WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
16,525 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

1837 Commits (67cc8ed4826db8c5ea8ca19d86eae1e4ec8119c5)

Author SHA1 Message Date
Daniel Pouzzner 0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
Masashi Honma ee39fd079f Fix X509_PUBKEY_set() to show correct algorithm and parameters 
When build with OpenSSL, trailing program outputs these messages.

algorithm: id-ecPublicKey
parameters: prime256v1

But with wolfSSL, X509_PUBKEY_get0_param() fails.
This patch fixes wolfSSL to display the same values as OpenSSL.

This program was extracted from wpa_supplicant in order to reproduce the
issue.

----------------
int main(void)
{
    EVP_PKEY *pkey;
    X509_PUBKEY *pub = NULL;
    ASN1_OBJECT *ppkalg, *poid;
    const ASN1_OBJECT *pa_oid;
    const uint8_t *pk;
    int ppklen, ptype;
    X509_ALGOR *pa;
    void *pval;
    char buf[100];
    const uint8_t data[] = {
        0x30, 0x39, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
        0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, 0x03, 0x33, 0x6d, 0xb4, 0xe9, 0xab,
        0xf1, 0x1c, 0x96, 0x87, 0x5e, 0x02, 0xcc, 0x92, 0xaf, 0xf6, 0xe1, 0xed, 0x2b, 0xb2, 0xb7, 0xcc,
        0x3f, 0xd2, 0xb5, 0x4e, 0x6f, 0x20, 0xc7, 0xea, 0x2f, 0x3f, 0x42
    };
    size_t data_len = sizeof(data);
    const uint8_t *p;
    int res;

    p = data;
    pkey = d2i_PUBKEY(NULL, &p, data_len);
    if (!pkey) {
        fprintf(stderr, "d2i_PUBKEY() failed\n");
        return -1;
    }

    if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) {
        fprintf(stderr, "invalid type\n");
        EVP_PKEY_free(pkey);
        return -1;
    }

    res = X509_PUBKEY_set(&pub, pkey);
    if (res != 1) {
        fprintf(stderr, "X509_PUBKEY_set() failed\n");
        return -1;
    }

    res = X509_PUBKEY_get0_param(&ppkalg, &pk, &ppklen, &pa, pub);
    if (res != 1) {
        fprintf(stderr, "X509_PUBKEY_get0_param() failed\n");
        return -1;
    }
    res = OBJ_obj2txt(buf, sizeof(buf), ppkalg, 0);
    if (res < 0 || (size_t) res >= sizeof(buf)) {
        fprintf(stderr, "OBJ_obj2txt() failed\n");
        return -1;
    }
    fprintf(stdout, "algorithm: %s\n", buf);

    X509_ALGOR_get0(&pa_oid, &ptype, (void *) &pval, pa);
    if (ptype != V_ASN1_OBJECT) {
        fprintf(stderr, "X509_ALGOR_get0() failed\n");
        return -1;
    }
    poid = pval;
    res = OBJ_obj2txt(buf, sizeof(buf), poid, 0);
    if (res < 0 || (size_t) res >= sizeof(buf)) {
        fprintf(stderr, "OBJ_obj2txt() failed\n");
        return -1;
    }
    fprintf(stdout, "parameters: %s\n", buf);

