WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
12,985 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

1195 Commits (1e26238f49e5fd5128d7066901f27f4229ae94e0)

Author SHA1 Message Date
Glenn Strauss 92c3296e13 preprocessor -DNO_BIO to omit OpenSSL BIO API 2020-11-05 20:40:43 -06:00
Ethan Looney 232ac03bbe Changed it to only the inverse 2020-11-05 14:38:23 -07:00
Ethan Looney 0aee4b78cd Changed md5 to sha256 in DigestFinal_ex function 2020-11-05 14:36:42 -07:00
Ethan Looney 06f1a1870d Added inverse case 2020-11-05 13:05:15 -07:00
toddouska b76ac0b842
Merge pull request #3442 from SparkiDev/config_fix_2 
Configuration fixes
 2020-11-03 14:48:49 -08:00
Ethan Looney 813a94ab9a Added bad and good case to EVP_DigestFinal_ex test 2020-11-03 14:57:30 -07:00
Ethan Looney 48073fb678 Removed unnecessary test 2020-11-02 14:22:01 -07:00
Ethan Looney cf05a060f7 Removed cases that caused fips test to fail 2020-11-02 14:16:02 -07:00
Ethan Looney 05d01dcccd Added if defined checks for rc4 and fips 2020-11-02 14:11:07 -07:00
Ethan Looney 251f3e15d4 Added fips check for specific size 2020-11-02 14:11:07 -07:00
Ethan Looney 7412374496 Changed from hardcoded values, changed types and deleted comments 2020-11-02 14:11:07 -07:00
Ethan Looney 8122c031bf Added ifdef's, changed key sizes to relevant sizes 2020-11-02 14:11:07 -07:00
Ethan Looney b46f87ffe6 Added unit test for evp.c 2020-11-02 14:11:07 -07:00
Ethan Looney 8728eaf93f Removed duplicate return check and added return check 2020-10-30 13:19:12 -06:00
Juliusz Sosinowicz aff14091e0 AAD should be reset on Init call 2020-10-29 12:13:35 +01:00
Sean Parkinson 320afab227 Configuration fixes 
--enable-sp --enable-sp-asm --disable-fastmath:
    cpuid.h - check for WOLFSSL_SP_ASM as well

-enable-curve448 --enable-ed448 --disable-rsa --disable-dh
--enable-tls13 --disable-ecc --enable-certgen --enable-keygen:
    api.c - certificate loaded that was RSA but RSA disabled

--enable-sp --enable-sp-asm --enable-sp-math:
    cpuid.c - check for WOLFSSL_SP_ASM as well

--disable-shared --disable-ecc --disable-dh --enable-cryptonly
--enable-rsavfy --disable-asn --disable-rng --disable-filesystem:
    test.c - rsa_test()

'CC=clang -fsanitize=address' '-enable-distro' '--enable-stacksize':
testsuit.c - echoclient_test_wrapper needs to free ECC FP cache when
it is in a separate thread
 2020-10-29 16:21:06 +10:00
toddouska 931eea30f5
Merge pull request #3397 from cconlon/rc2 
RC2 ECB/CBC and PKCS#12 Integration
 2020-10-28 15:06:47 -07:00
John Safranek 9c1049f112
Compatibility Layer 
1. Changed the ASN1_OBJECT member of the X509_NAME_ENTRY to be a pointer
   rather than an object. It could lead to a double free on the name
   entry.
2. The ASN1_OBJECT allocator should set the dynamic flag, as the
   deallocator is the one that uses it.
3. General changes to treat the member as a pointer rather than a
   member.
4. In the api test, we were iterating over the name members in the name
   checking the NIDs. After the loop we freed the name member object.
   This led to a double free error.
 2020-10-25 14:38:07 -07:00
Ethan Looney a5f86729f9 Deleted comment 2020-10-23 13:52:06 -06:00
Ethan Looney 2bd761bb4c Added a case for logging.c unit test with debug not enabled 2020-10-22 14:51:07 -06:00
toddouska 1e43d65d2a
Merge pull request #3392 from SparkiDev/ocsp_must_staple 
TLS OCSP Stapling: MUST staple option
 2020-10-20 15:07:08 -07:00
Chris Conlon d4bbe529fb switch RC2 struct name to Rc2 for consistent camel case across algorithms 2020-10-16 15:19:47 -06:00
Chris Conlon 062df01737 add PKCS12 RC2 test case, example p12 bundle 2020-10-16 12:02:20 -06:00
Chris Conlon 0854efe168 add API unit tests for RC2 2020-10-16 12:02:20 -06:00
Sean Parkinson 60b0b0170b TLS OCSP Stapling: MUST staple option 
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
 2020-10-16 09:03:27 +10:00
Daniel Pouzzner eb7a79aa5e misc fixes for coverage and buildability: add MD2 to --enable-all*; fix spelling of "Sno" to "no" for $ENABLED_BLAKE2S default; when ENABLED_QSH add -DWOLFSSL_STATIC_DH -DWOLFSSL_STATIC_PSK (relates to ZD11073); add missing gating for !defined(WOLFSSL_DEVCRYPTO) in api.c:test_wc_Sha256FinalRaw(); fix tests/api.c:IsValidCipherSuite() to build under gcc10 (relates to ZD11073). 2020-10-15 15:05:29 -05:00
John Safranek aeeeb666a7
Maintenance Fixes 
1. The test_wolfSSL_X509V3_EXT_print() test was using stderr for output,
   changed to stdout.
