c3513bf257
update README for release v5.1.1
2022-01-03 10:16:17 -07:00
1715862fd8
Update configure and fips-check.sh for FIPS RC12.
2022-01-03 10:15:41 -07:00
8af742a93c
Fix to resolve possible memory leak with DSA wc_DsaPublicKeyDecode in API unit test when used with HAVE_WOLF_BIGINT.
2022-01-03 10:15:21 -07:00
f3038b7aa5
fix for location of xmemset
2022-01-03 10:15:03 -07:00
e515274d15
increase version for rpm build
2022-01-03 10:14:53 -07:00
7525e5e68a
bump version by .1 for dev
2022-01-03 10:14:44 -07:00
2b670c026d
Merge pull request #4705 from JacobBarthelmeh/DTLS
...
account for DTLS extra header size when reading msg from pool
2021-12-27 19:16:26 -08:00
a07673ad07
Merge pull request #4706 from douzzer/20211227-fix-null-pointer-wolfSSL_EVP_CIPHER_CTX_ctrl
...
wolfcrypt/src/evp.c: fix wolfSSL_EVP_CIPHER_CTX_ctrl() null pointer…
2021-12-27 20:08:43 -07:00
aa05eb2879
wolfcrypt/src/evp.c: fix wolfSSL_EVP_CIPHER_CTX_ctrl() null pointer passed to XMEMCPY(), found by sanitizers under gcc-11.2.1.
2021-12-27 17:59:28 -06:00
05a19c852b
account for DTLS extra header size when reading msg from pool
2021-12-27 16:52:09 -07:00
930cc053d5
Merge pull request #4704 from JacobBarthelmeh/release
...
prepare for release 5.1.0
2021-12-27 12:35:49 -08:00
d1b03eb8b9
add missing header files for rpm build
2021-12-27 09:49:47 -08:00
816718ecd3
prepare for release 5.1.0
2021-12-27 10:34:09 -07:00
cbab5bb6cb
add kdf.c to MYSQL cmake build
2021-12-27 10:10:35 -07:00
5a4e59c09d
fix warning about NULL compare
2021-12-27 10:02:16 -07:00
4e1c39b4c6
Merge pull request #4701 from SparkiDev/asn_templ_fix_1
...
ASN template: get compiling
2021-12-24 07:42:56 -08:00
fd31c017e1
Merge pull request #4703 from douzzer/20211224-fixits
...
20211224 ssl.c fixes
2021-12-24 07:42:00 -08:00
54e9076c45
src/ssl.c: fix whitespace and heap reference in FreeSession() (re 569c066fab).
2021-12-24 01:16:32 -06:00
9d49884274
Merge pull request #4690 from dgarske/resume
...
Fixes for session resumption edge cases
2021-12-24 15:28:06 +10:00
02186dbd23
Fix for TLS v1.3 client session ticket resumption where the server opts to do a new handshake. Fix to make sure preMasterSz is valid.
2021-12-23 18:45:52 -08:00
a92fb0eb42
Fix for session resumption to ensure use of the right cipher suite. ZD13297
2021-12-23 18:42:41 -08:00
f1f15f411f
Merge pull request #4688 from embhorn/gh4684
...
Fix missing include ws2tcpip.h for VS build
2021-12-24 11:58:12 +10:00
929174be6b
Merge pull request #4667 from dgarske/zd13363
...
Improve TLS client side session cache references
2021-12-24 11:23:06 +10:00
4c6af465c4
ASN template: get compiling
2021-12-24 11:21:18 +10:00
a75e152b93
Merge pull request #4698 from JacobBarthelmeh/Jenkins
...
fix for user_settings_all.h build on 'VS' and build with libz + pkcs7 test
2021-12-23 16:54:40 -08:00
37925e0b6a
Merge pull request #4699 from douzzer/ssl-wolfCrypt_SetPrivateKeyReadEnable_fips
2021-12-23 16:42:06 -08:00
1e4b13dfac
Only include ws2tcpip.h if not user IO.
2021-12-23 15:25:25 -08:00
569c066fab
Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use wolfSSL_get1_sesson for reference logic, that requires calling wolfSSL_SESSION_free. To disable this feature use NO_SESSION_CACHE_REF.
2021-12-23 14:25:45 -08:00
7b5b1f5a4d
src/ssl.c: refine integration of wolfCrypt_SetPrivateKeyReadEnable_fips(), started by 52754123d9: depend on fips 5.1+, and call as matched pair in wolfSSL_Init() and wolfSSL_Cleanup().
2021-12-23 16:05:25 -06:00
f950f24b1a
Merge pull request #4691 from JacobBarthelmeh/sessionExport
...
retain same size for exported session
2021-12-23 14:03:11 -08:00
21c8b19fc2
Merge pull request #4696 from JacobBarthelmeh/build_tests
...
fix for a couple reports from build_tests
2021-12-23 13:42:06 -08:00
801c0c7efd
Merge pull request #4549 from elms/cmake/ac_catchup
...
cmake/configure consistency
2021-12-23 13:49:44 -07:00
57d2555ac8
Merge pull request #4695 from douzzer/20211222-fips-config-update-and-fix-test_RsaDecryptBoundsCheck
...
fips config update and test-driven cleanup
2021-12-23 10:38:36 -08:00
f9c9f4c840
refactor IP macro defines
2021-12-23 09:59:05 -08:00
c4e50ef086
fix for libz test with pkcs7
2021-12-23 09:37:09 -08:00
a8605309c6
Merge pull request #4692 from haydenroche5/wolfssl_init_fipsv5
...
Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init.
2021-12-23 09:28:36 -08:00
9892f1f2d5
Merge pull request #4679 from dgarske/fips_ecc_pct
2021-12-23 10:27:51 -07:00
dc073f9c1d
cmake: add back de-duplication and fix formatting
2021-12-23 09:22:47 -08:00
37eec1ed19
cmake: reduce port includes
...
TESTING:
```
./autogen.sh && ./configure --enable-reproducible-build --prefix=$PWD/ac_repro && make install
cmake -B b2 -DWOLFSSL_REPRODUCIBLE_BUILD=yes -DCMAKE_INSTALL_PREFIX:PATH=$PWD/cmake_repro && cmake --build b2 && cmake --install b2
diff -rq ac_repro cmake_repro
```
2021-12-23 09:22:47 -08:00
6ff1e0b037
cmake: correct libtool version, default to shared library, generate pkgconfig
2021-12-23 09:22:47 -08:00
c89b7d5f79
configure and cmake: Closing gap on options and output
...
cmake:
* 32-bit and 16-bit mode flags
* Add 4bit to AESGCM
* Add align data
* Encrypted Keys option
* PKC12 option
* Header installation cleanup
configure:
* Add comment for `v5-RC9`
* update CFLAGS to always be appended instead of mix of prepend and append
* removed duplicate `ARC4` logic
2021-12-23 09:22:47 -08:00
63df8f0836
add fe_low_mem.c to wolfssl vs project and fix a couple warnings
2021-12-23 16:55:51 +00:00
40d5bd052f
Merge pull request #4693 from embhorn/zd13433
...
Fix to init ctx in wc_Des3_SetKey
2021-12-23 07:41:13 -08:00
86e51b97e9
Merge pull request #4689 from haydenroche5/wolfengine_compression_fix
...
Fix usage of SSL_OP_NO_COMPRESSION that was breaking wolfEngine.
2021-12-23 10:47:30 +10:00
a5b3daf216
fix whitespace.
2021-12-22 17:34:06 -06:00
951eb72ecb
fips-check.sh: update+streamline flavors -- add linuxv5-dev (checks out fips master same as old linuxv5-ready) , drop linuxv5-RC8, linuxv5-RC9, linuxv5-RC10, and the desupported/unbuildable fips-v3-ready; update linuxv5 and linuxv5-ready to use WCv5.0-RC11; use the term "flavor" consistently for the fips key (versus "version" or "platform"); cleanup to satisfy shellcheck.
2021-12-22 17:32:36 -06:00
a6ed5dc92d
configure.ac: update fips with RC11.
2021-12-22 17:32:36 -06:00
b0a5b16068
api.c: fix logic in test_RsaDecryptBoundsCheck().
2021-12-22 17:32:36 -06:00
29c18a110b
Fix to init ctx in wc_Des3_SetKey
2021-12-22 17:05:58 -06:00
11e8d729c2
Merge pull request #4685 from SparkiDev/sp_gen_fix_1
...
SP gen: Regenerate
2021-12-22 15:02:03 -08:00
52754123d9
Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init.
...
Additionally, remove wc_SetSeed_Cb calls applications (e.g. example client and
server), since they are now redundant.
2021-12-22 14:21:06 -08:00
8670e33baf
Merge pull request #4651 from TakayukiMatsuo/tsip_sce
2021-12-22 15:00:32 -07:00
fd39197e4b
retain same size for exported session
2021-12-22 14:28:42 -07:00
646ceb259a
Fix usage of SSL_OP_NO_COMPRESSION that was breaking wolfEngine.
...
Replace instances of SSL_OP_NO_COMPRESSION with WOLFSSL_OP_NO_COMPRESSION in
ssl.c. Only define SSL_OP_NO_COMPRESSION when using the compatibility layer.
Before these changes, wolfEngine builds were failing due to
SSL_OP_NO_COMPRESSION being defined in both wolfSSL and OpenSSL headers.
2021-12-22 10:23:51 -08:00
38214bd083
Disable the FIPS consistency checks in ECC and DH for key generation by default.
2021-12-22 10:06:19 -08:00
8d4c22abda
Merge pull request #4687 from julek-wolfssl/asn-template-var-init
...
`items` needs to be initialized as the compiler complains
2021-12-22 08:58:54 -08:00
9d137668c7
Merge pull request #4675 from julek-wolfssl/openssh-8.8
...
Fix macro name conflicts with openssh
2021-12-22 08:31:36 -08:00
713c4afcb4
Fix missing include ws2tcpip.h for VS build
2021-12-22 09:26:22 -06:00
8435eb4644
Add WC_ namespace to variable handling defines
2021-12-22 12:16:02 +01:00
618599656f
items needs to be initialized as the compiler complains
2021-12-22 10:42:48 +01:00
ea432f45cd
Merge pull request #4686 from SparkiDev/fe448_cast
...
Curve448: add casts for Windows
2021-12-21 22:21:25 -08:00
cd96330f2a
Integrate Renesas TSIP specific code into Renesas common logics
2021-12-22 13:18:32 +09:00
80e291fcd1
Curve448: add casts for Windows
2021-12-22 12:57:15 +10:00
dd9b1afb72
Remove magic numbers from WOLFSSL_ASN_TEMPLATE code ( #4582 )
...
* pkcs8KeyASN and other misc asn fixes
- Test fixes for testing with `USE_CERT_BUFFERS_1024`
* intASN
* bitStringASN
* objectIdASN
* algoIdASN
* rsaKeyASN
* pbes2ParamsASN
* pbes1ParamsASN
* pkcs8DecASN
* p8EncPbes1ASN
* rsaPublicKeyASN
* dhParamASN
* dhKeyPkcs8ASN
* dsaKeyASN
* dsaPubKeyASN
- Add `wc_SetDsaPublicKey` without header testing
* dsaKeyOctASN
* rsaCertKeyASN
* eccCertKeyASN
* rdnASN
* certNameASN
* digestInfoASN
* otherNameASN
* altNameASN
* basicConsASN
* crlDistASN
* accessDescASN
* authKeyIdASN
* keyUsageASN
* keyPurposeIdASN
* subTreeASN
* nameConstraintsASN
* policyInfoASN
* certExtHdrASN
* certExtASN
* x509CertASN
* reqAttrASN
* strAttrASN
* certReqASN
* eccPublicKeyASN
* edPubKeyASN
* ekuASN
* nameASN
* certExtsASN
* sigASN
* certReqBodyASN_IDX_EXT_BODY
* dsaSigASN
* eccSpecifiedASN
* eccKeyASN
* edKeyASN
* singleResponseASN
* respExtHdrASN
* ocspRespDataASN
* ocspBasicRespASN
* ocspResponseASN
* ocspNonceExtASN
* ocspRequestASN
* revokedASN
* crlASN
* pivASN
* pivCertASN
* dateASN
* `wc_SetDsaPublicKey` was not including `y` in the sequence length
* All index names changed to uppercase
* Shorten names in comments
* Make sure extensions have sequence header when in cert gen
* Fix/refactor size calc in `SetNameEx`
* Pad blocks for encryption
* Add casting for increased enum portability
* Use stack for small ASN types
2021-12-22 11:28:01 +10:00
af0bcef0ef
Merge pull request #4648 from embhorn/zd13365
...
Fix - wolfSSL_init should cleanup on failure of a component
2021-12-21 17:17:16 -08:00
bf612c075b
Merge pull request #4668 from ejohnstown/kcapi-ecdsa
...
KCAPI ECDSA Memory
2021-12-21 15:32:33 -08:00
bf37845e2d
Merge pull request #4680 from JacobBarthelmeh/certs
...
update certificate expiration dates and fix autorenew
2021-12-22 08:48:35 +10:00
395c5815bd
SP gen: Regenerate
...
Put back in fix for SAKKE.
2021-12-22 08:24:33 +10:00
a6a071771b
Merge pull request #4681 from SparkiDev/sp_arm64_p384_mr
...
SP ARM64: P-384 prime specific Montogmery Reduction
2021-12-21 13:50:33 -08:00
bbfcd0cac8
fix build warning with af_alg
2021-12-21 10:20:34 -08:00
d29cdd3537
fix for --enable-ip-alt-name build
2021-12-21 09:53:58 -08:00
d28cb70735
fix for ed25519 client cert generation
2021-12-21 09:03:54 -08:00
9f2419246e
SP ARM64: P-384 prime specific Montogmery Reduction
...
Improves performance
2021-12-21 10:18:12 +10:00
c0f8fd5f5d
update certificate dates and fix autorenew
2021-12-20 16:04:05 -08:00
6b47954d58
Merge pull request #4670 from julek-wolfssl/krb5-missing-api
...
Missing config for krb5 1.16.1
2021-12-20 15:54:41 -08:00
3644d97dd8
Merge pull request #4613 from SparkiDev/sp_div_max
...
SP math all: div handling of length of dividend
2021-12-20 15:10:35 -08:00
360a513696
Merge pull request #4553 from SparkiDev/sp_mont_inv_order_fix
...
SP: fix when mont_mul_order is defined
2021-12-20 15:09:08 -08:00
463d050d3d
Merge pull request #4678 from dgarske/nightly
...
Nightly fixes: PK with no AES and OCSP test with DTLS
2021-12-21 09:00:22 +10:00
0ce9703768
Merge pull request #4666 from SparkiDev/ecc_enc_mem
...
ECC: better protection when using encrypted memory
2021-12-20 14:48:13 -08:00
bb306d14b7
Merge pull request #4643 from kareem-wolfssl/zd13328
...
Fix building with OPENSSL_EXTRA defined and NO_WOLFSSL_STUB not defined.
2021-12-21 08:02:17 +10:00
d588437504
Merge pull request #4677 from anhu/oqs_to_pqc
...
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC
2021-12-20 13:00:30 -08:00
d8b58b8b05
Put both DigiCert Global Root CA and GlobalSign Root CA into the Google CA list. Fixes --enable-dtls --enable-ocsp ./scripts/ocsp.test`.
2021-12-20 11:47:34 -08:00
ebc64db7d0
Fix for --enable-pkcallbacks --disable-aes --disable-aesgcm.
2021-12-20 10:17:50 -08:00
b290e8089c
Merge pull request #4672 from SparkiDev/sp_c_mont_red
...
SP C: specific Montgomery reduction code for P256 and P384
2021-12-20 09:50:54 -08:00
79f6301521
Add error for case of user defining HAVE_PQC without HAVE_LIBOQS.
2021-12-20 12:42:09 -05:00
7d4c13b9a4
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC
...
AKA: The Great Rename of December 2021
2021-12-20 11:48:03 -05:00
6d2da74c21
Merge pull request #4625 from dgarske/zd13208
...
Fix for PKCS7 verify to handle content type OID with indef BER encoding
2021-12-20 14:49:59 +10:00
ce4f436d0f
Merge pull request #4587 from SparkiDev/dis_algs_fix_1
...
Disable algorithms: fixes
2021-12-19 20:12:30 -08:00
2477574a69
Fix for PKCS7 verify to handle pkcs7-data content type OID with indef BER encoding. ZD13208
2021-12-17 14:24:35 -08:00
ab9eda636a
Merge pull request #4671 from lealem47/remove-n
...
Removing extra \n from WOLFSSL_LEAVE and WOLFSSL_ENTER
2021-12-17 14:04:42 -08:00
b45f1ed761
KCAPI ECDSA Memory
...
Use page aligned memory when using ECDSA signing and verify.
2021-12-17 11:11:16 -08:00
97830b81d6
Merge pull request #4674 from anhu/uninitialized
...
Fix unitialized usage
2021-12-17 10:51:43 -08:00
771647615a
Merge pull request #4669 from douzzer/rehab-configure-fips
...
FIPS configure cleanup
2021-12-17 08:58:44 -08:00
9cc1624023
Fix unitialized usage
2021-12-17 11:55:08 -05:00
2f0b451545
Merge pull request #4673 from julek-wolfssl/should-retry-fix
...
Fix `test_wolfSSL_BIO_should_retry` test
2021-12-17 08:16:16 -07:00
21a5a571e8
Fix test_wolfSSL_BIO_should_retry test
...
When `OPENSSL_COMPATIBLE_DEFAULTS` is defined then `SSL_MODE_AUTO_RETRY` is set on context creation. For this test we need to clear this mode so that the `WOLFSSL_CBIO_ERR_WANT_READ` can propagate up to the user.
2021-12-17 12:32:25 +01:00
bd515cd3a6
Merge pull request #4637 from SparkiDev/sp_c32_rsa
...
SP C RSA: normalize tmpa after conditionally adding p
2021-12-16 18:54:28 -08:00
6cac0ea5a9
SP C: specific Montgomery reduction code for P256 and P384
...
Improves performance of 32-bit and 64-bit SP C code.
2021-12-17 12:00:16 +10:00
5c6bd8c2c9
configure.ac: in fips v5 setup, consider HAVE_AES{CCM,CTR,GCM,OFB}_PORT when auto-setting -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB; refactor KCAPI options for readability and correctness.
2021-12-16 17:03:01 -06:00
0b2b218de7
ECC: better protection when using encrypted memory
...
Added new ECC scalar multiplication implementation.
2021-12-17 08:30:45 +10:00
a79440b95a
Removing extra \n from WOLFSSL_LEAVE and WOLFSSL_ENTER
2021-12-16 13:30:43 -07:00
f889916fae
ssl.c: fix C++ invalid conversion in wolfSSL_sk_X509_INFO_value().
2021-12-16 13:29:17 -06:00
e35c3c0d71
wolfcrypt/src/wc_port.c: fix whitespace.
2021-12-16 13:01:01 -06:00
cf16480c85
configure.ac: fix hard tabs, and fix fips "v5-ready" that should have been "v5-dev".
2021-12-16 13:00:10 -06:00
b7307e0ca5
ecc.c: small stack refactor for mp_int on the stack in wc_ecc_gen_deterministic_k().
2021-12-16 13:00:10 -06:00
fed5eb1d94
ecc.c: fix a deadcode.DeadStores warning in wc_ecc_gen_deterministic_k().
2021-12-16 13:00:10 -06:00
b6b12fe946
configure.ac: fips cleanup: drop flavor keys "v5-REL" (confusing); drop "v3" aka "v3-ready" (no longer buildable); add flavor "v5-dev" aka "dev"; refactor the "v5*" case of the FIPS setup switch to impose feature locks for v5 and v5-ready, but allow feature overrides with the new v5-dev; fix a debugging echo in the v2 case added in 1c27654300.
2021-12-16 13:00:10 -06:00
dec78169bf
Merge pull request #4658 from julek-wolfssl/apache-2.4.51
...
Add Apache 2.4.51 support
2021-12-16 08:52:10 -08:00
ea2245c4d1
Merge pull request #4656 from JacobBarthelmeh/SanityChecks
...
sanity check before reading policy constraint
2021-12-16 08:42:19 -08:00
424bd2d73d
Merge pull request #4599 from julek-wolfssl/issue-4593
...
Add WOLFSSL_FORCE_AUTO_RETRY option: force retrying of network reads
2021-12-16 08:42:07 -08:00
3bd737b9ef
Merge pull request #4665 from miyazakh/sce_fsp_update_v3p5
2021-12-16 09:39:13 -07:00
7699d92935
Merge pull request #4664 from anhu/Fix_ENCRYPT_LEN
...
Do not let anything override HAVE_LIBOQS when setting ENCRYPT_LEN
2021-12-16 07:51:32 -08:00
44cc9e4824
Fix - wolfSSL_init should cleanup on failure of a component
2021-12-16 09:50:50 -06:00
afa6237f56
Add WOLFSSL_FORCE_AUTO_RETRY option: force retrying of network reads
2021-12-16 15:33:30 +01:00
d5783d1eaa
Missing config for krb5 1.16.1
2021-12-16 14:35:39 +01:00
017d6cf464
Simplify error queue macros
2021-12-16 12:39:58 +01:00
e78f7f734e
Add Apache 2.4.51 support
...
- Define `OPENSSL_COMPATIBLE_DEFAULTS` and `WOLFSSL_NO_OCSP_ISSUER_CHECK` for Apache config
- Fix `SSL_set_timeout` to match OpenSSL signature
- Implement `pkey` in `X509_INFO`
- Detect attempt to connect with plain HTTP
- Implement `wolfSSL_OCSP_request_add1_nonce`
- Set `ssl->cipher.bits` when calling `wolfSSL_get_current_cipher`
- Use custom flush method in `wolfSSL_BIO_flush` when set in BIO method
- Set the TLS version options in the `ssl->options` at the end of ClientHello parsing
- Don't modify the `ssl->version` when in a handshake (`ssl->msgsReceived.got_client_hello` is set)
- `wolfSSL_get_shutdown` returns a full bidirectional return when the SSL object is cleared. `wolfSSL_get_shutdown` calls `wolfSSL_clear` on a successful shutdown so if we detect a cleared SSL object, assume full shutdown was performed.
2021-12-16 12:39:38 +01:00
fa913f797a
Merge pull request #4657 from SparkiDev/sakke_cond_add
...
SAKKE: fixup cond add to use all words
2021-12-16 07:40:13 +01:00
63ade421c1
fix redundat #ifdef
2021-12-16 09:30:21 +09:00
bd7e19b8fe
Merge pull request #4639 from JacobBarthelmeh/ECC
...
deterministic ECC sign edge case fix and add variant
2021-12-16 08:48:37 +10:00
abe8696852
Merge pull request #4642 from cconlon/pubKeyDerFromX509
...
Add wc_GetPubKeyDerFromCert()
2021-12-15 14:30:58 -08:00
7975ead1af
Do not let anything override HAVE_LIBOQS when setting ENCRYPT_LEN because oqs wants biggest value.
2021-12-15 14:48:50 -05:00
e1cee463b6
Merge pull request #4662 from douzzer/20211214-fixits
...
20211214 fixits
2021-12-15 10:47:50 -08:00
463118005f
Merge pull request #4663 from ejohnstown/revert-pr
...
Revert configure.ac PR
2021-12-15 12:33:19 -06:00
8688bd43f1
Revert "Swap v5-ready (exception) and v5, add the wildcard back in for all non-ready cases"
...
This reverts commit 23fbf2e786
2021-12-15 10:24:05 -08:00
1b6e0c45d0
Merge pull request #4660 from kaleb-himes/FIPS_READY_KCAPI_FOLLOWUP
...
Swap v5-ready (exception) and v5, add the wildcard back in for all non-ready cases
2021-12-15 10:16:33 -08:00
5172130287
add wc_GetPubKeyDerFromCert(), get pub key DER from DecodedCert
2021-12-15 11:04:52 -07:00
9af9d96cc7
Update README for FSP v3.5.0
...
fix tyo
2021-12-15 15:46:16 +09:00
a773cdfd5d
pkcs12.c wc_d2i_PKCS12_fp(): mollify Visual Studio (false positives C4701 and C4703).
2021-12-14 18:33:24 -06:00
242eb2dcf1
wolfcrypt/src/pkcs12.c: fix scan-build deadcode.DeadStores gripe.
2021-12-14 18:08:54 -06:00
eb032e0266
configure.ac: refactor changes of 7cccaa98b7 around FIPS v5*.
2021-12-14 18:08:12 -06:00
23fbf2e786
Swap v5-ready (exception) and v5, add the wildcard back in for all non-ready cases
2021-12-14 13:28:35 -07:00
a6c7d56c32
Merge pull request #4655 from haydenroche5/wc_pkcs12_from_file
...
Add wc_d2i_PKCS12_fp to parse a PKCS #12 file directly in wolfCrypt.
2021-12-14 08:58:57 -08:00
994e370db3
SAKKE: fixup cond add to use all words
2021-12-14 12:02:59 +10:00
2359045b28
Merge pull request #4649 from kaleb-himes/KCAPI_FIPS_READY
...
The minimal changes needed to add KCAPI support with fips-ready
2021-12-13 17:33:03 -08:00
92d207a1cd
Add wc_d2i_PKCS12_fp to parse a PKCS #12 file directly in wolfCrypt.
2021-12-13 15:28:34 -08:00
a2cf234100
sanity check before reading policy constraint
2021-12-13 14:32:46 -08:00
f5cd61e4f9
Merge pull request #4654 from embhorn/zd13375
...
Fix _sp_exptmod_base_2 to init vars.
2021-12-14 07:38:20 +10:00
7fd1b7aa51
Merge pull request #4650 from anhu/changelog
...
Mention falcon in the changelog
2021-12-13 10:37:07 -08:00
638d00f593
Merge pull request #4634 from danielinux/iotsafe-16bit-id
...
IoT-SAFE module: improvements and bug fixes
2021-12-13 11:33:19 -07:00
caf9024984
Merge pull request #4652 from douzzer/no-rsa-no-dh-no-dsa
...
WOLFSSL_ECC_NO_SMALL_STACK etc
2021-12-13 10:12:14 -08:00
9a85638ac3
Merge pull request #4647 from anhu/evp_pkey_dummy_falcon
...
In d2iGenericKey(), if a falcon key is encountered, make a dummy pkey.
2021-12-13 10:12:07 -08:00
53eb5d2e5a
Fix _sp_exptmod_base_2 to init vars.
2021-12-13 10:16:55 -06:00
355b779a3e
feature gating tweaks to better support --disable-rsa --disable-dh --disable-dsa. also a whitespace fix in ssl.c.
2021-12-11 14:08:04 -06:00
2193df1d62
add WOLFSSL_ECC_NO_SMALL_STACK.
2021-12-10 23:57:14 -06:00
41d4aafa3f
Merge pull request #4645 from haydenroche5/parse_cert_public
...
Make wolfCrypt ASN cert parsing functionality public.
2021-12-10 18:27:18 -08:00
eec9649049
Mention falcon in the changelog
2021-12-10 16:54:13 -05:00
7cccaa98b7
The minimal changes needed to add KCAPI support with fips-ready
2021-12-10 14:44:20 -07:00
4c12f0be95
Only one call to wc_falcon_init() and comment on 300.
2021-12-10 16:40:41 -05:00
1d8ff70900
In d2iGenericKey(), if a falcon key is encountered, make a dummy pkey.
...
This allows apache-httpd to work without PQ-specific patch along with a previous
pull request.
2021-12-10 14:18:42 -05:00
6764e7c15f
Make wolfCrypt ASN cert parsing functionality public.
...
Currently, the `ParseCert` function is only available if `WOLFSSL_ASN_API` is
defined to `WOLFSSL_API`. The only way to achieve this without enabling the
compatibility layer is to define `WOLFSSL_TEST_CERT`. There are users defining
this so that they can parse certs with wolfCrypt, even though this doesn't seem
to be the original intent of the define. This commit adds the function
`wc_ParseCert` to the public wolfCrypt API. It's simply a wrapper around
`ParseCert`. Similarly, this commit adds `wc_InitDecodedCert` and
`wc_FreeDecodedCert` to the public API, which are wrappers around
`InitDecodedCert` and `FreeDecodedCert`, respectively.
2021-12-10 10:43:28 -08:00
dde8cd9039
Merge pull request #4646 from julek-wolfssl/SSL_OP_NO_COMPRESSION-redef-error
...
Fix redefinition error of `WOLFSSL_OP_NO_COMPRESSION`
2021-12-10 08:46:43 -08:00
65a0b71994
Merge pull request #4641 from anhu/priv_key_check
...
Actually do a private/public key check for FALCON.
2021-12-10 06:53:35 -08:00
e40ba00ece
Fix redefinition error of WOLFSSL_OP_NO_COMPRESSION
2021-12-10 15:11:11 +01:00
6b5fa9d0ae
remove consistency check; let it fail elsewhere.
2021-12-09 17:12:42 -05:00
b921161309
Merge pull request #4633 from SparkiDev/tls13_expired
...
TLS13: Skip if expired rather than turning off resuming
2021-12-09 14:10:42 -08:00
dd0e3d6ebf
Merge pull request #4644 from kareem-wolfssl/iotsafe_class
...
Fix compiling Iotsafe with C++ by avoiding reserved keyword 'class'.
2021-12-09 09:10:24 -08:00
494abde3eb
Better casting.
2021-12-09 09:45:28 -05:00
f02763b088
Fixes after review comments
2021-12-09 11:23:44 +01:00
4764c4d6fa
Merge pull request #4636 from JacobBarthelmeh/client
...
print out PEM of peer cert with example client
2021-12-08 20:04:57 -08:00
32014c69fd
TLS 13 session ticket timeout: fixup checks
...
Check difference between now and ticket seen from encrypted ticket
against timeout.
2021-12-09 12:43:30 +10:00
6da0cc1ced
Merge pull request #4600 from dgarske/cust_oid
...
Support for Custom OID in subject and CSR request extension
2021-12-09 11:24:30 +10:00
4200cf1b4d
Fix compiling Iotsafe with C++ by avoiding reserved keyword 'class'.
2021-12-08 17:17:58 -07:00
376be0f66a
Fix building with OPENSSL_EXTRA defined and NO_WOLFSSL_STUB not defined.
2021-12-08 16:51:51 -07:00
7022eb6f89
Actually do a private/public key check for FALCON.
2021-12-08 18:04:11 -05:00
dac0c21989
Merge pull request #4640 from anhu/prevent_stack_corruption
...
Pass in pointer to a local size_t var, not word32 var to prevent stack corruption
2021-12-08 14:44:07 -08:00
cf0d3263ac
Merge pull request #4628 from julek-wolfssl/issue-4623
...
Handle an `EPIPE` error from the socket
2021-12-09 08:08:56 +10:00
74442605fa
Pass in pointer to a local size_t var, not word32 var to prevent stack corruption.
2021-12-08 16:01:52 -05:00
ad078a7358
adjust macro guard in example client
2021-12-08 13:45:37 -07:00
0446d93285
add deterministic k variant for ECC to enable all
2021-12-08 10:49:17 -07:00
dfce101b5b
deterministic ECC sign edge case fix and add variant
2021-12-08 09:54:47 -07:00
dd0e1226b7
Merge pull request #4638 from miyazakh/sce_protect_iar_compiler
2021-12-08 09:50:16 -07:00
081d28f556
better handling for global index
...
fix function proto type definition
2021-12-08 11:42:23 +09:00
3b65a4876f
SP C RSA: normalize tmpa after conditionally adding p
...
Numbers in a word get too big for fast mul implementation when not
normalized.
Only affects RSA keys where p < q.
2021-12-08 11:25:20 +10:00
9a07b3af9b
print out PEM of peer cert with example client
2021-12-07 14:07:47 -07:00
8609d98122
Merge pull request #4635 from julek-wolfssl/PrintPubKeyEC-wrong-free
...
Return early on failed `key` init
2021-12-07 13:28:53 -07:00
223f25149b
Return early on failed key init
2021-12-07 18:11:19 +01:00
96daf2bede
Merge pull request #4632 from julek-wolfssl/PrintPubKeyEC-leak
...
`a` and `key` were not being freed => leak in `PrintPubKeyEC`
2021-12-07 07:20:05 -07:00
1cb8b34fba
IoT-SAFE: minor fixes + doxygen for new API calls
2021-12-07 14:11:14 +01:00
9e73c324a4
iot-safe: Fixed debug printf, updated slot number for 16-bit demo
2021-12-07 14:11:14 +01:00
23982e4fb3
Fixed wolfIoT_ecc_keygen when key is stored during generation
2021-12-07 14:11:14 +01:00
b23d51ab78
Avoid looping on uart read after applet initialization fails
2021-12-07 14:11:14 +01:00
5da89c6275
Clear meaning for the return value of iotsafe_gen_keypair
2021-12-07 14:11:14 +01:00
4d483b0a28
iotsafe: allow init to continue with empty response
2021-12-07 14:11:13 +01:00
29e20eeadc
Fix to rebase branch on current master
2021-12-07 14:11:13 +01:00
e551f439f4
Reworked expect_tok to fix NULL dereferences
2021-12-07 14:11:13 +01:00
0c0f36d67d
IoT-SAFE: Minor fixes
...
- reverted length change in put public operation
- Loading CA from IoT-SAFE file slot in 16bit demo
2021-12-07 14:11:13 +01:00
2646747f2a
Fixed 8bit variable overflow/useless code
2021-12-07 14:11:13 +01:00
0621ba061b
Multiple fixes for IoT-SAFE
...
- Tested with a different SIM:
- 16bit IDs
- Directly retrieving public key from keygen function
- larger response buffers (up to 256 bytes in ReadFile)
- Fixed hardcoded length in ID buffers
2021-12-07 14:11:13 +01:00
2f17a7e626
Support longer-than-8bit IDs for IoTSAFE key/file slots
2021-12-07 14:11:13 +01:00
574d171357
Fix leak when mp_int = 0 in integer.c
2021-12-07 12:46:24 +01:00
85ec6054c6
TLS13: Skip if expired rather than turning off resuming
2021-12-07 13:58:38 +10:00
9f6aa36866
Merge pull request #4629 from dgarske/zd13337
...
Additional checking for side on TLS messages
2021-12-07 10:13:44 +10:00
e1b7363647
Fixes from peer review.
2021-12-06 16:12:07 -08:00
261d305b32
Merge pull request #4627 from cconlon/fipsOsSeed
2021-12-06 16:06:46 -08:00
d5c27fca7d
Merge pull request #4626 from JacobBarthelmeh/certs
...
add human readable string of IP
2021-12-07 08:23:31 +10:00
579056a2f3
Subject raw should be populated with WOLFSSL_CERT_EXT.
2021-12-06 14:19:32 -08:00
e45c33a771
Merge pull request #4624 from miyazakh/jenkins_qt_failure
2021-12-06 09:53:34 -07:00
5107f6b752
Merge pull request #4630 from douzzer/20211204-nits
...
20211204 nits
2021-12-06 08:24:17 -08:00
96b8b11fba
a and key were not being freed => leak in PrintPubKeyEC
2021-12-06 12:03:02 +01:00
30b68060fb
configure.ac: fix whitespace; client.c: make gcc 5.4.0 -Wmaybe-uninitialized happy.
2021-12-04 00:57:49 -06:00
54c3e0ac73
Additional checking for side on TLS messages. ZD13337
2021-12-03 11:49:08 -08:00
e4bd5d9046
Handle an EPIPE error from the socket
...
Issue reported in https://github.com/wolfSSL/wolfssl/issues/4623
2021-12-03 17:44:53 +01:00
9eabf16ed8
fix redefinition of OS_Seed error with FIPS Ready on some compilers
2021-12-02 17:01:11 -07:00
1ec86ee4cc
add human readable string of IP
2021-12-02 16:04:58 -07:00
b4c6140b64
Merge pull request #4442 from julek-wolfssl/kerberos
...
Add Kerberos 5 support
2021-12-02 09:07:34 -08:00
baee7bace4
Merge pull request #4584 from ethanlooney/nxp_se050_curve25519
...
Added curve25519 support for NXP SE050
2021-12-02 02:47:36 -08:00
a5bd6cde8d
fix nigtly jenkins Qt Job failure
2021-12-02 16:37:48 +09:00
48b15b0dfb
Merge pull request #4616 from SparkiDev/sp_int_mips32
...
SP math all: MIPS asm fix
2021-12-01 16:16:14 -08:00
9f611e8b80
Merge pull request #4589 from JacobBarthelmeh/native-lwip
...
Native LwIP support update
2021-12-01 10:37:13 -08:00
5c172ca955
Merge pull request #4622 from douzzer/fix-wolfsentry-build
...
wolfsentry fixes re HAVE_EX_DATA and wolfsentry_sockaddr
2021-12-01 08:16:07 -08:00
d06ada2ccc
Merge pull request #4610 from julek-wolfssl/nginx-1.21.4
...
Add support for Nginx 1.21.4
2021-12-01 22:27:12 +10:00
aac1b406df
Add support for Nginx 1.21.4
...
- Add KEYGEN to Nginx config
- Check for name length in `wolfSSL_X509_get_subject_name`
- Refactor `wolfSSL_CONF_cmd`
- Implement `wolfSSL_CONF_cmd_value_type`
- Don't forecfully overwrite side
- `issuerName` should be `NULL` since the name is empty
2021-12-01 09:49:52 +01:00
32db20143c
wolfssl/test.h: fix --enable-wolfsentry CFLAGS=-pedantic.
2021-11-30 23:40:30 -06:00
3f65916f3a
HAVE_EX_DATA: fix wolfssl/ssl.h and tests/api.c to build -DHAVE_EX_DATA but -UOPENSSL_EXTRA.
2021-11-30 23:39:16 -06:00
7b5b4015f6
Merge pull request #4621 from dgarske/zd13303
2021-11-30 21:04:41 -06:00
43ac0d3684
adjust test file for pritnf and test_pass
2021-11-30 16:41:02 -07:00
b69a1c860c
Merge pull request #3996 from cconlon/pkcs7_detachedhash
...
adjust PKCS7_VerifySignedData to correctly verify precomputed content hash with detached signature
2021-11-30 12:46:46 -08:00
a0300f7ab0
Fixes for ECDSA_Size. If group is unknown set to -1, otherwise defaults to first ECC index. Fix the signature size calculation to use our existing enum and calculation logic. ZD13303
2021-11-30 12:33:49 -08:00
1e74c6f38d
Merge pull request #4620 from JacobBarthelmeh/Testing
...
do not load example CA if not verifying peer
2021-11-30 12:17:58 -08:00
29517fd617
Merge pull request #4609 from danielinux/tls13_hkdf_callback
...
TLS 1.3: Add HKDF extract callback
2021-11-30 10:59:44 -08:00
6d4c067b72
Merge pull request #4607 from anhu/wolfcrypt_pq_benchmarks
...
Use wolfCrypt's benchmarking app to run the PQ algorithms.
2021-11-30 10:09:48 -08:00
0340b49ff9
do not load example CA if not verifying peer
2021-11-30 10:44:05 -07:00
d32f26de64
Merge pull request #4619 from kojo1/early_data
...
OpneSSL compat for SSL_read/write_early_data
2021-11-30 08:36:14 -08:00
d3d73f7a4e
Merge pull request #4614 from SparkiDev/sp_exp_nct
...
SP math all: fix exponent bit count
2021-11-30 08:26:41 -08:00
37df78b082
Merge pull request #4615 from SparkiDev/mp_mulx
...
TFM: fix Intel MULX multiply
2021-11-30 08:26:17 -08:00
5a55baddad
Merge pull request #4617 from SparkiDev/ecc_point_on_curve
...
ECC wc_ecc_point_is_on_curve: validate oridinates against prime
2021-11-30 08:25:47 -08:00
7a41089b12
Merge pull request #4618 from douzzer/wc-port-h-linuxkm-XSNPRINTF-XATOI
...
linuxkm wc_port.h macro scoping fix
2021-11-30 08:25:06 -08:00
78f4c84ee0
Merge pull request #4586 from SparkiDev/sp_gen_ecc_order
...
SP: fix range of k to be 1..n-1
2021-11-30 08:23:46 -08:00
c3b1d9f9e7
Cosmetic and prototypes changes after reviewer's comments
2021-11-30 10:06:54 +01:00
6af38a9f5b
OpneSSL compat for SSL_read/write_early_data
2021-11-30 17:38:01 +09:00
a33ae21801
whitespace cleanups and portability/pedantic fixes
2021-11-29 23:58:39 -06:00
5fbdd2a2c0
wc_port.h: for linuxkm, move definitions of XSNPRINTF and XATOI macros outside the defined(BUILDING_WOLFSSL) gate, to prevent inclusion of stdio.h and stdlib.h from types.h when building application code.
2021-11-29 23:23:23 -06:00
567cd155ea
ECC wc_ecc_point_is_on_curve: validate oridinates against prime
2021-11-30 14:17:41 +10:00
a7d538a82f
SP math all: MIPS asm fix
...
Names $lo and $hi in register list are not supported with old GCC
compiler. Newer compiler also supports %lo and %hi.
2021-11-30 12:56:08 +10:00
9f6fd6abf9
TFM: fix Intel MULX multiply
...
Carry wasn't being handled properly.
2021-11-30 12:07:44 +10:00
e5e280b175
SP math all: fix exponent bit count
...
Only when using non-constant time implementation and modulus even.
2021-11-30 10:28:42 +10:00
a3d46bee32
SP math all: div handling of length of dividend
...
Fail when dividend is maximum size as we may be shifting left and
overflow when divisor is not on a word boundary.
2021-11-30 09:46:11 +10:00
f7c34d22e6
add calls to user callback and adjust formating
2021-11-29 15:56:00 -07:00
7221e06ff7
Merge pull request #4588 from miyazakh/sce_protect_mode_e2studio
2021-11-29 15:32:48 -07:00
9e2e0c06dc
Merge pull request #4608 from miyazakh/esp_idf
...
Fix compile error on the latest ESP-IDF
2021-11-29 14:13:13 -07:00
80c16745c4
Merge pull request #4602 from embhorn/zd13296
...
Initialize global in TSIP port
2021-11-29 13:01:03 -08:00
8a2945fe66
More braces.
2021-11-29 15:56:44 -05:00
5aa8bc2983
Drop a brace.
2021-11-29 15:47:53 -05:00
c104ab2206
Merge pull request #4572 from SparkiDev/ecc_pub_decode
...
mp_sqrt: TonelliShanks algorithm doesn't handle zero
2021-11-29 12:27:36 -08:00
c78256702d
Merge pull request #4604 from tmael/fix_cc_ecc
...
Fix Cryptocell ecc build
2021-11-29 11:01:33 -08:00
57fb5453cb
Support for HKDF Extract callback
2021-11-29 14:51:13 +01:00
f6893789b9
add dummy_test_paths.h to include.am
2021-11-27 14:34:23 +09:00
a25c338007
fix build failures
...
update README to follow the latest ESP-IDF
2021-11-27 13:14:36 +09:00
fea438d07f
Use wolfCrypt's benchmarking app to run the PQ algorithms.
2021-11-26 15:15:23 -05:00
fb4e39f00a
addressed review comments prt1
2021-11-26 16:03:42 +09:00
b2c0bacb06
Fix Cryptocell ecc
2021-11-24 19:22:40 -08:00
ae0cefc48d
Merge pull request #4603 from anhu/stop_OPENSSLEXTRA
...
Stop needlessly enabling ENABLED_OPENSSLEXTRA when enabling liboqs.
2021-11-24 13:46:31 -07:00
ffe7a84e3d
Stop needlessly enabling ENABLED_OPENSSLEXTRA when enabling liboqs.
2021-11-24 14:09:19 -05:00
6d7e50d2ae
Initialize global in TSIP port
2021-11-24 09:22:14 -06:00
be870e742d
Edge case build fixes (cert gen only).
2021-11-23 15:12:48 -08:00
7396a0cb3a
Resolves all peer review comments. Fixes to get Curve25519 working on real hardware. Regression testing fixes for ECC.
2021-11-23 15:03:53 -08:00
7524ededd3
Support for Custom OID in subject and CSR request extension:
...
* Adds new build option `WOLFSSL_CUSTOM_OID` for supplying a custom OID in a CSR
* Fixes in ASN template CSR generation.
* Fix to allow calling `wc_Ed25519PublicKeyToDer` and `wc_Ed448PublicKeyToDer` with NULL output buffer to get length only.
* Refactor of the certificate subject name encoding.
* Refactor of the OID's to consolidate.
* Improvements to the Domain Component API unit test.
ZD 12943
2021-11-23 09:51:13 -08:00
dcc2a2852c
Merge pull request #4590 from JacobBarthelmeh/fuzzing
...
sanity check on pem size
2021-11-22 16:09:13 -08:00
f5239cc57e
Merge pull request #4597 from cconlon/removeSwig
...
Remove swig wrapper
2021-11-22 15:31:40 -08:00
23e722be27
Merge pull request #4595 from masap/fix-linuxkm
...
Fix failure of make distclean when linuxkm is enabled
2021-11-22 12:01:21 -08:00
84be329ffb
remove swig wrapper, now that we have dedicated Java and Python wrappers
2021-11-22 11:32:37 -07:00
89ed811e23
fix compile error when disabled SCEPROTECT
2021-11-22 21:36:02 +09:00
0de4136ad6
Rebase fixes
2021-11-22 13:10:55 +01:00
5fc2dadde1
Fix issue in wolfSSL_BN_rand_range causing random errors
2021-11-22 11:48:31 +01:00
1d7b2de074
Code review changes
2021-11-22 11:48:31 +01:00
3da810cb1b
Implement OpenSSL API's
...
- `OBJ_DUP`
- `i2d_PKCS7`
- `BN_rshift1
- `BN_rshift` testing
- Add `--enable-krb`
2021-11-22 11:47:58 +01:00
e7c5f137be
Implement BN_rand_range
2021-11-22 11:45:27 +01:00
82a9f74476
Compat updates
...
- implement `wolfSSL_PEM_X509_INFO_read`
- `wolfSSL_EVP_CipherUpdate` no-ops on `NULL` input
- add md4 support to `wolfSSL_EVP_MD_block_size` and `wolfSSL_EVP_MD_size`
2021-11-22 11:45:27 +01:00
ccbe184434
Implement CTS
...
Ciphertext stealing on top of CBC is implemented with `wolfSSL_CRYPTO_cts128_encrypt` and `wolfSSL_CRYPTO_cts128_decrypt` APIs
2021-11-22 11:45:27 +01:00
fa662c2ab1
AES_cbc_encrypt enc parameter flipped. 1 = encrypt 0 = decrypt
...
This change makes the `enc` parameter of `AES_cbc_encrypt` consistent with OpenSSL. This commit flips the meaning of this parameter now.
2021-11-22 11:45:27 +01:00
ace5d444a4
Fix failure of make distclean when linuxkm is enabled
...
$ make distclean
Making distclean in linuxkm
make[1]: Entering directory '/home/honma/git/wolfssl/linuxkm'
make[1]: *** No rule to make target 'distclean'. Stop.
make[1]: Leaving directory '/home/honma/git/wolfssl/linuxkm'
make: *** [Makefile:6431: distclean-recursive] Error 1
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-22 05:50:38 +09:00
30a01a0758
Fix failure of check at commiting when linuxkm is enabled
...
Making check in linuxkm
make[2]: Entering directory '/home/honma/git/wolfssl/linuxkm'
make[2]: warning: -j13 forced in submake: resetting jobserver mode.
make[2]: *** No rule to make target 'check'. Stop.
make[2]: Leaving directory '/home/honma/git/wolfssl/linuxkm'
make[1]: *** [Makefile:6431: check-recursive] Error 1
make[1]: Leaving directory '/home/honma/git/wolfssl'
make: *** [Makefile:6901: check] Error 2
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-22 05:50:38 +09:00
82eb23b300
addressed jenkins failures
2021-11-20 10:15:57 +09:00
5182e2a8c8
Merge pull request #4580 from kareem-wolfssl/minor_fixes
...
Check ssl->arrays in SendClientHello to avoid null dereference. Allow building with fallthrough defined.
2021-11-19 16:55:01 -08:00
d00c7641ae
addressed jenkins failure
2021-11-20 09:14:21 +09:00
f6c48bf7dc
Merge pull request #4560 from kaleb-himes/OE30-OE31-non-fips-changes
...
OE30 and OE31 changes external to FIPS module for NetBSD builds
2021-11-19 15:49:30 -08:00
34346bab4f
Merge pull request #4579 from JacobBarthelmeh/PKCS7
...
BER size adjustment with PKCS7
2021-11-19 14:49:03 -08:00
8de281c1d4
Fix minimum clang version for FALL_THROUGH. Not working properly before clang 11.
2021-11-19 15:16:56 -07:00
617668b9aa
Merge pull request #4585 from kareem-wolfssl/encryptMacFix
...
Fix building Import/ExportOptions with HAVE_ENCRYPT_THEN_MAC undefined.
2021-11-19 13:45:16 -08:00
fd6d479888
Rework ssl and ssl->arrays NULL checks, and add to SendTls13ClientHello as well.
2021-11-19 14:19:27 -07:00
72d4dcce0f
Fix updated FALL_THROUGH macro. Fix a couple of case statements and remove a trailing whitespace.
2021-11-19 14:13:02 -07:00
0772635972
Rework FALL_THROUGH definition to use fallthrough if defined.
2021-11-19 14:06:54 -07:00
930e1ac473
Check ssl->arrays in SendClientHello to avoid null dereference. Allow building with fallthrough defined.
2021-11-19 14:06:54 -07:00
5d49847147
sanity check on pem size
2021-11-19 13:55:03 -07:00
c3500fa24e
Merge pull request #4581 from miyazakh/max_earlydata
...
add get_max_eraly_data
2021-11-19 09:42:01 -07:00
5a72fee3df
Disable algorithms: fixes
...
WOLFSSL_PUBLIC_MP and disable algorithms didn't work because of api.c.
- mp_cond_copy not available unless ECC compiled in
- wc_export_int not available unless ECC compiled in
Enabling only DH and using SP with SP Math didn't work as the DH
parameters were too small.
sp_cmp is needed when only DH.
mp_set_int is was not available in SP math when RSA is not defined.
mp_set is close enough for the use cases.
Configure with SP and SP math but not RSA, DH and ECC didn't configure -
now default to small maths.
2021-11-19 16:56:33 +10:00
9a331d7072
update Readme
2021-11-19 15:35:06 +09:00
7e2fab6f4a
warning with keil build and native lwip want read case
2021-11-18 22:58:50 -07:00
c84194ffc8
include renesas_cmn.h to am file
2021-11-19 14:44:45 +09:00
f50fcd918e
support Renesas RA SCE protect mode on RA6M4 evaluation board
2021-11-19 14:22:16 +09:00
7e81372131
Merge pull request #4583 from dgarske/zd13242
...
Improve `ret` handling in the `ProcessPeerCerts` verify step.
2021-11-19 10:22:08 +10:00
af097401f2
SP: fix range of k to be 1..n-1
...
Was checking less than order - 2 then adding one.
i.e. 0..order-3 => 1..order-2
2021-11-19 09:40:26 +10:00
757f3b8105
Fix building Import/ExportOptions with HAVE_ENCRYPT_THEN_MAC undefined.
2021-11-18 16:06:22 -07:00
3054f20c6a
Improve ret handling in the ProcessPeerCerts verify step.
2021-11-18 14:51:09 -08:00
2841b5c93b
Merge pull request #3010 from kaleb-himes/ZD10203
...
Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA
2021-11-18 14:47:25 -08:00
9bc159a5ec
addressed review comment
2021-11-19 07:24:46 +09:00
4324cf8f0a
Correct cast from uint to uchar
2021-11-18 10:18:25 -07:00
5a85d63543
Added curve25519 support for NXP SE050
...
Reverted commented out lines from se050_port.h
2021-11-18 09:23:59 -07:00
e33156d0dc
Merge pull request #4578 from kaleb-himes/OE33_NON_FIPS_CHANGES
...
OE33: Fix issues found by XCODE and add user_settings.h
2021-11-18 06:59:43 -08:00
d02e819e4c
Merge pull request #4575 from SparkiDev/dh_enc_fix_2
...
ASN: DH private key encoding
2021-11-18 06:57:40 -08:00
618b9619c5
Merge pull request #4571 from anhu/init_sig_algs
...
Uninitialized var.
2021-11-18 22:46:37 +10:00
db3c0f7829
Merge pull request #4574 from masap/fix-asn1-integer-get
...
Fix invalid return value of ASN1_INTEGER_get()
2021-11-18 17:20:15 +10:00
483be08b1f
add definition for early_data_status compat
2021-11-18 14:21:47 +09:00
6ba00f66cd
Merge pull request #4573 from ejohnstown/fips-check-fix
...
Fix FIPS Check Script
2021-11-17 21:30:45 -06:00
b42a0d9712
native lwip update
2021-11-17 17:36:44 -07:00
7da0d524ff
add get_max_eraly_data
...
support set/get_max_eraly_data compatibility layer
2021-11-18 09:07:32 +09:00
370570d19b
ASN: DH private key encoding
...
Proper fix for sequence length when small keys.
2021-11-18 08:28:49 +10:00
4800db1f9d
Enable max/min int test even when non 64bit platform
...
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-18 06:58:21 +09:00
cb3fc0c7ce
Fix invalid return value of ASN1_INTEGER_get()
...
When DIGIT_BIT is less than SIZEOF_LONG * CHAR_BIT, ASN1_INTEGER_get() can
return invalid value. For example, with trailing program, ASN1_INTEGER_get()
unexpectedly returns -268435449 (0xf0000007) on i386.
On the i386 platform (DIGIT_BIT=28), the input value 0x7fffffff is separated
into 0xfffffff and 0x7 and stored in the dp array of mp_int. Previously,
wolfSSL_BN_get_word_1() returned 0xfffffff shifted by 28 bits plus 0x7, so this
patch fixed it to return 0xfffffff plus 0x7 shifted by 28 bits.
int main(void)
{
ASN1_INTEGER *a;
long val;
int ret;
a = ASN1_INTEGER_new();
val = 0x7fffffff;
ret = ASN1_INTEGER_set(a, val);
if (ret != 1) {
printf("ret=%d\n", ret);
}
if (ASN1_INTEGER_get(a) != val) {
printf("ASN1_INTEGER_get=%ld\n", ASN1_INTEGER_get(a));
}
ASN1_INTEGER_free(a);
return 0;
}
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-18 06:58:21 +09:00
ab0654bb64
remove something that slipped in
2021-11-17 16:38:30 -05:00
39edf8d206
pulled up a line.
2021-11-17 16:38:30 -05:00
49c7abb875
Changes suggested by SparkiDev.
2021-11-17 16:38:30 -05:00
5c48e74c7f
0xFF
2021-11-17 16:38:30 -05:00
0ae0b31509
The following config:
...
./configure --with-liboqs --enable-all --disable-psk --enable-intelasm --enable-aesni --enable-sp-math-all --enable-sp-asm CFLAGS="-O3"
Yeilds the following erorr:
src/internal.c: In function ‘DoServerKeyExchange’:
src/internal.c:24487:28: error: ‘sigAlgo’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
24487 | if (sigAlgo == ed448_sa_algo &&
| ^
This fixes it.
2021-11-17 16:38:30 -05:00
38ec0bb31f
Merge branch 'master' of github.com:wolfssl/wolfssl into OE33_NON_FIPS_CHANGES
2021-11-17 14:02:56 -07:00
995ef60ff1
Merge pull request #4577 from kaleb-himes/WINDOWS_AES_OFB_ON
...
Turn on AES-OFB mode in windows for FIPS=v5
2021-11-17 12:20:19 -08:00
37db5a9ab3
Add include.am(s) for new file(s)
2021-11-17 12:05:05 -07:00
ddf06b8161
BER size adjustment with PKCS7
2021-11-17 12:03:32 -07:00
f638df3575
Fix issues found by XCODE and add user_settings.h
...
Disable internal test settings by default
2021-11-17 11:00:56 -07:00
ef62fab4ea
Update
...
1. WIN10 FIPS build should use version 5,2 now.
2. Update the v5-ready build ot use version 5,2.
3. Remove eol-whitespace from the benchmark source.
2021-11-17 09:19:34 -08:00
c7c682ba2a
Move up to avoid breaking the patch applied for windows
2021-11-17 09:37:26 -07:00
dc6ec2b849
Turn on AES-OFB mode in windows for FIPS=v5
2021-11-17 09:22:58 -07:00
158ebcaa0a
Add v5-RC10 to the list of allowed versions
2021-11-16 16:36:38 -08:00
a5e581506e
Merge pull request #4570 from dgarske/android_keystore
...
Fixes for building wolfSSL with Android WPA Supplicant and KeyStore
2021-11-17 08:30:01 +10:00
e8e0bc0d49
Merge pull request #4552 from SparkiDev/sp_mod_exp_zero
...
SP: mod_exp with exponent of 0 is invalid
2021-11-16 08:29:13 -08:00
2b3ab855dd
Fixes for building wolfSSL with Android WPA Supplicant and KeyStore.
2021-11-16 08:27:30 -08:00
33a6b8c779
Merge pull request #4531 from dgarske/cryptocb_aesccm
...
Added crypto callback support for AES CCM
2021-11-16 22:45:11 +10:00
ceae7d56fa
Merge pull request #4551 from ejohnstown/aes-ofb
...
Add AES-OFB to FIPS boundary
2021-11-15 22:56:43 -06:00
cae3fcb9ce
Merge pull request #4569 from masap/i386-segfault
...
dsa.c: fix error-path mp_clear()s on uninitialized mp_ints in wc_DsaSign() and wc_DsaVerify().
2021-11-15 22:51:23 -06:00
8606788198
SP: mod_exp with exponent of 0 is invalid
...
Don't allow exponenetiation by 0 as it is cryptographically invalid and
not supported by the implementation.
Also check for even modulus in mod_exp.
2021-11-16 11:27:26 +10:00
6086728968
Fix possible segfault occurs when mp_clear() is executed for uninitialized mp_int
...
If NULL is passed as the digest argument of wc_DsaSign(), mp_clear() will be
called before mp_init() is called. This can cause segmentation fault.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-16 09:57:02 +09:00
f621defefe
Fix the segfault occurs when mp_clear() is executed for uninitialized mp_int on i386
...
test_wc_DsaSignVerify() passes the tests but causes an error.
free(): invalid pointer
If NULL is passed as the digest argument of wc_DsaVerify(), mp_clear() will be
called before mp_init() is called. On qemu-i386, the dp field of the mp_int
structure is non-null by default, which causes a segmentation fault when calling
mp_clear(). However, if WOLFSSL_SMALL_STACK is enabled, this problem does not
occur.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-16 09:56:56 +09:00
1559e92dca
Add crypto callback AES CCM test case.
2021-11-15 16:22:10 -08:00
d3fc8c229a
mp_sqrt: TonelliShanks algorithm doesn't handle zero
...
(0 * 0) mod p = 0.
Modular reduce n and shortcut when 0.
2021-11-16 09:23:07 +10:00
64407bbd7d
Merge pull request #4564 from rizlik/unused_ret_value_fix
...
woflcrypt/src/rsa.c: check memory allocation return value
2021-11-16 08:56:47 +10:00
c80e63a822
Merge pull request #4566 from ejohnstown/fips-check
...
fips-check script update
2021-11-15 13:23:54 -06:00
13871cf547
Set RC10 to be the default v5 FIPS build.
2021-11-15 10:03:50 -08:00
0d465cf42f
Add AES-OFB to FIPSv5 build as v5-RC10 (5,2)
2021-11-15 10:03:49 -08:00
ab74bbcfee
Merge pull request #4567 from SparkiDev/sp_scripts_sync_1
...
SP sync: Missing update
2021-11-15 07:04:08 -08:00
79f18c7585
SP sync: Missing update
2021-11-15 08:33:14 +10:00
d6219567c1
Merge pull request #4565 from dgarske/spelling
...
Fixes for spelling errors
2021-11-15 08:20:41 +10:00
3384159cb9
Add WCv5.0-RC10 to fips-check script. Remove some new whitespace from sniffer.
2021-11-12 14:10:58 -08:00
25054bd87f
Merge pull request #4538 from julek-wolfssl/sk_free-refactor
...
Refactor sk_*_free functions and stack type
2021-11-12 10:30:14 -08:00
a626a4fb02
Fixes for spelling errors.
2021-11-12 10:27:49 -08:00
600d562168
Merge pull request #4558 from anhu/falcon_bench
...
Add Falcon benchmarking.
2021-11-12 09:14:08 -08:00
4112cd4b99
Make stack type an enum
2021-11-12 14:48:17 +01:00
361975abbc
Refactor sk_*_free functions
...
Use a single `wolfSSL_sk_pop_free` and `wolfSSL_sk_free` function that free's the stack and optionally free's the node content as well.
2021-11-12 13:55:37 +01:00
6547bcb44c
Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA
2021-11-11 17:47:17 -07:00
2501aef34e
Merge pull request #4562 from SparkiDev/cert_suite_check
2021-11-11 15:36:12 -08:00
af67692e4a
Merge pull request #4559 from dgarske/sniffer_ht
2021-11-11 14:44:01 -08:00
4e20b93e72
Merge pull request #4556 from douzzer/updateFipsHash
2021-11-11 14:23:01 -08:00
c702dab988
Merge pull request #4561 from haydenroche5/wc_prf_fix
2021-11-11 13:03:58 -08:00
3ea4e35737
woflcrypt/src/rsa.c: check memory allocation return value
2021-11-11 16:25:03 +01:00
b5fd899113
TLS 1.2: check signature algo in ServerKeyExchange
2021-11-11 18:54:30 +10:00
2f29ca1092
Make fixes/improvements to TLS PRF code.