    X509_PUBKEY_free(pub);
    EVP_PKEY_free(pkey);
    return 0;
}

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
 2021-11-09 07:30:58 +09:00
David Garske 478f57b347
Merge pull request #4535 from kareem-wolfssl/zd13165 
Fix building with NO_ECC_KEY_EXPORT.
 2021-11-08 11:11:53 -08:00
David Garske 4fe17cc143
Merge pull request #4527 from julek-wolfssl/zd13097 
Fix a heap buffer overflow with mismatched PEM structure ZD13097
 2021-11-05 08:50:28 -07:00
Chris Conlon ae84a2a326
Merge pull request #4293 from TakayukiMatsuo/set_min_proto 
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
 2021-11-04 14:59:34 -06:00
Juliusz Sosinowicz 1faa9e66b6 Check `wolfSSL_BIO_read` return 2021-11-04 15:34:33 +01:00
Kareem 60a86157c7 Fix building with NO_ECC_KEY_EXPORT. 2021-11-03 16:03:26 -07:00
Juliusz Sosinowicz 23487a4532 Fix a heap buffer overflow with mismatched PEM structure ZD13097 2021-11-02 11:31:22 +01:00
Daniel Pouzzner 6ba55edd50 fix async warnings 2021-10-29 14:37:39 -06:00
David Garske 6b3ff9bae2
Merge pull request #4459 from julek-wolfssl/missing-ext 
Add x509 name attributes and extensions to DER parsing and generation
 2021-10-28 14:30:37 -07:00
David Garske 6bb7e3900e
Merge pull request #4511 from JacobBarthelmeh/Testing 
build fixes and PKCS7 BER encoding fix
 2021-10-28 10:52:58 -07:00
Juliusz Sosinowicz 8cba5dda17 Need to free x509 in tests 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz a738c16b2f Can't have macros within macros 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz 7d6f8ea255 Update wrong email in gen script 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz a6be157628 Gate new AKID functionality on `WOLFSSL_AKID_NAME` 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz d9af698aa4 Implement raw AKID with WOLFSSL_ASN_TEMPLATE 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz c162196b27 Add x509 name attributes and extensions to DER parsing and generation 
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
 2021-10-28 14:50:53 +02:00
David Garske c16f0db1b5 Fixes for handling `WC_PENDING_E` async responses in API unit test and examples. Resolves all issues with `--enable-all --enable-asynccrypt --with-intelqa=`. 2021-10-27 15:08:39 -07:00
Jacob Barthelmeh 00249b70ae fix for build with WOLFSSL_SGX 2021-10-27 13:22:45 -06:00
John Safranek 75df6508e6 Add a read enable for private keys when in FIPS mode. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner c2c2e5b4f5 tests/api.c: post_auth_version_cb(): add missing gating on !NO_ERROR_QUEUE for wolfSSL_ERR_get_error() test. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner a5c03f65e3 tests/api.c: fix test_CryptoCb_Func() to not attempt signing op on ephemeral ECC keys. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner aa6ca43e91 api.c: skip test_wolfSSL_EVP_PBE_scrypt() when FIPS 140-3 (test uses impermissibly short HMAC key). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner f1c1f76851 ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg. 2021-10-26 20:24:27 -05:00
John Safranek a935f2f86d FIPS CAST Update 
1. In the unit test, when checking the build options, also check for
   FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
   getting called, so the FIPS flags didn't get checked. (It was using
   wc_InitSha_ex() which bypasses the FIPS checks.)
 2021-10-26 20:24:24 -05:00
JacobBarthelmeh 4825534062
Merge pull request #4500 from cconlon/errorQueueFix 
fix wc_ERR_print_errors_fp() unit test with NO_ERROR_QUEUE
 2021-10-27 05:56:32 +07:00
David Garske 9c665d7282
Merge pull request #4501 from embhorn/zd13114 
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
 2021-10-26 10:47:59 -07:00
David Garske 87baf7818e
Merge pull request #4505 from julek-wolfssl/fix-nids 
Make NID's consistent v2
 2021-10-26 10:29:42 -07:00
Eric Blankenhorn 19feab7850 Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow 2021-10-26 07:14:53 -05:00
Juliusz Sosinowicz 48b304be00 Fix issues with `AIA_OCSP_OID` and `AIA_CA_ISSUER_OID` 2021-10-26 11:47:27 +02:00
Juliusz Sosinowicz 348fec3d29 `wc_ClearErrorNodes` is a local API that is not exported for linking 2021-10-26 09:14:48 +02:00
Juliusz Sosinowicz 57b9170ac0 Make NID's consistent 
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
 2021-10-26 09:14:25 +02:00
Sean Parkinson 08d9b145d9 ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist 
Change SSL_FATAL_ERROR to  WOLFSSL_FATAL_ERROR
 2021-10-26 15:50:52 +10:00
John Safranek a0c7c079b8
Revert "Make NID's consistent" 2021-10-25 21:57:28 -07:00
Sean Parkinson cdf72facbf
Merge pull request #4429 from julek-wolfssl/fix-nids 
Make NID's consistent
 2021-10-26 09:59:26 +10:00
Sean Parkinson 6070981366
Merge pull request #4490 from dgarske/static_mem_unittest 
Add CTX static memory API unit tests
 2021-10-26 09:52:14 +10:00
Chris Conlon a8b6304e19 add unit test for wc_PKCS7_VerifySignedData_ex() with detached signature and content digest only 2021-10-25 15:52:19 -06:00
Chris Conlon eb0b6ca122 fix unit test for wc_ERR_print_errors_fp() when NO_ERROR_QUEUE is defined 2021-10-25 13:50:39 -06:00
Chris Conlon 402ee29163 fix nid2oid/oid2nid for oidCertAuthInfoType 2021-10-22 16:53:18 -06:00
John Safranek d83d16af59
