Fixed more configuration mismatches in tests

Author: danielinux

tests/api.c

@@ -4139,7 +4139,7 @@ static int test_wolfSSL_session_cache_api_direct(void)
     ExpectIntEQ(wolfSSL_SetServerID(ssl, NULL, sizeof(shortId), 0),
         BAD_FUNC_ARG);
     ExpectIntEQ(wolfSSL_SetServerID(ssl, shortId, 0, 0), BAD_FUNC_ARG);
-#ifndef NO_CLIENT_CACHE
+#if !defined(NO_CLIENT_CACHE) && !defined(NO_WOLFSSL_CLIENT)
     ExpectIntEQ(wolfSSL_SetServerID(ssl, shortId, (int)sizeof(shortId), 1),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_SetServerID(ssl, longId, (int)sizeof(longId), 1),
@@ -4277,7 +4277,7 @@ static int test_wolfSSL_crl_ocsp_object_api(void)
 #endif
 #endif
 
-#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_CLIENT)
     ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR_OCSP, 0),
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
@@ -4288,15 +4288,13 @@ static int test_wolfSSL_crl_ocsp_object_api(void)
             WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     }
 #endif
-#ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_UseOCSPStapling(clientSsl, WOLFSSL_CSR_OCSP, 0),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_UseOCSPStapling(clientCtx, WOLFSSL_CSR_OCSP, 0),
         WOLFSSL_SUCCESS);
 #endif
-#endif
 
-#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(NO_WOLFSSL_CLIENT)
     ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP, 0),
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
@@ -4307,12 +4305,10 @@ static int test_wolfSSL_crl_ocsp_object_api(void)
             WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     }
 #endif
-#ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(clientSsl, WOLFSSL_CSR2_OCSP, 0),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_UseOCSPStaplingV2(clientCtx, WOLFSSL_CSR2_OCSP, 0),
         WOLFSSL_SUCCESS);
-#endif
 #endif
 
     wolfSSL_free(clientSsl);
@@ -27417,7 +27413,7 @@ static int test_CONF_CTX_CMDLINE(void)
 {
     EXPECT_DECLS;
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && !defined(NO_TLS) && \
-    !defined(NO_WOLFSSL_SERVER)
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
     SSL_CTX* ctx = NULL;
     SSL_CONF_CTX* cctx = NULL;
     SSL_CONF_CTX* noCertCtx = NULL;
@@ -29044,7 +29040,7 @@ static int test_wc_CryptoCb_TLS(int tlsVer,
 }
 #endif /* WOLF_CRYPTO_CB && HAVE_IO_TESTS_DEPENDENCIES */
 
-#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC)
+#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && !defined(NO_SHA256)
 static int test_wc_KdfPrf_guardrails(void)
 {
     EXPECT_DECLS;
@@ -29064,6 +29060,8 @@ static int test_wc_KdfPrf_guardrails(void)
     ExpectIntEQ(wc_PRF(out, sizeof(out), secret, 16, seed, sizeof(seed),
         sha256_mac, HEAP_HINT, INVALID_DEVID), 0);
 
+    /* PRF_TLSv1 requires both MD5 and SHA1. */
+#if !defined(NO_MD5) && !defined(NO_SHA) && !defined(NO_OLD_TLS)
     ExpectIntEQ(wc_PRF_TLSv1(out, sizeof(out), secret, (word32)sizeof(secret),
         label, (word32)sizeof(label), seed, 1, HEAP_HINT, INVALID_DEVID),
         WC_NO_ERR_TRACE(BUFFER_E));
@@ -29072,13 +29070,16 @@ static int test_wc_KdfPrf_guardrails(void)
         WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(wc_PRF_TLSv1(out, sizeof(out), secret, 16,
         label, (word32)sizeof(label), seed, 1, HEAP_HINT, INVALID_DEVID), 0);
+#endif
 
     ExpectIntEQ(wc_PRF_TLS(out, sizeof(out), secret, 16, label,
         (word32)sizeof(label), seed, MAX_PRF_LABSEED, 1, sha256_mac,
         HEAP_HINT, INVALID_DEVID), WC_NO_ERR_TRACE(BUFFER_E));
+#ifndef NO_MD5
     ExpectIntEQ(wc_PRF_TLS(out, sizeof(out), secret, 16, label,
         (word32)sizeof(label), seed, 1, 1, md5_mac, HEAP_HINT, INVALID_DEVID),
         0);
+#endif
     return EXPECT_RESULT();
 }
 #endif
@@ -36611,17 +36612,19 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_ticket_and_psk_mixing),
     /* Can't memory test as client/server Asserts in thread. */
     TEST_DECL(test_prioritize_psk),
-#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC)
+#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && !defined(NO_SHA256)
     TEST_DECL(test_wc_KdfPrf_guardrails),
 #endif
 #if defined(HAVE_HKDF)
     TEST_DECL(test_wc_KdfHkdf_guardrails),
 #endif
 