...
Make `wc_PRF` return an error if it doesn't find a corresponding hash for the
passed in hash type. Currently, if `wc_PRF_TLS` is called with `NO_OLD_TLS`
defined, it will do nothing but still return success. Make it return an error
instead. These problems were uncovered when running the wolfEngine unit tests
with wolfSSL 5.0.0 FIPS Ready, which defines `NO_MD5` and `NO_OLD_TLS`.
2021-11-10 15:19:43 -08:00
607a3bfaa7
Merge pull request #4554 from SparkiDev/mp_test_32bit
...
mp_test: when SP_INT_DIGITS is even calc was wrong
2021-11-10 15:07:43 -08:00
3c1deff611
Fix falcon bench cleanup case (should not free if init fails). Fix RSA key gen keySz with ./wolfcrypt/benchmark/benchmark -asym.
2021-11-10 15:03:44 -08:00
f2465e5688
include.am
2021-11-10 18:01:40 -05:00
242847760a
More appropriate file names.
2021-11-10 17:55:46 -05:00
453404a864
Get the falcon keys into wolfssl/certs_test.h
2021-11-10 17:33:24 -05:00
6bb86cf4da
OE30 and OE31 changes external to FIPS module for NetBSD builds
2021-11-10 15:16:21 -07:00
5fe078d7db
sig1, sig5 --> sig
2021-11-10 16:52:05 -05:00
246d470956
Refactor to do proper memory management.
2021-11-10 16:42:48 -05:00
1cadf88f26
Fixes for sniffer and handling of out-of-order situations that can occur with a saturated link.
2021-11-10 13:37:21 -08:00
6165323829
Satisfy a jenkins test.
2021-11-10 15:29:09 -05:00
237b098ba5
Add Falcon benchmarking.
2021-11-10 14:53:35 -05:00
b2ba6f94af
Merge pull request #4557 from LinuxJedi/doxygen-fixes
...
Fix up some Doxygen issues for 1.9
2021-11-10 11:29:47 -08:00
231546dacc
Fix more Doxygen typos
2021-11-10 17:26:33 +00:00
afe8d74333
Fix up some Doxygen issues for 1.9
...
Some of the Doxygen content was not processed correctly by Doxygen.
This patch fixes all the issues found.
2021-11-10 16:20:13 +00:00
6d55f8e42a
ssl.c: fixes for C++ pointer type hygiene.
2021-11-09 22:41:06 -06:00
ed0418c2a8
fix whitespace.
2021-11-09 22:17:38 -06:00
313d29f752
linuxkm: in module_hooks.c, refactor WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED gates to WOLFSSL_LINUXKM_SIMD_X86, and add updateFipsHash().
2021-11-09 22:02:17 -06:00
341bd7bbbc
mp_test: when SP_INT_DIGITS is even calc was wrong
2021-11-10 09:33:14 +10:00
8e0fdc64be
Merge pull request #4522 from dgarske/static_eph
...
Fixes and refactor for static ephemeral key support
2021-11-10 08:22:51 +10:00
9a83842c29
Merge pull request #4536 from luizluca/refactor_nameconstraints-permit
...
ASN: refactor name constraints checks
2021-11-09 10:44:17 -08:00
bd0f6736c5
Merge pull request #4513 from masap/wpa_sup_dpp
...
Fix X509_PUBKEY_set() to show correct algorithm and parameters
2021-11-09 10:26:59 -08:00
fe172ed9c1
Fix for generation of ephemeral key if static ephemeral is not set.
2021-11-09 10:14:23 -08:00
eebed0cc1c
Fix for possible ret may be used uninitialized.
2021-11-09 08:27:44 -08:00
df82b01e68
Added x448 static ephemeral support.
2021-11-09 08:27:42 -08:00
e91439f2eb
Fixes for static ephemeral key support with threading and possible use after free.
2021-11-09 08:25:47 -08:00
4a04e56ac8
Fix to allow calls to get TLS session random even if wolfSSL_KeepArrays has not been called.
2021-11-09 08:23:19 -08:00
5dac25f470
Eliminate EIGHTK_BUF use in asn. Cleanup uses of 0 in set_verify for callback.
2021-11-09 08:23:19 -08:00
ff3179012d
SP: fix when mont_mul_order is defined
...
Customer configuration that failed:
./configure --enable-cryptonly --enable-ecc --enable-sp=yes,asm
--disable-rsa --disable-dh --disable-sha3 --disable-sha224 --disable-md5
--disable-sha --disable-pkcs12 --disable-memory --disable-chacha
--disable-poly1305 --disable-sha512 --disable-sha384 --disable-aesgcm
--disable-aescbc --disable-aes --disable-rng CFLAGS="-DNO_SIG_WRAPPER
-DWOLFSSL_PUBLIC_MP -DECC_USER_CURVES -DNO_ECC_SIGN -DNO_ECC_DHE
-DNO_ECC_KEY_EXPORT"
2021-11-09 17:50:21 +10:00
1d9832c0de
Merge pull request #4545 from douzzer/misc-fixes-20211105
...
global typographic and file mode fixes
2021-11-08 20:54:20 -08:00
97557ed29b
linuxkm: add --enable-benchmark switch (default yes) and BUILD_BENCHMARK conditional to configure.ac to allow build with testwolfcrypt but without benchmark; change gate in wolfcrypt/benchmark/include.am from if !BUILD_LINUXKM to if BUILD_BENCHMARK.
2021-11-08 18:25:15 -06:00
03d5c4e6d3
test.c: fix whitespace.
2021-11-08 18:24:42 -06:00
18e487069b
src/internal.c: fix typo introduced in earlier "typographic cleanup".
2021-11-08 18:24:08 -06:00
95bed1cdfd
test.c: smallstack refactors for idea_test(), ed448_test(), and verifyBundle() (fixes various error-dependent leaks too).
2021-11-08 17:35:10 -06:00
25f74d4967
ssl.c: wolfSSL_UseALPN(): allocate char **token (2kB) on the heap, not the stack.
2021-11-08 17:35:10 -06:00
f8565f26e2
fixes for --disable-harden.
2021-11-08 17:35:10 -06:00
27d4bb304c
test.c add smallstack refactor of pkcs7enveloped_run_vectors().
2021-11-08 17:35:10 -06:00
26cc534dd2
wolfcrypt/test/test.c: fix memory leaks in pkcs7signed_run_[SingleShot]Vectors() added in smallstack refactor.
2021-11-08 17:35:10 -06:00
11ffb037ba
linuxkm/module_exports.c.template: remove accidentally added MSC clause.
2021-11-08 17:35:10 -06:00
beebd1411d
linuxkm/module_hooks.c: fix whitespace, and update code around WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE and updateFipsHash().
2021-11-08 17:35:10 -06:00
8b3048a0ea
wolfcrypt/test/test.c: smallstack refactors for pkcs7authenveloped_run_vectors(), pkcs7signed_run_vectors(), and pkcs7signed_run_SingleShotVectors(); typographic&whitespace cleanup.
2021-11-08 17:35:10 -06:00
59ec9fc285
configure.ac: refactor setup for --enable-reproducible-build; remove mutex between --enable-sp-math and --enable-sp-math-all (they can now coexist); whitespace cleanup.
2021-11-08 17:35:10 -06:00
0b4f34d62a
typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C.
2021-11-08 17:35:05 -06:00
01335e2e1c
ASN: refactor name constraints checks
...
Use the same logic for any type of name constraint.
It could be even cleaner if there were a altNamesByType[],
permittedNamesByType[] and excludedNamesByType[] in cert.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com >
2021-11-08 20:29:18 -03:00
8f121e7752
file modes: clear inappropriate executable bits.
2021-11-08 17:28:11 -06:00
dd833807d8
Merge pull request #4523 from dgarske/nxp_se050_fixes
...
Fixes for NXP SE050 ECC create and key store id
2021-11-09 08:56:03 +10:00
5a4577eb6c
Merge pull request #4541 from SparkiDev/mp_hexchar_asm
...
SP, TFM: fixes
2021-11-08 14:49:02 -08:00
49024b131e
Merge pull request #4534 from JacobBarthelmeh/fuzzing
...
check size of values with sp_gcd
2021-11-09 08:40:21 +10:00
ee39fd079f
Fix X509_PUBKEY_set() to show correct algorithm and parameters
...
When build with OpenSSL, trailing program outputs these messages.
algorithm: id-ecPublicKey
parameters: prime256v1
But with wolfSSL, X509_PUBKEY_get0_param() fails.
This patch fixes wolfSSL to display the same values as OpenSSL.
This program was extracted from wpa_supplicant in order to reproduce the
issue.
----------------
int main(void)
{
EVP_PKEY *pkey;
X509_PUBKEY *pub = NULL;
ASN1_OBJECT *ppkalg, *poid;
const ASN1_OBJECT *pa_oid;
const uint8_t *pk;
int ppklen, ptype;
X509_ALGOR *pa;
void *pval;
char buf[100];
const uint8_t data[] = {
0x30, 0x39, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, 0x03, 0x33, 0x6d, 0xb4, 0xe9, 0xab,
0xf1, 0x1c, 0x96, 0x87, 0x5e, 0x02, 0xcc, 0x92, 0xaf, 0xf6, 0xe1, 0xed, 0x2b, 0xb2, 0xb7, 0xcc,
0x3f, 0xd2, 0xb5, 0x4e, 0x6f, 0x20, 0xc7, 0xea, 0x2f, 0x3f, 0x42
};
size_t data_len = sizeof(data);
const uint8_t *p;
int res;
p = data;
pkey = d2i_PUBKEY(NULL, &p, data_len);
if (!pkey) {
fprintf(stderr, "d2i_PUBKEY() failed\n");
return -1;
}
if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) {
fprintf(stderr, "invalid type\n");
EVP_PKEY_free(pkey);
return -1;
}
res = X509_PUBKEY_set(&pub, pkey);
if (res != 1) {
fprintf(stderr, "X509_PUBKEY_set() failed\n");
return -1;
}
res = X509_PUBKEY_get0_param(&ppkalg, &pk, &ppklen, &pa, pub);
if (res != 1) {
fprintf(stderr, "X509_PUBKEY_get0_param() failed\n");
return -1;
}
res = OBJ_obj2txt(buf, sizeof(buf), ppkalg, 0);
if (res < 0 || (size_t) res >= sizeof(buf)) {
fprintf(stderr, "OBJ_obj2txt() failed\n");
return -1;
}
fprintf(stdout, "algorithm: %s\n", buf);
X509_ALGOR_get0(&pa_oid, &ptype, (void *) &pval, pa);
if (ptype != V_ASN1_OBJECT) {
fprintf(stderr, "X509_ALGOR_get0() failed\n");
return -1;
}
poid = pval;
res = OBJ_obj2txt(buf, sizeof(buf), poid, 0);
if (res < 0 || (size_t) res >= sizeof(buf)) {
fprintf(stderr, "OBJ_obj2txt() failed\n");
return -1;
}
fprintf(stdout, "parameters: %s\n", buf);
X509_PUBKEY_free(pub);
EVP_PKEY_free(pkey);
return 0;
}
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-09 07:30:58 +09:00
4453001fac
Merge pull request #4550 from kareem-wolfssl/gh4547
...
Fix doAsync warning in bench_ecc.
2021-11-08 13:24:18 -08:00
478f57b347
Merge pull request #4535 from kareem-wolfssl/zd13165
...
Fix building with NO_ECC_KEY_EXPORT.
2021-11-08 11:11:53 -08:00
67a11df15b
Merge pull request #4548 from anhu/TlS
...
Fix capitalization.
2021-11-08 11:07:00 -08:00
2f1a37769e
Fix doAsync warning in bench_ecc.
2021-11-08 11:42:05 -07:00
a28e44730c
Fix capitalization.
2021-11-08 11:45:49 -05:00
3a9be7373f
Merge pull request #4532 from embhorn/zd13139
...
Fix mem leak in HandleTlsResumption
2021-11-08 08:39:45 -08:00
d46b140250
Merge pull request #4544 from dgarske/hmachash
2021-11-05 15:11:07 -07:00
3941eea626
Fixes for peer review feedback. Improve the ECC key bit calculation. Improve the signature RS unsigned bin creation.
2021-11-05 14:53:20 -07:00
ba291b519d
Merge pull request #4543 from julek-wolfssl/server-echo-return
...
Check correct var for `server.c` echo return.
2021-11-05 11:26:15 -06:00
d6264059ac
Fix mem leak in HandleTlsResumption
2021-11-05 11:40:40 -05:00
e9aa76b34e
Merge pull request #4542 from SparkiDev/dh_enc_fix
...
DH encoding: use correct length for inner sequence
2021-11-05 08:50:43 -07:00
4fe17cc143
Merge pull request #4527 from julek-wolfssl/zd13097
...
Fix a heap buffer overflow with mismatched PEM structure ZD13097
2021-11-05 08:50:28 -07:00
7fca031346
Remove duplicate code in wc_HmacFree (looks like past merge error).
2021-11-05 08:20:39 -07:00
6d89de4f11
Check correct var for server.c echo return.
2021-11-05 16:10:17 +01:00
d01f0d7a4c
DH encoding: use correct length for inner sequence
...
Only affect small DH keys (like 512 bits).
2021-11-05 15:02:14 +10:00
dc911b94e7
SP, TFM: fixes
...
HexCharToByte must be cast to a signed char as a char is unsigned on
some platforms.
Redefine the __asm__ and __volatile__ for ICC and KEIL in sp_int.c
mp_test: don't use large bit lengths if unsupported.
2021-11-05 11:49:24 +10:00
ae84a2a326
Merge pull request #4293 from TakayukiMatsuo/set_min_proto
...
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
2021-11-04 14:59:34 -06:00
74a32e92eb
Rename the internal "Hash" structure used by Hmac as it is too generic.
2021-11-04 11:56:00 -07:00
d8faa22194
Fix for ecc_def_curve_test test changes.
2021-11-04 11:54:09 -07:00
16afe7ff87
Merge pull request #4540 from anhu/forLealem
...
Changes suggest by Lealem after he tried the instructions.
2021-11-04 11:44:18 -07:00
6f9e501f45
Changes suggest by Lealem after he tried the instructions.
2021-11-04 11:00:18 -04:00
1faa9e66b6
Check wolfSSL_BIO_read return
2021-11-04 15:34:33 +01:00
60a86157c7
Fix building with NO_ECC_KEY_EXPORT.
2021-11-03 16:03:26 -07:00
ca72beb688
check size of values with sp_gcd
2021-11-03 16:56:45 -06:00
8f7df68869
Merge pull request #4533 from JacobBarthelmeh/Testing
...
additional checks on fp montgomery return value
2021-11-04 08:36:27 +10:00
b84edb5c67
Fixes for NXP SE050 testing with hardware.
2021-11-03 12:47:07 -07:00
7ca95bfaca
additional checks on fp montgomery return value
2021-11-03 11:40:14 -06:00
d24bfb6bf7
Merge pull request #4530 from anhu/falcon-pqsig
...
The NIST round 3 Falcon Signature Scheme integration.
2021-11-03 09:35:01 -07:00
e9fbd94150
Fix for _ecc_validate_public_key and unused parameters for partial and priv.
2021-11-03 08:10:37 -07:00
495cac8ad7
Fixes for NXP SE050 key sizes and key id use. Related to #4526
2021-11-02 16:34:19 -07:00
dbe3e550b0
Correct the directory to pq in reference to wolfssl-examples
2021-11-02 15:35:39 -04:00
2abb2eae7d
Changed NXP SE050 to not use symmetric offloading by default. If desired use WOLFSSL_SE050_HASH and WOLFSSL_SE050_CRYPT.
2021-11-02 12:00:24 -07:00
04f27551aa
Some more sensible constants.
2021-11-02 14:59:31 -04:00
82c106be80
Added crypto callback support for AES CCM.
2021-11-02 09:53:55 -07:00
945e4a0885
Merge pull request #4529 from anhu/disable_dh
...
Fix for being able to build with LIBOQS but without DH
2021-11-02 08:54:40 -07:00
b652d2e631
Merge pull request #4524 from JacobBarthelmeh/Release
...
bump to dev version and touch up readme
2021-11-02 08:54:14 -07:00
81def76b18
The NIST round 3 Falcon Signature Scheme integration.
2021-11-02 11:12:10 -04:00
e1cc1e831e
Fix for being able to build with LIBOQS but without DH
...
The following configuration yielded a compile error:
./configure --with-liboqs --disable-dh
This fixes bug reported on ZD13028.
2021-11-02 10:16:38 -04:00
23487a4532
Fix a heap buffer overflow with mismatched PEM structure ZD13097
2021-11-02 11:31:22 +01:00
2745f394e5
Merge pull request #4525 from cconlon/sslopno
...
TLS 1.3: check SSL_OP_NO_TLSv1_2 in TLS 1.3 clients
2021-11-02 09:40:59 +10:00
ac5e9e5e7c
bump to dev version and touch up readme
2021-11-01 15:50:03 -06:00
7e01af0121
Merge pull request #4521 from JacobBarthelmeh/Release
...
prepare for release v5.0.0
2021-11-01 12:45:22 -07:00
7c3d1c7fbc
update rpm spec
2021-11-01 12:24:53 -06:00
44219906e0
add kdf.c to cs+ project
2021-11-01 12:02:53 -06:00
6f18ba15b0
linuxkm: accommodate printk()->_printk() renaming in kernel 5.15+.
2021-11-01 11:49:56 -06:00
742492cb5e
linuxkm/Makefile: fix module sign-file error handling.
2021-11-01 11:49:48 -06:00
d869c60605
prepare for release v5.0.0
2021-11-01 11:43:25 -06:00
f63a799f18
Fix for ECC create key public export size and key size bits. Fix for key store ID vs key ID.
2021-11-01 09:52:12 -07:00
99f44149eb
Merge pull request #4520 from JacobBarthelmeh/Testing
...
add kdf.c file to IDE projects and cmake, few edge case fuzz reports, remove exe bit and c files
2021-11-01 08:35:11 -07:00
fb7baf28ca
fix for xcode build and revert cmake change
2021-10-29 16:55:05 -06:00
6ba55edd50
fix async warnings
2021-10-29 14:37:39 -06:00
1d91ccb41b
remove exe bit on example.c and server.c
2021-10-29 13:12:43 -06:00
03bc45c5b1
check if private key exists before using with private key check function
2021-10-29 10:51:24 -06:00
5ad580b233
Merge pull request #4517 from elms/cmake/kdf
...
cmake: Add `kdf.c` and `FIPS_V5`
2021-10-29 09:29:23 -07:00
fc01723407
Merge pull request #4516 from dgarske/asn_templ_genname
...
Fix for ASN template general name parsing
2021-10-29 23:14:50 +07:00
a6415493eb
Merge pull request #4518 from douzzer/nestable-save-vector-registers
...
linuxkm: fixes for {save,restore}_vector_registers_x86().
2021-10-29 09:14:32 -07:00
8a8a6cf17f
Merge pull request #4515 from kareem-wolfssl/zd13006
...
wc_scrypt: Check for underflow in blocksSz calculation.
2021-10-29 08:23:37 -07:00
ddf927ae41
linuxkm: fixes for {save,restore}_vector_registers_x86().
2021-10-29 01:26:48 -05:00
49389f3074
cmake: Add kdf.c and FIPS_V5
2021-10-28 16:50:15 -07:00
e60c2201b2
Fix for general name parsing with WOLFSSL_ASN_TEMPLATE to use right length for general names and properly NULL terminate.
2021-10-28 16:13:58 -07:00
8775823fa0
handling edge cases with ecc import and decrypt functions
2021-10-28 17:11:56 -06:00
afad1374a3
check SSL_OP_NO_TLSv1_2 in TLS 1.3 enabled client
2021-10-28 16:30:02 -06:00
e10e3a92b8
add kdf.c to cmake build
2021-10-28 16:27:45 -06:00
9ec9ace7ea
adding kdf.c to IDE builds
2021-10-28 16:19:18 -06:00
39c9fa96bc
wc_scrypt: Code review feedback.
2021-10-28 15:02:53 -07:00
6b3ff9bae2
Merge pull request #4459 from julek-wolfssl/missing-ext
...
Add x509 name attributes and extensions to DER parsing and generation
2021-10-28 14:30:37 -07:00
0ecb81e74a
wc_scrypt: Check for underflow in blocksSz calculation.
2021-10-28 14:18:22 -07:00
0a26335243
Merge pull request #4446 from ejohnstown/dtls-sizing
...
DTLS Sizing
2021-10-28 14:15:36 -07:00
2c42770eea
Merge pull request #4508 from elms/cmake/tlsx
...
cmake: add SNI and TLSx
2021-10-28 14:03:59 -07:00
9c8e4f558c
Explicit cast to int
2021-10-28 21:05:19 +02:00
adee6a86d1
Return the close notify error when expecting an error.
2021-10-28 20:53:58 +02:00
6bb7e3900e
Merge pull request #4511 from JacobBarthelmeh/Testing
...
build fixes and PKCS7 BER encoding fix
2021-10-28 10:52:58 -07:00
e4e6242fde
Merge pull request #4514 from SparkiDev/zephyr_fix_2
...
Fixes for Zephyr OS
2021-10-28 07:52:32 -07:00
8cba5dda17
Need to free x509 in tests
2021-10-28 14:50:53 +02:00
a738c16b2f
Can't have macros within macros
2021-10-28 14:50:53 +02:00
7d6f8ea255
Update wrong email in gen script
2021-10-28 14:50:53 +02:00
ef37eeaeaa
Code review fixes
2021-10-28 14:50:53 +02:00
a6be157628
Gate new AKID functionality on WOLFSSL_AKID_NAME
2021-10-28 14:50:53 +02:00
cb79bc5c46
Use same code for DecodeNsCertType with templates
2021-10-28 14:50:53 +02:00
842dba7946
Put address and postal code in WOLFSSL_CERT_EXT
2021-10-28 14:50:53 +02:00
2531cd961f
Code review fixes
2021-10-28 14:50:53 +02:00
d9af698aa4
Implement raw AKID with WOLFSSL_ASN_TEMPLATE
2021-10-28 14:50:53 +02:00
c162196b27
Add x509 name attributes and extensions to DER parsing and generation
...
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
2021-10-28 14:50:53 +02:00
894303be59
Make the wolfSSL_GetMaxFragSize parameter meaning consistent
...
- Add testing for sending as much app data as possible in a single DTLS record
2021-10-28 14:46:15 +02:00
623a84ed7b
Fixes for Zephyr OS
...
time is not available.
Must include clock module
kdf.c missing from file list
2021-10-28 15:57:46 +10:00
7baffd9cf1
Merge pull request #4512 from douzzer/fips-check-linuxv5-uses-tag-WCv5.0-RC9
...
fips-check.sh update for WCv5.0-RC9 tags
2021-10-28 14:15:55 +10:00
0e18e9c404
Merge pull request #4502 from dgarske/async_test
...
Fixes for async TLS v1.3
2021-10-28 14:13:32 +10:00
55ee5e41db
Merge pull request #4510 from SparkiDev/sp_cmp_c64
...
SP: change to sp_c32.c now in scripts caused changes to sp_c64.c
2021-10-27 18:50:13 -07:00
46ecf752b4
fips-check.sh: update wolfSSL remote & tag for linuxv5 aka linuxv5-RC9.
2021-10-27 18:17:57 -05:00
7cbfb27fa0
When adding cipherExtraData(), also account for TLSv1.3.
2021-10-27 15:12:31 -07:00
9f3f9c53fd
Remove debugging printfs. Added some guards around DTLS and AEAD only things.
2021-10-27 15:12:31 -07:00
be3b6b47ef
DTLS MTU fixes
2021-10-27 15:12:31 -07:00
77ebd11781
Updating based on MTU. Debugging prints.
2021-10-27 15:12:31 -07:00
be2e7e25ac
Change the calculation for the extra data size in a DTLS message when checking to see if it'll fit in an MTU. (ZD12983)
2021-10-27 15:12:31 -07:00
c16f0db1b5
Fixes for handling WC_PENDING_E async responses in API unit test and examples. Resolves all issues with --enable-all --enable-asynccrypt --with-intelqa=.
2021-10-27 15:08:39 -07:00
a2ad01604f
Fix devId, which must be -2 or INVALID_DEVID (not 0). Fix RSA doc typo.
2021-10-27 15:08:38 -07:00
eb56b652ca
Fix for async TLS v1.3 with multiple WC_PENDING_E on client_hello and server_hello processing. Fix for not aligned NUMA.
2021-10-27 15:08:38 -07:00
34095dfd38
Merge pull request #4509 from dgarske/fix_sesstick
...
Fix for session ticket handling with error cases
2021-10-28 08:07:10 +10:00
f14bd41733
Merge pull request #4359 from douzzer/fipsv3-rebased
...
fips 140-3 linuxkm edition
2021-10-27 15:06:48 -07:00
f585dcd5ab
adjust inSz with BER PKCS7 parsing
2021-10-27 15:12:04 -06:00
f413ff8b3a
tls.c: TLSX_SupportedFFDHE_Set(): add handling for malloc failures.
2021-10-27 15:11:04 -05:00
00249b70ae
fix for build with WOLFSSL_SGX
2021-10-27 13:22:45 -06:00
3a80ba6744
configure.ac: fixes for --enable-fips logic.
2021-10-26 22:51:59 -05:00
d105256330
fips-check.sh: remap fips-ready target to be ready flavor of 140-3, temporarily with FIPS_VERSION="master"; add fips-v3-ready target with FIPS_VERSION="v4.1.1"; add linuxv5|linuxv5-RC9 target to be updated after merge with tags.
2021-10-26 20:24:29 -05:00
d527b25034
configure.ac: FIPS: remap "ready" to be ready flavor of 140-3 (i.e. v5-ready); add v3-ready for ready flavor of 140-2.
2021-10-26 20:24:29 -05:00
8ee49cd50c
linuxkm: in module_hooks.c:wolfssl_init(), add support for WC_RNG_SEED_CB.
2021-10-26 20:24:29 -05:00
071be3171e
linuxkm: in module_hooks.c, fix logic+gating around CONFIG_MODULE_SIG and WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE.
2021-10-26 20:24:29 -05:00
9b5f8c84b0
Change the WIN10 project files to build for FIPS v5.
2021-10-26 20:24:29 -05:00
073bef579b
linuxkm: add missing #ifdef OPENSSL_EXTRA around openssl includes in module_exports.c.template, and add an assert to configure.ac disallowing linuxkm+opensslextra.
2021-10-26 20:24:29 -05:00
ac8fbe3fbd
ssl.c: fix a couple trivial rebase errors.
2021-10-26 20:24:29 -05:00
6e9f9c8fe8
Update the Windows user_settings for recent updates.
2021-10-26 20:24:29 -05:00
7915f6acb0
linuxkm: add the remainder of known needed SAVE_VECTOR_REGISTERS() wrappers to PK algs, add DEBUG_VECTOR_REGISTERS_{EXIT,ABORT}_ON_FAIL options; add a slew of ASSERT_SAVED_VECTOR_REGISTERS() to sp_x86_64.c (autogenerated, separate scripts commit to follow).
2021-10-26 20:24:29 -05:00
75df6508e6
Add a read enable for private keys when in FIPS mode.
2021-10-26 20:24:29 -05:00
1d07034fb9
linuxkm: fix line length in types.h, and add #ifdef _MSC_VER #pragma warning(disable: 4127) to work around MSC bug re "conditional expression is constant"; fix flub in ecc.c.
2021-10-26 20:24:29 -05:00
62c1bcae8a
linuxkm: {SAVE,RESTORE}_VECTOR_REGISTERS() wrappers around RSA, DH, and ECC routines that might use sp-asm.
2021-10-26 20:24:28 -05:00
0eb76bcfd8
linuxkm: add missing RESTORE_VECTOR_REGISTERS() in wolfcrypt/src/poly1305.c:wc_Poly1305Update().
2021-10-26 20:24:28 -05:00
85a8c06062
linuxkm: add DEBUG_VECTOR_REGISTER_ACCESS (debug feature switch), ASSERT_SAVED_VECTOR_REGISTERS, and ASSERT_RESTORED_VECTOR_REGISTERS macros, and move the fallback no-op definitions of the SAVE_VECTOR_REGISTERS and RESTORE_VECTOR_REGISTERS to types.h. also fixed several ASCII TAB characters in types.h.
2021-10-26 20:24:28 -05:00
e0395c6441
linuxkm: in wolfcrypt/src/sha{256,512}.c, remove {SAVE,RESTORE}_VECTOR_REGISTERS() wrappers around AVX implementations, as this needs to be refactored for efficiency and the underlying assembly is not yet kernel-compatible.
2021-10-26 20:24:28 -05:00
ad4c200cd2
linuxkm: wolfcrypt/src/memory.c: in {save,restore}_vector_registers_x86(), allow for recursive calls (some crypto calls are recursive).
2021-10-26 20:24:28 -05:00
fc73c6dbea
linuxkm: fix Makefile to properly pivot module signature on CONFIG_MODULE_SIG==y; remove not-yet-kernel-compatible asm files from the ASFLAGS_FPU_DISABLE_SIMD_ENABLE list, matching the OBJECT_FILES_NON_STANDARD list, for clarity.
2021-10-26 20:24:28 -05:00
40e3cac695
Use correct value for pSz when setting the dhKeySize in the session.
2021-10-26 20:24:28 -05:00
f2c4567164
Like the public key, zero pad the front of the private key.
2021-10-26 20:24:28 -05:00
bc91187063
tls.c:TLSX_KeyShare_GenDhKey(): fix typo.
2021-10-26 20:24:28 -05:00
aca43cfe52
linuxkm/Kbuild: include -fno-omit-frame-pointer in HOST_EXTRACFLAGS, in case the target kernel has profiling enabled; remove the "always := $(hostprogs)" rule, as it doesn't work and causes warnings on kernel 5.10.
2021-10-26 20:24:28 -05:00
8bdae98a93
fips-check.sh: temporarily arrange for "linuxv5" to be an alias of "linuxv5-ready", to arrange for Jenkins testing of wolfcrypt code in the PR in FIPS mode.
2021-10-26 20:24:28 -05:00
a3435ca062
fips-check.sh: exit (fatal error) if git fails.
2021-10-26 20:24:28 -05:00
f1d43f6891
Add error code for the private key read lockout.
2021-10-26 20:24:28 -05:00
31f13a7f41
wolfcrypt/test/test.c: when HAVE_FIPS, wrap wc_MakeRsaKey() calls in infinite iteration while ret == PRIME_GEN_E, to inhibit nondeterministic failure mode from FIPS-limited _CheckProbablePrime() iteration.
2021-10-26 20:24:28 -05:00
490a1238a8
configure.ac: refactor AC_CHECK_FILES brought in by rebase, to fix warning.
2021-10-26 20:24:28 -05:00
b577984574
rsa.c: fix whitespace.
2021-10-26 20:24:28 -05:00
3fcdcbc1f9
Fix for RSA _ifc_pairwise_consistency_test to make the async blocking.
2021-10-26 20:24:28 -05:00
e61d88657d
WOLFSSL_ASYNC_CRYPT: in EccSharedSecret(), don't try to wolfSSL_AsyncInit() if there's no priv_key to supply an asyncDev; in RSA _ifc_pairwise_consistency_test(), disable async to force blocking crypto.
2021-10-26 20:24:28 -05:00
303aa312a8
Fix the TLS v1.3 async key share support. Added WOLFSSL_NO_PUBLIC_FFDHE option to test without public FFDHE API's.
2021-10-26 20:24:28 -05:00
75e4c0869e
DH: move declaration of wc_DhPublicKeyDecode() from dh.h to asn.h (it is defined in asn.c).
2021-10-26 20:24:28 -05:00
10304c9143
linuxkm: portability fix in aes.c for SAVE_VECTOR_REGISTERS() call ("embedding a directive within macro arguments is not portable").
2021-10-26 20:24:28 -05:00
c0778e5ad9
gate access to wc_Sha512.devId on !NO_SHA2_CRYPTO_CB.
2021-10-26 20:24:28 -05:00
5d796ba06c
settings.h: add WOLFSSL_MAKE_FIPS_VERSION(), WOLFSSL_FIPS_VERSION_CODE, and FIPS_VERSION_{LT,LE,EQ,GE,GT} macros; define NO_SHA2_CRYPTO_CB macro if HAVE_FIPS && FIPS_VERSION_LT(5,1); refactor other FIPS version dependencies in settings.h to use new macros.
2021-10-26 20:24:28 -05:00
0f05a71bfb
linuxkm: refactor SAVE_VECTOR_REGISTERS() macro to take a fail clause as an argument, to allow the preprocessor to completely eliminate it in non-kernel builds, and for backward compat with WCv5.0-RC8.
2021-10-26 20:24:28 -05:00
6160da243d
linuxkm: use EXPORT_SYMBOL_NS_GPL() for exports.
2021-10-26 20:24:28 -05:00
c2c2e5b4f5
tests/api.c: post_auth_version_cb(): add missing gating on !NO_ERROR_QUEUE for wolfSSL_ERR_get_error() test.
2021-10-26 20:24:28 -05:00
e4d075de20
src/internal.c: FreeX509(): remove redundant free of x509->CRLInfo.
2021-10-26 20:24:28 -05:00
61df408d70
configure.ac: fix handling of ENABLED_FIPS->REPRODUCIBLE_BUILD_DEFAULT=yes; take JNI back out of from enable-all feature set because it adds -DNO_ERROR_QUEUE to flags; fix typo in FIPS test for --with-max-rsa-bits setup.
2021-10-26 20:24:28 -05:00
32349749a6
internal.c: SendServerKeyExchange(): check retval from wc_DhGetNamedKeyParamSize().
2021-10-26 20:24:28 -05:00
361559ca30
settings.h: set HAVE_PUBLIC_FFDHE as in configure.ac (FIPS v2 and SELFTEST) if it isn't already set.
2021-10-26 20:24:28 -05:00
342e319870
dsa.c: fix up comment spelling/typography in wc_MakeDsaKey().
2021-10-26 20:24:28 -05:00
a5c03f65e3
tests/api.c: fix test_CryptoCb_Func() to not attempt signing op on ephemeral ECC keys.
2021-10-26 20:24:28 -05:00
1f6eb4648e
configure.ac: remove WOLFSSL_VALIDATE_ECC_IMPORT and WOLFSSL_VALIDATE_ECC_KEYGEN from enable-all and enable-all-crypto feature sets.
2021-10-26 20:24:28 -05:00
7a4ec22953
pkcs7.c: further smallstack refactor of PKCS7_EncodeSigned().
2021-10-26 20:24:28 -05:00
fb49d814c5
configure.ac and autogen.sh: fix warnings in configure.ac, and enable WARNINGS=all,error in autogen.sh. also, remove --verbose to avoid obscuring warning output.
2021-10-26 20:24:28 -05:00
f60cb94b82
wolfcrypt/src/include.am and src/include.am: don't disrupt modtimes of fips/async source files if they already exist.
2021-10-26 20:24:28 -05:00
ab4c96292b
autogen.sh: disable WARNINGS=all until autotools config is fixed.
2021-10-26 20:24:28 -05:00
e894340a64
tls13.c: mac2hash(): accommodate scenario where all hashes are gated out of the build (peer review).
2021-10-26 20:24:28 -05:00
972c6c032e
ssl.c: clean up MD5->SHA refactor of wolfSSL_LH_strhash() (peer review).
2021-10-26 20:24:28 -05:00
e9332c1ce4
autogen.sh: refactor to not disrupt modtimes of fips/async source files if they already exist. also, assert success on any file ops, and properly export WARNINGS to autoreconf.
2021-10-26 20:24:28 -05:00
255d2d650f
rsa.c: add missing WOLFSSL_ASYNC_CRYPT clauses to _ifc_pairwise_consistency_test().
2021-10-26 20:24:27 -05:00
87b965c964
include.am: in FIPS clauses, include wolfcrypt/src/aes_gcm_asm.S in src_libwolfssl_la_SOURCES when BUILD_AESNI, regardless of BUILD_INTELASM, as in the corresponding non-FIPS clause.
2021-10-26 20:24:27 -05:00
0f407b4bfc
test.c: fix indirection flubs in _ASYNC_CRYPT parts of ecc_test_sign_vectors().
2021-10-26 20:24:27 -05:00
f264741aa0
benchmark.c: fix -Wstringop-truncation in _ASYNC_CRYPT bench_stats_add().
2021-10-26 20:24:27 -05:00
0231446006
configure.ac: don't warn about loading real async files if async.c is present and non-empty.
2021-10-26 20:24:27 -05:00
3745b1c9db
linuxkm: fix clean rules/definitions to not pick up top level Makefile, and to clean up empty object directories.
2021-10-26 20:24:27 -05:00
8e131620ae
.gitignore: add linuxkm/libwolfssl.lds
2021-10-26 20:24:27 -05:00
14f39f07a2
fips-check.sh: add linuxv5-ready (--enable-fips=v5-ready).
2021-10-26 20:24:27 -05:00
f9627e4b14
configure.ac: for --enable-fips, make v5 an alias for v5-RC8 (alias to be updated after newer lab-approved snapshots are tagged), and add v5-ready and a placeholder v5-REL.
2021-10-26 20:24:27 -05:00
5ef97acbab
types.h: add back missing WC_HASH_TYPE_MAX to enum wc_HashType when HAVE_FIPS_VERSION <= 2 (now WC_HASH_TYPE_BLAKE2S, since SHAKE is now excluded from the enum).
2021-10-26 20:24:27 -05:00
40c32081bb
types.h: rename STRINGIFY() macro to WC_STRINGIFY().
2021-10-26 20:24:27 -05:00
e3989edd39
wolfcrypt/benchmark/benchmark.c: fix typo.
2021-10-26 20:24:27 -05:00
4a451caf7b
src/sniffer.c: fix rebase errors.
2021-10-26 20:24:27 -05:00
834efe4ff6
fips-check.sh: update to test 140-3 using --enable-fips=v5-RC8 and the WCv5.0-RC8 version tags.
2021-10-26 20:24:27 -05:00
db26e0a40a
Makefile.am: .build_params belongs in DISTCLEANFILES, not CLEANFILES.
2021-10-26 20:24:27 -05:00
9f36df44a4
wolfssl/wolfcrypt/types.h: define WOLFSSL_NOSHA512_224, WOLFSSL_NOSHA512_256, and WOLFSSL_NO_SHAKE256 in SELFTEST/FIPS<=v2 version of enum wc_HashType definition, to assure synchrony.
2021-10-26 20:24:27 -05:00
1c27654300
configure.ac and wolfssl/wolfcrypt/types.h: don't change wc_HashType for FIPS <= v2 (reverts commit 56843fbefd as it affected that definition); add -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256 to FIPS v2 and v3.
2021-10-26 20:24:27 -05:00
aa6ca43e91
api.c: skip test_wolfSSL_EVP_PBE_scrypt() when FIPS 140-3 (test uses impermissibly short HMAC key).
2021-10-26 20:24:27 -05:00
22f947edd6
configure.ac and wolfssl/wolfcrypt/asn_public.h: add --enable-fips=v5-RC8 for use with WCv5.0-RC8 codebase; add HAVE_FIPS_VERSION_MINOR, and refactor main $ENABLED_FIPS switch to set HAVE_FIPS_VERSION and if applicable HAVE_FIPS_VERSION_MINOR for use in subsequent tests and the main FIPS setup code; in asn_public.h, use HAVE_FIPS_VERSION_MINOR to exclude declaration of wc_RsaKeyToPublicDer() when building FIPS WCv5.0-RC8.
2021-10-26 20:24:27 -05:00
8c3cbf84f9
add missing gating around WOLFSSL_NO_SHAKE256, WOLFSSL_NOSHA512_224, and WOLFSSL_NOSHA512_256.
2021-10-26 20:24:27 -05:00
7b40cd6cef
configure.ac: fips tweaks: add --enable-fips=disabled to allow non-fips build in a fips tree, for convenient testing; add ENABLED_SHAKE256=no override to fipsv5 setup; don't add an RSA_MAX_SIZE setting to AM_CFLAGS when FIPS, to avoid a conflict with old rsa.h.
2021-10-26 20:24:27 -05:00
083b97c5a3
tls.c: fix rebase error in TLSX_KeyShare_FreeAll().
2021-10-26 20:24:27 -05:00
19b33d5a76
configure.ac: don't include rc2 in enable-all or enable-all-crypto (memory leaks).
2021-10-26 20:24:27 -05:00
b77000bcfb
add smallstack codepath to ecc_test_sign_vectors(), and add missing rc2.h include to linuxkm/module_exports.c.template.
2021-10-26 20:24:27 -05:00
9e3fb73567
configure.ac: improvement for enable-all and enable-all-crypto:
...
remove haproxy from enable-all set, to avoid SECURE_RENEGOTIATION;
add enable-aescbc-length-checks to enable-all-crypto set, inadvertently omitted;
add enable-base16 to all (where it was implicit) and to all-crypto (where it was missing);
add ssh, rc2 and srp to all-crypto;
reorder the portion of the enable-all set that's common with enable-all-crypto, to have matching order.
2021-10-26 20:24:27 -05:00
fae342940c
.gitignore: add .build_params.
2021-10-26 20:24:27 -05:00
d39d389c6e
aes.c: in CheckAesGcmIvSize(), don't disallow GCM_NONCE_MIN_SZ for FIPS 140-3, i.e. always allow it.
2021-10-26 20:24:27 -05:00
b93a18b34e
src/internal.c: in SendServerKeyExchange() case diffie_hellman_kea, #ifdef HAVE_SECURE_RENEGOTIATION, enlarge buffers.serverDH_Pub.buffer to accomodate larger new key replacing smaller old key, whether or not ssl->namedGroup is set (copy-paste of existing in !ssl->namedGroup path).
2021-10-26 20:24:27 -05:00
67db7b7f32
fixes for issues identified by Jenkins run:
...
Makefile.am: clean .build_params file;
ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();
move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);
fix new unused-label defect in wc_ecc_shared_secret_gen_sync();
fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);
fix NO_INLINE ForceZero() prototype;
ecc.c: add missing if (err == MP_OKAY) in build_lut();
wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;
ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;
WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
2021-10-26 20:24:27 -05:00
87578262aa
wolfcrypt smallstack refactors:
...
rsa.c: wc_CompareDiffPQ()
dh.c: wc_DhGenerateParams()
dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters()
srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic()
ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync()
test.c: GenerateNextP() dh_generate_test() GenerateP()
2021-10-26 20:24:27 -05:00
0f201a7394
wolfcrypt/types.h: revert change to WOLFSSL_LINUXKM XFREE() macro added in commit "remove frivolous semicolons at end of several macro definitions."
2021-10-26 20:24:27 -05:00
947a0d6a2f
autotools/Makefiles: enable reproducible build by default for FIPS, and add -DHAVE_REPRODUCIBLE_BUILD to AM_CFLAGS;
...
refactor the HAVE_WC_INTROSPECTION mechanism to pass build params via $output_objdir/.build_params rather than abusing autotools config.h to pass them;
add support for EXTRA_CFLAGS on the make command line;
in FIPS builds, exclude pkcallbacks from --enable-all;
linuxkm: move test.o out of PIE container (uses function pointers as operands).
2021-10-26 20:24:27 -05:00
f1c1f76851
ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg.
2021-10-26 20:24:27 -05:00
ddda108de6
sp_int.c:sp_set(): use PRAGMA_GCC_* macros, not ad hoc gated __Pragmas, to mask spurious -Warray-bounds.
2021-10-26 20:24:26 -05:00
cdcb8fb9da
configure.ac: revert change (AC_MSG_NOTICE reverted to AC_MSG_ERROR) for "FIPS source tree used for non-FIPS build"; in enable_all set, move enable_stunnel and enable_tcpdump to the !ENABLED_LINUXKM_DEFAULTS section.
2021-10-26 20:24:26 -05:00
220a255281
use WOLFSSL_BIO_ERROR, not SOCKET_INVALID (both macros have value -1), as the default/unset value of WOLFSSL_BIO.num, to avoid unnecessary dependency on HAVE_SOCKADDR.
2021-10-26 20:24:26 -05:00
1e3d47af57
remove frivolous semicolons at end of several macro definitions.
2021-10-26 20:24:26 -05:00
64bfe81ff5
configure.ac: test for cryptonly && opensslextra, if so error "mutually incompatible".
2021-10-26 20:24:26 -05:00
2bf711341b
wolfcrypt/test/test.c: use HAVE_FIPS_VERSION, not FIPS_VERSION.
2021-10-26 20:24:26 -05:00
4cf1826c8f
PRAGMA_GCC_*: refactor macros to properly push a context, and refactor their use in src/tls13.c:DeriveKey() to deal with gcc context quirks that otherwise disabled the warning mask when defined(HAVE_FIPS); add a missing #ifndef NO_MD5 in ssl.c:wolfSSL_LH_strhash().
2021-10-26 20:24:26 -05:00
cff7c5b3c0
wolfcrypt/benchmark/benchmark.c: in bench_dh(), add a missing #ifdef HAVE_PUBLIC_FFDHE around a DhParams use.
2021-10-26 20:24:26 -05:00
8de8af8b43
wolfcrypt/test/test.c: disable hmac_md5_test() for FIPS 140-3, and rename hkdf_test to wc_hkdf_test to eliminate namespace collision.
2021-10-26 20:24:26 -05:00
89797db946
configure.ac: enable_stunnel for enable-all only if !FIPS; add enable_tcpdump if !FIPS; add -DWOLFSSL_ECDSA_SET_K to FIPS 140-3 CFLAGS; use DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS to set FP_MAX_BITS indirectly for FIPS 140-3; use AC_MSG_NOTICE() for informational notices previously echoed; gate informational output appropriately on $verbose and $silent.
2021-10-26 20:24:26 -05:00
5293180566
linuxkm/module_exports.c.template: tweaks for FIPS compatibility.
2021-10-26 20:24:26 -05:00
ed33315f25
wolfcrypt/src/sp_int.c: add pragma to sp_set() to suppress false positive -Warray-bounds on gcc-11.
2021-10-26 20:24:26 -05:00
54b3f1b252
src/tls.c:TLSX_KeyShare_GenDhKey(): don't generate a key if one is already set.
2021-10-26 20:24:26 -05:00
34e88b0605
linuxkm: properly pass {AM_,}CPPFLAGS to Kbuild, and include kdf.h in module_exports.c.template.
2021-10-26 20:24:26 -05:00
b673622322
FIPS 140-3 misc fixes including fixes for rebase errors.
2021-10-26 20:24:26 -05:00
b615309a7b
update FFDHE4096 test with the updated usage
2021-10-26 20:24:26 -05:00
c31ed64eb5
Add guard around the public key check for DH to skip it when we have
...
the condition to perform the small key test. The small key is
mathematically valid, but does not necessarily pass the SP 800-56Ar3
test for DH keys. The most recent FIPS build will add the tested file.
This change is only used in the older FIPS releases and in some rare
configurations that include the small key test.
2021-10-26 20:24:26 -05:00
aeb8f5bb51
For the WIN10 user_settings, remove the forced set of FIPS version to 5.
2021-10-26 20:24:26 -05:00
b00b95ef6c
Cofactor flag in wolfcrypt test needed a guard.
2021-10-26 20:24:26 -05:00
f53a4db4e7
Unwind a few changes adding guards so it'll build with old FIPS.
2021-10-26 20:24:26 -05:00
b54459ace3
When the ECC PCT verify result is 0, the PCT fails.
2021-10-26 20:24:26 -05:00
175bab9a6f
Add missed step in DH key pair generation.
2021-10-26 20:24:26 -05:00
b815939c53
Add missing settings for the Windows 10 FIPS build.
2021-10-26 20:24:26 -05:00
f42106201a
In the RSA PCT, initialize the plain output pointer.
2021-10-26 20:24:26 -05:00
aa3fb6f0d0
Update visibility on a SP math function for DH.
2021-10-26 20:24:26 -05:00
04ffd2ab45
Fixes:
...
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
2021-10-26 20:24:26 -05:00
3eaeaf3a57
Add sign/verify PCT to ECC.
2021-10-26 20:24:25 -05:00
9bf36f329a
Add sign/verify PCT to RSA key gen.
2021-10-26 20:24:25 -05:00
5d7c6dda72
Restore the PCTs to ECC and DH.
2021-10-26 20:24:25 -05:00
1065d2accf
Fix some Windows build warnings.
2021-10-26 20:24:25 -05:00
9022762e5a
Check to see if a pointer is nonnull that is expected to be.
2021-10-26 20:24:25 -05:00
908ec9b14a
Modify ffdhe to not return addresses.
2021-10-26 20:24:25 -05:00
ebdadefb9a
Update WIN10 user_settings.h for new FIPS build.
2021-10-26 20:24:25 -05:00
f49a09749e
When building for FIPS, the unit test will run all the CASTs up front.
2021-10-26 20:24:25 -05:00
52432382a2
Add kdf.c to the Windows builds.
2021-10-26 20:24:25 -05:00
82e63cee1e
Remove the unused ECDSA PCT tests in the CAST list.
2021-10-26 20:24:25 -05:00
ae7a2e5a48
Remove the unused RSA PCT test in the CAST list.
2021-10-26 20:24:25 -05:00
7af87e5b32
Restore the HKDF code to hmac.c. For compatibility between FIPS builds.
2021-10-26 20:24:25 -05:00
54a1b4c881
Remove redundant pairwise test from DH and ECC.
2021-10-26 20:24:25 -05:00
c5d575c8ae
Remove RDSEED from the intel asm build.
2021-10-26 20:24:25 -05:00
f69b6ac5eb
Add missing verify curves into configure. Copy the kdf files when building for FIPSv5.
2021-10-26 20:24:25 -05:00
c0e6a55aaa
Skip the small key DH test for SP and FFDHE builds.
2021-10-26 20:24:25 -05:00
3b5c8231c2
Move the PCT down to where it used to be located as CheckKeyPair.
2021-10-26 20:24:25 -05:00
6cf186696e
Update the BUILD_FIPS_V4 flag to V5. Consolidate the Makefile include for the flavors of FIPS.
2021-10-26 20:24:25 -05:00
2de6b3b2bd
Move the KDF functions into their own source file.
2021-10-26 20:24:25 -05:00
f78887d2ab
Add 'static' to the test vector arrays for the SSH KDF test.
2021-10-26 20:24:25 -05:00
dee2a67720
Change visibility of wc_GenerateSeed() to API.
2021-10-26 20:24:25 -05:00
86c040a3ae
Rename the PCT error codes to remove 'FIPS' since they can be enabled without FIPS.
2021-10-26 20:24:25 -05:00
9c5607a677
Add guard around ECC PCT for builds without validate keygen.
2021-10-26 20:24:25 -05:00
7a2b661c0c
Add types for the RNG seed callback and the OS_Seed.
2021-10-26 20:24:25 -05:00
133faea89a
Hushed compiler warnings about unused variables.
2021-10-26 20:24:25 -05:00
a967cbcb7b
56Ar3 Testing Updates
...
1. Add PCTs for ECC and FFC.
2. Update the public key checks for ECC and FFC.
2021-10-26 20:24:25 -05:00
976402e04b
RNG Update
...
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
as a default callback.
2. Modify all the tests and examples to use the default seed callback if
the seed callback is enabled.
2021-10-26 20:24:25 -05:00
0c6d8cfc22
If the RNG seeding callback is missing or returns an error, the RNG instantiate fails.
2021-10-26 20:24:25 -05:00
c6486d7392
Removed an outdated comment.
2021-10-26 20:24:25 -05:00
a562db82ef
1. Rename and relabel the FIPS 140-3 option as wolfCrypt v5.
...
2. Make sure the correct SHA assembly files are copied over for the latest FIPS build.
2021-10-26 20:24:25 -05:00
c47e354eed
Add callback option for RNG seeding.
2021-10-26 20:24:25 -05:00
bffe4f64dd
Add option to fips-check script to checkout specific named files from the FIPS tag.
2021-10-26 20:24:25 -05:00
a2f802199d
DH key gen should call DH check key.
2021-10-26 20:24:25 -05:00
e3b2be5ea3
ECC key gen should call ECC check key.
2021-10-26 20:24:25 -05:00
1f67e4519c
Restrict AES-GCM IV minimum size to 96-bits for newer FIPS builds.
2021-10-26 20:24:25 -05:00
e03b29966c
Remove MD5 and old TLS from the newest FIPS build.
2021-10-26 20:24:25 -05:00
17a4c891ce
Add CASTs for TLSv1.2, TLSv1.3, and SSH KDFs.
2021-10-26 20:24:25 -05:00
1fcf33b898
Fix another configure error due to rebase.
2021-10-26 20:24:25 -05:00
e32c58d533
Add RSA PAT.
2021-10-26 20:24:25 -05:00
9656b83a03
Add ECDSA-KAT CAST.
2021-10-26 20:24:25 -05:00
3994a6b5e7
FIPSv3
...
1. Remove the CAST IDs for the redundant RSA tests.
2. Remove the flags in configure.ac that enable the keys for the redundant RSA tests.
2021-10-26 20:24:25 -05:00
90752e89fb
Restore a configure check lost in a rebase.
2021-10-26 20:24:25 -05:00
6dfef1400d
Use the new APIs for HKDF extract with label.
2021-10-26 20:24:25 -05:00
e67bbf7526
1. Add flag to DH keys when using safe parameters.
...
2. The LN check is skipped when using safe parameters.
3. Enable all FFDHE parameter sets when building for FIPS 140-3.
2021-10-26 20:24:25 -05:00
7f64fc4efb
Move the TLSv1.3 KDF into wolfCrypt with the other KDFs.
2021-10-26 20:24:25 -05:00
38064bb396
Add HMAC-SHA2-512 to the TLSv1.2 PRF.
2021-10-26 20:24:25 -05:00
c7ea896759
Add prototype for the ssh-kdf test in the wolfCrypt test.
2021-10-26 20:24:24 -05:00
de4af35f89
KDF Update
...
1. Move wolfSSH's KDF into wolfCrypt.
2021-10-26 20:24:24 -05:00
a49125e613
FIPS KDF Update
...
1. Copied the TLSv1.2 PRF into hmac.c since it uses it and the TLSv1.3
HKDF is in there as well.
2. Added guard around the old TLS PRF so that it switches in correctly
for older FIPS builds only.
2021-10-26 20:24:24 -05:00
a935f2f86d
FIPS CAST Update
...
1. In the unit test, when checking the build options, also check for
FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
getting called, so the FIPS flags didn't get checked. (It was using
wc_InitSha_ex() which bypasses the FIPS checks.)
2021-10-26 20:24:24 -05:00
11fb1abe74
Fix a bad assignment in the configure script.
2021-10-26 20:24:24 -05:00
e855654fff
FIPS CAST Update
...
1. Added a public API to run a CAST.
2. Added the other test certs for the RSA tests.
3. Added IDs for the new RSA tests and the SHA3-pairwise test.
2021-10-26 20:24:24 -05:00
a5032e8087
Update the fips-check script to pull the sources from GitHub rather than
...
from a directory on a local machine.
2021-10-26 20:24:24 -05:00
df859d30f3
FIPS 140-3
...
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
EccMakeKey().
2021-10-26 20:24:24 -05:00
1683644e77
FIPS 140-3
...
1. Fix issue with FIPS Ready and FIPS 140-3. FR acts at the latest
version in the code, but that leaves DES3 out of the build. The code
was still including the header. Force DES3 disabled in FIPS Ready
builds.
2021-10-26 20:24:24 -05:00
9e92c118ed
FIPS 140-3
...
1. Add the old known answer test prototype back into fips_test.h for FIPSv2 builds.
2021-10-26 20:24:24 -05:00
f1bd79ac50
FIPS 140-3
...
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
2021-10-26 20:24:24 -05:00
d27a49b98c
Merge pull request #4507 from cconlon/cavpselftest2
...
fix CAVP selftest v2 build error in test.c
2021-10-27 06:04:06 +07:00
4825534062
Merge pull request #4500 from cconlon/errorQueueFix
...
fix wc_ERR_print_errors_fp() unit test with NO_ERROR_QUEUE
2021-10-27 05:56:32 +07:00
4235602c1e
SP: change to sp_c32.c now in scripts caused changes to sp_c64.c
2021-10-27 08:46:32 +10:00
3d5eea8f56
fix for disable memory build
2021-10-26 16:17:32 -06:00
fdf2b711f7
cmake: add SNI and TLSx
2021-10-26 15:03:29 -07:00
583a50a3f6
account for case where XTIME returns an unsigned type
2021-10-26 15:50:11 -06:00
a08b2db692
Fix for session ticket handling with error cases. Session ticket callback return code failures were still trying to do resumption. Behavior broken in PR #3827 .
2021-10-26 11:37:01 -07:00
9c665d7282
Merge pull request #4501 from embhorn/zd13114
...
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 10:47:59 -07:00
87baf7818e
Merge pull request #4505 from julek-wolfssl/fix-nids
...
Make NID's consistent v2
2021-10-26 10:29:42 -07:00
5810e45cb7
fix CAVP selftest v2 build error in test.c
2021-10-26 10:33:05 -06:00
529f1c63dd
Merge pull request #4503 from SparkiDev/opensslcoexist_ed
...
ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist
2021-10-26 09:19:08 -07:00
19feab7850
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 07:14:53 -05:00
48b304be00
Fix issues with AIA_OCSP_OID and AIA_CA_ISSUER_OID
2021-10-26 11:47:27 +02:00
348fec3d29
wc_ClearErrorNodes is a local API that is not exported for linking
2021-10-26 09:14:48 +02:00
fa3cf590d5
Fix NID conflicts
...
- `NID_sha224` conflicted with `NID_sha1WithRSAEncryption`
- `NID_commonName` conflicted with `PBE-SHA1-3DES`
- `NID_X9_62_prime239v3` conflicted with `AES128CBCb`
- `NID_md5` conflicted with `NID_surname`
- `NID_md2WithRSAEncryption` conflicted with `NID_localityName`
- `NID_md5WithRSAEncryption` conflicted with `NID_stateOrProvinceName`
NID conflicts found by examining the runtime values in `wolfssl_object_info`
2021-10-26 09:14:34 +02:00
57b9170ac0
Make NID's consistent
...
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-26 09:14:25 +02:00
08d9b145d9
ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist
...
Change SSL_FATAL_ERROR to WOLFSSL_FATAL_ERROR
2021-10-26 15:50:52 +10:00
49e29eb811
Merge pull request #4504 from wolfSSL/revert-4429-fix-nids
...
Revert "Make NID's consistent"
2021-10-26 00:09:56 -05:00
a0c7c079b8
Revert "Make NID's consistent"
2021-10-25 21:57:28 -07:00
cdf72facbf
Merge pull request #4429 from julek-wolfssl/fix-nids
...
Make NID's consistent
2021-10-26 09:59:26 +10:00
905683c98c
Merge pull request #4496 from dgarske/sniffer_keywatch
...
Fix for sniffer key watch callback
2021-10-26 09:55:17 +10:00
6070981366
Merge pull request #4490 from dgarske/static_mem_unittest
...
Add CTX static memory API unit tests
2021-10-26 09:52:14 +10:00
aa72f0685d
Merge pull request #4499 from SparkiDev/dec_ku_len
...
KeyUsage dcoding: Ensure data length is 1 or 2
2021-10-25 15:11:18 -07:00
a8b6304e19
add unit test for wc_PKCS7_VerifySignedData_ex() with detached signature and content digest only
2021-10-25 15:52:19 -06:00
322cb05852
adjust PKCS7_VerifySignedData to correctly verify precomputed content hash with detached signature
2021-10-25 14:46:10 -06:00
eb0b6ca122
fix unit test for wc_ERR_print_errors_fp() when NO_ERROR_QUEUE is defined
2021-10-25 13:50:39 -06:00
517225e135
Merge pull request #4497 from cconlon/authInfo
...
fix nid2oid/oid2nid for oidCertAuthInfoType
2021-10-25 09:29:09 -07:00
8e6c6e7757
KeyUsage dcoding: Ensure data length is 1 or 2
2021-10-25 09:22:31 +10:00
bf2b13939f
Merge pull request #4329 from kaleb-himes/OE22-Porting-Changes
...
Oe22 porting changes
2021-10-22 16:16:26 -07:00
402ee29163
fix nid2oid/oid2nid for oidCertAuthInfoType
2021-10-22 16:53:18 -06:00
e4da9c6f48
Fix for sniffer key callback. Fix for building sniffer without RSA. Fix for wolfCrypt test cert ext without RSA.
2021-10-22 14:29:06 -07:00
5859779ddf
Check-in non-FIPS specific porting changes for OE22
...