Merge pull request #4483 from julek-wolfssl/cov-reports 2021-10-22 13:07:57 -07:00
David Garske 229f0d5fd1
Merge pull request #4485 from JacobBarthelmeh/certs 
Improve permitted alternate name logic in certificate ASN handling
 2021-10-22 11:59:16 -07:00
David Garske c027fffa92 Fix for CTX free heap hint issue. With openssl extra the `param` and `x509_store.lookup.dirs` are allocated at CTX init and if heap or static pool was used depends on `ctx->onHeapHint`. Added test case for this and inline code comment. 2021-10-22 11:58:02 -07:00
John Safranek aad230a7e3
Restore a test case. Add a missing null-check. 2021-10-22 10:36:17 -07:00
David Garske 4c0527490d Fixes for API unit test with `WOLFSSL_NO_ASN_STRICT`. Fix spelling error. 2021-10-22 09:59:16 -07:00
Hayden Roche 0b6523d933 Rename pem_password_cb to wc_pem_password_cb. 
Recently, we had a wolfEngine customer report a compilation error because
wolfSSL and OpenSSL both define the typedef pem_password_cb. The solution is to
namespace our typedef with the wc_ prefix. In order to not break existing code
that relies on wolfSSL providing pem_password_cb, if OPENSSL_COEXIST is not
defined, we define pem_password_cb as a macro that maps to wc_pem_password_cb.
 2021-10-21 16:47:29 -07:00
David Garske b5f4a0c005 Improve API unit test to use `X509_NAME_get_sz` and make it widely available. 2021-10-21 16:42:19 -07:00
David Garske f17187aad9 Fixes for static memory testing. Fix clang memory sanitizer warnings. 2021-10-21 16:33:57 -07:00
David Garske 785e37790a Cleanup API test case debugging. 2021-10-21 12:35:06 -07:00
David Garske 911d95e5e4 Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS. 2021-10-21 11:47:00 -07:00
Juliusz Sosinowicz 79b738b5a6 commit-test and jenkins fixes 2021-10-21 14:29:28 +02:00
Juliusz Sosinowicz 4268763adb `wc_ClearErrorNodes` is a local API that is not exported for linking 2021-10-21 13:47:55 +02:00
Juliusz Sosinowicz 20473ba563 Make NID's consistent 
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
 2021-10-21 13:01:57 +02:00
Jacob Barthelmeh 12f86b020a clean up test case memory and common name size 2021-10-20 17:13:34 -06:00
Jacob Barthelmeh f57801c17b more name constraint test cases and adjust DNS base name matching to not require . 2021-10-20 14:25:02 -06:00
David Garske 6d2a5fab9b Added test cases for `EVP_PKCS82PKEY` and `EVP_PKEY2PKCS8`. 2021-10-20 09:18:13 -07:00
Jacob Barthelmeh e0e43b6a16 clean up test case 2021-10-19 23:12:07 -06:00
Jacob Barthelmeh 3b73c6e3ae handle multiple permitted name constraints 2021-10-19 23:12:07 -06:00
Jacob Barthelmeh afee92e0cf bail out when a bad alt name is found in the list of alt names 2021-10-19 23:12:07 -06:00
David Garske de8798f4be Fix API unit tests where DH 3072-bit is not enabled. 2021-10-19 17:04:18 -07:00
David Garske a03ed32380 Support for Android KeyStore compatibility API's: 
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
 2021-10-19 17:04:18 -07:00
Sean Parkinson f04380d624
Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode 
scan-build LLVM-13 fixes and expanded coverage
 2021-10-20 08:30:46 +10:00
Sean Parkinson 41eecd37e5
Merge pull request #4471 from embhorn/zd11886 
Fix build errors with NO_BIO config
 2021-10-20 08:06:42 +10:00
Eric Blankenhorn c0b592ef82 Fix build error with WOLFSSL_USER_IO 2021-10-19 08:27:43 -05:00
Daniel Pouzzner e341291d99 scan-build LLVM-13 fixes: tests/api.c: fix -Wunused-but-set-variable for drive_len in test_wolfSSL_EVP_Cipher_extra() by removing the unused drive_len code. 2021-10-18 21:46:10 -05:00
Daniel Pouzzner 816527e826 scan-build fixes: back out all "#ifndef __clang_analyzer__" wrappers added to suppress false and frivolous positives from alpha.deadcode.UnreachableCode, and rename new macro WC_UNUSED to WC_MAYBE_UNUSED to make its meaning more precisely apparent. build is still clean with -Wunreachable-code-break -Wunreachable-code-return under scan-build-13. 2021-10-18 21:46:09 -05:00
Daniel Pouzzner 62822be6ce scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all. 2021-10-18 21:46:09 -05:00
Jacob Barthelmeh c07a7deec2 sanity check on q value with DSA sign 2021-10-18 10:17:49 -06:00
Eric Blankenhorn 17e0249a26 Fixing NO_BIO and OPENSSL_ALL errrors 2021-10-14 16:03:52 -05:00
Eric Blankenhorn 61bab6f68b Fix test build errors with NO_BIO 2021-10-14 09:37:01 -05:00
Jacob Barthelmeh 63c9fa7a37 add check on bit length of q with DSA 2021-10-11 09:52:57 -06:00
David Garske a395305cab Refactor API unit test named initializer code for `callback_functions`, to avoid older g++ build issues. 2021-10-08 14:04:21 -07:00
David Garske 854512105f
Merge pull request #4314 from SparkiDev/libkcapi 
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
 2021-10-07 21:23:05 -07:00
Sean Parkinson e0abcca040 KCAPI: add support for using libkcapi for crypto (Linux Kernel) 
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
 2021-10-08 09:07:22 +10:00
Sean Parkinson dd6e4093b3
Merge pull request #4448 from JacobBarthelmeh/Compatibility-Layer 
remove error queue from JNI build and set a default upper bound on it
 2021-10-08 08:35:03 +10:00
David Garske 9d2082f7e1
Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437) 
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.

* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.

* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.

* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.

* Fix to use proper devId in `ProcessBufferTryDecode`.

* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.

* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with  `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.

* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
 2021-10-07 11:12:06 +10:00
JacobBarthelmeh 43ffe26133
Merge pull request #4430 from embhorn/zd12976 
Add support for X9.42 header
 2021-10-05 23:47:42 +07:00
Jacob Barthelmeh b582e152ea add test case max error queue size 2021-10-04 14:52:05 -06:00
Eric Blankenhorn 1440b8966d Add test for X9.42 parsing 2021-10-04 11:05:58 -05:00
John Safranek 774bc36603
Merge pull request #4061 from JacobBarthelmeh/sessionExport 2021-10-01 10:21:42 -07:00
John Safranek 98b1e93429
Merge pull request #4402 from JacobBarthelmeh/Compatibility-Layer 2021-09-30 15:53:58 -07:00
Jacob Barthelmeh ed8b87306d account for test case where psk and anon is off 2021-09-30 15:48:55 -06:00
Jacob Barthelmeh cb4b57c5c7 add tls 1.3 test case 2021-09-30 10:08:47 -06:00
Chris Conlon cf1ce3f073
Add get_default_cert_file/env() stubs, SSL_get/set_read_ahead(), SSL_SESSION_has_ticket/lifetime_hint() (#4349) 
* add wolfSSL_X509_get_default_cert_file/file_env/dir/dir_env() stubs