-#ifdef WOLF_CRYPTO_CB
+#if defined(WOLF_CRYPTO_CB) && defined(HAVE_IO_TESTS_DEPENDENCIES)
     TEST_DECL(test_wc_CryptoCb_hkdf_wrapper),
     /* Can't memory test as client/server hangs. */
     TEST_DECL(test_wc_CryptoCb_registry),
+#endif
+#ifdef WOLF_CRYPTO_CB
     /* Can't memory test as client/server hangs. */
     TEST_DECL(test_wc_CryptoCb),
 #endif

tests/api/test_chacha20_poly1305.c

@@ -543,8 +543,8 @@ int test_wc_Chacha20Poly1305DecisionCoverage(void)
     EXPECT_DECLS;
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
     ChaChaPoly_Aead aead;
-    byte ct[64];
-    byte pt[64];
+    byte ct[sizeof(tv_plaintext)];
+    byte pt[sizeof(tv_plaintext)];
     byte tag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
     byte tag2[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
     static const byte data15[15] = {

tests/api/test_evp_pkey.c

@@ -2981,12 +2981,13 @@ int test_wolfSSL_EvpPkeyDeriveCoverage2(void)
 #ifndef NO_RSA
         rsaKey = EVP_PKEY_new();
         if (rsaKey != NULL) {
+            EVP_PKEY *saved_peer;
             WOLFSSL_RSA *rsa = wolfSSL_RSA_generate_key(1024, WC_RSA_EXPONENT,
                                                         NULL, NULL);
             if (rsa != NULL) {
                 (void)wolfSSL_EVP_PKEY_assign_RSA(rsaKey, rsa);
             }
-            EVP_PKEY *saved_peer = ctx->peerKey;
+            saved_peer = ctx->peerKey;
             ctx->peerKey = rsaKey;
             keylen = sizeof(outbuf);
             ExpectIntNE(wolfSSL_EVP_PKEY_derive(ctx, outbuf, &keylen),
@@ -3782,8 +3783,9 @@ int test_wolfSSL_EvpPkeyVerifyBatch4(void)
 
     /* P3: ctx->pkey == NULL */
     if (ctx != NULL) {
+        EVP_PKEY *saved;
         (void)wolfSSL_EVP_PKEY_verify_init(ctx);
-        EVP_PKEY *saved = ctx->pkey;
+        saved = ctx->pkey;
         ctx->pkey = NULL;
         ExpectIntNE(wolfSSL_EVP_PKEY_verify(ctx, bad_sig, sizeof(bad_sig),
                                             tbs, sizeof(tbs)),

tests/api/test_md5.c

@@ -189,7 +189,7 @@ int test_wc_Md5UpdateResidualCoverage(void)
 {
     EXPECT_DECLS;
 #ifndef NO_MD5
-    Md5    md5;
+    wc_Md5 md5;
     byte   digest[WC_MD5_DIGEST_SIZE];
     byte   buf[WC_MD5_BLOCK_SIZE * 2 + 1]; /* 129 bytes */
 

tests/api/test_ocsp.c

@@ -116,6 +116,8 @@ static int test_ssl_api_ocsp_crl_guardrails(void)
     defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
     unsigned char* ocspResp = NULL;
     byte* ownedResp = NULL;
+    (void)ocspResp;
+    (void)ownedResp;
 #endif
 
     /* Null-object guardrails for OCSP wrappers. */
@@ -156,10 +158,12 @@ static int test_ssl_api_ocsp_crl_guardrails(void)
 #if !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
     ExpectNotNull(clientCtx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectNotNull(clientSsl = wolfSSL_new(clientCtx));
+#ifndef NO_WOLFSSL_SERVER
     serverCtx = wolfSSL_CTX_new(wolfSSLv23_server_method());
     if (serverCtx != NULL) {
         serverSsl = wolfSSL_new(serverCtx);
     }
+#endif
 
     /* Wrong-side coverage: OCSP stapling use APIs are client-only. */
 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST

tests/api/test_signature.c

@@ -658,7 +658,13 @@ int test_wc_SignatureRsaDecisionCoverage(void)
 int test_wc_SignatureGetSizeAllTypes(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_SIG_WRAPPER)
+    /* Mirror the implicit NO_SIG_WRAPPER auto-disable in wolfcrypt/src/signature.c:
+     * the wrapper is only compiled when an ECC sign/verify path or RSA is
+     * available. */
+#if !defined(NO_SIG_WRAPPER) && \
+    ((defined(HAVE_ECC) && \
+      (defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY))) || \
+     !defined(NO_RSA))
 #if defined(HAVE_ECC) && !defined(NO_ECC256)
     {
         ecc_key ecc;