Merge pull request #9311 from SparkiDev/regression_fixes_19

Regression testing

Author: dgarske

src/tls.c

@@ -7437,8 +7437,10 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
 
         if (ret == 0) {
             CopyDecodedName(name, cert, ASN_SUBJECT);
-            if (wolfSSL_sk_X509_NAME_push(ssl->peer_ca_names, name) <= 0)
+            if (wolfSSL_sk_X509_NAME_push(ssl->peer_ca_names, name) <= 0) {
+                wolfSSL_X509_NAME_free(name);
                 ret = MEMORY_ERROR;
+            }
         }
 
         if (didInit)

src/x509.c

@@ -1057,9 +1057,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
 
         if (((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
             (ext->obj->obj == NULL)) {
+            byte* tmp;
         #ifdef WOLFSSL_NO_REALLOC
-            byte* tmp = NULL;
-
             tmp = (byte*)XMALLOC(objSz, NULL, DYNAMIC_TYPE_ASN1);
             if (tmp != NULL && ext->obj->obj != NULL) {
                 XMEMCPY(tmp, ext->obj->obj, ext->obj->objSz);
@@ -1070,8 +1069,11 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
             }
             ext->obj->obj = tmp;
         #else
-            ext->obj->obj = (byte*)XREALLOC((byte*)ext->obj->obj, objSz,
-                                   NULL, DYNAMIC_TYPE_ASN1);
+            tmp = (byte*)XREALLOC((byte*)ext->obj->obj, objSz, NULL,
+                                  DYNAMIC_TYPE_ASN1);
+            if (tmp != NULL) {
+                ext->obj->obj = tmp;
+            }
         #endif
             if (ext->obj->obj == NULL) {
                 wolfSSL_X509_EXTENSION_free(ext);

tests/api/test_ocsp.c

@@ -360,7 +360,7 @@ int test_ocsp_basic_verify(void)
 
 #if defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) &&     \
     defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(WOLFSSL_NO_TLS12) &&  \
-    defined(OPENSSL_ALL)
+    defined(OPENSSL_ALL) && !defined(WOLFSSL_SMALL_CERT_VERIFY)
 
 struct _test_ocsp_status_callback_ctx {
     byte* ocsp_resp;

tests/api/test_tls13.c

@@ -1913,23 +1913,54 @@ int test_tls13_rpk_handshake(void)
 
 
 #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
-    defined(WOLFSSL_HAVE_MLKEM)
+    defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY)
 static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx)
 {
+#ifndef WOLFSSL_NO_ML_KEM_1024
 #ifdef WOLFSSL_MLKEM_KYBER
     int group = WOLFSSL_KYBER_LEVEL5;
 #else
     int group = WOLFSSL_ML_KEM_1024;
+#endif /* WOLFSSL_MLKEM_KYBER */
+#elif !defined(WOLFSSL_NO_ML_KEM_768)
+#ifdef WOLFSSL_MLKEM_KYBER
+    int group = WOLFSSL_KYBER_LEVEL3;
+#else
+    int group = WOLFSSL_ML_KEM_768;
+#endif /* WOLFSSL_MLKEM_KYBER */
+#else
+#ifdef WOLFSSL_MLKEM_KYBER
+    int group = WOLFSSL_KYBER_LEVEL1;
+#else
+    int group = WOLFSSL_ML_KEM_512;
+#endif /* WOLFSSL_MLKEM_KYBER */
 #endif
+
     AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS);
 }
 
 static void test_tls13_pq_groups_on_result(WOLFSSL* ssl)
 {
+#ifndef WOLFSSL_NO_ML_KEM_1024
 #ifdef WOLFSSL_MLKEM_KYBER
     AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5");
 #else
     AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024");
+#endif /* WOLFSSL_MLKEM_KYBER */
+#elif !defined(WOLFSSL_NO_ML_KEM_768)
+#ifdef WOLFSSL_MLKEM_KYBER
+    AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL3");
+#else
+    AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_768");
+#endif /* WOLFSSL_MLKEM_KYBER */
+#else
+#ifdef WOLFSSL_MLKEM_KYBER
+    AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL1");
+#else
+    AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_512");
+#endif /* WOLFSSL_MLKEM_KYBER */
 #endif
 }
 #endif
@@ -1938,7 +1969,9 @@ int test_tls13_pq_groups(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
-    defined(WOLFSSL_HAVE_MLKEM)
+    defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY)
     callback_functions func_cb_client;
     callback_functions func_cb_server;
 

tests/api/test_tls_ext.c

@@ -134,7 +134,8 @@ int test_wolfSSL_DisableExtendedMasterSecret(void)
     !defined(NO_CERTS) && !defined(NO_TLS) && (defined(OPENSSL_EXTRA) || \
     defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \
     defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
-    (defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12))
+    (defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12)) && \
+    defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
 struct client_cb_arg {
     WOLF_STACK_OF(X509_NAME) *names1;
     WOLF_STACK_OF(X509_NAME) *names2;
@@ -160,7 +161,8 @@ int test_certificate_authorities_certificate_request(void) {
     !defined(NO_CERTS) && !defined(NO_TLS) && (defined(OPENSSL_EXTRA) || \
     defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \
     defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
-    (defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12))
+    (defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12)) && \
+    defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
     struct test_params {
         method_provider client_meth;
         method_provider server_meth;
@@ -270,6 +272,9 @@ int test_certificate_authorities_certificate_request(void) {
         ExpectIntEQ(2, wolfSSL_sk_X509_NAME_num(names1));
         ExpectIntEQ(1, wolfSSL_sk_X509_NAME_num(names2));
 
