e1433867ce
fix for expected nightly config test report
2019-12-20 09:46:12 -07:00
3342a19e29
Merge pull request #2578 from cariepointer/ZD-9478-and-9479
...
Add sanity checks for parameters in wc_scrypt and wc_Arc4SetKey
2019-12-19 10:59:05 -08:00
6922d7031c
Merge pull request #2685 from embhorn/coverity_fixes
...
Coverity fixes
2019-12-18 14:06:48 -08:00
52893877d7
Fixes from review
2019-12-18 13:25:25 -06:00
f81ce71c25
Merge pull request #2660 from JacobBarthelmeh/Compatibility-Layer
...
add --disable-errorqueue option
2019-12-17 16:37:02 -08:00
5711d12364
Remove SSL_library_init() calls in unit tests to fix valgrind issues
2019-12-17 15:54:10 -07:00
774a758f59
Fixes in test and example code
2019-12-17 15:56:40 -06:00
88188b79e2
Fix mem leak
2019-12-16 18:03:11 -08:00
2e5258fe15
add --disable-errorqueue option
2019-12-11 11:19:58 -07:00
4511557f01
More jenkins test fixes
2019-12-09 15:57:53 -07:00
9ad970d8a4
Fixes for jenkins test failures
2019-12-09 14:04:52 -07:00
05e672428d
Merge pull request #2645 from cconlon/cmsrsacb
...
CMS SignedData RSA sign callback for raw digest
2019-12-06 17:13:32 -07:00
ee13dfd878
Add Qt 5.12 and 5.13 support
...
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
2019-12-06 14:27:01 -07:00
6081bdaad6
free PKCS7 before creating new in API test
2019-12-06 12:00:33 -07:00
2528121925
Fix RSA public key only builds
...
Client side only and no client auth
2019-12-06 20:42:27 +10:00
312d5c98b3
Merge pull request #2535 from julek-wolfssl/nginx-1.15
...
Nginx 1.15.0 & 1.16.1
2019-12-05 14:40:45 -08:00
a13ebf5258
Merge pull request #2543 from embhorn/zd5706
...
Update DoVerifyCallback to check verify param hostName and ipasc
2019-12-05 14:38:47 -08:00
be97444d24
add api test for wc_PKCS7_SetRsaSignRawDigestCb()
2019-12-05 10:33:49 -07:00
29a8262ea4
Only test X509_NAME_print_ex when defines enabled
2019-11-27 17:46:15 +01:00
944d5e1045
Don't count null char in better way
2019-11-27 17:46:15 +01:00
5f39e12b21
Fix leak in SSL_CTX_set0_chain
2019-11-27 17:46:15 +01:00
8dde06bbca
Fix compile errors
2019-11-27 17:46:15 +01:00
dd07344499
SSL_SESSION_dup
2019-11-27 17:46:15 +01:00
b71758895e
Add support for SSL_CTX_set0_chain
2019-11-27 17:46:15 +01:00
9b7cd6bdfd
Merge pull request #2613 from tmael/evp_aes_gcm
...
Set default IV length for EVP aes gcm
2019-11-26 15:18:27 -08:00
9ecafa7afe
Merge pull request #2557 from tmael/cert_store_ls_x509
...
Retrieve a stack of X509 certs
2019-11-26 15:16:09 -08:00
6c732725b0
Test evp aes gcm with default IV length
2019-11-20 16:37:15 -08:00
520a032b71
Add show x509 test
2019-11-15 13:23:08 -08:00
6ca12787ae
retrieve a stack of X509 certs in a cert manager and a store ctx
2019-11-15 13:23:08 -08:00
961f9c4ecc
Cleanup for invalid use of `NO_SHA512` in api.c unit test.
2019-11-15 12:08:50 -08:00
546442c130
Fix for CAVP test issue trying to use `AES_128_KEY_SIZE` and `AES_IV_SIZE`.
2019-11-12 09:43:09 -08:00
d17748b1ad
Fix for `EC_GROUP_order_bits` and added unit test.
2019-11-11 14:58:23 -08:00
2bae1d27a1
wolfSSL Compatibility support for OpenVPN
...
* Adds compatibility API's for:
* `sk_ASN1_OBJECT_free`
* `sk_ASN1_OBJECT_num`
* `sk_ASN1_OBJECT_value`
* `sk_X509_OBJECT_num`
* `sk_X509_OBJECT_value`
* `sk_X509_OBJECT_delete`
* `sk_X509_NAME_find`
* `sk_X509_INFO_free`
* `BIO_get_len`
* `BIO_set_ssl`
* `BIO_should_retry` (stub)
* `X509_OBJECT_free`
* `X509_NAME_get_index_by_OBJ`
* `X509_INFO_free`
* `X509_STORE_get0_objects`
* `X509_check_purpose` (stub)
* `PEM_read_bio_X509_CRL`
* `PEM_X509_INFO_read_bio`
* `ASN1_BIT_STRING_new`
* `ASN1_BIT_STRING_free`
* `ASN1_BIT_STRING_get_bit`
* `ASN1_BIT_STRING_set_bit`
* `DES_check_key_parity`
* `EC_GROUP_order_bits`
* `EC_get_builtin_curves`
* `EVP_CIPHER_CTX_cipher`
* `EVP_PKEY_get0_EC_KEY`
* `EVP_PKEY_get0_RSA`
* `EVP_PKEY_get0_DSA` (stub)
* `HMAC_CTX_new`
* `HMAC_CTX_free`
* `HMAC_CTX_reset`
* `HMAC_size`
* `OBJ_txt2obj`
* `RSA_meth_new`
* `RSA_meth_free`
* `RSA_meth_set_pub_enc`
* `RSA_meth_set_pub_dec`
* `RSA_meth_set_priv_enc`
* `RSA_meth_set_priv_dec`
* `RSA_meth_set_init`
* `RSA_meth_set_finish`
* `RSA_meth_set0_app_data`
* `RSA_get_method_data`
* `RSA_set_method`
* `RSA_get0_key`
* `RSA_set0_key`
* `RSA_flags`
* `RSA_set_flags`
* `RSA_bits`
* `SSL_CTX_set_ciphersuites`
* `SSL_CTX_set_security_level` (stub)
* `SSL_export_keying_material` (stub)
* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505 .
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
2019-11-11 14:58:23 -08:00
a2cdb87067
Add check for if length is <= 0 in wc_Arc4SetKey
2019-11-08 14:54:39 -07:00
c06efb6c1f
Ensure space for name string. Reset policy count.
...
Only set the name string in one place, keeping a length of the name type
to copy. Also only move cert data index once.
Reset certificate extension policy number/count in case of malicious
cert with multiple policy extensions.
2019-11-07 13:51:50 +10:00
ba34b0d09f
Merge pull request #2547 from SparkiDev/rsa_pss_salt_len
...
Compile options for larger salt lengths in RSA-PSS
2019-11-06 13:03:15 -08:00
16899b55b2
Fix for ARM platforms
2019-11-04 11:54:36 -06:00
35ec2bc6d4
Compile options for larger salt lengths in RSA-PSS
...
Salt length larger than the hash size allowed in RSA-PSS.
Passing -2 to PSS pad function uses maximum salt length.
Passing -2 to PSS un-pad function makes it discover salt length.
2019-11-04 14:27:02 +10:00
58d800fbb7
Adding support for IP address verification
2019-10-31 09:15:22 -05:00
51e8abf126
Merge pull request #2531 from SparkiDev/nginx_unittest
...
Fix unittest to pass when compiling for NGINX
2019-10-28 11:27:22 -07:00
28cc7daa68
Merge pull request #2511 from tmael/BN_bn2hex
...
Fix for hex digits with fastmath and normal integer
2019-10-23 15:10:40 -07:00
a3c09f6794
Fix unittest to pass when compiling for NGINX
2019-10-22 08:47:49 +10:00
497818525a
check on keygen for make rsa key function
2019-10-21 14:54:17 -06:00
09a0859865
fix for fortress and no sha build with encrypted keys
2019-10-21 09:37:24 -06:00
ea45da5fa8
change add_all_* to be evp table init and fix valgrind report
2019-10-20 01:13:43 -06:00
0e73af8b88
Merge pull request #2515 from JacobBarthelmeh/Testing
...
Initial pass on test cycle
2019-10-17 16:02:17 -07:00
b7d4c9f839
fix build with no server and enable all
2019-10-16 14:19:50 -06:00
b4a3ad6e2d
fix test case for enckeys + des3 with md5 disabled
2019-10-15 17:07:05 -06:00
1267987c31
Review comment
2019-10-15 12:24:57 -07:00
1a18e3bba8
Add leading zero padding for odd hex ASCII digits
2019-10-15 11:54:58 -07:00
63e74554a8
fix for warning when using c++ compiler
2019-10-15 10:07:02 -07:00
441f3a7f1f
Add leading zero for odd number of hex digits
2019-10-14 16:43:45 -07:00
d30e4ac74f
Merge pull request #2499 from ejohnstown/sniffer-features
...
Sniffer Features
2019-10-14 15:35:55 -07:00
c3e99e1394
Merge pull request #2510 from tmael/bio_base64
...
Fix a return value from wolfSSL_BIO_BASE64_write()
2019-10-14 15:44:14 -06:00
df77088d5c
Merge pull request #2461 from kaleb-himes/ZD_5541_PathLenConstraint
...
addressing non RFC compliance in handling of pathLen constraint
2019-10-14 09:41:09 -07:00
ccc500e13f
Correct return value from wolfSSL_BIO_BASE64_write()
2019-10-11 14:52:53 -07:00
9357db4d0c
check value of ret in test cases
2019-10-11 15:27:15 -06:00
306b280ccd
Add test cases and implement peer suggestions
...
Fix failing jenkins test cases
Add detection for file size with static memory
Account for cert without pathLen constraint set including test cases
Resolve OCSP case and test where cert->pathLen expected to be NULL
2019-10-11 15:03:38 -06:00
9c5fd165d0
addressing non RFC compliance in handling of pathLen constraint
2019-10-10 16:45:29 -06:00
d781734b55
Merge pull request #2507 from cariepointer/apache_updates
...
Apache updates
2019-10-10 12:45:01 -07:00
e22563ed00
BIO chain test
2019-10-09 11:38:07 -07:00
d89f9ddc42
Update X509V3_EXT_print for different extension types
2019-10-09 11:10:27 -07:00
b247b4565c
Fixes for build warnings with apache httpd
2019-10-07 11:15:55 -07:00
a991cc42f4
Add function wolfSSL_get_cipher_name_iana_from_suite() a wrapper around
...
internal API GetCipherNameIana().
2019-10-04 14:54:17 -07:00
87a8447f0d
1. Added a tag for global variables in environments where they aren't
...
shared across threads by default.
2. Set the Trace file and flag up with the shared flag.
2019-10-04 14:54:17 -07:00
30829cec09
Merge pull request #2482 from SparkiDev/cppcheck_fixes_1
...
Fixes from using cppcheck tool
2019-10-04 14:39:31 -07:00
f47a9c8b20
Add conditional to 64-bit tests
2019-10-04 09:41:48 -05:00
901ee627fc
Fixes from using cppcheck tool
...
Various fixes for uninitialized variable use.
sniffer.c: close file when seek fails
tls.c: fix QSH_GET_SIZE macro
wolfio.c: uIPGenerateCookie: use the parameter, _ctx, instead of self
referencing.
wolfssl_adds.c: check for equivalent to XBADFILE to indicate error.
SP: change right shift of signed value to unsigned
sp_int.h: define 128-bit types
types.h: change a XMALLOC define to not use (,,) - cppcheck doesn't like
it and is unnecessary.
2019-10-01 09:22:00 +10:00
34e0eb498a
Fix for `X509_set_subject_name` and `X509_set_issuer_name` API unit test macro enables.
2019-09-26 08:42:35 -07:00
606b76d06e
Fix for WPAS certificate size difference. Fix so BIO_METHOD is compatible. Moved BIO stuff into bio.h.
2019-09-26 08:42:35 -07:00
a5f9d38c0d
Remove the BIO method custom... its not compat. Fix bio->ptr to be `void*`.
2019-09-26 08:42:35 -07:00
872d222b59
* Adds the following openssl compatibility API's:
...
- SSL_CIPHER_get_id
- SSL_CIPHER_get_rfc_name
- SSL_get_cipher_by_value
- X509_print_ex
- X509_NAME_add_entry_by_NID
- X509_time_adj
- X509_time_adj_ex
- DTLSv1_get_timeout
- DTLSv1_handle_timeout
- DTLSv1_set_initial_timeout_duration
- SSL_CTX_set_current_time_cb
- PEM_write_bio_RSA_PUBKEY
- PEM_read_bio_RSA_PUBKEY
- PEM_write_bio_PUBKEY
- EVP_PKEY_missing_parameters
- EVP_PKEY_cmp
- BN_is_negative
- BIO_set_retry_write
* Improvements to the notBefore and notAfter date handling.
* Improvements to BIO and BIO_METHOD
- Moved structure to public area to allow for dereferencing
- Renamed members to provide compatibility.
- Added support for custom BIO methods for read/write.
* Added advanced openssl compatibility test cases for key and certificate generation.
* Fix for `ASN1_STRING_set` to allow NULL data.
* Fix to populate public key information on `EVP_PKEY_assign_RSA` and `EVP_PKEY_assign_EC_KEY`.
* Fix naming for `X509_get_notBefore` and `X509_get_notAfter` functions.
* Added `wc_EccPublicKeyDerSize`.
* Improvements to `wc_RsaPublicKeyDerSize`, so dummy memory doesn't have to be allocated.
* Made the `wc_*PublicKeyDerSize` functions public.
* Eliminate use of snprintf for UTC to generalized time conversion in `wolfSSL_ASN1_TIME_to_generalizedtime`.
2019-09-26 08:42:35 -07:00
f1b68873ef
add check on dependencies for tests
2019-09-26 11:43:12 +07:00
02c5d36f72
Fixes for `--enable-opensslextra` or `--enable-opensslall` with `NO_WOLFSSL_CLIENT` or `NO_WOLFSSL_SERVER` defined.
2019-09-25 20:11:54 -07:00
b92509144b
Merge pull request #2475 from dgarske/qat_key
...
Fixes and improvements for async
2019-09-20 10:44:33 -07:00
2dafd2102c
Add Apache HTTP Server compatibility and --enable-apachehttpd option ( #2466 )
...
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 17:11:10 -07:00
6aecdf59c1
Fixes for async build and tests.
2019-09-19 12:30:05 -07:00
0bc16d47e2
Add support for prime checking to sp_int.c
...
This allows SP to support:
- DH parameter checking
- DH parameter generation
- RSA key generation
Improved performance of sp_mod operation.
Reworked some functions to have one exit point (return statement).
Fixed sp_sub_d().
Changed tests to perform 2048-bit RSA key generation only when using SP
math.
Fixed Intel x86_64 C file to not have DH specific functions available
unless WOLFSSL_HAVE_SP_DH is defined.
Fixed tfm to return an error when t is not the correct size in
fp_isprime_ex().
2019-09-19 09:08:15 +10:00
d6685edfa0
Merge pull request #2440 from SparkiDev/tlsfuzzer_fixes
...
Fixes for fuzz testing
2019-09-05 09:01:10 -07:00
eaeaaf12c1
Merge pull request #2446 from SparkiDev/gplusplus_fix_1
...
Fixes for g++ compilation
2019-09-04 16:28:42 -07:00
56df8162bd
Fixes for g++ compilation
2019-09-04 10:09:36 +10:00
492ce6ac91
Merge pull request #2414 from dgarske/pkcs8_asn1
...
Added support for loading a PKCS8 ASN.1 formatted private key
2019-09-03 15:36:31 -07:00
60befc82c5
Fixes for fuzz testing
...
Changes
- Don't ignore decryption errors when doing TLS 1.3 and after Client
Finished.
- Put out an alert when TLS 1.3 decryption fails.
- Properly ignore RSA pss_pss algorithms when checking for matching
cipher suite.
- Check X25519 public value before import in TLS v1.2-
- REcognise TLS 1.3 integrity-only cipher suites as not negotiable with
TLS 1.2-.
- Send decode_error alert when bad message data in CertificateVerify.
- Negotiate protocol version in TLS 1.3 using extension and keep
decision when using TLS 1.2 parsing.
- Must have a signature algorithms extension in TLS 1.3 if not doing
PSK.
- More TLS v1.3 alerts.
- MAX_PSK_ID_LEN needs to be modified at compile time for tlsfuzzer to
work.
- change the good ecc public key to be a real public key when compiled
to check imported public keys
- Fix early data in TLS 1.3
- Make max early data size able to be changed at compile time - default
4K but fuzzer sends 16K
- Fix HRR, PSK and message hashes: Don't initialize hashes in parsing
ClientHello as need to keep hash state from previous ClientHello and
HelloRetryRequest
2019-09-02 08:58:14 +10:00
adc548fc61
Merge pull request #2428 from ejohnstown/ecckey-test-fix
...
Fix ECC key decode test
2019-08-30 11:07:00 -07:00
b8d2ccee83
Merge branch 'master' into phase2_compatibility_APIs
2019-08-29 09:16:41 -07:00
9034e3a0fe
Merge pull request #2432 from embhorn/api_p2
...
Adding compatibility API phase 2
2019-08-29 09:05:01 -07:00
411f15bec3
Merge pull request #2429 from cconlon/cmssig
...
Add internal PKCS7 content digest check
2019-08-28 09:41:10 -06:00
0c9ba1b361
Adding compatibility API phase 2
2019-08-28 09:29:49 -05:00
7fcb85b743
ECC-FP Cache Memory Leak
...
Each test case for ECC should be cleaning up the FP cache if it uses
the cache. Only a couple cases were getting freed.
2019-08-27 14:43:25 -07:00
a49f447e47
Merge pull request #2413 from dgarske/load_ca_nodate
...
Refactor of the verify option for processing X.509 files
2019-08-27 13:20:30 -07:00
00dadafddb
Add HAVE_FAST_RSA around RSA_print()
2019-08-26 16:54:10 -07:00
9b3fee223f
Typecast to correct type
2019-08-26 14:17:13 -07:00
6311ae425c
RSA_generate_key() needs WOLFSSL_KEY_GEN
2019-08-26 13:47:54 -07:00
5e28dd94a2
OpenSSL compatible APIs:
...
ASN1_STRING_type
EVP_aes_128_gcm
EVP_CIPHER_CTX_ctrl
EVP_PKEY_sign
EVP_PKEY_sign_init
RSA_print
RSA_NO_PADDING
RSA_PKCS1_PSS_PADDING
2019-08-26 12:20:18 -07:00
61d01ab7f3
add unit test for PKCS7 invalid detached content
2019-08-26 09:43:20 -06:00
2c97b040ff
Merge pull request #2419 from dgarske/ctx_sec_reneg
...
Adds use secure renegotiation at CTX level
2019-08-23 12:55:30 -07:00
67c3751836
Adds new `wolfSSL_CTX_UseSecureRenegotiation` API for setting secure renegotiation at the WOLFSSL_CTX level.
2019-08-20 16:43:28 -07:00
24bfea1ad2
Fixes for various build options (!NO_RSA, HAVE_ECC, NO_PKCS8, NO_PKCS12). Added new `NO_CHECK_PRIVATE_KEY` to allow reduce code size when not required.
2019-08-20 10:38:08 -07:00
644e7a8f45
Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with `--disable-oldnames`. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests.
2019-08-19 16:27:46 -07:00
01a3b59e28
fix cast and initialization of variable
2019-08-19 14:54:53 -06:00
3e1c103c78
Added support for loading a PKCS8 ASN.1 formatted private key (not encrypted).
2019-08-16 16:09:00 -07:00
586b74b05f
Refactor of the verify option for processing X.509 files. Adds support for ignoring date checks when loading a CA using the `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` flag on `wolfSSL_CTX_load_verify_buffer_ex` and `wolfSSL_CTX_load_verify_locations_ex`.
2019-08-16 15:19:55 -07:00
487e66394e
adjust wc_i2d_PKCS12 API
2019-08-16 15:19:33 -06:00
489af0cd2b
Merge pull request #2386 from SparkiDev/tls13_integ_only
...
TLS 1.3 and Integrity-only ciphersuites
2019-08-15 16:02:12 -07:00
b06dbf16c2
Merge pull request #2397 from JacobBarthelmeh/PKCS7
...
updates to CMS and callback functions
2019-08-15 15:56:41 -07:00
1b841363cc
Adding tests
2019-08-15 12:27:23 -05:00
b2b24a06f3
Adding API
2019-08-14 15:09:17 -05:00
48fa6a458c
Adding compatibility API phase 1
2019-08-13 17:09:56 -05:00
1371fc8327
Review comments
2019-08-06 13:23:18 -07:00
eccc85b9fa
Add NO_RSA conditional
2019-08-05 17:51:31 -07:00
f5f5947616
New OpenSSL compatible APIs:
...
wolfSSL_PEM_write_bio_PKCS7
wolfSSL_PKCS7_SIGNED_new
wolfSSL_X509_subject_name_hash
wolfSSL_CTX_use_PrivateKey_ASN1
wolfSSL_get0_param
wolfSSL_X509_VERIFY_PARAM_set1_host
2019-08-05 17:35:37 -07:00
99ddf65a96
add decrypt callback to wc_PKCS7_DecodeEnvelopedData
2019-08-05 10:49:15 -06:00
e83116fc0b
Resolution for FIPS/CAVP build errors where `wc_ecc_get_curve_params` is not present in older wolfSSL versions.
2019-08-02 13:25:11 -07:00
d1fbdb3ddf
Added API unit test for `wc_ecc_get_curve_params`.
2019-08-02 06:20:14 -07:00
51dfc35aac
TLS 1.3 and Integrity-only ciphersuites
2019-08-02 11:00:18 +10:00
589b056ecb
update gitignore and location of test cleanup
2019-07-23 09:27:39 -06:00
aec980b803
fix for initialize PKCS7 structure with signer
2019-07-19 16:23:14 -06:00
3aad9a2673
FIPS Macro Fix
...
In a couple places the label WOLFSSL_FIPS was getting checked. Changed
to the correct HAVE_FIPS instead.
2019-07-17 15:35:12 -07:00
c3c705f82b
FIPS, HMAC, and PKCS8
...
One of the tests for PKCS8 depended on keys encrypted with a password
that has only 8 letters. HMAC in FIPS mode requires a minimum of 12
bytes. Disabled that test case when FIPS is enabled. All components do
get tested just not all together in that case.
2019-07-17 15:35:12 -07:00
8bf8fcca60
Merge pull request #2352 from dgarske/async_v4.1
...
Fixes for Asynchronous support in v4.1
2019-07-16 17:32:18 -06:00
7b021d68c3
Fixes for asynchronous support in v4.1:
...
* Fixes PK callback null dereference.
* Fixes `DoCertificateVerify` verify handling.
* Fixes build issue with API tests.
2019-07-16 11:56:02 -07:00
2e308ea82c
Merge pull request #2260 from JacobBarthelmeh/PKCS7
...
PKSC7 firmware revision + callback / get SID
2019-07-16 10:51:38 -06:00
d620433d1d
Merge pull request #2209 from tmael/maintenanceDefects
...
Increased ciphers buffer size for testsuite and ECC API for getting curve from dp
2019-07-15 16:49:13 -07:00
6e6c93624a
free test RSA key after use
2019-07-15 12:32:19 -06:00
60fc9b3a1d
add test for manual verify
2019-07-15 12:32:19 -06:00
d33a95352a
fix check on ret value and add test case
2019-07-15 12:32:19 -06:00
baf65f4f43
Merge pull request #2327 from JacobBarthelmeh/Compatibility-Layer
...
add wolfSSL_PEM_write_DHparams implementation
2019-07-08 12:58:10 -07:00
2a4b935e07
Merge pull request #2299 from JacobBarthelmeh/DTLS-MultiCore
...
DTLS export/import state only
2019-07-08 12:47:13 -07:00
ab9d89cb31
cast on return and move location of function declaration
2019-07-03 15:20:08 -06:00
02871d5ed4
add test case for wolfSSL_PEM_write_DHparams
2019-07-03 13:32:21 -06:00
f51a8fffde
Merge pull request #2265 from JacobBarthelmeh/Testing
...
fix check on ret value and add test case
2019-06-27 14:02:01 -06:00
cb4f9afd6d
free memory in test case
2019-06-25 15:24:39 -06:00
0e3881d418
add test case for state only export on DTLS session
2019-06-24 16:08:12 -06:00
dd9dd6306e
API unit test fix to remove improperly placed `wolfSSL_Cleanup()` call in `test_for_double_Free`. This caused erronous report with `fsanitize=address`.
2019-06-18 16:22:19 -07:00
25aeb8238e
Addressed review comment about id being undefined
2019-06-04 16:05:57 -07:00
9fbe471156
fix check on ret value and add test case
2019-06-03 07:52:50 +07:00
88bf5d9676
add sanity check on buffer index and regression tests
...
macro guards on use case and adjustment for memory size
gcc-8 warning fix
adjustement to default memory bucket sizes
2019-05-14 15:55:24 -06:00
5e343b8e7e
Merge pull request #2201 from dgarske/siglen
...
Improvements to the maximum ECC signature calculations
2019-05-01 15:42:12 -07:00
86101468fc
Fixes for know wolfSSL build issues in the following cases:
...
* Fixes for building wolfSSL from GitHub sources download, where .git does exist. The autogen.sh still needs to "touch" files for the build to work.
* Fix for FIPS case where `wc_RsaSetRNG` is not available.
* Added new `./configure --enable-usersettings` option to not populate the Makefile with build options and instead define `WOLFSSL_USER_SETTINGS` and expect a user provided `user_settings.h` file.
* Fix for `HAVE___UINT128_T` to match config.h generated value to eliminate warning.
2019-04-30 11:45:48 -07:00
dfde631cb2
Free key at the end of the test
2019-04-24 11:49:53 -07:00
edef75c70f
Wrapped new unit test API with FIPS macros
2019-04-24 10:02:20 -07:00
6b51f2d5b2
Added unit test for wc_ecc_get_curve_id_from_dp_params
2019-04-23 16:45:52 -07:00
29101a29c9
free key in test case, initialize variables fix, macro guard on iana use
2019-04-19 09:47:15 -06:00
ec2849b885
macro guard on EncodePolicyOID use
2019-04-18 14:56:24 -06:00
efc96e40d1
add test cases
2019-04-18 10:41:51 -06:00
e4555b5bf5
add wolfTLSv1_3_method()
2019-04-18 09:31:01 -06:00
bd618970c1
Fixed API unit test for `wc_ecc_sig_size` to allow smaller result.
2019-04-12 12:36:20 -07:00
b224f6fac9
Merge pull request #2181 from JacobBarthelmeh/Compatibility-Layer
...
update wolfSSL_i2d_RSAPrivateKey function
2019-04-03 09:16:10 -07:00
6968797848
fixed jenkins test failure
2019-03-30 01:35:35 +09:00
1c22f14d1c
added unit test for session resumption re-using WOLFSSL obj
2019-03-29 20:13:41 +09:00
b599dc2b9d
update wolfSSL_i2d_RSAPrivateKey function
2019-03-28 14:15:57 -06:00
9ea2dbea95
Merge pull request #2172 from dgarske/atecc
...
Fixes for ATECC support
2019-03-28 10:36:54 -07:00
8c6316eb9c
Merge pull request #2179 from kojo1/X509_STORE_CTX
...
X509_STORE_CTX_free compatibility
2019-03-27 17:17:26 -06:00
f493ff859c
Merge pull request #2178 from JacobBarthelmeh/Testing
...
add guard on test case for pkcs7 with no aes
2019-03-25 09:42:54 -07:00
6b325929e5
Merge pull request #2175 from kojo1/BN_init
...
add BN_init
2019-03-25 09:04:36 -06:00
3e42c6edcd
remove sk_X509_free for compatibility
2019-03-24 16:57:08 +09:00
3d747f7c87
add guard on test case for pkcs7 with no aes
2019-03-22 15:56:05 -06:00
f66aa60385
Fix for build warning with x/y always true when not building with ALT_ECC_SIZE. Fix for build error with undefined `wc_ecc_sign_hash_ex` when building ATECC and `WOLFSSL_PUBLIC_MP`.
2019-03-21 09:13:39 -07:00
384b240ea2
minor fix in test_wolfSSL_BN(), api.c
2019-03-17 13:37:17 +09:00
6a3eccd344
add BN_init, working with tfm, only.
2019-03-17 13:28:04 +09:00
1ac74b0061
Release Fixes
...
1. Added some typecasting for g++ v8 permissive pointer use errors with void*.
2019-03-15 16:26:11 -07:00
246c444b93
Updates for v4.0.0
...
Update the copyright dates on all the source files to the current year.
2019-03-15 10:37:36 -07:00
0ef4b7e933
Merge pull request #2164 from JacobBarthelmeh/PKCS7
...
adjust location of where PKCS7 content is saved
2019-03-15 09:40:17 -07:00
45b6a3b67d
adjust location of where PKCS7 content is saved
2019-03-14 16:48:08 -06:00
6ff2039b1f
Merge pull request #2163 from ejohnstown/config-fixes
...
Configuration Fixes
2019-03-14 15:21:41 -07:00
3e3f746f3b
Configure Fixes
...
When enable-all and disable-rsa is configured, some of the tests needed
for all don't work because they only use RSA keys or certificates.
Disabled those test cases in that build combination.
2019-03-14 10:37:40 -07:00
e08b36ea9c
handle pkcs7 bundle with signed envelope and no certs list
2019-03-14 09:51:58 -06:00
27ea9d9bce
Configure Fixes
...
1. The combination enable-all and disable-rsa breaks some of the
testing. Added the NO_RSA guards as appropriate.
2. Disabled the OCSP stapling and CRL tests when RSA is disabled as they
use test certificates with RSA keys.
2019-03-13 17:54:33 -07:00
4c42630f2b
Merge pull request #2158 from JacobBarthelmeh/PKCS7
...
PKCS7 BER decode enveloped content
2019-03-13 11:33:52 -07:00
68c576e0d9
add macro guard around test case
2019-03-13 10:31:32 -06:00
effca6c081
add test case for BER encoded PKCS7 content decoding
2019-03-13 08:53:15 -06:00
70490a4db6
Merge pull request #1855 from ejohnstown/trust-ca
...
Trusted CA Key Indication Extension
2019-03-12 13:52:27 -07:00
8a4e8067f6
1. In the trusted CA extension code, add guards for NO_SHA around the cases that use SHA-1.
...
2. Check the trusted CA id pointer for NULL before copying.
3. Updated the api test for the NO_SHA change.
4. Remove the TCA options member as redundant.
2019-03-11 12:42:13 -07:00
2342ea15eb
Remove the CTX versions of the UseTrustedCA functions. A session needs
...
to be able to set a flag in the extension and that isn't allowed in the
CTX extensions.
2019-03-11 12:36:58 -07:00
b7663a940e
Trusted CA Key Indication Extension
...
Added an API for enabling the Trusted CA Key Indication extension from
RFC6066 section 6. If the server doesn't have a match for the client,
the client will abandon the session.
2019-03-11 12:35:12 -07:00
a364874b48
Implement check for Ed25519 private matching public
...
Add test SSL test that uses the Ed25519 private key only
2019-03-05 08:19:33 +10:00
a3af2fc960
Fix for single threaded case with double free on suites.
2019-02-26 11:03:02 -08:00
efc1ab8c42
Merge pull request #2111 from SparkiDev/ed25519_fixes_1
...
Various improvements for testing
2019-02-25 13:55:28 -08:00
8bb4e23f8d
Various improvements for testing
...
Fix wc_ecc_fp_free() to be called when using HAVE_STACK_SIZE.
Increase size of replyin client.c so all HTTP reply is displayed.
Fix api.c to support only Ed25519 (not RSA and ECC)
Fix suites.c to detect when CA for client won't work (Ed25519 only)
For Static Memory add debugging and small profile.
Also allow realloc to be called with NULL.
Add more Ed25519 certs and keys.
Fix names of Ed25519 filenames for client and server.
Do NOT turn on ECC_SHAMIR by default with lowresource.
Enable WOLFSSL_STATIC_MEMORY_SMALL if low resource and no RSA.
2019-02-22 17:14:19 +10:00
289f51a77d
Fixes for various spelling errors.
2019-02-21 13:29:44 -08:00
08bcef7c0c
adjust wolfSSL_PKCS7_verify API test
2019-02-12 14:48:49 -07:00
4f4d16d9e5
Merge pull request #2068 from dgarske/pkcs7_verify_degenerate
...
Fixes to handle degenerate PKCS 7 with BER encoding
2019-02-07 15:00:21 -08:00
ec28376e7f
add PKCS7 BER verify test and fix for streaming
2019-02-06 11:05:15 -07:00
8fc1780688
Merge pull request #2065 from SparkiDev/ossl_fix1
...
Changes to make symbols available for OpenSSL compat
2019-02-01 10:04:41 -08:00
3a0afc3506
Fixes to handle degenerate PKCS 7 with BER encoding in `PKCS7_VerifySignedData`. Fix for PKCS7 API unit test with SHA512 disabled. ZD 4757.
2019-01-31 14:36:46 -08:00
0b2bbc33bd
Merge pull request #2059 from miyazakh/openssl_bksize_digest
...
Added EVP_MD_CTX_block_size and exposed EVP_Digest()
2019-01-28 15:17:26 -07:00
1288036dbe
Merge pull request #2047 from kojo1/freeCRL
...
wolfSSL_CertManagerFreeCRL: exposing FreeCRL
2019-01-25 16:08:31 -08:00
e4abcc0a15
fixed api unit test
2019-01-25 09:38:19 +09:00
53adb93ae4
Added EVP_MD_CTX_block_size and publicized EVP_Digest()
2019-01-25 09:05:36 +09:00
4ef6841465
Changes to make symbols available for OpenSSL compat
2019-01-24 08:38:05 +10:00
5539b0eb38
wolfSSL_CertManagerFreeCRL: exporsing FreeCRL
2019-01-20 10:11:19 +09:00
f0a3045d62
af_alg sha3 addition
...
hardware acceleration with RSA
add AES-GCM hardware acceleration
refactor setting RSA IV flag
check and set AF_ALG flags
fix for default AF_ALG use
set buffer alignment with Xilinx RSA
macro guard after rebase
use ALIGN64
clean up test cases
2019-01-18 16:25:24 -07:00
d02f7a75b9
Merge pull request #2019 from dgarske/arduino
...
Improvements to Arduino sketch
2019-01-18 08:54:42 -08:00
809fed8f05
Fix to resolve unit test error with `WOLFSSL_CIPHER_INTERNALNAME` or `NO_ERROR_STRINGS` defined.
2019-01-13 11:06:04 -08:00
cfc66dab47
Fix compiler complaints when using Curve25519.
2019-01-11 21:16:13 -08:00
45cd80b4b7
Fix define check of `NO_CERT` to be `NO_CERTS`.
2019-01-11 21:10:07 -08:00
bcc177b23d
Fixes for build warnings.
2019-01-11 21:07:23 -08:00
164a762088
fix afalg/cryptodev + opensslextra build
2018-12-20 10:52:17 -07:00
92d59c7df4
fix for cryptonly + rsavfy build
2018-12-19 14:36:32 -07:00
195b995bc4
Fixes from review
2018-12-11 12:19:45 -06:00
dc104985c3
Fixes from review
2018-12-11 11:41:39 -06:00
59bfead3c8
Fixes from review
2018-12-11 11:30:13 -06:00
1c0fa6fb58
Code coverage tests and fixes - default config
2018-12-11 08:56:21 -06:00
7048efb5fa
Test adjustments for testing with nginx in FIPS mode
2018-12-06 13:02:58 -07:00
28dc1cbb67
fix unit test for PKCS#7 with AES disabled
2018-12-03 12:00:04 -07:00
a5e3b18252
exclude wolfSSL_EC_POINT_point2hex() in CAVP selftest build
2018-11-27 09:12:55 -08:00
f11809aa62
Merge pull request #1923 from JacobBarthelmeh/Testing
...
cast to resolve warning, check size of time_t, and check for null tes…
2018-11-21 10:17:23 -08:00
95bd340de5
Add support for more OpenSSL APIs
...
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
2018-11-20 07:54:24 +10:00
ee30b2b476
better name for time_t size macro guard
2018-11-16 15:51:38 -07:00
c307fd7af4
additional macro guards for disabling aescbc with opensslextra
2018-11-15 13:40:04 -07:00
0f4a06594e
cast to resolve warning, check size of time_t, and check for null test case
2018-11-12 16:02:33 -07:00
f7f6506a54
Merge pull request #1898 from cconlon/cmsupdates
...
wolfCrypt PKCS#7/CMS Expansion
2018-11-07 08:36:02 -08:00
27db083733
make degenerate test structure dynamic to set the uninitialized dynamic flag
2018-11-06 18:35:13 -08:00
9bef9bad8e
PKCS7/CMS build fixes when disabling individual AES sizes
2018-11-06 18:35:13 -08:00
62a2847d75
make internal stream buffer dynamic
...
formating and build without stream api
2018-11-06 18:35:12 -08:00
98efc1e9de
testing with verify signed stream function
2018-11-06 18:35:12 -08:00
5525f59852
first addition of verify sign stream data
2018-11-06 18:35:12 -08:00
02df920269
use fall through and update api tests to use wc_PKCS7_New
2018-11-06 18:35:12 -08:00
83a150c4df
stream of PKCS7 decode encrypted
2018-11-06 18:35:12 -08:00
06a6f8400b
add CMS AuthEnvelopedData support for authAttrs
2018-11-06 18:35:12 -08:00
0b3930e24f
save and set PKCS7 isDynamic flag in wc_PKCS7_Init
2018-11-06 18:35:12 -08:00
efb1efcc0d
Fixes and additional tests for compatibility function `BN_bn2hex`. In the DEBUG_WOLFSSL case it was returning a `(char*)""`, which was trying to be free'd. We cannot return `const char*` here, since its assumed to be an allocated pointer. Fix the dynamic type for XMALLOC/XFREE to match, since `OPENSSL_free` is used to free returned value. Fix to add room for null term. Added missing API unit test for `BN_print_fp`. Exposed these functions for `OPENSSL_EXTRA`.
2018-11-06 05:55:25 -08:00
1ffc1108a6
Merge pull request #1906 from cconlon/selftest-fixes
...
fixes for CAVP selftest build errors
2018-11-01 11:31:39 -06:00
6dd4fba888
fix for clang warning
2018-10-30 17:41:03 -06:00
cc3ccbaf0c
add test for degenerate case and allow degenerate case by default
2018-10-30 17:04:33 -06:00
def7a91e70
fix CAVP selftest build errors
2018-10-30 16:35:45 -06:00
86758f9640
Fixes for key size detection when using PK callbacks (HSM) and no private key has been loaded (affects `HAVE_PK_CALLBACKS` on server side only when no dummy private key is loaded). Fix for possible leak during ECC min key size failure with small stack. Added new API `wc_RsaPublicKeyDecode_ex` for parsing an RSA public key for the modulus and exponent. Changed `wolfSSL_CTX_SetTmpEC_DHE_Sz` to support a `size == 0` for using the long-term private key's size. Changed `ECDHE_SIZE` so it can be overridden and build-time. Added tests for `wolfSSL_CTX_SetTmpEC_DHE_Sz` and `wolfSSL_SetTmpEC_DHE_Sz`.
2018-10-25 09:15:23 -07:00
878b5925fc
Merge pull request #1877 from dgarske/pkcs8_ec
...
Added support for ECC private key with PKCS8 encoding
2018-10-22 14:59:10 -07:00
7ce236f3af
Fix for new `test_wolfSSL_PKCS8` changes to init/free the ecc_key.
2018-10-19 16:04:02 -07:00
095337b1cf
Merge pull request #1878 from kaleb-himes/TEST_COVERAGE_3
...
Test coverage 3
2018-10-17 13:47:10 -07:00
dcb105deff
Merge pull request #1876 from dgarske/max_frag_256
...
Added new 256-byte max fragment option `WOLFSSL_MFL_2_8`
2018-10-17 13:21:57 -07:00
8b529d3d57
Add test for ECC private key with PKCS 8 encoding (no crypt) and `-----BEGIN EC PRIVATE KEY-----` header.
2018-10-17 10:01:29 -07:00
5ca822b1e9
Peer review changes requested
2018-10-17 10:46:45 -06:00
2aa6f91144
Reset IV after update via call to encrypt
2018-10-16 18:31:16 -06:00
ab61cefa58
Fix max frag error case tests to use min/max.
2018-10-16 08:58:46 -07:00
4adaeb8585
Added new 256-byte max fragment option `WOLFSSL_MFL_2_8`.
2018-10-15 17:06:21 -07:00
d67cb9e875
Added new build option for Microchip CryptoAuthLib (--enable-cryptoauthlib). Build fixes with WOLFSSL_ATECC508A enabled.
2018-10-15 14:17:43 -07:00
0b78b75530
Merge pull request #1860 from dgarske/tls_either_side
...
Methods cleanup and new DTLS "either" side methods
2018-10-12 07:35:17 -07:00
f9ff151ee7
wolfSSL_AES_cbc_encrypt unit test refactor, TODO: Decrypt
2018-10-10 16:16:57 -04:00
23797ab4cb
wolfSSL_AES_cbc_encrypt unit tests, TODO: Decrypt
2018-10-10 15:59:10 -04:00
5d047cc4d9
Added test_wc_curve25519_size to increase code coverage
2018-10-10 12:46:25 -07:00
8f1ad656c2
Improving code coverage
2018-10-09 16:13:26 -07:00
c6e3e34ff7
Remove unused macro
2018-10-08 09:35:37 -06:00
66420db07c
Initializing coverage for CRL APIs
2018-10-05 15:05:03 -06:00
bbdb17975c
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 15:47:50 -07:00
08654ce71d
Start hitting up the stubs, more to come
2018-10-03 17:01:12 -06:00
1f643800a6
Add more coverage cases to unit tests
2018-09-28 15:32:16 -06:00
d30c45a79c
Merge pull request #1637 from ghoso/openssl_compat201805
...
OpenSSL Compatibility APIs 2018/06
2018-09-26 14:54:14 -06:00
6e629a51f8
Added test case for scenario where error is pushed, cleared then try to get current. Without fix to clear `wc_current_node` in `wc_ClearErrorNodes` this causes access to invalid/free'd memory.
2018-09-26 08:16:58 -07:00
52b5fe569b
restore PR#1819 to pass Jenkins tests.
2018-09-25 18:04:27 +09:00
cfa99c567b
merge PR #1820 Porting aid
2018-09-25 15:39:56 +09:00
ca9f62713d
fix test_wolfSSL_CTX_load_verify_locations() build error
2018-09-25 15:39:56 +09:00
cf5377ec5b
Revert "fix api.c error code to fit into"
...
This reverts commit 9eddc2ed3598dbede3c6a3aa1e0b50e111369d63.
2018-09-25 15:39:56 +09:00
921992e689
fix api.c error code to fit into
2018-09-25 15:39:55 +09:00
c28e981b9b
avoid shadow
2018-09-25 15:39:55 +09:00
93e1221894
WOLFSSL_KEEP_STORE_CERTS for X509_STOREmake
2018-09-25 15:39:55 +09:00
9ea88b5181
wc_PKCS12_free, EVP_PKEY_free for PKCS12 in test_wolfSSL_OBJ
2018-09-25 15:39:55 +09:00
9ae3ccb3ba
OBJ_sn2nid with OPENSSL_EXTRA_X509_SMALL
2018-09-25 15:39:55 +09:00
094141b4ea
initiallizing asn1Name
2018-09-25 15:39:55 +09:00
7d2a03f8c9
OBJ_obj2nid memory leak
2018-09-25 15:39:55 +09:00
2669b80943
Fix crashed issue if you call X509_free() after X509_STOER_CTX_free()
2018-09-25 15:39:55 +09:00
5de7a34fd4
Add memory free to prevent from leaking
2018-09-25 15:39:55 +09:00
1c627430c7
increase wolfcrypt test program memory size along to WOLFSSL structure modificaiton.
...
rebase with master branch
2018-09-25 15:39:55 +09:00
1d1f4df8cb
Fix XBADFILE typo
2018-09-25 15:39:55 +09:00
7af43b6cf0
test_wolfSSL_OBJ with NO_DES3, NO_RSA
2018-09-25 15:39:55 +09:00
c673884cbb
#ifdef HAVE_ECC to OBJ_nid2obj, and its test in api.c
2018-09-25 15:39:55 +09:00
4d03b55fef
XBADFILE in bio.c
2018-09-25 15:39:55 +09:00
fd01659baa
Obj_obj2nid
2018-09-25 15:39:55 +09:00
3f993c280c
Change buffer variable name for preventing from conflict with debug option.
2018-09-25 15:39:54 +09:00
3f82fb62a0
SSL_get_peer_cert_chain() count value check in api.c
2018-09-25 15:39:54 +09:00
1e87eae3b7
i2d_RSAPublicKey(rsa, NULL)
2018-09-25 15:39:54 +09:00
e6612b34f7
use XFILE, BADFILE, XFxxxx
2018-09-25 15:39:54 +09:00
3bf776baf4
wolfSSL_ASN1_TIME_get_data() changed
2018-09-25 15:39:54 +09:00
29d3303995
Add tests for d2i_PKCS12_fp,i2d_RSAPublicKey,RSA_verify and X509_print
2018-09-25 15:39:54 +09:00
b588e6ab29
ERR_peek_last_error() and SSL_get_SSL_CTX reference error on opensslextra.
...
Implemented wolfSSL_X509_get_version().
2018-09-25 15:39:54 +09:00
e79cdefcde
X509_NAME_ENTRY_get_object
2018-09-25 15:39:54 +09:00
2922a93bf7
PEM_read_X509_CRL
2018-09-25 15:39:54 +09:00
050fa2f8f8
wolfSSL_X509_CA_num()
2018-09-25 15:39:54 +09:00
aaa26f3f41
wolfSSL_ASN1_TIME_get_data()
2018-09-25 15:39:54 +09:00
a002a6715f
wolfSSL_ASN1_TIME_get_length()
2018-09-25 15:39:54 +09:00
2e88151cfd
crypto only sha256 cryptodev
...
formating and refactoring
update configure for devcrypto
add AES algorithms to cyrptodev port
increase structure size for compatibility AES with cryptodev
add wc_devcrypto.h to install path
2018-09-19 10:41:29 -06:00
085daa78cd
Merge pull request #1833 from dgarske/norng_fixes
...
Fixes for building without RNG enabled
2018-09-18 14:52:21 -06:00
9e305a01b4
More fixes for building with `./configure --disable-rng`.
2018-09-18 11:17:39 -07:00
77cd361bca
Fixes for building with `WC_NO_RNG`.
2018-09-13 13:23:55 -07:00
e071f1ca7e
Merge pull request #1825 from SparkiDev/compat_apis_1
...
Add more compatability APIs.
2018-09-13 13:13:12 -07:00
8a6a9e7620
Merge pull request #1820 from kojo1/portingAid
...
Porting aid
2018-09-13 11:06:55 -06:00
0275366fb6
Fixes from code review
...
Document how length of ECDSA signature calculated.
Check parameter not NULL before use.
Formatting fix.
Also, disable RSA test of EVP_DigestSign/Verify* when HAVE_USER_RSA.
2018-09-13 08:47:09 +10:00
324235f698
Merge pull request #1823 from dgarske/cert_ext_only
...
Fix for build with cert extensions and openssl extra only
2018-09-12 13:03:37 -07:00
df20daa1ae
Support RSA and ECC in wolfSSL_DigestSign/Verify*
2018-09-12 16:31:39 +10:00
7ddc756d15
eliminate double semi-colon
2018-09-12 10:13:30 +09:00
330a7048c7
Add more compatability APIs.
...
d2i_ECDSA_SIG, i2d_ECDSA_SIG, EVP_DigestVerifyInit,
EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_PKEY_id,
PEM_read_bio_PUBKEY
2018-09-11 09:28:03 +10:00
238f45d89d
Fix for build with `./configure --enable-certext --enable-opensslextra`.
2018-09-10 08:22:17 -07:00
f48e2067ae
Added new API `wolfSSL_CTX_load_verify_chain_buffer_format` for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID.
2018-09-10 08:15:17 -07:00
f8ac5b5f71
Merge pull request #1819 from dgarske/fix_load_loc
...
Fix for load location test to handle multiple failure codes
2018-09-10 08:36:19 +10:00
0d44252608
error pass though build flag WOLFSSL_PASSTHRU_ERR
2018-09-08 10:19:31 +09:00
902008f5ea
refer unit_PassThrough flag at least once
2018-09-08 09:17:52 +09:00
412eecd51a
Add wc_SetIssuerRaw and EncodeCert with raw fields ( #1798 )
...
* Make cert with raw issuer
* Add wc_SetIssuerRaw
* Use issuer raw in EncodeCert
2018-09-07 16:22:23 -07:00
575382e5a9
Fix for load location test to handle multiple failure codes (failure may return ProcessFile error code or WOLFSSL_FAILURE). Moved expired certs and setup load location test for expired certs.
2018-09-07 15:30:30 -07:00
e677c32714
test file access functions
2018-09-08 07:27:33 +09:00
27555d6eb7
Fix old-style function definitions
2018-09-07 09:13:20 +02:00
ae3d8d3779
* Fixed `wolfSSL_CTX_load_verify_locations` to continue loading if there is an error (ZD 4265).
...
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
2018-09-06 12:51:22 -07:00
17a70aee1b
Added test and minor fixes for CheckCertSignature
2018-09-03 10:50:47 +10:00
7f324d2c3b
Merge pull request #1781 from JacobBarthelmeh/Compatibility-Layer
...
fix for IV of DES_ncbc function
2018-08-24 10:16:21 -07:00
f23eb37ade
fix for IV of DES_ncbc function
2018-08-23 09:03:09 -06:00
d0d28c82cd
Added new PKCS7 ex API's for supporting signing and validation of large data blobs. New API's are `wc_PKCS7_EncodeSignedData_ex` and `wc_PKCS7_VerifySignedData_ex`. Includes header docx and unit tests for new API's. Cleanup for the PKCS7 small stack and const oid's.
2018-08-22 15:46:37 -07:00
08c2d94011
return value check of XFSEEK
2018-08-22 10:46:46 +09:00
b12386fbb1
Fixes for building with TLS v1.3 only (`./configure --disable-tlsv12 --enable-tls13 --disable-aescbc --enable-ed25519 --enable-curve25519`)
2018-08-20 15:49:03 -07:00
0f539616be
Merge pull request #1766 from JacobBarthelmeh/UnitTests
...
cleanup with test cases and access to FP_MAX_BITS
2018-08-20 09:19:14 -07:00
555714afa3
Merge pull request #1764 from SparkiDev/tls13_psk_cb
...
Separate PSK callback for TLS 1.3
2018-08-20 09:17:01 -07:00
cc10c971cd
make sure that even if wolfSSL_Init has been called multiple times that wolfSSL_Cleanup gets called in tests
2018-08-17 11:04:21 -06:00
f1222c3f9f
Separate PSK callback for TLS 1.3
...
It is highly recommended that the PSK be different for each protocol.
Example callback already returns a different key for TLS 1.3.
New callback includes the ciphersuite, as a string, to use with the key.
2018-08-17 10:18:28 +10:00
f487b0d96a
Config option to disable AES-CBC
...
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
2018-08-16 08:25:13 +10:00
2420af3cf2
Merge pull request #1758 from dgarske/certext
...
Fix for building certext without certgen
2018-08-14 17:00:51 -05:00
d1e13a973c
Fix for building `WOLFSSL_CERT_EXT` without `WOLFSSL_CERT_GEN` due to missing `CTC_MAX_EKU_OID_SZ`. Change to allow --enable-certext without certgen.
2018-08-14 15:00:56 -06:00
c073aee87c
Added new ECC export API's to support export as hex string. New API's are `wc_ecc_export_ex` and `wc_ecc_export_int`. For hex string use `ECC_TYPE_HEX_STR` as `encType` arg. Refactor to reduce duplicate code. Build fixes for `NO_ECC_KEY_EXPORT`.
2018-08-14 12:05:22 -06:00
d4f908c372
Merge pull request #1728 from JacobBarthelmeh/HardwareAcc
...
Add build for AF_ALG
2018-08-13 16:27:51 -07:00
bb574d28b2
Support for more cert subject OIDs and raw subject access ( #1734 )
...
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
2018-08-12 12:53:29 -07:00
a43d4d16ba
Merge pull request #1719 from MJSPollard/OpenSSLAllFix
...
Added boost define and openssl bug fix with WOLFSSL_KEY_GEN
2018-08-02 15:20:27 -07:00
cb756397b3
inital AES-CBC with af_alg
...
progress on AES-GCM with AF_ALG and add SHA256
add aes-gcm test cases and finish logic of aes-gcm with AF_ALG
formating of tabs and white space
add files to dist
adding ecb and ctr mode with af_alg
make length of buffers for ctr be AES_BLOCK_SIZE
formating and add support for sha256 copy/gethash
sanity checks on arguments
cast return values and valgrind tests
make it easier to use sha256 with af_alg
remove hard tabs
add endif for after rebase
2018-08-01 08:54:20 -06:00
4eff7b641b
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-30 13:53:54 -07:00
6ed6876b1f
Enhanced the `--enable-memtrack` option to keep list of pointers allocated and reports leaked memory at end. Cleanup of the wolfCrypt_Init and wolfCrypt_Cleanup calls in unit.test and SrpTest memory tracking feature.
2018-07-30 13:53:54 -07:00
2c3475c1d6
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-30 13:53:35 -07:00
62cb69ded6
Merge pull request #1724 from dgarske/pemtoder
...
Added API's to expose alloc/free of DerBuffer and new unit tests
2018-07-30 13:50:19 -07:00
335f467b8c
Merge pull request #1714 from dgarske/pic32hashleak
...
Fixes for PIC32MZ hash memory leak
2018-07-30 13:48:59 -07:00
309d7a9d0d
Added API's to expose alloc/free of DerBuffer using `wc_AllocDer` and `wc_FreeDer`. Added unit tests for new API's and missing ones for `wc_PemToDer` and `wc_CertPemToDer`. ZD 4185.
2018-07-30 11:19:59 -07:00
543cac65d8
Added boost define and openssl bug fix with WOLFSSL_KEY_GEN
2018-07-27 12:42:09 -06:00
efbabbfb29
Further improvements to hashing code to make sure wc_*Free is always called including wc_HashFree. Added new defines to disable PIC32MZ hardware features using `NO_PIC32MZ_HASH`, `NO_PIC32MZ_RNG` and `NO_PIC32MZ_CRYPT`.
2018-07-26 14:41:30 -07:00
84c1b633fb
Merge pull request #1713 from JacobBarthelmeh/UnitTests
...
fix buffer types for ARC4 test
2018-07-25 14:17:10 -07:00
92cb8f06ea
Fixes to make sure hash free is always called (resolves memory leaks with PIC32MZ hashing hardware). Only print Alloc/Free messages with track memory when `WOLFSSL_DEBUG_MEMORY_PRINT` is defined. Added test for ForceZero with 0 length.
2018-07-25 11:22:03 -07:00
003b7b28f4
fix buffer types for ARC4 test
2018-07-24 17:37:39 -06:00
e618f34c2f
Merge pull request #1707 from kaleb-himes/ARM_GCC_EX_FIXES
...
Fixes for building without DRBG and ForceZero test
2018-07-23 16:14:43 -07:00
ab3ffaa26a
Merge pull request #1706 from SparkiDev/sha384_not_sha512
...
Allow SHA384 to be compiled in without SHA512
2018-07-23 09:47:49 -07:00
887e3deee8
Move ForceZero test to api.c and turn on tests when inline disabled
2018-07-20 13:30:06 -06:00
9433fcb820
Allow SHA384 to be compiled in without SHA512
2018-07-20 09:42:01 +10:00
db8939c578
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into wolfASIO
2018-07-18 11:10:35 -06:00
436e774729
Merge pull request #1685 from SparkiDev/dh_max
...
Add support for maximum DH key size
2018-07-18 09:33:43 -07:00
1337f7ddec
Merge pull request #1674 from dgarske/derchainsz
...
Fix for max cert chain size calculation
2018-07-13 13:53:35 -07:00
0a19dc0940
Don't run new cert chain test if RSA is disabled (test chain contains RSA certs).
2018-07-13 11:41:06 -07:00
9bc0e0c4fc
Static analysis fixes ( #1658 )
...
* Static analysis fixes
* Fixes for zd4071, zd4074, zd4093-zd4094, zd4096, zd4097-zd4104.
* Add test cases.
2018-07-13 09:02:09 -07:00
ffc6cf4eb8
Add support for maximum DH key size
2018-07-13 17:36:42 +10:00
0ce6cbd4c4
Added API unit test for `wolfSSL_CTX_use_certificate_chain_file_format`.
2018-07-12 13:22:21 -07:00
d8dff3e4de
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into wolfASIO
2018-07-12 11:57:34 -06:00
58478c50af
check that fp max bits is large enough before test
2018-07-10 15:09:47 -06:00
3fc7424e03
implemented requested changes
2018-07-10 11:52:41 -06:00
ac0b31dee8
refactored and added defines for wolfSSL/Asio Compat
2018-07-03 11:07:15 -06:00
2bd4fb110c
Fix additional cases for use of unititlized PKCS isDynmaic in unit test.
2018-07-02 10:24:41 -07:00
e319987579
Added wolfSSl compatability for Asio C++ library
2018-07-02 10:48:02 -06:00
fb3d3dce0e
Fix for use of unititlized `PKCS7.isDynamic` case in unit test. Added return code checks for `wc_PKCS7_Init`.
2018-07-02 09:38:14 -07:00
07401d909c
Added support for dynamic allocation of PKCS7 structure using `wc_PKCS7_New` and `wc_PKCS7_Free`. Updated the test examples to use the dynamic method. Add API unit test for `wc_PKCS7_New`.
2018-06-29 15:04:28 -07:00
5d767aa004
Merge pull request #1641 from ejohnstown/rename-inline
...
Rename INLINE
2018-06-27 09:34:41 -07:00
586874b997
Rename INLINE
...
1. Renamed the macro INLINE as WC_INLINE.
2. For FIPS and the "selftest" build, define INLINE as WC_INLINE. Allows the FIPS code to work unchanged.
2018-06-26 15:17:46 -07:00
d9b5948947
Merge pull request #1605 from dgarske/asyncfsanitize
...
Fixes for async to resolve runtime fsanitize issues
2018-06-26 14:27:07 -07:00
e6c7952f50
Merge master into fipsv2. Resolved a conflict in api.c.
2018-06-22 09:52:26 -07:00
522f365279
Fix one more issue with PKCS7 and async, which is not supported.
2018-06-22 09:30:25 -07:00
a1295b3148
memory management with test cases
2018-06-15 15:43:42 -06:00
0d0aa74444
Merge pull request #1623 from dgarske/fix_atecc508a
...
Fixes for build with `WOLFSSL_ATECC508A` defined
2018-06-15 11:06:33 -07:00
c03c10e1d4
move location of wolfSSL_d2i_RSA_PublicKey to fix x509 small build
2018-06-14 14:38:15 -06:00
5b2bb44bc8
Fixes for build with `WOLFSSL_ATECC508A` defined.
2018-06-13 20:10:01 -07:00
a03c15e598
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
2018-06-13 11:42:16 +10:00
dac5f84f61
Fix build error with missing `bio`. Fix for `pkey` not being reset to NULL for `d2i_PrivateKey` failure case test.
2018-06-12 09:38:18 -07:00
292e9535ae
Fix for `wolfSSL_ERR_clear_error` to call `wc_ClearErrorNodes` when its available (mismatched macros), which was incorrectly causing `test_wolfSSL_ERR_put_error` to fail. Added `test_wolfSSL_PEM_PrivateKey` test for ECC based key. Refactored the RNG test to only run the reseed test if `TEST_RESEED_INTERVAL` is defined. This is the test that was causing the tests/api.c to take so long to complete. Will add this macro to the enable options test.
2018-06-12 09:38:18 -07:00
9cbd2b00d4
Added test for `PEM_read_bio_PrivateKey` using BIO loaded using `BIO_new_mem_buf`.
2018-06-12 09:38:18 -07:00
e1890a4b0e
Added some bad argument checks on compatibility functions `BIO_new_mem_buf` and `PEM_read_bio_PrivateKey`.
2018-06-12 09:38:18 -07:00
ad0a10441d
Fixes for building with openssl compatibility enabled and no TLS client/server.
...
Resolves issues building with:
`./configure --enable-opensslextra --disable-rsa --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`
`./configure --enable-opensslextra --disable-ecc --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`
Ticket 3872
2018-06-12 09:38:18 -07:00
df6fe0b07c
FIPS Revalidation (acceptance fixes)
...
1. Update the fips-check script to pull the FIPSv2 code from the main repositories.
2. Script cleanup.
3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
2018-06-08 10:36:28 -07:00
234228e5af
FIPS Revalidation (acceptance fixes)
...
1. Fixed some whitespace in api.c.
2018-06-06 17:50:55 -07:00
7e9a32fffd
FIPS Revalidation
...
Merge branch 'master' into fipsv2. Using a merge instead of a rebase to retain commit IDs and tags.
2018-06-06 12:43:15 -07:00
c43a84547a
Merge pull request #1572 from dgarske/cryptodev
...
Added crypto device framework
2018-05-31 10:28:58 -07:00
5849e9f1a1
update macro name in test case
2018-05-30 17:42:07 -06:00
999663fae1
Merge pull request #1498 from JacobBarthelmeh/Certs
...
update before/after dates with certificates
2018-05-30 10:09:49 -07:00
8cd357aa3a
d2i_PKCS12_fp
2018-05-30 12:10:41 +09:00
c715bb5ade
X509_check_ca
2018-05-30 12:08:27 +09:00
3f6b7c8833
Merge with openSSL-Compat-CRL-STORE on kojo1/wolfssl
2018-05-30 12:08:27 +09:00
0fb446ad36
i2c_ASN1_INTEGER
2018-05-30 12:03:58 +09:00
d7e4bbf1cf
ASN1_STRING_print_ex
2018-05-30 11:56:43 +09:00
5c11e1440f
ASN1_TIME_to_generalizedtime
2018-05-30 11:56:43 +09:00
5ff460bb7f
OPENSSL_add_all_algorightms_noconf
2018-05-30 11:53:18 +09:00
005284a127
ASN1_GENERALIZEDTIME_free
2018-05-30 11:53:17 +09:00
24ff55b085
RAND_poll
2018-05-30 11:53:17 +09:00
2cf853d1f1
Merge pull request #1582 from SparkiDev/tls13_only
...
Allow TLS 1.2 to be compiled out.
2018-05-29 13:26:54 -07:00
16738f1449
Merge pull request #1569 from kojo1/openSSL-Compat-CRL-STORE
...
openSSL compatibility APIs: X509_CRL, STORE
2018-05-29 09:47:22 -06:00
3939eadf9c
get derLen by RsaPublicKeyDerSize
2018-05-26 10:55:17 +09:00
af471a360d
Merge pull request #1574 from cariepointer/test/wolfcrypt
...
Add unit test for wc_SignatureGetSize
2018-05-25 11:29:58 -06:00
12dc346058
Change return value to 0 for null key when HAVE_USER_RSA is defined
2018-05-25 09:25:25 -06:00
ba8e441e53
Allow TLS 1.2 to be compiled out.
2018-05-25 11:00:00 +10:00
65014248f9
Fix typos, update ret for if HAVE_USER_RSA defined
2018-05-24 16:32:27 -06:00
005a0d4dff
Define devId if RSA is enabled
2018-05-23 20:17:11 -06:00
d38a0039ed
Merge pull request #1549 from JacobBarthelmeh/Cert-Report1
...
fix for relative URI detection
2018-05-23 17:05:35 -07:00
4eeb9c8c56
Merge branch 'master' into test/wolfcrypt
2018-05-23 16:35:10 -06:00
72d168028e
Fixes to better handle PKCS7 error cases.
2018-05-23 15:29:33 -07:00
9a75e5cf68
Fixes in PKCS7 for handling hardware based devId and no private key. Fix to handle scenario where `kari->decoded` is allocated, but not initalized (was causing use of unitliaized in `FreeDecodedCert`). Fix to handle hardware base RSA key size.
2018-05-23 14:48:10 -07:00
555efe0345
Merge pull request #1577 from TimParrish/firstUnitTest
...
First unit test
2018-05-23 15:24:56 -06:00
a18f220a5a
Remove trailing whitespaces
2018-05-23 14:39:36 -06:00
8bd41629ae
Split wc_SignatureGetSize test into wc_SignatureGetSize_ecc and wc_SignatureGetSize_rsa tests
2018-05-23 14:26:35 -06:00
4fd85853c5
I think I now understand the trailing white space...
2018-05-23 11:57:12 -06:00
124f45d449
re-upload
2018-05-22 17:45:04 -06:00
83e67a4197
additional changes made
2018-05-22 17:25:22 -06:00
58ac951471
Changes made- Thank you
2018-05-22 16:00:40 -06:00
b308fa9a39
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into firstUnitTest
2018-05-22 13:26:45 -06:00
6321008ef4
Modify wc_SignatureGetSize test for ECC and RSA specific API
2018-05-22 13:24:36 -06:00
d6809c029d
First unit test
2018-05-22 13:21:37 -06:00
f2ce8dcbca
Added unit test for Blake2
2018-05-22 10:47:44 -06:00
df24bc6096
Update unit test
2018-05-22 09:22:01 -06:00
6cc84d2301
Add initial test_wc_SignatureGetSize() method
2018-05-21 17:11:21 -06:00
be9ae9a3c4
Merge pull request #1570 from MJSPollard/MikePollardBranch
...
added Poly1305SetKey Unit Test
2018-05-21 16:35:15 -06:00
2021bcb188
Merge pull request #1560 from dgarske/ciphernamecleanup
...
Refactor of the cipher suite names to use single array
2018-05-21 14:24:53 -06:00
2b49f69f1b
updated unit test
2018-05-21 12:44:59 -06:00
f214dbc3dd
Removed unneeded call on test_wc_curve25519_init
2018-05-21 11:50:52 -06:00
8197d9ec36
Added unit-test for wc_curve25519_init and wc_curve25519_free in tests/api.c
2018-05-21 10:59:02 -06:00
f447fe22b0
added Poly1305SetKey Unit Test
2018-05-21 10:55:56 -06:00
874022d938
fix #if conditions and others
2018-05-20 13:55:47 +09:00
153bcb5297
d2i_X509_fp
2018-05-20 13:55:47 +09:00
460becf739
SHA256, SHA384, SHA512
2018-05-20 13:55:47 +09:00
c275dfc5ab
X509_STORE_add_crl
2018-05-20 13:55:46 +09:00
4efe8740ad
Eliminate d2i_RSAPublicKey test when HAVE_FAST_RSA is enabled
2018-05-20 13:55:46 +09:00
03d68812a9
Fix #if condition for test
2018-05-20 13:55:45 +09:00
ad71f44f3c
suppress i2d_RSAPublicKey with HAVE_FAST_RSA
2018-05-20 13:55:45 +09:00
5d4c0c582e
skip d2i_X509_CRL_fp test. Done locally.
2018-05-20 13:55:44 +09:00
03846b2d2d
d2i_RSAPublicKey, d2i_X509_CRL, d2i_X509_CRL_fp, X509_CRL_free, PEM_read_X509_CRL
2018-05-20 13:55:43 +09:00
dd0489db8c
1. Added the pair-wise consistency test to the RSA Key Gen.
...
2. Modified an RSA key size test case so it didn't try to make a key that was too big.
2018-05-17 17:41:34 -07:00
b973d6e8b1
Fix to handle `NO_ERROR_STRINGS` case in unit test. The IANA names are disabled when `NO_ERROR_STRINGS` is defined.
2018-05-17 10:24:02 -07:00
8163225180
Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes.
2018-05-16 15:29:27 -07:00
3685b7b176
Test Fixes
...
1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled.
2. Fix a couple function name changes in the example server.
3. Removed the old FIPS wrapping added to dh.h, was redundant.
4. Move include of random.h in the aes.h file.
5. Fix where ecc.c was being left out of old FIPS builds.
6. Exclude the AES-GCM internal IV test case when building without the RNG.
7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
2018-05-16 15:47:12 -04:00
f6fe3744a7
FIPS Update
...
1. Moved the rest of the FIPS algorithms to FIPSv2.
2. Updated the fips-check and autogen scripts.
3. Updated the automake include for the crypto files.
4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer.
5. Added error code for the SHA-3 KAT.
6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-05-16 15:47:12 -04:00
a6ad6b94d1
account for IGNORE_NAME_CONSTRAINTS when testing the parsing of a relative URI
2018-05-14 16:03:51 -06:00
63a0e872c5
add test for fail case when parsing relative URI path
2018-05-14 14:27:02 -06:00
bb979980ca
add test case for parsing URI from certificate
2018-05-08 16:24:41 -06:00
107290b552
Merge pull request #1515 from dgarske/buildfixes
...
Fixes for various build configurations
2018-04-25 10:23:27 -07:00
5c61810d4d
Merge pull request #1497 from SparkiDev/tls13_draft28
...
Tls13 draft28
2018-04-25 10:17:37 -07:00
3c684886ad
Fixes to resolve building `--enable-tls13 --disable-ecc --enable-curve25519 --enable-ed25519`.
2018-04-25 07:54:53 -07:00
1ddccf63dc
Merge pull request #1496 from JacobBarthelmeh/Compatibility-Layer
...
Compatibility layer
2018-04-24 13:33:33 -07:00
94157634e1
TLS 1.3 fixes/improvements
...
Support Draft 28: able to compile code to return BAD_BINDER if no PSKs
match and certificates not to be used.
Change key share implementation to use server preference - server now
checks each client key share's group is in supported_groups extension.
Client and server examples modified to support server preference.
Application can set client's and server's supported groups by rank.
Server's supported groups is sent back in encrypted_extensions if
preferred group is not in client's list - able to be turned off at
compile time.
Application can query server's preferred group from client.
Able to compile using 0x0304 as version instead of draft version.
Fix state machine in TLS 1.3 to support unexpected hello_retry_request.
Also fixes non-blocking.
Fix resumption to use the named group from session.
Fix named group in session structure to be a 2-byte field.
Better detection of errors in message flow.
Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things.
Not downgrading on client fixed.
Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite.
Get downgrading from TLS 1.3 and resumption working.
Change earlyData value to an enum.
Support no extensions data (as opposed to zero length extension data) in
TLS 1.3 ClientHello.
Check PSK cipher suite is available to both client and server before
using.
Check first PSK identity chosen when server says it is using early data
at client.
Check PSK extension is last in client_hello on server.
Check the PSK cipher suite to use is supported on client.
Check the returned cipher suite for pre-shared keys is the same as
client expects.
Send alert decrypt_error when verification fails in certificate_verify
or finished message doesn't match calculated value.
Fail when certificate messages recieved in handshake when using PSK.
Validate on the server that EndOfEarlyData message has been recieved
before finished message when server sent EarlyData extension.
2018-04-20 09:44:02 +10:00
bf950198f2
api.c: option conditions
2018-04-18 13:02:40 +09:00
56af3a5b36
add HMAC SHA2
2018-04-18 08:47:39 +09:00
09706a4ed2
Merge pull request #1488 from SparkiDev/tls13_perf
...
Changes for interop and performance
2018-04-16 09:16:13 -07:00
e895bacbba
update before/after dates with certificates
2018-04-13 09:31:32 -06:00
f9eda5d790
free test certificate after use
2018-04-13 09:16:22 -06:00
a0d8327320
Coverity fixes 2 ( #1493 )
...
* Coverity fixes for wolfcrypt folder
* Fixes for remaining issues
* Fixes for test files
2018-04-13 05:35:18 -07:00
0b47811c46
Changes for interop and performance
...
Changes made to test.h to allow interop of PSK with OpenSSL.
Changes to allow server to pre-generate key share and perform other
operations at later time.
Fix ChaCha20 code header to have bigger state to support assembly code
for AVX1.
Fix Curve25519 code to use define instead.
Change Curve25519 to memset all object data on init.
Change Poly1305 to put both sizes into one buffer to avoid a second call
to wc_Poly1305Update().
Added WOLFSSL_START and WOLFSSL_END API and calls to show time of
protocol message function enter and leave to analyse performance
differences.
Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-13 12:01:20 +10:00
cfaed48f90
adjust GetInt call with ASN1 integer to big number
2018-04-12 14:40:20 -06:00
df06707496
Handle larger values with ASN1 INTEGER structure
2018-04-12 14:07:29 -06:00
ce6728951f
Added a new `--enable-opensslall` option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build.
2018-04-11 13:54:07 -07:00
a38576146e
* Added support for disabling PEM to DER functionality using `WOLFSSL_PEM_TO_DER`. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests.
...
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
2018-04-09 13:28:15 -07:00
6de8348918
Fixes for various build configurations. Added `--enable-enckeys` option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN `CryptKey` function to wc_encrypt.c as `wc_CryptKey`. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-04-09 13:28:15 -07:00
c83e63853d
Refactor unqiue hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). Refactor the Sha3 types to use wc_ naming.
2018-04-09 13:28:15 -07:00
21833e245f
Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. Resolves issue with using `./configure --disable-ecc --enable-curve25519 --enable-ed25519 --enable-tls13`. Refactor `TLSX_KeyShare_GenEccKey` to support either ECC or CURVE25519. Fix for `PemToDer` to handle ED25519 without ECC enabled.
2018-04-09 10:10:08 -07:00
c288d0815d
Added support for building and using PKCS7 without RSA (assuming ECC is enabled).
2018-04-03 09:26:57 -07:00
1cd6075b9d
Nightly build fix.
2018-03-27 16:54:14 -06:00
c08f5b86cf
Merge pull request #1444 from jrblixt/unitTest_api_addPkcs-PR03162018
...
Unit test functions for PKCS#7.
2018-03-23 10:00:33 -06:00
316a2b9fb4
Review changes: Chris.
2018-03-22 15:35:25 -06:00
Jacob Barthelmeh
toddouska
Eric Blankenhorn
Carie Pointer
Tesfa Mael
Chris Conlon
Sean Parkinson
Juliusz Sosinowicz
David Garske
kaleb-himes
John Safranek
Hideki Miyazaki
Takashi Kojo
Go Hosohara
Daniele Lacamera
MJSPollard
cariepointer
Tim
Quinn Miller
Aaron Jense
jrblixt