b4c6140b64
Merge pull request #4442 from julek-wolfssl/kerberos
...
Add Kerberos 5 support
2021-12-02 09:07:34 -08:00
5c172ca955
Merge pull request #4622 from douzzer/fix-wolfsentry-build
...
wolfsentry fixes re HAVE_EX_DATA and wolfsentry_sockaddr
2021-12-01 08:16:07 -08:00
d06ada2ccc
Merge pull request #4610 from julek-wolfssl/nginx-1.21.4
...
Add support for Nginx 1.21.4
2021-12-01 22:27:12 +10:00
aac1b406df
Add support for Nginx 1.21.4
...
- Add KEYGEN to Nginx config
- Check for name length in `wolfSSL_X509_get_subject_name`
- Refactor `wolfSSL_CONF_cmd`
- Implement `wolfSSL_CONF_cmd_value_type`
- Don't forecfully overwrite side
- `issuerName` should be `NULL` since the name is empty
2021-12-01 09:49:52 +01:00
3f65916f3a
HAVE_EX_DATA: fix wolfssl/ssl.h and tests/api.c to build -DHAVE_EX_DATA but -UOPENSSL_EXTRA.
2021-11-30 23:39:16 -06:00
b69a1c860c
Merge pull request #3996 from cconlon/pkcs7_detachedhash
...
adjust PKCS7_VerifySignedData to correctly verify precomputed content hash with detached signature
2021-11-30 12:46:46 -08:00
7524ededd3
Support for Custom OID in subject and CSR request extension:
...
* Adds new build option `WOLFSSL_CUSTOM_OID` for supplying a custom OID in a CSR
* Fixes in ASN template CSR generation.
* Fix to allow calling `wc_Ed25519PublicKeyToDer` and `wc_Ed448PublicKeyToDer` with NULL output buffer to get length only.
* Refactor of the certificate subject name encoding.
* Refactor of the OID's to consolidate.
* Improvements to the Domain Component API unit test.
ZD 12943
2021-11-23 09:51:13 -08:00
1d7b2de074
Code review changes
2021-11-22 11:48:31 +01:00
3da810cb1b
Implement OpenSSL API's
...
- `OBJ_DUP`
- `i2d_PKCS7`
- `BN_rshift1
- `BN_rshift` testing
- Add `--enable-krb`
2021-11-22 11:47:58 +01:00
e7c5f137be
Implement `BN_rand_range`
2021-11-22 11:45:27 +01:00
ccbe184434
Implement CTS
...
Ciphertext stealing on top of CBC is implemented with `wolfSSL_CRYPTO_cts128_encrypt` and `wolfSSL_CRYPTO_cts128_decrypt` APIs
2021-11-22 11:45:27 +01:00
fa662c2ab1
`AES_cbc_encrypt` `enc` parameter flipped. 1 = encrypt 0 = decrypt
...
This change makes the `enc` parameter of `AES_cbc_encrypt` consistent with OpenSSL. This commit flips the meaning of this parameter now.
2021-11-22 11:45:27 +01:00
c3500fa24e
Merge pull request #4581 from miyazakh/max_earlydata
...
add get_max_eraly_data
2021-11-19 09:42:01 -07:00
5a72fee3df
Disable algorithms: fixes
...
WOLFSSL_PUBLIC_MP and disable algorithms didn't work because of api.c.
- mp_cond_copy not available unless ECC compiled in
- wc_export_int not available unless ECC compiled in
Enabling only DH and using SP with SP Math didn't work as the DH
parameters were too small.
sp_cmp is needed when only DH.
mp_set_int is was not available in SP math when RSA is not defined.
mp_set is close enough for the use cases.
Configure with SP and SP math but not RSA, DH and ECC didn't configure -
now default to small maths.
2021-11-19 16:56:33 +10:00
2841b5c93b
Merge pull request #3010 from kaleb-himes/ZD10203
...
Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA
2021-11-18 14:47:25 -08:00
7da0d524ff
add get_max_eraly_data
...
support set/get_max_eraly_data compatibility layer
2021-11-18 09:07:32 +09:00
4800db1f9d
Enable max/min int test even when non 64bit platform
...
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-11-18 06:58:21 +09:00
361975abbc
Refactor sk_*_free functions
...
Use a single `wolfSSL_sk_pop_free` and `wolfSSL_sk_free` function that free's the stack and optionally free's the node content as well.
2021-11-12 13:55:37 +01:00
6547bcb44c
Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA
2021-11-11 17:47:17 -07:00
bd0f6736c5
Merge pull request #4513 from masap/wpa_sup_dpp
...
Fix X509_PUBKEY_set() to show correct algorithm and parameters
2021-11-09 10:26:59 -08:00
0b4f34d62a
typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C.
2021-11-08 17:35:05 -06:00
ee39fd079f
Fix X509_PUBKEY_set() to show correct algorithm and parameters
...
When build with OpenSSL, trailing program outputs these messages.
algorithm: id-ecPublicKey
parameters: prime256v1
But with wolfSSL, X509_PUBKEY_get0_param() fails.
This patch fixes wolfSSL to display the same values as OpenSSL.
This program was extracted from wpa_supplicant in order to reproduce the
issue.
----------------
int main(void)
{
EVP_PKEY *pkey;
X509_PUBKEY *pub = NULL;
ASN1_OBJECT *ppkalg, *poid;
const ASN1_OBJECT *pa_oid;
const uint8_t *pk;
int ppklen, ptype;
X509_ALGOR *pa;
void *pval;
char buf[100];
const uint8_t data[] = {
0x30, 0x39, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, 0x03, 0x33, 0x6d, 0xb4, 0xe9, 0xab,
0xf1, 0x1c, 0x96, 0x87, 0x5e, 0x02, 0xcc, 0x92, 0xaf, 0xf6, 0xe1, 0xed, 0x2b, 0xb2, 0xb7, 0xcc,
0x3f, 0xd2, 0xb5, 0x4e, 0x6f, 0x20, 0xc7, 0xea, 0x2f, 0x3f, 0x42
};
size_t data_len = sizeof(data);
const uint8_t *p;
int res;
p = data;
pkey = d2i_PUBKEY(NULL, &p, data_len);
if (!pkey) {
fprintf(stderr, "d2i_PUBKEY() failed\n");
return -1;
}
if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) {
fprintf(stderr, "invalid type\n");
EVP_PKEY_free(pkey);
return -1;
}
res = X509_PUBKEY_set(&pub, pkey);
if (res != 1) {
fprintf(stderr, "X509_PUBKEY_set() failed\n");
return -1;
}
res = X509_PUBKEY_get0_param(&ppkalg, &pk, &ppklen, &pa, pub);
if (res != 1) {
fprintf(stderr, "X509_PUBKEY_get0_param() failed\n");
return -1;
}
res = OBJ_obj2txt(buf, sizeof(buf), ppkalg, 0);
if (res < 0 || (size_t) res >= sizeof(buf)) {
fprintf(stderr, "OBJ_obj2txt() failed\n");
return -1;
}
fprintf(stdout, "algorithm: %s\n", buf);
X509_ALGOR_get0(&pa_oid, &ptype, (void *) &pval, pa);
if (ptype != V_ASN1_OBJECT) {
fprintf(stderr, "X509_ALGOR_get0() failed\n");
return -1;
}
poid = pval;
res = OBJ_obj2txt(buf, sizeof(buf), poid, 0);
if (res < 0 || (size_t) res >= sizeof(buf)) {
fprintf(stderr, "OBJ_obj2txt() failed\n");
return -1;
}
fprintf(stdout, "parameters: %s\n", buf);
X509_PUBKEY_free(pub);
EVP_PKEY_free(pkey);
return 0;
}
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-11-09 07:30:58 +09:00
478f57b347
Merge pull request #4535 from kareem-wolfssl/zd13165
...
Fix building with NO_ECC_KEY_EXPORT.
2021-11-08 11:11:53 -08:00
4fe17cc143
Merge pull request #4527 from julek-wolfssl/zd13097
...
Fix a heap buffer overflow with mismatched PEM structure ZD13097
2021-11-05 08:50:28 -07:00
ae84a2a326
Merge pull request #4293 from TakayukiMatsuo/set_min_proto
...
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
2021-11-04 14:59:34 -06:00
1faa9e66b6
Check `wolfSSL_BIO_read` return
2021-11-04 15:34:33 +01:00
60a86157c7
Fix building with NO_ECC_KEY_EXPORT.
2021-11-03 16:03:26 -07:00
23487a4532
Fix a heap buffer overflow with mismatched PEM structure ZD13097
2021-11-02 11:31:22 +01:00
6ba55edd50
fix async warnings
2021-10-29 14:37:39 -06:00
6b3ff9bae2
Merge pull request #4459 from julek-wolfssl/missing-ext
...
Add x509 name attributes and extensions to DER parsing and generation
2021-10-28 14:30:37 -07:00
6bb7e3900e
Merge pull request #4511 from JacobBarthelmeh/Testing
...
build fixes and PKCS7 BER encoding fix
2021-10-28 10:52:58 -07:00
8cba5dda17
Need to free x509 in tests
2021-10-28 14:50:53 +02:00
a738c16b2f
Can't have macros within macros
2021-10-28 14:50:53 +02:00
7d6f8ea255
Update wrong email in gen script
2021-10-28 14:50:53 +02:00
a6be157628
Gate new AKID functionality on `WOLFSSL_AKID_NAME`
2021-10-28 14:50:53 +02:00
d9af698aa4
Implement raw AKID with WOLFSSL_ASN_TEMPLATE
2021-10-28 14:50:53 +02:00
c162196b27
Add x509 name attributes and extensions to DER parsing and generation
...
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
2021-10-28 14:50:53 +02:00
c16f0db1b5
Fixes for handling `WC_PENDING_E` async responses in API unit test and examples. Resolves all issues with `--enable-all --enable-asynccrypt --with-intelqa=`.
2021-10-27 15:08:39 -07:00
00249b70ae
fix for build with WOLFSSL_SGX
2021-10-27 13:22:45 -06:00
75df6508e6
Add a read enable for private keys when in FIPS mode.
2021-10-26 20:24:29 -05:00
c2c2e5b4f5
tests/api.c: post_auth_version_cb(): add missing gating on !NO_ERROR_QUEUE for wolfSSL_ERR_get_error() test.
2021-10-26 20:24:28 -05:00
a5c03f65e3
tests/api.c: fix test_CryptoCb_Func() to not attempt signing op on ephemeral ECC keys.
2021-10-26 20:24:28 -05:00
aa6ca43e91
api.c: skip test_wolfSSL_EVP_PBE_scrypt() when FIPS 140-3 (test uses impermissibly short HMAC key).
2021-10-26 20:24:27 -05:00
f1c1f76851
ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg.
2021-10-26 20:24:27 -05:00
a935f2f86d
FIPS CAST Update
...
1. In the unit test, when checking the build options, also check for
FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
getting called, so the FIPS flags didn't get checked. (It was using
wc_InitSha_ex() which bypasses the FIPS checks.)
2021-10-26 20:24:24 -05:00
4825534062
Merge pull request #4500 from cconlon/errorQueueFix
...
fix wc_ERR_print_errors_fp() unit test with NO_ERROR_QUEUE
2021-10-27 05:56:32 +07:00
9c665d7282
Merge pull request #4501 from embhorn/zd13114
...
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 10:47:59 -07:00
87baf7818e
Merge pull request #4505 from julek-wolfssl/fix-nids
...
Make NID's consistent v2
2021-10-26 10:29:42 -07:00
19feab7850
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 07:14:53 -05:00
48b304be00
Fix issues with `AIA_OCSP_OID` and `AIA_CA_ISSUER_OID`
2021-10-26 11:47:27 +02:00
348fec3d29
`wc_ClearErrorNodes` is a local API that is not exported for linking
2021-10-26 09:14:48 +02:00
57b9170ac0
Make NID's consistent
...
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-26 09:14:25 +02:00
08d9b145d9
ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist
...
Change SSL_FATAL_ERROR to WOLFSSL_FATAL_ERROR
2021-10-26 15:50:52 +10:00
a0c7c079b8
Revert "Make NID's consistent"
2021-10-25 21:57:28 -07:00
cdf72facbf
Merge pull request #4429 from julek-wolfssl/fix-nids
...
Make NID's consistent
2021-10-26 09:59:26 +10:00
6070981366
Merge pull request #4490 from dgarske/static_mem_unittest
...
Add CTX static memory API unit tests
2021-10-26 09:52:14 +10:00
a8b6304e19
add unit test for wc_PKCS7_VerifySignedData_ex() with detached signature and content digest only
2021-10-25 15:52:19 -06:00
eb0b6ca122
fix unit test for wc_ERR_print_errors_fp() when NO_ERROR_QUEUE is defined
2021-10-25 13:50:39 -06:00
402ee29163
fix nid2oid/oid2nid for oidCertAuthInfoType
2021-10-22 16:53:18 -06:00
d83d16af59
Merge pull request #4483 from julek-wolfssl/cov-reports
2021-10-22 13:07:57 -07:00
229f0d5fd1
Merge pull request #4485 from JacobBarthelmeh/certs
...
Improve permitted alternate name logic in certificate ASN handling
2021-10-22 11:59:16 -07:00
c027fffa92
Fix for CTX free heap hint issue. With openssl extra the `param` and `x509_store.lookup.dirs` are allocated at CTX init and if heap or static pool was used depends on `ctx->onHeapHint`. Added test case for this and inline code comment.
2021-10-22 11:58:02 -07:00
aad230a7e3
Restore a test case. Add a missing null-check.
2021-10-22 10:36:17 -07:00
4c0527490d
Fixes for API unit test with `WOLFSSL_NO_ASN_STRICT`. Fix spelling error.
2021-10-22 09:59:16 -07:00
0b6523d933
Rename pem_password_cb to wc_pem_password_cb.
...
Recently, we had a wolfEngine customer report a compilation error because
wolfSSL and OpenSSL both define the typedef pem_password_cb. The solution is to
namespace our typedef with the wc_ prefix. In order to not break existing code
that relies on wolfSSL providing pem_password_cb, if OPENSSL_COEXIST is not
defined, we define pem_password_cb as a macro that maps to wc_pem_password_cb.
2021-10-21 16:47:29 -07:00
b5f4a0c005
Improve API unit test to use `X509_NAME_get_sz` and make it widely available.
2021-10-21 16:42:19 -07:00
f17187aad9
Fixes for static memory testing. Fix clang memory sanitizer warnings.
2021-10-21 16:33:57 -07:00
785e37790a
Cleanup API test case debugging.
2021-10-21 12:35:06 -07:00
911d95e5e4
Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS.
2021-10-21 11:47:00 -07:00
79b738b5a6
commit-test and jenkins fixes
2021-10-21 14:29:28 +02:00
4268763adb
`wc_ClearErrorNodes` is a local API that is not exported for linking
2021-10-21 13:47:55 +02:00
20473ba563
Make NID's consistent
...
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-21 13:01:57 +02:00
12f86b020a
clean up test case memory and common name size
2021-10-20 17:13:34 -06:00
f57801c17b
more name constraint test cases and adjust DNS base name matching to not require .
2021-10-20 14:25:02 -06:00
6d2a5fab9b
Added test cases for `EVP_PKCS82PKEY` and `EVP_PKEY2PKCS8`.
2021-10-20 09:18:13 -07:00
e0e43b6a16
clean up test case
2021-10-19 23:12:07 -06:00
3b73c6e3ae
handle multiple permitted name constraints
2021-10-19 23:12:07 -06:00
afee92e0cf
bail out when a bad alt name is found in the list of alt names
2021-10-19 23:12:07 -06:00
de8798f4be
Fix API unit tests where DH 3072-bit is not enabled.
2021-10-19 17:04:18 -07:00
a03ed32380
Support for Android KeyStore compatibility API's:
...
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
2021-10-19 17:04:18 -07:00
f04380d624
Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode
...
scan-build LLVM-13 fixes and expanded coverage
2021-10-20 08:30:46 +10:00
41eecd37e5
Merge pull request #4471 from embhorn/zd11886
...
Fix build errors with NO_BIO config
2021-10-20 08:06:42 +10:00
c0b592ef82
Fix build error with WOLFSSL_USER_IO
2021-10-19 08:27:43 -05:00
e341291d99
scan-build LLVM-13 fixes: tests/api.c: fix -Wunused-but-set-variable for drive_len in test_wolfSSL_EVP_Cipher_extra() by removing the unused drive_len code.
2021-10-18 21:46:10 -05:00
816527e826
scan-build fixes: back out all "#ifndef __clang_analyzer__" wrappers added to suppress false and frivolous positives from alpha.deadcode.UnreachableCode, and rename new macro WC_UNUSED to WC_MAYBE_UNUSED to make its meaning more precisely apparent. build is still clean with -Wunreachable-code-break -Wunreachable-code-return under scan-build-13.
2021-10-18 21:46:09 -05:00
62822be6ce
scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all.
2021-10-18 21:46:09 -05:00
c07a7deec2
sanity check on q value with DSA sign
2021-10-18 10:17:49 -06:00
17e0249a26
Fixing NO_BIO and OPENSSL_ALL errrors
2021-10-14 16:03:52 -05:00
61bab6f68b
Fix test build errors with NO_BIO
2021-10-14 09:37:01 -05:00
63c9fa7a37
add check on bit length of q with DSA
2021-10-11 09:52:57 -06:00
a395305cab
Refactor API unit test named initializer code for `callback_functions`, to avoid older g++ build issues.
2021-10-08 14:04:21 -07:00
854512105f
Merge pull request #4314 from SparkiDev/libkcapi
...
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
2021-10-07 21:23:05 -07:00
e0abcca040
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
...
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
dd6e4093b3
Merge pull request #4448 from JacobBarthelmeh/Compatibility-Layer
...
remove error queue from JNI build and set a default upper bound on it
2021-10-08 08:35:03 +10:00
9d2082f7e1
Fixes and improvements for crypto callbacks with TLS (mutual auth) ( #4437 )
...
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.
* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.
* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.
* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.
* Fix to use proper devId in `ProcessBufferTryDecode`.
* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.
* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.
* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
2021-10-07 11:12:06 +10:00
43ffe26133
Merge pull request #4430 from embhorn/zd12976
...
Add support for X9.42 header
2021-10-05 23:47:42 +07:00
b582e152ea
add test case max error queue size
2021-10-04 14:52:05 -06:00
1440b8966d
Add test for X9.42 parsing
2021-10-04 11:05:58 -05:00
774bc36603
Merge pull request #4061 from JacobBarthelmeh/sessionExport
2021-10-01 10:21:42 -07:00
98b1e93429
Merge pull request #4402 from JacobBarthelmeh/Compatibility-Layer
2021-09-30 15:53:58 -07:00
ed8b87306d
account for test case where psk and anon is off
2021-09-30 15:48:55 -06:00
cb4b57c5c7
add tls 1.3 test case
2021-09-30 10:08:47 -06:00
cf1ce3f073
Add get_default_cert_file/env() stubs, SSL_get/set_read_ahead(), SSL_SESSION_has_ticket/lifetime_hint() ( #4349 )
...
* add wolfSSL_X509_get_default_cert_file/file_env/dir/dir_env() stubs
* add SSL_get_read_ahead/SSL_set_read_ahead()
* add SSL_SESSION_has_ticket()
* add SSL_SESSION_get_ticket_lifetime_hint()
* address review feedback - comments, return values
* make SSL_get_read_ahead() arg const
* add unit tests for SESSION_has_ticket/get_ticket_lifetime_hint
* test for SESSION_TICKET_HINT_DEFAULT in api.c for wolfSSL_SESSION_get_ticket_lifetime_hint()
* fix variable shadow warning in api.c
2021-09-30 08:35:23 +10:00
95b9fae605
Add DIST_POINT compatibility functions ( #4351 )
...
* add DIST_POINT compatibility functions
* switch X509_LU_* from enum to define, prevent compiler type warnings
* refactoring, adding in comments, and formating
* refactoring and a memory leak fix
* cast return value for g++ warning
* refactor wolfSSL_sk_DIST_POINT_pop_free and remove NULL assign after free
* fix get next DIST_POINT node for free function
Co-authored-by: Jacob Barthelmeh <jacob@wolfssl.com>
2021-09-30 08:27:39 +10:00
707385724e
adjust macro guard around test cases
2021-09-29 13:28:20 -06:00
5f9f6fd9fa
add some test cases and use allocator
2021-09-29 12:02:26 -06:00
dd7b62d067
fix for use with idea enabled
2021-09-29 11:15:51 -06:00
ae47cb3bcd
update check on is TLS, update macro guard for test case
2021-09-28 16:57:30 -06:00
0e80923fb3
Unit tests for post-quantum groups.
...
Also, fixes for the things they caught such as:
- ssl->arrays->preMasterSecret is pre-allocated so copy into it instead of
moving ownership of buffer.
- server does not need to save the public key.
- in TLSX_KeyShare_Parse() don't call TLSX_KeyShare_Use() because its done in
TLSX_PopulateExtensions().
- in TLSX_KeyShare_Use(), the server generates the ciphertext while the client
generates the public key.
- in TLSX_PopulateExtensions(), prevent client from calling TLSX_KeyShare_Use()
because its already been done.
- Support longer curve/group names.
2021-09-28 17:16:44 -04:00
21181f2437
canned test was made without the wolfssl_idea enum on
2021-09-27 14:01:15 -06:00
8b456b90e0
add test case for tls export/import
2021-09-27 14:01:15 -06:00
2871fc670f
initial serialization of TLS session
2021-09-27 14:00:13 -06:00
3bdce348e9
Added `NID_pkcs9_contentType` and `ub_` to compatibility layer ( #4408 )
...
* Added `NID_pkcs9_contentType` and `ub_` values. ZD 11742
* Improve the API unit test. Also only include when `WOLFSSL_CERT_REQ` defined.
2021-09-27 08:21:53 +10:00
9e4ab9b638
Add BIO_up_ref(), PEM_read_DHparam(), EVP_MD_nid() ( #4348 )
...
* add BIO_up_ref
* add PEM_read_DHparams()
* add EVP_MD_nid()
* exclude PEM_read_DHparams when NO_FILESYSTEM defined
* review feedback: single threaded, indents, EVP_MD_nid
2021-09-27 08:20:37 +10:00
24e2eded1e
Add to the OpenSSL compatibility layer. ( #4404 )
...
- X509_get_extension_flags
- X509_get_key_usage
- X509_get_extended_key_usage
- ASN1_TIME_to_tm
- ASN1_TIME_diff
- PEM_read_X509_REQ
- ERR_load_ERR_strings
- BIO_ssl_shutdown
- BIO_get_ssl
- BIO_new_ssl_connect
- BIO_set_conn_hostname
2021-09-24 12:26:53 +10:00
33cb823148
Remove legacy NTRU and OQS ( #4418 )
...
* Remove NTRU and OQS
* Keep the DTLS serialization format backwards compatible.
* Remove n from mygetopt_long() call.
* Fix over-zealous deletion.
* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
e6e7795140
Make subj alt name order match openSSL ( #4406 )
2021-09-22 10:29:57 +10:00
df30a88dc6
Merge pull request #4414 from JacobBarthelmeh/devcrypto
...
update macro guard on SHA256 transform call
2021-09-21 10:03:51 -07:00
7ec7faddef
Merge pull request #4405 from anhu/truncating_last_char
...
Fix for `set1_curves_list` ignoring last character
2021-09-21 08:49:53 -07:00
ec21dd6d13
miscellaneous buildability fixes:
...
configure.ac: fix ed25519/sha512 dependency test to not misfire when ENABLED_32BIT;
wolfssl/wolfcrypt/curve{25519,448}.h: fix redundant typedefs of curve{25519,448}_key (fixes -Wpedantic warnings);
configure.ac: fix for "ISO C forbids an empty translation unit [-Werror=pedantic]", re wolfcrypt/src/sp_c{32,64}.c;
configure.ac: fixes for --enable-32bit versus pedantic "ISO C forbids an empty translation unit", including explicit exclusion of 32bit-incompatible algorithms from enable-all and enable-all-crypto sets;
tests/api.c: fixes for a couple inadequately gated SHA2 dependencies;
tests/api.c:test_wolfSSL_set_alpn_protos(): fix prototype missing (void);
wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h: fix ForceZero() definition and NO_INLINE prototype to not counterfactually constify the mem ptr, to avoid -Wmaybe-uninitialized from gcc11;
wolfcrypt/src/des3.c: drop obsolete register qualifier from declaration in DesSetKey(), for c++17 compatibility;
src/ssl.c:wolfSSL_BN_mod_word(): fix cast of arg2 to mp_mod_d().
2021-09-20 13:38:52 -05:00
1209908468
tests/api.c: fix key size in test_wc_ecc_shared_secret().
2021-09-20 10:27:13 -05:00
c733be728f
Trivial change to re-trigger jenkins.
2021-09-20 08:37:56 -04:00
9bd300e07d
AESNI in FIPS mode does not support zero length inputs ( #4411 )
...
* AESNI in FIPS mode does not support zero length inputs
* Update note to specifically note AESNI
2021-09-20 08:29:15 +10:00
f447e4c1fa
update macro guard on SHA256 transform call
2021-09-17 15:06:13 -07:00
79cc6be806
Make jenkins happy
2021-09-17 15:50:06 -04:00
f2bce42bbd
add function wolfSSL_CTX_get_max_proto_version and handling for edge cases
2021-09-16 01:01:38 -07:00
3503be2c13
Merge pull request #4362 from JacobBarthelmeh/wolfCLU
...
add wolfclu enable option and remove test macro guard
2021-09-15 13:57:50 -07:00
07656e371c
Parameter sanity check and a unit test.
2021-09-15 16:29:55 -04:00
4ad8b07c1c
`wolfSSL_PEM_write_bio_PUBKEY` needs to write only the public part ( #4354 )
...
* `wolfSSL_PEM_write_bio_PUBKEY` needs to write only the public part
The `wolfSSL_PEM_write_bio_PUBKEY` output can't contain the private portion of the key. This output could be used to distribute the public key and if it contains the private part then it gets leaked to others.
* Add heap hint to `wolfSSL_RSA_To_Der`
* Correct function name in logs
2021-09-15 17:34:43 +10:00
d9767207b7
call alpn selection call-back at server side only ( #4377 )
...
* call alpn selection call-back at server side only
* addressed review comment
* addressed jenkins failure
2021-09-15 10:02:18 +10:00
4d49ab6342
add store finished message on Tls13 ( #4381 )
...
* add to store finished message on Tls13
* addressed jenkins failure
* jenkins failures
sanity check for size before copying memory
* remove check of finishSz
* addressed review comments
2021-09-14 09:22:16 +10:00
649aa9c95f
Add error handling to wolfSSL_BIO_get_len ( #4385 )
2021-09-10 08:15:30 +10:00
51a2f9de17
return value convention on compatibility layer ( #4373 )
...
* return value convention
* addressed review comments
* addressed review comment part2
* fix jenkins failures
2021-09-07 08:15:08 +10:00
90116a2873
Add support for wolfSSL_EVP_PBE_scrypt ( #4345 )
2021-09-03 15:49:02 +10:00
a3ee84bf6d
Merge pull request #4355 from anhu/check_support_of_group
...
BUGFIX: Its possible to send a supported group that is not supported.
2021-09-02 20:03:32 -07:00
fd77cb8918
fix `wc_AesKeyWrap_ex` and `wc_AesKeyUnWrap_ex` bound checks ( #4369 )
...
RFC3394 in must be at least 2 64-bit blocks and output is one block longer.
On Unwrapping the input must then be a minimum of 3 64-bit blocks
2021-09-03 12:48:01 +10:00
c412d23b07
add wolfclu enable option
2021-09-02 16:46:38 -06:00
26c7592d4b
leantls only supports secp256r1.
2021-09-02 17:38:04 -04:00
56843fbefd
Add support for EVP_sha512_224/256 ( #4257 )
2021-09-02 14:05:07 +10:00
0d6d171fa4
BUGFIX; Its possible to sending a supported group that is not supported.
...
This change fixes that.
2021-09-01 10:54:52 -04:00
9b6cf56a6e
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer ( #4335 )
...
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.
* Fix for sniffer with TLS v1.3 session tickets.
* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).
* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.
* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.
* Fix for static ephemeral loading of file buffer.
* Added sniffer Curve25519 support and test case.
* Fix for sniffer to not use ECC for X25519 if both are set.
* Fix Curve448 public export when only private is set.
* Fix for `dh_generate_test` for small stack size.
* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.
* Fix invalid comment.
2021-09-01 09:28:24 +10:00
4645a6917c
Merge pull request #4168 from JacobBarthelmeh/wolfCLU
...
function additions and fixes for expansion of wolfCLU
2021-08-30 13:42:50 -07:00
85df95e10d
Merge pull request #4324 from miyazakh/maxfragment
...
add set_tlsext_max_fragment_length support
2021-08-30 10:21:59 -07:00
0488caed4c
Merge pull request #4346 from cconlon/verifyPostHandshake
...
TLS 1.3: add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-30 09:47:23 +10:00
070029fd08
add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-27 14:49:47 -06:00
65cfef5337
fix for free with test case
2021-08-27 14:10:06 -06:00
83d39932bb
add test case for X509 EXTENSION set
2021-08-27 11:30:44 -06:00
8b79f77fb0
Merge pull request #4327 from JacobBarthelmeh/Compatibility-Layer-Part3
...
add implementation of AUTHORITY_INFO_ACCESS_free
2021-08-27 09:27:34 -07:00
21159659cf
add implementation of AUTHORITY_INFO_ACCESS_free
2021-08-26 14:48:12 -06:00
ef0fb6520d
Merge pull request #4283 from JacobBarthelmeh/Compatibility-Layer-Part2
...
couple more compatibility functions
2021-08-26 11:50:09 -07:00
b5d42eb773
Merge pull request #4318 from kojo1/i2d_RSA
...
arg type compatibility
2021-08-26 09:51:43 -06:00
77eff68b95
addressed review comment
2021-08-25 11:07:32 +09:00
3f2abef212
Merge pull request #4321 from haydenroche5/libimobiledevice
...
Make changes to support libimobiledevice.
2021-08-24 17:19:26 -07:00
3d8dc68266
free test case object
2021-08-24 10:59:38 -06:00
ff521a14e4
add test case and macro mapping
2021-08-24 10:59:38 -06:00
7ff1351971
Make changes to support libimobiledevice.
...
- `EVP_PKEY_assign_RSA` should store the private key in DER format, not the
public key.
- The last call to `infoCb` in `wolfSSL_BIO_write` should provide the length of
the data to write.
- We should be able to parse RSA public keys starting with BEGIN RSA PUBLIC KEY
and ending with END RSA PUBLIC KEY.
2021-08-24 08:52:43 -07:00
9c541568fc
Merge pull request #4313 from SparkiDev/rsa_vfy_only
...
SP RSA verify only: fix to compile
2021-08-23 14:42:56 -07:00
da6e8d394f
shift instead of multiply and add comment
2021-08-23 13:24:27 -06:00
8808e6a3ac
implement set_tlsext_max_fragment_length
2021-08-23 09:08:14 +09:00
10c5e33027
arg type compatibility
2021-08-20 15:21:06 +09:00
dbb03cb5a3
SP RSA verify only: fix to compile
...
Configurations:
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math-all
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math --enable-sp-asm
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math --enable-sp-asm
2021-08-20 13:16:58 +10:00
e7ef48d2b7
Merge pull request #3869 from SparkiDev/asn1_template
...
ASN1 Template: stricter and simpler DER/BER parsing/construction
2021-08-19 12:47:04 -07:00
3226e69649
--enable-linuxkm-pie (FIPS Linux kernel module) ( #4276 )
...
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
2021-08-19 09:15:52 -07:00
d486b89c61
ASN1 Template: stricter and simpler DER/BER parsing/construction
...
Reduce debug output noise
2021-08-19 11:32:41 +10:00
9a1233c04d
Merge pull request #4312 from julek-wolfssl/DH_set_length
...
Implement `DH_set_length`.
2021-08-18 16:42:38 -07:00
eaded189ff
Merge pull request #4310 from haydenroche5/dsa_fips
...
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
2021-08-18 16:33:26 -07:00
8df65c3fa7
Merge pull request #4270 from dgarske/zd12586
...
Fixes for various PKCS7 and SRP build issues
2021-08-19 08:12:15 +10:00
c5f9e55567
Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled.
2021-08-18 11:30:18 -07:00
6237a7a00d
Merge pull request #4305 from TakayukiMatsuo/i2t
...
Add support for wolfSSL_i2t_ASN1_OBJECT
2021-08-18 10:37:08 -06:00
162f14aaf9
Implement `DH_set_length`.
2021-08-18 13:24:51 +02:00
d1e027b6fa
Fix for pedantic warning with pre-processor in macro.
2021-08-17 14:55:42 -07:00
89904ce82e
Fixes for building without AES CBC and support for PKCS7 without AES CBC.
2021-08-17 10:47:19 -07:00
a9b8b6d3de
Fix for PKCS7 heap hint in API unit test.
2021-08-17 10:46:53 -07:00
421be50cb8
Add support for wolfSSL_i2t_ASN1_OBJECT
2021-08-17 10:52:20 +09:00
95ab6ce4b8
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
...
This test calls `wolfSSL_DSA_do_sign_ex` and `wolfSSL_DSA_do_verify_ex`, both
of which don't exist if `HAVE_FIPS` is defined.
2021-08-16 17:42:00 -07:00
d4391bd997
Parse distinguished names in `DoCertificateRequest`
...
The CA names sent by the server are now being parsed in `DoCertificateRequest` and are saved on a stack in `ssl->ca_names`.
2021-08-14 00:24:08 +02:00
647e007eea
Implement `wolfSSL_set_client_CA_list` and add 'HIGH' cipher suite
2021-08-14 00:24:08 +02:00
b2380069f0
Merge pull request #4261 from dgarske/rsa_der_pub
2021-08-13 13:36:01 -07:00
ca06694bfb
Merge pull request #4282 from miyazakh/SSL_CIPHER_xx
...
Add SSL_CIPHER_get_xxx_nid support
2021-08-13 13:48:31 -06:00
5235b7d1e6
Merge pull request #4291 from miyazakh/PARAM_set1_ip
...
Add X509_VERIFY_PARAM_set1_ip support
2021-08-13 13:45:33 -06:00
1acf64a782
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
2021-08-14 02:16:34 +09:00
ec4e336866
Merge pull request #4299 from haydenroche5/evp_pkey_dec_enc_improvements
...
Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
2021-08-13 08:10:20 -07:00
3be13f7358
Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
...
- Handle case where output buffer is NULL. In this case, passed in output buffer
length pointer should be given the maximum output buffer size needed.
- Add better debug messages.
2021-08-12 18:46:15 -07:00
7dea1dcd39
OpenResty 1.13.6.2 and 1.19.3.1 support
...
# New or Updated APIs
- wolfSSL_get_tlsext_status_type
- wolfSSL_X509_chain_up_ref
- wolfSSL_get0_verified_chain
- SSL_CTX_set_cert_cb
- SSL_certs_clear
- SSL_add0_chain_cert ssl_cert_add0_chain_cert
- SSL_add1_chain_cert ssl_cert_add1_chain_cert
- sk_X509_NAME_new_null
- SSL_CTX_set_cert_cb
- SSL_set0_verify_cert_store
- SSL_set_client_CA_list
# Other Changes
- Ignore gdbinit
- Add api.c tests for new API
- Add `WOLFSSL_X509_STORE* x509_store_pt` to `WOLFSSL`
- Add macro to select the `WOLFSSL` specific store when available and the associated `WOLFSSL_CTX` store otherwise. Calls to `ssl->ctx->cm` and `ssl->ctx->x509_store*` were replaced by macros.
- NO-OP when setting existing store
- Add reference counter to `WOLFSSL_X509_STORE`
- Cleanup MD5 redundant declarations
- WOLFSSL_ERROR may map to nothing so make assignment outside of it
- refMutex fields are excluded with SINGLE_THREADED macro
- Chain cert refactor
- Make `wolfSSL_add0_chain_cert` and `wolfSSL_add1_chain_cert` not affect the context associated with the SSL object
- `wolfSSL_CTX_add1_chain_cert` now updates the `ctx->certChain` on success and stores the cert in `ctx->x509Chain` for later free'ing
2021-08-12 23:58:22 +02:00
cccb8f940a
Merge pull request #4209 from julek-wolfssl/net-snmp
...
Add support for net-snmp
2021-08-12 13:06:21 -07:00
93a1fe4580
Merge pull request #4205 from julek-wolfssl/wpas-include-extra-stuff
...
Include stuff needed for EAP in hostap
2021-08-12 11:17:23 -07:00
d4b0ec0705
Merge pull request #4290 from TakayukiMatsuo/general
...
Add wolfSSL_GENERAL_NAME_print
2021-08-12 09:51:28 -06:00
517309724a
Add wolfSSL_GENERAL_NAME_print
2021-08-12 14:17:41 +09:00
fc4e4eacba
Merge pull request #4292 from kojo1/evp
...
EVP_CIPHER_CTX_set_iv_length
2021-08-11 16:13:26 -06:00
fdb6c8141e
Merge pull request #4274 from haydenroche5/pyopenssl
...
Add support for pyOpenSSL.
2021-08-10 11:49:07 -07:00
c0b085dd4a
EVP_CIPHER_CTX_set_iv_length
2021-08-08 14:49:28 +09:00
a066c48f55
fix jenkins failure
2021-08-07 11:13:41 +09:00
a851e13f1d
implemented X509_VERIFY_PARAM_set1_ip
2021-08-07 10:50:57 +09:00
1b2d57123f
tests/api.c: add missing (void) arg lists.
2021-08-05 15:30:33 -05:00
fab227411f
Free ECC cache per thread when used
2021-08-05 15:34:47 +02:00
1e491993ca
add a2i_IPADDRESS
2021-08-05 16:53:36 +07:00
67e773db91
implement SSL_CIPHER_xxxx
2021-08-05 09:42:55 +09:00
5465d40ee3
Attempt to move asn.c RSA API defs into asn_public.h, since ASN is not in FIPS boundary.
2021-08-04 17:42:46 -07:00
35a33b2f00
Add support for pyOpenSSL.
...
pyOpenSSL needs the OpenSSL function X509_EXTENSION_dup, so this commit adds
that to the compatibility layer. It also needs to be able to access the DER
encoding of the subject alt names in a cert, so that's added as well.
2021-08-04 14:08:43 -07:00
fdbe3f0ff1
Merge pull request #4258 from miyazakh/evp_md_do_all
...
add EVP_MD_do_all and OBJ_NAME_do_all support
2021-08-04 12:17:27 -06:00
d39893baa0
add ctx set msg callback
2021-08-04 16:49:01 +07:00
d64768abff
Merge pull request #4265 from miyazakh/ecc_pubkey
...
update der size in actual length
2021-08-03 16:41:36 -06:00
c7a6b17922
Need to free ecc cache
2021-08-03 19:29:08 +02:00
2bbd04f10f
Implement BIO_new_accept and BIO_do_accept
2021-08-03 19:29:08 +02:00
46b061c7bc
Include stuff needed for EAP in hostap
...
Patch that includes the API needed for EAP in hostapd and wpa_supplicant
2021-08-03 17:52:50 +02:00
dc7ae37f7a
Make changes to support port of NTP from OpenSSL to wolfSSL.
2021-08-02 13:33:18 -07:00
a5b55344b1
Merge pull request #2760 from kojo1/EVP-test
...
additional test on EVP_CipherUpdate/Final
2021-08-02 09:23:00 -07:00
0dc98b8299
Add support for EVP_shake128/256
2021-08-02 13:00:31 +09:00
bad9a973b4
remove hard tabs and other minor fixes
2021-07-30 07:07:40 +09:00
297ae23521
additional test on EVP_CipherUpdate/Final
2021-07-30 06:50:01 +09:00
c69d6d2491
Added public API `wc_RsaKeyToPublicDer_ex` to allow getting RSA public key without ASN.1 header (can return only seq + n + e). Related to PR #4068 . Cleanup documentation for RSA and wolfIO. Consolidate duplicate code in `wc_RsaPublicKeyDerSize`.
2021-07-29 09:27:50 -07:00
6f2853ef28
Merge pull request #4251 from dgarske/openssl_all
...
Fixes for edge case builds with openssl all
2021-07-29 08:58:22 -07:00
2b43052f36
update pkey sz in actual length
2021-07-29 23:28:10 +09:00
e333632ad0
add obj_name_do_all
2021-07-29 14:37:10 +09:00
2abf23cbc9
fix jenkins failure
2021-07-29 09:03:38 +09:00
b2b5d4e603
add evp_md_do_all
2021-07-29 08:59:26 +09:00
2c1fed8262
Fixes for edge case builds with openssl all. Improvements to the `test_wolfSSL_PKCS8_d2i`. Allow forceful disable of OCSP with `./configure --enable-opensslall --disable-ocsp`.
2021-07-28 12:32:08 -07:00
4da7fbb654
tests: use different IPv4 address in + add IPv6 SAN to generated cert
2021-07-28 09:36:21 +02:00
0d0dfc3f5e
Merge pull request #4238 from dgarske/xc32
...
Fixes for building with Microchip XC32 and ATECC
2021-07-28 09:33:01 +10:00
2dac9a2a81
Merge pull request #4228 from miyazakh/EVP_blake2xx
...
add EVP_blake2 compatibility layer API
2021-07-27 11:45:37 -06:00
d49d8a9286
Merge pull request #4204 from SparkiDev/ecies_sec1
...
ECIES: SEC.1 and ISO 18033 support
2021-07-27 09:43:53 -07:00
a92f03a11e
Fixes for building with Microchip XC32 and ATECC.
2021-07-27 08:20:20 -07:00
8c63701577
Merge pull request #4247 from SparkiDev/dhp_to_der_fix
...
OpenSSL API: DH params to der
2021-07-26 17:00:34 -07:00
31dde4706e
ECIES: Support SEC 1 and ISO 18033
...
Default is SEC 1.
To use old ECIES implementation: --enable-eccencrypt=old or define
WOLFSSL_ECIES_OLD
To use ISO-18033 implememtation: --enable-eccencrypt=iso18033 or
define WOLFSSL_ECIES_ISO18033
Support passing NULL for public key into wc_ecc_decrypt().
Support not having public key in privKey passed into wc_ecc_encrypt() -
public key is calculated and stored in priKey.
Add decrypt KAT test for ECIES.
2021-07-27 09:30:53 +10:00
028c056c55
Merge pull request #4213 from lealem47/leakFixes
...
Addressing possible leaks in ssl.c and api.c
2021-07-26 23:32:19 +07:00
ce7e1ef94a
Merge pull request #4230 from douzzer/configure-max-bits-and-ex-data
...
configure options for max rsa/ecc bits and ex_data
2021-07-26 09:27:20 -06:00
7d5271ed71
OpenSSL API: DH params to der
...
Fix calculation of length of encoding in ssl.c.
Fix encoding to check proper length in asn.c.
Fix tests to check for correct value (api.c).
2021-07-26 22:47:46 +10:00
27c49b1673
Merge pull request #4075 from julek-wolfssl/bind-dns
...
Bind 9.17.9 and 9.11.22 Support
2021-07-26 11:24:57 +07:00
494e285cf1
configure.ac: add --with-max-rsa-bits, --with-max-ecc-bits, and --enable-context-extra-user-data[=#]; untabify and otherwise clean up whitespace; tweak api.c, ecc.h, rsa.h, and settings.h, for compatibility with new options.
2021-07-23 22:02:58 -05:00
e8d636771f
Merge pull request #4231 from haydenroche5/des3-iv-fips
...
Use correct DES IV size when using FIPS v2.
2021-07-23 09:38:56 -07:00
10168e093a
Rebase fixes
2021-07-23 18:14:54 +02:00
142ff6d885
Bind 9.11.22
2021-07-23 18:14:18 +02:00
06ebcca913
Code review and mp_int memory leak fixes
2021-07-23 18:14:18 +02:00
b4fd737fb1
Bind 9.17.9 Support
...
- Add `--enable-bind` configuration option
- New compatibility API:
- `RSA_get0_crt_params`
- `RSA_set0_crt_params`
- `RSA_get0_factors`
- `RSA_set0_factors`
- `RSA_test_flags`
- `HMAC_CTX_get_md`
- `EVP_MD_block_size`
- `EC_KEY_check_key`
- `o2i_ECPublicKey`
- `DH_get0_key`
- `DH_set0_key`
- Calling `EVP_MD_CTX_cleanup` on an uninitialized `EVP_MD_CTX` structure is no longer an error
- `DH_generate_parameters` and `DH_generate_parameters_ex` has been implemented
2021-07-23 18:14:12 +02:00
94373781b2
C++ fix: cast from void* to X509_OBJECT*
2021-07-23 14:56:38 +10:00
ec180f3901
Use correct DES IV size when using FIPS v2.
2021-07-22 18:17:41 -07:00
6a3ff81f2d
use EVP_get_digestbyname
2021-07-22 08:17:55 +09:00
b4c61b4df9
add EVP_blake2xyyy
2021-07-22 08:17:54 +09:00
c544c19013
Merge pull request #4227 from miyazakh/ERR_lib_error_string
...
add ERR_lib_error_string compatibility layer API
2021-07-21 11:19:29 -06:00
83c6688bee
Merge pull request #4135 from dgarske/evp_set1_eckey
...
Fixes for handling PKCS8 ECC key with EVP PKEY
2021-07-22 00:17:11 +07:00
b76d44dad9
add ERR_lib_error_string
2021-07-21 10:31:00 +09:00
2014d39254
fixes for valgrind-detected leaks and undefined data accesses: wolfSSL_{SHA*,MD5}_Final (OpenSSL compat wrappers): call wc_*Free() on sha state that otherwise leaks when _SMALL_STACK_CACHE; test_wc_curve25519_shared_secret_ex(): properly initialize public_key.
2021-07-20 18:26:05 -05:00
762b384be2
Fixes for `-pedantic` errors.
2021-07-20 10:02:16 -07:00
fd52424dd5
Improvements to PKCS8 handling.
...
* Fixes for handling PKCS8 in keys with EVP PKEY. Resolves QT test issues. Replacement to PR #3925 .
* Improved code handling for PKCS 8 headers. Change PemToDer to not strip the PKCS8 header.
* Add support in the ECC/RSA/DH key import code to support detection / handling of the PKCS8 header.
* Fix for `wc_RsaKeyToDer` to be exposed with `OPENSSL_EXTRA`.
* Adds EVP PKCS8 test case for RSA and ECC.
* Refactor `test_wolfSSL_OPENSSL_hexstr2buf` to resolve g++ compiler warning.
* Added new `WOLFSSL_TRAP_MALLOC_SZ` build option to trap mallocs that are over a specified size.
2021-07-20 10:02:16 -07:00
77c9b36b5a
Merge pull request #4181 from dgarske/sniffer_keycb
...
Sniffer fixes and new sniffer key callback support
2021-07-19 13:26:17 -07:00
186ff2b365
make -DNO_ED25519_KEY_{IMPORT,EXPORT} buildable, and fix api.c and suites.c so that -DNO_ED*_KEY_{IMPORT,EXPORT} pass make check.
2021-07-16 23:07:28 -05:00
ac92204c15
make -DNO_ED448_KEY_{IMPORT,EXPORT} buildable
2021-07-16 18:21:30 -05:00
c97eff6e61
evp.c: add missing checks and logic in wolfSSL_EVP_CIPHER_CTX_ctrl(), and fix api.c:test_IncCtr() to exercise wolfSSL_EVP_CIPHER_CTX_ctrl() with EVP_CTRL_GCM_IV_GEN using an AES cipher, with thanks to Juliusz.
2021-07-16 15:30:23 -05:00
9b43e57ccf
ED: add streaming API to the ED verify routines: wc_ed*_verify_msg_init(), wc_ed*_verify_msg_update(), wc_ed*_verify_msg_final();
...
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;
track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;
add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;
add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.
add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;
add macro asserts near top of ed*.h to assure the required hash functions are available;
fix {NO,HAVE}_ED*_{SIGN,VERIFY};
wolfcrypt/test/test.c: add missing key initializations in ed*_test();
wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
2021-07-16 13:49:47 -05:00
73323e694f
Addressing possible leaks in ssl.c and api.c
2021-07-16 09:48:06 -06:00
f82fd01283
Merge pull request #4202 from JacobBarthelmeh/BuildOptions
...
fix for build with wpas and disable tls13
2021-07-14 09:07:08 -07:00
18399091ce
Merge pull request #4012 from julek-wolfssl/haproxy
...
HaProxy 2.4-dev18 support
2021-07-14 15:46:04 +07:00
2592a04d8a
fix for build with wpas and disable tls13
2021-07-13 15:49:40 +07:00
c01a63508a
account for testing on big endian system
2021-07-09 08:18:39 -06:00
e1b487ab9f
Fix for `wc_export_int` with `WC_TYPE_HEX_STR`, which was not returning the correct length.
2021-07-08 14:36:36 -07:00
b9dac74086
Merge pull request #4193 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis tests
2021-07-07 14:23:58 -07:00
86e5287a14
Merge pull request #4032 from TakayukiMatsuo/tk11968
...
Make wolfSSL_CTX_set_timeout reflect to Session-ticket-lifetime-hint
2021-07-07 22:26:06 +07:00
b7bd3766c7
Fix pedantic errors about macros in macros
2021-07-07 10:54:34 +02:00
7b9d6a3f5e
Merge pull request #3792 from TakayukiMatsuo/os_keylog
...
Add wolfSSL_CTX_set_keylog_callback
2021-07-07 15:34:33 +07:00
1acf906612
Code review changes
2021-07-06 15:39:23 +02:00
1b6b16c2c3
HaProxy 2.4-dev18 support
...
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
- `STACK_TYPE_X509_OBJ`
- `OCSP_id_cmp`
- `X509_STORE_get0_objects`
- `X509V3_EXT_nconf_nid`
- `X509V3_EXT_nconf`
- `X509_chain_up_ref`
- `X509_NAME_hash`
- `sk_X509_NAME_new_null`
- `X509_OBJECT_get0_X509`
- `X509_OBJECT_get0_X509_CRL`
- `ASN1_OCTET_STRING_free`
- `X509_LOOKUP_TYPE`
- `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
- WOLFSSL_CTX
- Enable all compiled in protocols
- Allow anonymous ciphers
- Set message grouping
- Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
- Return first that occured
- Set correct value on date error
- Set revoked error on OCSP or CRL error
- Save value in session and restore on resumption
- Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
2021-07-06 15:39:23 +02:00
ae00b5acd0
some minor changes for unintialized and null infer reports
2021-07-06 14:13:45 +07:00
5df0f7820a
Add wolfSSL_CTX_set_keylog_callback
2021-07-03 14:51:23 +09:00
567d8ed704
Make wolfSSL_set_session return success on timeout under WOLFSSL_ERROR_CODE_OPENSSL macro definition.
2021-07-02 10:50:00 +09:00
aef9e560b1
Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint.
2021-07-02 09:15:01 +09:00
43f8c5ba1b
Merge pull request #4121 from JacobBarthelmeh/PKCS7
...
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
2021-07-01 17:03:56 -07:00
9179071af5
Merge pull request #4153 from JacobBarthelmeh/Testing
...
fix for keyid with ktri cms
2021-06-29 11:40:00 -06:00
74b9b5a8cd
Merge pull request #4156 from SparkiDev/regression_fixes_1
...
Regression test fixes
2021-06-25 07:48:02 -07:00
5038a27cda
add test cases and set content oid with decode encrypted data
2021-06-25 21:16:01 +07:00
dab6724059
Regression fixes: more configurations
...
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
&& make
./configure --disable-aescbc --disable-chacha --disable-poly1305
--disable-coding && make
2021-06-25 15:23:51 +10:00
1994811d24
Merge pull request #4144 from haydenroche5/pkcs8
...
Make a bunch of PKCS#8 improvements.
2021-06-25 12:22:11 +10:00
8592053856
Regression test fixes
...
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
2021-06-25 09:18:06 +10:00
656e49cc3b
Expand SHA-3 support
...
Add more support in the EVP layer as well as add signing support. The SHA-3 OID's were also added for DER algorithm identifier encoding.
2021-06-24 19:31:43 +02:00
b3401bd102
Make a bunch of PKCS#8 improvements.
...
- Add doxygen documentation for wc_GetPkcs8TraditionalOffset, wc_CreatePKCS8Key,
wc_EncryptPKCS8Key, and wc_DecryptPKCS8Key.
- Add a new API function, wc_CreateEncryptedPKCS8Key, which handles both
creation of an unencrypted PKCS#8 key and the subsequent encrypting of said key.
This is a wrapper around TraditionalEnc, which does the same thing. This may
become a first-class function at some point (i.e. not a wrapper). TraditionalEnc
is left as is since it is used in the wild.
- Added a unit test which exercises wc_CreateEncryptedPKCS8Key and
wc_DecryptPKCS8Key. Testing wc_CreateEncryptedPKCS8Key inherently also tests
TraditionalEnc, wc_CreatePKCS8Key, and wc_EncryptPKCS8Key.
- Modified wc_EncryptPKCS8Key to be able to return the required output buffer
size via LENGTH_ONLY_E idiom.
- Added parameter checking to wc_EncryptPKCS8Key and wc_DecryptPKCS8Key.
2021-06-23 08:39:20 -07:00
2923d812bd
Merge pull request #4058 from miyazakh/qt_oslext_cs
...
TLS: extend set_cipher_list() compatibility layer API
2021-06-23 10:12:11 +10:00
4b3bd3e384
Merge pull request #4049 from miyazakh/set_verifyDepth_3
...
Set verify depth limit
2021-06-22 10:23:43 -06:00
446393bcab
Merge pull request #3793 from TakayukiMatsuo/os_base64
...
Add wolfSSL_EVP_Encode/Decode APIs
2021-06-22 10:19:30 -06:00
b050463dce
Merge pull request #4059 from miyazakh/qt_unit_test
...
fix qt unit test
2021-06-22 10:12:48 -06:00
647bde671c
macro guard on test case
2021-06-22 22:56:35 +07:00
3cd43cf692
fix for keyid with ktri cms
2021-06-22 21:33:12 +07:00
c4ea64b7fc
Merge pull request #4140 from SparkiDev/set_sig_algs
2021-06-21 19:18:10 -07:00
7224fcd9bc
TLS: add support for user setting signature algorithms
2021-06-18 16:19:01 +10:00
1ebb4a47f6
addressed jenkins failure
2021-06-18 11:22:20 +09:00
4feedb72cc
simulate set_ciphersuites comp. API
2021-06-18 11:22:19 +09:00
ddf2a0227f
additional fix for set verify depth to be compliant with openssl limit
2021-06-18 11:00:51 +09:00
951de64e2c
set PSK at the beginning
2021-06-18 07:59:35 +09:00
1307972344
Update use of joi cert and add to renew script.
2021-06-16 13:55:36 -05:00
9e02655ac4
Merge remote-tracking branch 'upstream/master' into os_base64
2021-06-16 23:19:52 +09:00
b73673a218
Merge pull request #3794 from TakayukiMatsuo/os_keyprint
...
Add wolfSSL_EVP_PKEY_print_public
2021-06-16 08:43:41 +10:00
c6680d08ba
Fix coding issues
2021-06-15 11:16:38 +09:00
77df7d8630
Merge pull request #3968 from elms/pedantic_cleanup
...
Fixes for some `-pedantic` errors
2021-06-14 13:46:39 -07:00
fd6b30ef32
Merge pull request #4111 from elms/silabs/fix_ecc_shared_secret_outlen
...
silabs: fix `wc_ecc_shared_secret` to only return x coordinate
2021-06-14 13:44:00 -07:00
a8d185cb9e
Merge pull request #4117 from TakayukiMatsuo/tk12403
...
Add null-parameters-test cases for SHA(), SHA224(), MD5() and MD5_xxx().
2021-06-14 13:52:01 -06:00
ed4cf6e91c
silabs: fix `wc_ecc_shared_secret` to only return x coordinate
...
secure element computes and returns the full coordinate. The wolfSSL
API should only return the x component.
2021-06-13 21:46:23 -07:00
ebec2fbd25
Fixed uninitialized parameter for Base16_Encode
2021-06-14 13:45:12 +09:00
6d3b9aec80
fix api compile failure
2021-06-12 09:24:11 +09:00
ed5cb0a1bd
Modified along the revire comments
2021-06-11 21:08:27 +09:00
779e3701e6
Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint
2021-06-11 13:56:52 +09:00
36a9cd3010
Merge pull request #3911 from TakayukiMatsuo/tk11851
...
Fix SSL_read behaving differently from openSSL after bidirectional shutdown
2021-06-11 10:25:39 +10:00
3ecb8d5a3e
Merge pull request #4062 from dgarske/dh_key
...
DH Key and Params Export cleanups and Apache httpd fixes
2021-06-10 20:54:32 +10:00
4d3f2f92fd
Add test cases for SHA(), SHA224(), MD5() and MD5_xxx() to test with null parameters.
2021-06-10 16:40:51 +09:00
c6c7dfd5db
Merge pull request #4053 from SparkiDev/cppcheck_fixes_6
...
cppcheck: fixes from reviewing report
2021-06-09 12:51:30 -07:00
9580574382
Merge pull request #3999 from dgarske/user_io
...
Fixes for building with `WOLFSSL_USER_IO`
2021-06-09 08:55:36 +10:00
70d2c838bb
Merge pull request #4080 from kaleb-himes/SHAKE_DEFAULT_FIX
...
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-09 08:52:05 +10:00
6db0b42c7f
* Refactor of DH key and param exports code (moved into asn.c) enabled with `WOLFSSL_DH_EXTRA`.
...
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
2021-06-08 09:27:26 -07:00
0186d19aba
Fix some coding style issues.
2021-06-08 16:25:28 +09:00
88322b82a5
Merge pull request #3871 from julek-wolfssl/openvpn-master
...
OpenVPN additions and fixes
2021-06-08 13:54:14 +10:00
8ee1dda2f9
Merge pull request #4001 from dgarske/time_long
...
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
2021-06-08 11:17:55 +10:00
5c01613acb
Add GCC extension to bypass select `-pedantic` warnings
...
Add wrapper macro for `__extension__` to suppress pedantic warnings
2021-06-07 15:38:15 -07:00
3e307aa626
Merge pull request #4091 from JacobBarthelmeh/Testing
...
add strict check on signature length
2021-06-07 11:02:02 -07:00
f97ca1c1ca
adjust test case and add useful comments
2021-06-07 19:44:05 +07:00
898b9d5e24
Merge pull request #4084 from dgarske/sp_math_keygen
...
Fix for building SP small math only (no DH) with key generation
2021-06-07 10:48:01 +10:00
c245c4a812
add strict check on signature length
2021-06-05 03:09:33 +07:00
961773b384
Merge pull request #4079 from lealem47/PKCS12UnitTest
...
Pkcs12 unit test
2021-06-03 16:07:54 -06:00
21060afb80
Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error.
2021-06-03 10:56:54 -07:00
195ca2b3f0
Add corner test cases for EVP_EncodeFinal and EVP_DecodeFinal
2021-06-03 20:02:48 +09:00
6cfb982740
Merge pull request #3981 from miyazakh/qt_oslext_cnf
...
Added compatibility layer API
2021-06-01 15:25:37 -06:00
72fc7e62b8
Fixed spacing
2021-06-01 14:47:51 -06:00
94831eadf1
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-01 11:38:17 -06:00
03a5395b53
Fixed casting issue
2021-06-01 09:46:30 -06:00
2db233d10e
Added wolfssl_PKCS12_verify_mac testing in test_wolfSSL_PKCS12() function in api.c
2021-05-28 16:33:46 -06:00
7a98c517e4
Fixes for some `-pedantic` errors
...
Some of the API with callbacks may not be compatible with pedantic
2021-05-27 14:46:45 -07:00
d1e3be1f43
Replace return code from literal to value
2021-05-27 06:20:34 +09:00
41af3da0e3
Merge pull request #4057 from SparkiDev/no_tls12_pkcb
...
TLS: fix build with no TLSv12 but PK callbacks
2021-05-25 15:26:40 -07:00
af67965f65
addressed jenkins failures part1
2021-05-26 06:07:48 +09:00
33e91c577f
added unit test cases for cmdline
2021-05-26 06:07:47 +09:00
394c0b5cdc
implemented CONF_cmd
2021-05-26 06:07:47 +09:00
e1bc0c4447
EVP AES-GCM Streaming: must free Aes
...
AES streaming implementation allocates data in Aes objects, when small
stack, that needs to be freed.
Fix memory leaks in streaming test case too.
2021-05-25 15:57:09 +10:00
6747055d46
TLS: fix build with no TLSv12 but PK callbacks
...
./configure '--disable-tlsv12' '-enable-pkcallbacks'
Disable non-TLS13 cipher suite test as well.
2021-05-21 10:59:23 +10:00
2c6285ccba
cppcheck: fixes from reviewing report
2021-05-20 17:55:06 +10:00
8c71fb4113
Add test cases for wc_ShaxxxUpdate funcs
2021-05-14 09:46:21 +09:00
5865dc08dd
Code review changes
2021-05-13 15:21:33 +02:00
c75830e2e8
Merge pull request #4011 from miyazakh/set_verify_depth2
...
fix out of bound access when peer's chain is greater than verifyDepth + 1
2021-05-11 15:38:39 -06:00
fce9870a64
Merge pull request #4020 from ejohnstown/options-export
...
New Option Export/Import
2021-05-11 09:10:17 -07:00
d74b74d156
Also adjust for v3 of export, and update the API test case.
2021-05-10 18:06:31 -07:00
db7888ceaa
Fix for the unmodified check for AesCbc test.
2021-05-10 10:04:50 -07:00
c88afdef87
Fixes for building with `WOLFSSL_USER_IO` (with no built-in socket support). Related to issue #3998 .
2021-05-06 11:07:05 -07:00
2a39f1dc5c
fixed memory leak
2021-05-06 16:55:51 +09:00
93f04543b0
fixed unit test intermittent failure
2021-05-06 15:40:24 +09:00
0539b99c86
fix boundary access when peer's chain is less than verifyDepth + 1
2021-05-06 14:54:16 +09:00
822aa92fcc
Fix test_wolfSSL_CertManagerCheckOCSPResponse.
...
This test broke once we went past the nextUpdate time in the static, raw OCSP
response being used. This change makes it so that response is valid until 2048.
2021-05-03 15:26:39 -07:00
6e0197e171
Merge pull request #4002 from kabuobeid/smime_fixes
...
S/MIME: Canonicalize multi-part messages before hashing. Improve error checking in wc_MIME_parse_headers.
2021-05-03 09:24:43 -07:00
effcecf40d
S/MIME: Add non-canonicalized test case
2021-04-30 15:07:37 -07:00
f8ecd4b441
Fixes for building with `NO_ASN_TIME`. If used with TLS user must supply `LowResTimer` and `TimeNowInMilliseconds`.
2021-04-30 15:04:31 -07:00
57e03d7e2f
Merge pull request #3961 from miyazakh/qt_oslext_pskss_cb
...
added psk session callback compatibility layer API
2021-04-30 14:26:44 -06:00
c4782a7a1c
Fix macro guard for wolfSSL_CRYPTO_get_ex_new_index and get_ex_new_index.
2021-04-28 10:41:49 +09:00
9c0ff73370
Add wolfSSL_CRYPTO_get_ex_new_index
2021-04-28 10:38:53 +09:00
0e40293798
added psk session callback
2021-04-28 10:08:21 +09:00
385e0bedaa
Merge pull request #3990 from haydenroche5/ocsp_bug
...
Fix CompareOcspReqResp.
2021-04-27 17:07:58 -07:00
edb0beb9b6
Merge pull request #3969 from TakayukiMatsuo/koyo
...
Add wolfSSL_DH_get0_pqg
2021-04-27 17:52:17 -06:00
6fad8c4a57
Merge pull request #3975 from TakayukiMatsuo/resumable
...
Add implementation for wolfSSL_SESSION_is_resumable.
2021-04-27 16:45:34 -06:00
73076940af
Fix CompareOcspReqResp.
...
There was a bug in this function that could cause a match to be reported even
when the OCSP request and response in fact had a mismatch.
2021-04-27 13:54:43 -07:00
6d381a6c7f
do nothing when version is zero
2021-04-27 21:13:19 +09:00
3b070e1bd0
add MIN/MAX_PROTO into CTX_ctrl
...
add unit test for min/max proto of CTX ctrl
2021-04-27 21:13:17 +09:00
91e90f7a98
Merge pull request #3604 from haydenroche5/stunnel
...
Make changes to get latest verison of stunnel (5.57) working with wolfSSL.
2021-04-23 15:41:22 -07:00
c3fefc6e27
Merge pull request #3889 from douzzer/network-introspection
...
--enable-wolfsentry
2021-04-23 15:38:01 -07:00
2b6f623777
Add implementation for wolfSSL_SESSION_is_resumable.
2021-04-23 11:12:20 +09:00
c442841e4a
Fix some along review.
2021-04-23 10:53:22 +09:00
d22ed7443b
Fix unit test.
2021-04-23 09:47:24 +09:00
568c09bcde
Add guard to the unit test
2021-04-23 09:47:24 +09:00
63826e227b
Add wolfSSL_DH_get0_pqg
2021-04-23 09:47:24 +09:00
878e0006ad
Merge pull request #3965 from miyazakh/qt_oslext_epk_param_ck
...
added wofSSL_EVP_PKEY_param_check for compatibility layer API
2021-04-22 15:43:47 -06:00
89d7f4faf3
tests/api.c: add missing void arglists.
2021-04-21 03:22:10 -05:00
ba2cc00e5d
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-04-20 23:59:57 -05:00
d3b41a2fed
addressed review comments p1
2021-04-21 09:10:32 +09:00
e063984d17
added EVP_PKEY_param_check
2021-04-21 07:53:18 +09:00
bca3cd1d49
fix jenkins failures
2021-04-21 07:39:12 +09:00
89b5b90be6
added compatibility layer API stub for Qt 5.15.2
2021-04-21 07:39:12 +09:00
f931e67cd7
Merge pull request #3946 from TakayukiMatsuo/tk11899
...
Add test cases for EVP_CIPHER_CTX_cleanup and BIO_free
2021-04-20 10:10:41 -06:00
c3aee06b23
Merge pull request #3939 from miyazakh/qt_v5p15p2_r1
...
added and modified compatibility layer APIs for Qt v5.15.2 part1
2021-04-20 10:02:27 -06:00
5a1d171236
fixed unit test failure
2021-04-14 21:25:50 +09:00
03cfc3dc8f
addressed review comments part1
2021-04-14 11:15:23 +09:00
f245ba0ca1
Merge remote-tracking branch 'upstream/master' into tk11899
...
# Conflicts:
# tests/api.c
2021-04-14 06:13:46 +09:00
c129f630e2
Merge pull request #3933 from miyazakh/rand_bytes_regression
...
fix retrun code regression on RAND_bytes
2021-04-13 13:55:04 -06:00
4cd3f2e826
Make changes to get latest verison of stunnel (5.57) working with wolfSSL.
2021-04-13 09:18:25 -05:00
021c22c038
Merge pull request #3950 from embhorn/zd11850
...
Fix build error with NO_PKCS12
2021-04-12 10:46:45 -07:00
501de37cad
fixed memory leak in unit test
2021-04-12 18:34:07 +09:00
ad6f8e4246
added and modified compatibility layer APIs for Qt v5.15.2 part1
2021-04-12 18:34:07 +09:00
04cc48b810
Merge pull request #3935 from miyazakh/x509_store_ex_data
...
add X509_STORE_get/set_ex_data
2021-04-08 21:51:03 -05:00
07022eebe7
Add a OPENSSL_EXTRA guard to call SSL_get_early_data_status
2021-04-09 01:10:45 +09:00
424d97ca3d
Merge remote-tracking branch 'upstream/master' into tk11899
...
# Conflicts:
# src/ssl.c
2021-04-08 23:59:51 +09:00
bc7191ca4c
Added test cases for NULL-parameter
2021-04-08 23:11:00 +09:00
de8653be35
Merge pull request #3941 from JacobBarthelmeh/Compatibility-Layer
...
add implementation of EC_KEY_set_group
2021-04-07 16:20:50 -07:00
ef69a9b458
Fix build error with NO_PKCS12
2021-04-07 15:36:35 -05:00
7da85c6f3f
Merge remote-tracking branch 'upstream/master' into tk11899
2021-04-07 12:01:39 +09:00
4eb8265c46
add ecc guard on test case
2021-04-06 20:01:15 +07:00
0a05acff09
Add test cases for EVP_CIPHER_CTX_cleanup and BIO_free
2021-04-06 14:21:53 +09:00
63c96c3585
add implementation of EC_KEY_set_group
2021-04-05 22:22:31 +07:00
9a86f133c8
additional fixes for reports with test cases
2021-04-05 21:26:52 +07:00
ea0f4580de
add X509_STORE_get/set_ex_data
2021-04-01 17:06:02 +09:00
b8684f3f7e
fix retrun code regression on RAND_bytes
...
fix jenkins fail
2021-04-01 13:35:50 +09:00
f7046ca12a
Merge pull request #3906 from douzzer/AES-BAD_ALIGN_E-consistency
...
Adds optional AES CBC length checking
2021-03-30 16:01:29 -07:00
4d1ad6acd6
Merge pull request #3885 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis fixes for items listed as high priority
2021-03-30 16:00:03 -07:00
4044b30363
Merge pull request #3915 from TakayukiMatsuo/os_ecdh
...