Fix no new line
Change comment style in testsuite.c
Add include for proper socket header in wolfio.h
Add dc_log_printf support to benchmark application
Pull in changes for examples
Refector NETOS check in test.c
Fix format and remove settings used only for validation testing
Implement peer review feedback
Address last items noted in peer review
Add new README to include.am
Adjust comment style on TODO
Gate changes in client and server properly
Add static on customer feedback
Fix settings include
Update latest peer feedback
2021-10-22 15:01:14 -06:00
d83d16af59
Merge pull request #4483 from julek-wolfssl/cov-reports
2021-10-22 13:07:57 -07:00
229f0d5fd1
Merge pull request #4485 from JacobBarthelmeh/certs
...
Improve permitted alternate name logic in certificate ASN handling
2021-10-22 11:59:16 -07:00
c027fffa92
Fix for CTX free heap hint issue. With openssl extra the param and x509_store.lookup.dirs are allocated at CTX init and if heap or static pool was used depends on ctx->onHeapHint. Added test case for this and inline code comment.
2021-10-22 11:58:02 -07:00
734a73dd35
Add missing null-check. Fix dead store.
2021-10-22 11:17:41 -07:00
f8178b4896
Merge pull request #4495 from utzig/fix-mmacu-sha256-warn
...
Fix MMCAU_SHA256 type warnings
2021-10-22 10:55:43 -07:00
587077856e
Merge pull request #4494 from utzig/fix-forcezero-comment
...
Fix comment that applies to fp_forcezero
2021-10-22 10:55:30 -07:00
c54f906678
Merge pull request #4492 from haydenroche5/pem_password_cb
...
Rename pem_password_cb to wc_pem_password_cb.
2021-10-22 10:51:47 -07:00
aad230a7e3
Restore a test case. Add a missing null-check.
2021-10-22 10:36:17 -07:00
4c0527490d
Fixes for API unit test with WOLFSSL_NO_ASN_STRICT. Fix spelling error.
2021-10-22 09:59:16 -07:00
29f4f09e6c
Fix MMCAU_SHA256 type warnings
...
Fix warnings in the usage of MMCAU_SHA256 routines, where digest is
expected to be `uint32_t*`, but is defined as `word32*`, which results
in:
```
expected 'uint32_t *' {aka 'long unsigned int *'} but argument is of
type 'word32 *' {aka 'unsigned int *'}
```
Signed-off-by: Fabio Utzig <utzig@apache.org >
2021-10-22 09:51:14 -03:00
a00e3024ce
Fix comment that applies to fp_forcezero
...
Fix comment mentioning the use of `ForceZero` besides `fp_clear`, which
uses `XMEMSET`, and puts it above `fp_forcezero` where it should belong.
Signed-off-by: Fabio Utzig <utzig@apache.org >
2021-10-22 09:01:31 -03:00
6e7dee3283
Change to compare each name to each matching type in permittedNames list.
2021-10-22 10:57:11 +10:00
0b6523d933
Rename pem_password_cb to wc_pem_password_cb.
...
Recently, we had a wolfEngine customer report a compilation error because
wolfSSL and OpenSSL both define the typedef pem_password_cb. The solution is to
namespace our typedef with the wc_ prefix. In order to not break existing code
that relies on wolfSSL providing pem_password_cb, if OPENSSL_COEXIST is not
defined, we define pem_password_cb as a macro that maps to wc_pem_password_cb.
2021-10-21 16:47:29 -07:00
b5f4a0c005
Improve API unit test to use X509_NAME_get_sz and make it widely available.
2021-10-21 16:42:19 -07:00
f17187aad9
Fixes for static memory testing. Fix clang memory sanitizer warnings.
2021-10-21 16:33:57 -07:00
785e37790a
Cleanup API test case debugging.
2021-10-21 12:35:06 -07:00
911d95e5e4
Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS.
2021-10-21 11:47:00 -07:00
37a976b4bf
Fix example server to support option 7 (which exists). Fix static mem size required with session cert (matches client now).
2021-10-21 11:41:30 -07:00
79b738b5a6
commit-test and jenkins fixes
2021-10-21 14:29:28 +02:00
44d8ab20e1
#456
2021-10-21 14:25:06 +02:00
f512514fd6
#450
2021-10-21 14:25:06 +02:00
a4a093ebed
#449
2021-10-21 14:25:06 +02:00
9e3ff9c92c
#427
2021-10-21 14:25:06 +02:00
9386a882b9
#424
...
Refactor d2i key API to use common code
2021-10-21 14:25:06 +02:00
4d5dceaa4e
#421
2021-10-21 14:25:06 +02:00
9d989689c6
#420
2021-10-21 14:25:06 +02:00
86f93e5c1b
#419
2021-10-21 14:25:06 +02:00
70901f0626
#257
2021-10-21 14:25:06 +02:00
3894021a53
#246
2021-10-21 14:25:06 +02:00
af64d4347d
#244
2021-10-21 14:25:06 +02:00
f7f12da8ec
#242
2021-10-21 14:25:06 +02:00
e70dfe7265
#239
2021-10-21 14:25:06 +02:00
3563585274
#240
2021-10-21 14:22:54 +02:00
df1d817f1f
#129
2021-10-21 14:22:54 +02:00
1d5f4a6664
#118
2021-10-21 14:22:54 +02:00
81c3f4b925
#114
2021-10-21 14:22:54 +02:00
1239a7f57d
#96
2021-10-21 14:22:54 +02:00
a1127be18e
#95
2021-10-21 14:22:54 +02:00
2678a3b981
#67
2021-10-21 14:22:54 +02:00
e97e8bc7d0
#59
2021-10-21 14:22:54 +02:00
5bacc0c9ab
In first |= op r always equals 0
2021-10-21 14:22:54 +02:00
8e6759384c
#40
2021-10-21 14:22:54 +02:00
344a07051e
#39
2021-10-21 14:22:54 +02:00
74cf332a8b
#37
2021-10-21 14:22:54 +02:00
e82ae7b072
#17
2021-10-21 14:22:54 +02:00
79682fd30a
#15
2021-10-21 14:22:54 +02:00
97c89dd072
#9
2021-10-21 14:22:54 +02:00
4268763adb
wc_ClearErrorNodes is a local API that is not exported for linking
2021-10-21 13:47:55 +02:00
642d0e0fba
Fix NID conflicts
...
- `NID_sha224` conflicted with `NID_sha1WithRSAEncryption`
- `NID_commonName` conflicted with `PBE-SHA1-3DES`
- `NID_X9_62_prime239v3` conflicted with `AES128CBCb`
- `NID_md5` conflicted with `NID_surname`
- `NID_md2WithRSAEncryption` conflicted with `NID_localityName`
- `NID_md5WithRSAEncryption` conflicted with `NID_stateOrProvinceName`
NID conflicts found by examining the runtime values in `wolfssl_object_info`
2021-10-21 13:01:57 +02:00
20473ba563
Make NID's consistent
...
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-21 13:01:57 +02:00
12f86b020a
clean up test case memory and common name size
2021-10-20 17:13:34 -06:00
817cd2f2a6
Merge pull request #4487 from haydenroche5/openssh
...
Make several changes to support OpenSSH 8.5p1.
2021-10-21 08:59:38 +10:00
ac3612bbef
Merge pull request #4469 from dgarske/android_keystore
...
Support for Android KeyStore compatibility API's
2021-10-21 08:30:08 +10:00
a9f467a6b0
Merge pull request #4457 from dgarske/zd13036
...
Fix for sniffer to trap negative size calculation
2021-10-21 08:17:52 +10:00
ff8e7609f5
Merge pull request #4458 from kosmas-valianos/SkipCRLnoCDP
2021-10-20 13:45:58 -07:00
f57801c17b
more name constraint test cases and adjust DNS base name matching to not require .
2021-10-20 14:25:02 -06:00
864f913454
Make several changes to support OpenSSH 8.5p1.
...
- Permit more wolfSSL_EC_POINT_* functions for FIPS builds. This requires one
workaround in wolfSSL_EC_POINT_mul where wc_ecc_get_generator isn't available.
- Permit more AES-GCM code in EVP code for FIPS v2 builds. It's unclear why this
code wasn't already available.
- Add EVP_CIPHER_CTX_get_iv to the compatibility layer.
- Clear any existing AAD in the EVP_CIPHER_CTX for AES-GCM when we receive the
EVP_CTRL_GCM_IV_GEN control command. OpenSSL does this, and OpenSSH is relying
on this behavior to use AES-GCM correctly.
- Modify ecc_point_test in testwolfcrypt so that it doesn't fail when doing a
FIPS build with HAVE_COMP_KEY defined.
2021-10-20 11:00:42 -07:00
e572c6b9d7
Merge pull request #4486 from dgarske/set_secret
2021-10-20 10:54:13 -07:00
1d6c7b542d
Update the user_settings.h template for Android, based on final testing.
2021-10-20 10:10:15 -07:00
6d2a5fab9b
Added test cases for EVP_PKCS82PKEY and EVP_PKEY2PKCS8.
2021-10-20 09:18:13 -07:00
ab6939d200
add new test cert to make dist
2021-10-19 23:34:03 -06:00
e0e43b6a16
clean up test case
2021-10-19 23:12:07 -06:00
3b73c6e3ae
handle multiple permitted name constraints
2021-10-19 23:12:07 -06:00
afee92e0cf
bail out when a bad alt name is found in the list of alt names
2021-10-19 23:12:07 -06:00
e5caf5124c
Merge pull request #4477 from luizluca/zero-terminate-constraints
...
ASN: zero-terminate name constraints strings
2021-10-19 21:16:46 -07:00
892685ac59
Merge pull request #4472 from utzig/ksdk-port-koblitz
...
nxp: ksdk: add support for Koblitz curves
2021-10-19 21:14:38 -07:00
a145f3107d
Merge pull request #4481 from SparkiDev/mod_exp_even
...
SP int: handle even modulus with exponentiation
2021-10-19 21:09:15 -07:00
4e7ce45a8c
Allow loading public key with PK callbacks also.
2021-10-19 17:04:18 -07:00
de8798f4be
Fix API unit tests where DH 3072-bit is not enabled.
2021-10-19 17:04:18 -07:00
a03ed32380
Support for Android KeyStore compatibility API's:
...
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
2021-10-19 17:04:18 -07:00
00bdc69284
Fix for wolfSSL_set_secret with DTLS where TLS v1.3 is not defined. Function assumed ssl->arrays->preMasterSecret was allocated.
2021-10-19 16:22:39 -07:00
f04380d624
Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode
...
scan-build LLVM-13 fixes and expanded coverage
2021-10-20 08:30:46 +10:00
d880403207
SP int: handle even modulus with exponentiation
...
Fix testing of mp_int to only call when implementation included.
2021-10-20 08:21:26 +10:00
7f5a3a4e74
Merge pull request #4484 from dgarske/memtest
...
Fix for openssl test with --enable-memtest (also DH test build edge case)
2021-10-20 08:19:30 +10:00
41eecd37e5
Merge pull request #4471 from embhorn/zd11886
...
Fix build errors with NO_BIO config
2021-10-20 08:06:42 +10:00
93f033823c
Merge pull request #4482 from miyazakh/mindowngarde_staticrsa
...
TLS 1.3: ServerHello downgrade with no extensions fix
2021-10-20 07:58:34 +10:00
d297a06c25
Fix for wolfCrypt test with custom curves without Brainpool. Tested all changes on NXP K82 LTC.
2021-10-19 13:12:12 -07:00
498884eadb
Fix for missing dhKeyFile and dhKeyPubFile with file system enabled, WOLFSSL_DH_EXTRA and USE_CERT_BUFFERS_2048 set.
2021-10-19 13:06:37 -07:00
dcb2ebba39
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
c0b592ef82
Fix build error with WOLFSSL_USER_IO
2021-10-19 08:27:43 -05:00
91cd2b1731
TLS 1.3 ServerHello additional fix for PR4439 in Static RSA case
2021-10-19 17:51:00 +09:00
768496be4a
scan-build LLVM-13 fixes: in examples/echoclient/echoclient.c, remove frivolous "break;", avoiding need to pragma-ignore clang -Wunreachable-code-break.
2021-10-18 21:46:10 -05:00
e341291d99
scan-build LLVM-13 fixes: tests/api.c: fix -Wunused-but-set-variable for drive_len in test_wolfSSL_EVP_Cipher_extra() by removing the unused drive_len code.
2021-10-18 21:46:10 -05:00
69bc801c13
scan-build LLVM-13 fixes: src/ssl.c: work around deadcode.DeadStores warning in wolfSSL_X509_REQ_sign() in a different way, avoiding WC_MAYBE_UNUSED.
2021-10-18 21:46:09 -05:00
76332069ea
examples/client/client.c: remove frivolous break to avoid need for PRAGMA_CLANG("clang diagnostic ignored \"-Wunreachable-code-break\"").
2021-10-18 21:46:09 -05:00
a5006d580c
scan-build LLVM-13 fixes: sp_int.c: drop "&& defined(SP_DEBUG_VERBOSE)" from preprocessor gates around debugging printfs.
2021-10-18 21:46:09 -05:00
007f01e7ec
scan-build LLVM-13 fixes: in src/tls.c TLSX_PopulateExtensions(), avoid -Wunreachable-code-return by refactoring iteration to use an array terminator (a new "WOLFSSL_NAMED_GROUP_INVALID" with value 0) rather than a compile-time-calculated constant of iteration.
2021-10-18 21:46:09 -05:00
816527e826
scan-build fixes: back out all "#ifndef __clang_analyzer__" wrappers added to suppress false and frivolous positives from alpha.deadcode.UnreachableCode, and rename new macro WC_UNUSED to WC_MAYBE_UNUSED to make its meaning more precisely apparent. build is still clean with -Wunreachable-code-break -Wunreachable-code-return under scan-build-13.
2021-10-18 21:46:09 -05:00
f621a93081
more scan-build LLVM-13 fixes and expanded coverage: deadcode.DeadStores in client.c and server.c (no functional changes).
2021-10-18 21:46:09 -05:00
62822be6ce
scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all.
2021-10-18 21:46:09 -05:00
7447a567e1
Merge pull request #4480 from JacobBarthelmeh/fuzzing
...
sanity check on q value with DSA sign
2021-10-19 11:10:51 +10:00
84b845c65b
Merge pull request #4478 from maximevince/zephyr-user-settings-override
...
Zephyr: Rename leftover CONFIG_WOLFSSL_OPTIONS_FILE
2021-10-19 09:51:15 +10:00
a50d1f4870
Merge pull request #4301 from julek-wolfssl/issue-4298
...
`mem_buf` only used with memory BIO
2021-10-18 10:29:55 -07:00
c07a7deec2
sanity check on q value with DSA sign
2021-10-18 10:17:49 -06:00
77895ac964
Rename leftover CONFIG_WOLFSSL_OPTIONS_FILE to CONFIG_WOLFSSL_SETTINGS_FILE
...
Signed-off-by: Maxime Vincent <maxime@veemax.be >
2021-10-16 15:43:21 +02:00
0e3218dcd0
ASN: zero-terminate name constraints strings
...
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com >
2021-10-15 20:19:05 -03:00
b2c003d7d4
Fix for sniffer to trap negative sslBytes. Revert logic from PR 3493 blocking out of range sequence numbers. Fix ack sequence rollover logic. ZD13036
2021-10-15 11:31:53 -07:00
60adf22ce1
Merge pull request #4468 from SparkiDev/sp_fixes_6
...
SP: regenerated SP code
2021-10-15 02:27:19 -05:00
b2b39f01b7
Merge pull request #4474 from cconlon/includekds
...
include IDE/KDS in make dist archive
2021-10-15 08:33:23 +10:00
7bd92e606b
Merge pull request #4473 from JacobBarthelmeh/dks7g2
...
Update DK-S7G2 README.md
2021-10-14 16:29:08 -06:00
17e0249a26
Fixing NO_BIO and OPENSSL_ALL errrors
2021-10-14 16:03:52 -05:00
228f1e233a
include IDE/KDS in make dist archive
2021-10-14 14:01:19 -06:00
82a1c4b9f1
Update DK-S7G2 README.md
2021-10-14 13:09:42 -06:00
2aa2ef84b2
Merge pull request #4470 from LinuxJedi/md-cleanups
...
Cleanup markdown documentation
2021-10-14 11:04:48 -07:00
ed243b3327
nxp: ksdk: add support for Koblitz curves
...
The Kinetis port implementation currently only supports SECP random
curves. This commit expands it to also support the accepted SECP
koblitz curves, based on user settings. The implementation also makes
it easy to add Brainpool curves.
Signed-off-by: Fabio Utzig <utzig@apache.org >
2021-10-14 12:33:30 -03:00
61bab6f68b
Fix test build errors with NO_BIO
2021-10-14 09:37:01 -05:00
1396c46281
Fix build errors with NO_BIO config
2021-10-14 09:06:54 -05:00
4c70ac73f1
Merge pull request #4467 from dgarske/smtp
...
Example client: fix for SMTP temp buffer size
2021-10-14 08:16:42 +10:00
b93b7b07a9
Merge pull request #4463 from JacobBarthelmeh/fuzzing
...
DSA: add check on bit length of q
2021-10-14 08:06:53 +10:00
11e3f867b0
Cleanup markdown documentation
...
* Add syntax highlighting where appropriate
* Fix some markdown compliance issues
* Add some links for things
* Add some inline code quoting
* Fix some headings
* Fix copyright date in doxygen html output
2021-10-13 16:39:46 +01:00
cc63668691
Merge pull request #4445 from TakayukiMatsuo/tsip113
...
Add support for TSIPv1.13
2021-10-13 09:26:58 -06:00
5748818427
SP: regenerated SP code
2021-10-13 08:37:38 +10:00
7f1dbd8709
Merge pull request #4420 from douzzer/smallstack-ge-sp
...
SP, Ed25519: smallstack
2021-10-13 08:33:36 +10:00
03d2e9ad8c
Merge pull request #4466 from embhorn/zd13059
...
Fix for ecc_projective_*_safe visibility
2021-10-13 08:27:47 +10:00
bc97539756
Increase the size of the temp buffer for starttls. Some SMTP servers send larger messages.
2021-10-12 15:13:38 -07:00
b9b5661550
Merge pull request #4465 from LinuxJedi/stm32-fixes
...
Minor STM32F1 fixes
2021-10-12 11:57:18 -07:00
66c4b6d270
Improve STM32 documentation
...
Walk through how to create a new STM32CubeMX project for wolfSSL.
2021-10-12 17:13:41 +01:00
be6bf5687b
Fix for ecc_projective_*_safe visibilty
2021-10-12 11:12:42 -05:00
97883d78ac
Minor STM32F1 fixes
...
* Not all STM32 RTCs support subseconds in the time struct, so this is
now ifdef'd using the only obvious define which exists when subseconds
exist.
* Let wc_GenerateSeed detect STM32's without RNG correctly.
* wolfCrypt test was attempting to use variables that don't exist when
both WOLFSSL_SMALL_STACK and WC_NO_RNG is defined.
2021-10-12 16:20:36 +01:00
f20f883e94
Merge pull request #4464 from SparkiDev/tls_hs_state_fix
...
TLS: don't set the handshake state to the record type
2021-10-12 08:18:17 -07:00
ec78b2e368
Merge pull request #4322 from dgarske/se050_branch
...
NXP SE050 Support
2021-10-12 07:37:58 -07:00
6fbc9be71a
Merge pull request #4462 from guidovranken/zd13048
...
Check return value of mp_grow in mp_mod_2d
2021-10-12 11:36:59 +10:00
544e64f9e4
TLS: don't set the handshake state to the record type
2021-10-12 08:52:58 +10:00
69d5405e91
Merge pull request #4350 from cconlon/pythonCompatD
...
OpenSSL compatibility fixes: BIO_set_nbio(), SHA3 NID, WOLFSSL_PYTHON
2021-10-12 08:14:34 +10:00
70894383ce
Fix for new SHA512 224/256 support with NXP SE050.
2021-10-11 13:01:38 -07:00
90a51490a9
Peer review feedback. Improvements with small stack.
2021-10-11 11:54:03 -07:00
0c1d12c224
Improve keyId logic. Fix minor compile warnings. Change wc_se050_set_config to match naming convention of other function in port.
2021-10-11 11:53:21 -07:00
09ce1e3c5f
Improvements to the key id allocation
2021-10-11 11:53:21 -07:00
185d48938d
Fixes for building NXP SE050. Add support for automatic initialization of the SE050 if WOLFSSL_SE050_INIT is defined. Optionally can override the portName using SE050_DEFAULT_PORT.
2021-10-11 11:53:21 -07:00
2028d8b63d
Add missing se050_port.h.
2021-10-11 11:53:21 -07:00
29f051e585
Fixes and cleanups for NXP SE050 support.
2021-10-11 11:53:19 -07:00
3f76a76c46
SE050 port with support for RNG, SHA, AES, ECC (sign/verify/shared secret) and ED25519
2021-10-11 11:52:12 -07:00
63c9fa7a37
add check on bit length of q with DSA
2021-10-11 09:52:57 -06:00
b8c4e89ea0
Merge pull request #4460 from dgarske/test_init
...
Refactor API unit test named initializer code for `callback_functions`
2021-10-11 08:25:38 +10:00
511c74ea52
Merge pull request #4456 from dgarske/zd13032
...
Fix to not try OCSP or CRL checks if there is already an error
2021-10-11 08:20:58 +10:00
0522e19fc1
Check return value of mp_grow in mp_mod_2d
...
ZD13048
2021-10-10 21:02:03 +02:00
a395305cab
Refactor API unit test named initializer code for callback_functions, to avoid older g++ build issues.
2021-10-08 14:04:21 -07:00
f757318eeb
Merge pull request #4454 from dgarske/static_mem
...
Fix for `Bad memory_mutex lock` on static memory cleanup
2021-10-09 00:13:10 +07:00
8760f39476
Skip CRL verification in case no CDP in peer cert
2021-10-08 13:16:08 +02:00
854512105f
Merge pull request #4314 from SparkiDev/libkcapi
...
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
2021-10-07 21:23:05 -07:00
e0abcca040
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
...
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
dd6e4093b3
Merge pull request #4448 from JacobBarthelmeh/Compatibility-Layer
...
remove error queue from JNI build and set a default upper bound on it
2021-10-08 08:35:03 +10:00
668f8700a4
Fix to not try OCSP or CRL checks if there is already an error. This fix prevents an error code from being overwritten if there is already a failure. ZD13032
2021-10-07 15:30:16 -07:00
725e503c57
Merge pull request #4451 from SparkiDev/asn_templ_fix_1
...
ASN template: replicate AddAltName change in template code
2021-10-07 09:23:37 -07:00
8c178118a4
Configure: add option to enable alternate certificate chains ( #4455 )
2021-10-07 11:14:51 +10:00
9d2082f7e1
Fixes and improvements for crypto callbacks with TLS (mutual auth) ( #4437 )
...
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.
* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.
* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.
* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.
* Fix to use proper devId in `ProcessBufferTryDecode`.
* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.
* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.
* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
2021-10-07 11:12:06 +10:00
dfbdcf9400
ASN template: replicate AddAltName change in template code
2021-10-07 09:51:56 +10:00
34c9367cbe
refactor location of error queue count and consolidate no error queue macro
2021-10-06 11:55:40 -06:00
928f4ad430
Merge pull request #4452 from LinuxJedi/stm32-readme-fix
...
Fixes to STM32 README
2021-10-06 10:07:41 -07:00
9f57345614
Fix for Bad memory_mutex lock on static memory cleanup (was free'ing mutex then trying to use it).
2021-10-05 13:46:42 -07:00
da15356c2a
Merge pull request #4444 from anhu/pq_bench
...
Benchmarking the supported groups.
2021-10-05 09:52:51 -07:00
43ffe26133
Merge pull request #4430 from embhorn/zd12976
...
Add support for X9.42 header
2021-10-05 23:47:42 +07:00
fd54dc4838
Fixes to STM32 README
...
* Reordered things so that the installation of the Cube Pack comes
before the Cube Pack usage.
* Added another way to find the pack installation menu (because I'm
blind to the box on the screen apparently).
* Two extra steps in the Cube Pack Usage that were missing (6 & 8)
* Added syntax highlighting to the markdown.
2021-10-05 14:19:35 +01:00
310a75ff43
Merge pull request #4449 from SparkiDev/fix_1
...
X509 name: remove unused variable
2021-10-04 20:01:04 -07:00
024c59a04c
Merge pull request #4439 from SparkiDev/tls13_min_down_no_ext
...
TLS 1.3: Check min downgrade when no extensions in ServerHello
2021-10-04 16:39:29 -07:00
152da35ca4
X509 name: remove unused variable
2021-10-05 09:06:10 +10:00
41b9b14cfb
whitespace
2021-10-04 18:35:09 -04:00
f77a5e26b5
semi-colon --> colon and use wolfTLSv1_3_server_method when NO_WOLFSSL_CLIENT.
2021-10-04 18:31:28 -04:00
b582e152ea
add test case max error queue size
2021-10-04 14:52:05 -06:00
310ab6692a
Drop a function brace and WOLFSSL_TLS13.
2021-10-04 13:56:01 -04:00
40ac1c4dd2
remove error queue from JNI build and put a default max on error queue size
2021-10-04 11:45:18 -06:00
0bee624ee5
Merge pull request #4447 from lealem47/oqs-doc
2021-10-04 13:03:46 -04:00
1440b8966d
Add test for X9.42 parsing
2021-10-04 11:05:58 -05:00
4084928d93
Slight changes to liboqs documentation in INSTALL and example client/server
2021-10-02 13:14:32 -06:00
72ea8dffe2
Add support for TSIPv1.13
2021-10-02 07:03:12 +09:00
0abbd9b1ec
Merge pull request #4438 from ejohnstown/dtls-big
...
DTLS Related Fixes
2021-10-01 13:04:20 -07:00
2fa0114d54
Benchmarking the supported groups.
2021-10-01 15:38:07 -04:00
97d96c6cf8
Merge pull request #4422 from haydenroche5/cmake
...
Add a CMake option to build wolfcrypt test and bench code as libraries.
2021-10-01 12:32:50 -07:00
774bc36603
Merge pull request #4061 from JacobBarthelmeh/sessionExport
2021-10-01 10:21:42 -07:00
cd2bd0b7a3
Enable All Disable DTLS fixes
...
1. Remove mcast and jni from enable-all.
2. Add comment to DTLS section.
Testing `./configure --enable-all --disable-dtls` would leave DTLS still
enabled. enable-all was also enabling mcast, which it doesn't need to
do, that would force DTLS back on. JNI also forces DTLS on. The other
language wrappers are not included in enable-all, so leave JNI out.
2021-10-01 09:56:58 -07:00
faca24c00d
Merge pull request #4434 from SparkiDev/armv8_nighlty_1
2021-10-01 09:06:33 -07:00
d48dc55611
Merge pull request #4440 from SparkiDev/jenkins_powerpc_fix_1
...
ASN: tidy up SetAsymKeyDerPublic()
2021-10-01 08:17:12 -07:00
a575595e5f
Merge pull request #4256 from SparkiDev/arm_keil_fix
...
SP ARM Thumb support for Keil and performance improvements
2021-10-01 07:10:41 -07:00
4473e9335e
TLS 1.3: Check min downgrade when no extensions in ServerHello
...
TLS 1.3 ServerHello must have extensions, so server attempting to
downgrade, but min downgrade was not checked in that case.
2021-10-01 12:51:10 +10:00
66a6153456
Merge pull request #4436 from elms/makefile/add_ed448
...
GCC makefile: Add sources files
2021-09-30 18:44:36 -07:00
ca002b5ee9
ASN: tidy up SetAsymKeyDerPublic()
...
Also, nighlty PowerPC Jenkins test complained of use of uninitialized in
function. Ensure vars initialized despite not needing it.
2021-10-01 10:44:07 +10:00
6300989937
SP: Thumb assembly for older Keil compilers and optimize
...
Improve the generated instructions for multiplying 32 bits by 32 bits
and squaring 32 bits with 64 bit results.
Minimize loads in montgomery reduction, mul and sqr.
Pull conditional subtract into montgomery reduction assembly code.
Added unrolled square and multiply
Define WOLFSSL_SP_LARGE_CODE to use the unrolled versions.
2021-10-01 09:52:29 +10:00
98b1e93429
Merge pull request #4402 from JacobBarthelmeh/Compatibility-Layer
2021-09-30 15:53:58 -07:00
f1a0d00f4e
GCC Makefile: wrap async and selftest
2021-09-30 15:51:19 -07:00
ed8b87306d
account for test case where psk and anon is off
2021-09-30 15:48:55 -06:00
b0de40d10a
Forgive a DTLS session trying to send too much at once. (ZD12921)
2021-09-30 14:27:21 -07:00
2dfc3f308b
GCC makefile: Add other missing source files
2021-09-30 14:25:15 -07:00
998c7a9cb9
Merge pull request #4435 from anhu/docfix
2021-09-30 09:50:38 -07:00
cb4b57c5c7
add tls 1.3 test case
2021-09-30 10:08:47 -06:00
833c9d3f71
Fix INSTALL file to specify levels.
2021-09-30 09:43:32 -04:00
38cfec89e8
ARMv8: fix configurations
...
Poly1305: poly1305_block() is void for ARMv8 ASM
SHA512: explicitly include cryptocb.h.
AES: set keylen for EVP API
AES: Implement streaming AES-GCM.
2021-09-30 10:33:08 +10:00
cf1ce3f073
Add get_default_cert_file/env() stubs, SSL_get/set_read_ahead(), SSL_SESSION_has_ticket/lifetime_hint() ( #4349 )
...
* add wolfSSL_X509_get_default_cert_file/file_env/dir/dir_env() stubs
* add SSL_get_read_ahead/SSL_set_read_ahead()
* add SSL_SESSION_has_ticket()
* add SSL_SESSION_get_ticket_lifetime_hint()
* address review feedback - comments, return values
* make SSL_get_read_ahead() arg const
* add unit tests for SESSION_has_ticket/get_ticket_lifetime_hint
* test for SESSION_TICKET_HINT_DEFAULT in api.c for wolfSSL_SESSION_get_ticket_lifetime_hint()
* fix variable shadow warning in api.c
2021-09-30 08:35:23 +10:00
bcd6930581
Various OpenSSL compatibility expansion items, for Python 3.8.5 ( #4347 )
...
* make ASN1_OBJECT arg const in OBJ_obj2txt
* add ERR_LIB values to openssl/ssl.h
* add missing alert type definitions in openssl/ssl.h
* add definition for X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, no support
* define value for X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
* use correct CRYPTO_THREADID arg type for wolfSSL_THREADID_set_callback callback
* add handshake type defines for compat layer message callback types
* define ASN1_R_HEADER_TOO_LONG for compatibility builds
* use correct return type for wolfSSL_THREADID_set_callback, remove Qt code no longer needed
2021-09-30 08:32:49 +10:00
95b9fae605
Add DIST_POINT compatibility functions ( #4351 )
...
* add DIST_POINT compatibility functions
* switch X509_LU_* from enum to define, prevent compiler type warnings
* refactoring, adding in comments, and formating
* refactoring and a memory leak fix
* cast return value for g++ warning
* refactor wolfSSL_sk_DIST_POINT_pop_free and remove NULL assign after free
* fix get next DIST_POINT node for free function
Co-authored-by: Jacob Barthelmeh <jacob@wolfssl.com >
2021-09-30 08:27:39 +10:00
707385724e
adjust macro guard around test cases
2021-09-29 13:28:20 -06:00
5f9f6fd9fa
add some test cases and use allocator
2021-09-29 12:02:26 -06:00
ecf7dea6a1
Merge pull request #4433 from anhu/unit_tests
...
Unit tests for post-quantum groups.
2021-09-29 10:31:00 -07:00
dd7b62d067
fix for use with idea enabled
2021-09-29 11:15:51 -06:00
f46f69c1dc
GCC makefile: Add ed448 files
2021-09-29 08:17:44 -07:00
ae47cb3bcd
update check on is TLS, update macro guard for test case
2021-09-28 16:57:30 -06:00
a55cedd357
Fixup in response to dgarske comments
2021-09-28 18:36:18 -04:00
0e80923fb3
Unit tests for post-quantum groups.
...
Also, fixes for the things they caught such as:
- ssl->arrays->preMasterSecret is pre-allocated so copy into it instead of
moving ownership of buffer.
- server does not need to save the public key.
- in TLSX_KeyShare_Parse() don't call TLSX_KeyShare_Use() because its done in
TLSX_PopulateExtensions().
- in TLSX_KeyShare_Use(), the server generates the ciphertext while the client
generates the public key.
- in TLSX_PopulateExtensions(), prevent client from calling TLSX_KeyShare_Use()
because its already been done.
- Support longer curve/group names.
2021-09-28 17:16:44 -04:00
f4be011b91
Merge pull request #4432 from haydenroche5/cmake_user_settings
...
Don't automatically set BUILD_ED25519_SMALL and BUILD_CURVE25519_SMALL in the CMake build when using user_settings.h.
2021-09-28 14:01:39 -07:00
a4f927999f
Merge pull request #4431 from haydenroche5/is_on_curve_fips
...
Don't compile wolfSSL_EC_POINT_is_on_curve for FIPS.
2021-09-28 09:42:08 -07:00
a9870d59a3
Don't automatically set BUILD_ED25519_SMALL and BUILD_CURVE25519_SMALL in the
...
CMake build when using user_settings.h.
See https://github.com/wolfSSL/wolfssl/pull/4367 for the same change to the
autotools build.
2021-09-28 09:00:50 -07:00
6a0bc995a0
Don't compile wolfSSL_EC_POINT_is_on_curve for FIPS.
...
This function uses wc_ecc_point_is_on_curve, which isn't in the current (v2)
FIPS module.
2021-09-27 16:08:04 -07:00
847b8f9a1f
Reduce openssl verbosity in BIO due to PEM_X509_INFO_read_bio reading 1 byte at a time. Remove duplicate PEM_X509_INFO_read_bio macro. ( #4428 )
2021-09-28 08:21:23 +10:00
702ba65b1c
Add support for X9.42 header
2021-09-27 15:37:11 -05:00
6e7c6e8a66
add comments to dox header file
2021-09-27 14:01:15 -06:00
41f3a006ac
sanity check on padding size imported
2021-09-27 14:01:15 -06:00
21181f2437
canned test was made without the wolfssl_idea enum on
2021-09-27 14:01:15 -06:00
13478a94a8
sanity check on block size with block cipher type
2021-09-27 14:01:15 -06:00
8b456b90e0
add test case for tls export/import
2021-09-27 14:01:15 -06:00
1929024029
fix for getting export buffer size
2021-09-27 14:01:15 -06:00
64f53c4e1b
fix macro name and make api public
2021-09-27 14:01:15 -06:00
22b6cc675a
add import/export of peer info with tls
2021-09-27 14:01:15 -06:00
2871fc670f
initial serialization of TLS session
2021-09-27 14:00:13 -06:00
943c98a45e
Fix some PKCS11 warnings and spelling errors. ( #4427 )
2021-09-27 08:23:48 +10:00
3bdce348e9
Added NID_pkcs9_contentType and ub_ to compatibility layer ( #4408 )
...
* Added `NID_pkcs9_contentType` and `ub_` values. ZD 11742
* Improve the API unit test. Also only include when `WOLFSSL_CERT_REQ` defined.
2021-09-27 08:21:53 +10:00
9e4ab9b638
Add BIO_up_ref(), PEM_read_DHparam(), EVP_MD_nid() ( #4348 )
...
* add BIO_up_ref
* add PEM_read_DHparams()
* add EVP_MD_nid()
* exclude PEM_read_DHparams when NO_FILESYSTEM defined
* review feedback: single threaded, indents, EVP_MD_nid
2021-09-27 08:20:37 +10:00
32e4d5ad70
Use record size instead of buffer size to validate alert length ( #4425 )
2021-09-27 08:05:13 +10:00
709a84f8b5
Add support for libwolfcrypttest and libwolfcryptbench to autotools flow.
...
These can be built by configuring with `--enable-crypttests-libs`.
2021-09-25 10:31:06 -07:00
302938d3c6
Improve wolfcrypt test/bench library comments.
...
These can be built as shared libraries, too, so the comments shouldn't be
specific about static libraries.
2021-09-25 10:30:01 -07:00
7319627533
Merge pull request #4423 from elms/gcc_makefile_options
...
GCC makefile: allow overriding and provide more flexibility
2021-09-24 14:07:48 -07:00
9634a54b8f
Improve CMake build option handling.
...
Prior to this commit, we only allowed CMake options to be specified according to
a finite set of values. For example if an option "WOLFSSL_FEATURE" was permitted
to take only the values "yes" and "no" and a user ran
`cmake -DWOLFSSL_FEATURE=ON`, that would fail because ON isn't in `[yes, no]`.
However, this behavior runs counter to CMake's way of evaluating boolean values,
which permits a variety of values that evaluate to true/false (see
https://cmake.org/cmake/help/latest/command/if.html#basic-expressions ). This
commit will allow the user to specify any value for a build option. If it's not
in the predefined set of values, we use CMake's "if" logic to reduce the value
to yes or no.
2021-09-24 13:54:18 -07:00
ec857f6f62
Add a CMake option to build wolfcrypt test and bench code as static libs.
...
Application code can use the resulting CMake targets or the static library
artifacts directly (e.g. libwolfcrypttest.a on *nix).
2021-09-24 13:54:18 -07:00
690b7d9800
GCC makefile: fix warning for hard fault format strings
2021-09-24 10:47:47 -07:00
0bf832bd2a
fix uninitialized variables
2021-09-24 23:22:04 +09:00
5b3dfabc32
Introduce global protoVerTbl for SSL_CTX_set_min/max_proto_version
2021-09-24 16:05:55 +09:00
8169e12975
Merge pull request #4424 from SparkiDev/rsa_dec_pkcs15
...
RSA: cast bitwise negate value to byte before converting to int
2021-09-23 21:47:36 -07:00
24e2eded1e
Add to the OpenSSL compatibility layer. ( #4404 )
...
- X509_get_extension_flags
- X509_get_key_usage
- X509_get_extended_key_usage
- ASN1_TIME_to_tm
- ASN1_TIME_diff
- PEM_read_X509_REQ
- ERR_load_ERR_strings
- BIO_ssl_shutdown
- BIO_get_ssl
- BIO_new_ssl_connect
- BIO_set_conn_hostname
2021-09-24 12:26:53 +10:00
d5a803d81d
RSA: cast bitwise negate value to byte before converting to int
2021-09-24 09:18:49 +10:00
33cb823148
Remove legacy NTRU and OQS ( #4418 )
...
* Remove NTRU and OQS
* Keep the DTLS serialization format backwards compatible.
* Remove n from mygetopt_long() call.
* Fix over-zealous deletion.
* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
23f4aadf27
GCC makefile: allow overriding and provide more flexibility
...
- older GCC and additional platforms
- `NO_EXAMPLES` to exclude building .o files
- add FIPS optional
2021-09-23 14:55:34 -07:00
79787eaaa4
Merge pull request #4419 from anhu/set1_groups_list
...
Make quantum-safe groups available to the compatibility layer.
2021-09-23 10:28:02 -07:00
82a3d79c2f
unnecessary variable init, else formatting in bio.c
2021-09-23 11:26:17 -06:00
a4609c612f
Merge pull request #4413 from kabuobeid/wpas_keying
...
Add HAVE_KEYING_MATERIAL requirement to WPAS, to use wolfSSL_export_keying_material
2021-09-23 10:20:34 -07:00
8818df2d34
Merge pull request #4415 from elms/ppc/define_gates_64bit_literals
...
Define gate fixes and sha3 64bit literal definitions
2021-09-23 10:18:03 -07:00
58a02495fe
Make the quantum-safe groups available to the OpenSSL compatibility layer.
2021-09-22 15:28:44 -04:00
b716c88e01
smallstack refactors for ge_double_scalarmult_vartime(), sp_ModExp_4096(), and sp_DhExp_4096().
2021-09-22 13:58:05 -05:00
e6e7795140
Make subj alt name order match openSSL ( #4406 )
2021-09-22 10:29:57 +10:00
df30a88dc6
Merge pull request #4414 from JacobBarthelmeh/devcrypto
...
update macro guard on SHA256 transform call
2021-09-21 10:03:51 -07:00
63a3eef97a
Merge pull request #4403 from dgarske/zd12852_sniffer
...
Sniffer improvements for handling TCP ack unseen and retransmission issues
2021-09-21 09:53:27 -07:00
7ec7faddef
Merge pull request #4405 from anhu/truncating_last_char
...
Fix for `set1_curves_list` ignoring last character
2021-09-21 08:49:53 -07:00
34c6e8f975
Merge pull request #4407 from douzzer/linuxkm-SIMD-IRQ
...
linuxkm-SIMD-IRQ
2021-09-20 14:57:38 -07:00
ef33445316
Define gate fixes and sha3 64bit literal definitions
...
Found when supporting PPC750
2021-09-20 13:48:34 -07:00
6d715130a2
linuxkm: cleanups and smallstack refactors related to WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED, associated linuxkm-SIMD-IRQ PR, and associated peer review:
...
smallstack refactors for wolfcrypt/src/rsa.c:wc_CheckProbablePrime_ex() and wolfcrypt/src/pwdbased.c:wc_PKCS12_PBKDF_ex();
add WARN_UNUSED_RESULT macro to types.h;
text format cleanup;
fix internal.c:LowResTimer() implementation.
refactor tls13.c:TimeNowInMilliseconds() for kernel 4.9 and 3.16 compat.
use ktime_get_coarse_real_ts64() only for kernel 5.x+. in kernel 4.x, use its older form, current_kernel_time64(), and in 3.x, use getnstimeofday().
linuxkm/module_hooks.c: fix wolfssl_init() pie code to be compatible with kernel 4.4-;
fix allocate_wolfcrypt_irq_fpu_states() return codes to all be wolfcrypt codes, and in calling code, pass up that code (suggested by dgarske peer review).
2021-09-20 13:46:51 -05:00
ec21dd6d13
miscellaneous buildability fixes:
...
configure.ac: fix ed25519/sha512 dependency test to not misfire when ENABLED_32BIT;
wolfssl/wolfcrypt/curve{25519,448}.h: fix redundant typedefs of curve{25519,448}_key (fixes -Wpedantic warnings);
configure.ac: fix for "ISO C forbids an empty translation unit [-Werror=pedantic]", re wolfcrypt/src/sp_c{32,64}.c;
configure.ac: fixes for --enable-32bit versus pedantic "ISO C forbids an empty translation unit", including explicit exclusion of 32bit-incompatible algorithms from enable-all and enable-all-crypto sets;
tests/api.c: fixes for a couple inadequately gated SHA2 dependencies;
tests/api.c:test_wolfSSL_set_alpn_protos(): fix prototype missing (void);
wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h: fix ForceZero() definition and NO_INLINE prototype to not counterfactually constify the mem ptr, to avoid -Wmaybe-uninitialized from gcc11;
wolfcrypt/src/des3.c: drop obsolete register qualifier from declaration in DesSetKey(), for c++17 compatibility;
src/ssl.c:wolfSSL_BN_mod_word(): fix cast of arg2 to mp_mod_d().
2021-09-20 13:38:52 -05:00
753a931196
Merge pull request #4416 from SparkiDev/mp_submod_addmod_ct
...
SP math, TFM: constant time addmod, submod
2021-09-20 11:37:45 -07:00
a62f103899
Merge pull request #4412 from anhu/level
...
Convert post-quantum algorithm group names
2021-09-20 11:27:20 -07:00
83e0e19e03
linuxkm feature additions:
...
add build-time support for module signing using native Linux facility;
add support for alternative licenses using WOLFSSL_LICENSE macro;
improve load-time kernel log messages;
add support for sp-math-all asm/AVX2 acceleration;
add error-checking and return in SAVE_VECTOR_REGISTERS();
implement support for x86 accelerated crypto from interrupt handlers, gated on WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED:
* wolfcrypt_irq_fpu_states
* am_in_hard_interrupt_handler()
* allocate_wolfcrypt_irq_fpu_states()
* free_wolfcrypt_irq_fpu_states()
* save_vector_registers_x86()
* restore_vector_registers_x86()
add WOLFSSL_LINUXKM_SIMD, WOLFSSL_LINUXKM_SIMD_X86, and WOLFSSL_LINUXKM_SIMD_ARM macros for more readable gating.
2021-09-20 10:27:13 -05:00
2629b8b1fb
wolfcrypt/src/wc_port.c LINUXKM time(): use ktime_get_coarse_real_ts64 instead of ktime_get_real_seconds, to avoid GPL-only function, and fix the calculation in the kernel 3.x codepath.
2021-09-20 10:27:13 -05:00
1209908468
tests/api.c: fix key size in test_wc_ecc_shared_secret().
2021-09-20 10:27:13 -05:00
45e9872714
wolfcrypt/benchmark: fix output buffer size in bench_eccEncrypt().
2021-09-20 10:27:13 -05:00
ebf1168240
Documenting the level meanings
2021-09-20 10:11:49 -04:00
c733be728f
Trivial change to re-trigger jenkins.
2021-09-20 08:37:56 -04:00
f1ff3da47c
fix for case of long type on 32bit systems
2021-09-19 21:20:58 -06:00
ec0335cdb3
Use WOLFSSL_SUCCESS instead of 1.
2021-09-19 17:20:55 -07:00
1bf4dbfa32
rename enum value
2021-09-19 17:20:55 -07:00
3f534e7e07
return macro and macro guards
2021-09-19 17:20:55 -07:00
dae4d637c9
define SSL_OP_* in openssl/ssl.h for compatibility
2021-09-19 17:20:54 -07:00
b8c90b369e
bump openssl version for Python 3.8.5 port with WOLFSSL_PYTHON
2021-09-19 17:20:54 -07:00
0f344e4b64
add SHA3 NID and name info to wolfssl_object_info[]
2021-09-19 17:20:54 -07:00
f6b91f04ed
BIO_set_nbio() should always return 1, check input bio for NULL before using
2021-09-19 17:20:54 -07:00
f63fac82cd
SP math, TFM: constant time addmod, submod
...
Improve performance of fp_submod_ct() and fp_addmod_ct().
Improve performance of sp_submod_ct() and sp_addmod_ct().
2021-09-20 10:12:21 +10:00
9bd300e07d
AESNI in FIPS mode does not support zero length inputs ( #4411 )
...
* AESNI in FIPS mode does not support zero length inputs
* Update note to specifically note AESNI
2021-09-20 08:29:15 +10:00
f447e4c1fa
update macro guard on SHA256 transform call
2021-09-17 15:06:13 -07:00
5c3c2dd1bf
Add HAVE_KEYING_MATERIAL requirement to WPAS, to use wolfSSL_export_keying_material
2021-09-17 14:53:01 -07:00
989179a94a
set value for number of protocols in table
2021-09-17 14:04:42 -07:00
b14e9c1134
Sniffer improvements for handling TCP out of order, ack unseen and retransmission issues.
2021-09-17 13:16:39 -07:00
79cc6be806
Make jenkins happy
2021-09-17 15:50:06 -04:00
9ee96c484b
update macro guard
2021-09-17 13:17:05 -06:00
13d4722678
Convert post-quantum algorithm group names
...
... from using parameter set names from the papers to NIST levels.
2021-09-17 13:28:34 -04:00
ffa13f314b
Merge pull request #4409 from SparkiDev/tfm_submod_ct
...
TFM: fp_submod_ct fix check for greater
2021-09-17 08:41:20 -07:00
bb70fee1ec
Merge pull request #4390 from anhu/hybridizing
...
Hybridizing NIST ECC groups with the OQS groups.
2021-09-16 22:01:39 -07:00
9623797064
TFM: fp_submod_ct fix check for greater
...
a can be greater than modulus.
Update fp_montgomery_reduce_mulx() to reflect the updates to
fp_montgomery_reduce_ex().
2021-09-17 10:12:07 +10:00
ff963e7259
fall back to previous version if PRF not compiled in
2021-09-16 14:08:12 -07:00
5151cc289e
Make clang happy.
2021-09-16 14:41:19 -04:00
4380e8b94a
Merge pull request #4391 from JacobBarthelmeh/Sniffer
...
add sanity check on buffer size
2021-09-16 09:36:48 -07:00
f2bce42bbd
add function wolfSSL_CTX_get_max_proto_version and handling for edge cases
2021-09-16 01:01:38 -07:00
60aa7b9a62
compat layer adjustments, pseudo rand update, fix for peek with ASN1_R_HEADER_TOO_LONG
2021-09-16 00:56:44 -07:00
3503be2c13
Merge pull request #4362 from JacobBarthelmeh/wolfCLU
...
add wolfclu enable option and remove test macro guard
2021-09-15 13:57:50 -07:00
07656e371c
Parameter sanity check and a unit test.
2021-09-15 16:29:55 -04:00
71e8d3ca3c
Merge pull request #4358 from SparkiDev/arm_sha512_crypto
...
AARCH64 SHA512: implementation using crypto instructions added
2021-09-15 09:51:09 -07:00
4f3c55988b
We were ignoring the last character of the group name.
2021-09-15 12:50:04 -04:00
4ad8b07c1c
wolfSSL_PEM_write_bio_PUBKEY needs to write only the public part (#4354 )
...
* `wolfSSL_PEM_write_bio_PUBKEY` needs to write only the public part
The `wolfSSL_PEM_write_bio_PUBKEY` output can't contain the private portion of the key. This output could be used to distribute the public key and if it contains the private part then it gets leaked to others.
* Add heap hint to `wolfSSL_RSA_To_Der`
* Correct function name in logs
2021-09-15 17:34:43 +10:00
17c2e9e1cd
AARCH64 SHA512: implementation using crypto instructions added
...
Use --enable-armasm=sha512-crypto or define WOLFSSL_ARMASM_CRYPTO_SHA512
to use SHA512 cryptographic instructions.
Checks system register for the feature before using the SHA512
instructions.
Added SHA512 input data alignment test.
Add support for SHA512/224 and SHA512/256 to ARM port.
2021-09-15 12:05:48 +10:00
d86aed210b
Merge pull request #4398 from SparkiDev/cppcheck_fixes_7
...
cppcheck fixes and a config fix
2021-09-14 18:19:30 -07:00
d9767207b7
call alpn selection call-back at server side only ( #4377 )
...
* call alpn selection call-back at server side only
* addressed review comment
* addressed jenkins failure
2021-09-15 10:02:18 +10:00
3c21996002
Merge pull request #4353 from SparkiDev/pkcs11_static_link
...
PKCS #11 : support static linking with PKCS #11 library
2021-09-14 15:26:52 -07:00
4be3b2b351
Merge pull request #4401 from embhorn/gh4400
...
Fix overflow check in ClientMemSend
2021-09-14 12:20:32 -07:00
9c3d3ffcd2
Merge pull request #4396 from kabuobeid/iotsafe_header
...
Fix exporting iotsafe functions by adding missing include in iotsafe.c.
2021-09-14 10:01:44 -07:00
2274d0b773
Fix overflow check in ClientMemSend
2021-09-14 11:17:01 -05:00
bfbb445e06
Register cleanup with atexit for OpenSSL compat layer
2021-09-14 16:45:11 +02:00
142c7a9892
cppcheck fixes and a config fix
...
./configure --disable-rsa --disable-ecc --disable-dsa
--enable-curve25519 --disable-ed25519 --disable-curve448
--disable-ed448 --enable-cryptonly
suites.c, testsuite.c: ensure port is an integer for snprintf.
unit.c: make memFailCount an integer for printf.
aes.c:
Reduce variable scope.
Check aes is not NULL before use in GHASH implementations.
XTS check sz is greater than or equal to a AES_BLOCK_SIZE rather than
0 as another block is processed.
wc_AesXtsEncrypt, wc_AesXtsEncrypt - simplify braces and ifdefs
wc_AesEcbEncrypt - subtracting from sz is unnecessary as is unused
after.
asn.c:
StoreKey, StoreEccKey - compiler doesn't see ret != 0 when publicKey
is NULL.
DecodeAuthInfo - count is not used when after break.
DecodeSubtree - don't use min and max as variables (already macros).
SetEccPublicKey - initialize pubSz and set sz regardless for
compiler's sake.
wc_EncodeName_ex - use unique variable 'namesASN'; ret isn't set after
last check.
SetEccPublicKey - simplify code by using else rather than check ret
wasn't set.
DecodeAsymKey - ret not modified in non-template implementaiton.
SetAsymKeyDer - ret still at initialized value here.
DecodeResponseData - ensure dataASN is freed when single->next->status
failed to allocate.
test.c:
curve255519_der_test() can't be compiled when NO_ASN is defined.
types.h:
cast to the appropriate type in EXIT_TEST
test.h
don't return anything when THREAD_RETURN is void and EXIT_TEST is for
threading with stack size.
2021-09-14 16:08:26 +10:00
ab3bbf11e9
add ASN1_R_HEADER_TOO_LONG case ( #4392 )
...
* add ASN1_R_HEADER_TOO_LONG case
* addressed review comments
2021-09-14 12:32:30 +10:00
c8bcfe4763
Add implementation to make wolfSSL_BIO_flush work for WOLFSSL_BIO_FILE ( #4395 )
2021-09-14 10:08:55 +10:00
39ce723577
Fix exporting iotsafe functions by adding missing include in iotsafe.c.
2021-09-13 16:45:18 -07:00
4d49ab6342
add store finished message on Tls13 ( #4381 )
...
* add to store finished message on Tls13
* addressed jenkins failure
* jenkins failures
sanity check for size before copying memory
* remove check of finishSz
* addressed review comments
2021-09-14 09:22:16 +10:00
a65ab0c4af
Merge pull request #4189 from SparkiDev/sp_calc_vfy_check_ret
...
SP ECC: calc vfy point not check mod_inv return
2021-09-13 11:17:50 -07:00
f08b1c49a9
Merge pull request #4371 from anhu/doc_update
...
Documentation fixup to reflect that we will error out if you set a ba…
2021-09-13 11:14:25 -07:00
f06414903c
fix for scan build warning and better check on size
2021-09-13 09:35:55 -06:00
f64c22839e
Merge pull request #4380 from SparkiDev/fp_submod_ct_overflow
...
TFM: check size of inputs
2021-09-13 07:56:54 -07:00
05ed3dc9ea
Merge pull request #4387 from SparkiDev/popen_host
...
Get host name: add code to use popen and the command 'host'
2021-09-13 07:55:45 -07:00
51c1f27065
Merge pull request #4393 from SparkiDev/srp_test_1536
...
SRP test; increase size of N
2021-09-13 07:29:59 -07:00
bce2c010de
Merge pull request #4394 from SparkiDev/regression_fixes_2
...
Fixes for configurations and a cppcheck fix
2021-09-13 07:22:24 -07:00
c42573096a
Fixes for configurations and a cppcheck fix
...
configure --disable-shared --enable-opensslextra --enable-dsa
--enable-curve25519 --enable-ed25519 --enable-curve448 --enable-ed448
--enable-ocsp --enable-all --enable-asn=template
GetCertName() sets raw in ASN template code too.
GetBasicDate() not needed for template ASN.
SetAsymKeyDer() ASN template version now returns 0 when output is NULL
too.
./configure '--disable-shared' '--enable-curve25519' '--enable-ed25519'
'--disable-rsa' '--disable-ecc'
SetBitString() is needed now.
Close the file before return in wolfSSL_save_session_cache() and
wolfSSL_restore_session_cache().
2021-09-13 10:25:19 +10:00
33028de0de
SRP test; increase size of N
...
SHA512 digest was sometimes too big for the 1024-bit N.
Increase N to 1536 bits to ensure no intermittent fails.
2021-09-13 09:18:26 +10:00
4bd87a0c41
sanity check on pkcs7 input size ( #4386 )
2021-09-13 08:34:23 +10:00
602ec188ad
sanity checks on ed25519 private key decode
2021-09-10 21:51:18 -06:00
ae4766ae96
add sanity check on buffer size
2021-09-10 16:49:42 -06:00
42db91e454
Merge pull request #4389 from SparkiDev/sha512_rework
...
SHA512: Tidy up and have Sha512_224/256 FinalRaw return smaller digest
2021-09-10 13:01:08 -07:00
93d805352f
move setting of ENABLED_MD5
2021-09-10 12:17:11 -06:00
1168d4ce49
changes to address dgarske's comments
2021-09-10 13:51:44 -04:00
c9cf39de64
Make jenkins windows happy?
2021-09-10 13:26:19 -04:00
fb733b4662
Hybridizing the OQS groups with NIST ECC groups.
2021-09-10 13:12:12 -04:00
5a5bc9c571
Remove NAMED_DH_MASK as its usage catches some OQS groups.
2021-09-10 09:44:12 -04:00
cd8bff272c
SHA512: Tidy up and have Sha512_224/256 FinalRaw return smaller digest
...
Make code cleaner by passing in parameters instead of determining from
type.
Remove trailing whitespace.
2021-09-10 09:52:01 +10:00
5e3f7d8778
Add return value checking for FREESCALE_RNGA ( #4388 )
2021-09-10 08:52:34 +10:00
98f286d8cb
Consistent return value from SSL_CTX_load_verify_locations{,_ex} ( #4341 )
...
On any failure, return `WOLFSSL_FAILURE`
If there was a failure and a successful processing of certs from the
same directory, the return value depended on the last cert processed
which not guarenteed to be the same order. If the last cert load
failed, it would return the specific wolfSSL error code. If it
succeeded, then WOLFSSL_FAILURE would be returned as a generic failure
due to a previous cert error.
2021-09-10 08:45:13 +10:00
649aa9c95f
Add error handling to wolfSSL_BIO_get_len ( #4385 )
2021-09-10 08:15:30 +10:00
72486333c3
Get host name: add code to use popen and the command 'host'
...
When compiling for QEMU, the gethostbyname call doesn't have access to
the OS DNS.
Implemented a lookup of hostname that uses the system command host.
Fix for QEMU Aarch64 where 'char' is unsigned and the -1 return is being
converted to 255 in wolfSSL_OPENSSL_hexchar2int().
Test TLSv1.3 with www.google.com if wolfSSL supports it.
CMAC: cannot cast size_t* to word32* when big-endian.
SP math all: Random prime - munge bits before moving them around for
big-endian.
BIO, no filesystem: Allow BIO_prinf to be used with mem BIO.
2021-09-09 18:32:19 +10:00
89dd1a65ca
TFM: check size of inputs
...
fp_submod_ct and fp_addmod_ct need modulus (c) words plus one.
Check that the modulus length is valid for fixed data array size.
Improved fp_submod_ct to only use as many words as necessary.
Added comments to fp_submod_ct and fp_addmod_ct.
2021-09-09 09:20:11 +10:00
934b0ab572
free structure on error case ( #4383 )
2021-09-09 08:07:22 +10:00
b6665df6a8
Fixes for sniffer handling of TCP spurious retransmission ( #4372 )
...
* Fix for sniffer to better handle spurious retransmission edge case. ZD 12852
* Fix for sniffer to not send alerts during application data processing.
* Fix for missing semi-colon on XFREE.
* Fix for `bench_stats_print` with stack variable name used in `bench_ecc`. Improve benchmark thread cleanup, CPU count calcuation and stat blocking logic.
2021-09-08 09:40:58 +10:00
078e0a7379
add unlock of mutex in fail cases ( #4378 )
2021-09-08 08:51:34 +10:00
a118de1043
copy sessionCtxSz ( #4375 )
2021-09-08 08:03:35 +10:00
3ca1900528
Merge pull request #4379 from haydenroche5/cmake
...
Fix issue with CMake build where CMAKE_C_FLAGS is empty.
2021-09-07 14:15:18 -07:00
93d3739ae7
Fix issue with CMake build where CMAKE_C_FLAGS is empty.
2021-09-07 12:11:43 -07:00
51a2f9de17
return value convention on compatibility layer ( #4373 )
...
* return value convention
* addressed review comments
* addressed review comment part2
* fix jenkins failures
2021-09-07 08:15:08 +10:00
d4387493fb
keep CRLInfo at own cert memory ( #4374 )
2021-09-07 08:11:29 +10:00
10a4cfae9d
Documentation fixup to reflect that we will error out if you set a bad group identifier
2021-09-03 12:46:44 -04:00
4844f7598e
account for 32bit build with ed25519
2021-09-03 10:03:37 -06:00
90116a2873
Add support for wolfSSL_EVP_PBE_scrypt ( #4345 )
2021-09-03 15:49:02 +10:00
35cef831bf
Fix for missing heap hint with RSA PSS and WOLFSSL_PSS_LONG_SALT ( #4363 )
...
* Fix for missing heap hint with RSA PSS and `WOLFSSL_PSS_LONG_SALT`. This fix will only allocate buffer if it exceeds the local buffer. Added `wc_RsaPSS_CheckPadding_ex2` to support heap hint if required. Fixed asn.c build issue with `NO_CERTS`. Fixed several spelling errors in asn.c. ZD12855.
* Improve the dynamic memory NULL checking in `wc_RsaPSS_CheckPadding_ex2` with `WOLFSSL_PSS_LONG_SALT` defined.
2021-09-03 15:42:31 +10:00
a3ee84bf6d
Merge pull request #4355 from anhu/check_support_of_group
...
BUGFIX: Its possible to send a supported group that is not supported.
2021-09-02 20:03:32 -07:00
43cb7d5ada
Merge pull request #4368 from haydenroche5/cmake
...
Make sure CMAKE_C_FLAGS gets parsed for defines to add to options.h.
2021-09-02 20:01:08 -07:00
fd77cb8918
fix wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex bound checks ( #4369 )
...