* add SSL_get_read_ahead/SSL_set_read_ahead()

* add SSL_SESSION_has_ticket()

* add SSL_SESSION_get_ticket_lifetime_hint()

* address review feedback - comments, return values

* make SSL_get_read_ahead() arg const

* add unit tests for SESSION_has_ticket/get_ticket_lifetime_hint

* test for SESSION_TICKET_HINT_DEFAULT in api.c for wolfSSL_SESSION_get_ticket_lifetime_hint()

* fix variable shadow warning in api.c
 2021-09-30 08:35:23 +10:00
Chris Conlon 95b9fae605
Add DIST_POINT compatibility functions (#4351) 
* add DIST_POINT compatibility functions

* switch X509_LU_* from enum to define, prevent compiler type warnings

* refactoring, adding in comments, and formating

* refactoring and a memory leak fix

* cast return value for g++ warning

* refactor wolfSSL_sk_DIST_POINT_pop_free and remove NULL assign after free

* fix get next DIST_POINT node for free function

Co-authored-by: Jacob Barthelmeh <jacob@wolfssl.com>
 2021-09-30 08:27:39 +10:00
Jacob Barthelmeh 707385724e adjust macro guard around test cases 2021-09-29 13:28:20 -06:00
Jacob Barthelmeh 5f9f6fd9fa add some test cases and use allocator 2021-09-29 12:02:26 -06:00
Jacob Barthelmeh dd7b62d067 fix for use with idea enabled 2021-09-29 11:15:51 -06:00
Jacob Barthelmeh ae47cb3bcd update check on is TLS, update macro guard for test case 2021-09-28 16:57:30 -06:00
Anthony Hu 0e80923fb3 Unit tests for post-quantum groups. 
Also, fixes for the things they caught such as:

- ssl->arrays->preMasterSecret is pre-allocated so copy into it instead of
  moving ownership of buffer.
- server does not need to save the public key.
- in TLSX_KeyShare_Parse() don't call TLSX_KeyShare_Use() because its done in
  TLSX_PopulateExtensions().
- in TLSX_KeyShare_Use(), the server generates the ciphertext while the client
  generates the public key.
- in TLSX_PopulateExtensions(), prevent client from calling TLSX_KeyShare_Use()
  because its already been done.
- Support longer curve/group names.
 2021-09-28 17:16:44 -04:00
Jacob Barthelmeh 21181f2437 canned test was made without the wolfssl_idea enum on 2021-09-27 14:01:15 -06:00
Jacob Barthelmeh 8b456b90e0 add test case for tls export/import 2021-09-27 14:01:15 -06:00
Jacob Barthelmeh 2871fc670f initial serialization of TLS session 2021-09-27 14:00:13 -06:00
David Garske 3bdce348e9
Added `NID_pkcs9_contentType` and `ub_` to compatibility layer (#4408) 
* Added `NID_pkcs9_contentType` and `ub_` values.  ZD 11742

* Improve the API unit test. Also only include when `WOLFSSL_CERT_REQ` defined.
 2021-09-27 08:21:53 +10:00
Chris Conlon 9e4ab9b638
Add BIO_up_ref(), PEM_read_DHparam(), EVP_MD_nid() (#4348) 
* add BIO_up_ref

* add PEM_read_DHparams()

* add EVP_MD_nid()