2. A call to XFREAD wasn't typecasting its output to the size of the
   variable getting the output in decodedCertCache_test().
 2020-10-09 15:01:32 -07:00
Daniel Pouzzner 1c492dc0b6 cosmetic cleanups. 2020-10-06 22:14:08 -05:00
Daniel Pouzzner a3185310ca tests/api.c: clean up and parameterize key/buffers sizes in test_wc_CheckProbablePrime(). 2020-10-01 14:38:26 -05:00
Daniel Pouzzner 3ef242e889 tests/api.c: change RSA keysize from 1024 to 2048 for sp-math compatibility, in test_wc_CheckProbablePrime(), test_wc_CheckProbablePrime(), test_wc_RsaPSS_Verify(), test_wc_RsaPSS_VerifyCheck(), test_wc_RsaPSS_VerifyCheck(), test_wc_RsaPSS_VerifyCheckInline(), and test_wolfSSL_DC_cert(). 2020-10-01 14:38:26 -05:00
Kareem Abuobeid d59784e646 Fix issues found by -fsanitize=thread. 2020-09-30 14:24:20 -07:00
toddouska fc988ad3e7
Merge pull request #3325 from julek-wolfssl/openssl-compat-aes-gcm-2-part-aad 
Buffer AAD in wolfSSL_EVP_CipherUpdate_GCM  so that whole value is hashed
 2020-09-29 13:46:44 -07:00
Juliusz Sosinowicz 78e003e7de Plug leak 2020-09-29 12:24:59 +02:00
Chris Conlon d143015059
Merge pull request #3336 from ethanlooney/26th_branch 
Added unit test for Des3
 2020-09-28 10:14:31 -06:00
Juliusz Sosinowicz 942168c62d Add decrypt tests 2020-09-28 15:59:50 +02:00
Ethan Looney e49505fbb8 Added key free 2020-09-25 13:42:19 -06:00
toddouska 2d97acadc9
Merge pull request #3331 from dgarske/armasm 
Fixes for ARM ASM and API unit test bad build macros
 2020-09-25 12:41:30 -07:00
Juliusz Sosinowicz 7e38b6bee6 Test 2 part GCM data and EVP context re-use 2020-09-25 11:03:58 +02:00
Ethan Looney 4662690fdc Added unit test for Des3 2020-09-24 14:05:14 -06:00
toddouska 1668f6f626
Merge pull request #3244 from douzzer/20200820-linuxkm 
Linux Kernel Module support
 2020-09-24 12:57:22 -07:00
toddouska d75d3108b0
Merge pull request #3314 from SparkiDev/evp_hmac_sha3 
Test wolfSSL_HMAC with SHA-3
 2020-09-24 12:48:40 -07:00
Chris Conlon b3fc5eb254
Merge pull request #3326 from ethanlooney/25th_branch 
Added unit tests for PKCS7
 2020-09-24 13:33:57 -06:00
Chris Conlon 6780e5eb0b
Merge pull request #3290 from ethanlooney/22nd_branch 
Added unit tests for RSA.c
 2020-09-24 09:54:11 -06:00
Daniel Pouzzner fc592e8434 tests/api.c: in test_wc_PKCS7_BER(), provide for !NO_DES3 && !NO_RSA && WOLFSSL_SP_MATH case. 2020-09-23 18:32:16 -05:00
David Garske 8d2c8b0c89 And the CAVP self test. 2020-09-23 16:23:55 -07:00
David Garske f77157bfea Looks like FinalRaw was added post FIPS v2. 2020-09-23 16:06:21 -07:00
David Garske 5e1c0f886f Fix for FIPS and raw hash API's. 2020-09-23 15:59:35 -07:00
David Garske 3c28fe3640 Fixes for bad build options around new hash unit tests. Cleanup indent and newlines. 2020-09-23 15:45:31 -07:00
Ethan Looney 95995d2272 Removed forgotten comment 2020-09-23 13:42:33 -06:00
Ethan Looney 59294708a8 Changed test function call, uses internal AssertIntEQ instead of single call 2020-09-23 13:22:59 -06:00
toddouska cee99de6e1
Merge pull request #3324 from JacobBarthelmeh/Testing 
fix WOLFSSL_X509_NAME parse of empty field and add test case
 2020-09-23 09:15:24 -07:00
Ethan Looney 1d4e7d8278 Added unit tests for PKCS7 2020-09-22 14:50:08 -06:00
Juliusz Sosinowicz 77969ae042 Buffer AAD in wolfSSL_EVP_CipherUpdate_GCM so that whole value is hashed 2020-09-22 21:58:57 +02:00
Ethan Looney 53b82fccdb Fixed valgrind issues -2 2020-09-22 13:26:52 -06:00
Jacob Barthelmeh cb3338bd57 fix WOLFSSL_X509_NAME parse of empty feild and add test case 2020-09-21 18:44:13 -06:00
Sean Parkinson f4db9c8986 Test wolfSSL_HMAC with SHA-3 
Add more support for HMAC with SHA-3.
