From 91cf1daa9f6882c48fbd4bb017ea5b7fb29349b5 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Thu, 22 Jan 2026 15:28:13 +0100 Subject: [PATCH 1/5] run init/cleanup for all api tests --- tests/api.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/tests/api.c b/tests/api.c index 4f257c5dc6..dcfa3958b9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -32018,20 +32018,17 @@ int ApiTest(void) printf(" Begin API Tests\n"); fflush(stdout); - /* we must perform init and cleanup if not all tests are running */ - if (!testAll) { #ifdef WOLFCRYPT_ONLY - if (wolfCrypt_Init() != 0) { - printf("wolfCrypt Initialization failed\n"); - res = 1; - } + if (wolfCrypt_Init() != 0) { + printf("wolfCrypt Initialization failed\n"); + res = 1; + } #else - if (wolfSSL_Init() != WOLFSSL_SUCCESS) { - printf("wolfSSL Initialization failed\n"); - res = 1; - } - #endif + if (wolfSSL_Init() != WOLFSSL_SUCCESS) { + printf("wolfSSL Initialization failed\n"); + res = 1; } + #endif #ifdef WOLFSSL_DUMP_MEMIO_STREAM if (res == 0) { @@ -32123,13 +32120,11 @@ int ApiTest(void) wc_ecc_fp_free(); /* free per thread cache */ #endif - if (!testAll) { #ifdef WOLFCRYPT_ONLY - wolfCrypt_Cleanup(); + wolfCrypt_Cleanup(); #else - wolfSSL_Cleanup(); + wolfSSL_Cleanup(); #endif - } (void)testDevId; From 533f4b23af1fe719d8c41027f18e1ba4a04b7d67 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Fri, 23 Jan 2026 17:12:28 +0100 Subject: [PATCH 2/5] tests: honor WC_USE_DEVID --- tests/api.c | 56 +++++++++++++++++++++++++++++++++++++++ tests/api/test_ecc.c | 60 +++++++++++++++++++++--------------------- tests/api/test_tls.c | 3 +++ tests/api/test_tls13.c | 33 +++++++++++++++++++++++ tests/utils.c | 7 +++++ wolfcrypt/test/test.c | 9 ++++--- 6 files changed, 135 insertions(+), 33 deletions(-) diff --git a/tests/api.c b/tests/api.c index dcfa3958b9..95742c76db 100644 --- a/tests/api.c +++ b/tests/api.c @@ -297,6 +297,8 @@ enum { #ifdef WOLFSSL_QNX_CAAM #include int testDevId = WOLFSSL_CAAM_DEVID; +#elif defined(WC_USE_DEVID) +int testDevId = WC_USE_DEVID; #else int testDevId = INVALID_DEVID; #endif @@ -4445,6 +4447,7 @@ int test_ssl_memio_setup(test_ssl_memio_ctx *ctx) } wolfSSL_SetIORecv(ctx->c_ctx, test_ssl_memio_read_cb); wolfSSL_SetIOSend(ctx->c_ctx, test_ssl_memio_write_cb); + wolfSSL_CTX_SetDevId(ctx->c_ctx, testDevId); #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx->c_ctx, PasswordCallBack); #endif @@ -4525,6 +4528,8 @@ int test_ssl_memio_setup(test_ssl_memio_ctx *ctx) } wolfSSL_SetIORecv(ctx->s_ctx, test_ssl_memio_read_cb); wolfSSL_SetIOSend(ctx->s_ctx, test_ssl_memio_write_cb); + wolfSSL_CTX_SetDevId(ctx->s_ctx, testDevId); + wolfSSL_CTX_set_verify(ctx->s_ctx, WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); if (ctx->s_cb.caPemFile == NULL) @@ -5013,6 +5018,8 @@ THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) signal_ready(opts->signal); goto done; } + if (cbf != NULL) + wolfSSL_CTX_SetDevId(ctx, cbf->devId); if (cbf == NULL || !cbf->ticNoInit) { #if defined(HAVE_SESSION_TICKET) && \ @@ -5504,6 +5511,9 @@ int test_client_nofail(void* args, cbType cb) ctx = wolfSSL_CTX_new(method); } + if (cbf != NULL) + wolfSSL_CTX_SetDevId(ctx, cbf->devId); + if (cbf != NULL) doUdp = cbf->doUdp; @@ -6412,10 +6422,12 @@ static int test_wolfSSL_read_write(void) tcp_ready ready; func_args client_args; func_args server_args; + callback_functions cbf; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); + XMEMSET(&cbf, 0, sizeof(callback_functions)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif @@ -6428,8 +6440,11 @@ static int test_wolfSSL_read_write(void) ready.port = GetRandomPort(); #endif + cbf.devId = testDevId; server_args.signal = &ready; client_args.signal = &ready; + server_args.callbacks = &cbf; + client_args.callbacks = &cbf; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); @@ -16240,6 +16255,7 @@ static int test_wolfSSL_SESSION(void) SOCKET_T sockfd; tcp_ready ready; func_args server_args; + callback_functions cbf; THREAD_TYPE serverThread; char msg[80]; const char* sendGET = "GET"; @@ -16253,6 +16269,7 @@ static int test_wolfSSL_SESSION(void) #else ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif + wolfSSL_CTX_SetDevId(ctx, testDevId); ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, CERT_FILETYPE)); @@ -16269,6 +16286,9 @@ static int test_wolfSSL_SESSION(void) #endif XMEMSET(&server_args, 0, sizeof(func_args)); + XMEMSET(&cbf, 0, sizeof(callback_functions)); + cbf.devId = testDevId; + server_args.callbacks = &cbf; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif @@ -24899,6 +24919,7 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx) case RSA_PRIVATE_DECRYPT: { RsaKey key; + int rngDevId = INVALID_DEVID; /* perform software based RSA private op */ #ifdef DEBUG_WOLFSSL @@ -24913,14 +24934,22 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx) ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { word32 keyIdx = 0; + key.devId = INVALID_DEVID; /* load RSA private key and perform private transform */ ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx, &key, pDer->length); if (ret == 0) { + if (info->pk.rsa.rng != NULL) { + rngDevId = info->pk.rsa.rng->devId; + info->pk.rsa.rng->devId = INVALID_DEVID; + } ret = wc_RsaFunction( info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, info->pk.rsa.outLen, info->pk.rsa.type, &key, info->pk.rsa.rng); + if (info->pk.rsa.rng != NULL) { + info->pk.rsa.rng->devId = rngDevId; + } } else { /* if decode fails, then fall-back to software based crypto */ @@ -24966,6 +24995,7 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx) ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { word32 keyIdx = 0; + key.devId = INVALID_DEVID; /* load RSA private key and perform private transform */ ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx, &key, pDer->length); @@ -24973,19 +25003,35 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx) /* Perform RSA operation */ if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PKCS)) { #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + int rngDevId = INVALID_DEVID; + if (info->pk.rsa.rng != NULL) { + rngDevId = info->pk.rsa.rng->devId; + info->pk.rsa.rng->devId = INVALID_DEVID; + } ret = wc_RsaSSL_Sign(info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, *info->pk.rsa.outLen, &key, info->pk.rsa.rng); + if (info->pk.rsa.rng != NULL) { + info->pk.rsa.rng->devId = rngDevId; + } #else ret = CRYPTOCB_UNAVAILABLE; #endif } if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PSS)) { #ifdef WC_RSA_PSS + int rngDevId = INVALID_DEVID; + if (info->pk.rsa.rng != NULL) { + rngDevId = info->pk.rsa.rng->devId; + info->pk.rsa.rng->devId = INVALID_DEVID; + } ret = wc_RsaPSS_Sign_ex(info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, *info->pk.rsa.outLen, info->pk.rsa.padding->hash, info->pk.rsa.padding->mgf, info->pk.rsa.padding->saltLen, &key, info->pk.rsa.rng); + if (info->pk.rsa.rng != NULL) { + info->pk.rsa.rng->devId = rngDevId; + } #else ret = CRYPTOCB_UNAVAILABLE; #endif @@ -25047,14 +25093,23 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx) ret = wc_ecc_init(&key); if (ret == 0) { word32 keyIdx = 0; + key.devId = INVALID_DEVID; /* load ECC private key and perform private transform */ ret = wc_EccPrivateKeyDecode(pDer->buffer, &keyIdx, &key, pDer->length); if (ret == 0) { + int rngDevId = INVALID_DEVID; + if (info->pk.eccsign.rng != NULL) { + rngDevId = info->pk.eccsign.rng->devId; + info->pk.eccsign.rng->devId = INVALID_DEVID; + } ret = wc_ecc_sign_hash( info->pk.eccsign.in, info->pk.eccsign.inlen, info->pk.eccsign.out, info->pk.eccsign.outlen, info->pk.eccsign.rng, &key); + if (info->pk.eccsign.rng != NULL) { + info->pk.eccsign.rng->devId = rngDevId; + } } else { /* if decode fails, then fall-back to software based crypto */ @@ -25088,6 +25143,7 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx) ret = wc_ed25519_init(&key); if (ret == 0) { word32 keyIdx = 0; + key.devId = INVALID_DEVID; /* load ED25519 private key and perform private transform */ ret = wc_Ed25519PrivateKeyDecode(pDer->buffer, &keyIdx, &key, pDer->length); diff --git a/tests/api/test_ecc.c b/tests/api/test_ecc.c index 69fd8b1e95..e1ab6d595c 100644 --- a/tests/api/test_ecc.c +++ b/tests/api/test_ecc.c @@ -213,7 +213,7 @@ int test_wc_ecc_make_key(void) XMEMSET(&key, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, KEY14, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -249,7 +249,7 @@ int test_wc_ecc_init(void) XMEMSET(&key, 0, sizeof(ecc_key)); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); /* Pass in bad args. */ ExpectIntEQ(wc_ecc_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); @@ -272,7 +272,7 @@ int test_wc_ecc_check_key(void) XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, KEY14, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -338,7 +338,7 @@ int test_wc_ecc_size(void) XMEMSET(&key, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, KEY14, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -407,7 +407,7 @@ int test_wc_ecc_signVerify_hash(void) XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1); /* Init structs. */ - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, KEY14, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -519,8 +519,8 @@ int test_wc_ecc_shared_secret(void) XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(out, 0, keySz); - ExpectIntEQ(wc_ecc_init(&key), 0); - ExpectIntEQ(wc_ecc_init(&pubKey), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_ecc_init_ex(&pubKey, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); #if !defined(NO_ECC256) @@ -598,7 +598,7 @@ int test_wc_ecc_export_x963(void) XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(out, 0, outlen); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, KEY20, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -654,7 +654,7 @@ int test_wc_ecc_export_x963_ex(void) XMEMSET(out, 0, outlen); PRIVATE_KEY_UNLOCK(); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, KEY64, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -733,8 +733,8 @@ int test_wc_ecc_import_x963(void) XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(x963, 0, x963Len); - ExpectIntEQ(wc_ecc_init(&pubKey), 0); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&pubKey, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); #if FIPS_VERSION3_GE(6,0,0) ret = wc_ecc_make_key(&rng, KEY32, &key); @@ -797,8 +797,8 @@ int test_wc_ecc_import_private_key(void) XMEMSET(x963Key, 0, x963KeySz); PRIVATE_KEY_UNLOCK(); - ExpectIntEQ(wc_ecc_init(&key), 0); - ExpectIntEQ(wc_ecc_init(&keyImp), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_ecc_init_ex(&keyImp, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, KEY48, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -850,7 +850,7 @@ int