* exclude PEM_read_DHparams when NO_FILESYSTEM defined

* review feedback: single threaded, indents, EVP_MD_nid
 2021-09-27 08:20:37 +10:00
Hayden Roche 24e2eded1e
Add to the OpenSSL compatibility layer. (#4404) 
- X509_get_extension_flags
- X509_get_key_usage
- X509_get_extended_key_usage
- ASN1_TIME_to_tm
- ASN1_TIME_diff
- PEM_read_X509_REQ
- ERR_load_ERR_strings
- BIO_ssl_shutdown
- BIO_get_ssl
- BIO_new_ssl_connect
- BIO_set_conn_hostname
 2021-09-24 12:26:53 +10:00
Anthony Hu 33cb823148
Remove legacy NTRU and OQS (#4418) 
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
 2021-09-24 08:37:53 +10:00
Eric Blankenhorn e6e7795140
Make subj alt name order match openSSL (#4406) 2021-09-22 10:29:57 +10:00
John Safranek df30a88dc6
Merge pull request #4414 from JacobBarthelmeh/devcrypto 
update macro guard on SHA256 transform call
 2021-09-21 10:03:51 -07:00
John Safranek 7ec7faddef
Merge pull request #4405 from anhu/truncating_last_char 
Fix for `set1_curves_list` ignoring last character
 2021-09-21 08:49:53 -07:00
Daniel Pouzzner ec21dd6d13 miscellaneous buildability fixes: 
configure.ac: fix ed25519/sha512 dependency test to not misfire when ENABLED_32BIT;

wolfssl/wolfcrypt/curve{25519,448}.h: fix redundant typedefs of curve{25519,448}_key (fixes -Wpedantic warnings);

configure.ac: fix for "ISO C forbids an empty translation unit [-Werror=pedantic]", re wolfcrypt/src/sp_c{32,64}.c;

configure.ac: fixes for --enable-32bit versus pedantic "ISO C forbids an empty translation unit", including explicit exclusion of 32bit-incompatible algorithms from enable-all and enable-all-crypto sets;

tests/api.c: fixes for a couple inadequately gated SHA2 dependencies;

tests/api.c:test_wolfSSL_set_alpn_protos(): fix prototype missing (void);

wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h: fix ForceZero() definition and NO_INLINE prototype to not counterfactually constify the mem ptr, to avoid -Wmaybe-uninitialized from gcc11;

wolfcrypt/src/des3.c: drop obsolete register qualifier from declaration in DesSetKey(), for c++17 compatibility;

src/ssl.c:wolfSSL_BN_mod_word(): fix cast of arg2 to mp_mod_d().
 2021-09-20 13:38:52 -05:00
Daniel Pouzzner 1209908468 tests/api.c: fix key size in test_wc_ecc_shared_secret(). 2021-09-20 10:27:13 -05:00
Anthony Hu c733be728f Trivial change to re-trigger jenkins. 2021-09-20 08:37:56 -04:00
Kaleb Himes 9bd300e07d
AESNI in FIPS mode does not support zero length inputs (#4411) 
* AESNI in FIPS mode does not support zero length inputs

* Update note to specifically note AESNI
 2021-09-20 08:29:15 +10:00
JacobBarthelmeh f447e4c1fa update macro guard on SHA256 transform call 2021-09-17 15:06:13 -07:00
Anthony Hu 79cc6be806 Make jenkins happy 2021-09-17 15:50:06 -04:00
JacobBarthelmeh f2bce42bbd add function wolfSSL_CTX_get_max_proto_version and handling for edge cases 2021-09-16 01:01:38 -07:00
John Safranek 3503be2c13
Merge pull request #4362 from JacobBarthelmeh/wolfCLU 
add wolfclu enable option and remove test macro guard
 2021-09-15 13:57:50 -07:00
Anthony Hu 07656e371c Parameter sanity check and a unit test. 2021-09-15 16:29:55 -04:00
Juliusz Sosinowicz 4ad8b07c1c
`wolfSSL_PEM_write_bio_PUBKEY` needs to write only the public part (#4354) 
* `wolfSSL_PEM_write_bio_PUBKEY` needs to write only the public part

The `wolfSSL_PEM_write_bio_PUBKEY` output can't contain the private portion of the key. This output could be used to distribute the public key and if it contains the private part then it gets leaked to others.