 2020-09-22 09:39:09 +10:00
Takashi Kojo 83cdd1c314 fix NO_DH guard 2020-09-22 07:30:21 +09:00
Daniel Pouzzner a1d231b4dc tests/api.c:test_wolfSSL_ERR_print_errors(): add missing gating on !defined(NO_ERROR_STRINGS). 2020-09-17 12:03:44 -05:00
Daniel Pouzzner cc1d016d1e configure.ac: define BUILD_TESTS as ENABLED_EXAMPLES, rather than ENABLED_EXAMPLES && !ENABLED_LEANTLS; add missing preprocessor gating in tests/api.c test_wolfSSL_EVP_Digest() and test_wolfSSL_i2d_PrivateKey(). 2020-09-17 12:03:44 -05:00
toddouska a3fca7f593
Merge pull request #3247 from JacobBarthelmeh/Compatibility-Layer 
Compatiblity Layer Fixes for serial number / ASN1 time / and order of name components
 2020-09-16 14:53:51 -07:00
Ethan Looney da4478bdf1 Fixed valgrind issues 2020-09-15 12:58:52 -06:00
Ethan Looney a466a57f1d Added fips check and cast variable to word32 2020-09-11 14:28:10 -06:00
Ethan Looney 7dce2e7f2c Added unit tests for RSA.c 2020-09-10 14:47:51 -06:00
toddouska 7fd51cf9d9
Merge pull request #3267 from SparkiDev/no_client_auth 
Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing
 2020-09-03 15:55:38 -07:00
toddouska db805524de
Merge pull request #3248 from SparkiDev/aes_cbc_oob 
AES-CBC check for input size of 0
 2020-09-03 13:40:34 -07:00
Jacob Barthelmeh 682b1468b8 free test certificate when test is done 2020-09-02 16:05:05 -06:00
toddouska b3acd57de5
Merge pull request #3254 from dgarske/leaks 
Fixes valgrind leak reports (related to small stack cache)
 2020-09-02 10:44:49 -07:00
toddouska 9268de229a
Merge pull request #3266 from dgarske/unit_test 
Fix for DH compute key compatibility function failure
 2020-09-02 10:23:23 -07:00
JacobBarthelmeh 914905f1bc
Merge pull request #3193 from embhorn/zd10457_b 
Fix CheckHostName matching
 2020-09-02 10:36:02 -06:00
Jacob Barthelmeh fd2074da00 fix for order of components in issuer when using compatiblity layer api to generate cert 2020-09-01 09:27:45 -06:00
Sean Parkinson 89b9a77eca Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing 
Fix build for no client or server and no client auth.
Fix tests to detect when no client auth compiled and test is trying to
do client auth.
 2020-09-01 15:27:46 +10:00
David Garske c587ff72d2 Fix for occasional unit.test failure in `test_wolfSSL_EVP_PKEY_derive`. 2020-08-31 14:04:51 -07:00
Ethan Looney 568184f53f Changed len from hardcoded value to sizeof oid 2020-08-31 13:42:23 -06:00
Ethan Looney c8d93d4d5e Added ecc.c unit tests to api.c 2020-08-31 13:42:23 -06:00
Eric Blankenhorn ea5c290d60 Fix CheckHostName matching 2020-08-26 14:03:17 -05:00
David Garske 1b2b3de2c9 Fixes for missing free calls on hash tests. 2020-08-26 09:48:46 -07:00
David Garske 6d5731b8e9 Fixes for HMAC_CTX cleanup not being called to free SHA2 resources with `WOLFSSL_SMALL_STACK_CACHE`. Added return code checking and cleanup for `openssl_test`. 2020-08-26 09:45:26 -07:00
Jacob Barthelmeh bc58dde700 fix for serial number containing 0's and for RNG fail case 2020-08-26 00:03:39 -06:00
Sean Parkinson 3a25faea60 AES-CBC check for input size of 0 
Don't need to do anything when size is 0.
