mirror of https://github.com/wolfSSL/wolfssl.git
Configure Fixes
1. The combination enable-all and disable-rsa breaks some of the testing. Added the NO_RSA guards as appropriate. 2. Disabled the OCSP stapling and CRL tests when RSA is disabled as they use test certificates with RSA keys.pull/2163/head
parent
2f4507e4f1
commit
27ea9d9bce
|
@ -1889,6 +1889,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
|
||||
}
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
/* All the OSCP Stapling test certs are RSA. */
|
||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|
||||
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|
||||
if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS)
|
||||
|
@ -1900,6 +1902,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||
if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != WOLFSSL_SUCCESS)
|
||||
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_PK_CALLBACKS
|
||||
if (pkCallbacks)
|
||||
|
|
|
@ -15,6 +15,9 @@ dist_noinst_SCRIPTS+= scripts/resume.test
|
|||
EXTRA_DIST+= scripts/benchmark.test
|
||||
EXTRA_DIST+= scripts/memtest.sh
|
||||
|
||||
# The CRL and OCSP tests use RSA certificates.
|
||||
if BUILD_RSA
|
||||
|
||||
if BUILD_CRL
|
||||
# make revoked test rely on completion of resume test
|
||||
dist_noinst_SCRIPTS+= scripts/crl-revoked.test
|
||||
|
@ -46,6 +49,8 @@ endif
|
|||
|
||||
endif
|
||||
|
||||
endif
|
||||
|
||||
if BUILD_PSK
|
||||
dist_noinst_SCRIPTS+= scripts/psk.test
|
||||
endif
|
||||
|
|
40
src/ssl.c
40
src/ssl.c
|
@ -26559,6 +26559,8 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
|
|||
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
|
||||
|
||||
#ifndef NO_RSA
|
||||
/* Takes a WOLFSSL_RSA key and writes it out to a WOLFSSL_BIO
|
||||
*
|
||||
* bio the WOLFSSL_BIO to write to
|
||||
|
@ -26639,6 +26641,8 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key,
|
|||
return ret;
|
||||
}
|
||||
|
||||
#endif /* NO_RSA */
|
||||
|
||||
|
||||
int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
|
||||
const WOLFSSL_EVP_CIPHER* cipher,
|
||||
|
@ -26666,9 +26670,11 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
|
|||
keyDer = (byte*)key->pkey.ptr;
|
||||
|
||||
switch (key->type) {
|
||||
#ifndef NO_RSA
|
||||
case EVP_PKEY_RSA:
|
||||
type = PRIVATEKEY_TYPE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifndef NO_DSA
|
||||
case EVP_PKEY_DSA:
|
||||
|
@ -29920,8 +29926,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
|
|||
}
|
||||
|
||||
|
||||
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
|
||||
/* needed SetName function from asn.c is wrapped by NO_RSA */
|
||||
#if defined(WOLFSSL_CERT_GEN)
|
||||
/* helper function for CopyX509NameToCertName()
|
||||
*
|
||||
* returns WOLFSSL_SUCCESS on success
|
||||
|
@ -35598,6 +35603,8 @@ int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509 *x)
|
|||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
#if defined(OPENSSL_ALL)
|
||||
|
||||
#ifndef NO_RSA
|
||||
int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
|
||||
{
|
||||
if (pkey == NULL || key == NULL)
|
||||
|
@ -35609,6 +35616,7 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
|
|||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
#endif
|
||||
|
||||
int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
|
||||
{
|
||||
|
@ -36189,12 +36197,16 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
|
|||
Cert cert;
|
||||
byte der[2048];
|
||||
int derSz = sizeof(der);
|
||||
void* key;
|
||||
int type;
|
||||
void* key = NULL;
|
||||
int type = -1;
|
||||
int sigType;
|
||||
int hashType;
|
||||
#ifndef NO_RSA
|
||||
RsaKey rsa;
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
ecc_key ecc;
|
||||
#endif
|
||||
WC_RNG rng;
|
||||
word32 idx = 0;
|
||||
|
||||
|
@ -36257,6 +36269,7 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
|
|||
return WOLFSSL_FAILURE;
|
||||
|
||||
/* Create a public key object from requests public key. */
|
||||
#ifndef NO_RSA
|
||||
if (req->pubKeyOID == RSAk) {
|
||||
type = RSA_TYPE;
|
||||