RFC3394 in must be at least 2 64-bit blocks and output is one block longer.
On Unwrapping the input must then be a minimum of 3 64-bit blocks
2021-09-03 12:48:01 +10:00
1662b01157
Merge pull request #4367 from julek-wolfssl/zd12834
...
Changes for ED25519 and `HAVE_SECRET_CALLBACK`
2021-09-02 15:46:44 -07:00
c412d23b07
add wolfclu enable option
2021-09-02 16:46:38 -06:00
a9a1158f46
Remove test cases not supported by ARM64_ASM in FIPS mode - OE25 ( #4342 )
2021-09-03 08:37:34 +10:00
26c7592d4b
leantls only supports secp256r1.
2021-09-02 17:38:04 -04:00
12d7487774
Make sure CMAKE_C_FLAGS gets parsed for defines to add to options.h.
...
For example, if a user does
```
cmake -DCMAKE_C_FLAGS="-DWOLFSSL_AESGCM_STREAM -DFP_MAX_BITS=16384" ..
```
definitions for `WOLFSSL_AESGCM_STREAM` and `FP_MAX_BITS 16384` should wind up
in options.h (same as the autotools build).
2021-09-02 13:00:24 -07:00
428fe29537
Remove authentication related logic from TLSX_ValidateSupportedCurves()
2021-09-02 14:07:06 -04:00
03fba72027
Merge pull request #4361 from julek-wolfssl/GetASNHeader-return
...
Missing `GetASNHeader` return handling
2021-09-02 09:18:06 -07:00
587389d137
Merge pull request #4366 from douzzer/cpp-anon-inline-unions
...
C++ HAVE_ANONYMOUS_INLINE_AGGREGATES sensing
2021-09-02 09:14:31 -07:00
4a26b53dfc
Changes for ED25519 and HAVE_SECRET_CALLBACK
...
- `HAVE_SECRET_CALLBACK` needs to have `wolfSSL_SSL_CTX_get_timeout` and `wolfSSL_SSL_get_timeout` available
- Call `wolfSSL_KeepArrays` for `HAVE_SECRET_CALLBACK`
- Increase the default `DTLS_MTU_ADDITIONAL_READ_BUFFER` and make it adjustable by the user
- Don't truncate application data returned to user in `wolfSSL_read_internal`
2021-09-02 15:58:30 +02:00
abc046b5b7
Missing GetASNHeader return handling
2021-09-02 14:56:58 +02:00
56843fbefd
Add support for EVP_sha512_224/256 ( #4257 )
2021-09-02 14:05:07 +10:00
504e27dfa7
Merge pull request #4357 from gojimmypi/patch-1
...
Espressif README Syntax / keyword highlighting / clarifications
2021-09-01 18:35:32 -07:00
e079b357df
copy missing Espressif/ESP-IDF files from wolfssl/wolfcrypt/benchmark ( #4273 )
...
* copy missing files from wolfssl/wolfcrypt/benchmark
* instead of GitHub copy, update setup to perform the copy of ESP-IDF benchmark files; add --verbose option
* update setup to perform the copy of ESP-IDF benchmark files; add --verbose option
* copy benchmark.c / benchmark.h at setup time
2021-09-01 18:34:46 -07:00
bac0497c35
PKCS7 fix for double free on error case and sanity check on set serial number ( #4356 )
...
* check for error value on set serial number
* set pointer in fail case
2021-09-02 09:13:35 +10:00
c8f65ec404
wolfcrypt/types.h: fix HAVE_ANONYMOUS_INLINE_AGGREGATES sensing to correctly accommodate C++ builds.
2021-09-01 17:01:55 -05:00
5e12fa3eb7
Some small bugfixes uncovered by the unit tests.
2021-09-01 16:25:04 -04:00
096db7577f
Make jenkins happy. \n\nI feel like I should put the guard around the whole function but then other things break.
2021-09-01 10:54:52 -04:00
0d6d171fa4
BUGFIX; Its possible to sending a supported group that is not supported.
...
This change fixes that.
2021-09-01 10:54:52 -04:00
d23b0784b3
Fix for building session tickets without TLS v1.3. Broken in PR #4275 . ( #4360 )
2021-09-01 10:06:31 +10:00
9b6cf56a6e
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer ( #4335 )
...
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.
* Fix for sniffer with TLS v1.3 session tickets.
* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).
* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.
* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.
* Fix for static ephemeral loading of file buffer.
* Added sniffer Curve25519 support and test case.
* Fix for sniffer to not use ECC for X25519 if both are set.
* Fix Curve448 public export when only private is set.
* Fix for `dh_generate_test` for small stack size.
* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.
* Fix invalid comment.
2021-09-01 09:28:24 +10:00
e25b17b108
Syntax / keyword highlighting / clarifications
...
See https://github.com/espressif/esp-wolfssl/issues/11
2021-08-30 17:35:17 -07:00
0f0ba46ac5
Merge pull request #4352 from haydenroche5/dsa_fips
...
Allow OpenSSL DSA sign/verify functions with FIPS.
2021-08-30 15:47:38 -07:00
35a917e527
Merge pull request #4337 from miyazakh/py_get_ca_certs
...
fix python ut, get_ca_certs
2021-08-30 14:02:05 -07:00
4645a6917c
Merge pull request #4168 from JacobBarthelmeh/wolfCLU
...
function additions and fixes for expansion of wolfCLU
2021-08-30 13:42:50 -07:00
078d49ea6f
Merge pull request #4333 from dgarske/evp_devid
...
EVP key support for heap hint and crypto callbacks
2021-08-30 11:59:27 -07:00
ee07bd3fa9
Merge pull request #4331 from SparkiDev/jenkins_fixes_4
...
Jenkins nighlty fixes
2021-08-30 10:29:00 -07:00
85df95e10d
Merge pull request #4324 from miyazakh/maxfragment
...
add set_tlsext_max_fragment_length support
2021-08-30 10:21:59 -07:00
2a6b8f4912
Merge pull request #4275 from JacobBarthelmeh/Compatibility-Layer
...
add set num tickets compat function
2021-08-30 09:26:49 -07:00
218f4c80f9
PKCS #11 : support static linking with PKCS #11 library
...
--enable-pkcs11=static LIBS=-l<pkcs11 static library>
or
define HAVE_PKCS11_STATIC
2021-08-30 12:28:28 +10:00
3ca77bb09b
Allow OpenSSL DSA sign/verify functions with FIPS.
2021-08-29 18:22:30 -07:00
0488caed4c
Merge pull request #4346 from cconlon/verifyPostHandshake
...
TLS 1.3: add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-30 09:47:23 +10:00
c7645a42a7
Merge pull request #4320 from anhu/liboqs_keyshare_updated
...
WolfSSL support for OQS's implementation of NIST Round 3 KEMs as TLS 1.3 groups
2021-08-27 17:42:25 -07:00
070029fd08
add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-27 14:49:47 -06:00
65cfef5337
fix for free with test case
2021-08-27 14:10:06 -06:00
9a438ce289
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-08-27 13:56:53 -04:00
83d39932bb
add test case for X509 EXTENSION set
2021-08-27 11:30:44 -06:00
412528e18b
Merge pull request #4336 from elms/sp_out_of_range
...
sp_math: error on multiplier larger than curve order
2021-08-27 10:15:42 -07:00
8b79f77fb0
Merge pull request #4327 from JacobBarthelmeh/Compatibility-Layer-Part3
...
add implementation of AUTHORITY_INFO_ACCESS_free
2021-08-27 09:27:34 -07:00
40a4015491
add no server macro guard
2021-08-27 08:28:50 -06:00
ff9fed08a3
fix count on number of tickets sent
2021-08-26 21:17:45 -06:00
db8f4e4f19
Jenkins nighlty fixes
...
wolfSSL_Rehandshake(): don't set 'ret' unless HAVE_SESSION_TICKET
defined (otherwise compiler will complain: warning: Value stored to
'ret' is never read)
AES GCM streaming: fix 64-bit word version to compile and pass testing
Use '--enable-aesgcm=word' to get the word32 or word64 implementation
depending on the availabilty of 64-bit type.
2021-08-27 08:46:39 +10:00
a52df87c8a
adjust type for max tickets variable and number sent with WOLFSSL_TLS13_TICKET_BEFORE_FINISHED macro
2021-08-26 15:45:21 -06:00
21159659cf
add implementation of AUTHORITY_INFO_ACCESS_free
2021-08-26 14:48:12 -06:00
ef0fb6520d
Merge pull request #4283 from JacobBarthelmeh/Compatibility-Layer-Part2
...
couple more compatibility functions
2021-08-26 11:50:09 -07:00
c631cffe3d
Merge pull request #4334 from miyazakh/py_store_stats
...
fix python unit test failure, cert_store_stats
2021-08-26 10:24:24 -06:00
b5d42eb773
Merge pull request #4318 from kojo1/i2d_RSA
...
arg type compatibility
2021-08-26 09:51:43 -06:00
3896016121
fix python ut, get_ca_certs
2021-08-26 13:51:28 +09:00
be2ad82e6d
sp_math: error on multiplier larger than curve order
...
zd 12674
2021-08-25 14:59:51 -07:00
cb3f42482b
Merge pull request #4332 from dgarske/zd12791
...
Improve CRL error codes
2021-08-25 13:57:46 -07:00
3a9d463ef4
Fix use of hardcoded number and added comment.
2021-08-25 09:57:10 -07:00
77eff68b95
addressed review comment
2021-08-25 11:07:32 +09:00
9b4a635372
fix python unit test failure, cert_store_stats
2021-08-25 10:20:48 +09:00
3f2abef212
Merge pull request #4321 from haydenroche5/libimobiledevice
...
Make changes to support libimobiledevice.
2021-08-24 17:19:26 -07:00
b8263f44f7
Added new EVP API for creating a private key for use with crypto callbacks. Improvements to heap hint and devId with EVP layer.
2021-08-24 12:14:44 -07:00
700b1c56c1
Improve CRL error codes. Add --enable-crl=io option. ZD 12791
2021-08-24 11:12:12 -07:00
196e092023
Merge pull request #4328 from dgarske/zd12801
...
Fix for sniffer TCP sequence rollover
2021-08-24 10:05:49 -07:00
3d8dc68266
free test case object
2021-08-24 10:59:38 -06:00
ff521a14e4
add test case and macro mapping
2021-08-24 10:59:38 -06:00
de3416998c
fix for memory leak
2021-08-24 10:58:33 -06:00
80d4e0f644
function additions and fixes for expansion of wolfCLU
2021-08-24 10:58:33 -06:00
7ff1351971
Make changes to support libimobiledevice.
...
- `EVP_PKEY_assign_RSA` should store the private key in DER format, not the
public key.
- The last call to `infoCb` in `wolfSSL_BIO_write` should provide the length of
the data to write.
- We should be able to parse RSA public keys starting with BEGIN RSA PUBLIC KEY
and ending with END RSA PUBLIC KEY.
2021-08-24 08:52:43 -07:00
a1e26e7bc7
Merge pull request #4308 from dgarske/sess_row_cache
...
Improvements to session locking to allow per-row
2021-08-24 09:07:03 +10:00
9c541568fc
Merge pull request #4313 from SparkiDev/rsa_vfy_only
...
SP RSA verify only: fix to compile
2021-08-23 14:42:56 -07:00
fe83d2d941
Fix for sniffer TCP sequence rollover. The math to detect and compute the rollover was off by one. ZD 12801.
2021-08-23 13:54:28 -07:00
da6e8d394f
shift instead of multiply and add comment
2021-08-23 13:24:27 -06:00
a13c2e2304
Fix for macro arg paren and double ampersand. Fixes building with ENABLE_SESSION_CACHE_ROW_LOCK.
2021-08-23 09:56:07 -07:00
6ec28f508e
Merge pull request #4325 from SparkiDev/jenkins_fixes_3
...
OpenSSL Extra builds: fixes from nightly builds failing
2021-08-23 09:30:15 -07:00
206b4641e8
Merge pull request #4326 from danielinux/iotsafe-fix-warning
...
Fix compiler warnings
2021-08-23 08:35:29 -07:00
b56c89bb84
Fix compiler warnings (ZD12802 and others)
2021-08-23 08:12:24 +02:00
4bfd0443a7
OpenSSL Extra builds: fixes from nightly builds failing
...
Prototype is required when internal.h is not included and GetCA is not
defined.
wolfSSL_EVP_CIPHER_CTX_set_iv_length() is called with CBC cipher in
api.c. Function is not specificly for GCM, though not strictly needed
for CBC.
2021-08-23 12:55:27 +10:00
8808e6a3ac
implement set_tlsext_max_fragment_length
2021-08-23 09:08:14 +09:00
26cf17e602
Merge pull request #4317 from SparkiDev/math_x86_asm_fix
...
Maths x86 asm: change asm snippets to get compiling
2021-08-20 13:42:15 -07:00
c8926a45ab
Improvements to session locking to allow per-row. Can manually be enabled with ENABLE_SESSION_CACHE_ROW_LOCK or forcefully disabled using NO_SESSION_CACHE_ROW_LOCK. Enabled by default for Titan cache. ZD 12715.
2021-08-20 13:03:50 -07:00
10c5e33027
arg type compatibility
2021-08-20 15:21:06 +09:00
dbb03cb5a3
SP RSA verify only: fix to compile
...
Configurations:
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math-all
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math --enable-sp-asm
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math --enable-sp-asm
2021-08-20 13:16:58 +10:00
fa8f23284d
Maths x86 asm: change asm snippets to get compiling
...
TFM:
Use register or memory for c0, c1, c2 in SQRADD and SQRADD2.
SP:
Use register or memory for vl, vh, vo in SP_ASM_MUL_ADD,
SP_ASM_MUL_ADD2 and SP_ASM_SQR_ADD.
2021-08-20 10:35:49 +10:00
e7ef48d2b7
Merge pull request #3869 from SparkiDev/asn1_template
...
ASN1 Template: stricter and simpler DER/BER parsing/construction
2021-08-19 12:47:04 -07:00
3226e69649
--enable-linuxkm-pie (FIPS Linux kernel module) ( #4276 )
...
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
2021-08-19 09:15:52 -07:00
16ad5cf3c5
Merge pull request #4315 from SparkiDev/g++_fix_3
...
SRP test: use proper SRP hash type for g++
2021-08-19 08:56:43 -07:00
17a569d4dd
SRP test: use proper SRP hash type for g++
2021-08-19 11:40:43 +10:00
d486b89c61
ASN1 Template: stricter and simpler DER/BER parsing/construction
...
Reduce debug output noise
2021-08-19 11:32:41 +10:00
63fde01e32
Merge pull request #4311 from haydenroche5/rsyslog
...
Make improvements for rsyslog port.
2021-08-18 16:55:32 -07:00
9a1233c04d
Merge pull request #4312 from julek-wolfssl/DH_set_length
...
Implement `DH_set_length`.
2021-08-18 16:42:38 -07:00
eaded189ff
Merge pull request #4310 from haydenroche5/dsa_fips
...
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
2021-08-18 16:33:26 -07:00
18314e5a4f
Merge pull request #4309 from dgarske/sniff_cleanups
...
Improved sniffer statistics and documentation
2021-08-18 16:03:38 -07:00
c2b88a1fca
Merge pull request #4306 from dgarske/pk_tls13
...
Fixes for PK callbacks with TLS v1.3
2021-08-18 15:42:19 -07:00
8df65c3fa7
Merge pull request #4270 from dgarske/zd12586
...
Fixes for various PKCS7 and SRP build issues
2021-08-19 08:12:15 +10:00
ef77cd05d4
Merge pull request #4302 from haydenroche5/libssh2
...
Add missing ECDSA_SIG getter/settter for libssh2.
2021-08-18 15:08:06 -07:00
c5f9e55567
Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled.
2021-08-18 11:30:18 -07:00
6237a7a00d
Merge pull request #4305 from TakayukiMatsuo/i2t
...
Add support for wolfSSL_i2t_ASN1_OBJECT
2021-08-18 10:37:08 -06:00
162f14aaf9
Implement DH_set_length.
2021-08-18 13:24:51 +02:00
3c06dd6fa8
SP ECC: calc vfy point not check mod_inv return
...
Not all implementations return an error though.
2021-08-18 10:05:29 +10:00
8f7e09d9b5
Merge pull request #4294 from dgarske/tls13_earlydata
...
Fix early data max size handling in TLS v1.3
2021-08-18 08:48:42 +10:00
d1e027b6fa
Fix for pedantic warning with pre-processor in macro.
2021-08-17 14:55:42 -07:00
f5076cad1b
Added new files to include.am.
2021-08-17 13:20:34 -07:00
d6f5f815e1
Fix for srp_test_digest return code checking. Added GCC-ARM TLS server example.
2021-08-17 11:12:40 -07:00
95178e3bdc
Use void* on heap hint test. Also previously fixed in hmac.c.
2021-08-17 10:52:50 -07:00
89904ce82e
Fixes for building without AES CBC and support for PKCS7 without AES CBC.
2021-08-17 10:47:19 -07:00
a9b8b6d3de
Fix for PKCS7 heap hint in API unit test.
2021-08-17 10:46:53 -07:00
e1f603301b
Fixes for SRP with heap hint.
2021-08-17 10:45:50 -07:00
c598688f89
Fix for static memory with bucket size matching.
2021-08-17 10:38:27 -07:00
69d01afd3a
Merge pull request #4250 from danielinux/iotsafe
...
IoT-Safe with TLS demo
2021-08-17 08:26:19 -07:00
5209e235a7
Merge pull request #4307 from SparkiDev/srp_test_digests
...
SRP test: increase size of N to support larger digests
2021-08-17 08:24:47 -07:00
c16127d9ab
Make improvements for rsyslog port.
...
- Remove FP_MAX_BITS and RSA_MAX_BITS definitions from rsyslog config. A user
configuring wolfSSL for rsyslog support should set them as they see fit (i.e.
based on the key sizes they need to support).
- After testing with wolfSSL FIPS, I discovered that some functions were missing
from the compatibility layer that rsyslog needs. Notably wolfSSL_DH_generate_key
and wolfSSL_DH_set0_pqg. These were gated out of compilation based on HAVE_FIPS.
However, they only need to be compiled out if WOLFSSL_DH_EXTRA is defined. This
is because these functions call SetDhInternal, which calls wc_DhImportKeyPair
if WOLFSSL_DH_EXTRA is defined. wc_DhImportKeyPair isn't available in the FIPS
module's dh.c. So, these functions can exist in the FIPS build provided
WOLFSSL_DH_EXTRA isn't defined. This commit accounts for this scenario.
2021-08-17 08:19:43 -07:00
421be50cb8
Add support for wolfSSL_i2t_ASN1_OBJECT
2021-08-17 10:52:20 +09:00
95ab6ce4b8
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
...
This test calls `wolfSSL_DSA_do_sign_ex` and `wolfSSL_DSA_do_verify_ex`, both
of which don't exist if `HAVE_FIPS` is defined.
2021-08-16 17:42:00 -07:00
5c00951f09
Do not add DH padding on failure.
2021-08-16 16:31:18 -07:00
9898b5d82b
Various spelling fixes.
2021-08-16 16:31:18 -07:00
0ea5046b39
Improved documentation for sniffer statistics (ZD 12731).
2021-08-16 16:31:18 -07:00
9066ab6051
SRP test: increase size of N to support larger digests
...
Test all digests supported by SRP.
2021-08-17 09:15:07 +10:00
6ac03d41ef
Merge pull request #4203 from SparkiDev/tls13_peek_fix_off
...
TLS 1.3: ability to turn peek change off
2021-08-16 15:25:58 -07:00
63d1bd13d4
Add missing ECDSA_SIG getter/settter for libssh2.
2021-08-16 14:43:13 -07:00
c8fd5d552e
IoTSafe Improvements. Use new hex to char functions in misc.c. Fix for arm-none-eabi missing nano specs. Cleanups for IoTSafe code, README.md and user_settings.h. Fix linker script to use flash at 0x8000000. Support for TLS v1.3.
2021-08-16 13:13:32 -07:00
490eeb4003
Support for IoT-Safe with TLS demo
2021-08-16 13:13:30 -07:00
70535f51d5
Fixes for PK callbacks with TLS v1.3. Tested with ./configure --enable-pkcallbacks CFLAGS="-DTEST_PK_PRIVKEY -DDEBUG_PK_CB".
2021-08-16 13:09:17 -07:00
c6f0fb11d0
Merge pull request #4253 from julek-wolfssl/lighttpd-1.4.55
...
Implement `wolfSSL_set_client_CA_list` and add 'HIGH' cipher suite
2021-08-16 15:05:51 -05:00
1ac95b5716
Merge pull request #4303 from haydenroche5/rsyslog
...
Add support for rsyslog.
2021-08-16 11:20:28 -07:00
6a37309ece
Merge pull request #4300 from julek-wolfssl/libimobiledevice
...
Missing API for libimobiledevice
2021-08-16 09:40:42 -07:00
93a53d72de
mem_buf only used with memory and pair BIOs
2021-08-16 13:38:51 +02:00
bbb514fa6d
Add support for rsyslog.
...
- Add an --enable-rsyslog option to configure.ac.
- Add a few missing `WOLFSSL_ERROR` calls that were expected by rsyslog unit
tests.
- Add better documentation around `WOLFSSL_SHUTDOWN_NOT_DONE` and define it to
be 0 (rather than 2) when `WOLFSSL_ERROR_CODE_OPENSSL` is defined. This is in
accordance with OpenSSL documentation. Without this change, rsyslog was
failing to do the bidirectional shutdown properly because it was checking the
shutdown return value against 0. I'm keeping the old value when
`WOLFSSL_ERROR_CODE_OPENSSL` isn't defined because it's part of the public
wolfssl interface (it's in ssl.h).
2021-08-13 23:24:28 -07:00
0f6e564093
Rebase fixes
2021-08-14 00:35:55 +02:00
6a5f40d698
Code review fixes.
2021-08-14 00:25:00 +02:00
72f1d0adac
Refactor client_CA API to use wolfSSL_sk_X509_NAME_* API
2021-08-14 00:24:24 +02:00
62cab15c64
Reorganize wolfSSL_sk_X509_NAME_*
...
Make the `wolfSSL_sk_X509_NAME_*` API's available in OPENSSL_EXTRA for use with `client_CA_list` API's.
2021-08-14 00:24:24 +02:00
d4391bd997
Parse distinguished names in DoCertificateRequest
...
The CA names sent by the server are now being parsed in `DoCertificateRequest` and are saved on a stack in `ssl->ca_names`.
2021-08-14 00:24:08 +02:00
647e007eea
Implement wolfSSL_set_client_CA_list and add 'HIGH' cipher suite
2021-08-14 00:24:08 +02:00
b2380069f0
Merge pull request #4261 from dgarske/rsa_der_pub
2021-08-13 13:36:01 -07:00
ca06694bfb
Merge pull request #4282 from miyazakh/SSL_CIPHER_xx
...
Add SSL_CIPHER_get_xxx_nid support
2021-08-13 13:48:31 -06:00
5235b7d1e6
Merge pull request #4291 from miyazakh/PARAM_set1_ip
...
Add X509_VERIFY_PARAM_set1_ip support
2021-08-13 13:45:33 -06:00
1acf64a782
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
2021-08-14 02:16:34 +09:00
ec4e336866
Merge pull request #4299 from haydenroche5/evp_pkey_dec_enc_improvements
...
Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
2021-08-13 08:10:20 -07:00
14bbf49118
Merge pull request #3726 from julek-wolfssl/openresty
...
Openresty
2021-08-13 08:06:46 -07:00
59d04efee8
Missing API for libimobiledevice
2021-08-13 16:32:53 +02:00
3be13f7358
Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
...
- Handle case where output buffer is NULL. In this case, passed in output buffer
length pointer should be given the maximum output buffer size needed.
- Add better debug messages.
2021-08-12 18:46:15 -07:00
7dea1dcd39
OpenResty 1.13.6.2 and 1.19.3.1 support
...
# New or Updated APIs
- wolfSSL_get_tlsext_status_type
- wolfSSL_X509_chain_up_ref
- wolfSSL_get0_verified_chain
- SSL_CTX_set_cert_cb
- SSL_certs_clear
- SSL_add0_chain_cert ssl_cert_add0_chain_cert
- SSL_add1_chain_cert ssl_cert_add1_chain_cert
- sk_X509_NAME_new_null
- SSL_CTX_set_cert_cb
- SSL_set0_verify_cert_store
- SSL_set_client_CA_list
# Other Changes
- Ignore gdbinit
- Add api.c tests for new API
- Add `WOLFSSL_X509_STORE* x509_store_pt` to `WOLFSSL`
- Add macro to select the `WOLFSSL` specific store when available and the associated `WOLFSSL_CTX` store otherwise. Calls to `ssl->ctx->cm` and `ssl->ctx->x509_store*` were replaced by macros.
- NO-OP when setting existing store
- Add reference counter to `WOLFSSL_X509_STORE`
- Cleanup MD5 redundant declarations
- WOLFSSL_ERROR may map to nothing so make assignment outside of it
- refMutex fields are excluded with SINGLE_THREADED macro
- Chain cert refactor
- Make `wolfSSL_add0_chain_cert` and `wolfSSL_add1_chain_cert` not affect the context associated with the SSL object
- `wolfSSL_CTX_add1_chain_cert` now updates the `ctx->certChain` on success and stores the cert in `ctx->x509Chain` for later free'ing
2021-08-12 23:58:22 +02:00
8601c14f1c
Merge pull request #4297 from anhu/master
...
Fix a race condition in the benchmark example and …
2021-08-12 13:51:43 -07:00
cccb8f940a
Merge pull request #4209 from julek-wolfssl/net-snmp
...
Add support for net-snmp
2021-08-12 13:06:21 -07:00
96c223e585
Merge pull request #4288 from julek-wolfssl/get-date-from-cert
...
Add a test/example for parsing the date from a certificate
2021-08-12 12:52:52 -07:00
93a1fe4580
Merge pull request #4205 from julek-wolfssl/wpas-include-extra-stuff
...
Include stuff needed for EAP in hostap
2021-08-12 11:17:23 -07:00
d4b0ec0705
Merge pull request #4290 from TakayukiMatsuo/general
...
Add wolfSSL_GENERAL_NAME_print
2021-08-12 09:51:28 -06:00
7c75b9836e
Changes to make Jenkins happy and reduce verbosity.
...
- added HAVE_PTHREAD guards
- usleep ---> XSLEEP_MS
- only print polling message if verbose output requested.
2021-08-12 11:13:15 -04:00
5dff4dd4e0
Merge pull request #4280 from dgarske/caam_macros
...
Fixes for CAAM build macros and spelling
2021-08-12 19:19:31 +07:00
e583d0ab76
SslSessionCacheOn -> SslSessionCacheOff
2021-08-12 13:52:25 +02:00
517309724a
Add wolfSSL_GENERAL_NAME_print
2021-08-12 14:17:41 +09:00
0b070166cb
addressed review comments
2021-08-12 10:44:07 +09:00
4fa69c0a3a
addressed review comments
2021-08-12 07:41:24 +09:00
9c3502bea9
Merge pull request #4285 from haydenroche5/alerts
...
During the handshake, make sure alerts are getting read on the client side in the event of an error.
2021-08-11 15:22:05 -07:00
0a238483c1
Merge pull request #4296 from lealem47/fix-link
...
Fix broken link in examples/README.md
2021-08-11 15:21:43 -07:00
fc4e4eacba
Merge pull request #4292 from kojo1/evp
...
EVP_CIPHER_CTX_set_iv_length
2021-08-11 16:13:26 -06:00
586317f198
Fix a race condition in the benchmark example and all output goes to stderr.
2021-08-11 17:07:01 -04:00
9bbb32c352
Merge pull request #4295 from haydenroche5/stunnel_key_gen
...
Turn on key generation for --enable-stunnel.
2021-08-11 11:17:30 -07:00
d39b91de27
Merge pull request #4266 from dgarske/hexchar
2021-08-11 10:56:53 -07:00
d4d225e33f
Fix broken link in examples/README.md
2021-08-11 10:49:38 -06:00
dd4adacee8
Code review changes
2021-08-11 17:58:46 +02:00
d487916557
Merge pull request #4279 from haydenroche5/pkcs12
...
Cleanups for PKCS8 and PKCS12 macros (always support parsing PKCS8 header)
2021-08-10 18:37:33 -07:00
65a00d9430
Turn on key generation for --enable-stunnel.
2021-08-10 17:14:06 -07:00
0c74e18eaf
Fix early data max size handling. Fixes issue with size checking around wolfSSL_CTX_set_max_early_data and wolfSSL_set_max_early_data, which was checking against the padded size. Also was adding to the earlyDataSz and checking against it with un-padded data size. ZD 12632.
2021-08-10 16:32:41 -07:00
b258321219
Fixes for misc.c to not be included unless required.
2021-08-10 16:11:22 -07:00
df10152b54
Refactor hex char to byte conversions.
2021-08-10 12:07:41 -07:00
fdb6c8141e
Merge pull request #4274 from haydenroche5/pyopenssl
...
Add support for pyOpenSSL.
2021-08-10 11:49:07 -07:00
fdc350fb52
Add a macro guard WOLFSSL_CHECK_ALERT_ON_ERR that has the client check for
...
alerts in the event of an error during the handshake.
2021-08-10 09:43:12 -07:00
ef5510cbcc
During the handshake, make sure alerts are getting read on the client side in
...
the event of an error.
2021-08-09 14:26:53 -07:00
0e4b200df1
Merge pull request #4267 from elms/key_overflow
...
tls13: avoid buffer overflow with size check
2021-08-09 09:19:46 -07:00
1a8109f77d
rename function parameter
2021-08-09 22:52:45 +07:00
e698d08317
Merge pull request #4286 from douzzer/cryptocb-pedantic-c99
...
--enable-cryptocb CFLAGS='-std=c99 -pedantic'
2021-08-09 08:29:36 -07:00
5c55be72ec
fix jenkins failure part2
2021-08-09 10:00:35 +09:00
c0b085dd4a
EVP_CIPHER_CTX_set_iv_length
2021-08-08 14:49:28 +09:00
cf9d5ea8b6
fix jenkins failure part2
2021-08-07 14:14:39 +09:00
dbf0977ed0
fix fenkins failure
2021-08-07 11:42:03 +09:00
a066c48f55
fix jenkins failure
2021-08-07 11:13:41 +09:00
a851e13f1d
implemented X509_VERIFY_PARAM_set1_ip
2021-08-07 10:50:57 +09:00
bd6b765b17
Merge pull request #4287 from ejohnstown/ac-upd
...
flags update
2021-08-06 16:22:15 -07:00
2c62880fd2
flags update
...
1. Fixed typo in ifdef for HAVE_ED448.
2. Fixed typos in comments in sha512.
3. Add include config.h to bio.c.
2021-08-06 11:28:20 -06:00
b4131f355e
Add a test/example for parsing the date from a certificate
2021-08-06 14:51:57 +02:00
1b2d57123f
tests/api.c: add missing (void) arg lists.
2021-08-05 15:30:33 -05:00
6a92db7722
add overrideable HAVE_ANONYMOUS_INLINE_AGGREGATES macro, set to 0 or 1 in wolfcrypt/types.h, and use it to conditionalize feature usage in wolfcrypt/cryptocb.h.
2021-08-05 15:30:16 -05:00
0df28083d3
Fixes for CAAM build macros and spelling.
2021-08-05 10:12:59 -07:00
fab227411f
Free ECC cache per thread when used
2021-08-05 15:34:47 +02:00
1e491993ca
add a2i_IPADDRESS
2021-08-05 16:53:36 +07:00
67e773db91
implement SSL_CIPHER_xxxx
2021-08-05 09:42:55 +09:00
5465d40ee3
Attempt to move asn.c RSA API defs into asn_public.h, since ASN is not in FIPS boundary.
2021-08-04 17:42:46 -07:00
699728c70c
Fix for PKCS12 with NO_ASN.
2021-08-04 17:37:05 -07:00
d8a54e1a32
tls13: avoid buffer overflow with size check
...
For cases where a private key that is larger than the configured
maximum is passed.
2021-08-04 17:14:25 -07:00
35a33b2f00
Add support for pyOpenSSL.
...
pyOpenSSL needs the OpenSSL function X509_EXTENSION_dup, so this commit adds
that to the compatibility layer. It also needs to be able to access the DER
encoding of the subject alt names in a cert, so that's added as well.
2021-08-04 14:08:43 -07:00
3e894a9804
Merge pull request #4277 from lealem47/ex-repo-link
...
Adding README.md to examples dir and links to examples github repo in…
2021-08-04 12:43:57 -07:00
ed8edde9c4
Merge pull request #4264 from maximevince/zephyr-module-support
...
wolfSSL as a Zephyr module (without setup.sh)
2021-08-04 12:26:14 -07:00
fdbe3f0ff1
Merge pull request #4258 from miyazakh/evp_md_do_all
...
add EVP_MD_do_all and OBJ_NAME_do_all support
2021-08-04 12:17:27 -06:00
333aa9f24b
Merge pull request #4269 from JacobBarthelmeh/PKCS7
...
sanity check on pkcs7 stream amount read
2021-08-04 06:41:50 -07:00
d39893baa0
add ctx set msg callback
2021-08-04 16:49:01 +07:00
b1212ff979
set the default number of tickets to 1
2021-08-04 14:40:17 +07:00
f1377ed861
Merge pull request #4215 from lealem47/Md2HashTest
...
Added wc_Md2Hash() unit testing to test.c
2021-08-03 16:51:05 -06:00
d64768abff
Merge pull request #4265 from miyazakh/ecc_pubkey
...
update der size in actual length
2021-08-03 16:41:36 -06:00
b3c502890c
Merge pull request #4263 from kabuobeid/x509StoreWpas
...
Fix x509_store_p compilation error in WOLFSSL_CERT_MANAGER when defining WOLFSSL_WPAS_SMALL without OPENSSL_EXTRA.
2021-08-03 15:27:11 -07:00
45eddc68e2
Fix to always support parsing of the PKCS8 header. Improved macro logic for PKCS8 and PKCS12. Added --disable-pkcs8 option. Fix to enable PWDBASED and PKCS8 if PKCS12 is enabled.
2021-08-03 14:45:45 -07:00
67ee3ddb0f
Set explicit conversion
2021-08-03 19:29:08 +02:00
3b366d24f2
Rebase fixes
2021-08-03 19:29:08 +02:00
c7a6b17922
Need to free ecc cache
2021-08-03 19:29:08 +02:00
51b6c413d3
For Windows API socklen_t = int
2021-08-03 19:29:08 +02:00
2bbd04f10f
Implement BIO_new_accept and BIO_do_accept
2021-08-03 19:29:08 +02:00
8b4345734e
net-snmp support patch
2021-08-03 19:28:53 +02:00
9aa528d19d
Merge pull request #4165 from haydenroche5/ntp
...
Make changes to support port of NTP from OpenSSL to wolfSSL.
2021-08-03 09:16:26 -07:00
2cd499d2df
Refactor session cache on checking into function
2021-08-03 17:52:50 +02:00
46b061c7bc
Include stuff needed for EAP in hostap
...
Patch that includes the API needed for EAP in hostapd and wpa_supplicant
2021-08-03 17:52:50 +02:00
ba7b1d3be0
Only compile in PKCS12 code if PKCS8 is also compiled in.
2021-08-03 07:09:34 -07:00
ea6f81cc54
Move zephyr/include.am to toplevel Makefile.am
2021-08-03 09:43:03 +02:00
0722fb56d8
Adding README.md to examples dir and links to wolfssl-examples github repo in client/server.c
2021-08-02 20:27:41 -06:00
dc7ae37f7a
Make changes to support port of NTP from OpenSSL to wolfSSL.
2021-08-02 13:33:18 -07:00
9f6a963c60
Merge pull request #4262 from haydenroche5/libssh2
...
Add support for libssh2.
2021-08-02 11:29:54 -07:00
9600d533c1
Merge pull request #4268 from JacobBarthelmeh/ECC
...
fix for memset with small stack
2021-08-02 09:53:21 -07:00
2479346f5c
add set num tickets compat function
2021-08-02 23:47:53 +07:00
a5b55344b1
Merge pull request #2760 from kojo1/EVP-test
...
additional test on EVP_CipherUpdate/Final
2021-08-02 09:23:00 -07:00
96e4970258
Merge pull request #4271 from TakayukiMatsuo/shake
...
Add support for EVP_shake128/256
2021-08-02 09:40:36 -06:00
f932736f23
Fix include.am / EXTRA_DIST
2021-08-02 16:44:07 +02:00
279b0facb5
Add support for libssh2.
2021-08-02 05:54:08 -07:00
0dc98b8299
Add support for EVP_shake128/256
2021-08-02 13:00:31 +09:00
b27b4768ae
fix jenkins failure
2021-07-31 18:26:07 +09:00
293755917e
sanity check on pkcs7 stream amount read
2021-07-30 22:11:45 +07:00
725f95364d
fix for memset with small stack
2021-07-30 20:42:48 +07:00
447705a2cb
fix jenkins failure
2021-07-30 10:21:16 +09:00
bad9a973b4
remove hard tabs and other minor fixes
2021-07-30 07:07:40 +09:00
297ae23521
additional test on EVP_CipherUpdate/Final
2021-07-30 06:50:01 +09:00
a802c270e1
Merge pull request #4260 from dgarske/dep_rc4
...
RC4 Cipher Deprecation
2021-07-29 10:26:11 -07:00
07e0c60ce1
Merge pull request #4259 from dgarske/cleanups
...
Cleanups for memory docs and Arduino
2021-07-29 10:16:43 -07:00
2e415ccaed
Merge pull request #4243 from SparkiDev/ecc_large_mul
...
ECC: ecc point multiply doesn't handle large multipliers
2021-07-29 09:30:09 -07:00
c69d6d2491
Added public API wc_RsaKeyToPublicDer_ex to allow getting RSA public key without ASN.1 header (can return only seq + n + e). Related to PR #4068 . Cleanup documentation for RSA and wolfIO. Consolidate duplicate code in wc_RsaPublicKeyDerSize.
2021-07-29 09:27:50 -07:00
6f2853ef28
Merge pull request #4251 from dgarske/openssl_all
...
Fixes for edge case builds with openssl all
2021-07-29 08:58:22 -07:00
9df4312c4e
Merge pull request #3823 from per-allansson/checkaltname-fix
...
wolfSSL_X509_check_ip_asc/CheckForAltName fixes
2021-07-29 08:08:06 -07:00
2b43052f36
update pkey sz in actual length
2021-07-29 23:28:10 +09:00
7acbf61e53
zephyr: fix CMakeLists.txt
2021-07-29 12:36:34 +02:00
3f802d19e4
Update zephyr/README.md
2021-07-29 12:16:05 +02:00
7532ac530a
Remove IDE/zephyr/include.am from IDE/include.am for now
2021-07-29 12:03:40 +02:00
9d562a59bc
wolfSSL as a Zephyr module
2021-07-29 11:58:13 +02:00
e333632ad0
add obj_name_do_all
2021-07-29 14:37:10 +09:00
2abf23cbc9
fix jenkins failure
2021-07-29 09:03:38 +09:00
b2b5d4e603
add evp_md_do_all
2021-07-29 08:59:26 +09:00
0ec848e2bd
Merge pull request #4255 from SparkiDev/afalg_msg_fix
...
AF_ALG: fix debug messages
2021-07-28 16:40:09 -07:00
85521c2a74
Fix x509_store_p compilation error in WOLFSSL_CERT_MANAGER when defining WOLFSSL_WPAS_SMALL without OPENSSL_EXTRA.
2021-07-28 14:50:08 -07:00
71cf55a947
Added wc_Md2Hash() unit testing to test.c
2021-07-28 13:45:02 -06:00
2c1fed8262
Fixes for edge case builds with openssl all. Improvements to the test_wolfSSL_PKCS8_d2i. Allow forceful disable of OCSP with ./configure --enable-opensslall --disable-ocsp.
2021-07-28 12:32:08 -07:00
50ae93071d
Merge pull request #4237 from kabuobeid/dupSSL
...
Fix missing CBIOSend and properly guard hmac in DupSSL().
2021-07-28 10:50:17 -07:00
27b96753e2
Disable RC4 unless forcefully enabled with --enable-rc4 or if WOLFSSL_ALLOW_RC4 is specified. Related to issue #4248
2021-07-28 10:31:15 -07:00
c29a373308
Cleanups for Arduino examples. Resolves PR #3126
2021-07-28 09:50:37 -07:00
1b13eef354
Merge pull request #4254 from dgarske/zd12681
...
Sniffer fix for possible math issue around 64-bit pointer and 32-bit unsigned int
2021-07-28 09:16:57 -07:00
8376a2adc2
Improved memory documentation and examples. Resolves PR #3834 .
2021-07-28 09:03:40 -07:00
c41f10e708
CheckForAltNames fixes
...
- Missing conversion from char to unsigned char caused any IP
address with a byte > 127 to be wrong
- IPv6 address was converted to wrong format XX:YY:...
(which also caused a buffer overrun)
- Anything that is not an IPv4 or IPv6 address should be ignored
2021-07-28 09:46:33 +02:00
4da7fbb654
tests: use different IPv4 address in + add IPv6 SAN to generated cert
2021-07-28 09:36:21 +02:00
0d0dfc3f5e
Merge pull request #4238 from dgarske/xc32
...
Fixes for building with Microchip XC32 and ATECC
2021-07-28 09:33:01 +10:00
f404107330
AF_ALG: fix debug messages
2021-07-28 09:30:07 +10:00
3ea22ffa32
Remove use of assert (replace with soft failures). Note: Session hash will always return value < HASH_SIZE.
2021-07-27 12:07:08 -07:00
3abb2b86d6
Fix possible issues with math around 64-bit pointer and unsigned int (32-bit). ZD 12681
2021-07-27 12:05:37 -07:00
2dac9a2a81
Merge pull request #4228 from miyazakh/EVP_blake2xx
...
add EVP_blake2 compatibility layer API
2021-07-27 11:45:37 -06:00
d49d8a9286
Merge pull request #4204 from SparkiDev/ecies_sec1
...
ECIES: SEC.1 and ISO 18033 support
2021-07-27 09:43:53 -07:00
4f1d30d0db
Merge pull request #4249 from dgarske/ecc_heap
...
Fix for `wc_ecc_ctx_free` and heap hint
2021-07-27 09:31:01 -07:00
917fdfbaf7
Peer review fix (second try)
2021-07-27 08:20:22 -07:00
f1209367d9
Peer review fix for undef. Cleanup wc_ecc_check_key return code.
2021-07-27 08:20:22 -07:00
a92f03a11e
Fixes for building with Microchip XC32 and ATECC.
2021-07-27 08:20:20 -07:00
f3cb8e4ada
Merge pull request #4252 from douzzer/gcc-11-fix-pedantic-fallthrough
...
fix FALL_THROUGH for gcc-11 -pedantic
2021-07-27 22:07:01 +07:00
3ecd7262b7
Merge pull request #4236 from kabuobeid/serialSz
...
Fix signed comparison issue with serialSz.
2021-07-27 13:54:38 +07:00
8c63701577
Merge pull request #4247 from SparkiDev/dhp_to_der_fix
...
OpenSSL API: DH params to der
2021-07-26 17:00:34 -07:00
31dde4706e
ECIES: Support SEC 1 and ISO 18033
...
Default is SEC 1.
To use old ECIES implementation: --enable-eccencrypt=old or define
WOLFSSL_ECIES_OLD
To use ISO-18033 implememtation: --enable-eccencrypt=iso18033 or
define WOLFSSL_ECIES_ISO18033
Support passing NULL for public key into wc_ecc_decrypt().
Support not having public key in privKey passed into wc_ecc_encrypt() -
public key is calculated and stored in priKey.
Add decrypt KAT test for ECIES.
2021-07-27 09:30:53 +10:00
55029acc84
Merge pull request #4244 from SparkiDev/config_fix_4
...
Configuration: fixes for uncommon configurations
2021-07-26 10:32:32 -07:00
af3a10ed83
wolfcrypt/types.h: fix FALL_THROUGH macro to work warning-free on gcc-11.
2021-07-26 12:08:56 -05:00
28e8f02525
Fix for wc_ecc_ctx_free and heap hint. Fixes #4246 .
2021-07-26 09:56:29 -07:00
028c056c55
Merge pull request #4213 from lealem47/leakFixes
...
Addressing possible leaks in ssl.c and api.c
2021-07-26 23:32:19 +07:00
ce7e1ef94a
Merge pull request #4230 from douzzer/configure-max-bits-and-ex-data
...
configure options for max rsa/ecc bits and ex_data
2021-07-26 09:27:20 -06:00
7d5271ed71
OpenSSL API: DH params to der
...
Fix calculation of length of encoding in ssl.c.
Fix encoding to check proper length in asn.c.
Fix tests to check for correct value (api.c).
2021-07-26 22:47:46 +10:00
ec6ffb0583
Configuration: fixes for uncommon configurations
...
./configure --enable-all --disable-filesystem
./configure --enable-all CC=g++ --enable-intelasm
2021-07-26 16:34:20 +10:00
da0fd5c6cf
Merge pull request #4235 from JacobBarthelmeh/Docs
...
update mention of report to include CVE number and last names
2021-07-26 15:01:30 +10:00
27c49b1673
Merge pull request #4075 from julek-wolfssl/bind-dns
...
Bind 9.17.9 and 9.11.22 Support
2021-07-26 11:24:57 +07:00
6cb4f0fe08
ECC: ecc point multiply doesn't handle large multipliers
...
Detect large multiplier and return error.
2021-07-26 09:34:56 +10:00
494e285cf1
configure.ac: add --with-max-rsa-bits, --with-max-ecc-bits, and --enable-context-extra-user-data[=#]; untabify and otherwise clean up whitespace; tweak api.c, ecc.h, rsa.h, and settings.h, for compatibility with new options.
2021-07-23 22:02:58 -05:00
cbb013ca11
wolfssl/test.h: in wolfsentry_*(), correctly use WOLFSENTRY_MASKIN_BITS(), not WOLFSENTRY_CHECK_BITS(), to test for setness of bits.
2021-07-23 22:02:58 -05:00
671147549f
Fix missing CBIOSend and properly guard hmac in DupSSL().
2021-07-23 12:11:30 -07:00
8bd304e4c5
Fix signed comparison issue with serialSz.
2021-07-23 11:15:40 -07:00
3bb2d55257
Merge pull request #4233 from JacobBarthelmeh/fuzzing
...
fix memory leak with SMIME
2021-07-23 10:26:02 -07:00
e8d636771f
Merge pull request #4231 from haydenroche5/des3-iv-fips
...
Use correct DES IV size when using FIPS v2.
2021-07-23 09:38:56 -07:00
8ee9024da9
More rebase fixes
2021-07-23 18:22:46 +02:00
23cff71bbf
Second wc_EccPrivateKeyDecode not needed now that it supports PKCS8
2021-07-23 18:14:54 +02:00
9f7aa32662
Fix merge conflict resolution in ECC_populate_EVP_PKEY
2021-07-23 18:14:54 +02:00
10168e093a
Rebase fixes
2021-07-23 18:14:54 +02:00
c7d6e26437
Fix DSA signature length
...
The length of the DSA signature is 40 bytes for N=160 but 64 bytes for N=256. New enum values are added for better clarity.
2021-07-23 18:14:18 +02:00
142ff6d885
Bind 9.11.22
2021-07-23 18:14:18 +02:00
553c930ecb
dot system test passed
2021-07-23 18:14:18 +02:00
763aa9b66d
Fix race condition with RsaKey
...
When RsaKey is shared and RsaPublicEncryptEx is called simultaneously by multiple threads, the key->state may be incorrectly set in some threads. This side-steps the state logic when building for bind9.
2021-07-23 18:14:18 +02:00
69948b3648
WIP
2021-07-23 18:14:18 +02:00
06ebcca913
Code review and mp_int memory leak fixes
2021-07-23 18:14:18 +02:00
b4fd737fb1
Bind 9.17.9 Support
...
- Add `--enable-bind` configuration option
- New compatibility API:
- `RSA_get0_crt_params`
- `RSA_set0_crt_params`
- `RSA_get0_factors`
- `RSA_set0_factors`
- `RSA_test_flags`
- `HMAC_CTX_get_md`
- `EVP_MD_block_size`
- `EC_KEY_check_key`
- `o2i_ECPublicKey`
- `DH_get0_key`
- `DH_set0_key`
- Calling `EVP_MD_CTX_cleanup` on an uninitialized `EVP_MD_CTX` structure is no longer an error
- `DH_generate_parameters` and `DH_generate_parameters_ex` has been implemented
2021-07-23 18:14:12 +02:00
9f99253a8b
Merge pull request #4219 from SparkiDev/math_neg_mod_2d
...
Maths: mp_mod_2d supports negative value now
2021-07-23 08:40:56 -07:00
2372ea45fb
Merge pull request #4229 from SparkiDev/ssl_reorg_4
...
Reorg of ssl.c: CONF, BIO, RAND and EVP_CIPHER
2021-07-23 07:45:30 -07:00
92b1f233c9
Merge pull request #4234 from SparkiDev/g++_fix_2
...
C++ fix: cast from void* to X509_OBJECT*
2021-07-23 07:45:05 -07:00
b80d14a872
update mention of report to include CVE number and last names
2021-07-23 21:38:58 +07:00
e130da181b
Merge pull request #4232 from SparkiDev/small_build_fixes
...
Small configurations: get compiling
2021-07-23 14:20:56 +07:00
94373781b2
C++ fix: cast from void* to X509_OBJECT*
2021-07-23 14:56:38 +10:00
f2852dad4a
fix memory leak with SMIME
2021-07-23 10:38:11 +07:00
9452c22653
Small configurations: get compiling
...
./configure --enable-psk -disable-rsa --disable-dh -disable-ecc
--disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --disable-coding
--disable-filesystem CFLAGS=-DNO_WOLFSSL_SERVER
./configure --enable-psk -disable-rsa --disable-dh -disable-ecc
--disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --disable-coding
--disable-filesystem CFLAGS=-DNO_WOLFSSL_CLIENT
2021-07-23 11:55:08 +10:00
ec180f3901
Use correct DES IV size when using FIPS v2.
2021-07-22 18:17:41 -07:00
715a8303d2
Reorg of ssl.c: CONF, BIO, RAND and EVP_CIPHER
...
Remove whitespace at end of lines in ssl.c.
2021-07-23 09:55:07 +10:00
ab226e1a73
Merge pull request #4212 from SparkiDev/sp_c_perf
...
SP C: change number of words for RSA/DH
2021-07-22 09:33:51 -07:00
d372f097f7
SP C: change number of words for RSA/DH
...
Faster small code and fast code.
Allow fixed 4096-bit FFDHE parameters in benchmark.
Convert [u]int[32|64|128]*_t types to sp_[u]int[32|64|128].
Add a div for when top bits are all 1
WOLFSSL_SP_FAST_LARGE_CODE added to make mul_add function faster on
non-embedded platforms.
Change mod_exp window sizes for same performance but less memory.
P256 with c32 now 9 words instead of 10.
2021-07-22 13:12:31 +10:00
6a3ff81f2d
use EVP_get_digestbyname
2021-07-22 08:17:55 +09:00
b4c61b4df9
add EVP_blake2xyyy
2021-07-22 08:17:54 +09:00
ffd69f6426
Merge pull request #4141 from kaleb-himes/FIPS_ANDROID_v454
...
Changes to support Android app with wolfCrypt module v4.5.4
2021-07-21 11:23:42 -06:00
c544c19013
Merge pull request #4227 from miyazakh/ERR_lib_error_string
...
add ERR_lib_error_string compatibility layer API
2021-07-21 11:19:29 -06:00
83c6688bee
Merge pull request #4135 from dgarske/evp_set1_eckey
...
Fixes for handling PKCS8 ECC key with EVP PKEY
2021-07-22 00:17:11 +07:00
49a6c19069
Merge pull request #4216 from dgarske/cube_4.8.0
...
Improvements to the ST Cube pack configuration template
2021-07-21 11:16:33 -06:00
2177430b8d
Merge pull request #4224 from JacobBarthelmeh/Release
...
update docs for 4.8.1
2021-07-21 09:00:42 -07:00
73ad0315ce
Merge pull request #4226 from douzzer/valgrind-fixes-20210720
...
fixes for valgrind-detected leaks and undefined data accesses
2021-07-21 08:43:00 -07:00
ede738b6e4
Merge pull request #4223 from SparkiDev/mem_usage_fixes_1
...
Memory allocation: fixes from memory usage generation
2021-07-21 08:20:09 -07:00
b76d44dad9
add ERR_lib_error_string
2021-07-21 10:31:00 +09:00
dc19ba2aa7
Memory allocation: fixes from memory usage generation
...
1. Configuration: If not fast math then don't set ALT_ECC_SIZE when
configuring.
2. ECC KeyShare: Key share entry's key was allocated with type
DYNAMIC_TYPE_PRIVATE_KEY, free with same type.
3. Ed25519: free the SHA-512 temporary object. WOLFSSL_SMALL_STACK_CACHE
builds have dynamicaly allocated data.
4. RSA: Don't keep allocating a new hash object in RsaMGF1 when compiled
with WOLFSSL_SMALL_STACK_CACHE.
2021-07-21 09:54:11 +10:00
2014d39254
fixes for valgrind-detected leaks and undefined data accesses: wolfSSL_{SHA*,MD5}_Final (OpenSSL compat wrappers): call wc_*Free() on sha state that otherwise leaks when _SMALL_STACK_CACHE; test_wc_curve25519_shared_secret_ex(): properly initialize public_key.
2021-07-20 18:26:05 -05:00
60288a5083
Merge pull request #4222 from TakayukiMatsuo/tk12625
...
SSL APIs: Add sanity check to some APIs
2021-07-21 09:00:03 +10:00
f18344c191
Fix logic error for calculation of PKCS header size in wolfSSL_i2d_PUBKEY.
2021-07-20 15:11:32 -07:00
aedd2a33db
Merge pull request #4221 from douzzer/sanitizer-fixes-20210719
...
misc sanitizer fixes etc
2021-07-21 00:40:09 +07:00
1a7c8ccbd1
Peer review fixes.
2021-07-20 10:02:16 -07:00
762b384be2
Fixes for -pedantic errors.
2021-07-20 10:02:16 -07:00
be6fd26f54
Fix for backwards compatibility for i2d_PrivateKey.
2021-07-20 10:02:16 -07:00
b344246549
Fix the new PKCS8 header check in wc_CreatePKCS8Key to use the right input buffer.
2021-07-20 10:02:16 -07:00
b8ed577e9a
Peer review fixes and improvements. Resolves issue with public API compatibility.
2021-07-20 10:02:16 -07:00
fd52424dd5
Improvements to PKCS8 handling.
...
* Fixes for handling PKCS8 in keys with EVP PKEY. Resolves QT test issues. Replacement to PR #3925 .
* Improved code handling for PKCS 8 headers. Change PemToDer to not strip the PKCS8 header.
* Add support in the ECC/RSA/DH key import code to support detection / handling of the PKCS8 header.
* Fix for `wc_RsaKeyToDer` to be exposed with `OPENSSL_EXTRA`.
* Adds EVP PKCS8 test case for RSA and ECC.
* Refactor `test_wolfSSL_OPENSSL_hexstr2buf` to resolve g++ compiler warning.
* Added new `WOLFSSL_TRAP_MALLOC_SZ` build option to trap mallocs that are over a specified size.
2021-07-20 10:02:16 -07:00
673becee74
Merge pull request #4210 from JacobBarthelmeh/Testing
...
handle edge case of input buffer malloc'd to location immediately aft…
2021-07-20 09:56:27 -07:00
932abbb6e6
update docs for 4.8.1
2021-07-20 21:20:15 +07:00
4cdbe0e23e
Merge pull request #4207 from haydenroche5/sblim-sfcb
...
Add support for sblim-sfcb port.
2021-07-20 20:41:46 +07:00
38fd577ded
Merge pull request #4218 from SparkiDev/sp_ecc_add_dbl
...
SP: ecc proj add point, dbl point fix
2021-07-20 18:57:48 +07:00
35a0258f47
Merge pull request #4220 from SparkiDev/ecc_neg_string
...
ECC: where reading strings, check for neg (invalid)
2021-07-20 18:56:00 +07:00
ed6e173fc3
Maths: mp_mod_2d supports negative value now
...
SRP: don't clear an mp_int that hasn't been initialized
2021-07-20 18:33:55 +10:00
f630fded44
Add sanity check to some APIs
2021-07-20 13:23:16 +09:00
a43cc4ebfa
openssl/sha.h: enlarge WOLFSSL_SHA384_CTX.holder to accommodate wc_Sha512.{devId,devCtx}.
2021-07-19 21:41:15 -05:00
fe94c36a7b
configure.ac: fix wrong constructions in environment setup for ENABLED_REPRODUCIBLE_BUILD.
2021-07-19 18:31:13 -05:00
5507a07563
Add support for sblim-sfcb port.
2021-07-19 16:28:44 -07:00
f8d1befdff
autogen.sh: leave .git/hooks/pre-{commit,push} alone unless they don't exist, to allow for local ecosystem-dependent customizations of the hooks.
2021-07-19 16:31:22 -05:00
4df6fb74b0
fix sanitizer-detected uninitialized/null data accesses: wc_SrpComputeKey(), XChaCha20Poly1305_test().
2021-07-19 16:29:43 -05:00
77c9b36b5a
Merge pull request #4181 from dgarske/sniffer_keycb
...
Sniffer fixes and new sniffer key callback support
2021-07-19 13:26:17 -07:00
020e23783b
Merge pull request #4180 from kaleb-himes/DEFAULT_CA_BOOL
...
Fix basic constraints extension present and CA Boolean not asserted
2021-07-19 23:08:27 +07:00
5b621cf039
ECC: where reading strings, check for neg (invalid)
2021-07-19 22:58:07 +10:00
d45e78b715
SP: ecc proj add point, dbl point fix
...
Set infinity field of points.
2021-07-19 12:45:52 +10:00
bbe47a81b7
Merge pull request #4183 from douzzer/ED-streaming-verify
...
add streaming API to the ED verify routines
2021-07-18 14:12:42 -07:00
186ff2b365
make -DNO_ED25519_KEY_{IMPORT,EXPORT} buildable, and fix api.c and suites.c so that -DNO_ED*_KEY_{IMPORT,EXPORT} pass make check.
2021-07-16 23:07:28 -05:00
ac92204c15
make -DNO_ED448_KEY_{IMPORT,EXPORT} buildable
2021-07-16 18:21:30 -05:00
785a8f83ed
evp.c: fixes in wolfSSL_EVP_CIPHER_CTX_ctrl() from peer review.
2021-07-16 17:52:28 -05:00
070ca6c34d
Fixes to properly support sniffer with secure renegotiation.
2021-07-16 14:48:22 -07:00
c97eff6e61
evp.c: add missing checks and logic in wolfSSL_EVP_CIPHER_CTX_ctrl(), and fix api.c:test_IncCtr() to exercise wolfSSL_EVP_CIPHER_CTX_ctrl() with EVP_CTRL_GCM_IV_GEN using an AES cipher, with thanks to Juliusz.
2021-07-16 15:30:23 -05:00
05128968f6
fixes for null pointer accesses detected by clang sanitizer. also, gate SuiteTest() on !NO_WOLFSSL_CIPHER_SUITE_TEST in tests/unit.c, greatly reducing time to completion when not debugging cipher suites.
2021-07-16 13:49:47 -05:00
5e8da2348f
ED: add --enable-ed25519-stream and --enable-ed448-stream to configure.ac, disabled by default, and add them to --enable-all and --enable-all-crypto lists, along with --enable-aesgcm-stream; report AES-GCM and ED* streaming API options in feature summary rendered at end;
...
refactor ED routines to pivot on WOLFSSL_ED*_PERSISTENT_SHA and WOLFSSL_ED*_STREAMING_VERIFY macros, with sha state in the key struct only when WOLFSSL_ED*_PERSISTENT_SHA, otherwise on the stack as before;
add ed*_hash_init() and ed*_hash_free() local helpers;
ED* peer review: fix line lengths, remove superfluous retval checks, tweaks for efficiency, and add ED448_PREHASH_SIZE to ed448.h.
2021-07-16 13:49:47 -05:00
9b43e57ccf
ED: add streaming API to the ED verify routines: wc_ed*_verify_msg_init(), wc_ed*_verify_msg_update(), wc_ed*_verify_msg_final();
...
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;
track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;
add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;
add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.
add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;
add macro asserts near top of ed*.h to assure the required hash functions are available;
fix {NO,HAVE}_ED*_{SIGN,VERIFY};
wolfcrypt/test/test.c: add missing key initializations in ed*_test();
wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
2021-07-16 13:49:47 -05:00
fe77e29ba0
Fix for SNI refactor handling of return codes. Fix for possible use of NULL on client array.
2021-07-16 11:23:20 -07:00
f408eeb5bb
Implement peer review suggestions
2021-07-16 09:57:11 -06:00
73323e694f
Addressing possible leaks in ssl.c and api.c
2021-07-16 09:48:06 -06:00
b9c707511b
Merge pull request #4211 from SparkiDev/ocsp_no_check
...
OCSP: improve handling of OCSP no check extension
2021-07-16 16:06:41 +07:00
f93083be72
OCSP: improve handling of OCSP no check extension
2021-07-16 12:19:39 +10:00
8e6c31b15d
ECC bench: can't use SAKKE curve with ECDH/ECDSA
...
Skip curve benchmarking when all curves are being benchmarked.
2021-07-16 12:06:14 +10:00
af98e64b88
Merge pull request #4208 from dgarske/leaks
...
Fixes for possible leaks with ECCSI and DH test
2021-07-16 08:59:11 +10:00
8a8b315ed8
Improvements to the ST Cube pack configuration template.
2021-07-15 14:02:56 -07:00
12a4517d6b
handle edge case of input buffer malloc'd to location immediately after output buffer
2021-07-15 22:38:48 +07:00
6c3c635be7
Merge pull request #4206 from julek-wolfssl/remove-api
2021-07-15 06:41:00 -07:00
6a0809b53b
Merge pull request #4185 from guidovranken/fix-gh-issue-4184
...
Fix compilation failure with WOLFSSL_PUBLIC_ECC_ADD_DBL
2021-07-15 16:19:30 +07:00
fc6aa19eb8
Merge pull request #4200 from haydenroche5/tcpdump
...
Add support for tcpdump with wolfSSL.
2021-07-15 14:57:47 +07:00
6458a8cedd
Merge pull request #4187 from SparkiDev/sp_math_mod_red_fix
...
SP math: montgomery reduction edge case
2021-07-15 14:33:26 +07:00
2959902a10
TLS 1.3: ability to turn peek change off
...
Allow post-handshake peeking for handshaking messages to be disabled.
Not all customers want to handle this.
Clear WOLFSSL_ERROR_WANT_READ error on entry to ReceiveData which was
set when peeking found handshake message.
2021-07-15 10:14:13 +10:00
fbbb290d9e
Fixes for possible leaks with HAVE_WOLF_BIGINT used by async in ECCSI and DH test. Fixes for GCC -fsanitize=address with --enable-all.
2021-07-14 14:57:32 -07:00
3ff21171cb
Fix for secure renegotiation, which was not keeping handshake resources. Added NULL checks for case where handshake resources might be free'd to prevent possible use of NULL. Refactor the SNI client hello processing to not assume TLS header is in prior buffer (not there for decrypted handshake packets).
2021-07-14 10:44:33 -07:00
f82fd01283
Merge pull request #4202 from JacobBarthelmeh/BuildOptions
...
fix for build with wpas and disable tls13
2021-07-14 09:07:08 -07:00
b5eef78cdb
Merge pull request #4176 from SparkiDev/sp_math_read_bin_max
...
SP math all: allow reading of bin up to max digit size
2021-07-14 16:03:32 +07:00
18399091ce
Merge pull request #4012 from julek-wolfssl/haproxy
...
HaProxy 2.4-dev18 support
2021-07-14 15:46:04 +07:00
81f3f417e8
Merge pull request #4190 from SparkiDev/bench_sakke_ecdsa
...
ECC bench: can't use SAKKE curve with ECDH/ECDSA
2021-07-13 15:39:25 -05:00
10987a69d7
Merge pull request #4201 from JacobBarthelmeh/Release
...
bump version for dev
2021-07-13 11:41:51 -07:00
0d55dcaaa0
Merge pull request #4188 from guidovranken/mp_invmod_slow-check
...
Add missing return value check in mp_invmod_slow
2021-07-14 01:27:10 +07:00
3f22721a86
use version from wolfssl/version.h with driver
2021-07-13 22:39:39 +07:00
2592a04d8a
fix for build with wpas and disable tls13
2021-07-13 15:49:40 +07:00
3bebcaaf54
bump version for dev
2021-07-13 04:18:52 +07:00
52b8c7b1fa
Merge pull request #4192 from haydenroche5/ocsp_http_header
...
Improve wolfIO_HttpProcessResponse HTTP header checking logic.
2021-07-12 14:13:07 -07:00
9f8e728672
Add support for tcpdump with wolfSSL.
2021-07-12 14:06:25 -07:00
db32570ab3
Fix for missing sp_radix_size with WC_MP_TO_RADIX.
2021-07-12 13:40:55 -07:00
add4a68465
Merge pull request #4199 from JacobBarthelmeh/Certs
...
Lighttpd build fix and gencertbuf on updated ed25519 certs
2021-07-12 09:15:50 -07:00
851c1fe1cf
fix for lighttpd build
2021-07-12 16:25:50 +07:00
2f9af5f753
gencertbuf on updated ed25519 certs
2021-07-12 14:31:03 +07:00
30baa83a0b
Merge pull request #4198 from douzzer/fix-linuxkm-for-v4.8
2021-07-09 19:15:23 -07:00
50d007ded8
Merge pull request #4196 from JacobBarthelmeh/Release
...
Release version 4.8.0
2021-07-09 14:33:26 -07:00
84539be656
Merge pull request #4197 from JacobBarthelmeh/Jenkins
...
Updates found with Jenkins tests
2021-07-09 14:32:43 -07:00
15c890179f
Linux kernel module: add an explicit -ffreestanding to CFLAGS in linuxkm/Makefile, and in wc_port.h ifdef WOLFSSL_LINUXKM, ignore -Wtype-limits in Linux kernel header files (needed for kernel v5.13), and suppress inclusion of stdint-gcc.h.
2021-07-09 15:23:07 -05:00
88b70a3906
update google cert that was set to expire in Dec 2021
2021-07-09 23:57:50 +07:00
c01a63508a
account for testing on big endian system
2021-07-09 08:18:39 -06:00
f4c4cf8afe
update changelog for release 4.8.0
2021-07-09 17:02:18 +07:00
e1b487ab9f
Fix for wc_export_int with WC_TYPE_HEX_STR, which was not returning the correct length.
2021-07-08 14:36:36 -07:00
4f055653c7
Restore TLS v1.3 hello_retry behavior with session id. Fix for SNI with default (no name) putting newline due to fgets.
2021-07-08 13:50:08 -07:00
500a6c8b27
prepare for release 4.8.0
2021-07-08 12:02:40 -06:00
4cb076f22b
Cleanup to remove duplicate stat sslResumptionValid. Add print of sslResumptionInserts.
2021-07-08 09:49:13 -07:00
ddbe0e6dab
Fix for sniffer stats on resume miss. The logic for hello_retry_request will no longer try and do resume, so restore BAD_SESSION_RESUME_STR error.
2021-07-08 09:31:59 -07:00
127add4bf7
include stddef for size_t type for ptr
2021-07-08 07:06:20 -06:00
7bcd0da164
warning for length used on strncpy
2021-07-08 15:51:17 +07:00
263e03748e
fix issue of handling partially streamed PKCS7 input
2021-07-08 15:25:40 +07:00
a250e1f23a
Merge pull request #4194 from ejohnstown/to-fix
...
Timeout Fix
2021-07-08 14:34:42 +07:00
c9aa23ac7a
Merge pull request #4191 from dgarske/htons
...
Fix for missing `XHTONS` with `WOLFSSL_USER_IO` and session tickets
2021-07-07 16:21:59 -07:00
00cab36b36
Timeout Fix
...
The macros setting up the timeout for the select used to timeout just
multiplied the ms by 1000 to make us. The BSD select used on macOS
doesn't like the us to be greater than 999999. Modified to carry the
excess us over into the seconds.
2021-07-07 16:14:48 -07:00
849020660f
Merge pull request #4182 from JacobBarthelmeh/CAAM
...
check return of DSA decode
2021-07-08 08:16:46 +10:00
b9dac74086
Merge pull request #4193 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis tests
2021-07-07 14:23:58 -07:00
86e5287a14
Merge pull request #4032 from TakayukiMatsuo/tk11968
...
Make wolfSSL_CTX_set_timeout reflect to Session-ticket-lifetime-hint
2021-07-07 22:26:06 +07:00
b7bd3766c7
Fix pedantic errors about macros in macros
2021-07-07 10:54:34 +02:00
7b9d6a3f5e
Merge pull request #3792 from TakayukiMatsuo/os_keylog
...
Add wolfSSL_CTX_set_keylog_callback
2021-07-07 15:34:33 +07:00
7422f07fb5
Improve wolfIO_HttpProcessResponse HTTP header checking logic.
...
Modify this function to just ensure that the response header starts with "HTTP
1.x 200" (where x is 0, 1, etc.).
2021-07-06 15:18:26 -07:00
41ac17cdc6
Improve support for XHTONS with WOLFSSL_USER_IO and session tickets with default encryption implementation !WOLFSSL_NO_DEF_TICKET_ENC_CB.
2021-07-06 13:13:35 -07:00
b1a6d88af6
fix for memory leak
2021-07-06 23:37:35 +07:00
fc7533fe5e
Code review changes
2021-07-06 16:14:25 +02:00
1acf906612
Code review changes
2021-07-06 15:39:23 +02:00
6dfc702364
Correct serverDH_Pub length on renegotiation
...
On a renegotiation the serverDH_Pub buffer may be too short. The previous DhGenKeyPair call may have generated a key that has a shorter binary representation (usually by one byte). Calling DhGenKeyPair with this shorter buffer results in a WC_KEY_SIZE_E error.
2021-07-06 15:39:23 +02:00
1b6b16c2c3
HaProxy 2.4-dev18 support
...
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
- `STACK_TYPE_X509_OBJ`
- `OCSP_id_cmp`
- `X509_STORE_get0_objects`
- `X509V3_EXT_nconf_nid`
- `X509V3_EXT_nconf`
- `X509_chain_up_ref`
- `X509_NAME_hash`
- `sk_X509_NAME_new_null`
- `X509_OBJECT_get0_X509`
- `X509_OBJECT_get0_X509_CRL`
- `ASN1_OCTET_STRING_free`
- `X509_LOOKUP_TYPE`
- `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
- WOLFSSL_CTX
- Enable all compiled in protocols
- Allow anonymous ciphers
- Set message grouping
- Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
- Return first that occured
- Set correct value on date error
- Set revoked error on OCSP or CRL error
- Save value in session and restore on resumption
- Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
2021-07-06 15:39:23 +02:00
a6ce91f3bb
fix for gcc-11 build with blake2
2021-07-06 14:53:39 +07:00
ae00b5acd0
some minor changes for unintialized and null infer reports
2021-07-06 14:13:45 +07:00
34528eb6c9
ECC bench: can't use SAKKE curve with ECDH/ECDSA
...
Skip curve benchmarking when all curves are being benchmarked.
2021-07-06 12:19:50 +10:00
e0f268e522
Simplify mp_invmod_slow fix
2021-07-06 02:29:31 +02:00
9783d64f7e
Add missing return value check in mp_invmod_slow
2021-07-06 02:13:42 +02:00
08ebd34f31
SP math: montgomery reduction edge case
...
4 and 6 word specific implementations now handle rare overflow correctly
in last mul-add of loop.
2021-07-06 10:03:24 +10:00
460b513594
Fix compilation failure with WOLFSSL_PUBLIC_ECC_ADD_DBL
...
Fixes https://github.com/wolfSSL/wolfssl/issues/4184
2021-07-03 19:31:29 +02:00
5df0f7820a
Add wolfSSL_CTX_set_keylog_callback
2021-07-03 14:51:23 +09:00
89866846d6
check return of DSA decode
2021-07-03 03:41:40 +07:00
26789ef877
Fix variable declaration mid-code.
2021-07-02 13:24:25 -07:00
2dd169f9a1
Added new sniffer API for callback for key use ssl_SetKeyCallback. Support indicated by WOLFSSL_SNIFFER_KEY_CALLBACK. Trace cleanup for custom error.
2021-07-02 12:18:56 -07:00
93a8f36530
Fix basic constraints extension present and CA Boolean not asserted
2021-07-02 12:16:16 -06:00
567d8ed704
Make wolfSSL_set_session return success on timeout under WOLFSSL_ERROR_CODE_OPENSSL macro definition.
2021-07-02 10:50:00 +09:00
aef9e560b1
Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint.
2021-07-02 09:15:01 +09:00
197b959916
Merge pull request #4177 from SparkiDev/ecc_exp_point_size
...
ECC: validate ordinate length before export
2021-07-01 17:07:35 -07:00
d16e374972
Merge pull request #4160 from JacobBarthelmeh/fuzzing
...
better checking on length of streaming buffer
2021-07-01 17:04:49 -07:00
43f8c5ba1b
Merge pull request #4121 from JacobBarthelmeh/PKCS7
...
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
2021-07-01 17:03:56 -07:00
9b8142c1ff
Merge pull request #4174 from SparkiDev/zephyr_2_6_99
...
Zephyr Project: update port to work with latest
2021-07-02 03:23:10 +07:00
e9e41d3344
Merge pull request #4070 from elms/fsanitize/undefined_fixes
...
address errors with `-fsanitize=undefined`
2021-07-01 13:00:06 -05:00
45486ac904
Merge pull request #4166 from miyazakh/supportedversion_ex_mindowngrade
...
not include smaller versions than minimum downgrade
2021-07-01 21:00:20 +07:00
7a42096643
Merge pull request #4175 from SparkiDev/sp_thumb_clang
...
SP: Thumb implementaton that works with clang
2021-07-01 20:39:06 +07:00
a992480f91
ECC: validate ordinate length before export
2021-07-01 15:50:04 +10:00
75e807abc6
Fixes for gcc-10 and -fsanitize=undefined for rabbit.c
...
* One introduced in #4156
* One from previous commit in this PR
2021-06-30 22:20:17 -07:00
6694775d4b
Changes to compile without XTREAM_ALIGN
...
Use macro to load 32 bits from input parameters key in hc128.c and input
in rabbit.c
Also fix warning about string copy.
2021-06-30 21:58:30 -07:00
56d879f422
address scan-build issues for clang 6 and 10
2021-06-30 21:58:30 -07:00
c9597ea735
sha3: align data for Sha3Update
2021-06-30 21:58:30 -07:00
dc7beab784
address errors with -fsanitize=undefined
...
- fix null dereferences or undefined `memcpy` calls
- fix alignment in `myCryptoDevCb`
- fix default dtls context assignment
- add align configure option to force data alignment
TESTED:
`./configure CFLAGS=-fsanitize=undefined\ -DWOLFSSL_GENERAL_ALIGNMENT=1 --enable-all`
2021-06-30 21:58:30 -07:00
4cff893c5f
SP math all: allow reading of bin up to max digit size
2021-07-01 14:29:58 +10:00
f9cd83743a
Fix include.am typo.
2021-06-30 08:42:15 -07:00
23b573c70a
Autoconf Include.am fixes, spelling and copyright.
2021-06-30 08:38:17 -07:00
c820b5679a
Merge pull request #4173 from SparkiDev/sp_int_mingw64
2021-06-30 06:57:58 -07:00
893b71e8c1
remove dead code
2021-06-30 19:54:25 +07:00
0277fa6d7c
Remove unused wolfSSL_StartSecureRenegotiation
2021-06-30 13:51:11 +02:00
23eededc36
simplify and fix max stream buffer length
2021-06-30 15:26:44 +07:00
b0688688c1
addressed review comments
2021-06-30 13:52:46 +09:00
60a520c525
SP: Thumb implementaton that works with clang
2021-06-30 13:10:29 +10:00
d1fb736136
Zephyr Project: update port to work with latest
2021-06-30 10:29:54 +10:00
36d534034c
SP math: cast number to sp_digit rather than declare as long
2021-06-30 09:28:51 +10:00
ae68de060a
Merge pull request #4171 from SparkiDev/sp_small_fast_modexp
...
SP: allow fast mod_exp to be compiled for small C code
2021-06-29 13:32:55 -07:00
0d1672dfee
Merge pull request #4170 from SparkiDev/sp_mingw64
...
SP: Don't cast number to sp_digit rather than declare as long
2021-06-29 13:32:28 -07:00
9179071af5
Merge pull request #4153 from JacobBarthelmeh/Testing
...
fix for keyid with ktri cms
2021-06-29 11:40:00 -06:00
e59cc79a1f
Document new WOLFSSL_SP_FAST_MODEXP option.
2021-06-29 09:16:27 -07:00
a748b5264e
Fix for wolfcrypt/src/sp_int.c:2720:34: error: left shift count >= width of type with mingw64.
2021-06-29 09:13:32 -07:00
b0e9531f26
Merge pull request #4169 from SparkiDev/dh_anon_tls12
...
TLS: Get DH anon working TLS 1.2 and below
2021-06-29 08:53:44 -07:00
303f944935
SP: allow fast mod_exp to be compiled for small C code
2021-06-29 12:51:21 +10:00
08e560e0a7
SP: Don't cast number to sp_digit rather than declare as long
...
mingw64 has numbers as 32-bit type when declarted long.
Fixup some line lengths.
2021-06-29 11:07:47 +10:00
f56bf3d8ee
TLS: Get DH anon working TLS 1.2 and below
...
Send the server DH parameters in ServerKeyExchange.
./configure '--enable-anon' '--disable-rsa' '--enable-oldtls'
2021-06-29 10:29:39 +10:00
0bb66f3023
Merge pull request #4167 from danielinux/pka_readme
...
port/st: added mention of the PKA support in README
2021-06-28 10:35:32 -07:00
33174cec5c
Merge pull request #4161 from dgarske/ssl_doxy
...
Added inline documentation for `wolfSSL_CTX_load_verify_buffer_ex`
2021-06-28 12:35:11 -05:00
15080317ce
port/st: added mention of the PKA support in README
2021-06-28 14:39:58 +02:00
80480e5d1f
Merge pull request #4163 from lealem47/rsa-test
...
Rsa test
2021-06-25 13:12:58 -07:00
5adbcfb3be
Merge pull request #4151 from SparkiDev/sp_math_all_base10
...
SP math all: fix read radix 10
2021-06-25 09:37:05 -07:00
63ad5d58a2
Merge pull request #4162 from ejohnstown/abi-update
...
ABI Update
2021-06-25 08:36:07 -07:00
5437883da7
Merge pull request #4164 from dgarske/async_frag
...
Fix for async with fragmented packets
2021-06-25 08:33:50 -07:00
74b9b5a8cd
Merge pull request #4156 from SparkiDev/regression_fixes_1
...
Regression test fixes
2021-06-25 07:48:02 -07:00
729fea6b71
unused variable fix in rsa_oaep_padding_test fix
2021-06-25 08:39:44 -06:00
5038a27cda
add test cases and set content oid with decode encrypted data
2021-06-25 21:16:01 +07:00
55002c56d2
update for ber padding
2021-06-25 18:57:28 +07:00
5bb52915b9
update test conf to fix jenkins failures
2021-06-25 16:31:49 +09:00
fbe086534a
SP math all: fix read radix 10
...
Ensure first digit is 0 when zeroing a number.
Check size of output in _sp_mul_d() - only place to be sure of overflow.
Modify callers of _sp_mul_d() to check return.
2021-06-25 15:55:32 +10:00
d576e3ef96
not send smaller versions than minimum downgradable version as supportedversion ext
2021-06-25 14:51:34 +09:00
dab6724059
Regression fixes: more configurations
...
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
&& make
./configure --disable-aescbc --disable-chacha --disable-poly1305
--disable-coding && make
2021-06-25 15:23:51 +10:00
873f10b0cf
Simplifying rsa_test() by extracting sections as separate functions
2021-06-24 20:47:14 -06:00
1994811d24
Merge pull request #4144 from haydenroche5/pkcs8
...
Make a bunch of PKCS#8 improvements.
2021-06-25 12:22:11 +10:00
dae6683803
Merge pull request #4030 from julek-wolfssl/ZD12235
...
Expand SHA-3 support
2021-06-25 12:18:03 +10:00
8592053856
Regression test fixes
...
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
2021-06-25 09:18:06 +10:00
45ef68d5c7
Fix for async with fragmented packets where inline crypto could be overwritten on reprocessing fragment. FIxes unit tests with --enable-all --enable-asynccrypt. Minor cleanup for line length and free verify RSA buffer sooner.
...
Reproducible with:
```
./examples/server/server -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -2
./examples/client/client -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 -2
```
2021-06-24 16:03:12 -07:00
66c29ef1ca
ABI Update
...
Add wolfSSL_CTX_set_verify to the ABI list.
2021-06-24 14:08:28 -07:00
4ef3c5d75c
Added inline documentation for wolfSSL_CTX_load_verify_buffer_ex.
2021-06-24 10:38:34 -07:00
656e49cc3b
Expand SHA-3 support
...
Add more support in the EVP layer as well as add signing support. The SHA-3 OID's were also added for DER algorithm identifier encoding.
2021-06-24 19:31:43 +02:00
c59d1f2e8d
Merge pull request #4155 from SparkiDev/ssl_reorg_3
...
Reorg of ssl.c: standard C wrappers, EX_DATA, BUF_MEM, TXT_DB
2021-06-24 09:53:53 -07:00
1ec212be81
Merge pull request #4159 from SparkiDev/sakke_eccsi_fix_1
...
SAKKE: fix configurations
2021-06-24 09:48:14 -07:00
97ab1bb013
Merge pull request #4154 from SparkiDev/hmac_update_ct
...
TLS hmac: handle truncated mac in Hmac_UpdateFinal_CT()
2021-06-24 09:28:22 -07:00
b826083fbf
better checking on length of streaming buffer
2021-06-24 23:06:37 +07:00
2fb6a9eacf
SAKKE: fix configurations
...
Fix position of sp_1024_norm_18 now that div requires it:
./configure --disable-shared --enable-sakke --disable-eccsi
--enable-sp
Fix missing '{' in sp_mulmod_table_1024:
./configure --disable-shared --enable-sakke --enable-eccsi
--enable-smallstack --enable-sp
2021-06-24 14:01:27 +10:00
92a4e30b69
Merge pull request #4158 from dgarske/nxp_ltc_rsa2
...
Fixes for NXP LTC with RSA and Blinding
2021-06-24 12:14:04 +10:00
73c90369c6
Fix for int neg being defined mid code. Fix limit check for mp_mulmod using hardware vs software. Resolves issue when using WC_RSA_BLINDING.
2021-06-23 14:45:52 -07:00
2d1b113f51
Fix for missing wolfcrypt_mp_prime_is_prime_ex def.
2021-06-23 14:45:52 -07:00
ae2f2b246e
Merge pull request #4148 from BrianAker/master
...
Fix for make distcheck, maintainer-clean, to allow distribution builds.
2021-06-23 10:33:06 -07:00
81daf9172b
Merge pull request #3872 from ejohnstown/pcExt
...
Policy Constraints Extension
2021-06-23 09:40:15 -07:00
b3401bd102
Make a bunch of PKCS#8 improvements.
...
- Add doxygen documentation for wc_GetPkcs8TraditionalOffset, wc_CreatePKCS8Key,
wc_EncryptPKCS8Key, and wc_DecryptPKCS8Key.
- Add a new API function, wc_CreateEncryptedPKCS8Key, which handles both
creation of an unencrypted PKCS#8 key and the subsequent encrypting of said key.
This is a wrapper around TraditionalEnc, which does the same thing. This may
become a first-class function at some point (i.e. not a wrapper). TraditionalEnc
is left as is since it is used in the wild.
- Added a unit test which exercises wc_CreateEncryptedPKCS8Key and
wc_DecryptPKCS8Key. Testing wc_CreateEncryptedPKCS8Key inherently also tests
TraditionalEnc, wc_CreatePKCS8Key, and wc_EncryptPKCS8Key.
- Modified wc_EncryptPKCS8Key to be able to return the required output buffer
size via LENGTH_ONLY_E idiom.
- Added parameter checking to wc_EncryptPKCS8Key and wc_DecryptPKCS8Key.
2021-06-23 08:39:20 -07:00
f762672a12
Merge pull request #4157 from julek-wolfssl/app-data-reason
...
Add a reason text for APP_DATA_READY
2021-06-23 08:30:19 -07:00
4eff3ff3dd
Add a reason text for APP_DATA_READY
2021-06-23 13:43:56 +02:00
945acb4c2f
Reorg of ssl.c: standard C wrappers, EX_DATA, BUF_MEM, TXT_DB
2021-06-23 11:28:38 +10:00
2923d812bd
Merge pull request #4058 from miyazakh/qt_oslext_cs
...
TLS: extend set_cipher_list() compatibility layer API
2021-06-23 10:12:11 +10:00
5cf7e17820
TLS hmac: handle truncated mac in Hmac_UpdateFinal_CT()
2021-06-23 09:54:41 +10:00
a5852fe440
Merge pull request #4119 from julek-wolfssl/dtls-seq-num-refactor
...
Refactor `dtls_expected_peer_handshake_number` handling
2021-06-22 16:29:45 -07:00
eccfb4f632
Merge pull request #4125 from dgarske/sniffer_etsi
...
TLS: Fixes for sniffer and static ephemeral keys
2021-06-23 09:17:13 +10:00
4b3bd3e384
Merge pull request #4049 from miyazakh/set_verifyDepth_3
...
Set verify depth limit
2021-06-22 10:23:43 -06:00
b70e028200
Merge pull request #4087 from miyazakh/get_ciphers_compat
...
higher priority of cipher suite is on top of stack
2021-06-22 10:22:43 -06:00
446393bcab
Merge pull request #3793 from TakayukiMatsuo/os_base64
...
Add wolfSSL_EVP_Encode/Decode APIs
2021-06-22 10:19:30 -06:00
b050463dce
Merge pull request #4059 from miyazakh/qt_unit_test
...
fix qt unit test
2021-06-22 10:12:48 -06:00
647bde671c
macro guard on test case
2021-06-22 22:56:35 +07:00
2b1a6cfb54
add setting contentOID with decode enveloped data
2021-06-22 22:06:16 +07:00
a4b5ebb62f
remove contentOID check
2021-06-22 21:59:57 +07:00
31e8784057
fix for compressedData eContent encoding with PKCS7
2021-06-22 21:59:57 +07:00
9c2de0e40a
wc_PKCS7_DecodeCompressedData optionally handle a packet without content wrapping
2021-06-22 21:59:57 +07:00
3cd43cf692
fix for keyid with ktri cms
2021-06-22 21:33:12 +07:00
67b87a8883
Merge pull request #4127 from douzzer/wolfsentry-client
...
outbound connection filtering and wolfSentry integration
2021-06-22 07:27:18 -07:00
c4ea64b7fc
Merge pull request #4140 from SparkiDev/set_sig_algs
2021-06-21 19:18:10 -07:00
52582ede28
Merge pull request #4146 from SparkiDev/pkcs11_dec_final
...
PKCS #11 : Use C_Decrypt instead of C_DecryptUpdate
2021-06-21 15:28:45 -07:00
ab2c1e117e
Merge pull request #4149 from guidovranken/wc_ecc_verify_hash_ex-alloc-check
...
ECC: wc_ecc_verify_hash_ex, return if ALLOC_CURVE_SPECS() fails
2021-06-22 08:24:22 +10:00
716237c5dd
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
4942220718
Merge pull request #4150 from elms/fix/sniffer_no_dh
...
Fix build with `--enable-sniffer --disable-dh`
2021-06-21 12:47:58 -07:00
a409e7c9ce
Fix build with --enable-sniffer --disable-dh
2021-06-21 09:42:51 -07:00
7491a44bb4
Fix for possible memory leak case on mp_init failure in wc_ecc_verify_hash_ex with WOLFSSL_SMALL_STACK.
2021-06-21 09:19:47 -07:00
7c600e3ebc
In wc_ecc_verify_hash_ex, return if ALLOC_CURVE_SPECS() fails
...
This prevents a NULL pointer dereference later in the function.
2021-06-20 22:29:20 +02:00
2d497d1cf5
Fix for make distcheck, maintainer-clean, to allow distribution builds.
...
This the second pass at this after seeing how fips is added to tree in later phases.
This allow autoreconf to be directly called which allows the Makefile to rebuild when seeing that changes have been ( having an autogen.sh is older convention which left to history in the way autotools are invoked )
This fixes "make distcheck" and "make maintainer-clean" which are required by most distributions packaging systems.
The files previously touched by autogen.sh are now properly placed into autoconf.
The include files files are generated by configure. ( There is a note placed in configure.ac as to why and reference to the automake documention for this ). Append to file was done on purpose, touch cannot be in configure safetly. Normally autoheader would be used for this but since the include files are created out of tree, care has to be taken to not overwrite those file.
For the source files, they were moved into the coresponding automake file. It is safe to use touch in automake. Since files can optionally copied from elsewhere, they have to be listed in BUILT_SOURCES. They are written srcdir in order to allow make to do VPATH builds ( which is configure by make distcheck ).
To show fips files are preserved without having the actual fips files, a C style comment can be echoed into the files.
There are a few current, but outstanding issues.
1) config.h needs to be fixed configure.ac to use autoheader in order to allow configure to know to rebuilt depencies on its changes. ( Out of scope for this patch. )
2) verion.h checked into the tree and it is a built file. A make maintainer-clean followed by "git status --ignored" will confirm this. ( Out of scope for this patch )
3) autogen.sh has not been updated to reflect fixes. I believe that for this patch, it should be left alone and checked for regression in Jenkins by itself.
4) There is an out of date .spec file for building RPM which should be updated now that distcheck is working.
5) maintainer-clean should have rule added to remove build-aux testdriver.
This has been tested on current Ubuntu testing, OSX, Fedora 34, and Debian 10.
Additionaly "make distcheck" should be added to regression testing, along with "make maintainer-check".
Other improvement possibilities:
A possible future improvement is to let autoconf handle build with optional out of dist files.
Modify fips configure.ac check to allow for an injection of comments into blank fips files in order to prove distribution of fips/non-fips builds.
Update git rules to use 'make maintainer-clean', 'autoreconf -if', 'make distcheck'.
2021-06-19 20:16:14 -07:00
149920fc14
Merge pull request #4110 from dgarske/config_examples
...
Additional user_settings.h examples
2021-06-18 12:00:29 -05:00
5a685ca37e
Merge pull request #4139 from SparkiDev/etm_check_pad
...
TLS EtM: check all padding bytes are the same value
2021-06-18 08:14:46 -07:00
15065175d8
Merge pull request #4145 from SparkiDev/sp_int_neg_mod
...
SP int negative: check size of a in mp_mod
2021-06-18 08:14:02 -07:00
7224fcd9bc
TLS: add support for user setting signature algorithms
2021-06-18 16:19:01 +10:00
fbb7a40295
simplified string parse
2021-06-18 11:55:09 +09:00
b52ff200de
addressed code review part2
2021-06-18 11:22:23 +09:00
368dd7b501
address review comments part1
2021-06-18 11:22:22 +09:00
23a3c7f5f5
fixed no-termination
2021-06-18 11:22:21 +09:00
1ebb4a47f6
addressed jenkins failure
2021-06-18 11:22:20 +09:00
a4ff5de369
always tls13 suites in the front position
2021-06-18 11:22:20 +09:00
4feedb72cc
simulate set_ciphersuites comp. API
2021-06-18 11:22:19 +09:00
699a75c211
PKCS #11 : Use C_Decrypt instead of C_DecryptUpdate
...
Some PKCS #11 devices need final called (implicit in C_Decrypt).
2021-06-18 12:14:34 +10:00
23fc810b3c
added more context
2021-06-18 11:10:13 +09:00
ddf2a0227f
additional fix for set verify depth to be compliant with openssl limit
2021-06-18 11:00:51 +09:00
2bbf7cc0fb
addressed review comments
2021-06-18 10:49:24 +09:00
3d5c5b39ac
Merge pull request #4134 from embhorn/joi-cert
...
Update use of joi cert and add to renew script.
2021-06-17 18:28:12 -07:00
b59c60db8a
ssl.c: fix build gating on wolfSSL_X509_get_ex_new_index() again (fixing rebase error).
2021-06-17 20:14:54 -05:00
8c75553e08
wolfSentry integration: move rest of recyclable code out of examples and into wolfsentry_setup() in wolfssl/test.h, and implement peer review corrections on error codes and string.h wrapper macros.
2021-06-17 20:05:40 -05:00
55ed985c9a
include error-ssl.h, not error-crypt.h, in wolfssl/test.h, and fix rebase error in src/ssl.c.
2021-06-17 20:05:40 -05:00
1c9ea6228c
ssl.c: fix build gating on wolfSSL_X509_get_ex_new_index().
2021-06-17 20:05:40 -05:00
93dfb4c7f4
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config.
...
also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-17 20:05:40 -05:00
2fb80ceb59
Merge pull request #4133 from dgarske/crypto_cb_25519
...
Adds crypto callback support for Ed/Curve25519 and SHA2-512/384
2021-06-18 09:47:30 +10:00
18fc1b7e63
Merge pull request #4006 from elms/refactor_pointer_manipulation
2021-06-17 16:37:03 -07:00
485cfd798b
SP int negative: check size of a in mp_mod
...
When using negative numbers, t is allocated to be one digit longer than
a->used. Fail when a->used is SP_DIGIT_MAX.
2021-06-18 09:28:51 +10:00
951de64e2c
set PSK at the beginning
2021-06-18 07:59:35 +09:00
3386069490
add LOAD flag to be compliant with OpenSSL
2021-06-18 07:59:34 +09:00
af917cc55e
tell error code
2021-06-18 07:59:34 +09:00
976b6ae97c
not push CA, revert error code when being OpensslExtra mode
2021-06-18 07:59:33 +09:00
cd73cf3d0f
fix Qt unit test verifyClientCert
2021-06-18 07:59:32 +09:00
8b9bf041c1
addressed review comments
2021-06-18 07:50:06 +09:00
98ce4e901a
TLS EtM: check all padding bytes are the same value
...
Must be constant time so as not to provide an oracle.
That is, don't leak length of data and padding.
2021-06-18 08:42:48 +10:00
22430ccdd3
higher priority of cipher suite is on top of stack
2021-06-18 07:42:41 +09:00
9181c949ae
Added static ciphers and sniffer. Fixed spelling.
2021-06-17 15:19:45 -07:00
ffb9a8b440
Improve the user_settings_template to incude Windows. Added STM32 configuration example.
2021-06-17 15:19:45 -07:00
8b14bf2951
Additional user_settings.h examples.
2021-06-17 15:19:45 -07:00
4bff3b6c69
Fix issue with WOLFSSL object copying CTX and object free'ing. Track ownership of the static key info.
2021-06-17 15:12:07 -07:00
155621b611
Fix to prevent static ephemeral memory leak if WC_PK_TYPE_NONE is used for auto-detect. Add DER PK auto detect support. Add sniffer ssl_SetWatchKey_buffer support for static ephemeral.
2021-06-17 15:11:03 -07:00
258e0c10da
Merge pull request #4142 from elms/fix/memtest
...
test: Fix memtest callbacks
2021-06-17 14:01:21 -07:00
5440b6c63c
Fix for intel asm SHA512 where HAVE_INTEL_AVX1 or HAVE_INTEL_AVX2 is defined, but USE_INTEL_SPEEDUP is not. Fix for scan-build error with test.c ret not used.
2021-06-17 13:50:09 -07:00
bd6a353921
Merge pull request #4083 from dgarske/stm32_aes_gcm
...
Fix for STM32 AES GCM for HAL's that support byte sized headers
2021-06-17 13:08:15 -06:00
91f002235e
make: --enable-memtest track and --enable-memtest=fail to force failure
2021-06-17 10:45:39 -07:00
ad59b8af45
test: Fix memtest callbacks
2021-06-17 10:15:11 -07:00
c802ea7ebd
Fix for unaligned authentication tag sizes when the STM32 Cube HAL supports it with CRYP_HEADERWIDTHUNIT_BYTE.
2021-06-17 08:15:44 -07:00
b6ec698a83
Fix for FIPS case with hkdf_test.
2021-06-17 08:15:44 -07:00
14b845a9a5
Fixes for wolfCrypt HMAC test without SHA1/SHA2. Added NO RNG option to cube pack configuration template.
2021-06-17 08:15:44 -07:00
e8c4f857e1
Fix to use accelerated AES GCM when auth is not 4-byte aligned on platforms supporting byte header size.
2021-06-17 08:15:44 -07:00
a1517dbfe4
Merge pull request #4138 from SparkiDev/ssl_reorg_2
...
Reorg of ssl.c: X509_STORE_CTX and X509_STORE APIs isolated
2021-06-17 07:38:25 -07:00
eb7896919b
Merge pull request #4137 from SparkiDev/tls13_hrr_ch_ems
...
TLS EMS ext: TLS13 - send in second CH if in first
2021-06-17 07:29:19 -07:00
5751e20bcc
Merge pull request #4136 from SparkiDev/tfm_size_checks
...
tfm: fix length check in add and mul_d
2021-06-17 07:28:40 -07:00
b29fa9bd33
Changes to support Android app with wolfCrypt module v4.5.4
2021-06-17 08:11:40 -06:00
ad4baec0f5
Merge pull request #4090 from JacobBarthelmeh/CAAM
...
CAAM: add dynamic setup of entropy delay on init
2021-06-17 17:06:01 +10:00
d09b7153f2
address review items
2021-06-17 09:43:06 +07:00
4bba282a70
TLS EMS ext: TLS13 - send in second CH if in first
2021-06-17 11:40:48 +10:00
effa7e079d
Reorg of ssl.c: X509_STORE_CTX and X509_STORE APIs isolated
2021-06-17 11:38:26 +10:00
98147de422
Fix for wolfCrypt test not calling init for ed25519 tests.
2021-06-16 16:44:28 -07:00
54cef64250
Merge pull request #4128 from SparkiDev/ssl_reorg_1
...
Reorg of ssl.c: PKCS7, PKCS12, crypto-only APIs isolated
2021-06-16 16:12:03 -07:00
9023c4d65a
tfm: fix length check in add and mul_d
...
Check that the overflow digit is going to fit rather than whether we are
at limit after adding digit.
2021-06-17 09:11:01 +10:00
93ae372c55
Merge pull request #4132 from dgarske/exebits
...
Remove execute bit on update pem/der files
2021-06-16 17:20:53 -05:00
0fc9c33f84
Wire up Ed25519 SHA512 to use devId.
2021-06-16 13:15:06 -07:00
54f69079a8
Merge pull request #4131 from elms/fix/g++_enum_logical_op
...
fixes build with g++ automatically converting enum to int
2021-06-16 13:09:06 -07:00
1307972344
Update use of joi cert and add to renew script.
2021-06-16 13:55:36 -05:00
15d761a0c2
Added ED25519 and Curve25519 crypto callback support.
2021-06-16 11:49:24 -07:00
9c24731e3c
Added SHA2-384/512 crypto callback support.
2021-06-16 11:49:24 -07:00
27218e1d40
Merge pull request #4129 from JacobBarthelmeh/Testing
...
add cert generation to renewcerts script
2021-06-16 10:21:59 -07:00
90d894b9fd
Remove execute bit on update pem/der files.
2021-06-16 10:17:20 -07:00
852892c85b
Merge pull request #4130 from embhorn/zd12463
...
Fix BIO_free_all return type
2021-06-16 10:06:49 -07:00
e39fc4b6ec
Merge pull request #4099 from embhorn/zd12274
...
Fix nonblocking ret value from crlIOCb
2021-06-16 10:05:04 -07:00
75445f7810
fixes build with g++ automatically converting enum to int
2021-06-16 09:40:20 -07:00
b3bfe2d12b
Fix BIO_free_all return type
2021-06-16 09:51:45 -05:00
9e02655ac4
Merge remote-tracking branch 'upstream/master' into os_base64
2021-06-16 23:19:52 +09:00
d8fc01aabf
add cert generation to renewcerts script
2021-06-16 14:31:33 +07:00
2ca6550207
Reorg of ssl.c: PKCS7, PKCS12, crypto-only APIs isolated
...
Moved functions to bottom of file in groups.
Whitespace changed but not code.
PKCS7 APIs and wolfSSL_d2i_PKCS12_fp now protected by !NO_CERTS
2021-06-16 16:08:24 +10:00
3a885aba23
Refactor pointer manipulation to be independent of datatype width
...
Tested with `./configure CFLAGS="-DNO_64BIT" --disable-sha512
--disable-sha384 --enable-harden` on a 64-bit machine
2021-06-15 21:08:49 -07:00
5bb639f6db
Merge pull request #4126 from dgarske/certs_test_expired
...
Fixes for expired test certs
2021-06-16 11:25:54 +10:00
d849606bba
Merge pull request #4109 from guidovranken/Base64_SkipNewline-fixes
...
Additional length check improvements in Base64_SkipNewline
2021-06-16 08:52:32 +10:00
b73673a218
Merge pull request #3794 from TakayukiMatsuo/os_keyprint
...
Add wolfSSL_EVP_PKEY_print_public
2021-06-16 08:43:41 +10:00
1374ab7da5
Merge pull request #4123 from SparkiDev/sp_int_neg_cmp
...
SP math all: sp_cmp handling of negative values
2021-06-15 15:33:29 -07:00
6d95188f4b
Fixes for expired test certs. Generated using cd certs/test && ./gen-testcerts.sh.
2021-06-15 15:07:34 -07:00
8900d05167
Fix nonblocking ret value from crlIOCb
2021-06-15 15:31:29 -05:00
2f39e6c217
Merge pull request #4122 from kaleb-himes/BUGREPORT_M_W_GCOV
...
Address bug that fails to ignore select files generated by gcov. Thanks to M.W. for the report
2021-06-15 11:07:30 -07:00
a9515b80eb
Merge pull request #4108 from elms/fix/scripts/paths_w_spaces
...
tests: fix test scripts for paths with spaces
2021-06-15 08:18:08 -07:00
c6680d08ba
Fix coding issues
2021-06-15 11:16:38 +09:00
cce96f5fe6
Merge pull request #4114 from dgarske/secrene_extmst
...
Check for insecure build combination of secure renegotiation and no extended master secret
2021-06-15 10:52:25 +10:00
12c358bc30
Merge pull request #3979 from dgarske/tls13_async
...
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
2021-06-15 10:02:19 +10:00
b9715432f8
SP math all: sp_cmp handling of negative values
2021-06-15 09:44:06 +10:00
07784e9f56
Merge pull request #4066 from dgarske/stm_pka
...
Fixes for STM32 PKA with ECC
2021-06-15 08:33:50 +10:00
77df7d8630
Merge pull request #3968 from elms/pedantic_cleanup
...
Fixes for some `-pedantic` errors
2021-06-14 13:46:39 -07:00
831e1713f1
Merge pull request #4076 from TakayukiMatsuo/st_timeout
...
Add session ticket timeout check in DoSessionTicket
2021-06-14 13:44:32 -07:00
fd6b30ef32
Merge pull request #4111 from elms/silabs/fix_ecc_shared_secret_outlen
...
silabs: fix `wc_ecc_shared_secret` to only return x coordinate
2021-06-14 13:44:00 -07:00
eea9866967
Address bug that fails to ignore select files generated by gcov. Thanks to M.W. for the report
2021-06-14 14:40:11 -06:00
7ad4a3dffd
Merge pull request #4086 from miyazakh/psk_length_zero
...
treats a return of zero from callback as no psk available
2021-06-14 13:54:00 -06:00
a8d185cb9e
Merge pull request #4117 from TakayukiMatsuo/tk12403
...
Add null-parameters-test cases for SHA(), SHA224(), MD5() and MD5_xxx().
2021-06-14 13:52:01 -06:00
9d569dfeb7
Merge pull request #4116 from miyazakh/tcp_accept
...
fix api unit test compile failure
2021-06-14 13:49:00 -06:00
9ae021d2cb
tests: server example doesn't like empty string params
...
But it's ok with them at the end
2021-06-14 12:01:09 -07:00
a110f249bd
Merge pull request #4118 from JacobBarthelmeh/ECC
...
add error return with alloc curve macro
2021-06-14 10:46:42 -07:00
2ffc0a8392
Remove casts that are not needed.
2021-06-14 08:47:40 -07:00
4d4b3c9e8a
Fixes for return codes on STM PKA code. Fix for const warnings.
2021-06-14 08:47:40 -07:00
98ab62ea74
Fix for STM32 PKA ECC point mapping, which is handled in hardware.
2021-06-14 08:47:38 -07:00
7b6005d467
Remove unused STM32 cofactor.
2021-06-14 08:46:20 -07:00
b0782cb8f8
Fix for improperly initialized PKA_ECDSASignOutTypeDef on STM32 PKA sign.
2021-06-14 08:46:20 -07:00
839231c508
Fixes for STM32 PKA compiler warnings.
2021-06-14 08:46:20 -07:00
70063213a5
additional comments, code readability, and error check
2021-06-14 21:40:51 +07:00
1ee0c3a7fd
Refactor dtls_expected_peer_handshake_number handling
...
Moving the `dtls_expected_peer_handshake_number` value along has been moved to one location. It has also been changed to not keep state before a cookie exchange has been completed.
2021-06-14 15:51:04 +02:00
bba1c8b433
add error return with alloc curve macro
2021-06-14 20:33:20 +07:00
64298a2c4a
Merge pull request #4094 from guidovranken/DecodePolicyOID-XSNPRINTF
...
Improve checking of XSNPRINTF return value in DecodePolicyOID
2021-06-14 19:58:09 +07:00
ed4cf6e91c
silabs: fix wc_ecc_shared_secret to only return x coordinate
...
secure element computes and returns the full coordinate. The wolfSSL
API should only return the x component.
2021-06-13 21:46:23 -07:00
ebec2fbd25
Fixed uninitialized parameter for Base16_Encode
2021-06-14 13:45:12 +09:00
21db484f50
tests: fix test scripts for paths with spaces
2021-06-13 21:37:07 -07:00
f163a4e18f
Return BUFFER_E from DecodePolicyOID if XSNPRINTF indicates insufficient buffer space
2021-06-14 03:55:13 +02:00
220bfe9926
Fix Base64_SkipNewline such that tests pass
2021-06-14 03:42:41 +02:00
3180ec96a5
Merge pull request #3963 from dgarske/nxp_ltc_rsa
...
Fixes for NXP LTC ECC/RSA
2021-06-14 08:29:24 +10:00
50526cfe67
Changed some logics for simplicity
2021-06-14 03:26:00 +09:00
6d3b9aec80
fix api compile failure
2021-06-12 09:24:11 +09:00
5e6b8e50c8
Fix to set groups for client benchmark test.
2021-06-11 14:12:15 -07:00
2e4e65f518
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
...
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
2021-06-11 14:12:12 -07:00
7eb840d615
Merge pull request #4115 from SparkiDev/ed25519_openssl_fix
...
ED25119 and SHAKE-256: fixes
2021-06-11 10:41:51 -07:00
5f99979597
Peer review feedback and improvements.
2021-06-11 09:10:26 -07:00
b28aab4cf9
Merge pull request #4098 from SparkiDev/san_hw_name_fix
...
Certs: fix leak when multiple hardware names in SAN
2021-06-11 08:25:28 -07:00
5a78574a8a
Add new scripts to include.am.
2021-06-11 08:19:23 -07:00
ed5cb0a1bd
Modified along the revire comments
2021-06-11 21:08:27 +09:00
779e3701e6
Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint
2021-06-11 13:56:52 +09:00
1a9b59b183
Add macro guard for LowResTimer
2021-06-11 11:58:55 +09:00
89156908da
Merge pull request #4021 from embhorn/zd12233
...
Fix heap-buffer-overflow issues in wolfSSL_SMIME_read_PKCS7
2021-06-11 12:38:52 +10:00
36a9cd3010
Merge pull request #3911 from TakayukiMatsuo/tk11851
...
Fix SSL_read behaving differently from openSSL after bidirectional shutdown
2021-06-11 10:25:39 +10:00
e720762b5a
Merge pull request #4010 from JacobBarthelmeh/fuzzing
...
fix for use after free issue on error cases
2021-06-11 10:21:30 +10:00
ed14e593c7
ED25119 and SHAKE-256: fixes
...
SHAKE-256 is off by default now. Make sure WOLFSSL_SHAKE256 doesn't make
it into options.h.
Fix openssl.test usage of ed25519 certificates.
Add scripts that regenerate certificates
2021-06-11 10:13:31 +10:00
61314f3971
Added build error for insecure build combination of secure renegotiation enabled with extended master secret disabled when session resumption is enabled.
2021-06-10 16:44:23 -07:00
4e881a226a
Merge pull request #4088 from julek-wolfssl/dtls-mtu-define
...
Change magic number 100 bytes to an enum define
2021-06-10 09:22:08 -07:00
624e150c7b
Merge pull request #3827 from SparkiDev/tls13_psk_hash
...
TLS 1.3 PSK: use the hash algorithm to choose cipher suite
2021-06-10 06:59:40 -07:00
2fc5b03d71
Merge pull request #4102 from danielinux/psoc6-sha-fixes
...
[PSOC6_CRYPTO] Do not directly include psoc6 port header to prevent loops
2021-06-10 06:57:17 -07:00
3ecb8d5a3e
Merge pull request #4062 from dgarske/dh_key
...
DH Key and Params Export cleanups and Apache httpd fixes
2021-06-10 20:54:32 +10:00
4d3f2f92fd
Add test cases for SHA(), SHA224(), MD5() and MD5_xxx() to test with null parameters.
2021-06-10 16:40:51 +09:00
56c317e1ab
Merge pull request #4052 from elms/gcc11_fixes
...
fixes for gcc 11 compile and other whitespace
2021-06-10 15:51:04 +10:00
7e0c372e4c
TLS 1.3 PSK: use the hash algorithm to choose cipher suite
...
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH
Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
2021-06-10 09:55:27 +10:00
c6c7dfd5db
Merge pull request #4053 from SparkiDev/cppcheck_fixes_6
...
cppcheck: fixes from reviewing report
2021-06-09 12:51:30 -07:00
a6edff7bd5
Merge pull request #4017 from SparkiDev/not_ecc_pk_cb
...
ECC: Disable ECC but have Curve25519/448 and PK callbacks fix
2021-06-09 12:38:37 -07:00
c6fc709502
Merge pull request #4072 from SparkiDev/ecc_sp_c_mod_sub_fix
...
SP C ECC: mont sub - always normalize after sub before check for add
2021-06-09 12:36:46 -07:00
fb366f063e
Additional length check improvements in Base64_SkipNewline
2021-06-09 19:16:07 +02:00
a68542e6f4
Fix heap-buffer-overflow issues in wolfSSL_SMIME_read_PKCS7
2021-06-09 08:32:52 -05:00
5a54bb656b
make macros for pragma to compile with gcc11
2021-06-08 19:20:20 -07:00
d8cd7cbee1
Merge pull request #4024 from kabuobeid/zd12245
...
PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.
2021-06-09 10:06:02 +10:00
c6646ae9c8
Merge pull request #4044 from julek-wolfssl/ZD12270
...
Check for XREAD when XFREAD fails
2021-06-09 09:48:25 +10:00
50dca86dcf
Merge pull request #3878 from JacobBarthelmeh/ECC
...
add deterministic k generation for ECC sign
2021-06-09 09:47:19 +10:00
8fa4dedf97
Merge pull request #4096 from vaintroub/master
...
MSVC, ARM64 - correct 64bit detection
2021-06-09 09:40:47 +10:00
32c215775a
Merge pull request #4093 from guidovranken/DecodeResponseData-allocation-check
...
ASN: Catch allocation failure in DecodeResponseData
2021-06-09 09:38:53 +10:00
9580574382
Merge pull request #3999 from dgarske/user_io
...
Fixes for building with `WOLFSSL_USER_IO`
2021-06-09 08:55:36 +10:00
70d2c838bb
Merge pull request #4080 from kaleb-himes/SHAKE_DEFAULT_FIX
...
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-09 08:52:05 +10:00
ae4af3c681
Merge pull request #4071 from SparkiDev/fp_ecc_long_order
...
ECC FP: cached doesn't work when order has more bits than prime
2021-06-08 12:17:04 -07:00
4a85127507
Improve wc_DhKeyToDer for public key size calculation. Fixes bug with the output too (was missing 1 byte in length for the unused bits byte in bit string).
2021-06-08 09:55:56 -07:00
9b215c5138
Fixes for DH Pub key import/export and new test case. Improve wc_DhParamsToDer.
2021-06-08 09:27:30 -07:00
6db0b42c7f
* Refactor of DH key and param exports code (moved into asn.c) enabled with WOLFSSL_DH_EXTRA.
...
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
2021-06-08 09:27:26 -07:00
54d13f63c1
Merge pull request #4067 from haydenroche5/pkcs8
...
Add an API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key.
2021-06-08 09:21:53 -07:00
34d8073fbd
remove dead code
2021-06-08 22:45:28 +07:00
de70681229
Improve code comments to explain FP_ECC limitation for SECP160R1, SECP160R2, SECP160K1 and SECP224K1.
2021-06-08 08:41:36 -07:00
61eae79f71
Merge pull request #4074 from SparkiDev/ecdsa_dbl_table_point
...
ECDSA FP ECC: fix corner case
2021-06-08 08:35:17 -07:00
5586bc349c
Merge pull request #4056 from SparkiDev/mp_int_rem_apis
...
MP Integer: remove unsupported API prototypes
2021-06-08 08:08:04 -07:00
50e8509a36
Merge pull request #4037 from SparkiDev/prime_test_err_check
...
TFM prime checking: check for more errors
2021-06-08 08:06:37 -07:00
9497c74283
Merge pull request #4081 from strongX509/master
...
SHA3-based RSA signatures require SHA-3 hash OIDs
2021-06-08 07:46:18 -07:00
0186d19aba
Fix some coding style issues.
2021-06-08 16:25:28 +09:00
6d1981abd1
Do not directly include psoc6 port header to prevent loops
2021-06-08 08:24:43 +02:00
88322b82a5
Merge pull request #3871 from julek-wolfssl/openvpn-master
...
OpenVPN additions and fixes
2021-06-08 13:54:14 +10:00
194b494741
Merge pull request #4034 from embhorn/zd12261
...
Fix declarations for EVP_VerifyFinal and RSA_private_encrypt
2021-06-08 12:15:30 +10:00
b3352648dd
Merge pull request #4097 from guidovranken/blake2-init-key-fixes
...
Check return value in BLAKE2 key init functions
2021-06-08 11:54:29 +10:00
8ee1dda2f9
Merge pull request #4001 from dgarske/time_long
...
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
2021-06-08 11:17:55 +10:00
23d733f837
Merge pull request #4063 from guidovranken/zd12328
...
Fix length calculations in Base64_SkipNewline
2021-06-08 10:55:15 +10:00
c726cddf1b
session_ticket: Add separate member to track compatCb
...
This resolves an error:
`ISO C forbids conversion of object pointer to function pointer type`
Instead of casting the function pointer, the extra
member contains the function pointer.
2021-06-07 15:42:38 -07:00
5c01613acb
Add GCC extension to bypass select -pedantic warnings
...
Add wrapper macro for `__extension__` to suppress pedantic warnings
2021-06-07 15:38:15 -07:00
9fadc21e0f
add version print out
2021-06-08 04:18:22 +07:00
3e307aa626
Merge pull request #4091 from JacobBarthelmeh/Testing
...
add strict check on signature length
2021-06-07 11:02:02 -07:00
4e318ade36
In wc_PBKDF1_ex, break out of outer loop on error
2021-06-07 16:21:02 +02:00
f97ca1c1ca
adjust test case and add useful comments
2021-06-07 19:44:05 +07:00
e76ae2b8ac
Certs: fix leak when multiple hardware names in SAN
...
Can only be one hardware name in SAN as this indicates the certificate
is for verifying signatures created by hardware module.
2021-06-07 12:02:23 +10:00
96b7b193d7
Check return value in BLAKE2 key init functions
...
If built with smallstack, allocations in `blake2s_update` and `blake2b_update` may fail,
so the error must be propagated.
2021-06-07 03:34:44 +02:00
bd7b57783d
Remove excess space characters
2021-06-07 03:20:16 +02:00
898b9d5e24
Merge pull request #4084 from dgarske/sp_math_keygen
...
Fix for building SP small math only (no DH) with key generation
2021-06-07 10:48:01 +10:00
29968716ea
MSVC, ARM64 - correct 64bit detection
...
Fixes https://github.com/wolfSSL/wolfssl/issues/4095
2021-06-06 23:30:27 +02:00
1af3f482cb
Catch allocation failure in ASNToHexString
2021-06-06 19:52:15 +02:00
1606746d2d
a return of zero from callback as no psk available
2021-06-06 11:53:02 +09:00
8cb576009d
Improve bounds check in EncodePolicyOID
2021-06-06 04:07:02 +02:00
a1257429bd
Improve checking of XSNPRINTF return value in DecodePolicyOID
2021-06-06 03:54:15 +02:00
76e0a8666b
Catch allocation failure in DecodeResponseData
2021-06-06 03:12:53 +02:00
5d33161032
Fixes for RSA keygen with SP (no DH). Thanks Sean.
2021-06-04 13:32:59 -07:00
c245c4a812
add strict check on signature length
2021-06-05 03:09:33 +07:00
9ef43c5aff
add dynamic setup of entropy delay on init
2021-06-05 00:41:10 +07:00
d7117cd8bb
Merge pull request #4089 from danielinux/psoc6-sha-fixes
...
psoc6_Crypto port: fixes to sha256/sha512 objects
2021-06-04 09:16:42 -07:00
a5a4925370
Fixed sha256 and sha512 interface for psoc6 crypto module
2021-06-04 13:22:17 +02:00
588a424d8d
Change magic number 100 bytes to an enum define
2021-06-04 11:27:57 +02:00
961773b384
Merge pull request #4079 from lealem47/PKCS12UnitTest
...
Pkcs12 unit test
2021-06-03 16:07:54 -06:00
21060afb80
Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error.
2021-06-03 10:56:54 -07:00
66c7acb076
add use of heap hint for malloc
2021-06-03 23:38:30 +07:00
195ca2b3f0
Add corner test cases for EVP_EncodeFinal and EVP_DecodeFinal
2021-06-03 20:02:48 +09:00
eb63ab19e2
Fix for mp_mulmod with NXP LTC.
2021-06-01 16:33:58 -07:00
6cfb982740
Merge pull request #3981 from miyazakh/qt_oslext_cnf
...
Added compatibility layer API
2021-06-01 15:25:37 -06:00
72fc7e62b8
Fixed spacing
2021-06-01 14:47:51 -06:00
0caf3ba456
SHA3-based RSA signatures require SHA-3 hash OIDs
...
The SHA-3 ASN.1 OIDs are defined by NIST under the
nistalgorithm/hashAlgs node.
2021-06-01 22:02:23 +02:00
a27cdc538a
Fix typo
2021-06-01 13:30:32 -06:00
3a9c6ea924
fix FIPS v2 check ($ENABLED_FIPS not set for v2)
2021-06-01 13:29:39 -06:00
94831eadf1
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-01 11:38:17 -06:00
03a5395b53
Fixed casting issue
2021-06-01 09:46:30 -06:00
69cf5ef266
Chage to use WOLFSSL_SESSION.bornON instead of WOLFSSL_SESSION.timestamp to hold the ticket creation time.
2021-06-01 15:30:07 +09:00
5f7477980c
Add session ticket timeout check in DoSessionTicket
2021-06-01 00:09:50 +09:00
2db233d10e
Added wolfssl_PKCS12_verify_mac testing in test_wolfSSL_PKCS12() function in api.c
2021-05-28 16:33:46 -06:00
15931fa199
Merge pull request #4060 from kojo1/encrypt_len
...
FP_MAX_BITS for ENCRYPT_LEN
2021-05-28 15:55:58 -06:00
ab07c55609
check on hmac free and add else if case for check if key is 0's
2021-05-28 16:27:54 +07:00
9fff404313
Merge pull request #4073 from TakayukiMatsuo/tk12138
...
Add calling wc_FreeMutex for globalRNGMutex
2021-05-28 16:11:00 +10:00
c69665b999
ECDSA FP ECC: fix corner case
...
When the same table is used for both base point and public point (which
is not a valid thing to do) then a corner case occurs when the table
point can be added to the same point. This has to be a double operation
instead.
The table point isn't able to be doubled as it has a z-ordinate of 0 and
the original point is overwritten with the invalid add result.
Fix this case by:
- copying the table point into the result,
- setting z-ordinate to Montgomery form of 1,
- double the result point in place.
2021-05-28 13:06:20 +10:00
54dba6a2f2
Add calling wc_FreeMutex for globalRNGMutex
2021-05-28 11:19:40 +09:00
3deb635155
skip memory callback tests with STATIC_MEMORY and LINUXKM
2021-05-27 14:46:45 -07:00
7a98c517e4
Fixes for some -pedantic errors
...
Some of the API with callbacks may not be compatible with pedantic
2021-05-27 14:46:45 -07:00
252971aad7
better comments on RFC steps and fixes for combining code blocks, fix for check on sign_k value
2021-05-27 17:27:15 +07:00
4e88521a90
SP C ECC: mont sub - always normalize after sub before check for add
2021-05-27 11:08:05 +10:00
6bf9a887e1
ECC FP: cached doesn't work when order has more bits than prime
...
Small curves that are not commonly used do not work with scalars that
are the length of the order when the order is longer than the prime.
The table is generated based on modulus length not order length.
Simple fix is to not allow these curves to be used with FP_ECC.
Order isn't passed into the pseudo-public APIs.
2021-05-27 09:53:03 +10:00
1fe445368c
Merge pull request #4069 from guidovranken/zd12349
...
Several ASN decoder fixes
2021-05-26 16:13:54 -07:00
d1e3be1f43
Replace return code from literal to value
2021-05-27 06:20:34 +09:00
1fbc3dc2d4
Heap-allocate additional CertStatus structs in DecodeResponseData
2021-05-26 21:41:47 +02:00
cfef249041
Several ASN decoder fixes
...
See ZD 12349
2021-05-26 20:15:32 +02:00
88370285cc
Add an API function wc_DecryptPKCS8Key to handle decrypting a DER, PKCS#8
...
encrypted key.
2021-05-26 10:48:14 -07:00
5e4e73d6e9
Add an API function wc_EncryptPKCS8Key to handle encrypting a DER,
...
PKCS#8-formatted key.
There's already a function wc_CreatePKCS8Key, but this only creates the
unencrypted PKCS#8 key. TraditionalEnc exists, which takes a non-PKCS#8 key,
converts it to PKCS#8 format, and encrypts it, but this function isn't in the
public-facing API. I've modified TraditionalEnc to use wc_EncryptPKCS8Key after
wc_CreatePKCS8Key. wc_EncryptPKCS8Key is essentially the encryption portion of
TraditionalEnc moved out into its own function. wc_EncryptPKCS8Key will be in
the API going forward so that users can do PKCS#8 encryption without relying on
the non-API TraditionalEnc. Next, I'll be adding a corresponding
wc_DecryptPKCS8Key to handle decryption.
2021-05-26 10:48:11 -07:00
8bf2cbf55e
Fix for NXP LTC to not modify incoming math variables (use temp). Added build option for testing/validation of the LTC math operation.
2021-05-26 10:30:47 -07:00
0d3530b45d
Cleanup NXP LTC logic.
2021-05-25 16:49:58 -07:00
c59349c7a7
Fix for ecc_map, which is handled in hardware. Fix for NXP LTC mp_mul N value. Fix for MMCAU cast warnings.
2021-05-25 15:58:22 -07:00
63ac9decfc
Added error response checking for NXP LTC LTC_PKHA_ModMul. Isolated the result C to it's own variable.
2021-05-25 15:58:22 -07:00
9453f83d28
Fix bad logic flow in WC_NO_RNG case.
2021-05-25 15:58:22 -07:00
64ae0a827c
Fixes for RSA with NXP LTC. The invmod function must reduce if A > B. Added RSA Key Generation acceleration.
2021-05-25 15:58:22 -07:00
41af3da0e3
Merge pull request #4057 from SparkiDev/no_tls12_pkcb
...
TLS: fix build with no TLSv12 but PK callbacks
2021-05-25 15:26:40 -07:00
360d6c8a4f
Additional fix for Base64_SkipNewline
2021-05-26 00:25:27 +02:00
3cc69ee6a0
Merge pull request #4064 from SparkiDev/evp_aes_gcm_stream_leak
...
EVP AES-GCM Streaming: must free Aes
2021-05-25 15:11:03 -07:00
1c0fd3f1c0
addressed review comments part3
2021-05-26 06:17:33 +09:00
e2284d59bf
addressed review comments part2
2021-05-26 06:07:48 +09:00
ae502c7a09
addressed review comments part1
2021-05-26 06:07:48 +09:00
af67965f65
addressed jenkins failures part1
2021-05-26 06:07:48 +09:00
33e91c577f
added unit test cases for cmdline
2021-05-26 06:07:47 +09:00
394c0b5cdc
implemented CONF_cmd
2021-05-26 06:07:47 +09:00
7127dbeeec
fixes for gcc 11 compile and other whitespace
2021-05-25 12:34:04 -07:00
e1bc0c4447
EVP AES-GCM Streaming: must free Aes
...
AES streaming implementation allocates data in Aes objects, when small
stack, that needs to be freed.
Fix memory leaks in streaming test case too.
2021-05-25 15:57:09 +10:00
b7663a51b4
Fix length calculations in Base64_SkipNewline
...
ZD 12328
2021-05-25 03:52:16 +02:00
956a0f2b5f
Merge pull request #3931 from julek-wolfssl/dsa-engine
...
Add more DSA parameters support
2021-05-24 14:57:02 -06:00
399ce70aba
Merge pull request #4055 from JacobBarthelmeh/PKCS7
...
set content type parsed
2021-05-24 13:21:19 -06:00
d03ce69009
Merge pull request #4050 from julek-wolfssl/devkitpro
...
Add support for running `wolfcrypt/test/testwolfcrypt` on Dolphin emulator
2021-05-24 13:20:42 -06:00
159fe1541a
FP_MAX_BITS for ENCRYPT_LEN
2021-05-24 07:12:07 +09:00
6747055d46
TLS: fix build with no TLSv12 but PK callbacks
...
./configure '--disable-tlsv12' '-enable-pkcallbacks'
Disable non-TLS13 cipher suite test as well.
2021-05-21 10:59:23 +10:00
573c0fcba7
MP Integer: remove unsupported API prototypes
...
mp_read_signed_bin, mp_signed_bin_size, mp_to_signed_bin - not
implemented anywhere. (Removed fp versions that were commented out too.)
mp_read_raw, mp_raw_size, mp_toraw - map to unimplemented mp_*_signed_*
APIs.
2021-05-21 08:22:04 +10:00
ceadb62d5b
Add support for running wolfcrypt/test/testwolfcrypt on Dolphin emulator
2021-05-20 21:07:50 +02:00
f4959cca8d
set content type parsed
2021-05-21 01:42:10 +07:00
2c6285ccba
cppcheck: fixes from reviewing report
2021-05-20 17:55:06 +10:00
0e23d40250
Merge pull request #4038 from TakayukiMatsuo/tk12254
...
Add test cases for wc_ShaxxxUpdate funcs
2021-05-18 15:38:02 -06:00
b87af6ae89
Merge pull request #4046 from SparkiDev/coverity_1
...
TFM: get returned error to act on
2021-05-18 14:26:04 -05:00
687736fd56
Merge pull request #4047 from elms/automake_branch_switch
...
make: fix timing error when switching between revisions
2021-05-18 13:50:46 -05:00
9661677d4d
Merge pull request #4041 from SparkiDev/tls13_psk_early_test_fix
...
TLS 1.3 PSK EarlyData testing
2021-05-18 10:00:03 -07:00
82981e9305
make: fix timing error when switching between revisions
...
On switching over revision that added server target specific CFLAGS,
could receive: `error: #warning "For timing resistance / side-channel
attack prevention consider using harden options"`
2021-05-18 09:43:29 -07:00
ed5b134161
TLS 1.3 PSK EarlyData testing
...
Fix test to expect 3 or 5 lines with "Early Data" (release or debug
build).
2021-05-18 15:25:12 +10:00
c1490bb91a
TFM: get returned error to act on
2021-05-18 14:30:26 +10:00
ed3a0ae694
TFM prime checking: check for more errors
...
Small stack can produce errors that were being ignored.
Checks for valid size in fp_exptmod was being ignored.
2021-05-18 08:51:55 +10:00
d8312a2e61
Merge pull request #4040 from JacobBarthelmeh/CAAM
...
add caam header files to make install
2021-05-17 12:22:41 -07:00
4a1907ae88
Merge pull request #3976 from rliebscher/Use_Renesas_RX_intrinsics_with_CC-RX_compiler
...
Renesas RX: Use intrinsics for rot[rl], revl
2021-05-17 11:05:01 -07:00
379312d23e
Merge pull request #4042 from danielinux/dcp_explicit_casts
2021-05-17 08:05:39 -07:00
58e7d5388a
Check for XREAD when XFREAD fails
...
On Windows we would always fail with `NOT_COMPILED_IN` when reading a file BIO.
2021-05-17 16:57:53 +02:00
b09df89200
NXP DCP: add explicit casts
2021-05-17 10:35:00 +02:00
efa478c121
add caam header files to make install
2021-05-15 15:42:50 +07:00
e18880f7dc
Merge pull request #4036 from SparkiDev/sp_asm_x86_64_ifdef
...
SP ASM: x86_64 asm files - protect with WOLFSSL_SP_X86_64_ASM
2021-05-14 10:35:59 -07:00
8c71fb4113
Add test cases for wc_ShaxxxUpdate funcs
2021-05-14 09:46:21 +09:00
740f200156
SP ASM: x86_64 asm files - protect with WOLFSSL_SP_X86_64_ASM
2021-05-14 09:22:41 +10:00
19526f050e
Merge pull request #4035 from JacobBarthelmeh/CAAM
...
add macro guard on debug print
2021-05-13 12:46:11 -07:00
82a2797b56
add macro guard on debug print
2021-05-13 23:58:51 +07:00
263105abec
Merge pull request #4033 from JacobBarthelmeh/CAAM
...
set partition number on key import and use ocb address for free'ing d…
2021-05-13 09:39:36 -07:00
44a9346305
Merge pull request #4025 from danielinux/hdrbg_double_include_sha256
...
Fix double include of sha256.h causing a build error
2021-05-13 09:15:51 -07:00
9eebaaf352
Fix declarations for EVP_VerifyFinal and RSA_private_encrypt
2021-05-13 10:48:49 -05:00
5865dc08dd
Code review changes
2021-05-13 15:21:33 +02:00
311c929fe2
set partition number on key import and use ocb address for free'ing dangling partitions on close
2021-05-13 17:34:30 +07:00
420a48a5aa
Removed unnecessary headers
2021-05-13 07:40:22 +02:00
563c7391ed
DCP: moved guards so code is not included when building *.c
2021-05-13 07:29:33 +02:00
6ea5254bb9
DCP refactor: do not override wc_Sha types
2021-05-12 17:11:09 +02:00
0a8996f467
Merge pull request #4028 from danielinux/freescale_rng
...
Allow use of FREESCALE hw RNG without a specific port
2021-05-12 06:41:01 -07:00
1dfde34852
Allow use of FREESCALE hw RNG without a specific port
2021-05-12 10:10:42 +02:00
f3c07e5f3f
include sha256.h when required by smallstackcache
2021-05-12 09:42:41 +02:00
8c008b81ac
random.h: removed include of sha256.h with HASHDBRG
2021-05-12 07:46:22 +02:00
8a17e6c10e
Merge pull request #4019 from dgarske/zd11435
...
ECC, SP math all: Add `wc_ecc_gen_k` arg checking. Fix SP math debug support (mp_dump)
2021-05-12 08:21:56 +10:00
c75830e2e8
Merge pull request #4011 from miyazakh/set_verify_depth2
...
fix out of bound access when peer's chain is greater than verifyDepth + 1
2021-05-11 15:38:39 -06:00
cba029a436
PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.
2021-05-11 14:35:41 -07:00
ae0591b1db
Merge pull request #4016 from miyazakh/qt_sanity_check
...
add sanity check
2021-05-11 15:06:54 -06:00
64330d468e
Merge pull request #4023 from danielinux/dcp_rt1060_fixes_aes
...
DCP port: Fixed AES, aligned key for the HW module
2021-05-11 09:55:50 -07:00
92a524820b
Merge pull request #4018 from SparkiDev/jenkins-nightly-1
...
Fixes from nightly builds
2021-05-11 09:11:42 -07:00
fce9870a64
Merge pull request #4020 from ejohnstown/options-export
...
New Option Export/Import
2021-05-11 09:10:17 -07:00
d9cc013fd2
DCP port: Fixed AES, aligned key for the HW module
2021-05-11 08:27:03 +02:00
d74b74d156
Also adjust for v3 of export, and update the API test case.
2021-05-10 18:06:31 -07:00
7e69277680
Improve SP mp_dump to use macro.
2021-05-10 16:27:06 -07:00
bab0d9bd4a
Merge pull request #4022 from dgarske/test_fix
...
Test AES CBC: Fix for the unmodified check for AesCbc test
2021-05-11 08:38:04 +10:00
db7888ceaa
Fix for the unmodified check for AesCbc test.
2021-05-10 10:04:50 -07:00
a608b083b4
Take into account a new flag in the DTLS state export and import.
2021-05-10 09:33:38 -07:00
8c91a0c6b0
Support for mp_dump with SP Math ALL.
2021-05-10 09:26:33 -07:00
f5509780c6
Add argument checking to wc_ecc_gen_k . Cleanup return codes for wc_ecc_mulmod_ex2.
2021-05-10 09:26:33 -07:00
ead656c4db
Fixes for NO_BIO related to ZD11886. Replaces PR #3888 .
2021-05-10 09:19:08 -07:00
ddbd26305f
OpenVPN additions and fixes
...
- `SSL_CTX_set_min_proto_version` now allows setting not compiled in protocols but checks that the constraints leave any compiled in protocol available
- wolfSSL_HmacCopy return already returns `WOLFSSL_SUCCESS` or `WOLFSSL_FAILURE`
2021-05-10 12:00:18 +02:00
0c1af66843
Fixes from nightly builds
...
output not read.
g++ realloc cast.
curve25519 - no fix, only format changes
2021-05-10 11:59:52 +10:00
8779c3a884
ECC: Disable ECC but have Curve25519/448 and PK callbacks fix
...
Fix ed25519 certificates.
Tidy up testsuite.c
2021-05-10 10:32:55 +10:00
07872189eb
add sanity check
2021-05-08 13:15:50 +09:00
e247161b2e
Merge pull request #3992 from embhorn/zd12169
...
Allow parsing spaces in Base64_SkipNewline
2021-05-07 14:30:24 -07:00
49717328dd
Merge pull request #4014 from haydenroche5/cmake
...
Add support for reproducible builds with CMake.
2021-05-07 15:54:01 -05:00
aa3f9f8459
Merge pull request #4013 from kabuobeid/smime_fixes
...
S/MIME: Fix issue with canonSection size when adding newlines.
2021-05-07 13:12:54 -07:00
28e2d68677
Merge pull request #4015 from embhorn/zd12221
...
Fix XMALLOC of sp_point_256 array
2021-05-07 13:11:41 -07:00
3807304243
Fixes in additional places for incorrect point heap allocation size in SP ecc_mulmod with small stack or SP no malloc.
2021-05-07 09:43:17 -07:00
0bc0e0f562
Fix XMALLOC of sp_point_256 array
2021-05-07 09:12:22 -05:00
051d1c2579
Add support for reproducible builds with CMake.
...
Unlike the autotools build, I've chosen NOT to make the build un-deterministic
if WOLFSSL_REPRODUCIBLE_BUILD is set to no (the default). Instead, I just use
whatever CMake's default is. On my system, ar and ranlib run in deterministic
mode by default, and the CMake defaults for the relevant ar and ranlib variables
are:
CMAKE_C_ARCHIVE_CREATE = <CMAKE_AR> qc <TARGET> <LINK_FLAGS> <OBJECTS>
CMAKE_C_ARCHIVE_APPEND = <CMAKE_AR> q <TARGET> <LINK_FLAGS> <OBJECTS>
CMAKE_C_ARCHIVE_FINISH = <CMAKE_RANLIB> <TARGET>
So my builds are automatically deterministic. This is normal on my system so I
wouldn't want to make them not deterministic by default, hence the decision.
I validated with md5sum on libwolfssl.a that explicitly making the build not
deterministic indeed results in different checksums across multiple runs. The
checksums are the same when flipping back to deterministic mode.
2021-05-06 23:05:33 -07:00
62bb0a8527
S/MIME: Fix issue with canonSection size when adding newlines.
2021-05-06 16:35:24 -07:00
6c131e3e8b
Fix off by 1 in rollover calculation.
2021-05-06 14:46:35 -07:00
c88afdef87
Fixes for building with WOLFSSL_USER_IO (with no built-in socket support). Related to issue #3998 .
2021-05-06 11:07:05 -07:00
1cd8bd3a94
Merge pull request #3993 from ejohnstown/actions
2021-05-06 08:32:37 -07:00
2a39f1dc5c
fixed memory leak
2021-05-06 16:55:51 +09:00
93f04543b0
fixed unit test intermittent failure
2021-05-06 15:40:24 +09:00
0539b99c86
fix boundary access when peer's chain is less than verifyDepth + 1
2021-05-06 14:54:16 +09:00
2c2f389373
set pointer to null after free
2021-05-06 12:11:52 +07:00
e185a9b7ca
reset pointer on SMIME fail case
2021-05-06 11:44:46 +07:00
4cfa6c43a5
Merge pull request #4000 from dgarske/sizeof_ctc
...
Fix for SIZEOF detection and issue with CTC_SETTINGS
2021-05-05 15:46:14 -07:00
014bd21df0
Merge pull request #3983 from tmael/tls_down
...
TLS minimum downgrade option
2021-05-05 15:38:45 -07:00
bc043ee358
Merge pull request #3980 from embhorn/gh3978
...
Fix Espressif win script
2021-05-05 15:37:04 -07:00
0b16b33de4
Merge pull request #3973 from SparkiDev/pkcs11_sign
...
PKCS#11: rework RSA operations to be clearer
2021-05-05 15:35:27 -07:00
94c0bff839
Merge pull request #3997 from tmael/minor_fixes
...
Fix test build
2021-05-04 08:51:30 -07:00
ed188903e0
Merge pull request #4007 from haydenroche5/ocsp_bug
...
Fix test_wolfSSL_CertManagerCheckOCSPResponse.
2021-05-03 16:55:52 -07:00
822aa92fcc
Fix test_wolfSSL_CertManagerCheckOCSPResponse.
...
This test broke once we went past the nextUpdate time in the static, raw OCSP
response being used. This change makes it so that response is valid until 2048.
2021-05-03 15:26:39 -07:00
6e0197e171
Merge pull request #4002 from kabuobeid/smime_fixes
...
S/MIME: Canonicalize multi-part messages before hashing. Improve error checking in wc_MIME_parse_headers.
2021-05-03 09:24:43 -07:00
9eab854c61
Revised logic along review comments
2021-05-03 07:44:04 +09:00
8071fac306
S/MIME: Add smime-test-canon.p7s to include.am
2021-04-30 15:30:55 -07:00
effcecf40d
S/MIME: Add non-canonicalized test case
2021-04-30 15:07:37 -07:00
f8ecd4b441
Fixes for building with NO_ASN_TIME. If used with TLS user must supply LowResTimer and TimeNowInMilliseconds.
2021-04-30 15:04:31 -07:00
c9634952d5
Fix to handle time rollover in TLS v1.3 diff calculation.
2021-04-30 15:04:09 -07:00
651860dce7
Merge pull request #3991 from kaleb-himes/OE6_MINOR_PORTING_CHANGE
...
Implement minor port change requested by customer
2021-04-30 14:37:35 -07:00
9e48de9d42
Merge pull request #3970 from embhorn/zd12122
...
Clarify that units of size parameters are in bits
2021-04-30 14:28:50 -07:00
fa9f1f8012
Merge pull request #3977 from embhorn/zd12136
...
Improve PSK callback doc
2021-04-30 14:26:39 -07:00
ea2e2994af
Reversing hunk in test.c for DEOS (suspect that was in error).
2021-04-30 14:21:23 -07:00
baa80284c0
S/MIME: Code review fixes
2021-04-30 14:00:59 -07:00
57e03d7e2f
Merge pull request #3961 from miyazakh/qt_oslext_pskss_cb
...
added psk session callback compatibility layer API
2021-04-30 14:26:44 -06:00
44b7dd828e
Merge pull request #3972 from TakayukiMatsuo/newindex
...
Add wolfSSL_CRYPTO_get_ex_new_index
2021-04-30 14:21:55 -06:00
3daafb47d5
Merge pull request #3982 from dgarske/atca_bool
...
Fix for ATECC on platforms where bool and int have different sizes
2021-04-30 13:59:49 -06:00
37cb24874e
Merge pull request #3994 from miyazakh/esp_rsa_hw
...
Fixed esp32 RSA hw accelerator initialization issue
2021-04-30 13:58:24 -06:00
573d51966a
S/MIME: Canonicalize multi-part messages before hashing. Improve error checking in wc_MIME_parse_headers.
2021-04-30 12:50:27 -07:00
6489d69c7c
For platforms that support limits.h or windows make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set, otherwise causes issues with CTC_SETTINGS.
2021-04-30 11:06:09 -07:00
e97692c521
Merge pull request #3926 from vppillai/vppillai-patch-2
...
Fix ATECC608A TNGTLS certificate size issue
2021-04-30 10:58:09 -07:00
751cb8f43f
Merge pull request #3974 from JacobBarthelmeh/sniffer
...
add fatal error return value for sniffer
2021-04-30 10:57:33 -07:00
1388956a35
Merge pull request #3995 from SparkiDev/sha3_align
...
SHA-3: Aligned access of 64 bit value.
2021-04-30 10:54:21 -07:00
f9a9b139ed
Fix a build err
2021-04-29 16:44:51 -07:00
1fbe0cb408
SHA-3: Aligned access of 64 bit value.
2021-04-30 08:45:05 +10:00
8ede17f337
code formating changes based on PR review.
2021-04-29 07:48:31 +05:30
f4935f52b5
clear PROT_RSA_PD bit in PORT_RSA_PD_CTRL_REG to be initialization and activate RSA accelerator
2021-04-29 09:20:16 +09:00
3aa3fc889f
Add simple push and pull-request triggered build checks.
2021-04-28 16:52:54 -07:00
985482a2ad
PKCS#11: rework RSA operations to be clearer
2021-04-29 08:42:53 +10:00
cdede0515c
Allow parsing spaces in Base64_SkipNewline
2021-04-28 10:30:16 -05:00
0b4b0193e7
Implement minor port change requested by customer
2021-04-28 08:58:23 -06:00
f652ac2a04
Removed unused macro guard.
2021-04-28 10:47:22 +09:00
a56de6361d
Removed the double-defined function.
2021-04-28 10:41:49 +09:00
c4782a7a1c
Fix macro guard for wolfSSL_CRYPTO_get_ex_new_index and get_ex_new_index.
2021-04-28 10:41:49 +09:00
9c0ff73370
Add wolfSSL_CRYPTO_get_ex_new_index
2021-04-28 10:38:53 +09:00
4063e33b02
addressed review comments p1
2021-04-28 10:08:22 +09:00
9de3fab74c
fixed jenkins failures part1
2021-04-28 10:08:21 +09:00
0e40293798
added psk session callback
2021-04-28 10:08:21 +09:00
385e0bedaa
Merge pull request #3990 from haydenroche5/ocsp_bug
...
Fix CompareOcspReqResp.
2021-04-27 17:07:58 -07:00
edb0beb9b6
Merge pull request #3969 from TakayukiMatsuo/koyo
...
Add wolfSSL_DH_get0_pqg
2021-04-27 17:52:17 -06:00
6fad8c4a57
Merge pull request #3975 from TakayukiMatsuo/resumable
...
Add implementation for wolfSSL_SESSION_is_resumable.
2021-04-27 16:45:34 -06:00
73076940af
Fix CompareOcspReqResp.
...
There was a bug in this function that could cause a match to be reported even
when the OCSP request and response in fact had a mismatch.
2021-04-27 13:54:43 -07:00
1bff411191
Merge pull request #3986 from miyazakh/qt_ctx_min_max_proto
...
add MIN/MAX_PROTO into CTX_ctrl
2021-04-27 14:54:16 -06:00
6d381a6c7f
do nothing when version is zero
2021-04-27 21:13:19 +09:00
3b070e1bd0
add MIN/MAX_PROTO into CTX_ctrl
...
add unit test for min/max proto of CTX ctrl
2021-04-27 21:13:17 +09:00
e716fcc635
do not reserve ATMEL_SLOT_ECDHE type for TNGTLS
2021-04-27 16:51:49 +05:30
c34fcf908c
code cleanup based on PR review comments
2021-04-27 12:17:23 +05:30
7e87c01a7d
Merge pull request #3987 from tmael/pss_salt
...
RSA: Fix RSA PSS padding check
2021-04-27 14:50:32 +10:00
1637bd3e02
Fix RSA PSS padding
2021-04-26 19:21:23 -07:00
b7b2347804
Merge pull request #3985 from elms/fix/dtls_no_asn
...
fix define gates for `AddFragHeaders` with DTLS
2021-04-26 15:13:59 -07:00
d20f7e7143
fix define gates for AddFragHeaders with DTLS
...
fixes build with `./configure --enable-dtls --disable-asn`
2021-04-24 07:23:50 -07:00
3502bdc8df
Merge pull request #3960 from elms/msys_build_fix
...
mingw/msys: fix build error with TFM
2021-04-23 15:56:10 -07:00
f8e9f32eb8
Add a new file
2021-04-23 15:56:09 -07:00
54b17ba465
Merge pull request #3952 from julek-wolfssl/ZD12062
...
Using `--enable-chacha=noasm` wouldn't actually enable chacha
2021-04-23 15:55:10 -07:00
40fe746710
Merge pull request #3942 from dgarske/get_static_ephemeral
...
Added API's for getting pointer to loaded static ephemeral key
2021-04-23 15:54:46 -07:00
47fe114a02
Merge pull request #3901 from dgarske/bio_read
...
Fix for BIO read callback not called
2021-04-23 15:51:38 -07:00
bbda833909
Merge pull request #3720 from elms/deos/project_files
...
DEOS: Add project files for shared library
2021-04-23 15:44:33 -07:00
91e90f7a98
Merge pull request #3604 from haydenroche5/stunnel
...
Make changes to get latest verison of stunnel (5.57) working with wolfSSL.
2021-04-23 15:41:22 -07:00
c3fefc6e27
Merge pull request #3889 from douzzer/network-introspection
...
--enable-wolfsentry
2021-04-23 15:38:01 -07:00
0c16ef4b29
Check for TLS downgrade
2021-04-23 14:45:35 -07:00
fa353b1ee0
Fix for ATECC on platforms where bool and int have different sizes. Related to issue #3971
2021-04-23 11:15:36 -07:00
33f9f98569
Deos: fixup readme
2021-04-23 10:15:23 -07:00
2b6f623777
Add implementation for wolfSSL_SESSION_is_resumable.
2021-04-23 11:12:20 +09:00
c442841e4a
Fix some along review.
2021-04-23 10:53:22 +09:00
d22ed7443b
Fix unit test.
2021-04-23 09:47:24 +09:00
568c09bcde
Add guard to the unit test
2021-04-23 09:47:24 +09:00
63826e227b
Add wolfSSL_DH_get0_pqg
2021-04-23 09:47:24 +09:00
878e0006ad
Merge pull request #3965 from miyazakh/qt_oslext_epk_param_ck
...
added wofSSL_EVP_PKEY_param_check for compatibility layer API
2021-04-22 15:43:47 -06:00
a83c6c68fe
Merge pull request #3940 from miyazakh/qt_v5p15p2_r3
...
Added compatibility layer API for Qt5.15.2 part2
2021-04-22 15:36:20 -06:00
cb02f46fec
Fix Espressif win script
2021-04-22 16:20:34 -05:00
3c0a77485e
Improve PSK callback doc
2021-04-22 10:47:46 -05:00
fa98477f22
Renesas RX: Use intrinsics for rot[rl], revl
...
For byte order reverse and rotation we have builtins
in the CC-RX compiler.
Especially when rotating registers with fixed amounts
this can be compiled efficiently into opcodes with
embedded values for shift (without needing other registers).
2021-04-22 16:44:19 +02:00
14ddfa6894
add fatal error return value for sniffer
2021-04-22 14:28:10 +07:00
9c7ee3fa64
examples/server/server.c: when TEST_IPV6, set the remote address to IPv6 localhost for wolfsentry_route_insert_static().
2021-04-22 00:20:12 -05:00
1650e8b88a
ssl.c: add back missing line continuation backslash.
2021-04-21 17:45:08 -05:00
0cf9bacf1b
WOLFSSL_WOLFSENTRY_HOOKS/HAVE_EX_DATA*: refactor wolfSSL_CRYPTO_cleanup_ex_data() to take only one arg (the WOLFSSL_CRYPTO_EX_DATA *); fix preprocessor gates on wolfSSL_set_ex_data() and wolfSSL_X509_get_ex_new_index(); fix line lengths.
2021-04-21 17:34:47 -05:00
40d5aad8fe
configure.ac: improve dynamics of --enable-wolfsentry and --with-wolfsentry*, including existence-checking user-supplied paths.
2021-04-21 17:28:27 -05:00
67277d13cd
Merge pull request #3937 from elms/intime/dir_pre_intimever6
...
INTIME: support CRL for INTIME version < 6
2021-04-21 10:42:33 -07:00
0afcd4227b
ssl.c/internal.c: refactor _EX_DATA_CLEANUP_HOOKS cleanup in _free() routines to use a common wolfSSL_CRYPTO_cleanup_ex_data() routine; remove superfluous WOLFSSL_API qualifiers in ssl.c.
2021-04-21 12:20:56 -05:00
89d7f4faf3
tests/api.c: add missing void arglists.
2021-04-21 03:22:10 -05:00
660e64cdff
examples/server/server.c: clean up wolfsentry printfs.
2021-04-21 03:19:55 -05:00
c874d9259c
configure.ac: add --with-wolfsentry option.
2021-04-21 03:19:35 -05:00
23b5447050
Qt v5.15 requires greater than version 1.1.1
2021-04-21 17:01:06 +09:00
cb976db02b
server.c: update for wolfSentry API changes.
2021-04-20 23:59:58 -05:00
6175e11156
server.c: update wolfsentry_init() usage (hpi pointer).
2021-04-20 23:59:58 -05:00
23d8df720e
remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS.
2021-04-20 23:59:58 -05:00
4458ed37c1
fix a couple stray WOLFSSL_NETWORK_INTROSPECTION gates that needed to be WOLFSSL_WOLFSENTRY_HOOKS.
2021-04-20 23:59:58 -05:00
2a05fcb59a
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-20 23:59:57 -05:00
1cbe696716
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-20 23:59:57 -05:00
734860f535
WOLFSSL_NETWORK_INTROSPECTION WIP
2021-04-20 23:59:57 -05:00
ba2cc00e5d
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-04-20 23:59:57 -05:00
38ff193368
Merge pull request #3962 from julek-wolfssl/dtls-allow-future
...
Change default DTLS future packet behaviour
2021-04-20 17:32:42 -07:00
6e7b43056d
Merge pull request #3956 from dgarske/zd12010
...
Fix in sniffer for possible use of uninitialized variable
2021-04-20 17:29:46 -07:00
9d387b13d0
Merge pull request #3938 from julek-wolfssl/dtls-mtu
...
Refactor DTLS MTU logic
2021-04-20 17:18:12 -07:00
d3b41a2fed
addressed review comments p1
2021-04-21 09:10:32 +09:00
2f5b280d6c
fixed jenkins failure part1
2021-04-21 07:53:19 +09:00
e063984d17
added EVP_PKEY_param_check
2021-04-21 07:53:18 +09:00
b37f1ac0c0
addressed review comments part1
2021-04-21 07:39:13 +09:00
bca3cd1d49
fix jenkins failures
2021-04-21 07:39:12 +09:00
89b5b90be6
added compatibility layer API stub for Qt 5.15.2
2021-04-21 07:39:12 +09:00
31bc2e4114
Merge pull request #3967 from embhorn/zd12116
...
PKCS#11: Add debug for failure in wc_Pkcs11_Initialize
2021-04-21 08:06:14 +10:00
b9c52729d1
Merge pull request #3959 from kaleb-himes/WINCE_settings_update
...
Update WINCE for wolfEngine and turn off MD5
2021-04-20 10:15:44 -06:00
537d33d5fa
Merge pull request #3951 from dgarske/stm32_aes_h7
...
Fix for AES GCM with STM32H7
2021-04-20 10:14:13 -06:00
f931e67cd7
Merge pull request #3946 from TakayukiMatsuo/tk11899
...
Add test cases for EVP_CIPHER_CTX_cleanup and BIO_free
2021-04-20 10:10:41 -06:00
c3aee06b23
Merge pull request #3939 from miyazakh/qt_v5p15p2_r1
...
added and modified compatibility layer APIs for Qt v5.15.2 part1
2021-04-20 10:02:27 -06:00
bd5dc0b21d
Merge pull request #3948 from miyazakh/qt_unittest_cert
...
added favourite drink pilot attribute
2021-04-20 09:50:30 -06:00
1d50962889
Clarify that units of size parameters are in bits
2021-04-20 09:28:17 -05:00
9dd5768ecc
Intime: simplify and fix stat on different directory
2021-04-19 22:34:31 -07:00
94eb096e42
Add debug for failure in wc_Pkcs11_Initialize
2021-04-19 17:53:21 -05:00
d08a2b1761
Merge pull request #3966 from SparkiDev/arm-jenkins-2
...
ARMv8 ASM AES-CBC: Fix parameter validation
2021-04-19 17:06:48 -05:00
d274c80789
ARMv8 ASM AES-CBC: Fix parameter validation
2021-04-19 16:47:34 +10:00
d7b0b97352
Merge pull request #3955 from kaleb-himes/OE18-external-to-module-changes
...
non-const versions only needed when using inlined ARM assembly in the module.
2021-04-19 09:13:11 +10:00
a26a19b4c8
Deos: rebase fix and add note about importing to readme
2021-04-16 16:35:30 -07:00
6600a531c8
Deos: project relative include paths and ignore fips files by default
2021-04-16 15:39:24 -07:00
3e6f663a38
DEOS: update readme
2021-04-16 15:39:24 -07:00
d6a29b269d
DEOS: add files to dist
2021-04-16 15:39:24 -07:00
57f4adf438
DEOS: updated memory and add DTLS
...
Tested: DDC-I 9.2.0r94156 and OpenArbor on PPC hardware
2021-04-16 15:39:19 -07:00
3da32e75ad
Correct commentary based on peer feedback
2021-04-16 15:12:35 -06:00
099f88e45b
Revert the change to test.c.
2021-04-16 12:02:04 -07:00
7cfd22304e
Fix to improve STM32 AES GCM with partial blocks. Use a local buffer for partial remainder and make sure remainder is zero'd.
2021-04-16 11:58:45 -07:00
2bc2a911d7
Change default DTLS future packet behaviour
...
This is a better default for most users. Most users who make use of DTLS, allow messages from "too far into the future". It makes sense that DTLS may lose connection for a period of time and will lose all messages from this period. Losing connection effectively stalls the wolfSSL DTLS connection.
2021-04-16 19:27:39 +02:00
70a3857ae8
Fragmentation for ServerKeyExchange and CeriticateVerify
...
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-16 17:30:51 +02:00
9553188099
Added type cast to the parm of wolfSSL_BIO_write.
2021-04-16 11:51:58 +09:00
1a4adab52e
Changed DumpElement() so that the allocated buffer is freed in the WOLFSSL_SMALL_STACK build case.
2021-04-16 10:05:48 +09:00
5955603c51
Merge pull request #3958 from TakayukiMatsuo/tk11969
...
Changed the logic for determining the group used for KeyShare in TLSX_PopulateExtensions.
2021-04-16 09:34:54 +10:00
cc0359accb
changed callback func name corresponding other cb func name convention
2021-04-16 08:20:12 +09:00
cc4116de24
mingw/msys: fix build error with TFM
...
Conditional was always true. Rule out using preprocessor.
2021-04-15 15:16:21 -07:00
38637bb276
Merge pull request #3957 from SparkiDev/sp_div_word_fix
...
SP DIV word C: Add instead of OR
2021-04-15 12:20:56 -07:00
96256a3ec1
Update WINCE for wolfEngine and turn off MD5
2021-04-15 10:27:41 -06:00
64c7830c93
Fix for possible use of invalid *sslFrame and calculated headerSz in partial case with WOLFSSL_SNIFFER_CHAIN_INPUT.
2021-04-15 09:01:11 -07:00
2db06eb3b7
Changed the logic for determining the group used for KeyShare.
2021-04-15 19:30:02 +09:00
bb75c4d610
SP DIV word C: Add instead of OR
2021-04-15 09:22:29 +10:00
d34161e482
Fix in sniffer for possible use of uninitialized length when skipPartial is set. ZD 12010
2021-04-14 15:14:14 -07:00
5a1d171236
fixed unit test failure
2021-04-14 21:25:50 +09:00
03cfc3dc8f
addressed review comments part1
2021-04-14 11:15:23 +09:00
88aed28a3f
Refactor following peer review
2021-04-13 17:28:43 -06:00
f8e7f9bf03
addressed review comment part1
2021-04-14 07:58:22 +09:00
f245ba0ca1
Merge remote-tracking branch 'upstream/master' into tk11899
...
# Conflicts:
# tests/api.c
2021-04-14 06:13:46 +09:00
21faeff478
Merge pull request #3916 from JacobBarthelmeh/PKCS7
...
fix for streaming with PKCS7
2021-04-13 14:04:06 -06:00
c129f630e2
Merge pull request #3933 from miyazakh/rand_bytes_regression
...
fix retrun code regression on RAND_bytes
2021-04-13 13:55:04 -06:00
71e2f191a6
Merge pull request #3947 from dgarske/nxp_ltc
...
Fixes for NXP LTC
2021-04-13 13:49:22 -06:00
87a2cdea31
const poisoning - gcc 4.x prefers consistency in prototypes and implementations
2021-04-13 13:29:40 -06:00
4cd3f2e826
Make changes to get latest verison of stunnel (5.57) working with wolfSSL.
2021-04-13 09:18:25 -05:00
295418fa3e
Merge pull request #3954 from ejohnstown/m1
...
M1 Update
2021-04-13 12:08:11 +08:00
54e111aa85
Update copy/paste error in comment.
2021-04-12 17:02:35 -07:00
89e4bae8d2
Fix for STM32 AES GCM decrypt to support partial (not multiple of 4) for auth tag calculation.
2021-04-12 16:57:57 -07:00
2739759072
Merge pull request #3953 from JacobBarthelmeh/build-tests
...
add option to use an engine with openssl test script
2021-04-12 13:22:52 -06:00
c6077b6767
Refactor DTLS MTU logic
...
- wolfSSL_GetMaxRecordSize will now take additional cipher data into account
- The set MTU size is understood as the maximum size of a DTLS record. The WOLFSSL_MAX_MTU was adjusted to account for UDP/IP headers.
2021-04-12 21:01:15 +02:00
74df158c5c
Update the check for 64-bit on the M1 to filter out other ARM processors.
2021-04-12 11:18:52 -07:00
021c22c038
Merge pull request #3950 from embhorn/zd11850
...
Fix build error with NO_PKCS12
2021-04-12 10:46:45 -07:00
0f1a702f58
Merge pull request #3949 from JacobBarthelmeh/StaticAnalysisTests
...
remove dead code, variable gn will currently always be null
2021-04-12 10:26:02 -07:00
501de37cad
fixed memory leak in unit test
2021-04-12 18:34:07 +09:00
ad6f8e4246
added and modified compatibility layer APIs for Qt v5.15.2 part1
2021-04-12 18:34:07 +09:00
4a7434a56d
add missing ret checks
2021-04-12 16:33:14 +08:00
160faa851c
add deterministic k generation for ECC sign
2021-04-12 16:33:14 +08:00
d44549fd77
only update OPENSSL_ENGINE_ID if already set
2021-04-12 01:47:01 -06:00
7345b2418b
Merge pull request #3944 from guidovranken/zd12039
...
Account for sp_sqr failure in _sp_exptmod_nct
2021-04-12 11:03:38 +10:00
0197e133b1
Merge pull request #3929 from hicksjacobp/tls13-cbclientcert
...
fix: call CBClientCert for TLS 1.3 certificate requests
2021-04-12 09:25:22 +10:00
ee22d27cf8
add sanity check that engine can be loaded
2021-04-11 20:48:18 +07:00
c34025b186
add option to use an engine with openssl test script
2021-04-11 20:06:13 +07:00
8538869d33
Added runtime checking for LTC big integer buffer sizes.
2021-04-09 15:51:57 -07:00
070dfad07a
Fix for NXP LTC ECC public key computation broken in PR #2859 for contstant time changes.
2021-04-09 15:51:30 -07:00
04cc48b810
Merge pull request #3935 from miyazakh/x509_store_ex_data
...
add X509_STORE_get/set_ex_data
2021-04-08 21:51:03 -05:00
a4ebeac932
fix minor typo in function return comment
2021-04-08 16:37:16 -06:00
18eca4deff
INTIME: fix check returns Find{First,Next,Close} for version <6
2021-04-08 10:23:26 -07:00
beff4daf7e
Refactor wolfSSL_BIO_BASE64_write to simplify its logic
2021-04-08 19:11:55 +02:00
07022eebe7
Add a OPENSSL_EXTRA guard to call SSL_get_early_data_status
2021-04-09 01:10:45 +09:00
f298bb9f22
Peer review feedback.
2021-04-08 08:06:45 -07:00
424d97ca3d
Merge remote-tracking branch 'upstream/master' into tk11899
...
# Conflicts:
# src/ssl.c
2021-04-08 23:59:51 +09:00
bc7191ca4c
Added test cases for NULL-parameter
2021-04-08 23:11:00 +09:00
d8dd69cf44
Using --enable-chacha=noasm wouldn't actually enable chacha
2021-04-08 12:46:05 +02:00
3b9e7942ea
Merge pull request #3908 from embhorn/zd11866
...
Sanity check size in TLSX_Parse
2021-04-07 16:34:56 -07:00
b3177ffc17
Merge pull request #3945 from dgarske/ecc_nomalloc
...
Improve ECC with `WOLFSSL_NO_MALLOC`
2021-04-07 16:29:13 -07:00
418e5b46d6
Merge pull request #3934 from SparkiDev/armv8-asm-sha256-fix
...
ARMv8 SHA-256: recalc data in SHA256 update
2021-04-07 16:22:27 -07:00
86fe77d776
Merge pull request #3924 from dgarske/sp_math_all
...
Sp math all fixes
2021-04-07 16:21:58 -07:00
de8653be35
Merge pull request #3941 from JacobBarthelmeh/Compatibility-Layer
...
add implementation of EC_KEY_set_group
2021-04-07 16:20:50 -07:00
9e9506c260
Merge pull request #3919 from JacobBarthelmeh/StaticAnalysisTests_2
...
Static analysis tests 2
2021-04-07 16:18:37 -07:00
acf1a9833b
Fix for AES GCM with STM32H7 to use crypto hardware in all cases except IV size != 12.
2021-04-07 15:51:50 -07:00
ef69a9b458
Fix build error with NO_PKCS12
2021-04-07 15:36:35 -05:00
4747ba9ccb
Fix for BIO base64 write valgrind issue.
2021-04-07 12:23:26 -07:00
f16136c29b
remove dead code, variable gn will currently always be null
2021-04-07 20:56:50 +07:00
8e6710e030
added favourite drink pilot attribute
...
fix OCSP authority access info
2021-04-07 18:44:32 +09:00
7da85c6f3f
Merge remote-tracking branch 'upstream/master' into tk11899
2021-04-07 12:01:39 +09:00
786bbabbdc
Improve ECC with WOLFSSL_NO_MALLOC
...
Tested with `./configure --enable-cryptonly --disable-examples --disable-rsa --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DBENCH_EMBEDDED" && make check`.
All ECC operations can work now with WOLFSSL_NO_MALLOC and variables will be on stack.
ZD 11829
2021-04-06 15:31:40 -07:00
779dabc04e
Cleanups to KSDK port for LTC.
2021-04-06 13:50:33 -07:00
f4e1d96cfc
Fixes for building K82. Fixes for warning with const mp_int* k changes.
2021-04-06 11:38:05 -07:00
4eb8265c46
add ecc guard on test case
2021-04-06 20:01:15 +07:00
0a05acff09
Add test cases for EVP_CIPHER_CTX_cleanup and BIO_free
2021-04-06 14:21:53 +09:00
52e6ff7c56
Account for sp_sqr failure in _sp_exptmod_nct
...
ZD 12039
2021-04-06 01:34:09 +02:00
5ebe5d071f
Fixes for wolfSSL_BIO_BASE64_write changes.
2021-04-05 14:35:47 -07:00
1a9d59c185
front may be unused and generate a warning
2021-04-05 14:35:47 -07:00
d257cf5003
Return error when using not compiled in BIO
...
Refactor base64 BIO write into static function
2021-04-05 14:35:47 -07:00
5b751d9eaa
Fix for possible unused label "exit_chain".
2021-04-05 14:35:47 -07:00
8984ce03e9
Refactor BIO read/write to use switch.
2021-04-05 14:35:47 -07:00
072e6e010c
Handle the BIO want read in BioReceive.
2021-04-05 14:35:47 -07:00
5c762afb94
Fix for BIO with callbacks not called after PR #3824 (was always returning WANT_READ).
2021-04-05 14:35:47 -07:00
e13c93d493
Added API's for getting pointer to load static ephemeral key.
2021-04-05 13:40:48 -07:00
6b46669641
Merge pull request #3917 from embhorn/zd11959
...
Sanity check sockfd max value
2021-04-05 11:50:13 -07:00
7935b7c485
Merge pull request #3920 from SparkiDev/sp_int_ullong
...
SP int: Handle ULLONG_MAX not being defined
2021-04-05 11:48:38 -07:00
53d97d1961
Fix for DSA only case and missing sp_read_radix
2021-04-05 11:43:21 -07:00
24d8e1b104
SP math all edge cases without RSA.
2021-04-05 11:31:55 -07:00
eb37953061
Fix for WOLFSSL_SP_MATH_ALL typo. Plus a few other minor ones.
2021-04-05 11:31:55 -07:00
63c96c3585
add implementation of EC_KEY_set_group
2021-04-05 22:22:31 +07:00
9a86f133c8
additional fixes for reports with test cases
2021-04-05 21:26:52 +07:00
71fea2bdd1
initialize hash size variable to 0 in the case that getting the digest size returns 0
2021-04-05 21:26:52 +07:00
4e8769ba6b
initialize variable
2021-04-05 21:26:52 +07:00
39f34ef88b
check return values
2021-04-05 21:26:52 +07:00
1c3ba77bee
remove dead code path
2021-04-05 21:26:52 +07:00
fdb3221ea7
check variable is not null before use in error case
2021-04-05 21:26:52 +07:00
b4c0301f57
add sanity check on serial size
2021-04-05 21:26:52 +07:00
9ea60db80a
add free of bio in error case
2021-04-05 21:26:22 +07:00
4ead19e21f
check return value of hash digest size
2021-04-05 21:26:22 +07:00
75abeebaf7
free memory in test case
2021-04-05 21:26:22 +07:00
97b83a2550
free PKCS7 structure on error case
2021-04-05 21:26:22 +07:00
141d1cb5af
fix for potential leak on fail case
2021-04-05 21:26:22 +07:00
379e1fb630
INTIME: support CRL for INTIME version < 6
2021-04-01 11:15:23 -07:00
c5b6d20483
Add more DSA parameters support
...
- Implement wc_DsaParamsDecode and wc_DsaKeyToParamsDer
- Don't include NIDs without OpenSSL builds
2021-04-01 19:47:09 +02:00
ea0f4580de
add X509_STORE_get/set_ex_data
2021-04-01 17:06:02 +09:00
e3c86f8f77
ARMv8 SHA-256: recalc data in SHA256 update
2021-04-01 17:01:21 +10:00
fd94d05b0a
Merge pull request #3932 from guidovranken/zd12012
...
MP integer.c: Use unsigned integers in mp_is_bit_set
2021-04-01 15:41:01 +10:00
b8684f3f7e
fix retrun code regression on RAND_bytes
...
fix jenkins fail
2021-04-01 13:35:50 +09:00
2ecaa3c4c6
Use unsigned integers in mp_is_bit_set
...
ZD 12012
2021-04-01 00:57:06 +02:00
95b91d8913
Merge pull request #3886 from DKubasekRA/fix/RA/v4.7.0-coverity
...
RA - Fixes for Coverity issues
2021-03-31 10:41:54 -07:00
49b29bec32
Merge pull request #3930 from JacobBarthelmeh/Testing
...
add link to wolfssl-examples repository in README
2021-03-31 10:10:44 -07:00
38cec4b0d4
Merge pull request #3922 from dgarske/have_secret
...
Expose functions to get client/server random for have secret callback
2021-03-30 16:03:57 -07:00
f7046ca12a
Merge pull request #3906 from douzzer/AES-BAD_ALIGN_E-consistency
...
Adds optional AES CBC length checking
2021-03-30 16:01:29 -07:00
4d1ad6acd6
Merge pull request #3885 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis fixes for items listed as high priority
2021-03-30 16:00:03 -07:00
4044b30363
Merge pull request #3915 from TakayukiMatsuo/os_ecdh
...
Add unit tests for OpenSSL compat APIs
2021-03-30 16:18:16 -06:00
dfb7848320
add link to wolfssl-examples repository in README
2021-03-31 01:34:14 +07:00
0ea9163253
fix: call CBClientCert for TLS 1.3 certificate requests
2021-03-30 07:25:05 -05:00
56b1406a30
Fix to call wc_FreeDhKey only after wc_InitDhKey succeeds.
2021-03-30 00:18:40 +09:00
c3fcb2e95f
Merge pull request #3923 from dgarske/armv8
...
ARMv8: do not compile code if module is disabled
2021-03-29 08:50:41 +10:00
4911977946
rename I2C address var per cryptoauthlib 3.3.0
2021-03-28 00:11:11 +05:30
ccc50714d0
Fix TNGTLS certificate size issue
...
TNGTLS devices has shown variations in the device and signer certificate sizes causing failure.
This fix makes the size query dynamic.
2021-03-28 00:02:17 +05:30
a9ff314840
Merge pull request #3912 from miyazakh/rsa_bits_
...
Added RSA_bits
2021-03-26 17:00:56 -06:00
b67f270e3d
Merge pull request #3910 from miyazakh/openssl_ext_unit_test
...
Update compatibility layer api unit test
2021-03-26 16:58:21 -06:00
a22defec50
Fix for availability of wolfSSL_SESSION_print.
2021-03-26 15:39:55 -07:00
95ff75c43d
Fix for wolfSSL_SESSION_print
2021-03-26 13:41:11 -07:00
724a415d51
Fix ARMv8 to not compile code if module is disabled
2021-03-26 13:28:15 -07:00
f65e1f1f09
Expose functions to get client/server random when HAVE_SECRET_CALLBACK is defined.
2021-03-26 13:23:00 -07:00
5f6b618e71
configure.ac: add --enable-aescbc-length-checks and add it to --enable-all; api.c: fix expected error code in WOLFSSL_AES_CBC_LENGTH_CHECKS path of test_wc_AesCbcEncryptDecrypt(); aes.c: add explanatory comment on WOLFSSL_AES_CBC_LENGTH_CHECKS to top of file.
2021-03-26 14:04:25 -05:00
5d9ee97530
WOLFSSL_AES_CBC_LENGTH_CHECKS: add gated logic to aes.c wc_AesCbc{En,De}crypt() to return BAD_LENGTH_E when input length is not a multiple of AES_BLOCK_SIZE; add gated tests of new functionality in test_wc_AesCbcEncryptDecrypt(); fix first encrypt-decrypt-memcmp in test_wc_AesCbcEncryptDecrypt() to span all of test vector and extend test vector length to be block-multiple; add ungated logic in platform-specific wc_AesCbc{En,De}crypt() routines to return with early success when blocks == 0 (also mitigates buffer overrun on short (less-than-AES_BLOCK_SIZE) input); add BAD_LENGTH_E error code; update documentation.
2021-03-26 13:40:08 -05:00
f201d65459
Merge pull request #3898 from elms/intime_rtos/crl_directory_fix
...
INTIME: add support for directory file search
2021-03-26 09:37:21 -07:00
79fa71d600
Merge pull request #3882 from TakayukiMatsuo/tk11899
...
Return code differences in wolfSSL_EVP_PKEY_cmp et al.
2021-03-26 09:36:52 -07:00
212be50a23
Merge pull request #3899 from SparkiDev/shake256_improve
...
SHA-3: Improve SHAKE256 change to support longer output
2021-03-26 09:35:52 -07:00
bb7dce8b46
Merge pull request #3921 from SparkiDev/sp_modinv_win
...
SP MSVC: movslq -> movsxd
2021-03-26 09:34:15 -07:00
f7477b932d
Add return value checks and fixed typos.
2021-03-26 17:06:14 +09:00
5456765dca
Changed API names to call in unit tests.
2021-03-26 17:05:25 +09:00
1b832bf8fa
SHA-3: Improve SHAKE256 change to support longer output
...
Added tests for 1 complete block output and longer from NIST's CAVP
tests vectors.
2021-03-26 14:59:12 +10:00
a188ef251c
SP MSVC: movslq -> movsl
2021-03-26 14:12:58 +10:00
4460180214
Fix implicit conv error.
2021-03-26 08:18:16 +09:00
08be489bf5
SP int: Handle ULLONG_MAX not being defined
2021-03-26 09:03:39 +10:00
0d995527aa
Merge pull request #3918 from dgarske/fix_ecc_mulmod_fast
...
Fix for SP ecc_mulmod_fast
2021-03-26 08:39:48 +10:00
5887c2f2e2
Fix fall through.
2021-03-26 04:45:10 +09:00
23bd46bac6
Sanity check sockfd
2021-03-25 14:40:38 -05:00
79837eeb8e
Changed the function name to be called in the unit test to the OpeSSL function name.
2021-03-26 04:30:36 +09:00
11189fe386
Sanity check size in TLSX_Parse
2021-03-25 14:16:22 -05:00
da9131d30d
Added return value checks and removed ToDec()
2021-03-26 04:14:14 +09:00
dd6db22bc6
Changed the function name to be called in the unit test to the OpenSSL function name.
2021-03-26 04:08:02 +09:00
4eb4cecff4
INTIME: whitespace fixup and zero context in wc_ReadDirFirst
2021-03-25 10:54:05 -07:00
c9b5806575
Fix for ecc_mulmod_fast broken in PR #3868 . The "t" needs 1 extra point for "rt".
2021-03-25 09:19:17 -07:00
06966a203b
Merge pull request #3914 from SparkiDev/sp_c_sub_fixes
...
SP C 32/64: fix corner cases around subtraction
2021-03-25 08:11:06 -07:00
6c7b3d806a
Fixed modifying a const value.
2021-03-25 15:36:30 +01:00
fd7131197f
Updated fix of CID 587269.
2021-03-25 13:28:47 +01:00
a472d2af4a
fix for streaming with PKCS7
2021-03-25 18:54:09 +07:00
67d4611fda
Review fixes.
2021-03-25 11:26:34 +01:00
8dcaa8c4b6
Merge remote-tracking branch 'upstream/master' into os_ecdh
...
# Conflicts:
# tests/api.c
2021-03-25 19:17:22 +09:00
952a9b3497
Add unit tests for CONT_modules_xxx, CRYPTO_set_dynlock_xxx, CRYPTO_THREADID_xxx and ENGINE_cleanup.
2021-03-25 19:02:13 +09:00
d8a81d0c0f
SP C 32/64: fix corner cases around subtraction
...
Affected RSA PSS
2021-03-25 16:19:54 +10:00
c9be50c3a0
added RSA_bits
2021-03-25 13:31:47 +09:00
03bad1c056
Added logic to wait for TCP disconnect so that SSL_read behaves the same as OpenSSL after a bidirectional shutdown.
2021-03-25 12:54:05 +09:00
8bee2af550
Merge pull request #3904 from julek-wolfssl/dtls-chacha-poly-fix
...
Chacha-Poly AEAD fix for SCR
2021-03-24 18:53:46 -07:00
64555cdd11
Merge pull request #3907 from JacobBarthelmeh/CAAM
2021-03-24 18:47:47 -07:00
662d04ce74
Merge pull request #3879 from julek-wolfssl/dtls-timeout
...
Let user inspect error in wolfSSL_dtls_got_timeout
2021-03-24 18:31:05 -07:00
f2f2976e96
Merge pull request #3837 from haydenroche5/zd11808
...
Fix for ZD 11808.
2021-03-24 18:24:04 -07:00
08ea90ad94
Merge pull request #3905 from dgarske/sp_nb_sync
...
SP ECC: Fix for non-blocking test and synchronization of changes
2021-03-25 10:35:30 +10:00
f7652d18a0
use compatibility layer API when they are enabled
2021-03-25 08:09:06 +09:00
e074513d38
fix for memory management with mmap function calls
2021-03-25 01:32:37 +07:00
183917f102
change debug message type from review
2021-03-25 01:16:20 +07:00
7f64950da4
Fixed fix of CID 576329.
2021-03-24 17:23:49 +01:00
bf1482a2d7
Fixed another CID 529732.
2021-03-24 17:05:02 +01:00
13d81f1fb9
Merge pull request #3902 from dgarske/snicb
...
Fix for SNI recv callback
2021-03-24 15:34:35 +07:00
a6851a44af
Fix for ECC non-blocking test R/S values not zero padded causing occasstional wolfCrypt test failures with ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP".
2021-03-23 17:32:36 -07:00
a6e9e71fde
Synchronization of SP ECC non-blocking code. Adds WOLFSSL_ECDSA_SET_K_ONE_LOOP support to SP ECC non-block. Removes double code in verify steps. Fixes verify result logic. Spelling error.
2021-03-23 17:30:56 -07:00
14ef517b61
Merge pull request #3884 from SparkiDev/tfm_read_bin
...
TFM read_unsigned_bin: endian may not be defined
2021-03-23 14:47:18 -07:00
d539dc59be
Merge pull request #3903 from SparkiDev/sha2_arm
...
ARMv8 SHA256, SHA512: Add wc_Sha256Transform, wc_Sha512Transform
2021-03-23 14:46:45 -07:00
1643bec05f
Merge pull request #3862 from kaleb-himes/WIN32_WCE_PORTING
...
_WIN32_WCE port of wolfCrypt - OE12
2021-03-23 14:40:48 -07:00
6134de6a22
Merge pull request #3855 from miyazakh/openssl_ext_r2
...
Compatibility layer API addition
2021-03-23 14:37:47 -07:00
ee79e1082a
Updated fix of 58787.
2021-03-23 13:19:32 +01:00
3abcdf059a
Chacha-Poly AEAD fix for SCR
...
Wrong cipher material was being used when using Chacha-Poly AEAD for DTLS 1.2 with secure renegotiation
2021-03-23 10:38:48 +01:00
089ebf277f
ARMv8 SHA256, SHA512: Add wc_Sha256Transform, wc_Sha512Transform
2021-03-23 12:53:06 +10:00
9313d59479
Fix for SNI callback
...
* Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback.
* Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI`
2021-03-22 11:28:16 -07:00
b3eb2e3ddd
Implement peer review feedback
...
Fix items that were missed from peer review
Remove dead code
Add ret capture of return from XVSNPRINTF
2021-03-22 11:55:16 -06:00
3accd4dd86
Merge pull request #3900 from JacobBarthelmeh/CAAM
...
account for leading 0's with r and s during ECC verify
2021-03-22 09:08:44 -07:00
b7ac12edb6
account for leading 0's with r and s during ECC verify
2021-03-22 18:16:21 +07:00
2e25c53111
Revert "Fixed CID 583215."
...
This reverts commit 26578be1a7
2021-03-22 09:50:20 +01:00
a8abeeb50e
Fixed CID 58787.
2021-03-22 09:47:52 +01:00
24b67599c8
Merge pull request #3896 from strongX509/wolfssl-shake256
...
Full implementation of SHAKE256
2021-03-22 09:57:05 +10:00
53c54ab475
Added bounds checks.
2021-03-21 12:30:45 +09:00
a86a638698
Fix for PRB tests.
2021-03-21 08:19:02 +09:00
6bf14dfa56
Added bounds checks, smallstack pattern.
2021-03-21 07:37:02 +09:00
a1ff026670
Revert the change of wolfSSL_EVP_CHIPER_CTX_cleanup.
2021-03-21 00:14:57 +09:00
c3e6195da5
INTIME: add support for directory file search
...
Directory support allows CRL use with undefining `NO_WOLFSSL_DIR`
Also increase stack size to avoid page fault and add
`_USE_64BIT_TIME_T` to example project to pass ASN test
2021-03-20 00:53:02 -07:00
526688a1a5
adressed review comments part 5-1
2021-03-20 14:57:26 +09:00
fae36f108e
adressed review comments part 5
2021-03-20 12:29:42 +09:00
14b7d70ae4
Merge pull request #3846 from kabuobeid/builtinEngsRandMethod
...
Add wolfSSL_RAND_set_rand_method() and document ENGINE_load_builtin_engines()
2021-03-19 14:23:03 -07:00
a0a1406a43
Merge pull request #3894 from SparkiDev/eccsi_sakke_g++
...
ECCSI/SAKKE: fix for g++
2021-03-19 14:03:06 -07:00
fc2dff0af6
Merge pull request #3895 from SparkiDev/no_dhe_psk_fix
...
TLS 1.3 PSK no DHE: When not doing PSK don't allow noPskDheKe to be set
2021-03-19 14:02:43 -07:00
19c321f165
Merge pull request #3891 from JacobBarthelmeh/PKCS7
...
adjust size when streaming with PKCS7 verify
2021-03-19 11:53:38 -06:00
761bebc4a0
Merge pull request #3893 from SparkiDev/sp_dyn_stack
...
SP dyanmic stack: WOLFSSL_SP_NO_DYN_STACK disable use
2021-03-19 10:53:02 -07:00
f49e8669cd
Merge pull request #3892 from dgarske/stm32g0
...
Adds support for STM32G0
2021-03-19 11:31:17 -06:00
6e383cf6cd
Full implementation of SHAKE256
...
The current SHAKE256 implementation squeezes output bytes only up
to the rate limit of 136 bytes. This has been fixed to support
the output of an unlimited amount of bytes complying with the
NIST FIPS 202 standard.
2021-03-19 11:13:54 +01:00
4136dcb098
Add modifications to fix following issues:
...
- bounds checks
- sanity checks
- smallstack pattern
- coding standard
- typos
2021-03-19 14:58:56 +09:00
491f3bc423
Add two public key files in certs folder and register them to gencertbuf.pl
2021-03-19 14:52:58 +09:00
62304411dd
Remove wc_EccPublicKeyDecode_ex
2021-03-19 14:48:46 +09:00
1c81afcc0a
Add wc_FreeDhKey in wolfSSL_d2i_PUBKEY
2021-03-19 14:23:40 +09:00
364e35575c
Add following modifications to unit-test:
...
- Modify reference data in test_wolfSSL_EVP_PKEY_print_public
- Remove test_wc_EccPublicKeyDecode_ex
- Rewrite test_wc_DhPublicKeyDecode to have Assert
2021-03-19 14:17:26 +09:00
300cbf7a5b
fixed NO_WOLFSSL_DIR configuration case
2021-03-19 13:13:03 +09:00
ffa6a80725
addressed review comments part 4
2021-03-19 13:13:02 +09:00
7b81ff1bc6
fixed api testing for hash dir
2021-03-19 13:13:01 +09:00
c5327866a4
addressed review comments part 3
2021-03-19 13:13:01 +09:00
84368eed3f
addressed review comment part 2 moving BY_DIR_xxx functions to internal
2021-03-19 13:13:00 +09:00
4650aaf4fb
addressed review comments part 1
2021-03-19 13:13:00 +09:00
f9c9de5855
free Mutex
2021-03-19 13:12:59 +09:00
2d79578eda
addressed jenkins failure
...
fix missing mutex initialization
2021-03-19 13:12:59 +09:00
a13784abe1
fixed jenkins failure
2021-03-19 13:12:58 +09:00
cb0f082e39
simplified wc_EncodeName*
2021-03-19 13:12:57 +09:00
e73b06e797
add comments and description to new function and API
2021-03-19 13:12:57 +09:00
39b0c4eaf8
fixed sanitize errors
2021-03-19 13:12:56 +09:00
b4a573ca98
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-03-19 13:12:55 +09:00
ce485d99b3
implemented L_FILE_LOAD case
2021-03-19 13:12:54 +09:00
e7472384c2
TLS 1.3 PSK no DHE: When not doing PSK don't allow noPskDheKe to be set
2021-03-19 12:11:30 +10:00
7cacfc53e6
ECCSI/SAKKE: fix for g++
...
Cast XMALLOC return.
2021-03-19 10:49:34 +10:00
f6840ca907
SP dyanmic stack: WOLFSSL_SP_NO_DYN_STACK disable use
...
For small code and not small stack, arrays are being defined with a size
dependent on the input parameters, where compiler supports it.
Disable this with: WOLFSSL_SP_NO_DYN_STACK
2021-03-19 09:56:56 +10:00
a688245738
Merge pull request #3868 from dgarske/sp_nomalloc
...
Fixes for SP RSA/DH with `WOLFSSL_SP_NO_MALLOC`
2021-03-19 09:41:30 +10:00
14e79a165a
Merge pull request #3880 from embhorn/cov_fixes
...
Fix resource leak
2021-03-18 15:18:38 -07:00
a363077b1e
Merge pull request #3841 from SparkiDev/aes_gcm_stream
...
AES GCM: implement streaming
2021-03-18 14:36:55 -07:00
6bf3c08634
Fixes for SP RSA/DH with WOLFSSL_SP_NO_MALLOC. Cleanup of the SP no malloc code for ECC, RSA and DH.
2021-03-18 14:00:51 -07:00
a27a61c937
Adds support for STM32G0.
2021-03-18 11:25:48 -07:00
a85e348c0e
Change void return from RAND_seed back to int.
2021-03-18 11:20:56 -07:00
5aa23424a4
wolfSSL_RAND_set_rand_method: Cleanup
2021-03-18 10:27:31 -07:00
de50209cdf
adjust size when streaming with PKCS7 verify
2021-03-18 22:52:36 +07:00
e7ad9b423f
Merge pull request #3881 from embhorn/zd11906
...
Fix der struct mem leak in AddTrustedPeer
2021-03-18 07:40:27 -07:00
89a461595f
Merge pull request #3890 from douzzer/fix-linuxkm-tls13-typo
...
src/tls13.c: fix typo introduced in commit 697d34c80d
2021-03-18 07:36:58 -07:00
360c961b48
fix for unused variable in dh.c from Jenkins test
2021-03-18 20:34:38 +07:00
a64bb8aef7
fix unused variable in test case from Jenkins test
2021-03-18 15:17:08 +07:00
717c0089c0
src/tls13.c: fix typo introduced in commit 697d34c80d.
2021-03-18 00:04:53 -05:00
832c99597c
wolfSSL_RAND_set_rand_method: Code review feedback
2021-03-17 17:02:20 -07:00
7760dcb43b
Fixes and cleanups for the openssl compatibility layer RAND_ functions. For opensslextra=x509small don't include the RAND method code. Removed abandonded "ENABLED_SMALL" option in configure.ac.
2021-03-17 15:51:52 -07:00
1477af9a22
Add wolfSSL_RAND_set_rand_method() and support for RAND_ callbacks.
2021-03-17 14:29:24 -07:00
a3be049e0e
Merge pull request #3883 from SparkiDev/sp_asm_config
...
SP config: allow asm to be an SP options (--enable-sp=asm,yes)
2021-03-17 12:53:14 -07:00
12b290cbaf
remove duplicate (deadcode) for clearing mp_int's
2021-03-17 17:34:54 +07:00
6ef905c9e3
use err goto for error out
2021-03-17 17:06:03 +07:00
2732ba2bba
check return value is not negative
2021-03-17 16:50:53 +07:00
1ca3604212
add check on init mutex return value
2021-03-17 16:42:16 +07:00
da56c33f48
add debug message on BIO write return value when printing out error nodes
2021-03-17 16:33:37 +07:00
d439694eb6
sanity check on length in wolfSSL_BN_rand
2021-03-17 13:41:27 +07:00
6995f6dedc
help out static analyizer and memset buffer created
2021-03-17 12:34:12 +07:00
48d13bbfa5
fix for leak with wolfSSL_a2i_ASN1_INTEGER
2021-03-17 12:24:18 +07:00
2dafb3ed96
TFM read_unsigned_bin: endian may not be defined
2021-03-17 12:10:06 +10:00
38d268dbbb
fixup
2021-03-17 11:31:03 +10:00
7f1e63e7f5
SP config: allow asm to be an SP options (--enable-sp=asm.yes)
2021-03-17 11:24:55 +10:00
3bd7127188
Wrap some long lines.
2021-03-17 06:58:51 +09:00
cba348dbf1
Merge pull request #3853 from SparkiDev/sp_add_d
...
SP int neg add_d/sub_d: handle small values properly
2021-03-16 14:16:01 -07:00
07807526c6
Change the following functions to behave the same as opeSSL:
...
- EVP_CIPHER_CTX_cleanup
- BIO_free
- EVP_PKEY_cmp
2021-03-17 05:47:45 +09:00
3f8444e7ea
Fix der struct mem leak in AddTrustedPeer
2021-03-16 11:57:49 -05:00
e668b9b5d6
Merge pull request #3876 from kabuobeid/sslSuitesNullCheck
...
Fix missing NULL check in FreeSuites(). Fixes #3873 .
2021-03-16 09:02:10 -07:00
df2e0905e0
Merge pull request #3874 from dgarske/cryptocb_devctx
...
Fixes for for crypto callbacks (SHA1, HMAC and CMAC)
2021-03-16 21:26:50 +07:00
9f6d1fe964
Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint
2021-03-16 15:55:51 +09:00
35659be06f
AES GCM: implement streaming
...
Updated EVP layer to use streaming API when enabled.
Assembly for x64 updated to include streaming.
2021-03-16 16:39:49 +10:00
f3900be6dc
Merge pull request #3877 from SparkiDev/sakke_eccsi_fixup
2021-03-15 20:18:09 -07:00
9fd8fde714
Add fixes along the review commnents.
2021-03-16 11:55:18 +09:00
9caf366a25
SP x86_64 asm: put back in lost fixes
...
Corner case for P-256.
ModInv P-256 AVX2 fix carry and use movslq for clang.
Get entry P-384 non-AVX2 don't assume table data is aligned.
2021-03-16 11:08:34 +10:00
6fc0440904
SP int neg add_d/sub_d: handle small values properly
2021-03-16 10:22:48 +10:00
5c82ef9420
Merge pull request #3858 from julek-wolfssl/x509-set-pub-key
...
wolfSSL_X509_set_pubkey fix
2021-03-15 17:19:30 -07:00
5c4c101ac5
Merge pull request #3863 from JacobBarthelmeh/Testing
...
fix for wolfSSL_ASN1_TIME_adj set length
2021-03-15 17:17:33 -07:00
1b8c0c73a9
Merge pull request #3851 from SparkiDev/sp_read_bin_align
...
SP int: read_unsigned_bin and BIG_ENDIAN
2021-03-15 17:12:23 -07:00
3ac03d3d66
Merge pull request #3805 from JacobBarthelmeh/copyright
...
update copyright date to 2021
2021-03-15 16:16:50 -07:00
5fd0950a3a
Merge pull request #3654 from SparkiDev/sakke_eccsi
...
ECCSI and SAKKE: add support
2021-03-15 16:15:59 -07:00
46b3beeccd
Fix missing NULL check in FreeSuites(), with OPENSSL_ALL enabled, this was causing a segfault in when freeing a WOLFSSL object created with wolfSSL_write_dup().
2021-03-15 16:15:21 -07:00
0fa39a04dc
Let user inspect error in wolfSSL_dtls_got_timeout
2021-03-15 19:00:11 +01:00
2e247cc176
Merge pull request #3870 from JacobBarthelmeh/Benchmark
...
fix for using devId with benchmarking ECC
2021-03-15 10:09:23 -07:00
d4d30a0078
Merge pull request #3875 from SparkiDev/sp_get_entry
...
SP x86_64 non-AVX2: Fix get_entry to no load table aligned
2021-03-15 10:00:27 -07:00
0f605b2aab
SP x86_64 non-AVX2: Fix get_entry to no load table aligned
2021-03-15 18:05:10 +10:00
e2aee302ef
Merge pull request #3867 from douzzer/autoconf-2.71-gcc-10.2-updates
2021-03-12 16:19:28 -08:00
7a020e4bb6
Fix for FIPS and CMAC init.
2021-03-12 14:23:34 -08:00
36f80d53aa
Fix resource leak
2021-03-12 14:57:45 -06:00
92854a5ddc
configure.ac: advance AC_PREREQ from 2.63 (2008) to 2.69 (2012) to reflect current automated testing coverage, and to avoid intractable best-practice conflicts between 2.63 and 2.70 (2020); advance AM_INIT_AUTOMAKE from 1.11 (2009) to 1.14.1 (2013) to reflect current automated testing coverage; advance LT_PREREQ from 2.2 (2008) to 2.4.2 (2011) to reflect current automated testing coverage.
2021-03-12 13:49:29 -06:00
697d34c80d
Fix for for crypto callback devCtx on symmetric algorithms (missing for SHA1 and CMAC). Fix for HMAC to use devId for hashing. Fixes for CMAC crypto callbacks and testing.
2021-03-12 11:49:25 -08:00
62ec4ef3b9
Policy Constraints Extension
...
Read the policy constraints extension from a certificate. Save the skip value but don't do anything with it at this time.
2021-03-12 10:23:23 -08:00
c5c80b67d2
wolfSSL_X509_set_pubkey fix
...
wolfSSL_X509_set_pubkey should always regenerate the key to make sure that it does not contain the private key
2021-03-12 18:13:15 +01:00
e9b39c3091
fix for using devId with benchmarking ECC
2021-03-12 21:14:20 +07:00
fa8934c5fc
Merge pull request #3861 from haydenroche5/cmake_session_ticket
2021-03-11 21:05:31 -08:00
5369c133ad
add macro guard around test
2021-03-12 11:44:09 +07:00
a20b7fae32
ECCSI/SAKKE: add loop count to generation functions
2021-03-12 13:57:53 +10:00
a55e94cf6f
ECCSI and SAKKE: add support
...
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
2021-03-12 09:31:22 +10:00
771a7418ea
fixes for compat with autoconf 2.70 and gcc-10: update m4/ax_pthread.m4 and m4/ax_tls.m4 from upstream, fix declaration syntax in tests/api.c, add AC_CANONICAL_TARGET in configure.ac, and fix two spots with bad quoting syntax in configure.ac and m4/ax_linuxkm.m4. also fix myriad whitespace flubs in api.c.
2021-03-11 17:29:12 -06:00
c091b968a3
Merge pull request #3864 from cconlon/0311
...
api.c fix for --enable-opensslall and --enable-debug
2021-03-11 14:54:40 -08:00
e93568816e
Merge pull request #3859 from TakayukiMatsuo/os_ecdh
...
Remove NO_WOLFSSL_STUB guard and add a comment to each API
2021-03-11 15:31:21 -07:00
6241d56eec
Merge pull request #3865 from haydenroche5/fix_have_aes_ecb
...
Change WOLFSSL_AES_ECB to HAVE_AES_ECB in api.c.
2021-03-11 14:12:46 -08:00
211eefa155
Change WOLFSSL_AES_ECB to HAVE_AES_ECB in api.c.
2021-03-11 14:03:54 -06:00
e184cf5c29
fix api.c build with --enable-opensslall and --enable-debug
2021-03-11 12:56:13 -07:00
1d5d946273
Cleanup user_settings.h
2021-03-11 06:39:39 -07:00
eb8b40c64a
fix for wolfSSL_ASN1_TIME_adj set length
2021-03-11 20:34:17 +07:00
b9464befb6
Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint
2021-03-11 16:21:09 +09:00
c729318ddd
update copyright date
2021-03-11 13:42:46 +07:00
fceba6eb6f
Merge pull request #3860 from julek-wolfssl/scr-hello-verify
...
SCR cookie exchange shouldn't change seq and epoch numbers
2021-03-10 16:11:03 -08:00
16d55b0b86
_WIN32_WCE port of wolfCrypt - OE12
...
Add user_settings.h for OE12
Restrict LPCWSTR typecast to be WINCE specific
2021-03-10 17:02:21 -07:00
72eebd6e75
Merge pull request #3795 from JacobBarthelmeh/CAAM
...
Addition of QNX CAAM driver
2021-03-10 15:04:21 -08:00
44c5ca9d39
Merge pull request #3825 from julek-wolfssl/openssl-key-wrap
...
Implement `AES_wrap_key` and `AES_unwrap_key`
2021-03-10 15:01:51 -08:00
b081243af3
Merge pull request #3850 from SparkiDev/sp_x64_asm_fixes
...
SP ECC: Fix P-256 modinv for AVX2
2021-03-10 14:57:17 -08:00
385ef17099
Merge pull request #3852 from SparkiDev/mp_is_bit_set
...
MP int: fix word range check in mp_is_bit_set()
2021-03-10 14:54:58 -08:00
2b92abdd35
Merge pull request #3857 from embhorn/zd11865
...
Fix header cir ref with WPAS
2021-03-10 14:54:50 -08:00
0bcde126d9
Merge pull request #3791 from TakayukiMatsuo/ZD11641
...
Causes SSL_CTX_load_verify_locations and X509_LOOKUP_load_file to return zero on failure if WOLFSSL_ERR_CODE_OPENSSL is defined
2021-03-10 14:54:14 -08:00
40b5d94db8
Merge pull request #3848 from JacobBarthelmeh/Testing
...
sanity check on size before compare
2021-03-10 15:18:44 -07:00
0403990cc8
Add support for session tickets in CMake.
...
Additionally, ensure duplicate definitions don't make it into options.h.
2021-03-10 11:48:59 -06:00
26fb658206
SCR cookie exchange shouldn't change seq and epoch numbers
2021-03-10 18:34:09 +01:00
0e699ff046
Remove NO_WOLFSSL_STUB guard and add a comment to each wolfSSL_set_dynlock_xxx API.
2021-03-11 00:04:17 +09:00
4ad1b52108
Merge pull request #3824 from julek-wolfssl/ssl-bio-use-chain
...
WOLFSSL_BIO_SSL BIO should use remaining chain for IO
2021-03-10 18:21:09 +07:00
28ae8e3e11
add include file for getting WOLFSSL_CAAM_DEVID in test case
2021-03-10 17:27:40 +07:00
d7838155e5
WOLFSSL_BIO_SSL BIO should use remaining chain for IO
...
This is accomplished by passing the next BIO in the chain in to the `wolfSSL_set_bio` API.
2021-03-10 10:13:42 +01:00
ce62a24325
Merge pull request #3856 from embhorn/gh3849
...
Typo in client example
2021-03-09 15:49:30 -08:00
f421f949c9
Fix header cir ref with WPAS
2021-03-09 17:09:04 -06:00
23396a94c4
Merge pull request #3822 from TakayukiMatsuo/os_ecdh
...
Add CTX_set_ecdh_auto
2021-03-09 15:15:38 -07:00
fd6618170d
Merge pull request #3843 from julek-wolfssl/dtls-reset-seq-num
...
Correctly move the Tx sequence number forward
2021-03-09 13:06:04 -08:00
d4302cc71b
Correctly reset the Tx sequence number
...
All DTLS records after the ClientHello should try to start from the sequence number of the ClientHello if it is available.
2021-03-09 18:30:10 +01:00
9f9bf7345b
Fixed CID 13482
2021-03-09 15:12:31 +01:00
dc1f11666d
Fixed CID 588443
2021-03-09 14:49:30 +01:00
9e68d0d1a8
Fixed CID 586938
2021-03-09 12:30:39 +01:00
153859f2b2
Merge remote-tracking branch 'upstream/master' into os_ecdh
...
# Conflicts:
# tests/api.c
2021-03-09 12:00:15 +09:00
5e953d5968
Typo in client example
2021-03-08 17:31:12 -06:00
ff3325fcaf
SP ECC: Fix P-256 modinv for AVX2
...
modinv AVX2: do quick norm on result twice and convert 32-bit signed to
64-bit signed before adding
P-256 mont_add, mont_dbl, mont_tpl, mont_sub x64: handle mul/sqr result
being greater than modulus but not greater than 1<<256.
2021-03-09 08:42:07 +10:00
b271da2954
Fix for ZD 11808.
2021-03-08 12:23:32 -06:00
c73965b471
Merge pull request #3842 from danielinux/imx-rt1060-fixes
...
Fixed regressions in sha modules when compiling with WOLFSSL_IMXRT_DCP
2021-03-08 10:21:40 -08:00
7b2aa54044
Merge pull request #3801 from TakayukiMatsuo/os_bio
...
Add wolfSSL_BIO_tell
2021-03-08 09:56:01 -07:00
ec58765498
Merge pull request #3769 from miyazakh/openssl_ext_r1
...
Compatibility layer API addition
2021-03-08 09:54:07 -07:00
419b426a1b
MP int: fix word range check in mp_is_bit_set()
2021-03-08 15:45:04 +10:00
98683bf71c
SP int: read_unsigned_bin and BIG_ENDIAN
...
When unaligned access of sp_int_digit pointer causes segfault, define:
WOLFSSL_SP_INT_DIGIT_ALIGN
2021-03-08 15:17:12 +10:00
feeb0ceb96
Change macro name to WS_RETURN_CODE and add more comments.
2021-03-08 11:57:36 +09:00
2275c97602
check ret of lock and adjust return type
2021-03-06 14:21:44 +07:00
e497a8f589
sanity check on size before compare
2021-03-06 08:58:37 +07:00
3b768bcb5e
addressed review comments
2021-03-06 10:18:31 +09:00
5efd0bf2a4
Fixed CID 587445.
2021-03-06 00:58:39 +01:00
db275268a1
Fixed CID 581667.
2021-03-06 00:40:08 +01:00
c2629d34b5
Fixed CID 577166, 577196.
2021-03-06 00:07:37 +01:00
5841ee8efb
Fixed CID 576945.
2021-03-05 23:40:49 +01:00
7d9661d75c
Fixed CID 576884.
2021-03-05 23:24:34 +01:00
876cc9239d
Fixed CID 576574.
2021-03-05 23:16:50 +01:00
b6130513e3
Merge pull request #3844 from SparkiDev/mp_read_radix_fail
...
MP small: read radix set result to 0 on all errors
2021-03-05 12:09:38 -08:00
8428823881
Merge pull request #3840 from SparkiDev/mp_neg_fixes
...
MP: fixes for negative
2021-03-05 12:08:45 -08:00
b55e428795
Merge pull request #3826 from tmael/ecc_err
...
WOLFSSL_STATIC_MEMORY no longer requires fast math
2021-03-05 11:49:01 -08:00
af7b1bd25e
Fixed CID 587328.
2021-03-05 17:18:34 +01:00
e76da394b7
Fixed CID 587287.
2021-03-05 15:44:00 +01:00
d01d32b6ed
Fixed the fix of CID 578018
2021-03-05 14:59:18 +01:00
175fe250ba
Merge branch 'fix/RA/v4.7.0-coverity' of https://github.com/DKubasekRA/wolfssl into fix/RA/v4.7.0-coverity
2021-03-05 14:44:10 +01:00
97a9938f94
Fixed CID 584275
2021-03-05 14:43:52 +01:00
9732f6e74b
Fixed CID 587328.
2021-03-05 14:27:47 +01:00
f7fbd0fceb
Fixed CID 587287.
2021-03-05 13:35:27 +01:00
8588998234
Fixed CID 586797.
2021-03-05 12:22:59 +01:00
8539e8c170
Fixed CID 584000.
2021-03-05 12:10:40 +01:00
0caed02db7
Fixed CID 576609.
2021-03-05 12:04:30 +01:00
d2b26f66d5
Fixed CID 578018
2021-03-05 10:59:08 +01:00
ad70112fd8
Fixed CID 576268
2021-03-05 10:35:14 +01:00
d510c270cd
Fixed CID 212170.
2021-03-05 09:44:47 +01:00
6d0dbbe1c0
add IDE/QNX/README.md and add WOLFSSL_QNX_CAAM guard
2021-03-05 14:43:23 +07:00
298ebd6024
MP small: read radix set result to 0 on all errors
2021-03-05 10:02:07 +10:00
046b279ae2
MP: fixes for negative
...
sp_int.c:
- sp_addmod_ct(), sp_submod_ct(), sp_gcd() and sp_lcm() only support
positive numbers: updated comments.
- sp_mod(0, neg): fix to not add 0 and neg.
- sp_div(): set sign on rem when a is greater than d but same bit length
and fix sign setting on result when absolute values equal or
close.
- Modular exponentation functions: compare absolute values when
determining whether base needs to be reduced.
- Fix calculation of hex string when negative: add -ve nibble before
checking for need of extra 0.
- Fix size allocation in sp_mod when WOLFSSL_SP_INT_NEGATIVE defined
tfm.c:
- fp_mod(0, neg): fix to not add 0 and neg.
- fp_isone(): fixed to check for negative
- fp_add_d(): fix small stack version to support negative numbers
integer.c:
- mp_isone(): fixed to check for negative
2021-03-05 09:29:46 +10:00
896245cae7
addressed jenkins cavp test failure
2021-03-05 08:19:25 +09:00
464f82a575
addressed jenkins failure part4
2021-03-05 08:19:24 +09:00
2246ea33cc
addressed sanitize failure
2021-03-05 08:19:23 +09:00
302c6dfe11
addressed jenkins failure part3
2021-03-05 08:19:22 +09:00
9bae05525c
addressed review comments
2021-03-05 08:19:22 +09:00
5ddd2710d7
addressed jenkins failure part2
2021-03-05 08:19:21 +09:00
cd26444e01
addressed jenkins failure part1
2021-03-05 08:19:21 +09:00
5fb9aa3f9b
implemented SHA512_Transform and unit test
2021-03-05 08:19:20 +09:00
82fb498ed5
Implemented MD5 unit tests
2021-03-05 08:19:19 +09:00
525d28f38f
Implemented MD5_Transform
2021-03-05 08:19:18 +09:00
502e1458f9
Implemented SHA one shot
...
Implemented SHA_Transform
2021-03-05 08:19:17 +09:00
95cf3675e9
implemented SHA256_Transform
...
WIP SHA512_Transform
2021-03-05 08:19:17 +09:00
cb3fa8ff9e
SHA224 implementation
2021-03-05 08:19:16 +09:00
141d07e21b
addressed pre-review comments
2021-03-05 08:19:16 +09:00
e39477c531
initial implement SSL_get_early_data_status
2021-03-05 08:19:15 +09:00
44a20c8ce6
add more unit test case for load_crl_file
2021-03-05 08:19:14 +09:00
544ed32893
implemented X509_load_crl_file
2021-03-05 08:19:14 +09:00
2e223fb101
implemeted wolfSSL_CTX_get0/set1_param, and corresponding to sub-methods
2021-03-05 08:19:13 +09:00
f15450f63e
Merge pull request #3839 from cconlon/pkcs7free
...
fix PKCS7 dynamic content save/restore in PKCS7_VerifySignedData
2021-03-05 05:53:38 +07:00
19fa75c6a8
static memory no longer requires fast math
2021-03-04 14:40:14 -08:00
16f39b4e77
Fix _sp_add_d err
2021-03-04 14:40:14 -08:00
25228cb6c0
Merge pull request #3798 from dgarske/no_hash
...
wolfcrypt: Fixes for building without hash or rng
2021-03-05 08:16:34 +10:00
7983734dcb
Merge pull request #3786 from tmael/cc310_ecc_importkey
...
Add Cryptocell wc_ecc_import_x963_ex
2021-03-04 13:59:54 -08:00
53a7397418
Merge pull request #3828 from elms/test/fix_openssl_ticket_noaes
...
test: fix compile with session-ticket without AES-GCM
2021-03-04 11:15:20 -08:00
bd57e3e4cf
Merge pull request #3818 from dgarske/zd11760
...
Fix for InTime RTOS v5 random
2021-03-04 11:14:34 -08:00
b8235649ea
Merge pull request #3812 from haydenroche5/get-certs-refactor
...
Improve wolfSSL_CertManagerGetCerts.
2021-03-04 11:14:05 -08:00
0a74fbf95f
Merge pull request #3789 from fabiankeil/configure-accept-amd64
...
configure: When enabling --enable-sp-asm, accept host_cpu amd64
2021-03-04 11:11:13 -08:00
12d5c6d416
Merge pull request #3783 from haydenroche5/socat
...
Add support for OpenSSL compatibility function SSL_CTX_get_min_proto_…
2021-03-04 11:10:17 -08:00
90d45028cc
Merge pull request #3781 from fabiankeil/NO_WOLFSSL_STUB-build-fix
...
Fix build with NO_WOLFSSL_STUB
2021-03-04 11:07:26 -08:00
447b8c9318
Merge pull request #3831 from SparkiDev/sp_int_not_inf
...
SP int: define errors for backward compatability
2021-03-04 11:06:15 -08:00
ea243e0906
Merge branch 'fix/RA/v4.7.0-coverity' of https://github.com/DKubasekRA/wolfssl into fix/RA/v4.7.0-coverity
2021-03-04 18:26:20 +01:00
027f05e349
Fixed CID 583215.
2021-03-04 13:40:45 +01:00
f056601d26
Fixed CID 587549.
2021-03-04 11:16:40 +01:00
dbaf545694
Fixed CID 587348 and CID 587349.
2021-03-04 11:08:25 +01:00
86b5434dcc
Fixed CID 587342.
2021-03-04 10:45:49 +01:00
da75a4f803
Add comment to each added function and fix return value of wolfSSL_EVP_DecodedFinal
2021-03-04 18:39:47 +09:00
5043f0229a
Add comment to each added functions
2021-03-04 17:41:18 +09:00
7610e4989c
iMX-RT1060 support: Fixed missing definition of wc_Sha256Free
2021-03-04 08:34:15 +01:00
791a5b4244
iMXRT1060 support: Fixed duplicate definition of wc_InitSha & wc_ShaCopy
2021-03-04 08:33:20 +01:00
871933e3e8
Add s comment to wolfSSL_BIO_tell
2021-03-04 15:41:03 +09:00
b141c2f4f2
Add comment for each added function
2021-03-04 15:02:53 +09:00
d5cd9c4a7f
Fixed CID 591810.
2021-03-04 01:02:11 +01:00
2be80acdd3
fix PKCS7 dynamic content save/restore in PKCS7_VerifySignedData for multiPart bundles with certs
2021-03-03 16:19:58 -07:00
8c3b5c3402
Merge pull request #3838 from guidovranken/zd11824
...
Return error code from sp_cond_swap_ct
2021-03-04 08:30:19 +10:00
b383d93274
Fixed CID 582952.
2021-03-03 21:32:34 +01:00
3770d4c581
Fixed CID 577295.
2021-03-03 21:20:33 +01:00
c634c6c850
Fixed CID 577188.
2021-03-03 21:09:24 +01:00
d3314f142a
Fixed CID 576946.
2021-03-03 21:04:51 +01:00
f2b832415e
Fixed CID 576799.
2021-03-03 20:57:40 +01:00
9ea66868d8
Fixed CID 536133.
2021-03-03 20:37:29 +01:00
05156083ec
Fixed CID 529770.
2021-03-03 20:29:21 +01:00
c27c78f9e4
Fixed CID 529748.
2021-03-03 20:12:59 +01:00
6725a4f5d2
Return error code from sp_cond_swap_ct
...
ZD 11824
2021-03-03 20:03:10 +01:00
d941cb4456
Fixed CID 587279.
2021-03-03 19:48:54 +01:00
806313ff1a
Fixed CID 576473.
2021-03-03 19:43:19 +01:00
af42e2a799
Fixed CID 576329.
2021-03-03 19:21:51 +01:00
b47678513a
Merge branch 'fix/RA/v4.7.0-coverity' of https://github.com/DKubasekRA/wolfssl into fix/RA/v4.7.0-coverity
2021-03-03 18:49:06 +01:00
1aa718a438
Fixed CID 143658, 463100, 529732.
2021-03-03 18:49:00 +01:00
061120dda6
Fixed CID 587340.
2021-03-03 17:18:24 +01:00
18163c9a2a
Fixed CID 587269.
2021-03-03 16:38:28 +01:00
d5c3d9ca4f
Fixed CID 587064.
2021-03-03 16:03:32 +01:00
27c5714f11
Fixed CID 586826.
2021-03-03 15:58:55 +01:00
0bdb2bf40c
Fixed CID 583972.
2021-03-03 15:55:02 +01:00
26578be1a7
Fixed CID 583215.
2021-03-03 15:51:22 +01:00
ef34e613e8
Fixed CID 582947.
2021-03-03 15:46:37 +01:00
38cfe71732
Fixed CID 576552.
2021-03-03 15:41:28 +01:00
b801a6e809
silence warning of unused parameter in certain builds
2021-03-03 18:45:40 +07:00
9db0257e2e
changes after initial review
2021-03-03 18:45:40 +07:00
26a6643383
fix typo on black keymod size and set devid default with TLS
2021-03-03 18:45:40 +07:00
73349d9a83
add missing header file
2021-03-03 18:45:40 +07:00
ffbd565285
fix for cryptocb with private key check
2021-03-03 18:45:40 +07:00
79ec07f5e1
adjustment after rebase
2021-03-03 18:45:40 +07:00
69a0b643be
removing some magic numbers
2021-03-03 18:45:40 +07:00
4409be2a4e
some misra c changes
2021-03-03 18:45:40 +07:00
99f19b19d4
fix for valgrind ecc verify issue
2021-03-03 18:45:40 +07:00
3757e83c64
use hardset mmap device memory for flags
2021-03-03 18:45:40 +07:00
49aeafaa8d
adjust dist files and fix warning
2021-03-03 18:45:40 +07:00
749425e1e8
first pre alpha code for QNX + CAAM
...
manual run of RNG init and JDKEK print
job ring does initial rng
is successful on some red key blob operations
caam red key blob test pass
ecdsa sign/verify
ecdsa ecdh/sign/verify with black secure key
ecdsa ecdh/sign/verify with black secure key
initial cmac addition
initial cmac addition
black blob encap
black keys with cmac
add invalidate memory
refactoring and clean up
more code cleanup
add files for dist and remove some printf's
remove unneeded macro guard
use resource manager
2021-03-03 18:45:40 +07:00
5dbc6db295
Fixed CID 576149
2021-03-03 10:25:54 +01:00
bbf1284112
Replace immediate value "0" with WOLFSSL_FAILURE and add comment to the RETURN_CODE macro
2021-03-03 11:23:11 +09:00
7b78c61ed3
Merge pull request #3833 from dgarske/ecc_keydp
...
ECC: Improve the key ecc_set NULL checking
2021-03-03 09:47:32 +10:00
3752347f14
Improve the random logic for the INTIME RTOS RNG.
2021-03-02 15:04:01 -08:00
4d8068a328
Merge pull request #3813 from douzzer/configure-autotools-boilerplate-at-the-top
...
configure.ac: put autotools boilerplate at the top
2021-03-02 09:22:09 -08:00
7e8aa99471
Merge pull request #3820 from haydenroche5/cmake-options-cleanup
...
Clean up CMake option strings.
2021-03-02 08:55:12 -08:00
4ff886dbda
test: fix compile with session-ticket without AES-GCM
...
EVP compat layer doesn't support poly chacha so test shouldn't be
included to try and test it.
2021-03-02 08:40:19 -08:00
9fe7be5ac4
Improve the key ecc_set NULL checking for possible use of key->dp == NULL cases. This is cases where the key has not been properly iniailized or loaded prior to calling from a public API.
2021-03-01 17:17:40 -08:00
9d4d36f7fe
Fix hasty copy/paste with privSz2.
2021-03-01 16:02:51 -08:00
84d5d37f61
SP int: define errors for backward compatability
2021-03-02 08:34:23 +10:00
14faf16955
Dismiss unused warnings for dh_test.
2021-03-01 10:14:28 -08:00
8c1a93d9e1
Using "rand()" to seed our PRNG as its available on all INTIME RTOS versions.
2021-03-01 09:23:19 -08:00
39a28eeec2
Add RSA_NO_PADDING to wolfSSL_RSA_private_encrypt
2021-03-01 13:21:26 +01:00
42e87fa542
Add DH key initialization
2021-03-01 01:13:25 +09:00
a34c5b018f
Move the local variable declaration to the beginning of the function
2021-03-01 00:49:50 +09:00
e72948b018
Fix for PR tests
2021-02-28 10:27:43 +09:00
265b456cac
Improve wolfSSL_CertManagerGetCerts.
...
- Use wolfSSL_d2i_X509. wolfSSL_CertManagerGetCerts duplicated a lot of work
that wolfSSL_d2i_X509 can do for us.
- This function gets the caLock from the CertManager and then calls ParseCert.
Ultimately, ParseCert calls GetCA, which attempts to acquire the same caLock.
Deadlock ensues. The solution is to get the caLock, make a copy of all the
certs, and release the lock. Then, we use the copy of the certs to build up
the stack of X509 objects. What happens if one of the certs is removed from
the CertManager between our copying and calling wolfSSL_d2i_X509? Nothing of
consequence for this use case. ParseCertRelative won't set the DecodedCert's ca
field, but we don't need that to be set here.
2021-02-26 10:45:27 -06:00
cd9f400cf3
Clean up CMake option strings.
...
This commit makes all the binary CMake options (i.e. yes/no) conform to one
string convention: "yes/no." Previously, we had a mixture of yes/no and ON/OFF.
2021-02-26 10:30:46 -06:00
78e2e37fd6
Remove unneccessary local variable initializations and remove local variable declarations in for-loops
2021-02-26 17:17:32 +09:00
e9719595fa
Removed commented-out line
2021-02-26 12:49:32 +09:00
a54e3aadea
Fix for PR tests
2021-02-26 12:42:42 +09:00
ec471af9c5
Add following stub funcs:
...
- wolfSSL_THREADID_current
- wolfSSL_THREADID_hash
- wolfSSL_CTX_set_ecdh_auto
2021-02-26 11:26:10 +09:00
4c1a94a6ad
Merge pull request #3768 from SparkiDev/mp_add_d_too_big
...
MP small: mp_add_d doesn't support adding a digit greater than MP_DIG…
2021-02-25 16:56:23 -08:00
e18eacfcd2
Merge pull request #3779 from embhorn/zd11711
...
Squelch interfering def of SHA_CTX
2021-02-25 16:05:24 -08:00
2d13a43e71
Merge pull request #3819 from elms/fix/nightly_g++
...
ssl: fix g++ compile warning with explicit cast
2021-02-25 16:04:05 -08:00
5682d61e75
Merge pull request #3817 from SparkiDev/i2d_x509_name_mv
...
ASN: move wolfSSL_i2d_X509_NAME to ssl.c
2021-02-25 16:03:30 -08:00
7d002a7645
Merge pull request #3816 from SparkiDev/win_curve448
...
Windows Project: Include the X448 and Ed448 files
2021-02-25 16:00:53 -08:00
dbc4c51a4e
Merge pull request #3815 from SparkiDev/sp_math_keygen
...
SP int: get keygen working with SP math again
2021-02-25 16:00:27 -08:00
8d37da24dc
Merge pull request #3814 from SparkiDev/gcd_lcm_zero
...
Math: GCD(0,0) is undefined and LCM(0,*) is undefined.
2021-02-25 16:00:04 -08:00
10181b7bbf
Add support for OpenSSL compatibility function SSL_CTX_get_min_proto_version.
...
This is needed by socat-1.7.4.1.
2021-02-25 17:04:41 -06:00
bc585e85b6
Dismiss unused warnings for rsa_test.
2021-02-25 11:23:21 -08:00
2eb253330f
Implement AES_wrap_key and AES_unwrap_key
...
Add `wc_AesKeyWrap_ex` and `wc_AesKeyUnWrap_ex` API to accept an `Aes` object to use for the AES operations
2021-02-25 20:01:51 +01:00
afbe3607d7
ssl: fix g++ compile warning with explicit cast
...
cast OpenSSL callback to `void*` for storage as context to be used by
static callback
2021-02-25 11:01:16 -08:00
acff0e8781
Fix for InTime RTOS v5. The arc4random_buf wasn't added until v6, so opting to use arc4random. ZD 11760.
2021-02-25 08:54:30 -08:00
442f182c67
Merge pull request #3778 from haydenroche5/cmake_curve_ed
...
Add CMake support for CURVE25519, ED25519, CURVE448, and ED448.
2021-02-25 08:01:26 -08:00
d271092aef
ASN: move wolfSSL_i2d_X509_NAME to ssl.c
...
Move WOLFSSL_X509_NAME APIs out of asn.[ch].
2021-02-25 11:45:12 +10:00
7bc12bb536
Windows Project: Include the X448 and Ed448 files
2021-02-25 11:10:46 +10:00
d805a5c681
SP int: get keygen working with SP math again
...
./configure --enable-sp --enable-sp-math --enable-keygen
2021-02-25 10:01:27 +10:00
982ba6c1e0
Math: GCD(0,0) is undefined and LCM(0,*) is undefined.
...
All integers divide 0 so there is no greatest common divisor.
0 is not in the set of numbers for LCM.
2021-02-25 09:29:21 +10:00
5cc8979309
Review feedback for unused `pubSz2.
2021-02-24 15:09:51 -08:00
3a3c0be43f
Fixes for build warnings for CryptoCell with ECC and RSA.
2021-02-24 15:05:27 -08:00
9be1e74dc3
configure.ac: move the autotools boilerplate/initializations back to the top, before --enable-distro and --enable-reproducible-build handling.
2021-02-24 17:04:33 -06:00
101b35e766
cmake: mirror configure logic for SHA3, SHAKE256, SHA224
2021-02-24 14:25:30 -08:00
49a0f70c24
Fix errors from last commit.
2021-02-24 14:19:13 -08:00
074090049b
Add CMake support for CURVE25519, ED25519, CURVE448, and ED448.
2021-02-24 13:57:34 -08:00
8988f1d5a2
Squelch interfering def of SHA_CTX
2021-02-24 15:46:02 -06:00
9ebdc8d61c
Additional fixes for building without RNG. Fix for possible use of key->dp == NULL in wc_ecc_export_ex.
2021-02-24 13:21:54 -08:00
c201b6801c
Merge pull request #3808 from lechner/enable-base64-with-all
...
Enable Base64 as part of --enable-all.
2021-02-24 14:39:20 -06:00
764207a9f5
Merge pull request #3806 from elms/autoconf/oot_fips_check
...
configure: fix for FIPS out-of-tree builds
2021-02-24 14:38:26 -06:00
94a23c1d48
Merge pull request #3646 from julek-wolfssl/nginx-1.19.6
...
Add support for Nginx 1.19.6
2021-02-24 12:21:51 -08:00
d8a053ac35
Merge pull request #3809 from embhorn/zd11773
...
Warnings and error fixes
2021-02-24 12:14:08 -08:00
bf63b41465
Fixes for building without hash. If all hash algorithms are disabled wc_HashAlg could report empty union. ZD 11585.
2021-02-24 11:04:03 -08:00
36ba2e134b
configure: FIPS error and compatability cleanup
...
Use autotools macros for case and if. Simplify validation logic.
2021-02-24 08:53:50 -08:00
1d16af4f32
Warnings and error fixes
2021-02-24 09:08:15 -06:00
ae28550667
Enable Base64 as part of --enable-all.
...
Part of an effort to standardize build options across distributions.
When building with all options, this includes Base64, a feature that
was requested in the past.
This commit passed Debian's Salsa CI pipeline [1] as part of a larger
commit streamlining the build options for distributions. [2]
A related pull request by douzzer activated reproducible builds for
distributions by default. [3]
Thanks to David Garske for his generous contributions to this commit!
[1] https://salsa.debian.org/lechner/wolfssl/-/pipelines/233601
[2] https://salsa.debian.org/lechner/wolfssl/-/blob/debian/master/debian/patches/standardize-distro-options.patch
[3] e30b3d3554
2021-02-23 19:46:56 -08:00
ac38e53fec
Merge pull request #3804 from tmael/aws-sdk
...
Use Unix line endings
2021-02-23 18:33:07 -08:00
e30b3d3554
Merge pull request #3807 from douzzer/distro-reproducible-build
...
--enable-distro implies --enable-reproducible-build
2021-02-23 18:32:04 -08:00
9dadd02fb9
configure.ac move --enable-distro handling to top (preceding --enable-reproducible-build handling), and turn on reproducible-build by default when enable-distro; fix spelling error in reproducible-build help text.
2021-02-23 17:05:44 -06:00
3cdbc242b4
Merge pull request #3803 from dgarske/zd11759
...
Fix misplaced endif and brace
2021-02-24 09:04:38 +10:00
47872224d8
configure: fix for FIPS out-of-tree builds
...
Check for fips files relative to source directory.
2021-02-23 14:17:35 -08:00
7a71ec4692
Merge pull request #3802 from tmael/pkcs8err
...
Fix PKCS8 build config
2021-02-23 13:42:17 -08:00
9bfbc999d9
Move variable declarations to the top
2021-02-23 13:21:50 -08:00
2d0207fc60
Fix undeclared identifier errors
2021-02-24 05:38:28 +09:00
0dfdf92ff7
Merge pull request #3784 from elms/cmake_curve_ed
...
configure: ED448 to enable SHA3 and SHAKE256 properly
2021-02-24 03:20:38 +07:00
5eba89c3ca
Merge pull request #3742 from julek-wolfssl/error-queue-per-thread
...
Add --enable-error-queue-per-thread
2021-02-23 12:02:16 -08:00
ef916df1b1
Merge pull request #3761 from JacobBarthelmeh/Release
...
update changelog and bump version to 4.7.1 for development bundles
2021-02-23 12:00:59 -08:00
60614ff8b1
Merge pull request #3772 from SparkiDev/sp_ecdsa_set_k
...
SP ECDSA sign: fix multiple loops work of generating k
2021-02-23 12:00:21 -08:00
a1db869491
Merge pull request #3775 from haydenroche5/openldap
...
Add a define to openssl/ssl.h needed for openldap port.
2021-02-23 11:58:37 -08:00
363185669a
Merge pull request #3776 from cconlon/pkcs7testfix
...
fix wolfCrypt PKCS#7 test when PKCS7_OUTPUT_TEST_BUNDLES is defined
2021-02-23 11:58:00 -08:00
e471cba8df
Merge pull request #3780 from SparkiDev/tls13_key_up_resp
...
TLS 1.3: add API to tell if a KeyUpdate response is required
2021-02-23 11:57:10 -08:00
d3c8720b56
Use Unix line endings
2021-02-23 11:54:02 -08:00
244accece1
Merge pull request #3799 from SparkiDev/sp_gcd_protect
...
SP int: fix guard around sp_gcm and sp_lcm
2021-02-23 11:53:25 -08:00
6cc137dce0
Fix misplaced endif and brace.
2021-02-23 10:22:59 -08:00
760ea219a8
Fix for "unused variable" warning
2021-02-24 02:33:46 +09:00
b199c2e444
Fix PKCS8 test
2021-02-23 09:33:14 -08:00
c0a9f86de3
Move some variable declarations to the beginning of the block
2021-02-24 01:33:51 +09:00
362d2a2d68
Moved int pos declaration at the top the func
2021-02-24 01:07:45 +09:00
d074e7443f
Remove default ticket cb as this will be added in another PR
2021-02-23 10:06:11 +01:00
22349e0539
Merge pull request #3800 from dgarske/zd11759
...
Fixes for warnings in Windows and failing `wc_BufferKeyEncrypt` test
2021-02-23 17:07:14 +10:00
9e4dcfb66c
Add wolfSSL_BIO_tell
2021-02-23 11:12:12 +09:00
b5239f97c4
Fixes for warnings in Windows. Fix for failing wc_BufferKeyEncrypt with PBKDF disabled. ZD 11759.
2021-02-22 16:51:17 -08:00
3ac40be091
Merge pull request #3797 from tmael/builderr
...
Correct a build error with a non-standard configurations
2021-02-22 16:33:01 -08:00
d2f9f4c4ce
SP int: fix guard around sp_gcm and sp_lcm
2021-02-23 10:21:32 +10:00
fc6394b923
Merge pull request #3796 from elms/fix_valgrind_fpecc
...
tests: fix preprocessor test for gcd/lcm
2021-02-23 09:42:35 +10:00
a7cca8a99b
Fix wolfSSL_EVP_PKEY_print_public
2021-02-23 07:57:45 +09:00
e9cdcf5bac
Merge pull request #3764 from embhorn/zd11668
...
Fix typo
2021-02-22 14:12:12 -08:00
243c3ceacc
Fix build err
2021-02-22 13:36:21 -08:00
c4d2e7cfdb
configure: split SHA3 and SHAKE256 to work with ED448
...
Define flags and defaults early, but set CFLAGS later to allow
override.
2021-02-22 10:14:21 -08:00
451b8ede51
tests: fix preprocessor test for gcd/lcm
...
Fixes `--enable-valgrind --enable-fpecc --enable-ecc` build
2021-02-22 09:53:55 -08:00
b495e12179
Fix such as "for loop initial declaration"
2021-02-23 02:29:37 +09:00
e25284c690
Add wolfSSL_EVP_PKEY_print_public
2021-02-22 23:51:27 +09:00
49d1b859d4
Add wolfSSL_EVP_Encode/Decode APIs
2021-02-22 17:51:44 +09:00
4264a49246
Causes SSL_CTX_load_verify_locations and X509_LOOKUP_load_file to return zero on failure if WOLFSSL_ERR_CODE_OPENSSL is defined
2021-02-22 08:05:11 +09:00
41c4a25b25
Merge pull request #3785 from embhorn/zd11752
...
Fix ret val for wolfSSL_BIO_set_ssl
2021-02-22 08:34:47 +10:00
1b319804ad
configure: When enabling --enable-sp-asm, accept host_cpu amd64 as alternative to x86_64
...
Allows to use --enable-sp-asm on ElectroBSD amd64.
Previouly configure failed with:
configure: error: ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm
2021-02-20 14:25:05 +01:00
c7b1dc8f94
Fix Cryptocell ECC tests
2021-02-19 16:39:45 -08:00
ebb2c7ae71
Fix ret val for wolfSSL_BIO_set_ssl
2021-02-19 16:35:01 -06:00
078d78a884
Merge pull request #3782 from JacobBarthelmeh/Async
2021-02-19 14:24:09 -08:00
31d3dfdd4d
configure: ED448 to enable SHA3 and SHAKE256 properly
...
SHA3 and SHAKE256 are required for ED448, but were potentially
overwritten after being set when ED448, specifically others than
x86_64/aarch64
2021-02-19 13:18:52 -08:00
3079ca4d6a
add comment that use is blocking and adjust indentation
2021-02-20 02:54:10 +07:00
8d7c61cf10
prep for Async release
2021-02-19 11:51:23 -07:00
2002ae9dca
tests/api.c: Fix build with NO_WOLFSSL_STUB defined
2021-02-19 05:45:19 +01:00
400a1d6927
Compile wolfSSL_ASN1_TIME_set_string() independently of NO_WOLFSSL_STUB
2021-02-19 05:45:09 +01:00
8fabb9e9bb
Merge pull request #3767 from dgarske/rsapubonly
...
Fixes for building with RSA verify or public only
2021-02-19 10:36:00 +10:00
fa7b5f55ee
TLS 1.3: add API to tell if a KeyUpdate response is required
2021-02-19 10:21:08 +10:00
31c76dcc1a
Merge pull request #3777 from elms/cmake/configure_test_paths
...
cmake: configure `test_paths.h`
2021-02-18 15:02:19 -08:00
70ddaf8f2e
cmake: configure test_paths.h
2021-02-18 12:17:55 -08:00
4da0328e1a
fix wolfCrypt PKCS#7 test when PKCS7_OUTPUT_TEST_BUNDLES is defined
2021-02-18 12:14:48 -07:00
10be54054e
Minor fixes for build errors and bad macro names.
2021-02-18 10:55:47 -08:00
c62b48f7d0
Fixes for building with RSA public or verify only. Fixes issue with reserved "div" keyword as variable name. ZD11585
2021-02-18 07:47:00 -08:00
2290d1b4c8
Add a define to openssl/ssl.h needed for openldap port.
2021-02-18 09:17:47 -06:00
3bf9b49274
SP ECDSA sign: fix multiple loops work of generating k
...
Support only one loop of generated k.
2021-02-18 09:06:50 +10:00
ad58478d29
Merge pull request #3765 from embhorn/zd11703
...
Validate name size
2021-02-18 08:42:26 +10:00
276e090a1f
Merge pull request #3763 from embhorn/zd11726
...
Adding wolfSSL_CTX_get_TicketEncCtx
2021-02-18 08:35:03 +10:00
5dc6de3063
Merge pull request #3771 from JacobBarthelmeh/Testing
...
fix build for apache without tls 1.3
2021-02-18 08:19:29 +10:00
caa39f78ae
Fix from review and leak in wolfSSL_X509_get_serialNumber
2021-02-17 13:53:30 -06:00
d31f184c49
Adding tests
2021-02-17 13:34:38 -06:00
608083f559
Add more checks for name->sz
2021-02-17 12:19:42 -06:00
4def38dd7e
fix build for apache without tls 1.3
2021-02-17 18:23:03 +07:00
7ce3860e19
MP small: mp_add_d doesn't support adding a digit greater than MP_DIGIT_MAX
2021-02-17 09:24:22 +10:00
80e75c3db8
Merge pull request #3766 from guidovranken/zd11733
...
Better error propagation in _fp_exptmod_ct
2021-02-17 08:45:43 +10:00
cc37227f18
Merge pull request #3762 from guidovranken/zd11732
...
Fix memory leak in fp_gcd
2021-02-16 13:04:10 -08:00
806b5d7d23
Validate name size
2021-02-16 14:58:58 -06:00
b47809e718
Better error propagation in _fp_exptmod_ct
2021-02-16 19:54:59 +01:00
3a9d533d2c
update changelog with researchers names, thanks Aina and Olivier
2021-02-17 00:04:16 +07:00
5f3ee2985c
bump version for development bundles
2021-02-16 23:57:47 +07:00
7bd3cccd87
Fix memory leak in fp_gcd
...
ZD 11732
2021-02-16 17:47:00 +01:00
b8f841599c
Add --enable-error-queue-per-thread
2021-02-16 16:08:13 +01:00
89fd0b375b
Correctly read anon cipher run-time options
2021-02-16 14:27:19 +01:00
9265c3f71f
Use native API for ticket callback
2021-02-16 14:25:45 +01:00
0ae1a8b8c5
Jenkins fixes
...
- Change pushCAx509Chain to an iterative implementation
- Fix variable names shadowing global names
2021-02-16 14:25:45 +01:00
e80158a96e
Set full chain with known CA's in wolfSSL_set_peer_cert_chain
2021-02-16 14:25:45 +01:00
b90862fa3f
Free OcspEntry.status only when the struct owns the pointer
2021-02-16 14:25:45 +01:00
26df833074
Compat layer session tickets
...
- OpenSSL uses an internal mechanism by default for session tickets. This is now implemented for OPENSSL_EXTRA in wolfSSL.
- Add testing of wolfSSL_CTX_set_tlsext_ticket_key_cb
2021-02-16 14:25:45 +01:00
9a1e54cfd5
Nginx 1.19.6 Fixes
2021-02-16 14:25:45 +01:00
b63f43a2af
Nginx 1.19.6
...
- Implement X509_pubkey_digest
- Initialize entire WOLFSSL_X509_NAME struct to zero
- Set raw and rawLen when copying WOLFSSL_X509_NAME
2021-02-16 14:25:45 +01:00
8f88ac7442
add note about s/mime addition to changelog
2021-02-16 08:35:21 +07:00
830de9a9fb
Merge pull request #3760 from JacobBarthelmeh/Release
...
prepare for release v4.7.0
2021-02-15 14:29:51 -08:00
30462fcf95
Merge pull request #3756 from SparkiDev/sp_math_dh_agree
...
DH SP math: return key size error with DH Agree
2021-02-15 12:26:04 -08:00
917205442b
Merge pull request #3757 from SparkiDev/sp_smallstack_fixes
...
sp_lcm small stack: fix size of temporary
2021-02-15 12:25:13 -08:00
888fab501b
Merge pull request #3758 from SparkiDev/sp_exch_fix
...
SP math all: sp_exch fixed up
2021-02-15 12:23:28 -08:00
742731a65f
Merge pull request #3759 from JacobBarthelmeh/Testing
...
fix for haproxy and nginx build, remove execute bit on certs
2021-02-15 12:21:56 -08:00
847938f4d6
prepare for release v4.7.0
2021-02-16 02:41:37 +07:00
b7b07e1945
Adding wolfSSL_CTX_get_TicketEncCtx
2021-02-15 11:28:46 -06:00
f4519018eb
remove execute bit on smime bundles
2021-02-15 23:33:31 +07:00
0b0f370384
fix for haproxy and nginx build
2021-02-15 22:09:44 +07:00
ba1c67843a
Merge pull request #3752 from JacobBarthelmeh/Jenkins
...
changes from nightly Jenkins test review
2021-02-15 16:32:40 +10:00
c5190d1294
Merge pull request #3753 from dgarske/wpas_revert
...
Fixes for hostapd (revert some configure.ac changes in PR #3289 )
2021-02-15 09:45:27 +07:00
e4f8545e36
SP math all: sp_exch fixed up
2021-02-15 10:29:45 +10:00
e187a74b1c
sp_lcm small stack: fix size of temporary
...
Temporary sp_int needs to be allocated to be 1 digit larger than a or b
for the div operation.
Change sp_div to check sizes of r and rem when passed in.
Fix sp_invmod, sp_gcm, sp_submod to use temporary sp_int sizes that work
with calls to sp_div().
2021-02-15 09:48:18 +10:00
4b1c89ab38
DH SP math: return key size error with DH Agree
...
SP math requires SP to support DH operations.
When SP doesn't support bit size, WC_KEY_SIZE_E must be returned.
2021-02-15 09:04:43 +10:00
505514415d
Merge pull request #3748 from JacobBarthelmeh/Testing
...
always check index into certs
2021-02-15 08:20:28 +10:00
98b5900266
Revert of changes in PR #3289 , which should not have removed the HAVE_SECRET_CALLBACK and WOLFSSL_PUBLIC_ECC_ADD_DBL. These are required for hostapd.
2021-02-12 14:11:17 -08:00
fc005f941c
Merge pull request #3750 from embhorn/buffer_conflict
...
Fix use of 'buffer' in test
2021-02-12 13:59:18 -08:00
bde1a2209a
tests: add include for ecc.h to fix compile error
...
fix testsuite implicit definition of `wc_ecc_fp_free` with
`./configure --enable-fpecc --enable-ecc --enable-stacksize`
2021-02-13 01:31:01 +07:00
f311c9a038
Merge pull request #3751 from SparkiDev/aes_gcm_type
...
AES-GCM type fixes: internal functions now have word32 type parameters
2021-02-12 10:12:26 -08:00
1c852f60ab
fix for g++ build
2021-02-12 23:26:54 +07:00
7e72fafd44
do not turn on FP_64BIT by default on Aarch64
2021-02-12 23:16:04 +07:00
a49c867b38
increase test buffer size for updated pkcs7 bundle
2021-02-12 23:16:04 +07:00
0938a0055d
always use MAX_CHAIN_DEPTH for args->certs buffer
2021-02-12 15:18:14 +07:00
3926ccd39b
AES-GCM type fixes: internal functions now have word32 type parameters
...
Lengths were signed int for decrypt while unsigned int for encrypt.
Use word32 across the board.
Also fix AES-NI code on Windows to cast lengths to word64 before
multiplying by 8 to avoid averflow.
2021-02-12 08:30:08 +10:00
2ac826c37e
Fix use of 'buffer' in test
2021-02-11 15:58:26 -06:00
ae073b7ce2
Merge pull request #3741 from elms/test/openssl_distcheck_fix
...
testing: fix openssl test for `distcheck`
2021-02-11 13:53:09 -08:00
81dcf0d28b
Merge pull request #3640 from tmael/evp_rsa2
...
Remove EVP_PKEY_RSA2
2021-02-11 13:51:46 -08:00
1283a4d9f0
Merge pull request #3686 from embhorn/zd11571
...
Fix Free/SafeRTOS with XMALLOC_USER
2021-02-11 13:50:55 -08:00
d40ea03621
Merge pull request #3703 from SparkiDev/sp_int_malloc
...
SP int: Rework allocation of temporaries
2021-02-11 13:49:45 -08:00
f0ce6ada0f
Merge pull request #3702 from guidovranken/zd11603
...
Prevent dangling pointer in TLSX_Cookie_Use
2021-02-11 12:31:02 -08:00
3eeeb39fb7
Merge pull request #3711 from dgarske/ecc_encrypt_rng
...
Fix for `--enable-eccencrypt` with timing resistance enabled
2021-02-11 12:28:13 -08:00
80b9949052
Merge pull request #3739 from kaleb-himes/FusionRTOS-Porting-R3
...
Fusion RTOS porting round 3
2021-02-11 12:25:55 -08:00
e87e818c6e
Merge pull request #3749 from dgarske/zd11624_pkcs11
...
Fix another PKCS11 case where the ECC key type is not set
2021-02-12 01:36:41 +07:00
2c2bdca200
Fix typo
2021-02-11 12:27:43 -06:00
39cb84de25
Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff
...
OpenVPN master additions
2021-02-11 08:56:45 -08:00
f006479645
Fix another PKCS11 case where the ECC key type is not set and causes failures. Broke in PR #3687 .
2021-02-11 08:04:58 -08:00
90140fc5a4
always check index into certs
2021-02-11 21:50:51 +07:00
d05dc921a7
Merge pull request #3745 from douzzer/enable-reproducible-build
2021-02-11 06:39:28 -08:00
d64315a951
configure.ac: add --enable-reproducible-build: put ar and ranlib in deterministic mode, and leave LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS out of the generated config.h. relates to PR #3417 .
2021-02-11 00:12:05 -06:00
b330196c28
SP int: Rework allocation of temporaries
...
Allocate only as much is as needed.
Use macros to simplify code.
Don't use an sp_int if you can use an array of 'sp_int_digit's.
2021-02-11 10:34:40 +10:00
acdc267104
Merge pull request #3718 from SparkiDev/sp_int_fast_nct
...
SP int: allow faster NCT exptmod to be compiled in
2021-02-10 16:14:39 -08:00
032cc1645c
Merge pull request #3713 from SparkiDev/tls_def_sess_ticket_cb
...
TLS Session Ticket: default encryption callback
2021-02-10 16:13:33 -08:00
389a5e0301
Merge pull request #3684 from SparkiDev/sp_fixes_5
...
SP fixes: even mod testing, ECC compilation with SP
2021-02-10 16:10:21 -08:00
6983aa9331
Merge pull request #3700 from SparkiDev/sp_math_lshb
...
SP math lshb: check space for result
2021-02-10 16:01:27 -08:00
67b1280bbf
Merge pull request #3545 from kabuobeid/smime
...
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-10 15:59:32 -08:00
0403f5f18d
Merge pull request #3744 from JacobBarthelmeh/Certs
...
run renewcerts.sh script
2021-02-11 09:43:49 +10:00
5151e1f749
Merge pull request #3715 from JacobBarthelmeh/Testing
...
openssl x509 small with req cert gen
2021-02-11 09:39:15 +10:00
7efaf14fce
Merge pull request #3727 from JacobBarthelmeh/Prime
...
check prime is prime with ecc compressed keys
2021-02-11 09:22:40 +10:00
d67934f6b8
scripts: remove use of realpath and fix external.test
...
