Skip to content

Commit 3a2b3e6

Browse files
jackctj117jackctj117
committed
Switch test_MakeCertWith0Ser from ECC to RSA to avoid ECC curve cache leak under valgrind
1 parent b8c1cf9 commit 3a2b3e6

1 file changed

Lines changed: 9 additions & 15 deletions

File tree

tests/api.c

Lines changed: 9 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -21390,24 +21390,24 @@ static int test_MakeCertWith0Ser(void)
2139021390
{
2139121391
EXPECT_DECLS;
2139221392
#if defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) && \
21393-
defined(WOLFSSL_CERT_GEN) && defined(HAVE_ECC) && \
21393+
defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) && \
2139421394
defined(WOLFSSL_ASN_TEMPLATE)
2139521395
Cert cert;
2139621396
DecodedCert decodedCert;
2139721397
byte der[FOURK_BUF];
2139821398
int derSize = 0;
2139921399
WC_RNG rng;
21400-
ecc_key key;
21400+
RsaKey key;
2140121401
int ret;
2140221402

2140321403
XMEMSET(&rng, 0, sizeof(WC_RNG));
21404-
XMEMSET(&key, 0, sizeof(ecc_key));
21404+
XMEMSET(&key, 0, sizeof(RsaKey));
2140521405
XMEMSET(&cert, 0, sizeof(Cert));
2140621406
XMEMSET(&decodedCert, 0, sizeof(DecodedCert));
2140721407

2140821408
ExpectIntEQ(wc_InitRng(&rng), 0);
21409-
ExpectIntEQ(wc_ecc_init(&key), 0);
21410-
ExpectIntEQ(wc_ecc_make_key(&rng, 32, &key), 0);
21409+
ExpectIntEQ(wc_InitRsaKey(&key, NULL), 0);
21410+
ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
2141121411
ExpectIntEQ(wc_InitCert(&cert), 0);
2141221412

2141321413
(void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE);
@@ -21421,22 +21421,16 @@ static int test_MakeCertWith0Ser(void)
2142121421
CTC_NAME_SIZE);
2142221422

2142321423
cert.selfSigned = 1;
21424-
/* Changed from isCA=1 to isCA=0 to test non-root certificate.
21425-
* Serial 0 is now allowed for root CAs (selfSigned && isCA),
21426-
* but should still be rejected for non-CA certificates. */
2142721424
cert.isCA = 0;
21428-
cert.sigType = CTC_SHA256wECDSA;
21429-
21430-
/* Note: KEYUSE_KEY_CERT_SIGN is not set here because it's only valid for
21431-
* CA certificates. This test creates a non-CA certificate (isCA=0). */
21425+
cert.sigType = CTC_SHA256wRSA;
2143221426

2143321427
/* set serial number to 0 */
2143421428
cert.serialSz = 1;
2143521429
cert.serial[0] = 0;
2143621430

21437-
ExpectIntGE(wc_MakeCert(&cert, der, FOURK_BUF, NULL, &key, &rng), 0);
21431+
ExpectIntGE(wc_MakeCert(&cert, der, FOURK_BUF, &key, NULL, &rng), 0);
2143821432
ExpectIntGE(derSize = wc_SignCert(cert.bodySz, cert.sigType, der,
21439-
FOURK_BUF, NULL, &key, &rng), 0);
21433+
FOURK_BUF, &key, NULL, &rng), 0);
2144021434

2144121435
wc_InitDecodedCert(&decodedCert, der, (word32)derSize, NULL);
2144221436

@@ -21449,7 +21443,7 @@ static int test_MakeCertWith0Ser(void)
2144921443
#endif
2145021444

2145121445
wc_FreeDecodedCert(&decodedCert);
21452-
ret = wc_ecc_free(&key);
21446+
ret = wc_FreeRsaKey(&key);
2145321447
ExpectIntEQ(ret, 0);
2145421448
ret = wc_FreeRng(&rng);
2145521449
ExpectIntEQ(ret, 0);

0 commit comments

Comments
 (0)