* Add heap hint to `wolfSSL_RSA_To_Der`

* Correct function name in logs
 2021-09-15 17:34:43 +10:00
Hideki Miyazaki d9767207b7
call alpn selection call-back at server side only (#4377) 
* call alpn selection call-back at server side only

* addressed review comment

* addressed jenkins failure
 2021-09-15 10:02:18 +10:00
Hideki Miyazaki 4d49ab6342
add store finished message on Tls13 (#4381) 
* add to store finished message on Tls13

* addressed jenkins failure

* jenkins failures

sanity check for size before copying memory

* remove check of finishSz

* addressed review comments
 2021-09-14 09:22:16 +10:00
Eric Blankenhorn 649aa9c95f
Add error handling to wolfSSL_BIO_get_len (#4385) 2021-09-10 08:15:30 +10:00
Hideki Miyazaki 51a2f9de17
return value convention on compatibility layer (#4373) 
* return value convention

* addressed review comments

* addressed review comment part2

* fix jenkins failures
 2021-09-07 08:15:08 +10:00
TakayukiMatsuo 90116a2873
Add support for wolfSSL_EVP_PBE_scrypt (#4345) 2021-09-03 15:49:02 +10:00
David Garske a3ee84bf6d
Merge pull request #4355 from anhu/check_support_of_group 
BUGFIX: Its possible to send a supported group that is not supported.
 2021-09-02 20:03:32 -07:00
elms fd77cb8918
fix `wc_AesKeyWrap_ex` and `wc_AesKeyUnWrap_ex` bound checks (#4369) 
RFC3394 in must be at least 2 64-bit blocks and output is one block longer.
On Unwrapping the input must then be a minimum of 3 64-bit blocks
 2021-09-03 12:48:01 +10:00
Jacob Barthelmeh c412d23b07 add wolfclu enable option 2021-09-02 16:46:38 -06:00
Anthony Hu 26c7592d4b leantls only supports secp256r1. 2021-09-02 17:38:04 -04:00
TakayukiMatsuo 56843fbefd
Add support for EVP_sha512_224/256 (#4257) 2021-09-02 14:05:07 +10:00
Anthony Hu 0d6d171fa4 BUGFIX; Its possible to sending a supported group that is not supported. 
This change fixes that.
 2021-09-01 10:54:52 -04:00
David Garske 9b6cf56a6e
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335) 
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.

* Fix for sniffer with TLS v1.3 session tickets.

* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).

* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.

* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.

* Fix for static ephemeral loading of file buffer.

* Added sniffer Curve25519 support and test case.

* Fix for sniffer to not use ECC for X25519 if both are set.

* Fix Curve448 public export when only private is set.

* Fix for `dh_generate_test` for small stack size.

* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.

