wolfcrypt/test/test.c and wolfcrypt/test/test.h:

douzzer · douzzer · commit 60cd60536390 · 2026-05-01T15:20:02.000-05:00
* add correct gating around pbkdf1_test(), pkcs12_pbkdf_test(), and scrypt_test() prototypes;
* add unit tests for wc_PBKDF_max_iterations_set() and wc_PBKDF_max_iterations_get() in pbkdf2_test();
* fix pkcs12_test() to skip the evilPkcs12 test if evil_p12 can't be parsed for any reason, mirroring the new stanza around evil_p12 in pwdbased_test().
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -729,12 +729,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openSSL_evpMD_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_evpSig_test(void);
 #endif
 
+#if defined(HAVE_PBKDF1) && !defined(NO_SHA)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
+#endif
+#if defined(HAVE_PKCS12) && !defined(NO_SHA256)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void);
+#endif
 #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
 #endif
+#if !defined(NO_PWDBASED) && defined(HAVE_SCRYPT)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
+#endif
 #ifdef HAVE_ECC
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ecc_test(void);
     #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
@@ -30789,7 +30795,31 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void)
     if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
         return WC_TEST_RET_ENC_NC;
 
-    return 0;
+    {
+        int cur_pbkdf_limit = wc_PBKDF_max_iterations_set(iterations - 1);
+        if (cur_pbkdf_limit <= 0)
+            return WC_TEST_RET_ENC_EC(cur_pbkdf_limit);
+        ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd),
+                       salt, (int)sizeof(salt), iterations,
+                       kLen, WC_SHA256, HEAP_HINT, devId);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            return WC_TEST_RET_ENC_EC(ret);
+        ret = wc_PBKDF_max_iterations_set(-1);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            return WC_TEST_RET_ENC_EC(ret);
+        ret = wc_PBKDF_max_iterations_set(0);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            return WC_TEST_RET_ENC_EC(ret);
+        ret = wc_PBKDF_max_iterations_get();
+        if (ret != iterations - 1)
+            return WC_TEST_RET_ENC_NC;
+        ret = wc_PBKDF_max_iterations_set(cur_pbkdf_limit);
+        if (ret != iterations - 1)
+            return WC_TEST_RET_ENC_EC(ret);
+        ret = 0;
+    }
+
+    return ret;
 
 }
 #endif /* HAVE_PBKDF2 && !NO_SHA256 && !NO_HMAC */
@@ -31014,12 +31044,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
             goto out;
         }
         ret = wc_d2i_PKCS12(evil_p12, (word32)sizeof(evil_p12), evilPkcs12);
-        if (ret != 0) {
-            wc_PKCS12_free(evilPkcs12);
-            ret = WC_TEST_RET_ENC_EC(ret);
-            goto out;
-        }
-        {
+        if (ret == 0) {
             byte* evilKey = NULL;
             byte* evilCert = NULL;
             word32 evilKeySz = 0, evilCertSz = 0;
@@ -31030,14 +31055,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
             XFREE(evilCert, HEAP_HINT, DYNAMIC_TYPE_PKCS);
             if (evilCa)
                 wc_FreeCertList(evilCa, HEAP_HINT);
+            wc_PKCS12_free(evilPkcs12);
+            /* Must have been rejected (not hung) */
+            if (ret == 0) {
+                ret = WC_TEST_RET_ENC_NC;
+                goto out;
+            }
+            ret = 0;  /* rejection is the expected outcome */
         }
-        wc_PKCS12_free(evilPkcs12);
-        /* Must have been rejected (not hung) */
-        if (ret == 0) {
-            ret = WC_TEST_RET_ENC_NC;
-            goto out;
-        }
-        ret = 0;  /* rejection is the expected outcome */
     }
 
 out:
diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h
@@ -262,12 +262,18 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openSSL_evpMD_test(void);
 extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_evpSig_test(void);
 #endif
 
+#if defined(HAVE_PBKDF1) && !defined(NO_SHA)
 extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
+#endif
+#if defined(HAVE_PKCS12) && !defined(NO_SHA256)
 extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void);
+#endif
 #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
 extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
 #endif
+#if !defined(NO_PWDBASED) && defined(HAVE_SCRYPT)
 extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
+#endif
 #ifdef HAVE_ECC
     extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ecc_test(void);
     #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
