aa6ca43e91
api.c: skip test_wolfSSL_EVP_PBE_scrypt() when FIPS 140-3 (test uses impermissibly short HMAC key).
2021-10-26 20:24:27 -05:00
f1c1f76851
ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg.
2021-10-26 20:24:27 -05:00
a935f2f86d
FIPS CAST Update
...
1. In the unit test, when checking the build options, also check for
FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
getting called, so the FIPS flags didn't get checked. (It was using
wc_InitSha_ex() which bypasses the FIPS checks.)
2021-10-26 20:24:24 -05:00
4825534062
Merge pull request #4500 from cconlon/errorQueueFix
...
fix wc_ERR_print_errors_fp() unit test with NO_ERROR_QUEUE
2021-10-27 05:56:32 +07:00
9c665d7282
Merge pull request #4501 from embhorn/zd13114
...
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 10:47:59 -07:00
87baf7818e
Merge pull request #4505 from julek-wolfssl/fix-nids
...
Make NID's consistent v2
2021-10-26 10:29:42 -07:00
19feab7850
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 07:14:53 -05:00
48b304be00
Fix issues with `AIA_OCSP_OID` and `AIA_CA_ISSUER_OID`
2021-10-26 11:47:27 +02:00
348fec3d29
`wc_ClearErrorNodes` is a local API that is not exported for linking
2021-10-26 09:14:48 +02:00
57b9170ac0
Make NID's consistent
...
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-26 09:14:25 +02:00
08d9b145d9
ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist
...
Change SSL_FATAL_ERROR to WOLFSSL_FATAL_ERROR
2021-10-26 15:50:52 +10:00
a0c7c079b8
Revert "Make NID's consistent"
2021-10-25 21:57:28 -07:00
cdf72facbf
Merge pull request #4429 from julek-wolfssl/fix-nids
...
Make NID's consistent
2021-10-26 09:59:26 +10:00
6070981366
Merge pull request #4490 from dgarske/static_mem_unittest
...
Add CTX static memory API unit tests
2021-10-26 09:52:14 +10:00
eb0b6ca122
fix unit test for wc_ERR_print_errors_fp() when NO_ERROR_QUEUE is defined
2021-10-25 13:50:39 -06:00
402ee29163
fix nid2oid/oid2nid for oidCertAuthInfoType
2021-10-22 16:53:18 -06:00
d83d16af59
Merge pull request #4483 from julek-wolfssl/cov-reports
2021-10-22 13:07:57 -07:00
229f0d5fd1
Merge pull request #4485 from JacobBarthelmeh/certs
...
Improve permitted alternate name logic in certificate ASN handling
2021-10-22 11:59:16 -07:00
c027fffa92
Fix for CTX free heap hint issue. With openssl extra the `param` and `x509_store.lookup.dirs` are allocated at CTX init and if heap or static pool was used depends on `ctx->onHeapHint`. Added test case for this and inline code comment.
2021-10-22 11:58:02 -07:00
aad230a7e3
Restore a test case. Add a missing null-check.
2021-10-22 10:36:17 -07:00
4c0527490d
Fixes for API unit test with `WOLFSSL_NO_ASN_STRICT`. Fix spelling error.
2021-10-22 09:59:16 -07:00
0b6523d933
Rename pem_password_cb to wc_pem_password_cb.
...
Recently, we had a wolfEngine customer report a compilation error because
wolfSSL and OpenSSL both define the typedef pem_password_cb. The solution is to
namespace our typedef with the wc_ prefix. In order to not break existing code
that relies on wolfSSL providing pem_password_cb, if OPENSSL_COEXIST is not
defined, we define pem_password_cb as a macro that maps to wc_pem_password_cb.
2021-10-21 16:47:29 -07:00
b5f4a0c005
Improve API unit test to use `X509_NAME_get_sz` and make it widely available.
2021-10-21 16:42:19 -07:00
f17187aad9
Fixes for static memory testing. Fix clang memory sanitizer warnings.
2021-10-21 16:33:57 -07:00
785e37790a
Cleanup API test case debugging.
2021-10-21 12:35:06 -07:00
911d95e5e4
Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS.
2021-10-21 11:47:00 -07:00
79b738b5a6
commit-test and jenkins fixes
2021-10-21 14:29:28 +02:00
4268763adb
`wc_ClearErrorNodes` is a local API that is not exported for linking
2021-10-21 13:47:55 +02:00
20473ba563
Make NID's consistent
...
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-21 13:01:57 +02:00
12f86b020a
clean up test case memory and common name size
2021-10-20 17:13:34 -06:00
f57801c17b
more name constraint test cases and adjust DNS base name matching to not require .
2021-10-20 14:25:02 -06:00
6d2a5fab9b
Added test cases for `EVP_PKCS82PKEY` and `EVP_PKEY2PKCS8`.
2021-10-20 09:18:13 -07:00
e0e43b6a16
clean up test case
2021-10-19 23:12:07 -06:00
3b73c6e3ae
handle multiple permitted name constraints
2021-10-19 23:12:07 -06:00
afee92e0cf
bail out when a bad alt name is found in the list of alt names
2021-10-19 23:12:07 -06:00
de8798f4be
Fix API unit tests where DH 3072-bit is not enabled.
2021-10-19 17:04:18 -07:00
a03ed32380
Support for Android KeyStore compatibility API's:
...
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
2021-10-19 17:04:18 -07:00
f04380d624
Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode
...
scan-build LLVM-13 fixes and expanded coverage
2021-10-20 08:30:46 +10:00
41eecd37e5
Merge pull request #4471 from embhorn/zd11886
...
Fix build errors with NO_BIO config
2021-10-20 08:06:42 +10:00
c0b592ef82
Fix build error with WOLFSSL_USER_IO
2021-10-19 08:27:43 -05:00
e341291d99
scan-build LLVM-13 fixes: tests/api.c: fix -Wunused-but-set-variable for drive_len in test_wolfSSL_EVP_Cipher_extra() by removing the unused drive_len code.
2021-10-18 21:46:10 -05:00
816527e826
scan-build fixes: back out all "#ifndef __clang_analyzer__" wrappers added to suppress false and frivolous positives from alpha.deadcode.UnreachableCode, and rename new macro WC_UNUSED to WC_MAYBE_UNUSED to make its meaning more precisely apparent. build is still clean with -Wunreachable-code-break -Wunreachable-code-return under scan-build-13.
2021-10-18 21:46:09 -05:00
62822be6ce
scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all.
2021-10-18 21:46:09 -05:00
c07a7deec2
sanity check on q value with DSA sign
2021-10-18 10:17:49 -06:00
17e0249a26
Fixing NO_BIO and OPENSSL_ALL errrors
2021-10-14 16:03:52 -05:00
61bab6f68b
Fix test build errors with NO_BIO
2021-10-14 09:37:01 -05:00
63c9fa7a37
add check on bit length of q with DSA
2021-10-11 09:52:57 -06:00
a395305cab
Refactor API unit test named initializer code for `callback_functions`, to avoid older g++ build issues.
2021-10-08 14:04:21 -07:00
854512105f
Merge pull request #4314 from SparkiDev/libkcapi
...
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
2021-10-07 21:23:05 -07:00
e0abcca040
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
...
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
Daniel Pouzzner
John Safranek
JacobBarthelmeh
David Garske
Eric Blankenhorn
Juliusz Sosinowicz
Sean Parkinson
Chris Conlon
Hayden Roche