHER_block_size #define EVP_CIPHER_flags wolfSSL_EVP_CIPHER_flags #define EVP_CIPHER_CTX_set_flags wolfSSL_EVP_CIPHER_CTX_set_flags +#define EVP_CIPHER_CTX_clear_flags wolfSSL_EVP_CIPHER_CTX_clear_flags #define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding #define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags #define EVP_add_digest wolfSSL_EVP_add_digest