ret = wc_InitRsaKey(&rsa, req->heap);
|
||||
|
@ -36270,7 +36283,9 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
|
|||
}
|
||||
key = (void*)&rsa;
|
||||
}
|
||||
else {
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
if (req->pubKeyOID == ECDSAk) {
|
||||
type = ECC_TYPE;
|
||||
ret = wc_ecc_init(&ecc);
|
||||
if (ret != 0)
|
||||
|
@ -36283,6 +36298,9 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
|
|||
}
|
||||
key = (void*)&ecc;
|
||||
}
|
||||
#endif
|
||||
if (key == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
/* Make the body of the certificate request. */
|
||||
ret = wc_MakeCertReq_ex(&cert, der, derSz, type, key);
|
||||
|
@ -36290,21 +36308,29 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
|
|||
return WOLFSSL_FAILURE;
|
||||
|
||||
/* Dispose of the public key object. */
|
||||
#ifndef NO_RSA
|
||||
if (req->pubKeyOID == RSAk)
|
||||
wc_FreeRsaKey(&rsa);
|
||||
else
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
if (req->pubKeyOID == ECDSAk)
|
||||
wc_ecc_free(&ecc);
|
||||
#endif
|
||||
|
||||
idx = 0;
|
||||
/* Get the private key object and type from pkey. */
|
||||
#ifndef NO_RSA
|
||||
if (pkey->type == EVP_PKEY_RSA) {
|
||||
type = RSA_TYPE;
|
||||
key = pkey->rsa->internal;
|
||||
}
|
||||
else {
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
if (pkey->type == EVP_PKEY_EC) {
|
||||
type = ECC_TYPE;
|
||||
key = pkey->ecc->internal;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Sign the certificate request body. */
|
||||
ret = wc_InitRng(&rng);
|
||||
|
|
|
@ -20477,7 +20477,9 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
|
|||
{
|
||||
BIO* bio = NULL;
|
||||
EVP_PKEY* pkey = NULL;
|
||||
#ifndef NO_RSA
|
||||
RSA* rsa = NULL;
|
||||
#endif
|
||||
WOLFSSL_CTX* ctx;
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN)
|
||||
|
@ -20550,13 +20552,14 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
|
|||
AssertNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
|
||||
|
||||
#ifndef NO_RSA
|
||||
/* Tests bad parameters */
|
||||
AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));
|
||||
|
||||
/* RSA not set yet, expecting to fail*/
|
||||
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
|
||||
|
||||
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
|
||||
#if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
|
||||
/* set RSA using bio*/
|
||||
AssertIntGT(BIO_write(bio, client_key_der_2048,
|
||||
sizeof_client_key_der_2048), 0);
|
||||
|
@ -20568,13 +20571,13 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
|
|||
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
|
||||
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
|
||||
sizeof_client_key_der_2048);
|
||||
#endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
|
||||
RSA_free(rsa);
|
||||
#endif
|
||||
#endif /* NO_RSA */
|
||||
SSL_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
BIO_free(bio);
|
||||
bio = NULL;
|
||||
(void)rsa;
|
||||
printf(resultFmt, passed);
|
||||
}
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
|
||||
|
|
|
@ -8685,7 +8685,10 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
|
|||
static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
|
||||
#endif
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der";
|
||||
#ifndef NO_RSA
|
||||
/* eccKeyPubFile is used in a test that requires RSA. */
|
||||
static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der";
|
||||
#endif
|
||||
static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
|
||||
static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
|
||||
#ifdef ENABLE_ECC384_CERT_GEN_TEST
|
||||
|
@ -8836,7 +8839,7 @@ static const CertName certDefaultName = {
|
|||
static const char certKeyUsage[] =
|
||||
"digitalSignature,nonRepudiation";
|
||||
#endif
|
||||
#if defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)
|
||||
#if (defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)) && !defined(NO_RSA)
|
||||
static const char certKeyUsage2[] =
|
||||
"digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue