1209908468
tests/api.c: fix key size in test_wc_ecc_shared_secret().
2021-09-20 10:27:13 -05:00
c733be728f
Trivial change to re-trigger jenkins.
2021-09-20 08:37:56 -04:00
9bd300e07d
AESNI in FIPS mode does not support zero length inputs ( #4411 )
...
* AESNI in FIPS mode does not support zero length inputs
* Update note to specifically note AESNI
2021-09-20 08:29:15 +10:00
f447e4c1fa
update macro guard on SHA256 transform call
2021-09-17 15:06:13 -07:00
79cc6be806
Make jenkins happy
2021-09-17 15:50:06 -04:00
f2bce42bbd
add function wolfSSL_CTX_get_max_proto_version and handling for edge cases
2021-09-16 01:01:38 -07:00
3503be2c13
Merge pull request #4362 from JacobBarthelmeh/wolfCLU
...
add wolfclu enable option and remove test macro guard
2021-09-15 13:57:50 -07:00
07656e371c
Parameter sanity check and a unit test.
2021-09-15 16:29:55 -04:00
4ad8b07c1c
`wolfSSL_PEM_write_bio_PUBKEY` needs to write only the public part ( #4354 )
...
* `wolfSSL_PEM_write_bio_PUBKEY` needs to write only the public part
The `wolfSSL_PEM_write_bio_PUBKEY` output can't contain the private portion of the key. This output could be used to distribute the public key and if it contains the private part then it gets leaked to others.
* Add heap hint to `wolfSSL_RSA_To_Der`
* Correct function name in logs
2021-09-15 17:34:43 +10:00
d9767207b7
call alpn selection call-back at server side only ( #4377 )
...
* call alpn selection call-back at server side only
* addressed review comment
* addressed jenkins failure
2021-09-15 10:02:18 +10:00
4d49ab6342
add store finished message on Tls13 ( #4381 )
...
* add to store finished message on Tls13
* addressed jenkins failure
* jenkins failures
sanity check for size before copying memory
* remove check of finishSz
* addressed review comments
2021-09-14 09:22:16 +10:00
649aa9c95f
Add error handling to wolfSSL_BIO_get_len ( #4385 )
2021-09-10 08:15:30 +10:00
51a2f9de17
return value convention on compatibility layer ( #4373 )
...
* return value convention
* addressed review comments
* addressed review comment part2
* fix jenkins failures
2021-09-07 08:15:08 +10:00
90116a2873
Add support for wolfSSL_EVP_PBE_scrypt ( #4345 )
2021-09-03 15:49:02 +10:00
a3ee84bf6d
Merge pull request #4355 from anhu/check_support_of_group
...
BUGFIX: Its possible to send a supported group that is not supported.
2021-09-02 20:03:32 -07:00
fd77cb8918
fix `wc_AesKeyWrap_ex` and `wc_AesKeyUnWrap_ex` bound checks ( #4369 )
...
RFC3394 in must be at least 2 64-bit blocks and output is one block longer.
On Unwrapping the input must then be a minimum of 3 64-bit blocks
2021-09-03 12:48:01 +10:00
c412d23b07
add wolfclu enable option
2021-09-02 16:46:38 -06:00
26c7592d4b
leantls only supports secp256r1.
2021-09-02 17:38:04 -04:00
56843fbefd
Add support for EVP_sha512_224/256 ( #4257 )
2021-09-02 14:05:07 +10:00
0d6d171fa4
BUGFIX; Its possible to sending a supported group that is not supported.
...
This change fixes that.
2021-09-01 10:54:52 -04:00
9b6cf56a6e
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer ( #4335 )
...
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.
* Fix for sniffer with TLS v1.3 session tickets.
* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).
* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.
* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.
* Fix for static ephemeral loading of file buffer.
* Added sniffer Curve25519 support and test case.
* Fix for sniffer to not use ECC for X25519 if both are set.
* Fix Curve448 public export when only private is set.
* Fix for `dh_generate_test` for small stack size.
* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.
* Fix invalid comment.
2021-09-01 09:28:24 +10:00
4645a6917c
Merge pull request #4168 from JacobBarthelmeh/wolfCLU
...
function additions and fixes for expansion of wolfCLU
2021-08-30 13:42:50 -07:00
85df95e10d
Merge pull request #4324 from miyazakh/maxfragment
...
add set_tlsext_max_fragment_length support
2021-08-30 10:21:59 -07:00
0488caed4c
Merge pull request #4346 from cconlon/verifyPostHandshake
...
TLS 1.3: add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-30 09:47:23 +10:00
070029fd08
add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-27 14:49:47 -06:00
65cfef5337
fix for free with test case
2021-08-27 14:10:06 -06:00
83d39932bb
add test case for X509 EXTENSION set
2021-08-27 11:30:44 -06:00
8b79f77fb0
Merge pull request #4327 from JacobBarthelmeh/Compatibility-Layer-Part3
...
add implementation of AUTHORITY_INFO_ACCESS_free
2021-08-27 09:27:34 -07:00
21159659cf
add implementation of AUTHORITY_INFO_ACCESS_free
2021-08-26 14:48:12 -06:00
ef0fb6520d
Merge pull request #4283 from JacobBarthelmeh/Compatibility-Layer-Part2
...
couple more compatibility functions
2021-08-26 11:50:09 -07:00
b5d42eb773
Merge pull request #4318 from kojo1/i2d_RSA
...
arg type compatibility
2021-08-26 09:51:43 -06:00
77eff68b95
addressed review comment
2021-08-25 11:07:32 +09:00
3f2abef212
Merge pull request #4321 from haydenroche5/libimobiledevice
...
Make changes to support libimobiledevice.
2021-08-24 17:19:26 -07:00
3d8dc68266
free test case object
2021-08-24 10:59:38 -06:00
ff521a14e4
add test case and macro mapping
2021-08-24 10:59:38 -06:00
7ff1351971
Make changes to support libimobiledevice.
...
- `EVP_PKEY_assign_RSA` should store the private key in DER format, not the
public key.
- The last call to `infoCb` in `wolfSSL_BIO_write` should provide the length of
the data to write.
- We should be able to parse RSA public keys starting with BEGIN RSA PUBLIC KEY
and ending with END RSA PUBLIC KEY.
2021-08-24 08:52:43 -07:00
9c541568fc
Merge pull request #4313 from SparkiDev/rsa_vfy_only
...
SP RSA verify only: fix to compile
2021-08-23 14:42:56 -07:00
da6e8d394f
shift instead of multiply and add comment
2021-08-23 13:24:27 -06:00
8808e6a3ac
implement set_tlsext_max_fragment_length
2021-08-23 09:08:14 +09:00
10c5e33027
arg type compatibility
2021-08-20 15:21:06 +09:00
dbb03cb5a3
SP RSA verify only: fix to compile
...
Configurations:
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math-all
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math --enable-sp-asm
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math --enable-sp-asm
2021-08-20 13:16:58 +10:00
e7ef48d2b7
Merge pull request #3869 from SparkiDev/asn1_template
...
ASN1 Template: stricter and simpler DER/BER parsing/construction
2021-08-19 12:47:04 -07:00
3226e69649
--enable-linuxkm-pie (FIPS Linux kernel module) ( #4276 )
...
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
2021-08-19 09:15:52 -07:00
d486b89c61
ASN1 Template: stricter and simpler DER/BER parsing/construction
...
Reduce debug output noise
2021-08-19 11:32:41 +10:00
9a1233c04d
Merge pull request #4312 from julek-wolfssl/DH_set_length
...
Implement `DH_set_length`.
2021-08-18 16:42:38 -07:00
eaded189ff
Merge pull request #4310 from haydenroche5/dsa_fips
...
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
2021-08-18 16:33:26 -07:00
8df65c3fa7
Merge pull request #4270 from dgarske/zd12586
...
Fixes for various PKCS7 and SRP build issues
2021-08-19 08:12:15 +10:00
c5f9e55567
Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled.
2021-08-18 11:30:18 -07:00
6237a7a00d
Merge pull request #4305 from TakayukiMatsuo/i2t
...
Add support for wolfSSL_i2t_ASN1_OBJECT
2021-08-18 10:37:08 -06:00
162f14aaf9
Implement `DH_set_length`.
2021-08-18 13:24:51 +02:00
d1e027b6fa
Fix for pedantic warning with pre-processor in macro.
2021-08-17 14:55:42 -07:00
89904ce82e
Fixes for building without AES CBC and support for PKCS7 without AES CBC.
2021-08-17 10:47:19 -07:00
a9b8b6d3de
Fix for PKCS7 heap hint in API unit test.
2021-08-17 10:46:53 -07:00
421be50cb8
Add support for wolfSSL_i2t_ASN1_OBJECT
2021-08-17 10:52:20 +09:00
95ab6ce4b8
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
...
This test calls `wolfSSL_DSA_do_sign_ex` and `wolfSSL_DSA_do_verify_ex`, both
of which don't exist if `HAVE_FIPS` is defined.
2021-08-16 17:42:00 -07:00
d4391bd997
Parse distinguished names in `DoCertificateRequest`
...
The CA names sent by the server are now being parsed in `DoCertificateRequest` and are saved on a stack in `ssl->ca_names`.
2021-08-14 00:24:08 +02:00
647e007eea
Implement `wolfSSL_set_client_CA_list` and add 'HIGH' cipher suite
2021-08-14 00:24:08 +02:00
b2380069f0
Merge pull request #4261 from dgarske/rsa_der_pub
2021-08-13 13:36:01 -07:00
ca06694bfb
Merge pull request #4282 from miyazakh/SSL_CIPHER_xx
...
Add SSL_CIPHER_get_xxx_nid support
2021-08-13 13:48:31 -06:00
5235b7d1e6
Merge pull request #4291 from miyazakh/PARAM_set1_ip
...
Add X509_VERIFY_PARAM_set1_ip support
2021-08-13 13:45:33 -06:00
1acf64a782
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
2021-08-14 02:16:34 +09:00
ec4e336866
Merge pull request #4299 from haydenroche5/evp_pkey_dec_enc_improvements
...
Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
2021-08-13 08:10:20 -07:00
3be13f7358
Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
...
- Handle case where output buffer is NULL. In this case, passed in output buffer
length pointer should be given the maximum output buffer size needed.
- Add better debug messages.
2021-08-12 18:46:15 -07:00
7dea1dcd39
OpenResty 1.13.6.2 and 1.19.3.1 support
...
# New or Updated APIs
- wolfSSL_get_tlsext_status_type
- wolfSSL_X509_chain_up_ref
- wolfSSL_get0_verified_chain
- SSL_CTX_set_cert_cb
- SSL_certs_clear
- SSL_add0_chain_cert ssl_cert_add0_chain_cert
- SSL_add1_chain_cert ssl_cert_add1_chain_cert
- sk_X509_NAME_new_null
- SSL_CTX_set_cert_cb
- SSL_set0_verify_cert_store
- SSL_set_client_CA_list
# Other Changes
- Ignore gdbinit
- Add api.c tests for new API
- Add `WOLFSSL_X509_STORE* x509_store_pt` to `WOLFSSL`
- Add macro to select the `WOLFSSL` specific store when available and the associated `WOLFSSL_CTX` store otherwise. Calls to `ssl->ctx->cm` and `ssl->ctx->x509_store*` were replaced by macros.
- NO-OP when setting existing store
- Add reference counter to `WOLFSSL_X509_STORE`
- Cleanup MD5 redundant declarations
- WOLFSSL_ERROR may map to nothing so make assignment outside of it
- refMutex fields are excluded with SINGLE_THREADED macro
- Chain cert refactor
- Make `wolfSSL_add0_chain_cert` and `wolfSSL_add1_chain_cert` not affect the context associated with the SSL object
- `wolfSSL_CTX_add1_chain_cert` now updates the `ctx->certChain` on success and stores the cert in `ctx->x509Chain` for later free'ing
2021-08-12 23:58:22 +02:00
cccb8f940a
Merge pull request #4209 from julek-wolfssl/net-snmp
...
Add support for net-snmp
2021-08-12 13:06:21 -07:00
93a1fe4580
Merge pull request #4205 from julek-wolfssl/wpas-include-extra-stuff
...
Include stuff needed for EAP in hostap
2021-08-12 11:17:23 -07:00
d4b0ec0705
Merge pull request #4290 from TakayukiMatsuo/general
...
Add wolfSSL_GENERAL_NAME_print
2021-08-12 09:51:28 -06:00
517309724a
Add wolfSSL_GENERAL_NAME_print
2021-08-12 14:17:41 +09:00
fc4e4eacba
Merge pull request #4292 from kojo1/evp
...
EVP_CIPHER_CTX_set_iv_length
2021-08-11 16:13:26 -06:00
fdb6c8141e
Merge pull request #4274 from haydenroche5/pyopenssl
...
Add support for pyOpenSSL.
2021-08-10 11:49:07 -07:00
c0b085dd4a
EVP_CIPHER_CTX_set_iv_length
2021-08-08 14:49:28 +09:00
a066c48f55
fix jenkins failure
2021-08-07 11:13:41 +09:00
a851e13f1d
implemented X509_VERIFY_PARAM_set1_ip
2021-08-07 10:50:57 +09:00
1b2d57123f
tests/api.c: add missing (void) arg lists.
2021-08-05 15:30:33 -05:00
fab227411f
Free ECC cache per thread when used
2021-08-05 15:34:47 +02:00
1e491993ca
add a2i_IPADDRESS
2021-08-05 16:53:36 +07:00
67e773db91
implement SSL_CIPHER_xxxx
2021-08-05 09:42:55 +09:00
5465d40ee3
Attempt to move asn.c RSA API defs into asn_public.h, since ASN is not in FIPS boundary.
2021-08-04 17:42:46 -07:00
35a33b2f00
Add support for pyOpenSSL.
...
pyOpenSSL needs the OpenSSL function X509_EXTENSION_dup, so this commit adds
that to the compatibility layer. It also needs to be able to access the DER
encoding of the subject alt names in a cert, so that's added as well.
2021-08-04 14:08:43 -07:00
fdbe3f0ff1
Merge pull request #4258 from miyazakh/evp_md_do_all
...
add EVP_MD_do_all and OBJ_NAME_do_all support
2021-08-04 12:17:27 -06:00
d39893baa0
add ctx set msg callback
2021-08-04 16:49:01 +07:00
d64768abff
Merge pull request #4265 from miyazakh/ecc_pubkey
...
update der size in actual length
2021-08-03 16:41:36 -06:00
c7a6b17922
Need to free ecc cache
2021-08-03 19:29:08 +02:00
2bbd04f10f
Implement BIO_new_accept and BIO_do_accept
2021-08-03 19:29:08 +02:00
46b061c7bc
Include stuff needed for EAP in hostap
...
Patch that includes the API needed for EAP in hostapd and wpa_supplicant
2021-08-03 17:52:50 +02:00
dc7ae37f7a
Make changes to support port of NTP from OpenSSL to wolfSSL.
2021-08-02 13:33:18 -07:00
a5b55344b1
Merge pull request #2760 from kojo1/EVP-test
...
additional test on EVP_CipherUpdate/Final
2021-08-02 09:23:00 -07:00
0dc98b8299
Add support for EVP_shake128/256
2021-08-02 13:00:31 +09:00
bad9a973b4
remove hard tabs and other minor fixes
2021-07-30 07:07:40 +09:00
297ae23521
additional test on EVP_CipherUpdate/Final
2021-07-30 06:50:01 +09:00
c69d6d2491
Added public API `wc_RsaKeyToPublicDer_ex` to allow getting RSA public key without ASN.1 header (can return only seq + n + e). Related to PR #4068 . Cleanup documentation for RSA and wolfIO. Consolidate duplicate code in `wc_RsaPublicKeyDerSize`.
2021-07-29 09:27:50 -07:00
6f2853ef28
Merge pull request #4251 from dgarske/openssl_all
...
Fixes for edge case builds with openssl all
2021-07-29 08:58:22 -07:00
2b43052f36
update pkey sz in actual length
2021-07-29 23:28:10 +09:00
e333632ad0
add obj_name_do_all
2021-07-29 14:37:10 +09:00
2abf23cbc9
fix jenkins failure
2021-07-29 09:03:38 +09:00
b2b5d4e603
add evp_md_do_all
2021-07-29 08:59:26 +09:00
2c1fed8262
Fixes for edge case builds with openssl all. Improvements to the `test_wolfSSL_PKCS8_d2i`. Allow forceful disable of OCSP with `./configure --enable-opensslall --disable-ocsp`.
2021-07-28 12:32:08 -07:00
4da7fbb654
tests: use different IPv4 address in + add IPv6 SAN to generated cert
2021-07-28 09:36:21 +02:00
0d0dfc3f5e
Merge pull request #4238 from dgarske/xc32
...
Fixes for building with Microchip XC32 and ATECC
2021-07-28 09:33:01 +10:00
2dac9a2a81
Merge pull request #4228 from miyazakh/EVP_blake2xx
...
add EVP_blake2 compatibility layer API
2021-07-27 11:45:37 -06:00
d49d8a9286
Merge pull request #4204 from SparkiDev/ecies_sec1
...
ECIES: SEC.1 and ISO 18033 support
2021-07-27 09:43:53 -07:00
a92f03a11e
Fixes for building with Microchip XC32 and ATECC.
2021-07-27 08:20:20 -07:00
8c63701577
Merge pull request #4247 from SparkiDev/dhp_to_der_fix
...
OpenSSL API: DH params to der
2021-07-26 17:00:34 -07:00
31dde4706e
ECIES: Support SEC 1 and ISO 18033
...
Default is SEC 1.
To use old ECIES implementation: --enable-eccencrypt=old or define
WOLFSSL_ECIES_OLD
To use ISO-18033 implememtation: --enable-eccencrypt=iso18033 or
define WOLFSSL_ECIES_ISO18033
Support passing NULL for public key into wc_ecc_decrypt().
Support not having public key in privKey passed into wc_ecc_encrypt() -
public key is calculated and stored in priKey.
Add decrypt KAT test for ECIES.
2021-07-27 09:30:53 +10:00
028c056c55
Merge pull request #4213 from lealem47/leakFixes
...
Addressing possible leaks in ssl.c and api.c
2021-07-26 23:32:19 +07:00
ce7e1ef94a
Merge pull request #4230 from douzzer/configure-max-bits-and-ex-data
...
configure options for max rsa/ecc bits and ex_data
2021-07-26 09:27:20 -06:00
7d5271ed71
OpenSSL API: DH params to der
...
Fix calculation of length of encoding in ssl.c.
Fix encoding to check proper length in asn.c.
Fix tests to check for correct value (api.c).
2021-07-26 22:47:46 +10:00
27c49b1673
Merge pull request #4075 from julek-wolfssl/bind-dns
...
Bind 9.17.9 and 9.11.22 Support
2021-07-26 11:24:57 +07:00
494e285cf1
configure.ac: add --with-max-rsa-bits, --with-max-ecc-bits, and --enable-context-extra-user-data[=#]; untabify and otherwise clean up whitespace; tweak api.c, ecc.h, rsa.h, and settings.h, for compatibility with new options.
2021-07-23 22:02:58 -05:00
e8d636771f
Merge pull request #4231 from haydenroche5/des3-iv-fips
...
Use correct DES IV size when using FIPS v2.
2021-07-23 09:38:56 -07:00
10168e093a
Rebase fixes
2021-07-23 18:14:54 +02:00
142ff6d885
Bind 9.11.22
2021-07-23 18:14:18 +02:00
06ebcca913
Code review and mp_int memory leak fixes
2021-07-23 18:14:18 +02:00
b4fd737fb1
Bind 9.17.9 Support
...
- Add `--enable-bind` configuration option
- New compatibility API:
- `RSA_get0_crt_params`
- `RSA_set0_crt_params`
- `RSA_get0_factors`
- `RSA_set0_factors`
- `RSA_test_flags`
- `HMAC_CTX_get_md`
- `EVP_MD_block_size`
- `EC_KEY_check_key`
- `o2i_ECPublicKey`
- `DH_get0_key`
- `DH_set0_key`
- Calling `EVP_MD_CTX_cleanup` on an uninitialized `EVP_MD_CTX` structure is no longer an error
- `DH_generate_parameters` and `DH_generate_parameters_ex` has been implemented
2021-07-23 18:14:12 +02:00
94373781b2
C++ fix: cast from void* to X509_OBJECT*
2021-07-23 14:56:38 +10:00
ec180f3901
Use correct DES IV size when using FIPS v2.
2021-07-22 18:17:41 -07:00
6a3ff81f2d
use EVP_get_digestbyname
2021-07-22 08:17:55 +09:00
b4c61b4df9
add EVP_blake2xyyy
2021-07-22 08:17:54 +09:00
c544c19013
Merge pull request #4227 from miyazakh/ERR_lib_error_string
...
add ERR_lib_error_string compatibility layer API
2021-07-21 11:19:29 -06:00
83c6688bee
Merge pull request #4135 from dgarske/evp_set1_eckey
...
Fixes for handling PKCS8 ECC key with EVP PKEY
2021-07-22 00:17:11 +07:00
b76d44dad9
add ERR_lib_error_string
2021-07-21 10:31:00 +09:00
2014d39254
fixes for valgrind-detected leaks and undefined data accesses: wolfSSL_{SHA*,MD5}_Final (OpenSSL compat wrappers): call wc_*Free() on sha state that otherwise leaks when _SMALL_STACK_CACHE; test_wc_curve25519_shared_secret_ex(): properly initialize public_key.
2021-07-20 18:26:05 -05:00
762b384be2
Fixes for `-pedantic` errors.
2021-07-20 10:02:16 -07:00
fd52424dd5
Improvements to PKCS8 handling.
...
* Fixes for handling PKCS8 in keys with EVP PKEY. Resolves QT test issues. Replacement to PR #3925 .
* Improved code handling for PKCS 8 headers. Change PemToDer to not strip the PKCS8 header.
* Add support in the ECC/RSA/DH key import code to support detection / handling of the PKCS8 header.
* Fix for `wc_RsaKeyToDer` to be exposed with `OPENSSL_EXTRA`.
* Adds EVP PKCS8 test case for RSA and ECC.
* Refactor `test_wolfSSL_OPENSSL_hexstr2buf` to resolve g++ compiler warning.
* Added new `WOLFSSL_TRAP_MALLOC_SZ` build option to trap mallocs that are over a specified size.
2021-07-20 10:02:16 -07:00
77c9b36b5a
Merge pull request #4181 from dgarske/sniffer_keycb
...
Sniffer fixes and new sniffer key callback support
2021-07-19 13:26:17 -07:00
186ff2b365
make -DNO_ED25519_KEY_{IMPORT,EXPORT} buildable, and fix api.c and suites.c so that -DNO_ED*_KEY_{IMPORT,EXPORT} pass make check.
2021-07-16 23:07:28 -05:00
ac92204c15
make -DNO_ED448_KEY_{IMPORT,EXPORT} buildable
2021-07-16 18:21:30 -05:00
c97eff6e61
evp.c: add missing checks and logic in wolfSSL_EVP_CIPHER_CTX_ctrl(), and fix api.c:test_IncCtr() to exercise wolfSSL_EVP_CIPHER_CTX_ctrl() with EVP_CTRL_GCM_IV_GEN using an AES cipher, with thanks to Juliusz.
2021-07-16 15:30:23 -05:00
9b43e57ccf
ED: add streaming API to the ED verify routines: wc_ed*_verify_msg_init(), wc_ed*_verify_msg_update(), wc_ed*_verify_msg_final();
...
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;
track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;
add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;
add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.
add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;
add macro asserts near top of ed*.h to assure the required hash functions are available;
fix {NO,HAVE}_ED*_{SIGN,VERIFY};
wolfcrypt/test/test.c: add missing key initializations in ed*_test();
wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
2021-07-16 13:49:47 -05:00
73323e694f
Addressing possible leaks in ssl.c and api.c
2021-07-16 09:48:06 -06:00
f82fd01283
Merge pull request #4202 from JacobBarthelmeh/BuildOptions
...
fix for build with wpas and disable tls13
2021-07-14 09:07:08 -07:00
18399091ce
Merge pull request #4012 from julek-wolfssl/haproxy
...
HaProxy 2.4-dev18 support
2021-07-14 15:46:04 +07:00
2592a04d8a
fix for build with wpas and disable tls13
2021-07-13 15:49:40 +07:00
c01a63508a
account for testing on big endian system
2021-07-09 08:18:39 -06:00
e1b487ab9f
Fix for `wc_export_int` with `WC_TYPE_HEX_STR`, which was not returning the correct length.
2021-07-08 14:36:36 -07:00
b9dac74086
Merge pull request #4193 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis tests
2021-07-07 14:23:58 -07:00
86e5287a14
Merge pull request #4032 from TakayukiMatsuo/tk11968
...
Make wolfSSL_CTX_set_timeout reflect to Session-ticket-lifetime-hint
2021-07-07 22:26:06 +07:00
b7bd3766c7
Fix pedantic errors about macros in macros
2021-07-07 10:54:34 +02:00
7b9d6a3f5e
Merge pull request #3792 from TakayukiMatsuo/os_keylog
...
Add wolfSSL_CTX_set_keylog_callback
2021-07-07 15:34:33 +07:00
1acf906612
Code review changes
2021-07-06 15:39:23 +02:00
1b6b16c2c3
HaProxy 2.4-dev18 support
...
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
- `STACK_TYPE_X509_OBJ`
- `OCSP_id_cmp`
- `X509_STORE_get0_objects`
- `X509V3_EXT_nconf_nid`
- `X509V3_EXT_nconf`
- `X509_chain_up_ref`
- `X509_NAME_hash`
- `sk_X509_NAME_new_null`
- `X509_OBJECT_get0_X509`
- `X509_OBJECT_get0_X509_CRL`
- `ASN1_OCTET_STRING_free`
- `X509_LOOKUP_TYPE`
- `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
- WOLFSSL_CTX
- Enable all compiled in protocols
- Allow anonymous ciphers
- Set message grouping
- Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
- Return first that occured
- Set correct value on date error
- Set revoked error on OCSP or CRL error
- Save value in session and restore on resumption
- Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
2021-07-06 15:39:23 +02:00
ae00b5acd0
some minor changes for unintialized and null infer reports
2021-07-06 14:13:45 +07:00
5df0f7820a
Add wolfSSL_CTX_set_keylog_callback
2021-07-03 14:51:23 +09:00
567d8ed704
Make wolfSSL_set_session return success on timeout under WOLFSSL_ERROR_CODE_OPENSSL macro definition.
2021-07-02 10:50:00 +09:00
aef9e560b1
Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint.
2021-07-02 09:15:01 +09:00
43f8c5ba1b
Merge pull request #4121 from JacobBarthelmeh/PKCS7
...
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
2021-07-01 17:03:56 -07:00
9179071af5
Merge pull request #4153 from JacobBarthelmeh/Testing
...
fix for keyid with ktri cms
2021-06-29 11:40:00 -06:00
74b9b5a8cd
Merge pull request #4156 from SparkiDev/regression_fixes_1
...
Regression test fixes
2021-06-25 07:48:02 -07:00
5038a27cda
add test cases and set content oid with decode encrypted data
2021-06-25 21:16:01 +07:00
dab6724059
Regression fixes: more configurations
...
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
&& make
./configure --disable-aescbc --disable-chacha --disable-poly1305
--disable-coding && make
2021-06-25 15:23:51 +10:00
1994811d24
Merge pull request #4144 from haydenroche5/pkcs8
...
Make a bunch of PKCS#8 improvements.
2021-06-25 12:22:11 +10:00
8592053856
Regression test fixes
...
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
2021-06-25 09:18:06 +10:00
656e49cc3b
Expand SHA-3 support
...
Add more support in the EVP layer as well as add signing support. The SHA-3 OID's were also added for DER algorithm identifier encoding.
2021-06-24 19:31:43 +02:00
b3401bd102
Make a bunch of PKCS#8 improvements.
...
- Add doxygen documentation for wc_GetPkcs8TraditionalOffset, wc_CreatePKCS8Key,
wc_EncryptPKCS8Key, and wc_DecryptPKCS8Key.
- Add a new API function, wc_CreateEncryptedPKCS8Key, which handles both
creation of an unencrypted PKCS#8 key and the subsequent encrypting of said key.
This is a wrapper around TraditionalEnc, which does the same thing. This may
become a first-class function at some point (i.e. not a wrapper). TraditionalEnc
is left as is since it is used in the wild.
- Added a unit test which exercises wc_CreateEncryptedPKCS8Key and
wc_DecryptPKCS8Key. Testing wc_CreateEncryptedPKCS8Key inherently also tests
TraditionalEnc, wc_CreatePKCS8Key, and wc_EncryptPKCS8Key.
- Modified wc_EncryptPKCS8Key to be able to return the required output buffer
size via LENGTH_ONLY_E idiom.
- Added parameter checking to wc_EncryptPKCS8Key and wc_DecryptPKCS8Key.
2021-06-23 08:39:20 -07:00
2923d812bd
Merge pull request #4058 from miyazakh/qt_oslext_cs
...
TLS: extend set_cipher_list() compatibility layer API
2021-06-23 10:12:11 +10:00
4b3bd3e384
Merge pull request #4049 from miyazakh/set_verifyDepth_3
...
Set verify depth limit
2021-06-22 10:23:43 -06:00
446393bcab
Merge pull request #3793 from TakayukiMatsuo/os_base64
...
Add wolfSSL_EVP_Encode/Decode APIs
2021-06-22 10:19:30 -06:00
b050463dce
Merge pull request #4059 from miyazakh/qt_unit_test
...
fix qt unit test
2021-06-22 10:12:48 -06:00
647bde671c
macro guard on test case
2021-06-22 22:56:35 +07:00
3cd43cf692
fix for keyid with ktri cms
2021-06-22 21:33:12 +07:00
c4ea64b7fc
Merge pull request #4140 from SparkiDev/set_sig_algs
2021-06-21 19:18:10 -07:00
7224fcd9bc
TLS: add support for user setting signature algorithms
2021-06-18 16:19:01 +10:00
1ebb4a47f6
addressed jenkins failure
2021-06-18 11:22:20 +09:00
4feedb72cc
simulate set_ciphersuites comp. API
2021-06-18 11:22:19 +09:00
ddf2a0227f
additional fix for set verify depth to be compliant with openssl limit
2021-06-18 11:00:51 +09:00
951de64e2c
set PSK at the beginning
2021-06-18 07:59:35 +09:00
1307972344
Update use of joi cert and add to renew script.
2021-06-16 13:55:36 -05:00
9e02655ac4
Merge remote-tracking branch 'upstream/master' into os_base64
2021-06-16 23:19:52 +09:00
b73673a218
Merge pull request #3794 from TakayukiMatsuo/os_keyprint
...
Add wolfSSL_EVP_PKEY_print_public
2021-06-16 08:43:41 +10:00
c6680d08ba
Fix coding issues
2021-06-15 11:16:38 +09:00
77df7d8630
Merge pull request #3968 from elms/pedantic_cleanup
...
Fixes for some `-pedantic` errors
2021-06-14 13:46:39 -07:00
fd6b30ef32
Merge pull request #4111 from elms/silabs/fix_ecc_shared_secret_outlen
...
silabs: fix `wc_ecc_shared_secret` to only return x coordinate
2021-06-14 13:44:00 -07:00
a8d185cb9e
Merge pull request #4117 from TakayukiMatsuo/tk12403
...
Add null-parameters-test cases for SHA(), SHA224(), MD5() and MD5_xxx().
2021-06-14 13:52:01 -06:00
ed4cf6e91c
silabs: fix `wc_ecc_shared_secret` to only return x coordinate
...
secure element computes and returns the full coordinate. The wolfSSL
API should only return the x component.
2021-06-13 21:46:23 -07:00
ebec2fbd25
Fixed uninitialized parameter for Base16_Encode
2021-06-14 13:45:12 +09:00
6d3b9aec80
fix api compile failure
2021-06-12 09:24:11 +09:00
ed5cb0a1bd
Modified along the revire comments
2021-06-11 21:08:27 +09:00
779e3701e6
Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint
2021-06-11 13:56:52 +09:00
36a9cd3010
Merge pull request #3911 from TakayukiMatsuo/tk11851
...
Fix SSL_read behaving differently from openSSL after bidirectional shutdown
2021-06-11 10:25:39 +10:00
3ecb8d5a3e
Merge pull request #4062 from dgarske/dh_key
...
DH Key and Params Export cleanups and Apache httpd fixes
2021-06-10 20:54:32 +10:00
4d3f2f92fd
Add test cases for SHA(), SHA224(), MD5() and MD5_xxx() to test with null parameters.
2021-06-10 16:40:51 +09:00
c6c7dfd5db
Merge pull request #4053 from SparkiDev/cppcheck_fixes_6
...
cppcheck: fixes from reviewing report
2021-06-09 12:51:30 -07:00
9580574382
Merge pull request #3999 from dgarske/user_io
...
Fixes for building with `WOLFSSL_USER_IO`
2021-06-09 08:55:36 +10:00
70d2c838bb
Merge pull request #4080 from kaleb-himes/SHAKE_DEFAULT_FIX
...
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-09 08:52:05 +10:00
6db0b42c7f
* Refactor of DH key and param exports code (moved into asn.c) enabled with `WOLFSSL_DH_EXTRA`.
...
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
2021-06-08 09:27:26 -07:00
0186d19aba
Fix some coding style issues.
2021-06-08 16:25:28 +09:00
88322b82a5
Merge pull request #3871 from julek-wolfssl/openvpn-master
...
OpenVPN additions and fixes
2021-06-08 13:54:14 +10:00
8ee1dda2f9
Merge pull request #4001 from dgarske/time_long
...
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
2021-06-08 11:17:55 +10:00
5c01613acb
Add GCC extension to bypass select `-pedantic` warnings
...
Add wrapper macro for `__extension__` to suppress pedantic warnings
2021-06-07 15:38:15 -07:00
3e307aa626
Merge pull request #4091 from JacobBarthelmeh/Testing
...
add strict check on signature length
2021-06-07 11:02:02 -07:00
f97ca1c1ca
adjust test case and add useful comments
2021-06-07 19:44:05 +07:00
898b9d5e24
Merge pull request #4084 from dgarske/sp_math_keygen
...
Fix for building SP small math only (no DH) with key generation
2021-06-07 10:48:01 +10:00
c245c4a812
add strict check on signature length
2021-06-05 03:09:33 +07:00
961773b384
Merge pull request #4079 from lealem47/PKCS12UnitTest
...
Pkcs12 unit test
2021-06-03 16:07:54 -06:00
21060afb80
Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error.
2021-06-03 10:56:54 -07:00
195ca2b3f0
Add corner test cases for EVP_EncodeFinal and EVP_DecodeFinal
2021-06-03 20:02:48 +09:00
6cfb982740
Merge pull request #3981 from miyazakh/qt_oslext_cnf
...
Added compatibility layer API
2021-06-01 15:25:37 -06:00
72fc7e62b8
Fixed spacing
2021-06-01 14:47:51 -06:00
94831eadf1
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-01 11:38:17 -06:00
03a5395b53
Fixed casting issue
2021-06-01 09:46:30 -06:00
2db233d10e
Added wolfssl_PKCS12_verify_mac testing in test_wolfSSL_PKCS12() function in api.c
2021-05-28 16:33:46 -06:00
7a98c517e4
Fixes for some `-pedantic` errors
...
Some of the API with callbacks may not be compatible with pedantic
2021-05-27 14:46:45 -07:00
d1e3be1f43
Replace return code from literal to value
2021-05-27 06:20:34 +09:00
41af3da0e3
Merge pull request #4057 from SparkiDev/no_tls12_pkcb
...
TLS: fix build with no TLSv12 but PK callbacks
2021-05-25 15:26:40 -07:00
af67965f65
addressed jenkins failures part1
2021-05-26 06:07:48 +09:00
33e91c577f
added unit test cases for cmdline
2021-05-26 06:07:47 +09:00
394c0b5cdc
implemented CONF_cmd
2021-05-26 06:07:47 +09:00
e1bc0c4447
EVP AES-GCM Streaming: must free Aes
...
AES streaming implementation allocates data in Aes objects, when small
stack, that needs to be freed.
Fix memory leaks in streaming test case too.
2021-05-25 15:57:09 +10:00
6747055d46
TLS: fix build with no TLSv12 but PK callbacks
...
./configure '--disable-tlsv12' '-enable-pkcallbacks'
Disable non-TLS13 cipher suite test as well.
2021-05-21 10:59:23 +10:00
2c6285ccba
cppcheck: fixes from reviewing report
2021-05-20 17:55:06 +10:00
8c71fb4113
Add test cases for wc_ShaxxxUpdate funcs
2021-05-14 09:46:21 +09:00
5865dc08dd
Code review changes
2021-05-13 15:21:33 +02:00
c75830e2e8
Merge pull request #4011 from miyazakh/set_verify_depth2
...
fix out of bound access when peer's chain is greater than verifyDepth + 1
2021-05-11 15:38:39 -06:00
fce9870a64
Merge pull request #4020 from ejohnstown/options-export
...
New Option Export/Import
2021-05-11 09:10:17 -07:00
d74b74d156
Also adjust for v3 of export, and update the API test case.
2021-05-10 18:06:31 -07:00
db7888ceaa
Fix for the unmodified check for AesCbc test.
2021-05-10 10:04:50 -07:00
c88afdef87
Fixes for building with `WOLFSSL_USER_IO` (with no built-in socket support). Related to issue #3998 .
2021-05-06 11:07:05 -07:00
2a39f1dc5c
fixed memory leak
2021-05-06 16:55:51 +09:00
93f04543b0
fixed unit test intermittent failure
2021-05-06 15:40:24 +09:00
0539b99c86
fix boundary access when peer's chain is less than verifyDepth + 1
2021-05-06 14:54:16 +09:00
822aa92fcc
Fix test_wolfSSL_CertManagerCheckOCSPResponse.
...
This test broke once we went past the nextUpdate time in the static, raw OCSP
response being used. This change makes it so that response is valid until 2048.
2021-05-03 15:26:39 -07:00
6e0197e171
Merge pull request #4002 from kabuobeid/smime_fixes
...
S/MIME: Canonicalize multi-part messages before hashing. Improve error checking in wc_MIME_parse_headers.
2021-05-03 09:24:43 -07:00
effcecf40d
S/MIME: Add non-canonicalized test case
2021-04-30 15:07:37 -07:00
f8ecd4b441
Fixes for building with `NO_ASN_TIME`. If used with TLS user must supply `LowResTimer` and `TimeNowInMilliseconds`.
2021-04-30 15:04:31 -07:00
57e03d7e2f
Merge pull request #3961 from miyazakh/qt_oslext_pskss_cb
...
added psk session callback compatibility layer API
2021-04-30 14:26:44 -06:00
c4782a7a1c
Fix macro guard for wolfSSL_CRYPTO_get_ex_new_index and get_ex_new_index.
2021-04-28 10:41:49 +09:00
9c0ff73370
Add wolfSSL_CRYPTO_get_ex_new_index
2021-04-28 10:38:53 +09:00
0e40293798
added psk session callback
2021-04-28 10:08:21 +09:00
385e0bedaa
Merge pull request #3990 from haydenroche5/ocsp_bug
...
Fix CompareOcspReqResp.
2021-04-27 17:07:58 -07:00
edb0beb9b6
Merge pull request #3969 from TakayukiMatsuo/koyo
...
Add wolfSSL_DH_get0_pqg
2021-04-27 17:52:17 -06:00
6fad8c4a57
Merge pull request #3975 from TakayukiMatsuo/resumable
...
Add implementation for wolfSSL_SESSION_is_resumable.
2021-04-27 16:45:34 -06:00
73076940af
Fix CompareOcspReqResp.
...
There was a bug in this function that could cause a match to be reported even
when the OCSP request and response in fact had a mismatch.
2021-04-27 13:54:43 -07:00
6d381a6c7f
do nothing when version is zero
2021-04-27 21:13:19 +09:00
3b070e1bd0
add MIN/MAX_PROTO into CTX_ctrl
...
add unit test for min/max proto of CTX ctrl
2021-04-27 21:13:17 +09:00
91e90f7a98
Merge pull request #3604 from haydenroche5/stunnel
...
Make changes to get latest verison of stunnel (5.57) working with wolfSSL.
2021-04-23 15:41:22 -07:00
c3fefc6e27
Merge pull request #3889 from douzzer/network-introspection
...
--enable-wolfsentry
2021-04-23 15:38:01 -07:00
2b6f623777
Add implementation for wolfSSL_SESSION_is_resumable.
2021-04-23 11:12:20 +09:00
c442841e4a
Fix some along review.
2021-04-23 10:53:22 +09:00
d22ed7443b
Fix unit test.
2021-04-23 09:47:24 +09:00
568c09bcde
Add guard to the unit test
2021-04-23 09:47:24 +09:00
63826e227b
Add wolfSSL_DH_get0_pqg
2021-04-23 09:47:24 +09:00
878e0006ad
Merge pull request #3965 from miyazakh/qt_oslext_epk_param_ck
...
added wofSSL_EVP_PKEY_param_check for compatibility layer API
2021-04-22 15:43:47 -06:00
89d7f4faf3
tests/api.c: add missing void arglists.
2021-04-21 03:22:10 -05:00
ba2cc00e5d
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-04-20 23:59:57 -05:00
d3b41a2fed
addressed review comments p1
2021-04-21 09:10:32 +09:00
e063984d17
added EVP_PKEY_param_check
2021-04-21 07:53:18 +09:00
bca3cd1d49
fix jenkins failures
2021-04-21 07:39:12 +09:00
89b5b90be6
added compatibility layer API stub for Qt 5.15.2
2021-04-21 07:39:12 +09:00
f931e67cd7
Merge pull request #3946 from TakayukiMatsuo/tk11899
...
Add test cases for EVP_CIPHER_CTX_cleanup and BIO_free
2021-04-20 10:10:41 -06:00
c3aee06b23
Merge pull request #3939 from miyazakh/qt_v5p15p2_r1
...
added and modified compatibility layer APIs for Qt v5.15.2 part1
2021-04-20 10:02:27 -06:00
Daniel Pouzzner
Anthony Hu
Kaleb Himes
JacobBarthelmeh
John Safranek
Juliusz Sosinowicz
Hideki Miyazaki
Eric Blankenhorn
TakayukiMatsuo
David Garske
elms
Sean Parkinson
Chris Conlon
Hayden Roche
Takashi Kojo
Juliusz Sosinowicz
TakayukiMatsuo
Takashi Kojo
Per Allansson
Lealem Amedie
Kareem Abuobeid
toddouska