test_wc_ecc_export_private_only(void) XMEMSET(out, 0, outlen); PRIVATE_KEY_UNLOCK(); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, KEY32, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -960,7 +960,7 @@ int test_wc_ecc_import_raw(void) XMEMSET(&key, 0, sizeof(ecc_key)); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); /* Test good import */ ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, curveName), 0); @@ -1049,7 +1049,7 @@ int test_wc_ecc_import_unsigned(void) XMEMSET(&key, 0, sizeof(ecc_key)); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d, curveId), 0); @@ -1089,7 +1089,7 @@ int test_wc_ecc_sig_size(void) XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, keySz, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -1275,21 +1275,21 @@ int test_wc_ecc_encryptDecrypt(void) XMEMSET(&tmpKey, 0, sizeof(ecc_key)); ExpectIntEQ(wc_InitRng(&rng), 0); - ExpectIntEQ(wc_ecc_init(&cliKey), 0); + ExpectIntEQ(wc_ecc_init_ex(&cliKey, HEAP_HINT, testDevId), 0); ret = wc_ecc_make_key(&rng, keySz, &cliKey); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif ExpectIntEQ(ret, 0); - ExpectIntEQ(wc_ecc_init(&srvKey), 0); + ExpectIntEQ(wc_ecc_init_ex(&srvKey, HEAP_HINT, testDevId), 0); ret = wc_ecc_make_key(&rng, keySz, &srvKey); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &srvKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif ExpectIntEQ(ret, 0); - ExpectIntEQ(wc_ecc_init(&tmpKey), 0); + ExpectIntEQ(wc_ecc_init_ex(&tmpKey, HEAP_HINT, testDevId), 0); #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ @@ -1387,7 +1387,7 @@ int test_wc_ecc_pointFns(void) XMEMSET(&rng, 0, sizeof(WC_RNG)); ExpectIntEQ(wc_InitRng(&rng), 0); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ret = wc_ecc_make_key(&rng, keySz, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); @@ -1496,7 +1496,7 @@ int test_wc_ecc_shared_secret_ssh(void) PRIVATE_KEY_UNLOCK(); /* Make keys */ - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, keySz, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -1505,7 +1505,7 @@ int test_wc_ecc_shared_secret_ssh(void) ExpectIntEQ(ret, 0); DoExpectIntEQ(wc_FreeRng(&rng), 0); - ExpectIntEQ(wc_ecc_init(&key2), 0); + ExpectIntEQ(wc_ecc_init_ex(&key2, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, key2Sz, &key2); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -1579,7 +1579,7 @@ int test_wc_ecc_verify_hash_ex(void) /* Initialize r, s and z. */ ExpectIntEQ(mp_init_multi(&r, &s, &z, NULL, NULL, NULL), MP_OKAY); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, keySz, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -1661,9 +1661,9 @@ int test_wc_ecc_mulmod(void) XMEMSET(&key3, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); - ExpectIntEQ(wc_ecc_init(&key1), 0); - ExpectIntEQ(wc_ecc_init(&key2), 0); - ExpectIntEQ(wc_ecc_init(&key3), 0); + ExpectIntEQ(wc_ecc_init_ex(&key1, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_ecc_init_ex(&key2, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_ecc_init_ex(&key3, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, KEY32, &key1); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -1722,7 +1722,7 @@ int test_wc_ecc_is_valid_idx(void) XMEMSET(&key, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, 32, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -1781,7 +1781,7 @@ int test_wc_ecc_sig_size_calc(void) XMEMSET(&key, 0, sizeof(ecc_key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); - ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init_ex(&key, HEAP_HINT, testDevId), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ret = wc_ecc_make_key(&rng, 16, &key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -1824,7 +1824,7 @@ int test_wc_EccPrivateKeyToDer(void) PRIVATE_KEY_UNLOCK(); ExpectIntEQ(wc_InitRng(&rng), 0); - ExpectIntEQ(wc_ecc_init(&eccKey), 0); + ExpectIntEQ(wc_ecc_init_ex(&eccKey, HEAP_HINT, testDevId), 0); ret = wc_ecc_make_key(&rng, KEY14, &eccKey); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE); diff --git a/tests/api/test_tls.c b/tests/api/test_tls.c index 91cf524599..fb977fb755 100644 --- a/tests/api/test_tls.c +++ b/tests/api/test_tls.c @@ -648,6 +648,9 @@ int test_tls12_bad_cv_sig_alg(void) wolfSSL_SetIORecv(ctx, CsRecv); /* No where to send to - dummy sender. */ wolfSSL_SetIOSend(ctx, CsSend); +#ifdef WC_USE_DEVID + wolfSSL_CTX_SetDevId(ctx, WC_USE_DEVID); +#endif /* WC_USE_DEVID */ ExpectNotNull(ssl = wolfSSL_new(ctx)); msg.buffer = clientMsgs; diff --git a/tests/api/test_tls13.c b/tests/api/test_tls13.c index 802ecf2f91..99a5dbcf2f 100644 --- a/tests/api/test_tls13.c +++ b/tests/api/test_tls13.c @@ -195,10 +195,16 @@ int test_tls13_apis(void) #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_CLIENT clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); +#ifdef WC_USE_DEVID + wolfSSL_CTX_SetDevId(clientTls12Ctx, WC_USE_DEVID); +#endif clientTls12Ssl = wolfSSL_new(clientTls12Ctx); #endif #ifndef NO_WOLFSSL_SERVER serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); +#ifdef WC_USE_DEVID + wolfSSL_CTX_SetDevId(serverTls12Ctx, WC_USE_DEVID); +#endif #if !defined(NO_CERTS) #if !defined(NO_FILESYSTEM) wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert); @@ -223,10 +229,16 @@ int test_tls13_apis(void) #ifndef NO_WOLFSSL_CLIENT clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); +#ifdef WC_USE_DEVID + wolfSSL_CTX_SetDevId(clientCtx, WC_USE_DEVID); +#endif clientSsl = wolfSSL_new(clientCtx); #endif #ifndef NO_WOLFSSL_SERVER serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); +#ifdef WC_USE_DEVID + wolfSSL_CTX_SetDevId(serverCtx, WC_USE_DEVID); +#endif #if !defined(NO_CERTS) /* ignore load failures, since we just need the server to have a cert set */ #if !defined(NO_FILESYSTEM) @@ -946,6 +958,9 @@ int test_tls13_cipher_suites(void) /* Set up wolfSSL context. */ ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); +#ifdef WC_USE_DEVID + wolfSSL_CTX_SetDevId(ctx, WC_USE_DEVID); +#endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, @@ -2538,6 +2553,9 @@ int test_tls13_sg_missing(void) /* Set up wolfSSL context. */ ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); +#ifdef WC_USE_DEVID + wolfSSL_CTX_SetDevId(ctx, WC_USE_DEVID); +#endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, @@ -2597,6 +2615,9 @@ int test_tls13_ks_missing(void) /* Set up wolfSSL context. */ ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); +#ifdef WC_USE_DEVID + wolfSSL_CTX_SetDevId(ctx, WC_USE_DEVID); +#endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, @@ -2688,6 +2709,9 @@ int test_tls13_duplicate_extension(void) /* Set up wolfSSL context. */ ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); +#ifdef WC_USE_DEVID + wolfSSL_CTX_SetDevId(ctx, WC_USE_DEVID); +#endif /* Read from 'msg'. */ wolfSSL_SetIORecv(ctx, DERecv); /* No where to send to - dummy sender. */ @@ -2908,6 +2932,9 @@ int test_tls13_plaintext_alert(void) /* Set up wolfSSL context. */ ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); +#ifdef WC_USE_DEVID + wolfSSL_CTX_SetDevId(ctx, WC_USE_DEVID); +#endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, @@ -2955,6 +2982,9 @@ int test_tls13_plaintext_alert(void) wolfSSL_SetIOSend(ctx, Tls13PTASend); ExpectNotNull(ssl = wolfSSL_new(ctx)); +#ifdef WC_USE_DEVID + wolfSSL_SetDevId(ssl, WC_USE_DEVID); +#endif msg.buffer = clientMsgs; msg.length = (unsigned int)sizeof(clientMsgs) - 1; clientMsgs[sizeof(clientMsgs) - 1] = WOLFSSL_ALERT_COUNT_MAX - 1; @@ -2976,6 +3006,9 @@ int test_tls13_plaintext_alert(void) /* Set up wolfSSL context. */ ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); +#ifdef WC_USE_DEVID + wolfSSL_CTX_SetDevId(ctx, WC_USE_DEVID); +#endif ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, CERT_FILETYPE)); ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, diff --git a/tests/utils.c b/tests/utils.c index 3ad6e67350..a6fbb4e8c8 100644 --- a/tests/utils.c +++ b/tests/utils.c @@ -231,6 +231,10 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx, *ctx_c = wolfSSL_CTX_new(method_c()); if (*ctx_c == NULL) return -1; + +#if defined(WC_USE_DEVID) + wolfSSL_CTX_SetDevId(*ctx_c, WC_USE_DEVID); +#endif #ifndef NO_CERTS if (caCert == NULL) { ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0); @@ -266,6 +270,9 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx, } return -1; } +#if defined(WC_USE_DEVID) + wolfSSL_CTX_SetDevId(*ctx_s, WC_USE_DEVID); +#endif #ifndef NO_CERTS if (serverKey == NULL) { ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile, diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index d536907a4f..10c9e32a5d 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -33535,7 +33535,7 @@ static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize) ERROR_OUT(MEMORY_E, done); #endif - ret = wc_ecc_init(eccKey); + ret = wc_ecc_init_ex(eccKey, HEAP_HINT, devId); if (ret != 0) { goto done; } @@ -33555,7 +33555,7 @@ static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize) } tmpSz = (word32)ret; - ret = wc_ecc_init(eccKey); + ret = wc_ecc_init_ex(eccKey, HEAP_HINT, devId); if (ret != 0) { goto done; } @@ -33566,7 +33566,7 @@ static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize) } wc_ecc_free(eccKey); - ret = wc_ecc_init(eccKey); + ret = wc_ecc_init_ex(eccKey, HEAP_HINT, devId); if (ret != 0) { goto done; } @@ -36053,6 +36053,9 @@ static wc_test_ret_t ecc_test_allocator(WC_RNG* rng) if (key == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit); } +#ifdef WOLF_CRYPTO_CB + key->devId = devId; +#endif #ifndef WC_NO_RNG ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); From bfcf344be1f41a01cb527cefcc9b791f9175e7ab Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Thu, 22 Jan 2026 16:31:46 +0100 Subject: [PATCH 3/5] tests: refactor gating for WOLF_CRYPTO_CB_ONLY_X tests --- scripts/tls13.test | 7 +++ tests/api.c | 28 ++++++++---- tests/api/api.h | 3 +- tests/api/test_certman.c | 12 +++-- tests/api/test_ecc.c | 48 ++++++++++++-------- tests/api/test_tls.c | 9 ++-- tests/api/test_tls13.c | 17 +++---- tests/suites.c | 5 +- tests/unit.c | 4 +- tests/unit.h | 6 ++- tests/utils.h | 3 +- testsuite/testsuite.c | 7 +-- wolfcrypt/test/test.c | 88 ++++++++++++++++++++---------------- wolfcrypt/test/test.h | 2 +- wolfssl/wolfcrypt/settings.h | 10 ++++ 15 files changed, 156 insertions(+), 93 deletions(-) diff --git a/scripts/tls13.test b/scripts/tls13.test index 085ffc1806..eb5e8d9313 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -113,6 +113,13 @@ if [ $? -eq 0 ]; then exit 0 fi +# Skip when build only supports ECC via crypto callbacks. +grep -F -e 'WOLF_CRYPTO_CB_ONLY_ECC' ./wolfssl/options.h >/dev/null +if [ $? -eq 0 ]; then + echo "Skipping tls13.test: WOLF_CRYPTO_CB_ONLY_ECC is defined" 1>&2 + exit 77 +fi + # Usual TLS v1.3 server / TLS v1.3 client. echo -e "\n\nTLS v1.3 server with TLS v1.3 client" port=0 diff --git a/tests/api.c b/tests/api.c index 95742c76db..b96978e614 100644 --- a/tests/api.c +++ b/tests/api.c @@ -252,7 +252,8 @@ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ !defined(NO_RSA) && \ !