+#if !defined(NO_DH)
+        SetDH(ssl_srv);
+#endif
 
         /* Certs will be loaded in callback */
         wolfSSL_CTX_set_cert_cb(ctx_cli,
@@ -304,7 +309,8 @@ int test_certificate_authorities_certificate_request(void) {
     !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \
     !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \
     defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \
-    defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && defined(WOLFSSL_TLS13)
+    defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
+    defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
 static int certificate_authorities_server_cb(WOLFSSL *ssl, void *_arg) {
     WOLF_STACK_OF(X509_NAME) **names_out = (WOLF_STACK_OF(X509_NAME) **)_arg;
     WOLF_STACK_OF(X509_NAME) *names = wolfSSL_get0_peer_CA_list(ssl);
@@ -323,7 +329,8 @@ int test_certificate_authorities_client_hello(void) {
     !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \
     !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \
     defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \
-    defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && defined(WOLFSSL_TLS13)
+    defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
+    defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
 
     struct test_params {
         method_provider client_meth;

wolfcrypt/benchmark/benchmark.c

@@ -5333,6 +5333,7 @@ void bench_aesxts(void)
         goto exit;
     }
 
+#ifdef HAVE_AES_DECRYPT
     RESET_MULTI_VALUE_STATS_VARS();
 
     bench_stats_start(&count, &start);
@@ -5356,6 +5357,7 @@ void bench_aesxts(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+#endif
 
 exit:
 
@@ -8201,6 +8203,7 @@ void bench_ascon_hash(void)
 
 #ifdef WOLFSSL_CMAC
 
+#if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)
 static void bench_cmac_helper(word32 keySz, const char* outMsg, int useDeviceID)
 {
     Cmac    cmac;
@@ -8273,6 +8276,7 @@ static void bench_cmac_helper(word32 keySz, const char* outMsg, int useDeviceID)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 }
+#endif
 
 void bench_cmac(int useDeviceID)
 {
@@ -8282,7 +8286,7 @@ void bench_cmac(int useDeviceID)
 #ifdef WOLFSSL_AES_256
     bench_cmac_helper(32, "AES-256-CMAC", useDeviceID);
 #endif
-
+    (void)useDeviceID;
 }
 #endif /* WOLFSSL_CMAC */
 

wolfcrypt/src/aes.c

@@ -13222,7 +13222,7 @@ int wc_AesXtsEncryptSector(XtsAes* aes, byte* out, const byte* in,
     return wc_AesXtsEncrypt(aes, out, in, sz, (const byte*)i, WC_AES_BLOCK_SIZE);
 }
 
-
+#ifdef HAVE_AES_DECRYPT
 /* Same process as wc_AesXtsDecrypt but uses a word64 type as the tweak value
  * instead of a byte array. This just converts the word64 to a byte array.
  *
@@ -13249,6 +13249,7 @@ int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz,
 
     return wc_AesXtsDecrypt(aes, out, in, sz, (const byte*)i, WC_AES_BLOCK_SIZE);
 }
+#endif
 
 #ifdef WOLFSSL_AESNI
 
@@ -13791,6 +13792,7 @@ int wc_AesXtsEncryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz,
 
 #endif /* WOLFSSL_AESXTS_STREAM */
 
+#ifdef HAVE_AES_DECRYPT
 
 /* Same process as encryption but use aes_decrypt key.
  *
@@ -14230,6 +14232,7 @@ int wc_AesXtsDecryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz,
 }
 
 #endif /* WOLFSSL_AESXTS_STREAM */
+#endif /* HAVE_AES_DECRYPT */
 #endif
 
 /* Same as wc_AesXtsEncryptSector but the sector gets incremented by one every
@@ -14282,6 +14285,8 @@ int wc_AesXtsEncryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in,
     return ret;
 }
 
+#ifdef HAVE_AES_DECRYPT
+
 /* Same as wc_AesXtsEncryptConsecutiveSectors but Aes key is AES_DECRYPTION type
  *
  * xaes     AES keys to use for block decrypt
@@ -14330,6 +14335,7 @@ int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in,
 
     return ret;
 }
+#endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_XTS */
 
 #ifdef WOLFSSL_AES_SIV