Add unit tests for OpenSSL compat APIs
2021-03-30 16:18:16 -06:00
a9ff314840
Merge pull request #3912 from miyazakh/rsa_bits_
...
Added RSA_bits
2021-03-26 17:00:56 -06:00
b67f270e3d
Merge pull request #3910 from miyazakh/openssl_ext_unit_test
...
Update compatibility layer api unit test
2021-03-26 16:58:21 -06:00
5f6b618e71
configure.ac: add --enable-aescbc-length-checks and add it to --enable-all; api.c: fix expected error code in WOLFSSL_AES_CBC_LENGTH_CHECKS path of test_wc_AesCbcEncryptDecrypt(); aes.c: add explanatory comment on WOLFSSL_AES_CBC_LENGTH_CHECKS to top of file.
2021-03-26 14:04:25 -05:00
5d9ee97530
WOLFSSL_AES_CBC_LENGTH_CHECKS: add gated logic to aes.c wc_AesCbc{En,De}crypt() to return BAD_LENGTH_E when input length is not a multiple of AES_BLOCK_SIZE; add gated tests of new functionality in test_wc_AesCbcEncryptDecrypt(); fix first encrypt-decrypt-memcmp in test_wc_AesCbcEncryptDecrypt() to span all of test vector and extend test vector length to be block-multiple; add ungated logic in platform-specific wc_AesCbc{En,De}crypt() routines to return with early success when blocks == 0 (also mitigates buffer overrun on short (less-than-AES_BLOCK_SIZE) input); add BAD_LENGTH_E error code; update documentation.
2021-03-26 13:40:08 -05:00
79fa71d600
Merge pull request #3882 from TakayukiMatsuo/tk11899
...
Return code differences in wolfSSL_EVP_PKEY_cmp et al.
2021-03-26 09:36:52 -07:00
5456765dca
Changed API names to call in unit tests.
2021-03-26 17:05:25 +09:00
79837eeb8e
Changed the function name to be called in the unit test to the OpeSSL function name.
2021-03-26 04:30:36 +09:00
dd6db22bc6
Changed the function name to be called in the unit test to the OpenSSL function name.
2021-03-26 04:08:02 +09:00
8dcaa8c4b6
Merge remote-tracking branch 'upstream/master' into os_ecdh
...
# Conflicts:
# tests/api.c
2021-03-25 19:17:22 +09:00
952a9b3497
Add unit tests for CONT_modules_xxx, CRYPTO_set_dynlock_xxx, CRYPTO_THREADID_xxx and ENGINE_cleanup.
2021-03-25 19:02:13 +09:00
c9be50c3a0
added RSA_bits
2021-03-25 13:31:47 +09:00
03bad1c056
Added logic to wait for TCP disconnect so that SSL_read behaves the same as OpenSSL after a bidirectional shutdown.
2021-03-25 12:54:05 +09:00
f7652d18a0
use compatibility layer API when they are enabled
2021-03-25 08:09:06 +09:00
6134de6a22
Merge pull request #3855 from miyazakh/openssl_ext_r2
...
Compatibility layer API addition
2021-03-23 14:37:47 -07:00
a86a638698
Fix for PRB tests.
2021-03-21 08:19:02 +09:00
14b7d70ae4
Merge pull request #3846 from kabuobeid/builtinEngsRandMethod
...
Add wolfSSL_RAND_set_rand_method() and document ENGINE_load_builtin_engines()
2021-03-19 14:23:03 -07:00
364e35575c
Add following modifications to unit-test:
...
- Modify reference data in test_wolfSSL_EVP_PKEY_print_public
- Remove test_wc_EccPublicKeyDecode_ex
- Rewrite test_wc_DhPublicKeyDecode to have Assert
2021-03-19 14:17:26 +09:00
300cbf7a5b
fixed NO_WOLFSSL_DIR configuration case
2021-03-19 13:13:03 +09:00
7b81ff1bc6
fixed api testing for hash dir
2021-03-19 13:13:01 +09:00
84368eed3f
addressed review comment part 2 moving BY_DIR_xxx functions to internal
2021-03-19 13:13:00 +09:00
4650aaf4fb
addressed review comments part 1
2021-03-19 13:13:00 +09:00
39b0c4eaf8
fixed sanitize errors
2021-03-19 13:12:56 +09:00
b4a573ca98
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-03-19 13:12:55 +09:00
a85e348c0e
Change void return from RAND_seed back to int.
2021-03-18 11:20:56 -07:00
a64bb8aef7
fix unused variable in test case from Jenkins test
2021-03-18 15:17:08 +07:00
7760dcb43b
Fixes and cleanups for the openssl compatibility layer `RAND_` functions. For `opensslextra=x509small` don't include the RAND method code. Removed abandonded "ENABLED_SMALL" option in configure.ac.
2021-03-17 15:51:52 -07:00
1477af9a22
Add wolfSSL_RAND_set_rand_method() and support for RAND_ callbacks.
2021-03-17 14:29:24 -07:00
d439694eb6
sanity check on length in wolfSSL_BN_rand
2021-03-17 13:41:27 +07:00
48d13bbfa5
fix for leak with wolfSSL_a2i_ASN1_INTEGER
2021-03-17 12:24:18 +07:00
3bd7127188
Wrap some long lines.
2021-03-17 06:58:51 +09:00
07807526c6
Change the following functions to behave the same as opeSSL:
...
- EVP_CIPHER_CTX_cleanup
- BIO_free
- EVP_PKEY_cmp
2021-03-17 05:47:45 +09:00
9f6d1fe964
Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint
2021-03-16 15:55:51 +09:00
35659be06f
AES GCM: implement streaming
...
Updated EVP layer to use streaming API when enabled.
Assembly for x64 updated to include streaming.
2021-03-16 16:39:49 +10:00
5c4c101ac5
Merge pull request #3863 from JacobBarthelmeh/Testing
...
fix for wolfSSL_ASN1_TIME_adj set length
2021-03-15 17:17:33 -07:00
3ac03d3d66
Merge pull request #3805 from JacobBarthelmeh/copyright
...
update copyright date to 2021
2021-03-15 16:16:50 -07:00
5fd0950a3a
Merge pull request #3654 from SparkiDev/sakke_eccsi
...
ECCSI and SAKKE: add support
2021-03-15 16:15:59 -07:00
5369c133ad
add macro guard around test
2021-03-12 11:44:09 +07:00
a55e94cf6f
ECCSI and SAKKE: add support
...
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
2021-03-12 09:31:22 +10:00
771a7418ea
fixes for compat with autoconf 2.70 and gcc-10: update m4/ax_pthread.m4 and m4/ax_tls.m4 from upstream, fix declaration syntax in tests/api.c, add AC_CANONICAL_TARGET in configure.ac, and fix two spots with bad quoting syntax in configure.ac and m4/ax_linuxkm.m4. also fix myriad whitespace flubs in api.c.
2021-03-11 17:29:12 -06:00
c091b968a3
Merge pull request #3864 from cconlon/0311
...
api.c fix for --enable-opensslall and --enable-debug
2021-03-11 14:54:40 -08:00
6241d56eec
Merge pull request #3865 from haydenroche5/fix_have_aes_ecb
...
Change WOLFSSL_AES_ECB to HAVE_AES_ECB in api.c.
2021-03-11 14:12:46 -08:00
211eefa155
Change WOLFSSL_AES_ECB to HAVE_AES_ECB in api.c.
2021-03-11 14:03:54 -06:00
e184cf5c29
fix api.c build with --enable-opensslall and --enable-debug
2021-03-11 12:56:13 -07:00
eb8b40c64a
fix for wolfSSL_ASN1_TIME_adj set length
2021-03-11 20:34:17 +07:00
b9464befb6
Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint
2021-03-11 16:21:09 +09:00
c729318ddd
update copyright date
2021-03-11 13:42:46 +07:00
72eebd6e75
Merge pull request #3795 from JacobBarthelmeh/CAAM
...
Addition of QNX CAAM driver
2021-03-10 15:04:21 -08:00
44c5ca9d39
Merge pull request #3825 from julek-wolfssl/openssl-key-wrap
...
Implement `AES_wrap_key` and `AES_unwrap_key`
2021-03-10 15:01:51 -08:00
0bcde126d9
Merge pull request #3791 from TakayukiMatsuo/ZD11641
...
Causes SSL_CTX_load_verify_locations and X509_LOOKUP_load_file to return zero on failure if WOLFSSL_ERR_CODE_OPENSSL is defined
2021-03-10 14:54:14 -08:00
4ad1b52108
Merge pull request #3824 from julek-wolfssl/ssl-bio-use-chain
...
WOLFSSL_BIO_SSL BIO should use remaining chain for IO
2021-03-10 18:21:09 +07:00
28ae8e3e11
add include file for getting WOLFSSL_CAAM_DEVID in test case
2021-03-10 17:27:40 +07:00
d7838155e5
WOLFSSL_BIO_SSL BIO should use remaining chain for IO
...
This is accomplished by passing the next BIO in the chain in to the `wolfSSL_set_bio` API.
2021-03-10 10:13:42 +01:00
153859f2b2
Merge remote-tracking branch 'upstream/master' into os_ecdh
...
# Conflicts:
# tests/api.c
2021-03-09 12:00:15 +09:00
7b2aa54044
Merge pull request #3801 from TakayukiMatsuo/os_bio
...
Add wolfSSL_BIO_tell
2021-03-08 09:56:01 -07:00
feeb0ceb96
Change macro name to WS_RETURN_CODE and add more comments.
2021-03-08 11:57:36 +09:00
3b768bcb5e
addressed review comments
2021-03-06 10:18:31 +09:00
David Garske
Sean Parkinson
Juliusz Sosinowicz
Daniel Pouzzner
JacobBarthelmeh
Chris Conlon
Hideki Miyazaki
Masashi Honma
kaleb-himes
Kareem
John Safranek
Eric Blankenhorn
Hayden Roche
Anthony Hu
Anthony Hu
Juliusz Sosinowicz
TakayukiMatsuo
elms
Takashi Kojo
TakayukiMatsuo
Takashi Kojo
Per Allansson
Lealem Amedie
toddouska