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ - !defined(WOLFSSL_TIRTOS) + !defined(WOLFSSL_TIRTOS) && \ + !defined(WC_TEST_SKIP_RSA) && !defined(WC_TEST_SKIP_ECC) #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES #endif @@ -5980,6 +5981,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb, /* Generic TLS client / server with callbacks for API unit tests * Used by SNI / ALPN / crypto callback helper functions */ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \ + !defined(WC_TEST_SKIP_ECC) && \ (defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLF_CRYPTO_CB) || \ defined(HAVE_ALPN_PROTOS_SUPPORT)) || defined(WOLFSSL_STATIC_MEMORY) #define ENABLE_TLS_CALLBACK_TEST @@ -6399,7 +6401,7 @@ static void run_wolfssl_client(void* args) static int test_wolfSSL_read_write(void) { EXPECT_DECLS; -#ifndef NO_SHA256 +#if !defined(NO_SHA256) && !defined(WC_TEST_SKIP_ECC) /* The unit testing for read and write shall happen simultaneously, since * one can't do anything with one without the other. (Except for a failure * test case.) This function will call all the others that will set up, @@ -6466,6 +6468,7 @@ static int test_wolfSSL_read_write(void) static int test_wolfSSL_read_write_ex(void) { EXPECT_DECLS; +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) WOLFSSL_CTX *ctx_c = NULL; WOLFSSL_CTX *ctx_s = NULL; WOLFSSL *ssl_c = NULL; @@ -6500,6 +6503,9 @@ static int test_wolfSSL_read_write_ex(void) wolfSSL_CTX_free(ctx_c); wolfSSL_CTX_free(ctx_s); return TEST_SUCCESS; +#else + return EXPECT_RESULT(); +#endif } static int test_wolfSSL_reuse_WOLFSSLobj(void) @@ -8539,6 +8545,7 @@ static int test_wolfSSL_UseSNI_params(void) return EXPECT_RESULT(); } +#if defined(ENABLE_TLS_CALLBACK_TEST) /* BEGIN of connection tests callbacks */ static void use_SNI_at_ctx(WOLFSSL_CTX* ctx) { @@ -8641,12 +8648,14 @@ static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl) { AssertIntEQ(WC_NO_ERR_TRACE(FATAL_ERROR), wolfSSL_get_error(ssl, 0)); } +#endif /* ENABLE_TLS_CALLBACK_TEST */ /* END of connection tests callbacks */ static int test_wolfSSL_UseSNI_connection(void) { int res = TEST_SKIPPED; -#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + defined(ENABLE_TLS_CALLBACK_TEST) callback_functions client_cb; callback_functions server_cb; size_t i; @@ -24864,7 +24873,9 @@ static int test_SSL_CIPHER_get_xxx(void) return EXPECT_RESULT(); } -#if defined(WOLF_CRYPTO_CB) && defined(HAVE_IO_TESTS_DEPENDENCIES) +#if defined(WOLF_CRYPTO_CB) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ +defined(ENABLE_TLS_CALLBACK_TEST) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ +!defined(WOLF_CRYPTO_CB_ONLY_RSA) static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer, int* keyFormat) @@ -25575,7 +25586,8 @@ static int test_wc_CryptoCb_TLS(int tlsVer, static int test_wc_CryptoCb(void) { EXPECT_DECLS; -#ifdef WOLF_CRYPTO_CB +#if defined(WOLF_CRYPTO_CB) && defined(ENABLE_TLS_CALLBACK_TEST) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_RSA) /* TODO: Add crypto callback API tests */ #ifdef HAVE_IO_TESTS_DEPENDENCIES @@ -29292,9 +29304,9 @@ static int test_certreq_sighash_algos(void) EXPECT_DECLS; #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ !defined(WOLFSSL_MAX_STRENGTH) && defined(HAVE_ECC) && \ - !defined(NO_SHA256) && defined(WOLFSSL_SHA384) && \ - defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC) && \ - !defined(WOLFSSL_NO_TLS12) + !defined(WC_TEST_SKIP_ECC) && !defined(NO_SHA256) && \ + defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_TLS12) WOLFSSL_CTX *ctx_c = NULL; WOLFSSL_CTX *ctx_s = NULL; WOLFSSL *ssl_c = NULL; diff --git a/tests/api/api.h b/tests/api/api.h index fa14484c90..c0e5272058 100644 --- a/tests/api/api.h +++ b/tests/api/api.h @@ -54,7 +54,8 @@ #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ !defined(NO_CERTS) && \ - (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) #define HAVE_CERT_CHAIN_VALIDATION #endif diff --git a/tests/api/test_certman.c b/tests/api/test_certman.c index a2ff33373b..06c102ecb6 100644 --- a/tests/api/test_certman.c +++ b/tests/api/test_certman.c @@ -232,7 +232,8 @@ int test_wolfSSL_CertManagerAPI(void) return EXPECT_RESULT(); } -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type) { @@ -377,7 +378,8 @@ static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags) int test_wolfSSL_CertManagerLoadCABuffer(void) { EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) #if defined(WOLFSSL_PEM_TO_DER) const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; @@ -414,7 +416,8 @@ int test_wolfSSL_CertManagerLoadCABuffer(void) int test_wolfSSL_CertManagerLoadCABuffer_ex(void) { EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) #if defined(WOLFSSL_PEM_TO_DER) const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; @@ -458,7 +461,8 @@ int test_wolfSSL_CertManagerLoadCABufferType(void) EXPECT_DECLS; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ !defined(NO_RSA) && !defined(NO_SHA256) && \ - !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) + !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) #if defined(WOLFSSL_PEM_TO_DER) const char* ca_cert = "./certs/ca-cert.pem"; const char* int1_cert = "./certs/intermediate/ca-int-cert.pem"; diff --git a/tests/api/test_ecc.c b/tests/api/test_ecc.c index e1ab6d595c..cdb46705ff 100644 --- a/tests/api/test_ecc.c +++ b/tests/api/test_ecc.c @@ -205,7 +205,8 @@ int test_wc_ecc_get_curve_id_from_dp_params(void) int test_wc_ecc_make_key(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; int ret; @@ -264,7 +265,8 @@ int test_wc_ecc_init(void) int test_wc_ecc_check_key(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; int ret; @@ -330,7 +332,8 @@ int test_wc_ecc_get_generator(void) int test_wc_ecc_size(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + !defined(WC_NO_RNG) WC_RNG rng; ecc_key key; int ret; @@ -386,8 +389,8 @@ int test_wc_ecc_params(void) int test_wc_ecc_signVerify_hash(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && \ - !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; int ret; @@ -483,7 +486,8 @@ int test_wc_ecc_signVerify_hash(void) int test_wc_ecc_shared_secret(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) ecc_key key; ecc_key pubKey; WC_RNG rng; @@ -584,7 +588,8 @@ int test_wc_ecc_shared_secret(void) int test_wc_ecc_export_x963(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; byte out[ECC_ASN963_MAX_BUF_SZ]; @@ -638,7 +643,8 @@ int test_wc_ecc_export_x963(void) int test_wc_ecc_export_x963_ex(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; int ret; @@ -718,8 +724,9 @@ int test_wc_ecc_export_x963_ex(void) int test_wc_ecc_import_x963(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \ - defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(WC_NO_RNG) ecc_key pubKey; ecc_key key; WC_RNG rng; @@ -778,8 +785,9 @@ int test_wc_ecc_import_x963(void) int test_wc_ecc_import_private_key(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \ - defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(WC_NO_RNG) ecc_key key; ecc_key keyImp; WC_RNG rng; @@ -837,7 +845,8 @@ int test_wc_ecc_import_private_key(void) int test_wc_ecc_export_private_only(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; byte out[ECC_PRIV_KEY_BUF]; @@ -1080,7 +1089,8 @@ int test_wc_ecc_import_unsigned(void) int test_wc_ecc_sig_size(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; int keySz = KEY16; @@ -1712,7 +1722,8 @@ int test_wc_ecc_mulmod(void) int test_wc_ecc_is_valid_idx(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; int ret; @@ -1772,7 +1783,8 @@ int test_wc_ecc_get_curve_id_from_oid(void) int test_wc_ecc_sig_size_calc(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) ecc_key key; WC_RNG rng; int sz = 0; @@ -1811,7 +1823,8 @@ int test_wc_ecc_sig_size_calc(void) int test_wc_EccPrivateKeyToDer(void) { EXPECT_DECLS; -#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) && \ + defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) byte output[ONEK_BUF]; ecc_key eccKey; WC_RNG rng; @@ -1871,4 +1884,3 @@ int test_wc_EccPrivateKeyToDer(void) #endif return EXPECT_RESULT(); } /* End test_wc_EccPrivateKeyToDer */ - diff --git a/tests/api/test_tls.c b/tests/api/test_tls.c index fb977fb755..9c72062f0e 100644 --- a/tests/api/test_tls.c +++ b/tests/api/test_tls.c @@ -299,7 +299,7 @@ int test_tls_certreq_order(void) #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ !defined(WOLFSSL_NO_TLS12) && defined(HAVE_AESGCM) && \ defined(WOLFSSL_AES_256) && defined(WOLFSSL_SHA384) && !defined(NO_RSA) && \ - defined(HAVE_ECC) + defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) /* This test checks that a certificate request message * received before server certificate message is properly detected. */ @@ -346,7 +346,8 @@ int test_tls_certreq_order(void) } #if !defined(WOLFSSL_NO_TLS12) && !defined(NO_RSA) && defined(HAVE_ECC) && \ - !defined(NO_WOLFSSL_SERVER) + !defined(WC_TEST_SKIP_ECC) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(WC_TEST_SKIP_RSA) /* Called when writing. */ static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx) { @@ -382,7 +383,8 @@ int test_tls12_bad_cv_sig_alg(void) { EXPECT_DECLS; #if !defined(WOLFSSL_NO_TLS12) && !defined(NO_RSA) && defined(HAVE_ECC) && \ - !defined(NO_WOLFSSL_SERVER) + !defined(WC_TEST_SKIP_ECC) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(WC_TEST_SKIP_RSA) byte clientMsgs[] = { /* Client Hello */ 0x16, 0x03, 0x03, 0x00, 0xe7, @@ -668,4 +670,3 @@ int test_tls12_bad_cv_sig_alg(void) #endif return EXPECT_RESULT(); } - diff --git a/tests/api/test_tls13.c b/tests/api/test_tls13.c index 99a5dbcf2f..4cd537d2bd 100644 --- a/tests/api/test_tls13.c +++ b/tests/api/test_tls13.c @@ -49,7 +49,7 @@ static char earlyDataBuffer[1]; int test_tls13_apis(void) { EXPECT_DECLS; -#ifdef WOLFSSL_TLS13 +#if defined(WOLFSSL_TLS13) && !defined(WC_TEST_SKIP_ECC) #if defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) && \ (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) int ret; @@ -829,7 +829,7 @@ int test_tls13_apis(void) wolfSSL_CTX_free(clientTls12Ctx); #endif #endif -#endif /* WOLFSSL_TLS13 */ +#endif /* WOLFSSL_TLS13 && !defined(WC_TEST_SKIP_ECC) */ return EXPECT_RESULT(); } @@ -2645,7 +2645,7 @@ int test_tls13_ks_missing(void) } #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) && \ - defined(HAVE_ECC) + defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) /* Called when writing. */ static int DESend(WOLFSSL* ssl, char* buf, int sz, void* ctx) { @@ -2682,7 +2682,7 @@ int test_tls13_duplicate_extension(void) { EXPECT_DECLS; #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) && \ - defined(HAVE_ECC) + defined(HAVE_ECC) && !defined(WC_TEST_SKIP_ECC) WOLFSSL_CTX *ctx = NULL; WOLFSSL *ssl = NULL; byte serverHello[] = { @@ -2740,7 +2740,7 @@ int test_key_share_mismatch(void) EXPECT_DECLS; #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) && \ - defined(BUILD_TLS_AES_128_GCM_SHA256) + !defined(WC_TEST_SKIP_ECC) && defined(BUILD_TLS_AES_128_GCM_SHA256) /* Taken from payload in https://github.com/wolfSSL/wolfssl/issues/9362 */ const byte ch1_bin[] = { 0x16, 0x03, 0x03, 0x00, 0x96, 0x01, 0x00, 0x00, 0x92, 0x03, 0x03, 0x01, @@ -2817,7 +2817,8 @@ int test_key_share_mismatch(void) #if defined(WOLFSSL_TLS13) && !defined(NO_RSA) && defined(HAVE_ECC) && \ - defined(HAVE_AESGCM) && !defined(NO_WOLFSSL_SERVER) + !defined(WC_TEST_SKIP_ECC) && defined(HAVE_AESGCM) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(WC_TEST_SKIP_RSA) /* Called when writing. */ static int Tls13PTASend(WOLFSSL* ssl, char* buf, int sz, void* ctx) { @@ -2865,7 +2866,8 @@ int test_tls13_plaintext_alert(void) EXPECT_DECLS; #if defined(WOLFSSL_TLS13) && !defined(NO_RSA) && defined(HAVE_ECC) && \ - defined(HAVE_AESGCM) && !defined(NO_WOLFSSL_SERVER) + !defined(WC_TEST_SKIP_ECC) && defined(HAVE_AESGCM) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(WC_TEST_SKIP_RSA) byte clientMsgs[] = { /* Client Hello */ 0x16, 0x03, 0x03, 0x01, 0x9b, 0x01, 0x00, 0x01, @@ -3043,4 +3045,3 @@ int test_tls13_plaintext_alert(void) return EXPECT_RESULT(); } - diff --git a/tests/suites.c b/tests/suites.c index 60a727ea02..1c68413ba4 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -58,7 +58,8 @@ #include "examples/server/server.h" #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ - !defined(NO_TLS) && !defined(SINGLE_THREADED) + !defined(NO_TLS) && !defined(SINGLE_THREADED) && \ + (!defined(WC_TEST_SKIP_RSA) && !defined(WC_TEST_SKIP_ECC)) static WOLFSSL_CTX* cipherSuiteCtx = NULL; static char nonblockFlag[] = "-N"; static char noVerifyFlag[] = "-d"; @@ -904,7 +905,7 @@ int SuiteTest(int argc, char** argv) { #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ !defined(NO_TLS) && !defined(SINGLE_THREADED) && \ - !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + !defined(WC_TEST_SKIP_RSA) && !defined(WC_TEST_SKIP_ECC) func_args args; char argv0[3][80]; char* myArgv[3]; diff --git a/tests/unit.c b/tests/unit.c index 820388d6e2..65004a368d 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -318,7 +318,9 @@ int unit_test(int argc, char** argv) !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ !defined(NO_TLS) && \ !defined(SINGLE_THREADED) && \ - defined(WOLFSSL_PEM_TO_DER) + defined(WOLFSSL_PEM_TO_DER) && \ + !defined(WC_TEST_SKIP_RSA) && \ + !defined(WC_TEST_SKIP_ECC) if ((ret = SuiteTest(argc, argv)) != 0) { fprintf(stderr, "suite test failed with %d\n", ret); goto exit; diff --git a/tests/unit.h b/tests/unit.h index 8516a1e476..368effb6c0 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -360,7 +360,8 @@ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ !defined(NO_RSA) && \ !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ - !defined(WOLFSSL_TIRTOS) + !defined(WOLFSSL_TIRTOS) && \ + !defined(WC_TEST_SKIP_RSA) && !defined(WC_TEST_SKIP_ECC) #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES #endif #ifdef HAVE_SSL_MEMIO_TESTS_DEPENDENCIES @@ -443,7 +444,8 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb, #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(WC_TEST_SKIP_RSA) #define HAVE_IO_TESTS_DEPENDENCIES #endif diff --git a/tests/utils.h b/tests/utils.h index ecc800f82e..056bba4080 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -35,7 +35,8 @@ extern const char* currentTestName; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ (!defined(NO_RSA) || defined(HAVE_RPK)) && \ !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ - (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)) + (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)) && \ + !defined(WC_TEST_SKIP_RSA) && !defined(WC_TEST_SKIP_ECC) #define HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES #define TEST_MEMIO_BUF_SZ (64 * 1024) #define TEST_MEMIO_MAX_MSGS 32 diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index fb65c4642a..a4c0a34c24 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -61,7 +61,8 @@ void file_test(const char* file, byte* check); #endif #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ - !defined(NO_TLS) + !defined(NO_TLS) && !defined(WC_TEST_SKIP_RSA) && \ + !defined(WC_TEST_SKIP_ECC) #ifdef HAVE_STACK_SIZE static THREAD_RETURN simple_test(func_args *args); @@ -115,7 +116,7 @@ int testsuite_test(int argc, char** argv) { #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ !defined(NO_TLS) && \ - (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)) + (!defined(WC_TEST_SKIP_RSA) && !defined(WC_TEST_SKIP_ECC)) func_args server_args; tcp_ready ready; @@ -423,7 +424,7 @@ static int test_crl_monitor(void) #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ !defined(NO_TLS) && \ - (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)) + (!defined(WC_TEST_SKIP_RSA) && !defined(WC_TEST_SKIP_ECC)) /* Perform a basic TLS handshake. * * First connection to echo a file. diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 10c9e32a5d..e80d194750 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -726,7 +726,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) + !defined(WC_TEST_SKIP_ECC) && !defined(NO_ECC_SECP) /* skip for ATECC508/608A, cannot import private key buffers */ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void); #endif @@ -2676,7 +2676,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ else TEST_PASS("OPENSSL (PKEY1) passed!\n"); - #if !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + #if !defined(WC_TEST_SKIP_RSA) && !defined(WC_TEST_SKIP_ECC) if ( (ret = openssl_evpSig_test()) != 0) TEST_FAIL("OPENSSL (EVP Sign/Verify) test failed!\n", ret); else @@ -2701,7 +2701,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) + !defined(WC_TEST_SKIP_ECC) && !defined(NO_ECC_SECP) /* skip for ATECC508/608A, cannot import private key buffers */ if ( (ret = ecc_test_buffers()) != 0) TEST_FAIL("ECC buffer test failed!\n", ret); @@ -2946,6 +2946,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_RSA) && \ !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \ defined(WOLFSSL_QNX_CAAM) || defined(HAVE_RENESAS_SYNC)) if ( (ret = cryptocb_test()) != 0) @@ -21292,12 +21293,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #endif #endif #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ASN_CRYPT) + !defined(WC_TEST_SKIP_ECC) && !defined(NO_ASN_CRYPT) static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem"; static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der"; static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der"; #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) + !defined(WC_TEST_SKIP_ECC) static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der"; #endif #endif /* HAVE_ECC_KEY_EXPORT */ @@ -22215,7 +22216,7 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG if (ret != 0) #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) /* async may not require RNG */ - #if defined(WOLF_CRYPTO_CB_ONLY_RSA) + #if defined(WC_TEST_SKIP_RSA) if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) #else if (ret != 0 && ret != WC_NO_ERR_TRACE(MISSING_RNG_E)) @@ -22268,7 +22269,7 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E)) return WC_TEST_RET_ENC_EC(ret); #endif -#if defined(WOLF_CRYPTO_CB_ONLY_RSA) +#if defined(WC_TEST_SKIP_RSA) return 0; #endif /* Use APIs. */ @@ -22728,7 +22729,7 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub) !defined(WC_NO_RNG) /* Need to create known good signatures to test with this. */ #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ -!defined(WOLF_CRYPTO_CB_ONLY_RSA) +!defined(WC_TEST_SKIP_RSA) static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key) { byte digest[WC_MAX_DIGEST_SIZE]; @@ -24086,7 +24087,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng) int keySz = 2048; #endif -#ifdef WOLF_CRYPTO_CB_ONLY_RSA +#ifdef WC_TEST_SKIP_RSA if (devId == INVALID_DEVID) { /* must call keygen with devId */ return 0; @@ -24184,7 +24185,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng) #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \ (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \ - && !defined(WOLF_CRYPTO_CB_ONLY_RSA) + && !defined(WC_TEST_SKIP_RSA) static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng) { wc_test_ret_t ret = 0; @@ -24721,7 +24722,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) #endif #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ - !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_RSA) + !defined(WC_NO_RNG) && !defined(WC_TEST_SKIP_RSA) do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); @@ -24834,7 +24835,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \ !defined(WOLFSSL_RSA_VERIFY_ONLY) && defined(WOLFSSL_PUBLIC_MP) && \ - !defined(WOLF_CRYPTO_CB_ONLY_RSA) + !defined(WC_TEST_SKIP_RSA) idx = (word32)ret; XMEMSET(plain, 0, plainSz); do { @@ -24881,7 +24882,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) #if (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \ - && !defined(WOLF_CRYPTO_CB_ONLY_RSA) + && !defined(WC_TEST_SKIP_RSA) ret = rsa_oaep_padding_test(key, &rng); if (ret != 0) goto exit_rsa; @@ -25138,7 +25139,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) !defined(WC_NO_RNG) /* Need to create known good signatures to test with this. */ #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ - !defined(WOLF_CRYPTO_CB_ONLY_RSA) + !defined(WC_TEST_SKIP_RSA) ret = rsa_pss_test(&rng, key); if (ret != 0) goto exit_rsa; @@ -32158,7 +32159,7 @@ typedef struct eccVector { word32 sSz; } eccVector; -#if !defined(WOLF_CRYPTO_CB_ONLY_ECC) +#if !defined(WC_TEST_SKIP_ECC) static wc_test_ret_t ecc_test_vector_item(const eccVector* vector) { wc_test_ret_t ret = 0; @@ -32520,7 +32521,7 @@ static wc_test_ret_t ecc_test_vector(int keySize) return 0; } -#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ +#endif /* WC_TEST_SKIP_ECC */ #if defined(HAVE_ECC_SIGN) && \ (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ @@ -33234,7 +33235,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) #else ecc_key key[1]; #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) + !defined(WC_TEST_SKIP_ECC) ecc_key pub[1]; #endif byte exportBuf[ECC_BUFSIZE]; @@ -33385,7 +33386,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) #if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \ (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(HAVE_ECC_DETERMINISTIC_K) + !defined(WC_TEST_SKIP_ECC) && !defined(HAVE_ECC_DETERMINISTIC_K) tmpSz = ECC_BUFSIZE; ret = 0; do { @@ -33454,7 +33455,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) } #endif /* WOLFSSL_QNX_CAAM */ -#ifndef WOLF_CRYPTO_CB_ONLY_ECC +#ifndef WC_TEST_SKIP_ECC /* make public key for shared secret */ wc_ecc_init_ex(pub, HEAP_HINT, devId); ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub); @@ -33490,7 +33491,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); TEST_SLEEP(); #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */ -#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ +#endif /* WC_TEST_SKIP_ECC */ ret = 0; done: @@ -33516,7 +33517,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) } #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \ - !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + !defined(WC_NO_RNG) && !defined(WC_TEST_SKIP_ECC) static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize) { wc_test_ret_t ret; @@ -33597,7 +33598,7 @@ static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize) #endif /* HAVE_ECC_KEY_IMPORT */ #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \ - !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + !defined(WC_NO_RNG) && !defined(WC_TEST_SKIP_ECC) static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize) { wc_test_ret_t ret = 0; @@ -33817,7 +33818,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE); #endif -#ifdef WOLF_CRYPTO_CB_ONLY_ECC +#ifdef WC_TEST_SKIP_ECC if (ret == WC_NO_ERR_TRACE(NO_VALID_DEVID)) { ret = 0; goto done; /* no software case */ @@ -34185,7 +34186,7 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id) return ret; } } -#ifndef WOLF_CRYPTO_CB_ONLY_ECC +#ifndef WC_TEST_SKIP_ECC #if FIPS_VERSION3_GE(6,0,0) skip_A: #endif @@ -34232,14 +34233,14 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id) #if FIPS_VERSION3_GE(6,0,0) skip_B: #endif -#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ +#endif /* WC_TEST_SKIP_ECC */ return 0; } #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ - !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + !defined(WOLFSSL_NO_MALLOC) && !defined(WC_TEST_SKIP_ECC) static wc_test_ret_t ecc_point_test(void) { wc_test_ret_t ret; @@ -34468,7 +34469,7 @@ static wc_test_ret_t ecc_point_test(void) } #endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ -#if !defined(NO_SIG_WRAPPER) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ +#if !defined(NO_SIG_WRAPPER) && !defined(WC_TEST_SKIP_ECC) && \ !defined(NO_ECC_SIGN) static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key) { @@ -34527,7 +34528,7 @@ static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key) #endif #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) + !defined(WC_TEST_SKIP_ECC) static wc_test_ret_t ecc_exp_imp_test(ecc_key* key) { @@ -34724,6 +34725,9 @@ static wc_test_ret_t ecc_mulmod_test(ecc_key* key1) } #endif +/* must be disabled under WOLF_CRYPTO_CB_ONLY_ECC as it uses +* wc_ecc_shared_secret_ex that is not defined when +* WOLF_CRYPTO_CB_ONLY_ECC is set */ #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \ !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \ @@ -34805,7 +34809,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng) ret = wc_ecc_set_flags(key, 0); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); -#ifndef WOLF_CRYPTO_CB_ONLY_ECC +#ifndef WC_TEST_SKIP_ECC #ifndef WC_NO_RNG ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -34874,7 +34878,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng) goto done; #endif #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \ - !defined(WOLFSSL_CRYPTOCELL) + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) ret = ecc_mulmod_test(key); if (ret < 0) goto done; @@ -34883,7 +34887,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng) #else (void)rng; (void)idx; -#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ +#endif /* WC_TEST_SKIP_ECC */ done: wc_ecc_free(key); @@ -36038,7 +36042,7 @@ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng) #endif /* WOLFSSL_CERT_GEN */ #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ + !defined(WOLFSSL_NO_MALLOC) && !defined(WC_TEST_SKIP_ECC) && \ (!defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES)) /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */ static wc_test_ret_t ecc_test_allocator(WC_RNG* rng) @@ -36701,7 +36705,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) } #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ - !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + !defined(WOLFSSL_NO_MALLOC) && !defined(WC_TEST_SKIP_ECC) ret = ecc_point_test(); if (ret < 0) { goto done; @@ -36852,7 +36856,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) } #endif #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && (!defined(NO_ECC_SECP) || \ + !defined(WC_TEST_SKIP_ECC) && (!defined(NO_ECC_SECP) || \ defined(WOLFSSL_CUSTOM_CURVES)) ret = ecc_test_allocator(&rng); if (ret != 0) { @@ -37694,7 +37698,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) + !defined(WC_TEST_SKIP_ECC) && !defined(NO_ECC_SECP) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void) { size_t bytes; @@ -61838,6 +61842,7 @@ typedef struct { } myCryptoDevCtx; #ifdef WOLF_CRYPTO_CB_ONLY_RSA +#define CRYPTO_CB_ONLY_RSA_TEST_BYTES 512 /* Testing rsa cb when CB_ONLY_RSA is enabled * When CB_ONLY_RSA is enabled, software imple. is not available. * @@ -61911,6 +61916,7 @@ static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx) #elif defined(USE_CERT_BUFFERS_4096) XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); #elif !defined(NO_FILESYSTEM) + (void)clientCert; file = XFOPEN(clientKey, "rb"); if (!file) { ret = WC_TEST_RET_ENC_ERRNO; @@ -62373,7 +62379,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) if (info->pk.type == WC_PK_TYPE_RSA) { /* set devId to invalid, so software is used */ info->pk.rsa.key->devId = INVALID_DEVID; - #if defined(WOLF_CRYPTO_CB_ONLY_RSA) + #if defined(WC_TEST_SKIP_RSA) #ifdef DEBUG_WOLFSSL printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); #endif @@ -62407,7 +62413,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #ifdef WOLFSSL_KEY_GEN else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { info->pk.rsakg.key->devId = INVALID_DEVID; - #if defined(WOLF_CRYPTO_CB_ONLY_RSA) + #if defined(WC_TEST_SKIP_RSA) #ifdef DEBUG_WOLFSSL printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); #endif @@ -63407,7 +63413,9 @@ static int myCryptoCbFind(int currentId, int algoType) #endif /* WOLF_CRYPTO_CB_FIND */ -#if !defined(WC_TEST_NO_CRYPTOCB_SW_TEST) +#if !defined(WC_TEST_NO_CRYPTOCB_SW_TEST) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void) { wc_test_ret_t ret = 0; @@ -63436,7 +63444,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void) ret = rsa_test(); PRIVATE_KEY_LOCK(); #endif -#if defined(WOLF_CRYPTO_CB_ONLY_RSA) +#if defined(WC_TEST_SKIP_RSA) PRIVATE_KEY_UNLOCK(); if (ret == 0) ret = rsa_onlycb_test(&myCtx); @@ -63552,7 +63560,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void) return ret; } -#endif /* ! WC_TEST_NO_CRYPTOCB_SW_TEST */ +#endif /* ! WC_TEST_NO_CRYPTOCB_SW_TEST && ! WOLF_CRYPTO_CB_ONLY */ #endif /* WOLF_CRYPTO_CB */ #ifdef WOLFSSL_CERT_PIV diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h index 55058f63c4..55610a74b5 100644 --- a/wolfcrypt/test/test.h +++ b/wolfcrypt/test/test.h @@ -251,7 +251,7 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) + !defined(WC_TEST_SKIP_ECC) && !defined(NO_ECC_SECP) /* skip for ATECC508/608A, cannot import private key buffers */ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void); #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 58ae0c41a0..48438da72c 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -4251,6 +4251,16 @@ extern void uITRON4_free(void *p) ; #define WOLF_CRYPTO_CB #endif +/* Skip RSA tests when software is compiled out and no default device is configured */ +#if defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WC_USE_DEVID) + #define WC_TEST_SKIP_RSA +#endif + +/* Skip ECC tests when software is compiled out and no default device is configured */ +#if defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WC_USE_DEVID) + #define WC_TEST_SKIP_ECC +#endif + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_SIGALG) #error TLS 1.3 requires the Signature Algorithms extension to be enabled #endif From 9a721e54ff9569b11bf464fbd5150f739e1c6239 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Thu, 22 Jan 2026 15:27:48 +0100 Subject: [PATCH 4/5] tests: introduce cryptocb test provider --- .gitignore | 1 + .wolfssl_known_macro_extras | 1 + Makefile.am | 1 + configure.ac | 16 +++ examples/client/client.c | 17 ++- examples/client/include.am | 3 + examples/echoclient/echoclient.c | 18 ++- examples/echoclient/include.am | 3 + examples/echoserver/echoserver.c | 18 ++- examples/echoserver/include.am | 3 + examples/server/include.am | 3 + examples/server/server.c | 16 ++- tests/api.c | 10 ++ tests/cryptocb-provider/Makefile | 47 +++++++ tests/cryptocb-provider/README.md | 113 +++++++++++++++++ tests/cryptocb-provider/cryptocb_loader.c | 91 ++++++++++++++ tests/cryptocb-provider/cryptocb_loader.h | 36 ++++++ tests/cryptocb-provider/cryptocb_provider.c | 133 ++++++++++++++++++++ tests/cryptocb-provider/cryptocb_provider.h | 50 ++++++++ tests/cryptocb-provider/include.am | 20 +++ tests/cryptocb-provider/user_settings.h | 51 ++++++++ tests/include.am | 3 + testsuite/include.am | 3 + wolfcrypt/test/include.am | 7 ++ wolfcrypt/test/test.c | 12 ++ wolfssl/wolfcrypt/settings.h | 13 ++ 26 files changed, 685 insertions(+), 4 deletions(-) create mode 100644 tests/cryptocb-provider/Makefile create mode 100644 tests/cryptocb-provider/README.md create mode 100644 tests/cryptocb-provider/cryptocb_loader.c create mode 100644 tests/cryptocb-provider/cryptocb_loader.h create mode 100644 tests/cryptocb-provider/cryptocb_provider.c create mode 100644 tests/cryptocb-provider/cryptocb_provider.h create mode 100644 tests/cryptocb-provider/include.am create mode 100644 tests/cryptocb-provider/user_settings.h diff --git a/.gitignore b/.gitignore index 0ef9644175..d9e432513f 100644 --- a/.gitignore +++ b/.gitignore @@ -470,3 +470,4 @@ wolfssl/debug-trace-error-codes.h wolfssl/debug-untrace-error-codes.h AGENTS.md +tests/cryptocb-provider/libcryptocbprovider.so diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 0a681bd403..9969f39b82 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -946,6 +946,7 @@ WOLF_CRYPTO_CB_CMD WOLF_CRYPTO_CB_FIND WOLF_CRYPTO_CB_ONLY_ECC WOLF_CRYPTO_CB_ONLY_RSA +WOLF_CRYPTO_CB_TEST_PROVIDER WOLF_CRYPTO_DEV WOLF_NO_TRAILING_ENUM_COMMAS WindowsCE diff --git a/Makefile.am b/Makefile.am index b7fc4db2fb..28e1130cdd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -176,6 +176,7 @@ include wolfcrypt/test/include.am include examples/include.am include testsuite/include.am include tests/include.am +include tests/cryptocb-provider/include.am include sslSniffer/sslSnifferTest/include.am include debian/include.am include rpm/include.am diff --git a/configure.ac b/configure.ac index 0e98700283..b85bd33125 100644 --- a/configure.ac +++ b/configure.ac @@ -9598,6 +9598,21 @@ then AM_CFLAGS="$AM_CFLAGS -DWC_TEST_NO_CRYPTOCB_SW_TEST" fi +# Enable building the test crypto callback provider +AC_ARG_ENABLE([cryptocb-test-provider], + [AS_HELP_STRING([--enable-cryptocb-test-provider], + [Build the test crypto callback provider library (default: disabled)])], + [ ENABLED_CRYPTOCB_TEST_PROVIDER=$enableval ], + [ ENABLED_CRYPTOCB_TEST_PROVIDER=no ] +) + +if test "x$ENABLED_CRYPTOCB_TEST_PROVIDER" = "xyes"; then + if test "x$ENABLED_CRYPTOCB" != "xyes"; then + AC_MSG_ERROR([--enable-cryptocb-test-provider requires --enable-cryptocb]) + fi + AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB_TEST_PROVIDER" +fi + # Crypto Callbacks Utils (Copy/Free/etc) AC_ARG_ENABLE([cryptocbutils], [AS_HELP_STRING([--enable-cryptocbutils@<:@=copy,free,...@:>@], @@ -11169,6 +11184,7 @@ AM_CONDITIONAL([BUILD_TESTS],[test "x$ENABLED_EXAMPLES" = "xyes"]) AM_CONDITIONAL([BUILD_THREADED_EXAMPLES],[test "x$ENABLED_SINGLETHREADED" = "xno" && test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"]) AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS],[test "x$ENABLED_CRYPT_TESTS" = "xyes"]) AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS_LIBS],[test "x$ENABLED_CRYPT_TESTS_LIBS" = "xyes"]) +AM_CONDITIONAL([BUILD_CRYPTO_CB_TEST_PROVIDER],[test "x$ENABLED_CRYPTOCB_TEST_PROVIDER" = "xyes"]) AM_CONDITIONAL([BUILD_LIBZ],[test "x$ENABLED_LIBZ" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_PKCS11],[test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_PKCS12],[test "x$ENABLED_PKCS12" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) diff --git a/examples/client/client.c b/examples/client/client.c index 16ea02075f..c4db6f6d86 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -56,6 +56,10 @@ static const char *wolfsentry_config_path = NULL; #include #include +#if defined(WOLF_CRYPTO_CB_TEST_PROVIDER) +#include "tests/cryptocb-provider/cryptocb_loader.h" +#endif + #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) @@ -76,7 +80,7 @@ static const char *wolfsentry_config_path = NULL; #include #endif -#ifdef WOLFSSL_ASYNC_CRYPT +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB_TEST_PROVIDER) static int devId = INVALID_DEVID; #endif @@ -3670,6 +3674,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_CTX_SetDevId(ctx, devId); #endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + devId = wc_CryptoCb_InitTestCryptoCbProvider(); + if (devId < 0) { + err_sys("CryptoCb provider init failed"); + } + wolfSSL_CTX_SetDevId(ctx, devId); +#endif /* WOLF_CRYPTO_CB_TEST_PROVIDER */ #ifdef HAVE_SNI if (sniHostName) { if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName, @@ -4945,6 +4956,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #else fprintf(stderr, "Client not compiled in!\n"); #endif + +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + wc_CryptoCb_CleanupTestCryptoCbProvider(); +#endif wolfSSL_Cleanup(); #ifdef HAVE_WNR diff --git a/examples/client/include.am b/examples/client/include.am index 36e65f218c..fce060a052 100644 --- a/examples/client/include.am +++ b/examples/client/include.am @@ -5,6 +5,9 @@ if BUILD_EXAMPLE_CLIENTS noinst_PROGRAMS += examples/client/client noinst_HEADERS += examples/client/client.h examples_client_client_SOURCES = examples/client/client.c +if BUILD_CRYPTO_CB_TEST_PROVIDER +examples_client_client_SOURCES += tests/cryptocb-provider/cryptocb_loader.c +endif examples_client_client_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB) examples_client_client_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la examples_client_client_CFLAGS = $(WOLFSENTRY_INCLUDE) $(AM_CFLAGS) diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 4c12ec538f..e2b2037388 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -53,6 +53,10 @@ #include +#if defined(WOLF_CRYPTO_CB_TEST_PROVIDER) +#include "tests/cryptocb-provider/cryptocb_loader.h" +#endif + #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) @@ -65,7 +69,7 @@ #include #endif -#ifdef WOLFSSL_ASYNC_CRYPT +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB_TEST_PROVIDER) static int devId = INVALID_DEVID; #endif @@ -223,6 +227,14 @@ void echoclient_test(void* args) wolfSSL_CTX_SetDevId(ctx, devId); #endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + devId = wc_CryptoCb_InitTestCryptoCbProvider(); + if (devId < 0) { + err_sys("CryptoCb provider init failed"); + } + wolfSSL_CTX_SetDevId(ctx, devId); +#endif /* WOLF_CRYPTO_CB_TEST_PROVIDER */ + ssl = SSL_new(ctx); tcp_connect(&sockfd, wolfSSLIP, port, 0, 0, ssl); @@ -287,6 +299,10 @@ void echoclient_test(void* args) wolfAsync_DevClose(&devId); #endif +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + wc_CryptoCb_CleanupTestCryptoCbProvider(); +#endif + LIBCALL_CHECK_RET(fflush(fout)); #ifndef WOLFSSL_MDK_SHELL if (inCreated) fclose(fin); diff --git a/examples/echoclient/include.am b/examples/echoclient/include.am index 5cae9be273..ac3af8ca76 100644 --- a/examples/echoclient/include.am +++ b/examples/echoclient/include.am @@ -7,6 +7,9 @@ if BUILD_EXAMPLE_CLIENTS noinst_PROGRAMS += examples/echoclient/echoclient noinst_HEADERS += examples/echoclient/echoclient.h examples_echoclient_echoclient_SOURCES = examples/echoclient/echoclient.c +if BUILD_CRYPTO_CB_TEST_PROVIDER +examples_echoclient_echoclient_SOURCES += tests/cryptocb-provider/cryptocb_loader.c +endif examples_echoclient_echoclient_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) examples_echoclient_echoclient_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la endif diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index cb1b782c1f..ea104d6467 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -56,6 +56,10 @@ #include "examples/echoserver/echoserver.h" +#if defined(WOLF_CRYPTO_CB_TEST_PROVIDER) +#include "tests/cryptocb-provider/cryptocb_loader.h" +#endif + #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) #ifdef NO_FILESYSTEM @@ -67,7 +71,7 @@ #include #endif -#ifdef WOLFSSL_ASYNC_CRYPT +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB_TEST_PROVIDER) static int devId = INVALID_DEVID; #endif @@ -289,6 +293,14 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args) wolfSSL_CTX_SetDevId(ctx, devId); #endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + devId = wc_CryptoCb_InitTestCryptoCbProvider(); + if (devId < 0) { + err_sys("CryptoCb provider init failed"); + } + wolfSSL_CTX_SetDevId(ctx, devId); +#endif /* WOLF_CRYPTO_CB_TEST_PROVIDER */ + SignalReady(args, port); while (!shutDown) { @@ -453,6 +465,10 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args) wolfAsync_DevClose(&devId); #endif +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + wc_CryptoCb_CleanupTestCryptoCbProvider(); +#endif + WOLFSSL_RETURN_FROM_THREAD(0); } diff --git a/examples/echoserver/include.am b/examples/echoserver/include.am index f278ca9dd1..183229a9bb 100644 --- a/examples/echoserver/include.am +++ b/examples/echoserver/include.am @@ -7,6 +7,9 @@ if BUILD_EXAMPLE_SERVERS noinst_PROGRAMS += examples/echoserver/echoserver noinst_HEADERS += examples/echoserver/echoserver.h examples_echoserver_echoserver_SOURCES = examples/echoserver/echoserver.c +if BUILD_CRYPTO_CB_TEST_PROVIDER +examples_echoserver_echoserver_SOURCES += tests/cryptocb-provider/cryptocb_loader.c +endif examples_echoserver_echoserver_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) examples_echoserver_echoserver_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la endif diff --git a/examples/server/include.am b/examples/server/include.am index cb591d9e34..68c508a0c4 100644 --- a/examples/server/include.am +++ b/examples/server/include.am @@ -7,6 +7,9 @@ if BUILD_EXAMPLE_SERVERS noinst_PROGRAMS += examples/server/server noinst_HEADERS += examples/server/server.h examples_server_server_SOURCES = examples/server/server.c +if BUILD_CRYPTO_CB_TEST_PROVIDER +examples_server_server_SOURCES += tests/cryptocb-provider/cryptocb_loader.c +endif examples_server_server_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB) examples_server_server_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la examples_server_server_CFLAGS = $(WOLFSENTRY_INCLUDE) $(AM_CFLAGS) diff --git a/examples/server/server.c b/examples/server/server.c index c7c44409d8..a04eb50490 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -75,6 +75,10 @@ static const char *wolfsentry_config_path = NULL; #include "examples/server/server.h" +#if defined(WOLF_CRYPTO_CB_TEST_PROVIDER) +#include "tests/cryptocb-provider/cryptocb_loader.h" +#endif + #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) #if defined(WOLFSSL_TLS13) && ( \ @@ -111,7 +115,7 @@ static struct group_info group_id_to_text[] = { }; #endif /* CAN_FORCE_CURVE && HAVE_ECC */ -#ifdef WOLFSSL_ASYNC_CRYPT +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB_TEST_PROVIDER) static int devId = INVALID_DEVID; #endif @@ -3088,6 +3092,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) wolfSSL_CTX_SetDevId(ctx, devId); #endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + devId = wc_CryptoCb_InitTestCryptoCbProvider(); + if (devId < 0) { + err_sys_ex(runWithErrors, "CryptoCb provider init failed"); + } + wolfSSL_CTX_SetDevId(ctx, devId); +#endif /* WOLF_CRYPTO_CB_TEST_PROVIDER */ #ifdef WOLFSSL_TLS13 if (noPskDheKe) wolfSSL_CTX_no_dhe_psk(ctx); @@ -4110,6 +4121,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) fprintf(stderr, "Server not compiled in!\n"); #endif +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + wc_CryptoCb_CleanupTestCryptoCbProvider(); +#endif wolfSSL_Cleanup(); FreeTcpReady(&ready); diff --git a/tests/api.c b/tests/api.c index b96978e614..eccb75f57f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -158,6 +158,9 @@ #include "wolfssl/internal.h" #endif +#if defined(WOLF_CRYPTO_CB_TEST_PROVIDER) +#include "cryptocb-provider/cryptocb_loader.h" +#endif /* WOLF_CRYPTO_CB_TEST_PROVIDER */ /* include misc.c here regardless of NO_INLINE, because misc.c implementations * have default (hidden) visibility, and in the absence of visibility, it's * benign to mask out the library implementation. @@ -32098,6 +32101,9 @@ int ApiTest(void) } #endif +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + testDevId = wc_CryptoCb_InitTestCryptoCbProvider(); +#endif #ifdef WOLFSSL_DUMP_MEMIO_STREAM if (res == 0) { if (create_tmp_dir(tmpDirName, sizeof(tmpDirName) - 1) == NULL) { @@ -32188,6 +32194,10 @@ int ApiTest(void) wc_ecc_fp_free(); /* free per thread cache */ #endif +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + wc_CryptoCb_CleanupTestCryptoCbProvider(); +#endif + #ifdef WOLFCRYPT_ONLY wolfCrypt_Cleanup(); #else diff --git a/tests/cryptocb-provider/Makefile b/tests/cryptocb-provider/Makefile new file mode 100644 index 0000000000..1602e6013e --- /dev/null +++ b/tests/cryptocb-provider/Makefile @@ -0,0 +1,47 @@ +# tests/cryptocb-provider/Makefile +# +# Copyright (C) 2006-2025 wolfSSL Inc. +# +# Simple standalone Makefile for building the external crypto provider. +# This compiles wolfcrypt sources directly into the shared library. + +# Path to wolfSSL root directory (can be overridden) +WOLFSSL_DIR ?= ../.. + +# Output library name +LIB_NAME = libcryptocbprovider.so + +# Compiler settings +CC ?= gcc + +# TODO: Open problem: how to get external CFLAGS when autotool is used +CFLAGS ?= +CFLAGS += -ggdb -O0 -Wall -DWOLFSSL_USER_SETTINGS -fPIC -fvisibility=hidden +CFLAGS += -I. -I$(WOLFSSL_DIR) + +# Provider implementation +PROVIDER_SRC = cryptocb_provider.c + +# wolfCrypt source files - use wildcard as sources are properly guarded +WOLFCRYPT_SRC = $(wildcard $(WOLFSSL_DIR)/wolfcrypt/src/*.c) + +# Filter out evp.c and misc.c +WOLFCRYPT_SRC := $(filter-out $(WOLFSSL_DIR)/wolfcrypt/src/evp.c,$(WOLFCRYPT_SRC)) +WOLFCRYPT_SRC := $(filter-out $(WOLFSSL_DIR)/wolfcrypt/src/misc.c,$(WOLFCRYPT_SRC)) + +# Linker flags +LDFLAGS = -shared + +# Link math library if needed +LDLIBS = -lm + +# Default target +all: $(LIB_NAME) + +$(LIB_NAME): $(PROVIDER_SRC) $(WOLFCRYPT_SRC) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(PROVIDER_SRC) $(WOLFCRYPT_SRC) $(LDLIBS) + +clean: + rm -f $(LIB_NAME) + +.PHONY: all clean diff --git a/tests/cryptocb-provider/README.md b/tests/cryptocb-provider/README.md new file mode 100644 index 0000000000..fce12eefec --- /dev/null +++ b/tests/cryptocb-provider/README.md @@ -0,0 +1,113 @@ +# CryptoCB Provider + +This directory contains an external cryptocb provider library for testing wolfSSL +builds with `WOLF_CRYPTO_CB_ONLY_*` flags enabled. + +## Background + +When wolfSSL is built with CRYPTOCB_ONLY flags, the software crypto +implementations are removed from the library. This breaks the test suite since +tests cannot execute crypto operations without a real hardware provider or +software fallback. + +This external provider solves the problem by: +1. Building a separate shared library with full software crypto implementations +2. Exporting a crypto callback that the test harness can dlopen() at runtime +3. Allowing tests to run even when the main wolfSSL has software crypto removed + +## Problem + +The external cryptocb and the main library must share a configuration so that +the ABI of the crypto callback doesn't change. + +The external proider solves this problem by using a custom user_settings.h file +that is obtained by: + +- including either options.h or user_settings.h from the main library. +- removing the following features: + - TLS library stack (and so defining wolfcrypt_only) + - removing all `WOLF_CRYPTO_CB_ONLY_*` features + +## Building + +To keep things simple the external provider use a simple Makefile with * +inclusion of all source files of the main library. +The source files are built in a single gcc invocation, no .o are shared between +the main library and the external provider. + +### Via Autotools (Recommended) + +The provider is automatically built when configuring with `--enable-cryptocb`: + +```bash +./autogen.sh +./configure --enable-cryptocb +make +``` + +The library will be built at `tests/external-crypto-provider/libextcryptoprovider.so`. + +The autotools just run the simple `Makefile` inside the folder, the external +provider itself just uses a very simple `Makefile` + +### Standalone Build + +You can also build the provider manually: + +```bash +cd tests/external-crypto-provider +make WOLFSSL_DIR=/path/to/wolfssl +``` + +## Usage + +### Automatic (Test Harness) + +When running wolfcrypt tests with CRYPTOCB_ONLY builds and with +`WOLF_CRYPTO_CB_USE_EXT_PROVIDER` the test harness +automatically loads the provider: + +The provider is loaded from +`tests/external-crypto-provider/libextcryptoprovider.so`. + +The provided registered with valid devid that is also used by `WC_USE_DEVID` + +This way all tests are routed to the callback provider. + +When the external provider is activated, all test suite is executed, even for +CRYPTOCB_ONLY builds. + + +### Provider loading + +To use the provider: + +```c +#include +#include + +/* Function pointer types */ +typedef int (*callback_fn)(int, struct wc_CryptoInfo*, void*); + +void* handle = dlopen("libextcryptoprovider.so", RTLD_NOW | RTLD_LOCAL); + +callback_fn callback = dlsym(handle, "external_provider_callback"); + +/* Initialize and register */ +init(); +wc_CryptoCb_RegisterDevice(MY_DEV_ID, callback, NULL); + +/* ... use wolfSSL with keys initialized with devId = MY_DEV_ID ... */ + +/* Cleanup */ +wc_CryptoCb_UnRegisterDevice(MY_DEV_ID); +cleanup(); +dlclose(handle); +``` + +## Supported Operations + +The provider currently only supports operation with CB_ONLY supports: + +- **RSA**: Raw RSA operations only (modular exponentiation). +- **ECC**: Key generation, ECDSA sign/verify, ECDH key agreement diff --git a/tests/cryptocb-provider/cryptocb_loader.c b/tests/cryptocb-provider/cryptocb_loader.c new file mode 100644 index 0000000000..fb976c0696 --- /dev/null +++ b/tests/cryptocb-provider/cryptocb_loader.c @@ -0,0 +1,91 @@ +/* cryptocb_loader.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + * Loader for the external crypto callback provider. + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif +#include + +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + +#include + +#include +#include + +#include "cryptocb_loader.h" + +#ifndef CRYPTOCB_PROVIDER_PATH + #define CRYPTOCB_PROVIDER_PATH \ + "tests/cryptocb-provider/libcryptocbprovider.so" +#endif + +typedef int (*cryptocb_provider_callback_fn)(int, wc_CryptoInfo*, void*); + +/* File-scope static variables for cleanup access */ +static void *gExtProviderHandle = NULL; +static cryptocb_provider_callback_fn gExtProviderCallback = NULL; + +/* Load and register the external crypto callback provider and return its devId + * */ +int wc_CryptoCb_InitTestCryptoCbProvider(void) { + /* Only load the shared library once, but always re-register the device + * since wolfCrypt_Cleanup() may have unregistered it */ + if (gExtProviderHandle == NULL) { + gExtProviderHandle = dlopen(CRYPTOCB_PROVIDER_PATH, RTLD_NOW | RTLD_LOCAL); + if (gExtProviderHandle == NULL) { + printf("Warning: could not load external provider: %s\n", dlerror()); + return INVALID_DEVID; + } + gExtProviderCallback = (cryptocb_provider_callback_fn)dlsym( + gExtProviderHandle, "external_provider_callback"); + if (gExtProviderCallback == NULL) { + printf("Warning: external provider missing symbols\n"); + dlclose(gExtProviderHandle); + gExtProviderHandle = NULL; + return INVALID_DEVID; + } + } + + wc_CryptoCb_RegisterDevice(WOLF_CRYPTO_CB_TEST_PROVIDER_ID, gExtProviderCallback, + NULL); + printf("External crypto provider loaded (devId=0x%x)\n", + WOLF_CRYPTO_CB_TEST_PROVIDER_ID); + return WOLF_CRYPTO_CB_TEST_PROVIDER_ID; +} + +/* Cleanup the external crypto callback provider */ +void wc_CryptoCb_CleanupTestCryptoCbProvider(void) { + if (gExtProviderHandle != NULL) { + wc_CryptoCb_UnRegisterDevice(WOLF_CRYPTO_CB_TEST_PROVIDER_ID); + dlclose(gExtProviderHandle); + gExtProviderHandle = NULL; + gExtProviderCallback = NULL; + } +} + +#endif /* WOLF_CRYPTO_CB_TEST_PROVIDER */ diff --git a/tests/cryptocb-provider/cryptocb_loader.h b/tests/cryptocb-provider/cryptocb_loader.h new file mode 100644 index 0000000000..5972f94314 --- /dev/null +++ b/tests/cryptocb-provider/cryptocb_loader.h @@ -0,0 +1,36 @@ +/* cryptocb_loader.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + * Public API header for the external crypto callback provider. + */ + +#ifndef CRYPTOCB_LOADER_H +#define CRYPTOCB_LOADER_H + +#include +#include + +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + +int wc_CryptoCb_InitTestCryptoCbProvider(void); +void wc_CryptoCb_CleanupTestCryptoCbProvider(void); + +#endif +#endif /* CRYPTOCB_LOADER_H */ diff --git a/tests/cryptocb-provider/cryptocb_provider.c b/tests/cryptocb-provider/cryptocb_provider.c new file mode 100644 index 0000000000..bd89c70912 --- /dev/null +++ b/tests/cryptocb-provider/cryptocb_provider.c @@ -0,0 +1,133 @@ +/* cryptocb_provider.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + * External crypto callback provider implementation. + * This file is compiled with user_settings.h that includes the main + * library's options.h (for ABI compatibility) but undefines + * WOLF_CRYPTO_CB_ONLY_* flags to enable software implementations. + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include +#include + +/* Include algorithm headers as needed */ +#ifndef NO_RSA + #include +#endif +#ifdef HAVE_ECC + #include +#endif + +#include "cryptocb_provider.h" + +CRYPTOCB_PROVIDER_API int external_provider_callback( + int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + + (void)ctx; /* unused */ + + if (info == NULL) + return BAD_FUNC_ARG; + + /* Handle public key operations */ + if (info->algo_type == WC_ALGO_TYPE_PK) { +#ifndef NO_RSA + if (info->pk.type == WC_PK_TYPE_RSA) { + /* Set devId to invalid to prevent recursive callback */ + info->pk.rsa.key->devId = INVALID_DEVID; + + /* Perform raw RSA operation (modular exponentiation) */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, + info->pk.rsa.rng); + + /* Restore devId */ + info->pk.rsa.key->devId = devIdArg; + } +#ifdef WOLFSSL_KEY_GEN + else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { + info->pk.rsakg.key->devId = INVALID_DEVID; + + ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size, + info->pk.rsakg.e, info->pk.rsakg.rng); + + info->pk.rsakg.key->devId = devIdArg; + } +#endif /* WOLFSSL_KEY_GEN */ +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +#ifdef HAVE_ECC_DHE + if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { + info->pk.eckg.key->devId = INVALID_DEVID; + + ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size, + info->pk.eckg.key, info->pk.eckg.curveId); + + info->pk.eckg.