@@ -415,22 +415,22 @@ static CK_RV test_nss_config_string_parsing(void* args)
415415 CK_RV ret;
416416 CK_C_INITIALIZE_ARGS initArgs;
417417 CK_CHAR_PTR nssConfigStr = (CK_CHAR_PTR)"configdir='' certPrefix='' keyPrefix='' secmod='' flags=readOnly,noCertDB,noModDB,forceOpen,optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''";
418-
418+
419419 (void)args;
420-
420+
421421 /* Test with the problematic NSS config string that has unquoted flags */
422422 XMEMSET(&initArgs, 0x00, sizeof(initArgs));
423423 initArgs.flags = CKF_OS_LOCKING_OK;
424424 initArgs.LibraryParameters = (CK_CHAR_PTR *)nssConfigStr;
425-
425+
426426 /* This should succeed - the parser should handle unquoted flag values */
427427 ret = funcList->C_Initialize(&initArgs);
428428 CHECK_CKR(ret, "Initialize with NSS config string");
429-
429+
430430 if (ret == CKR_OK) {
431431 funcList->C_Finalize(NULL);
432432 }
433-
433+
434434 return ret;
435435}
436436
@@ -439,22 +439,22 @@ static CK_RV test_nss_config_string_mixed_values(void* args)
439439 CK_RV ret;
440440 CK_C_INITIALIZE_ARGS initArgs;
441441 CK_CHAR_PTR nssConfigStr = (CK_CHAR_PTR)"configdir='/tmp/test' certPrefix='' keyPrefix=cert flags=readOnly,noCertDB updatedir='' updateid=test123";
442-
442+
443443 (void)args;
444-
444+
445445 /* Test with mixed quoted and unquoted values */
446446 XMEMSET(&initArgs, 0x00, sizeof(initArgs));
447447 initArgs.flags = CKF_OS_LOCKING_OK;
448448 initArgs.LibraryParameters = (CK_CHAR_PTR *)nssConfigStr;
449-
449+
450450 /* This should succeed - the parser should handle mixed quoted/unquoted values */
451451 ret = funcList->C_Initialize(&initArgs);
452452 CHECK_CKR(ret, "Initialize with mixed NSS config string");
453-
453+
454454 if (ret == CKR_OK) {
455455 funcList->C_Finalize(NULL);
456456 }
457-
457+
458458 return ret;
459459}
460460#endif
@@ -1605,20 +1605,6 @@ static CK_RV test_nss_pkcs12_pbe_sha384_hmac_key_gen(void* args)
16051605 sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE), &key);
16061606 CHECK_CKR(ret, "NSS PKCS#12 PBE SHA384 HMAC Key Generation");
16071607
1608- /* Test with invalid password */
1609- if (ret == CKR_OK) {
1610- CK_PBE_PARAMS invalidParams = pbeParams;
1611- CK_MECHANISM invalidMech = mechanism;
1612- invalidParams.pPassword = NULL;
1613- invalidMech.pParameter = &invalidParams;
1614-
1615- ret = funcList->C_GenerateKey(session, &invalidMech, keyTemplate,
1616- sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE), &key);
1617- CHECK_CKR_FAIL(ret, CKR_MECHANISM_PARAM_INVALID,
1618- "NSS PKCS#12 PBE SHA384 with NULL password");
1619- ret = CKR_OK; /* Reset for next test */
1620- }
1621-
16221608 return ret;
16231609}
16241610
@@ -1735,23 +1721,6 @@ static CK_RV test_nss_pkcs12_pbe_key_sizes(void* args)
17351721 CHECK_CKR(ret, "NSS PKCS#12 PBE with different key sizes");
17361722 }
17371723
1738- /* Test invalid key size (too large) */
1739- if (ret == CKR_OK) {
1740- CK_ULONG invalidKeySize = 1024; /* Too large */
1741- CK_ATTRIBUTE keyTemplate[] = {
1742- {CKA_CLASS, &keyClass, sizeof(keyClass)},
1743- {CKA_KEY_TYPE, &keyType, sizeof(keyType)},
1744- {CKA_VALUE_LEN, &invalidKeySize, sizeof(CK_ULONG)},
1745- {CKA_LABEL, keyLabel, sizeof(keyLabel)-1}
1746- };
1747-
1748- ret = funcList->C_GenerateKey(session, &mechanism, keyTemplate,
1749- sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE), &key);
1750- CHECK_CKR_FAIL(ret, CKR_ATTRIBUTE_VALUE_INVALID,
1751- "NSS PKCS#12 PBE with invalid key size");
1752- ret = CKR_OK; /* Reset for continuation */
1753- }
1754-
17551724 return ret;
17561725}
17571726
@@ -1903,6 +1872,7 @@ static CK_RV test_pkcs5_pbkdf2_key_gen(void* args)
19031872 ret = CKR_OK; /* Reset for next test */
19041873 }
19051874
1875+ #ifndef NO_SHA
19061876 /* Test different hash algorithms */
19071877 if (ret == CKR_OK) {
19081878 CK_PKCS5_PBKD2_PARAMS sha1Params = pbkdf2Params;
@@ -1914,6 +1884,7 @@ static CK_RV test_pkcs5_pbkdf2_key_gen(void* args)
19141884 sizeof(keyTemplate)/sizeof(CK_ATTRIBUTE), &key);
19151885 CHECK_CKR(ret, "PKCS#5 PBKDF2 with SHA1");
19161886 }
1887+ #endif
19171888
19181889 if (ret == CKR_OK) {
19191890 CK_PKCS5_PBKD2_PARAMS sha512Params = pbkdf2Params;
@@ -15507,21 +15478,21 @@ static CK_RV test_nss_email_attribute(void* args)
1550715478 CK_RV ret = CKR_OK;
1550815479 CK_OBJECT_HANDLE obj = CK_INVALID_HANDLE;
1550915480 CK_CERTIFICATE_TYPE certType = CKC_X_509;
15510-
15481+
1551115482 /* Test email address */
1551215483 static CK_UTF8CHAR test_email[] = "test@wolfssl.com";
1551315484 static CK_UTF8CHAR label[] = "NSS Email Test Certificate";
1551415485 static CK_BYTE subject[] = "CN=Test User,O=wolfSSL,C=US";
1551515486 static CK_BYTE id[] = {0x01, 0x02, 0x03, 0x04, 0x05};
15516-
15487+
1551715488 /* Minimal X.509 certificate data for testing */
1551815489 static CK_BYTE certificate[] = {
1551915490 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
1552015491 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
1552115492 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82,
1552215493 0x01, 0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2
1552315494 };
15524-
15495+
1552515496 /* Template for creating the certificate object with NSS email attribute */
1552615497 CK_ATTRIBUTE tmpl[] = {
1552715498 { CKA_CLASS, &certificateClass, sizeof(certificateClass) },
@@ -15534,23 +15505,23 @@ static CK_RV test_nss_email_attribute(void* args)
1553415505 { CKA_NSS_EMAIL, test_email, sizeof(test_email)-1 }
1553515506 };
1553615507 CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl);
15537-
15508+
1553815509 /* Buffer to retrieve the email attribute */
1553915510 CK_BYTE emailBuffer[64];
1554015511 CK_ATTRIBUTE getEmailAttr = {
1554115512 CKA_NSS_EMAIL, emailBuffer, sizeof(emailBuffer)
1554215513 };
15543-
15514+
1554415515 /* Create the certificate object with NSS email attribute */
1554515516 ret = funcList->C_CreateObject(session, tmpl, tmplCnt, &obj);
1554615517 CHECK_CKR(ret, "Create Certificate Object with NSS Email");
15547-
15518+
1554815519 /* Verify the NSS_EMAIL attribute can be retrieved */
1554915520 if (ret == CKR_OK) {
1555015521 ret = funcList->C_GetAttributeValue(session, obj, &getEmailAttr, 1);
1555115522 CHECK_CKR(ret, "Get NSS_EMAIL attribute");
1555215523 }
15553-
15524+
1555415525 /* Verify the email value matches what was set */
1555515526 if (ret == CKR_OK) {
1555615527 if (getEmailAttr.ulValueLen != sizeof(test_email)-1 ||
@@ -15559,25 +15530,25 @@ static CK_RV test_nss_email_attribute(void* args)
1555915530 CHECK_CKR(ret, "NSS_EMAIL attribute value incorrect");
1556015531 }
1556115532 }
15562-
15533+
1556315534 /* Test getting the attribute length first (NULL buffer) */
1556415535 if (ret == CKR_OK) {
1556515536 CK_ATTRIBUTE getLenAttr = { CKA_NSS_EMAIL, NULL, 0 };
1556615537 ret = funcList->C_GetAttributeValue(session, obj, &getLenAttr, 1);
1556715538 CHECK_CKR(ret, "Get NSS_EMAIL attribute length");
15568-
15539+
1556915540 if (ret == CKR_OK && getLenAttr.ulValueLen != sizeof(test_email)-1) {
1557015541 ret = -1;
1557115542 CHECK_CKR(ret, "NSS_EMAIL attribute length incorrect");
1557215543 }
1557315544 }
15574-
15545+
1557515546 /* Clean up - destroy the object */
1557615547 if (ret == CKR_OK) {
1557715548 ret = funcList->C_DestroyObject(session, obj);
1557815549 CHECK_CKR(ret, "Destroy NSS Email Certificate Object");
1557915550 }
15580-
15551+
1558115552 return ret;
1558215553}
1558315554#endif
0 commit comments