* Fix invalid comment.
 2021-09-01 09:28:24 +10:00
David Garske 4645a6917c
Merge pull request #4168 from JacobBarthelmeh/wolfCLU 
function additions and fixes for expansion of wolfCLU
 2021-08-30 13:42:50 -07:00
John Safranek 85df95e10d
Merge pull request #4324 from miyazakh/maxfragment 
add set_tlsext_max_fragment_length support
 2021-08-30 10:21:59 -07:00
Sean Parkinson 0488caed4c
Merge pull request #4346 from cconlon/verifyPostHandshake 
TLS 1.3: add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
 2021-08-30 09:47:23 +10:00
Chris Conlon 070029fd08 add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode 2021-08-27 14:49:47 -06:00
JacobBarthelmeh 65cfef5337 fix for free with test case 2021-08-27 14:10:06 -06:00
Jacob Barthelmeh 83d39932bb add test case for X509 EXTENSION set 2021-08-27 11:30:44 -06:00
John Safranek 8b79f77fb0
Merge pull request #4327 from JacobBarthelmeh/Compatibility-Layer-Part3 
add implementation of AUTHORITY_INFO_ACCESS_free
 2021-08-27 09:27:34 -07:00
Jacob Barthelmeh 21159659cf add implementation of AUTHORITY_INFO_ACCESS_free 2021-08-26 14:48:12 -06:00
David Garske ef0fb6520d
Merge pull request #4283 from JacobBarthelmeh/Compatibility-Layer-Part2 
couple more compatibility functions
 2021-08-26 11:50:09 -07:00
Chris Conlon b5d42eb773
Merge pull request #4318 from kojo1/i2d_RSA 
arg type compatibility
 2021-08-26 09:51:43 -06:00
Hideki Miyazaki 77eff68b95
addressed review comment 2021-08-25 11:07:32 +09:00
John Safranek 3f2abef212
Merge pull request #4321 from haydenroche5/libimobiledevice 
Make changes to support libimobiledevice.
 2021-08-24 17:19:26 -07:00
JacobBarthelmeh 3d8dc68266 free test case object 2021-08-24 10:59:38 -06:00
JacobBarthelmeh ff521a14e4 add test case and macro mapping 2021-08-24 10:59:38 -06:00
Hayden Roche 7ff1351971 Make changes to support libimobiledevice. 
- `EVP_PKEY_assign_RSA` should store the private key in DER format, not the
public key.
- The last call to `infoCb` in `wolfSSL_BIO_write` should provide the length of
the data to write.
- We should be able to parse RSA public keys starting with BEGIN RSA PUBLIC KEY
and ending with END RSA PUBLIC KEY.
 2021-08-24 08:52:43 -07:00
John Safranek 9c541568fc
Merge pull request #4313 from SparkiDev/rsa_vfy_only 
SP RSA verify only: fix to compile
 2021-08-23 14:42:56 -07:00
Jacob Barthelmeh da6e8d394f shift instead of multiply and add comment 2021-08-23 13:24:27 -06:00
Hideki Miyazaki 8808e6a3ac
implement set_tlsext_max_fragment_length 2021-08-23 09:08:14 +09:00
Takashi Kojo 10c5e33027 arg type compatibility 2021-08-20 15:21:06 +09:00
Sean Parkinson dbb03cb5a3 SP RSA verify only: fix to compile 
Configurations:
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math-all

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math --enable-sp-asm

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math --enable-sp-asm
 2021-08-20 13:16:58 +10:00
John Safranek e7ef48d2b7
Merge pull request #3869 from SparkiDev/asn1_template 
ASN1 Template: stricter and simpler DER/BER parsing/construction
 2021-08-19 12:47:04 -07:00
Daniel Pouzzner 3226e69649
--enable-linuxkm-pie (FIPS Linux kernel module) (#4276) 
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
 2021-08-19 09:15:52 -07:00
Sean Parkinson d486b89c61 ASN1 Template: stricter and simpler DER/BER parsing/construction 
Reduce debug output noise
 2021-08-19 11:32:41 +10:00
John Safranek 9a1233c04d
Merge pull request #4312 from julek-wolfssl/DH_set_length 
Implement `DH_set_length`.
 2021-08-18 16:42:38 -07:00
John Safranek eaded189ff
Merge pull request #4310 from haydenroche5/dsa_fips 
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
 2021-08-18 16:33:26 -07:00
Sean Parkinson 8df65c3fa7
Merge pull request #4270 from dgarske/zd12586 
Fixes for various PKCS7 and SRP build issues
 2021-08-19 08:12:15 +10:00
David Garske c5f9e55567 Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled. 2021-08-18 11:30:18 -07:00
Chris Conlon 6237a7a00d
Merge pull request #4305 from TakayukiMatsuo/i2t 
Add support for wolfSSL_i2t_ASN1_OBJECT
 2021-08-18 10:37:08 -06:00
Juliusz Sosinowicz 162f14aaf9 Implement `DH_set_length`. 2021-08-18 13:24:51 +02:00