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDH) { + info->pk.ecdh.private_key->devId = INVALID_DEVID; + + ret = wc_ecc_shared_secret( + info->pk.ecdh.private_key, info->pk.ecdh.public_key, + info->pk.ecdh.out, info->pk.ecdh.outlen); + + info->pk.ecdh.private_key->devId = devIdArg; + } +#endif /* HAVE_ECC_DHE */ +#ifdef HAVE_ECC_SIGN + else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + info->pk.eccsign.key->devId = INVALID_DEVID; + + ret = wc_ecc_sign_hash( + info->pk.eccsign.in, info->pk.eccsign.inlen, + info->pk.eccsign.out, info->pk.eccsign.outlen, + info->pk.eccsign.rng, info->pk.eccsign.key); + + info->pk.eccsign.key->devId = devIdArg; + } +#endif /* HAVE_ECC_SIGN */ +#ifdef HAVE_ECC_VERIFY + else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { + info->pk.eccverify.key->devId = INVALID_DEVID; + + ret = wc_ecc_verify_hash( + info->pk.eccverify.sig, info->pk.eccverify.siglen, + info->pk.eccverify.hash, info->pk.eccverify.hashlen, + info->pk.eccverify.res, info->pk.eccverify.key); + + info->pk.eccverify.key->devId = devIdArg; + } +#endif /* HAVE_ECC_VERIFY */ +#endif /* HAVE_ECC */ + } + + return ret; +} diff --git a/tests/cryptocb-provider/cryptocb_provider.h b/tests/cryptocb-provider/cryptocb_provider.h new file mode 100644 index 0000000000..834e1ea72e --- /dev/null +++ b/tests/cryptocb-provider/cryptocb_provider.h @@ -0,0 +1,50 @@ +/* cryptocb_provider.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + * Public API header for the external crypto callback provider. + * Only these 3 symbols are exported; all others are hidden. + */ + +#ifndef CRYPTOCB_PROVIDER_H +#define CRYPTOCB_PROVIDER_H + +/* Forward declaration - avoid including wolfSSL headers in public API */ +struct wc_CryptoInfo; + +/* Visibility macros for exported symbols */ +#if defined(__GNUC__) && __GNUC__ >= 4 + #define CRYPTOCB_PROVIDER_API __attribute__((visibility("default"))) +#else + #define CRYPTOCB_PROVIDER_API +#endif + +/** + * The crypto callback function to register with wolfSSL. + * + * @param devId Device ID passed to crypto operations + * @param info Crypto operation information structure + * @param ctx User context (unused by this provider) + * @return 0 on success, CRYPTOCB_UNAVAILABLE if not supported, + * negative error code on failure + */ +CRYPTOCB_PROVIDER_API int external_provider_callback( + int devId, struct wc_CryptoInfo* info, void* ctx); + +#endif /* CRYPTOCB_PROVIDER_H */ diff --git a/tests/cryptocb-provider/include.am b/tests/cryptocb-provider/include.am new file mode 100644 index 0000000000..b8211929b2 --- /dev/null +++ b/tests/cryptocb-provider/include.am @@ -0,0 +1,20 @@ +# included from Top Level Makefile.am +# All paths should be given relative to the root + +if BUILD_CRYPTO_CB_TEST_PROVIDER +# Build the provider by invoking the simple Makefile +noinst_DATA += tests/cryptocb-provider/libcryptocbprovider.so + +tests/cryptocb-provider/libcryptocbprovider.so: tests/cryptocb-provider/cryptocb_loader.c tests/cryptocb-provider/cryptocb_provider.c tests/cryptocb-provider/cryptocb_provider.h tests/cryptocb-provider/Makefile + $(MAKE) -C tests/cryptocb-provider WOLFSSL_DIR=$(abs_top_srcdir) + +CLEANFILES += tests/cryptocb-provider/libcryptocbprovider.so +endif + +EXTRA_DIST += tests/cryptocb-provider/README.md +EXTRA_DIST += tests/cryptocb-provider/user_settings.h +EXTRA_DIST += tests/cryptocb-provider/cryptocb_provider.h +EXTRA_DIST += tests/cryptocb-provider/cryptocb_provider.c +EXTRA_DIST += tests/cryptocb-provider/cryptocb_loader.h +EXTRA_DIST += tests/cryptocb-provider/cryptocb_loader.c +EXTRA_DIST += tests/cryptocb-provider/Makefile diff --git a/tests/cryptocb-provider/user_settings.h b/tests/cryptocb-provider/user_settings.h new file mode 100644 index 0000000000..29e2249ebc --- /dev/null +++ b/tests/cryptocb-provider/user_settings.h @@ -0,0 +1,51 @@ +/* user_settings.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + * Configuration for the external crypto callback provider. + * Includes the main library's options.h for ABI compatibility, then + * undefines WOLF_CRYPTO_CB_ONLY_* flags to enable software implementations. + */ + +#ifndef CRYPTOCB_PROVIDER_USER_SETTINGS_H +#define CRYPTOCB_PROVIDER_USER_SETTINGS_H + +/* Include the main library's options.h to get the exact same + * structure definitions and feature set. This is CRITICAL for ABI + * compatibility - the wc_CryptoInfo, RsaKey, ecc_key, etc. structures + * must be identical in both the main library and this provider. + */ +/* TODO: include conditionally main library user settings if no autotool is + * used */ +#include + +/* Remove TLS stack - only need wolfCrypt */ +#define WOLFCRYPT_ONLY + +/* CRITICAL: Undefine WOLF_CRYPTO_CB_ONLY_* to enable software implementations */ +#undef WOLF_CRYPTO_CB_ONLY_RSA +#undef WOLF_CRYPTO_CB_ONLY_ECC +#undef WOLF_CRYPTO_CB_ONLY_SHA512 + +/* Ensure WOLF_CRYPTO_CB is defined for callback structures */ +#ifndef WOLF_CRYPTO_CB +#error "Building CRYPTOCB_PROVIDER without WOLF_CRYPTO_CB" +#endif + +#endif /* CRYPTOCB_PROVIDER_USER_SETTINGS_H */ diff --git a/tests/include.am b/tests/include.am index 7b4e6f17e7..31eb5b7a9d 100644 --- a/tests/include.am +++ b/tests/include.am @@ -20,6 +20,9 @@ tests_unit_test_SOURCES = \ if BUILD_WOLFCRYPT_TESTS tests_unit_test_SOURCES += wolfcrypt/test/test.c endif +if BUILD_CRYPTO_CB_TEST_PROVIDER +tests_unit_test_SOURCES += tests/cryptocb-provider/cryptocb_loader.c +endif tests_unit_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(WOLFSENTRY_INCLUDE) tests_unit_test_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB) diff --git a/testsuite/include.am b/testsuite/include.am index c96c79cbf8..0b8c518e8b 100644 --- a/testsuite/include.am +++ b/testsuite/include.am @@ -13,6 +13,9 @@ testsuite_testsuite_test_SOURCES = \ examples/echoserver/echoserver.c \ examples/server/server.c \ testsuite/testsuite.c +if BUILD_CRYPTO_CB_TEST_PROVIDER +testsuite_testsuite_test_SOURCES += tests/cryptocb-provider/cryptocb_loader.c +endif testsuite_testsuite_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(WOLFSENTRY_INCLUDE) testsuite_testsuite_test_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB) testsuite_testsuite_test_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la diff --git a/wolfcrypt/test/include.am b/wolfcrypt/test/include.am index 8f13876a21..e5d71a35dc 100644 --- a/wolfcrypt/test/include.am +++ b/wolfcrypt/test/include.am @@ -10,6 +10,9 @@ check_PROGRAMS+= wolfcrypt/test/testwolfcrypt endif noinst_PROGRAMS+= wolfcrypt/test/testwolfcrypt wolfcrypt_test_testwolfcrypt_SOURCES = wolfcrypt/test/test.c +if BUILD_CRYPTO_CB_TEST_PROVIDER +wolfcrypt_test_testwolfcrypt_SOURCES += tests/cryptocb-provider/cryptocb_loader.c +endif wolfcrypt_test_testwolfcrypt_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) wolfcrypt_test_testwolfcrypt_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la noinst_HEADERS += wolfcrypt/test/test.h wolfcrypt/test/test_paths.h.in @@ -22,6 +25,9 @@ wolfcrypt_test_libwolfcrypttest_la_SOURCES = wolfcrypt/test/test.c wolfcrypt_test_libwolfcrypttest_la_CPPFLAGS = -DNO_MAIN_DRIVER wolfcrypt_test_libwolfcrypttest_la_LIBADD = src/libwolfssl@LIBSUFFIX@.la wolfcrypt_test_libwolfcrypttest_la_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la +if BUILD_CRYPTO_CB_TEST_PROVIDER +wolfcrypt_test_libwolfcrypttest_la_SOURCES += tests/cryptocb-provider/cryptocb_loader.c +endif endif EXTRA_DIST += wolfcrypt/test/test.sln @@ -32,3 +38,4 @@ EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj.user EXTRA_DIST += wolfcrypt/test/README.md DISTCLEANFILES+= wolfcrypt/test/.libs/testwolfcrypt + diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index e80d194750..eea55fe15a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -458,6 +458,9 @@ static const byte const_byte_array[] = "A+Gd\0\0\0"; #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) #include #endif + #ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + #include "tests/cryptocb-provider/cryptocb_loader.h" + #endif #endif #ifdef _MSC_VER @@ -2027,6 +2030,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ printf("Couldn't get the Renesas device ID\n"); } #endif +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + devId = wc_CryptoCb_InitTestCryptoCbProvider(); + if (devId == INVALID_DEVID) { + printf("Couldn't init the external crypto provider\n"); + } +#endif #endif #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \ @@ -2972,6 +2981,9 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #ifdef HAVE_RENESAS_SYNC wc_CryptoCb_CleanupRenesasCmn(&devId); #endif +#ifdef WOLF_CRYPTO_CB_TEST_PROVIDER + wc_CryptoCb_CleanupTestCryptoCbProvider(); +#endif #endif #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 48438da72c..8503c5da30 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -4251,6 +4251,19 @@ extern void uITRON4_free(void *p) ; #define WOLF_CRYPTO_CB #endif +#if defined(WOLF_CRYPTO_CB_TEST_PROVIDER) +#if !defined(__linux__) +#error "WOLF_CRYPTO_CB_TEST_PROVIDER is only supported on Linux" +#endif +#if defined(WOLFSSL_ASYNC_CRYPT) +#error "WOLF_CRYPTO_CB_TEST_PROVIDER is not supported with WOLFSSL_ASYNC_CRYPT" +#endif +#define WOLF_CRYPTO_CB_TEST_PROVIDER_ID 0x43425056 /* 'CBPV' */ +#ifndef WC_USE_DEVID +#define WC_USE_DEVID WOLF_CRYPTO_CB_TEST_PROVIDER_ID +#endif +#endif /* WOLF_CRYPTO_CB_TEST_PROVIDER */ + /* Skip RSA tests when software is compiled out and no default device is configured */ #if defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WC_USE_DEVID) #define WC_TEST_SKIP_RSA From b773f98f70cb1d402a8364c63d46571c17a9e715 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Thu, 22 Jan 2026 15:30:23 +0100 Subject: [PATCH 5/5] ci: github workflow: test WOLF_CRYPTO_CB_ONLY options --- .github/workflows/cryptocb_provider.yml | 51 +++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/cryptocb_provider.yml diff --git a/.github/workflows/cryptocb_provider.yml b/.github/workflows/cryptocb_provider.yml new file mode 100644 index 0000000000..f03d408c09 --- /dev/null +++ b/.github/workflows/cryptocb_provider.yml @@ -0,0 +1,51 @@ +name: CryptoCB Only Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + make_check: + strategy: + fail-fast: false + matrix: + config: [ + # tests skipping tests in CI + '--enable-cryptocb CFLAGS="-DNO_SESSION_CACHE -DWOLF_CRYPTO_CB_ONLY_RSA"', + '--enable-cryptocb CFLAGS="-DNO_SESSION_CACHE -DWOLF_CRYPTO_CB_ONLY_ECC"', + '--enable-cryptocb CFLAGS="-DNO_SESSION_CACHE -DWOLF_CRYPTO_CB_ONLY_ECC -DWOLF_CRYPTO_CB_ONLY_RSA"', + # tests using external crypto device provider + '--enable-cryptocb --enable-cryptocb-test-provider CFLAGS="-DNO_SESSION_CACHE -DWOLF_CRYPTO_CB_ONLY_ECC"', + '--enable-cryptocb --enable-cryptocb-test-provider CFLAGS="-DNO_SESSION_CACHE -DWOLF_CRYPTO_CB_ONLY_RSA"', + '--enable-cryptocb --enable-cryptocb-test-provider CFLAGS="-DNO_SESSION_CACHE -DWOLF_CRYPTO_CB_ONLY_ECC -DWOLF_CRYPTO_CB_ONLY_RSA"', + ] + name: make check + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-22.04 + # This should be a safe limit for the tests to run. + timeout-minutes: 15 + steps: + - uses: actions/checkout@v4 + name: Checkout wolfSSL + + - name: Test wolfSSL CryptoCB Only + run: | + ./autogen.sh + ./configure ${{ matrix.config }} + make -j 4 + make check + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi