WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Configure Fixes 

1. The combination enable-all and disable-rsa breaks some of the
testing. Added the NO_RSA guards as appropriate.
2. Disabled the OCSP stapling and CRL tests when RSA is disabled as they
use test certificates with RSA keys.
pull/2163/head
John Safranek 2019-03-13 17:54:33 -07:00
parent 2f4507e4f1
commit 27ea9d9bce
5 changed files with 52 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
examples/server/server.c
View File

@ -1889,6 +1889,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE); wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
} }
#endif #endif
#ifndef NO_RSA
/* All the OSCP Stapling test certs are RSA. */
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS) if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS)
@ -1900,6 +1902,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != WOLFSSL_SUCCESS) if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir"); err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
#endif #endif
#endif
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
if (pkCallbacks) if (pkCallbacks)

5
scripts/include.am
View File

@ -15,6 +15,9 @@ dist_noinst_SCRIPTS+= scripts/resume.test
EXTRA_DIST+= scripts/benchmark.test EXTRA_DIST+= scripts/benchmark.test
EXTRA_DIST+= scripts/memtest.sh EXTRA_DIST+= scripts/memtest.sh
# The CRL and OCSP tests use RSA certificates.
if BUILD_RSA
if BUILD_CRL if BUILD_CRL
# make revoked test rely on completion of resume test # make revoked test rely on completion of resume test
dist_noinst_SCRIPTS+= scripts/crl-revoked.test dist_noinst_SCRIPTS+= scripts/crl-revoked.test
@ -46,6 +49,8 @@ endif
endif endif
endif
if BUILD_PSK if BUILD_PSK
dist_noinst_SCRIPTS+= scripts/psk.test dist_noinst_SCRIPTS+= scripts/psk.test
endif endif

40
src/ssl.c
View File

@ -26559,6 +26559,8 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */ #endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */
#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
#ifndef NO_RSA
/* Takes a WOLFSSL_RSA key and writes it out to a WOLFSSL_BIO /* Takes a WOLFSSL_RSA key and writes it out to a WOLFSSL_BIO
* *
* bio the WOLFSSL_BIO to write to * bio the WOLFSSL_BIO to write to
@ -26639,6 +26641,8 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key,
return ret; return ret;
} }
#endif /* NO_RSA */
int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
const WOLFSSL_EVP_CIPHER* cipher, const WOLFSSL_EVP_CIPHER* cipher,
@ -26666,9 +26670,11 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
keyDer = (byte*)key->pkey.ptr; keyDer = (byte*)key->pkey.ptr;
switch (key->type) { switch (key->type) {
#ifndef NO_RSA
case EVP_PKEY_RSA: case EVP_PKEY_RSA:
type = PRIVATEKEY_TYPE; type = PRIVATEKEY_TYPE;
break; break;
#endif
#ifndef NO_DSA #ifndef NO_DSA
case EVP_PKEY_DSA: case EVP_PKEY_DSA:
@ -29920,8 +29926,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
} }
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) #if defined(WOLFSSL_CERT_GEN)
/* needed SetName function from asn.c is wrapped by NO_RSA */
/* helper function for CopyX509NameToCertName() /* helper function for CopyX509NameToCertName()
* *
* returns WOLFSSL_SUCCESS on success * returns WOLFSSL_SUCCESS on success
@ -35598,6 +35603,8 @@ int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509 *x)
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_ALL) #if defined(OPENSSL_ALL)
#ifndef NO_RSA
int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
{ {
if (pkey == NULL || key == NULL) if (pkey == NULL || key == NULL)
@ -35609,6 +35616,7 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
#endif
int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
{ {
@ -36189,12 +36197,16 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
Cert cert; Cert cert;
byte der[2048]; byte der[2048];
int derSz = sizeof(der); int derSz = sizeof(der);
void* key; void* key = NULL;
int type; int type = -1;
int sigType; int sigType;
int hashType; int hashType;
#ifndef NO_RSA
RsaKey rsa; RsaKey rsa;
#endif
#ifdef HAVE_ECC
ecc_key ecc; ecc_key ecc;
#endif
WC_RNG rng; WC_RNG rng;
word32 idx = 0; word32 idx = 0;
@ -36257,6 +36269,7 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
/* Create a public key object from requests public key. */ /* Create a public key object from requests public key. */
#ifndef NO_RSA
if (req->pubKeyOID == RSAk) { if (req->pubKeyOID == RSAk) {
type = RSA_TYPE; type = RSA_TYPE;
ret = wc_InitRsaKey(&rsa, req->heap); ret = wc_InitRsaKey(&rsa, req->heap);
@ -36270,7 +36283,9 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
} }
key = (void*)&rsa; key = (void*)&rsa;
} }
else { #endif
#ifdef HAVE_ECC
if (req->pubKeyOID == ECDSAk) {
type = ECC_TYPE; type = ECC_TYPE;
ret = wc_ecc_init(&ecc); ret = wc_ecc_init(&ecc);
if (ret != 0) if (ret != 0)
@ -36283,6 +36298,9 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
} }
key = (void*)&ecc; key = (void*)&ecc;
} }
#endif
if (key == NULL)
return WOLFSSL_FAILURE;
/* Make the body of the certificate request. */ /* Make the body of the certificate request. */
ret = wc_MakeCertReq_ex(&cert, der, derSz, type, key); ret = wc_MakeCertReq_ex(&cert, der, derSz, type, key);
@ -36290,21 +36308,29 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
/* Dispose of the public key object. */ /* Dispose of the public key object. */
#ifndef NO_RSA
if (req->pubKeyOID == RSAk) if (req->pubKeyOID == RSAk)
wc_FreeRsaKey(&rsa); wc_FreeRsaKey(&rsa);
else #endif
#ifdef HAVE_ECC
if (req->pubKeyOID == ECDSAk)
wc_ecc_free(&ecc); wc_ecc_free(&ecc);
#endif
idx = 0; idx = 0;
/* Get the private key object and type from pkey. */ /* Get the private key object and type from pkey. */
#ifndef NO_RSA
if (pkey->type == EVP_PKEY_RSA) { if (pkey->type == EVP_PKEY_RSA) {
type = RSA_TYPE; type = RSA_TYPE;
key = pkey->rsa->internal; key = pkey->rsa->internal;
} }
else { #endif
#ifdef HAVE_ECC
if (pkey->type == EVP_PKEY_EC) {
type = ECC_TYPE; type = ECC_TYPE;
key = pkey->ecc->internal; key = pkey->ecc->internal;
} }
#endif
/* Sign the certificate request body. */ /* Sign the certificate request body. */
ret = wc_InitRng(&rng); ret = wc_InitRng(&rng);