 2020-08-25 13:36:45 +10:00
Jacob Barthelmeh c7136498ec add test case 2020-08-24 17:19:03 -06:00
David Garske 3fbaccc8a1 Fix for API unit test `test_wolfSSL_X509_sign`, which can have a varying length depending on if MSB is set. About 1 in 200 tests would fail. 2020-08-20 15:33:28 -07:00
David Garske 1d55b2f526 Fixes for several memory leaks related to `HAVE_WOLF_BIGINT`. 2020-08-20 14:25:06 -07:00
toddouska 028bddd7ab
Merge pull request #3215 from ejohnstown/release-4.5.0 
Release Update
 2020-08-17 13:51:23 -07:00
John Safranek 3f6861ee82
FIPS Ready Fix with ECC Timing Resistance 
Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
   configure option. `--enable-fips=ready`. It will treat FIPS
   Ready as the next kind of FIPS release. FIPS Ready will be
   treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
   checks for not version 2, with respect to ECC Timing Resistance
   and FIPS builds.
 2020-08-14 10:54:55 -07:00
Sean Parkinson bc74bfebdd Fixes from C++ and address access checking 
Fix access of table for cache resistance.
Don't name variable public or private.
Cast from void*
 2020-08-13 15:19:49 +10:00
toddouska fa146870bd
Merge pull request #3155 from julek-wolfssl/openssh-fixes-cherry-picked 
Additional OpenSSL compat stuff for OpenSSH
 2020-08-11 16:32:31 -07:00
toddouska 532c2f50e8
Merge pull request #3083 from julek-wolfssl/openssl-compat-X509V3_EXT_i2d 
Implement more OpenSSL compatibility functions
 2020-08-11 15:01:41 -07:00
Sean Parkinson 6467de5a88 Randomize z ordinates in scalar mult when timing resistant 
An RNG is required for shared secret calculation now.
Use wc_ecc_set_rng() to set an RNG against the ECC object.
ECC verification does not need timing resistance and does not randomize
z ordinates.
 2020-08-11 16:12:47 +10:00
Juliusz Sosinowicz 55d4817956 Jenkins fixes 2020-08-10 12:39:16 +02:00
Sean Parkinson 7bb2a69161 Fix memory leak in api.c 
When testing wc_ecc_import_raw(), the mp_int's in the ecc object are
initialized.
For small math, this throws away the allocated buffer.
Must free the object before importing.
 2020-08-10 12:42:46 +10:00
Sean Parkinson 920c97963c Fix Jenikins failure - ToTraditional not declared 
./configure --disable-asn --disable-ecc -disable-rsa --enable-psk
--enable-testcert
 2020-08-10 10:57:07 +10:00
David Garske c0a664a8e5
Merge pull request #3200 from douzzer/20200805 
Add an error-checking wc_curve25519_make_pub() routine to the API for use by Wireguard
 2020-08-07 16:32:52 -07:00
toddouska 1724347f7a
Merge pull request #3091 from julek-wolfssl/sess-serialization 
Expose session serialization outside of `OPENSSL_EXTRA`
 2020-08-07 15:41:27 -07:00
toddouska 17cc941b29
Merge pull request #3195 from SparkiDev/sp_ecc_cache 
SP ECC Cache Resitance
 2020-08-07 15:35:06 -07:00
JacobBarthelmeh dd6238fb77
Merge pull request #3174 from embhorn/zd10655 
Fix CheckAltNames to handle IP type
 2020-08-07 16:04:56 -06:00
Chris Conlon b03e1dd2a9
Merge pull request #3197 from ethanlooney/19th_branch 
Added asn.c unit tests
 2020-08-07 09:25:50 -06:00
Eric Blankenhorn 064bfa583d Fix CheckAltNames to handle IP type 2020-08-07 10:12:56 -05:00
Daniel Pouzzner f6acbd5f97 test_wc_curve25519_make_pub(): fix order of args to wc_curve25519_make_pub(). 2020-08-06 18:37:00 -05:00
toddouska 82d927d40f
Merge pull request #3199 from dgarske/openssl_sha 
Fix for building openssl compat without SHA-1
 2020-08-06 15:59:26 -07:00
Daniel Pouzzner 0f59e632e1 tests/api.c: add test_wc_curve25519_make_pub(); fix some old stray tabs; remove weird extra string-terminating null in test_wolfSSL_sk_CIPHER_description(). 2020-08-06 17:52:48 -05:00