9
tests/api.c
View File

@ -20477,7 +20477,9 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
{ {
BIO* bio = NULL; BIO* bio = NULL;
EVP_PKEY* pkey = NULL; EVP_PKEY* pkey = NULL;
#ifndef NO_RSA
RSA* rsa = NULL; RSA* rsa = NULL;
#endif
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
#if defined(WOLFSSL_KEY_GEN) #if defined(WOLFSSL_KEY_GEN)
@ -20550,13 +20552,14 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#ifndef NO_RSA
/* Tests bad parameters */ /* Tests bad parameters */
AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL)); AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));
/* RSA not set yet, expecting to fail*/ /* RSA not set yet, expecting to fail*/
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG); AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) #if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
/* set RSA using bio*/ /* set RSA using bio*/
AssertIntGT(BIO_write(bio, client_key_der_2048, AssertIntGT(BIO_write(bio, client_key_der_2048,
sizeof_client_key_der_2048), 0); sizeof_client_key_der_2048), 0);
@ -20568,13 +20571,13 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr), AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
sizeof_client_key_der_2048); sizeof_client_key_der_2048);
#endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
RSA_free(rsa); RSA_free(rsa);
#endif #endif /* NO_RSA */
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
ctx = NULL; ctx = NULL;
BIO_free(bio); BIO_free(bio);
bio = NULL; bio = NULL;
(void)rsa;
printf(resultFmt, passed); printf(resultFmt, passed);
} }
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ #endif /* OPENSSL_ALL || WOLFSSL_ASIO */

7
wolfcrypt/test/test.c
View File

@ -8685,7 +8685,10 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der"; static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
#endif #endif
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der"; #ifndef NO_RSA
/* eccKeyPubFile is used in a test that requires RSA. */
static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der";
#endif
static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
#ifdef ENABLE_ECC384_CERT_GEN_TEST #ifdef ENABLE_ECC384_CERT_GEN_TEST
@ -8836,7 +8839,7 @@ static const CertName certDefaultName = {
static const char certKeyUsage[] = static const char certKeyUsage[] =
"digitalSignature,nonRepudiation"; "digitalSignature,nonRepudiation";
#endif #endif
#if defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU) #if (defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)) && !defined(NO_RSA)
static const char certKeyUsage2[] = static const char certKeyUsage2[] =
"digitalSignature,nonRepudiation,keyEncipherment,keyAgreement"; "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
#endif #endif