`external.test` could fail quietly for not finding `ping.test` for
out-of-tree builds. Make it look relative to the script location.
2021-02-10 14:18:32 -08:00
ac96e58928
Merge pull request #3743 from dgarske/zd11624
...
Fix for copy/paste error for ECC key type
2021-02-11 04:02:54 +07:00
41e5e547c4
run renewcerts.sh script
2021-02-11 03:12:54 +07:00
223ba43c2c
Add debug message regarding failure
2021-02-10 12:15:43 -07:00
9e6ab4ab70
Address indendation, fix return on stub, remove warning
2021-02-10 11:26:29 -07:00
c9c4a7ee68
Fix spelling errors.
2021-02-10 10:17:51 -08:00
0c75099111
Fix for copy/paste error in PR 3728, which makes sure the ECC key type is specified.
2021-02-10 10:14:31 -08:00
4c171524dd
Address missed CloseSocket item and revert some white space changes
2021-02-10 09:14:54 -07:00
9b6f382b2c
testing: fix openssl test for distcheck
...
Previously missed case of cert locations for out-of-tree build. Use
relative path from script location for certificate path
2021-02-10 07:15:22 -08:00
3c0563908f
openssl x509 small with req cert gen
...
add test for build case with x509small and add back in function
adjust macro guard for i2d_X509_NAME implementation
add macro guard on test case
2021-02-10 21:48:29 +07:00
7e428f90f2
Revert zero return, to be handled in stand-alone PR
2021-02-10 05:31:57 -07:00
15f9902e94
Address new file issue by Jenkins and peer feedback on return val of time
2021-02-10 04:16:34 -07:00
64bc4b663d
SP fixes: even mod testing, ECC compilation with SP
...
Even mod inversion will sometimes work with integer.c.
Don't call SP code to perform ECC ops unless WOLFSSL_HAVE_SP_ECC is
defined.
2021-02-10 14:38:58 +10:00
794cb5c7a9
TLS Session Ticket: default encryption callback
...
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
2021-02-10 14:31:54 +10:00
89b97a0fbf
Implement peer feedback
2021-02-09 18:42:23 -07:00
b704c3b3f8
Merge pull request #3693 from SparkiDev/curve448_ppc64
...
Curve448 PPC64: 'char' is not always signed - use type 'sword8'
2021-02-09 16:08:06 -08:00
75d0496f77
Merge pull request #3722 from SparkiDev/sp_clang_fix
...
test.c: don't check key NULL when not small stack
2021-02-09 16:07:04 -08:00
157ad65a6e
Merge pull request #3677 from SparkiDev/ecdsa_keep_e
...
ECDSA: don't modify the e mp_int (hash) value
2021-02-09 16:06:05 -08:00
47b2e8342b
Merge pull request #3698 from SparkiDev/sp_math_no_asm_fix
...
SP math: fix one word Montgomery Reduction for non-asm
2021-02-09 16:04:38 -08:00
32424f715c
Merge pull request #3699 from SparkiDev/sp_ecdsa_vfy_fix
...
SP ECC verify: check point for z=0 and set to infinity
2021-02-09 16:02:51 -08:00
27475291b1
Merge pull request #3733 from SparkiDev/sp_int_mont_red_size
...
SP int: mont_red - check size of a relative to m
2021-02-09 16:00:24 -08:00
ae3706d5e5
Merge pull request #3734 from SparkiDev/sp_int_8_bit
...
SP int: fixes for 8-bit digits
2021-02-09 15:59:26 -08:00
2f47934184
Merge pull request #3735 from SparkiDev/sp_int_32_bit
...
SP int SP_WORD_SIZE=32: cast down explicitly
2021-02-09 15:56:49 -08:00
fc30f379ee
Merge pull request #3736 from SparkiDev/sp_int_neg_zero
...
SP int neg: fix handling of negative zero and mp_cond_copy
2021-02-09 15:48:21 -08:00
cfadc7e25a
Merge branch 'FusionRTOS-Porting-R3' of https://github.com/kaleb-himes/wolfssl into FusionRTOS-Porting-R3
2021-02-09 16:47:44 -07:00
3472191af5
Remove ++ from VisualDSP dir, seems to be causing issues with make dist
2021-02-09 16:39:00 -07:00
f63f0ccb94
Merge pull request #3740 from SparkiDev/tls13_one_hrr_sh
...
TLS 1.3: Only allow one ServerHello and one HelloRetryRequest
2021-02-09 14:59:10 -08:00
ca3c5bf6c4
SP math lshb: check space for result
2021-02-10 08:58:58 +10:00
33bfee0f1a
Merge pull request #3717 from kaleb-himes/OE11_ACVP
...
XSTRNCASECMP for OE11 ACVP (CMSIS RTOS)
2021-02-09 14:52:21 -08:00
9792e062c3
SP int: allow faster NCT exptmod to be compiled in
...
For small builds, this may be needed to get the right performance.
2021-02-10 08:51:32 +10:00
9a7aba265a
Merge pull request #3716 from kaleb-himes/OE10_ACVP_OE13_ACVP_WPAA
...
OE10 and OE13 ACVP updates for armv8 PAA
2021-02-09 14:50:42 -08:00
73d7709724
Update comment about location for porting changes.
2021-02-09 15:39:12 -07:00
6d23728a56
Fusion RTOS porting round 3
2021-02-09 15:33:06 -07:00
250b59f8fd
Merge pull request #3688 from julek-wolfssl/correct-cert-free
...
Use wolfSSL_X509_free to free ourCert
2021-02-09 12:41:12 -08:00
012841bba3
Merge pull request #3738 from embhorn/cmp_layer_high
...
Compatibility layer API
2021-02-09 08:33:41 -07:00
47d5f6f624
Merge pull request #3714 from SparkiDev/sp_int_rsavfy
2021-02-09 07:28:40 -08:00
71b495c422
Merge pull request #3712 from miyazakh/RND_bytes
...
handle size greater than RNG_MAX_BLOCK_LEN
2021-02-09 08:26:30 -07:00
5818923762
Merge pull request #3723 from douzzer/AesCcmEncrypt-zero-inSz-null-in
...
AES-CCM null payload buffers with inSz zero
2021-02-09 17:22:03 +10:00
bdd4ceb445
aes.c: fix overwide code text in wc_AesCcmEncrypt().
2021-02-08 21:50:29 -06:00
4d70d3a3c4
TLS 1.3: Only allow one ServerHello and one HelloRetryRequest
2021-02-09 12:51:53 +10:00
539ef512fc
SP int neg: fix handling of negative zero and mp_cond_copy
...
mp_cond_copy: copy sign when available.
Check for zero and ensure sign is MP_ZPOS.
2021-02-09 11:03:06 +10:00
a4e819c60a
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-08 17:14:37 -07:00
763f388471
SP int: get rsavfy and rsapub working again
2021-02-09 09:58:23 +10:00
0d499a28e5
Merge pull request #3725 from elms/build/fix_distcheck
...
build: fix `make distcheck`
2021-02-08 15:57:04 -08:00
3217c7afae
Merge pull request #3732 from miyazakh/setverifydepth
...
issue callback when exceeding depth limit rather than error out
2021-02-09 09:51:45 +10:00
f14f1f37d2
Merge pull request #3673 from elms/ssl_api/get_verify_mode
...
SSL: add support for `SSL_get_verify_mode`
2021-02-08 15:40:19 -08:00
58f9b6ec01
Merge pull request #3676 from SparkiDev/tls13_blank_cert
...
TLS 1.3: ensure key for signature in CertificateVerify
2021-02-08 15:27:05 -08:00
7a583d5b4b
aesccm_test(): test for (and require) BAD_FUNC_ARG when in or out pointer to wc_AesCcm{En,De}crypt() is null and inSz > 0.
2021-02-08 16:43:38 -06:00
b8a019dedd
AES-CCM: allow null payload buffers in wc_AesCcmEncrypt() and wc_AesCcmDecrypt() when inSz is zero, and add to aesccm_test() a test for this, tolerating early BAD_FUNC_ARG (for FIPS and arch-specific 3rd party code), and a test for the zero-length string, that must succeed.
2021-02-08 16:34:09 -06:00
dda4c3b3c4
Merge pull request #3724 from embhorn/zd11646
...
Move var declaration to top
2021-02-08 11:09:28 -08:00
12eddee104
scripts: fix tests for out of tree distcheck
...
Copying or using certs from directory relative to scripts source directory.
2021-02-08 10:43:31 -08:00
6cff3f8488
Adding X509_LOOKUP_ctrl
2021-02-08 12:17:14 -06:00
47b9c5b054
Adding X509_STORE_CTX API
2021-02-08 08:25:14 -06:00
de47b9d88a
Adding X509_VERIFY_PARAM API
2021-02-08 08:25:14 -06:00
812b44d58e
guard check on prime with macro WOLFSSL_VALIDATE_ECC_IMPORT
2021-02-08 20:25:01 +07:00
36d124ed2f
Merge pull request #3730 from guidovranken/zd11650
...
SP math: Better error propagation
2021-02-08 14:17:43 +10:00
c3cc36c55f
SP int SP_WORD_SIZE=32: cast down explicitly
2021-02-08 13:20:12 +10:00
7986b37aa5
SP int: fixes for 8-bit digits
...
Fix mask type in mp_cond_copy to be at least 16 bits to handle 'used'
being larger than 8-bit but mp_digit being 8-bit.
When large numbers are used with 8-bit words, mul/sqr partial sums will
overflow a word. Fix implementations to handle this.
2021-02-08 12:24:28 +10:00
f13186827a
issue callback when exceeding depth limit rather than error out
2021-02-08 11:01:45 +09:00
aefddaf2b8
SP int: mont_red - check size of a relative to m
2021-02-08 10:07:15 +10:00
cced2038b8
conditional compile and check on idx
2021-02-08 06:10:04 +07:00
358dbd5090
_sp_exptmod_base_2: Break out of loops on error
2021-02-08 00:09:29 +01:00
2933db8915
Merge pull request #3729 from guidovranken/zd11649
...
SHA 256,512: Only write hash if no error has occurred
2021-02-08 08:47:51 +10:00
ea4b3110e8
Merge pull request #3728 from dgarske/zd11624
...
Fix for PKCS11 not properly exporting the public key due to a missing key type field
2021-02-08 08:32:04 +10:00
bc707d67c3
SP math: Better error propagation
...
ZD 11650
2021-02-06 09:09:41 +01:00
3fd2647383
SHA 256,512: Only write hash if no error has occurred
...
ZD 11649
2021-02-06 08:15:30 +01:00
644636e0f8
only check prime value with custom curves
2021-02-06 05:46:19 +07:00
e26f1529c0
build: revert change so make generates testsuite.test
...
A change to `include.am` caused `make check` to generate, but `make`
without arguments to not generate it.`
2021-02-05 14:39:07 -08:00
c17597a4fb
build: arbitrary path for make check
...
To support builds in other directories, unit.test and wolfcrypt test
must be aware of the source and build directory.
2021-02-05 12:10:32 -08:00
70b382e6cf
Fix for PKCS11 not properly exporting the public key due to a missing key type field. This broke due to changes in PR #3687 . Also resolved mismatch of enum types for the key type check.
2021-02-05 11:49:31 -08:00
c2be5dbe2b
check prime is prime with ecc compressed keys
2021-02-06 01:54:25 +07:00
93ea355217
build: fix make distcheck
...
Need to check if `unit.test` was run from make process and set
different path to run unit test executable.
Writing files in the dist is not allowed during distcheck so write
files to subdirectory used build during distmake
2021-02-05 07:25:07 -08:00
e4d79bf49e
Move var declaration to top
2021-02-05 08:41:42 -06:00
c4afce76f7
test.c: don't check key NULL when not small stack
2021-02-05 14:57:00 +10:00
4ade6eb802
XSTRNCASECMP for OE11 ACVP (CMSIS RTOS)
2021-02-03 16:03:20 -07:00
776964f7c7
OE10 and OE13 ACVP updates for armv8 PAA
2021-02-03 15:38:08 -07:00
431e1c8ffe
handle size greater than RNG_MAX_BLOCK_LEN
2021-02-03 12:23:36 +09:00
714aa97490
Merge pull request #3710 from cconlon/0202
...
fix and update README.md markdown
2021-02-02 16:15:53 -08:00
72a8a1069a
Fix to only set missing RNG if needed. Resolves unit test, which already sets the RNG on the private key and the incoming context is not provided (use local).
2021-02-02 14:16:21 -08:00
04e7fa3657
Fix for --enable-eccencrypt with timing resistance enabled. The ECC shared secret was missing the RNG. Fixes https://github.com/wolfSSL/wolfssl-examples/issues/243
2021-02-02 13:55:42 -08:00
7eb71b1bb1
Merge pull request #3344 from guidovranken/PKCS7_EncodeSigned-leak-fix
...
Check the right size before freeing flatSignedAttribs in PKCS7_EncodeSigned
2021-02-02 13:53:20 -07:00
f833d96ba3
Check the right size before freeing flatSignedAttribs in PKCS7_EncodeSigned
2021-02-02 10:15:00 -08:00
30c1c4a4f8
fix and update README.md markdown
2021-02-02 10:38:09 -07:00
542e0d79ec
Jenkins Fixes
...
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
2021-02-02 12:06:11 +01:00
8a669615f8
Generate correct GCM tag
2021-02-02 12:06:11 +01:00
921fd34876
Detect version even if not compiled in
2021-02-02 12:06:11 +01:00
69dca4fd08
Rebase fixes
...
- wolfSSL_CTX_set1_groups_list and wolfSSL_set1_groups_list should use wolfSSL_CTX_set1_groups and wolfSSL_set1_groups respectively because it converts to correct groups representation
- Change to using "SHA1" as main name for SHA1
2021-02-02 12:06:11 +01:00
46821196ab
Fix call to wolfSSL_connect when in wolfSSL_connect_TLSv13
...
If a client is:
- TLS 1.3 capable
- calls connect with wolfSSL_connect_TLSv13
- on an WOLFSSL object that allows downgrading
then the call to wolfSSL_connect should happen before changing state to HELLO_AGAIN. Otherwise wolfSSL_connect will assume that messages up to ServerHelloDone have been read (when in reality only ServerHello had been read).
Enable keying material for OpenVPN
2021-02-02 12:06:11 +01:00
ff43d39015
GCC complains about empty if
2021-02-02 12:06:11 +01:00
f5cf24dbdc
SHA1 should not be called SHA. Leave alias for compatibility.
2021-02-02 12:06:11 +01:00
5d5d2e1f02
Check that curves in set_groups functions are valid
2021-02-02 12:06:11 +01:00
c18701ebe7
Implement RFC 5705: Keying Material Exporters for TLS
2021-02-02 12:06:11 +01:00
fdde2337a4
Add static buffer to wolfSSL_ERR_error_string
...
Add ED448 and ED25519 to wolfssl_object_info
Add more error messages
2021-02-02 12:06:11 +01:00
6ed45a23d9
Fix getting cipher suites in compat layer
2021-02-02 12:06:11 +01:00
294e46e21a
Set options when creating SSL
2021-02-02 12:06:11 +01:00
3494218d98
Implement missing functionality for OpenVPN 2.5
2021-02-02 12:06:11 +01:00
5577a2215f
Merge pull request #3708 from JacobBarthelmeh/Testing
2021-02-01 10:11:16 -08:00
ab5f9831ab
Merge pull request #3707 from douzzer/test-openssl-small-stack
...
wolfcrypt/test/test.c: smallstack refactor of openssl test routines.
2021-02-01 09:30:04 -08:00
a7066a9be2
add stdint to test.c if using non blocking ecc test
2021-02-01 23:07:03 +07:00
fd01f79f86
add guard for rsa public only
2021-01-31 23:43:53 +07:00
d14f4f8451
wolfcrypt/test/test.c: smallstack refactor of openssl test routines.
2021-01-30 00:01:15 -06:00
f5f19fda42
Merge pull request #3704 from douzzer/aesgcm-table-small-stack
...
--enable-aesgcm=table --enable-smallstack
2021-01-29 19:53:08 -08:00
d0b20f90d5
wolfcrypt/test/test.c: use HEAP_HINT, not NULL, for XREALLOC() too.
2021-01-29 20:16:51 -06:00
8c0100e60e
blake2b.c/blake2s.c: refactor so that smallstack code paths match performance of !smallstack path.
2021-01-29 17:19:42 -06:00
a332cf36b5
add DYNAMIC_TYPE_AES and DYNAMIC_TYPE_CMAC to enum in types.h, and use these where appropriate;
...
in test.c: use use HEAP_HINT, not NULL in XMALLOC/XFREE calls;
fix a couple typos in aes_test() re WOLFSSL_ASYNC_CRYPT;
add various missing WOLFSSL_SMALL_STACK_STATIC qualifiers;
and streamline old smallstack refactor on-stack declarations declarations to use the much neater [1] construct.
2021-01-29 17:17:31 -06:00
eae4124908
Merge pull request #3705 from lechner/repology-packaging-status
...
Show packaging status across Linux distributions in README.md
2021-01-29 14:48:26 -08:00
2033970369
Show packaging status across Linux distributions in README.md (from Repology)
...
Repology offers badges for wolfSSL's packaging status across all known
Linux distributions. [1] In Markdown documents, the HTML version with
a right-hand alignment uses up less space. It is added here.
The badge itself provides a hyperlink to more information [2]
including repositories in which wolfSSL is not yet represented.
[1] https://repology.org/project/wolfssl/badges
[2] https://repology.org/project/wolfssl/versions
2021-01-29 10:40:32 -08:00
0f6ae330da
wolfcrypt: smallstack refactors of AES code for lkm compatibility with --enable-aesgcm=table.
2021-01-28 22:51:28 -06:00
91299c5abd
Merge pull request #3701 from dgarske/pkcs7_devId
...
Fixes for PKCS7 with crypto callback (devId) with RSA and RNG
2021-01-29 10:56:41 +10:00
4f6deb8ae9
Merge pull request #3594 from haydenroche5/zd10911
...
Fix issue with DoHandShakeMsgType/ShrinkInputBuffer when encryption i…
2021-01-28 16:55:04 -08:00
fc845da9f0
Fix issue with DoHandShakeMsgType/ShrinkInputBuffer when encryption is on (e.g.
...
during renegotiation).
This issue was brought to light by ZD 10911. When encryption is on (indicated
by the return value of IsEncryptionOn), DoHandShakeMsgType will finish up by
incrementing the input buffer index past the padding and MAC (if encrypt-then-
mac is enabled). In ProcessReply, if there are more messages to be read, the
index is decremented back before the padding and MAC. The issue arises when
ShrinkInputBuffer is called in between and copies data from the dynamic input
buffer to the static one. That function will get called with the index post-
increment, and thus the padding and MAC won't get copied into the static buffer,
which isn't what we want, since ProcessReply is going to decrement the index
since it thinks the padding and MAC are still there. This commit makes it so
the padding and MAC get included in the call to ShrinkInputBuffer when
encryption is on.
2021-01-28 15:37:00 -06:00
3da6b8364e
Prevent dangling pointer in TLSX_Cookie_Use
...
ZD 11603
2021-01-28 18:53:35 +01:00
2bd63d27bf
Fixes for PKCS7 with crypto callback (deviceId), where it was not being used for RSA and RNG. ZD 11163.
2021-01-28 09:52:13 -08:00
311a0d25dd
Merge pull request #3696 from JacobBarthelmeh/Testing
...
fix for tested x509 small build
2021-01-28 06:59:26 -08:00
590597a0e2
SP ECC verify: check point for z=0 and set to infinity
2021-01-28 14:43:51 +10:00
0ccb0d5fce
SP math: fix one word Montgomery Reduction for non-asm
...
Set the word size for x86.
2021-01-28 09:54:58 +10:00
bbcb98a8f7
fix for tested x509 small build
2021-01-27 23:00:24 +07:00
7486cad291
Curve448 PPC64: 'char' is not always signed - use type 'sword8'
...
Ensure type 'sword8' is signed.
2021-01-27 18:16:25 +10:00
c739b4d474
ECDSA sign: cleanup comments and variables
...
Remove mod at end as mulmod does this.
Change mp_add to mp_addmod_ct to keep the size of numbers to less than
order for mp_mulmod.
2021-01-27 09:39:11 +10:00
a1e083b5b1
Merge pull request #3689 from douzzer/fips-option-check-source
...
configure.ac: check compatibility of chosen FIPS option with source
2021-01-26 12:29:52 -08:00
d0e2566ad8
Merge pull request #3679 from julek-wolfssl/dtls-window
...
Correct old DTLS msg rcv update
2021-01-26 12:20:59 -08:00
3d4f836c00
Correctly insert out of order msgs to queue
2021-01-26 15:12:08 +01:00
4da9ade290
Use wolfSSL_X509_free to free ourCert
2021-01-26 11:32:05 +01:00
a89087ed2d
configure.ac: check compatibility of chosen FIPS option with the source tree, for early prevention of accidental attempts to build FIPS with non-FIPS source, or non-FIPS with FIPS source.
2021-01-25 17:56:28 -06:00
6e0e507dad
Merge pull request #3660 from dgarske/sess_ticket_aes_gcm
...
Added support for AES GCM session ticket encryption
2021-01-25 15:00:03 -08:00
f91dcb950c
Merge pull request #3670 from dgarske/keil
...
Fix for ARM Keil MDK compiler issue with `DECLARE_VAR_INIT`.
2021-01-25 14:57:05 -08:00
27ef5b9a3d
Merge pull request #3675 from SparkiDev/tls_no_ticket
...
TLS Session Ticket: Option to disable for TLS 1.2 and below
2021-01-25 14:54:10 -08:00
f35f57c378
Merge pull request #3683 from SparkiDev/sp_int_mont_red_1
...
SP math all: fix 1 word Montgomery Reduce
2021-01-25 14:47:35 -08:00
d201820e3a
Merge pull request #3687 from guidovranken/x963-export-reject-invalid-keys
...
Reject undefined keys (eg. state is ECC_STATE_NONE) from X963 export …
2021-01-25 14:46:59 -08:00
cf9e4f0caf
Merge pull request #3518 from julek-wolfssl/openssh-fixes-v2
...
Fixes for openssh
2021-01-25 14:45:56 -08:00
234bf0c209
SSL: add const for *get_verify_mode to match openSSL
2021-01-25 10:37:50 -08:00
a2917ae29c
SSL: cleanup verify_mode coding style
2021-01-25 10:29:36 -08:00
05e1ee1694
Cleanup to use fixed sizes from defines for DECLARE_VAR. Resolves issue with Visual Studio and using a variable (even const) to declare an array size.
2021-01-25 09:14:12 -08:00
29f7eebef7
Reject undefined keys (eg. state is ECC_STATE_NONE) from X963 export functions
...
Additionally, harmonize the failure conditions of wc_ecc_export_x963 and
wc_ecc_export_x963_compressed.
2021-01-25 16:22:21 +01:00
f7408560c6
Fix Free/SafeRTOS with XMALLOC_USER
2021-01-25 09:10:15 -06:00
4f0ed55232
SP math all: fix 1 word Montgomery Reduce
...
May have 3 words in partial result before shifting down.
2021-01-25 10:19:27 +10:00
fb9836ed28
Merge pull request #3678 from guidovranken/zd11556
...
Fix wc_ecc_sign_hash memory leak. ZD 11556.
2021-01-22 18:06:56 -08:00
d29518ecac
Remove duplicate macro
2021-01-22 13:02:30 -08:00
21ac86adb3
SSL: refactor SSL verify mode to be more compatible
...
This follows the bit flag pattern closer. Still doesn't support
`SSL_VERIFY_CLIENT_ONCE` and maybe other flags.
2021-01-22 12:17:07 -08:00
13468d34e3
Apply same VS fixes to api.c as well.
2021-01-22 10:50:18 -08:00
46aee19de3
Fix for Visual Studio issue with non-cost in array declaration.
2021-01-22 10:44:38 -08:00
920c443864
Merge pull request #3250 from JacobBarthelmeh/Benchmark
...
add brainpool benchmark
2021-01-22 10:08:21 -08:00
cd4dae8f09
Merge pull request #3674 from ejohnstown/alerts
...
Alerts
2021-01-22 09:16:56 -08:00
b918fb9efe
Correct old DTLS msg rcv update
2021-01-22 14:33:33 +01:00
6fa1556daf
guard -ecc-all with HAVE_SELFTEST macro
2021-01-22 16:13:31 +07:00
905f0b1f5a
Fix wc_ecc_sign_hash memory leak. ZD 11556.
2021-01-22 09:55:30 +01:00
a84f1c813a
TLS Session Ticket: Option to disable for TLS 1.2 and below
...
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
2021-01-22 13:19:29 +10:00
9c34ecc130
ECDSA: don't modify the e mp_int (hash) value
...
Multiple loops of generating signatures require the same e value.
2021-01-22 12:51:21 +10:00
fad1e67677
TLS 1.3: ensure key for signature in CertificateVerify
2021-01-22 11:54:53 +10:00
9012317f5b
Fix copy/paste typo.
2021-01-21 17:41:11 -08:00
1ee40ad7bd
Fix to always init the variable (not just when from heap). Cleanup of the DECLARE_ uses to make sure all allocations succeeded.
2021-01-21 17:12:29 -08:00
6f21995ec5
Alerts
...
Expand the guard around sending the PSK identity alert with a more limited option than enabling it with all the other alerts.
2021-01-21 16:42:54 -08:00
4b47bf7b4e
Merge pull request #3090 from lechner/utf8
...
Convert a header file to UTF-8 encoding.
2021-01-21 16:32:27 -08:00
2017de1b0f
Merge pull request #3617 from haydenroche5/cmake_user_settings
...
Add support for user settings to CMake.
2021-01-21 16:21:55 -08:00
07f459b8d7
Merge pull request #3650 from kojo1/RsaSetRNG
...
add wc_RsaSetRNG to doc
2021-01-21 16:21:00 -08:00
830b3cb676
Merge pull request #3653 from kojo1/fopen_binMode
...
binary mode, fopen
2021-01-21 16:20:07 -08:00
aa64a8e835
Merge pull request #3672 from embhorn/zd11547
...
Fix FIPS compile errors
2021-01-21 16:08:53 -08:00
95d83c9856
SSL: refactor to allow session override or mode
2021-01-21 16:03:02 -08:00
1acd6dfab2
Merge pull request #3635 from SparkiDev/hmac_openssl_fix
...
HMAC OpenSSL API: initialise HMAC ctx on new and allow key length of 0
2021-01-21 15:57:30 -08:00
a8cfc23683
Merge pull request #3642 from SparkiDev/ecdsa_set_k_one_loop
...
ECDSA set k: WOLFSSL_ECDSA_SET_K_ONE_LOOP only tries k and fails when…
2021-01-21 15:56:36 -08:00
5837d5e8de
Merge pull request #3649 from dgarske/stm_aesgcm_perf
...
STM32 AES GCM crypto hardware performance improvements
2021-01-21 15:55:58 -08:00
85f08466f9
Merge pull request #3655 from SparkiDev/ext_cache_sess
...
SESSION: internal cache sessions can't be freed same as external
2021-01-21 15:54:16 -08:00
e9e96dff6a
Merge pull request #3662 from embhorn/gh3659
...
Check method for NULL
2021-01-21 15:50:58 -08:00
7b12dddf75
Merge pull request #3666 from SparkiDev/tls13_tick_before_group
...
TLS 1.3: don't group and wait on send session ticket
2021-01-21 15:49:52 -08:00
22e6d52b7b
Merge pull request #3667 from SparkiDev/sp_fixes_4
...
SP int: fix _sp_mul_d inclusion checks
2021-01-21 15:49:03 -08:00
b825e51d23
Merge pull request #3664 from SparkiDev/sp_math_all_ppc64
...
SP math all: Fixes for PPC64 compiler
2021-01-21 15:48:34 -08:00
848ae3e514
Merge pull request #3668 from SparkiDev/jenkins_fixes_2
...
Compress: fix unused vars
2021-01-21 15:46:30 -08:00
344ad2a3f8
Merge pull request #3625 from SparkiDev/disable_alg_fix
...
Disable algs: fix code to compile with various algs off/on
2021-01-21 15:45:29 -08:00
fe7be3e15f
Alerts
...
Alerts the server sends between receiving the client's CCS message and before it sends its own CCS message should not be encrypted.
2021-01-21 14:48:10 -08:00
7112a6dd78
SSL: add test and fix SSL_get_verify_mode
2021-01-21 14:20:27 -08:00
fbe5fe1945
Merge pull request #3669 from embhorn/gh3657
...
Protect use of globalRNG
2021-01-21 14:09:59 -08:00
af3d842663
SSL: add support for SSL_get_verify_mode
2021-01-21 13:45:20 -08:00
3e4c3d13fe
Merge pull request #3671 from julek-wolfssl/dtls-scr-2
...
DTLS secure renegotiation fixes
2021-01-21 13:37:05 -08:00
fd8527c15e
Fix FIPS compile errors
2021-01-21 15:27:42 -06:00
b418936f72
account for FIPS and g++ builds
2021-01-22 04:21:23 +07:00
177f4aecb6
add all curves to benchmark
2021-01-22 03:20:41 +07:00
e3fa462d72
add brainpool benchmark of key generation
2021-01-22 02:55:26 +07:00
fe37137f12
add brainpool benchmark
2021-01-22 02:44:11 +07:00
d8a01c6f8b
DTLS: client re-send on duplicate HelloRequest as well
2021-01-21 12:45:16 +01:00
969de38764
Reset dtls_start_timeout on a timeout
2021-01-21 12:45:16 +01:00
774fdc9fd6
Free HS data on rehandshake
...
When we call _Rehandshake before we receive application data and the receive application data during the renegotiation process then it is possible for the send queue to be preemptively deleted
2021-01-21 12:45:16 +01:00
17f101ef13
Fix for ARM Keil MDK compiler issue with DECLARE_VAR_INIT.
2021-01-20 16:57:30 -08:00
02114e7739
Protect use of globalRNG
2021-01-20 16:30:18 -06:00
a3cbcf255f
Fix from review
2021-01-20 11:34:02 -06:00
57b06f700d
Merge pull request #3656 from haydenroche5/windows_rsa_public_decrypt
...
Allow wolfSSL_RSA_public_decrypt on Windows.
2021-01-20 09:09:49 -08:00
12abb5191d
Allow wolfSSL_RSA_public_decrypt on Windows.
2021-01-20 06:57:59 -06:00
55be60a63e
Compress: fix unused vars
...
configure: C_EXTRA_FLAGS="-fdebug-types-section -g1" --disable-memory
--enable-mcapi --enable-ecc --enable-sha512 --with-libz
2021-01-20 13:09:43 +10:00
e3182ff06e
SP int: fix _sp_mul_d inclusion checks
...
configuration: --disable-asn --disable-filesystem --disable-shared --enable-cryptonly --enable-sp=smallrsa2048 --enable-sp-math --disable-dh --disable-ecc --disable-sha224 --enable-rsavfy --enable-rsapss
2021-01-20 12:38:10 +10:00
7ec8d70eee
TLS 1.3: don't group and wait on send session ticket
...
The state machine goes on and frees the handshake resources which frees
the digest for the client Finished message.
2021-01-20 10:57:37 +10:00
9044f709c1
Add support for STM32_AESGCM_PARTIAL build option to speedup platforms that allow AAD header sizes that are not a multiple of 4 bytes. ZD 11364.
2021-01-19 13:54:53 -08:00
ea5af87de3
Revert of uint32_t and uint8_t changes in PR #3658 , which caused warnings.
2021-01-19 13:54:26 -08:00
9ea5041d9d
Benchmark for GMAC (AES GCM GHASH).
2021-01-19 13:42:25 -08:00
eaa1bc1ace
Merge pull request #3595 from julek-wolfssl/dtls-only-resend-on-timeout
...
Only resend previous flight on a timeout from the network layer
2021-01-19 10:43:13 -08:00
59305e9346
Fix for new include to pull in the AES GCM IV sizes in FIPS mode.
2021-01-19 07:53:36 -08:00
8d1d616b39
Cleanup for the AES GCM IV and CCM IV sizes, which are missing with some FIPS builds.
2021-01-19 07:53:36 -08:00
219cbd47eb
Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511.
2021-01-19 07:53:36 -08:00
523119289b
SP math all: Fixes for PPC64 compiler
2021-01-19 21:30:36 +10:00
209c4c08e1
Merge pull request #3663 from SparkiDev/sp_int_fixes_3
...
SP int: make sp_copy more available
2021-01-18 22:02:34 -08:00
7d869a43b4
ECDSA set k: WOLFSSL_ECDSA_SET_K_ONE_LOOP only tries k and fails when it fails
2021-01-19 14:07:03 +10:00
949af909bf
SP int: make sp_copy more available
2021-01-19 11:01:00 +10:00
6a5e802cc4
Disable algs: fix code to compile with various algs off/on
...
benchmark.c: Only X25519/Ed25519/X448/Ed448 now compiles
asn.c/asn.h: Only DSA now compiles
2021-01-19 09:54:21 +10:00
a13e9bde29
Merge pull request #3599 from julek-wolfssl/nginx-mem-leak
...
Fix memory leaks
2021-01-18 15:31:50 -08:00
5b7e6ccc14
Merge pull request #3613 from SparkiDev/sp_rand_prime_len
...
SP rand_prime: fix length check
2021-01-18 15:23:15 -08:00
279c3f4c1b
Merge pull request #3614 from SparkiDev/aes_test_fix
...
AES test: Remove unneeded loop
2021-01-18 15:22:06 -08:00
78d2b3b440
Merge pull request #3616 from SparkiDev/sp_int_funcs
...
SP int: Hide func decls if only available with WOLFSSL_SP_MATH_ALL
2021-01-18 15:21:39 -08:00
267b00e0a2
Merge pull request #3620 from haydenroche5/zd11434
...
Clamp the normalization value at the end of sp_mont_norm.
2021-01-18 15:21:03 -08:00
85faf974aa
Merge pull request #3621 from SparkiDev/sp_mac_arm64
...
SP arm64 MAC: stop non-ct mod inv from using x29
2021-01-18 15:19:46 -08:00
87a0ee5ef4
Merge pull request #3622 from SparkiDev/sp_int_fixes_2
...
SP math all: doco fix and don't assign 0 to o
2021-01-18 15:19:06 -08:00
4b5d7d0595
Merge pull request #3624 from SparkiDev/tls13_set_groups
...
TLS 1.3 key share: add a key share from supported list
2021-01-18 15:18:14 -08:00
8ae609d078
Merge pull request #3626 from SparkiDev/tls13_middlebox_fix
...
TLS send change cipher: Don't set keys when negotiating TLS 1.3
2021-01-18 15:14:58 -08:00
1e9394d5a8
Merge pull request #3627 from elms/EVP/ofb_rc4_size
...
EVP: return proper cipher type and block size
2021-01-18 15:13:55 -08:00
50843b22cd
Check method for NULL
2021-01-18 16:18:49 -06:00
563e3c6b60
Merge pull request #3628 from SparkiDev/even_mp_test
...
RSA/DH test: even number error check fixup
2021-01-18 13:39:54 -08:00
cd78a5dfb2
Merge pull request #3630 from SparkiDev/no_fs_all
...
X509 API no file system: hide wolfSSL_X509_NAME_print_ex_fp
2021-01-18 13:39:21 -08:00
d514cc31b3
Merge pull request #3631 from SparkiDev/rsa_vfy_only_sp_fixes
...
RSA: verify only build fixes
2021-01-18 13:38:52 -08:00
5a7e79cbfd
Merge pull request #3632 from SparkiDev/all_not_tls13_fix
...
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only op…
2021-01-18 13:37:34 -08:00
3bae6e2dc2
Merge pull request #3633 from SparkiDev/ecc_gen_z_fix
...
ECC gen z: convert blinding value to Montgomery form before using
2021-01-18 13:36:13 -08:00
fff3c77568
Merge pull request #3644 from dgarske/zd11476
...
Fix for sniffer with TLS v1.2 static ECDH ciphers
2021-01-18 13:32:57 -08:00
b1c8825e74
Merge pull request #3647 from dgarske/zd11424
...
Fix for TLS v1.3 early data mac digest
2021-01-18 13:31:44 -08:00
67d4f7c37b
Merge pull request #3658 from SparkiDev/curve25519_uint64_t
...
Curve25519: replace uint64_t with word64
2021-01-18 13:29:16 -08:00
ac76ef8ee7
Curve25519: replace uint64_t with word64
...
Remove usages of stdint.h types
Added a sword type for signed words.
2021-01-18 17:30:36 +10:00
eda1b52ee2
TLS 1.3 integrity only: initialize HMAC
...
Ensure the HMAC object is initialized when allocated.
2021-01-15 11:27:26 +10:00
878f797a2b
SESSION: internal cache sessions can't be freed same as external
...
refMutex is initialized for external sessions but not internal.
Differentiate by ensuring the refCount is always 1 or more for external
and 0 for internal.
2021-01-15 11:02:34 +10:00
0ac43bb095
Merge pull request #3618 from haydenroche5/ocsp_self_signed_issue
...
Modify ParseCertRelative to ensure issuerKeyHash gets parsed and copi…
2021-01-14 14:22:06 -08:00
d72f0a50f4
binary mode fopen to avoid auto expand to CR/LF on Widonws
2021-01-15 06:05:55 +09:00
e21fddf553
add wc_RsaSetRNG to doc
2021-01-14 10:42:49 +09:00
5a4dfc1a29
Don't set encrypt side if sending early data
...
Make check to see if early data has been or is going to be sent.
Last message encrypted with this key is EndOfEarlyData message.
2021-01-14 09:44:09 +10:00
22ce25afba
Merge pull request #3648 from douzzer/disable-ecc-enable-dsa
...
--disable-ecc --enable-dsa
2021-01-13 14:00:20 -08:00
1e49bc2e82
asn.c/asn.h: fix --disable-ecc --enable-dsa.
2021-01-13 13:55:06 -06:00
d7aa8e1795
Fix for issue where mac digest changes between early data and server_hello, which can leave section of response uninitialized. ZD11424
2021-01-13 11:10:12 -08:00
382deb1f86
Merge pull request #3645 from douzzer/sp_copy_pedantic_error_handling
...
sp_copy() pedantic error handling
2021-01-13 10:05:35 +10:00
f8013580df
sp_int.c: fix 4 instances of "Value stored to 'o' is never read" found by LLVM9 scan-build.
2021-01-12 15:01:28 -06:00
fb82114866
sp_int.c: pay attention to the return value from sp_copy(), for general hygiene and to eliminate an inlining-related warning in sp_todecimal().
2021-01-12 14:58:29 -06:00
aaec9832e4
Fix for sniffer with TLS v1.2 static ECDH ciphers. The sniffer will now correctly try using the key for ECC if the RSA key decode fails. ZD 11476.
2021-01-12 09:49:32 -08:00
129f3fd13f
HMAC OpenSSL API: initialise HMAC ctx on new and allow key length of 0
2021-01-12 09:16:24 +10:00
8fec1de07c
EVP: address CTR block size
2021-01-11 12:03:01 -08:00
3b07f5d8e3
EVP: expand tests for EVP_CIPHER_block_size
2021-01-11 12:03:01 -08:00
a6535528f3
EVP: add tests for openssl block size (including RC4)
2021-01-11 12:03:01 -08:00
0cccf58fec
EVP: return proper cipher type for AES OFB
2021-01-11 12:03:01 -08:00
88faef9bd9
Merge pull request #3641 from JacobBarthelmeh/Testing
...
add ca-cert-chain.der to renewcerts.sh, update ed25519 certs and gen …
2021-01-11 11:00:55 -08:00
e2b411805d
add ca-cert-chain.der to renewcerts.sh, update ed25519 certs and gen script
2021-01-12 00:40:15 +07:00
a3cc4110b0
Clamp the normalization value at the end of sp_mont_norm.
2021-01-11 09:59:11 -06:00
798d9ed0d5
Various CMake changes.
...
- Add support for user settings to CMake.
- Update version number.
- Add an option to enable/disable generation of config.h and the HAVE_CONFIG_H
define.
2021-01-08 12:15:58 -06:00
a745947498
Code review changes
2021-01-08 15:27:30 +01:00
23a4d64caf
wolfSSL_EVP_PKEY_set1_EC_KEY should generate PKCS8 internal DER buffer
...
This PKCS8 buffer should include both the private and the public parts of the key.
2021-01-08 15:27:30 +01:00
cd4affddac
Set ecc_key.rng when using ECC_TIMING_RESISTANT
...
Set ecc_key.rng to either a local rng struct or the globalRNG object when using ECC_TIMING_RESISTANT
Add helpful logs to some ecc functions
2021-01-08 15:18:00 +01:00
0fe3efb8b4
Add option to only resend previous DTLS flight on a network read timeout
2021-01-07 19:13:35 +01:00
c57fee136a
Merge pull request #3568 from miyazakh/espidf_unittest
...
fix wolfssl unit test on ESP-IDF
2021-01-07 09:18:18 -07:00
f955c92008
ECC gen z: convert blinding value to Montgomery form before using
2021-01-07 11:30:58 +10:00
209ad82df2
Merge pull request #3629 from ejohnstown/aarch64
...
M1 Support
2021-01-06 14:12:45 -08:00
931dc5b29f
Merge pull request #3619 from tmael/fuzz_math
...
Fix for OSS-Fuzz issue #29103 : out-of-bounds read in TLSX_CSR_Parse()
2021-01-06 14:10:28 -08:00
d4e13796c2
M1 Support
...
We separate out 64-bit desktop support based on the Intel check. With
the advent of the new Apple chip, ARM can also be a desktop processor.
Detect it like we do the Intel 64-bit, and treat it similarly with
respect to fast and normal math.
2021-01-06 09:21:07 -08:00
fa86c1aa91
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options
...
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.
Also fix up tests that don't work without TLS 1.3 enabled.
2021-01-06 14:19:57 +10:00
cd0670cbd7
RSA: verify only build fixes
...
configuration: --disable-ecc --disable-dh --disable-aes --disable-aesgcm
--disable-sha512 --disable-sha384 --disable-sha --disable-poly1305
--disable-chacha --disable-md5 --disable-sha3 --enable-cryptonly
--disable-inline --enable-rsavfy --disable-asn --disable-oaep
--disable-rng --disable-filesystem --enable-sp=rsa2048 --enable-sp-math
Fixes to make code build again.
2021-01-06 11:58:15 +10:00
5accd57c21
X509 API no file system: hide wolfSSL_X509_NAME_print_ex_fp
...
configuration: --enable-all --disable-filesystem
wolfSSL_X509_NAME_print_ex_fp has XFILE as a parameter and cannot be
compiled with --disable-filesystem
2021-01-06 11:05:58 +10:00
10722fba14
RSA/DH test: even number error check fixup
...
Configuration: --enable-sp=3072
Test only enabled when SP is used.
Return codes checked are those we expect from SP.
Code, with configuration, is compiled so that 2048-bit operations are
not going to SP and the error returns were not correct.
2021-01-06 09:39:24 +10:00
b8997d0b47
revert test_wolfssl.c changes
...
add test.c as src target
2021-01-05 16:20:42 +09:00
99d4a7417a
fix wolfssl unit test on ESP-IDF
2021-01-05 16:08:05 +09:00
a6b69b6864
TLS send change cipher: Don't set keys when negotiating TLS 1.3
2021-01-05 14:32:48 +10:00
f196c60c66
TLS 1.3 key share: add a key share from supported list
2021-01-05 13:08:48 +10:00
1b94309a6c
SP math all: doco fix and don't assign 0 to o
...
o is not used after that point so no need to zero it.
2021-01-05 10:40:34 +10:00
2a2b194d71
SP arm64 MAC: non-ct mod inv not use so many registers
2021-01-05 10:23:14 +10:00
46e260dd61
Correct unsigned arithmetic
2021-01-04 15:48:27 -08:00
54f072fd8d
Merge pull request #3607 from douzzer/WOLFSSL_TEST_SUBROUTINE
...
test.c: add WOLFSSL_TEST_SUBROUTINE macro to make subtests optionally static
2021-01-04 10:10:56 -07:00
96ece3ac7d
Modify ParseCertRelative to ensure issuerKeyHash gets parsed and copied into the
...
decoded cert for self-signed CA certs.
The bit of code that does this copy was previously inside a conditional that's
only entered if the certificate is not self-signed. The primary purpose of this
conditional is to set the maxPathLen field. It's possible that the copying of
the issuerKeyHash was mistakenly included in the "else" block here, when it
should be outside.
2021-01-04 10:34:09 -06:00
b5403fe6b9
SP int: Hide func decls if only available with WOLFSSL_SP_MATH_ALL
2021-01-04 16:39:51 +10:00
413bde9146
Merge pull request #3608 from tmael/sp_squre
...
Fix SP integer square
2021-01-04 16:29:40 +10:00
faf7d307b4
Merge pull request #3606 from dgarske/zd11438
...
Fix for possible ECC sign memory leak with custom "k"
2021-01-04 15:39:53 +10:00
01c27068c1
Correct SP x->used with sp_clamp()
2021-01-03 20:08:06 -08:00
68c2e36ad5
AES test: Remove unneeded loop
2021-01-04 12:43:34 +10:00
40ab08be45
SP rand_prime: fix length check
...
-ve length indicates to use a BBS prime (last two bits set)
2021-01-04 12:31:59 +10:00
ef56bc09f1
Merge pull request #3596 from julek-wolfssl/dtls-multiple-hellorequest
...
Calling wolfSSL_Rehandshake during renegotiation should not be an error
2020-12-31 13:53:32 -08:00
fbb3e9fca3
Merge pull request #3605 from tmael/cm_free
...
Free mutex and fix tls13.test script
2020-12-31 08:40:35 -08:00
c9ac64d77d
Merge pull request #3609 from douzzer/lkm_kvmalloc
...
use kvmalloc()/kvfree() for heap allocations in the linuxkm build
2020-12-31 08:37:53 -08:00
9dc8721032
linuxkm: on kernels >= 4.12, use kvmalloc()/kvfree() and a partial implementation of realloc() leveraging them, rather than kmalloc()/kfree()/krealloc(). this makes large allocations possible and relatively safe. note that the realloc() implementation fails gracefully when the supplied pointer is larger than the page size, but otherwise works normally.
2020-12-31 00:30:35 -06:00
a2dec7ce9c
test.c: work around toolchain/ecosystem bug on aarch64 linux 4.14.0-xilinx-v2018.3.
2020-12-30 20:03:13 -06:00
9598c03716
Free mutex and fix test script
2020-12-30 17:40:15 -08:00
3d88676ff1
test.c: add WOLFSSL_TEST_SUBROUTINE macro to qualify all previously global subtest handlers, defaulting to the empty string. this restores the version<=4.5 test.c namespace allowing end users to call the tests directly piecemeal. --enable-linuxkm[-defaults] sets -DWOLFSSL_TEST_SUBROUTINE=static for extra namespace hygiene.
2020-12-30 16:12:08 -06:00
060ebd1ca2
Fix for possible ECC sign memory leak when using WOLFSSL_ECDSA_SET_K and wc_ecc_sign_set_k, where the k is not valid. ZD 11438.
2020-12-30 09:54:54 -08:00
7fb2c0f63f
Merge pull request #3603 from haydenroche5/zd11434
...
Ensure that all leading zeros are skipped in sp_tohex.
2020-12-30 08:28:52 -08:00
1b6a988dc0
Merge pull request #3601 from tmael/mp_rand_p
...
Add parameter check in sp_rand_prime()
2020-12-30 08:20:18 -08:00
81f70fba5f
Ensure that all leading zeros are skipped in sp_tohex.
2020-12-30 08:32:01 -06:00
d366ca74af
Review comments and cast
2020-12-29 19:48:45 -08:00
c482d16029
Merge pull request #3544 from haydenroche5/ocsp_stapling_bug
...
Fix bug where OCSP stapling wasn't happening even when requested by client
2020-12-29 14:23:10 -08:00
da007ecd7b
Merge pull request #3409 from kojo1/mqx
...
add IDE/MQX
2020-12-29 13:53:37 -07:00
c6abb59343
Merge pull request #3593 from tmael/sp_cast
...
casting fix for clang-12
2020-12-29 09:51:37 -08:00
837e9856f5
Merge pull request #3590 from dgarske/stcube_rel
...
Fixes for STM Cube Pack rename
2020-12-29 09:37:39 -08:00
dc21d56545
Merge pull request #3600 from douzzer/low-resources-fixes
...
--enable-lowresource --enable-sp-math-all
2020-12-29 08:01:51 -08:00
2bd0d4c467
wolfcrypt/src/evp.c: fix wolfSSL_EVP_CipherUpdate_GCM() to not fail when inl is zero, to properly handle realloc implementations that return NULL for zero-size allocations.
2020-12-28 23:49:48 -06:00
fbcfc6adbf
test.c: rehab fail codes in ecc_test_curve_size().
2020-12-28 21:56:39 -06:00
b0ca598d59
sp_int.h and ecc.h: add one more to SP_INT_DIGITS and FP_SIZE_ECC, to accommodate extra digit used by sp_mul(), sp_mulmod(), sp_sqr(), and sp_sqrmod().
2020-12-28 18:06:18 -06:00
cedec3ae28
Add parameter check
2020-12-28 15:53:56 -08:00
764b3cf09d
examples/client/client.c: add missing !defined(NO_SESSION_CACHE) gate around wolfSSL_get_session() for "print out session" code.
2020-12-28 17:49:58 -06:00
8c07aafc43
Fix memory leaks
...
- Freeing the session object depends on the callback return
- The session object is malloc'ed when ssl->options.internalCacheOff
- wolfSSL_CTX_use_certificate needs to own the cert when KEEP_OUR_CERT because either it is up ref'ed or copied
2020-12-28 22:33:01 +01:00
54479359f3
Calling wolfSSL_Rehandshake during renegotiation should not be an error
...
If we call wolfSSL_Rehandshake during a renegotiation then it should not result in a SECURE_RENEGOTIATION_E. wolfSSL_Rehandshake might be called when multiple HelloRequest messages are processed or the user could call this API during renegotiation. Either way wolfSSL should not treat this as an error if renegotiation is enabled.
2020-12-24 12:10:04 +01:00
8b517975d1
Fixes from peer review.
2020-12-23 16:54:29 -08:00
4280861af0
Merge pull request #3591 from dgarske/wolftpm
...
Added helper configure option '--enable-wolftpm`
2020-12-23 12:22:44 -08:00
5c4011b3b4
cast to int
2020-12-23 12:09:35 -08:00
b2155e6e26
Merge pull request #3592 from douzzer/verbose-heap-instrumentation
...
--enable-trackmemory=verbose
2020-12-23 11:40:45 -08:00
d5dd35c739
add --enable-trackmemory=verbose, and add WOLFSSL_TEST_MAX_RELATIVE_HEAP_{BYTES,ALLOCS} and -m/-a (runtime counterparts) to wolfcrypt_test(). also add -h to wolfcrypt_test() to print available options.
2020-12-23 12:03:06 -06:00
daa6833f37
Added helper configure option '--enable-wolftpm` to enable options used by wolfTPM. This enables (cert gen/req/ext, pkcs7, cryptocb and aes-cfb).
2020-12-23 08:09:24 -08:00
e0f36baebe
Fixes for STM Cube Pack rename.
2020-12-23 07:02:12 -08:00
542ad0a81b
linuxkm/module_hooks.c: separate cleanup into static libwolfssl_cleanup(), and call it from wolfssl_init() if wolfcrypt_test() fails.
2020-12-22 21:57:17 -06:00
9c87f979a7
Merge pull request #3586 from tmael/cc310_tests
...
Fix Cryptocell and revert test.c use of static const
2020-12-22 16:58:25 -08:00
f06361ddf6
add WOLFSSL_SMALL_STACK_STATIC macro, and use it to conditionally declare const byte vectors in test.c static for stack depth control -- currently only enabled for linuxkm, but should be compatible with any target with a TLB (virtual memory).
2020-12-22 17:12:57 -06:00
90b14e260d
Merge pull request #3588 from JacobBarthelmeh/Release
...
fix regression of --enable-wpas=small build
2020-12-22 14:32:33 -08:00
56071ac21f
Fix for Cryptocell tests
2020-12-22 16:23:16 -06:00
81980aa7b6
fix regression of --enable-wpas=small build
2020-12-23 01:30:34 +07:00
85d0a71747
Merge pull request #3587 from JacobBarthelmeh/Release
...
add blog link to README and adjust for nginx build
2020-12-22 08:50:21 -07:00
8ecc2f1771
add blog link to README and adjust for nginx build
2020-12-22 20:14:38 +07:00
5eddcb24dd
Merge pull request #3584 from JacobBarthelmeh/Release
...
prepare for release 4.6.0
2020-12-21 14:20:14 -08:00
8b48353c18
Merge pull request #3585 from dgarske/async_rel
...
Fixes in preparation for release
2020-12-21 14:15:45 -08:00
53e79f1053
Fix for mp_radix_size with radix 2 and mp_int equal to zero. Fix applies to normal and fast math only. ZD11419.
2020-12-21 12:41:32 -08:00
47c186df34
prepare for release 4.6.0
2020-12-22 02:33:58 +07:00
b4111e2f65
Fix for possible leaks with wc_ecc_sign_set_k when building with WOLFSSL_CUSTOM_CURVES enabled. ZD11416.
2020-12-21 11:27:14 -08:00
476a3e5d4f
fix wc_curve25519_generic() ifdef on NXP LTC builds
2020-12-21 23:57:39 +07:00
1c0a6b92ad
Fix RSA hash warning for operations with no hash specified.
2020-12-21 08:37:15 -08:00
28420b6e4d
Fix for building with --with-intelqa and custom curves disabled.
2020-12-21 08:36:48 -08:00
e6c71a1465
Merge branch 'master' into mqx
2020-12-21 07:28:26 -08:00
8c16bd2450
fix for infer memory leak report and for clang unused warning
2020-12-21 17:24:35 +07:00
5bd9c1b60d
fix for haproxy build
2020-12-21 17:24:35 +07:00
4de1c1b037
add cert gen to lighty build for function wolfSSL_PEM_write_bio_X509
2020-12-21 17:24:35 +07:00
4ef5956757
fix for declaring variable with Windows build
2020-12-21 17:24:35 +07:00
f30d4c1b0b
fix for nightly g++ build test
2020-12-21 17:24:35 +07:00
9c64630c56
Merge pull request #3582 from douzzer/scan-build-fix-20201218
...
fix deadstore in ssl.c warned by LLVM11 scan-build.
2020-12-21 17:23:13 +07:00
4d1d891a34
src/ssl.c: fix deadstore in wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio() warned by LLVM11 scan-build.
2020-12-18 17:30:25 -06:00
0df41d865f
Merge pull request #3580 from douzzer/fix-mp-read-bin-bit-accounting
...
fix mp_read_unsigned_bin() calculation of mp_int.used_bits
2020-12-18 14:41:16 -08:00
fcf060b19b
Merge pull request #3581 from cconlon/releasefixes_selftest
...
Release fixes for CAVP selftest builds
2020-12-18 14:15:53 -08:00
ea3c385021
Merge pull request #3579 from SparkiDev/sp_math_all_4096
...
SP math all: enable 4096-bit support by default for x64
2020-12-18 14:14:36 -08:00
7e5f838f48
Merge pull request #3577 from dgarske/releasefixes_async
...
Release fixes for asynchronous crypto
2020-12-18 14:10:01 -08:00
fe92d29eb5
Merge pull request #3574 from cconlon/releasefixes
...
Release fixes for Jenkins tests, example client
2020-12-18 14:06:27 -08:00
cdc0753bfb
Merge pull request #3571 from JacobBarthelmeh/Testing
...
Some initial testing and clean up
2020-12-18 14:05:26 -08:00
814ed3f5a6
Merge pull request #3439 from julek-wolfssl/libest
...
Compatibility layer additions for cisco/libest
2020-12-18 14:03:34 -08:00
bdd4799400
Merge pull request #3578 from SparkiDev/x509_len
...
ASN X509: Don't allow any more data after signature
2020-12-18 09:54:39 -08:00
a222be1fa3
rename dup to dupl, fix variable shadow warning on i386 selftest compiler
2020-12-18 10:53:55 -07:00
ae984508cc
fix CAVP selftest v2 build, issue with pkcs7.h
2020-12-18 10:26:19 -07:00
6226edb394
Use CSR with smaller key size 4096 -> 2048
2020-12-18 12:48:25 +01:00
b0ec2bf058
wolfcrypt/src/integer.c: fix mp_read_unsigned_bin() accounting on mp_int.used_bits to avoid spurious .used > .alloc condition at loop exit.
2020-12-18 02:05:18 -06:00
7f5a85ae85
Reduce stack usage
2020-12-18 13:15:50 +10:00
e452b74470
SP math all: enable 4096-bit support by default for x64
2020-12-18 10:20:33 +10:00
e49409b13a
Fix api.c tests using "free()" instead of "XFREE" causing issues with custom allocators.
2020-12-17 16:08:46 -08:00
a4f8a21b9b
ASN X509: Don't allow any more data after signature
2020-12-18 10:02:38 +10:00
ce0a2f3bc9
Fixes for Cavium Nitrox and Intel QuickAssist.
2020-12-17 15:53:28 -08:00
73a5ee5ffb
Fix for async post handshake auth. The re-handshake was not resetting the processReply state.
2020-12-17 15:10:11 -08:00
420a040774
fix WOLFSSL_ASYNC_CRYPT usage in test.c, test_wolfSSL_OBJ_ln() in api.c
2020-12-17 11:08:36 -07:00
97bc5e870c
fix for default OCSP cmp value and fix for WOLFSSL_NO_CLIENT_AUTH build
2020-12-18 00:36:00 +07:00
e8785666c4
fix NXP LTC build with wc_curve25519_generic(), only supports single basepoint
2020-12-17 09:50:18 -07:00
b11b08bb10
Merge pull request #3543 from WKJay/master
...
Port for RT-Thread
2020-12-17 08:36:09 -08:00
f2694134b0
Fix after rebase
2020-12-17 17:28:29 +01:00
71c6654687
Merge pull request #3573 from douzzer/scripts-nix-unportable-timeout-wrapper
...
scripts/: nix `timeout` wrappers in ocsp-stapling[2].test
2020-12-17 09:13:43 -07:00
c03744db61
Refactor wc_CheckPrivateKey
...
- Change wc_CheckPrivateKey to wc_CheckPrivateKeyCert and wc_CheckPrivateKey
- wolfSSL_X509_check_private_key no longer needs to decode cert to check key
- Fix scope in api.c
2020-12-17 14:27:46 +01:00
dc266bc524
Call X509_REQ_get_extensions and X509_get_ext_by_NID on a CSR object
2020-12-17 14:27:46 +01:00
383df620bf
Add CSR test with Extension Request attribute
2020-12-17 14:27:46 +01:00
24b89928dc
Code review names changes and refactoring
2020-12-17 14:27:46 +01:00
3231cfe9e0
Refactor extension stack generation
2020-12-17 14:27:46 +01:00
8b9f8029a8
Sanity check protocol version.
2020-12-17 14:27:46 +01:00
22ae66dfe1
wolfSSL_BIO_do_connect should look for a socket bio in the chain
2020-12-17 14:27:46 +01:00
2dd28ec5b3
Check if downgrading is allowed in SetSSL_CTX
...
Pkcs7 cert limit based on build
2020-12-17 14:27:46 +01:00
77c730361e
Jenkins fixes
2020-12-17 14:27:46 +01:00
25f5427bdd
Rebase and test fixes
2020-12-17 14:27:46 +01:00
b528a1a344
Plug memory leaks
2020-12-17 14:26:49 +01:00
7df8f2e2bb
Internal unit tests
2020-12-17 14:26:49 +01:00
f5c463148f
check null
2020-12-17 14:26:49 +01:00
031ce68546
Differentiate between server and client sessions
...
This is important is the client and server share memory space. If a server and client both save the same session in SessionCache it may cause inconsistencies. The hash of the sessionID will be the same causing one of the sides to overwrite the other. A possible problem is that the peer certificate will be incorrect for one of the sides.
2020-12-17 14:26:49 +01:00
8edeaae3e2
Add DSA support to x509 certs
2020-12-17 14:26:49 +01:00
031ca80fe7
Fix max SSL version handling for client
...
Enable CRL when adding one to store
2020-12-17 14:26:49 +01:00
2197748a51
Implement wolfSSL_X509_check_private_key
2020-12-17 14:26:49 +01:00
cb84213ffd
Support more extensions
2020-12-17 14:26:49 +01:00
cd20512b90
wolfSSL_X509_REQ_add1_attr_by_txt for libest
2020-12-17 14:26:49 +01:00
911d5968b4
Store more certs in PKCS7 struct
2020-12-17 14:26:49 +01:00
acf3156fac
Dynamically allocate memory in wolfSSL_i2d_PKCS7_bio
2020-12-17 14:26:49 +01:00
c405c3477f
Protect against invalid write in RsaPad_PSS
2020-12-17 14:26:49 +01:00
2a9bb906a9
Implement wolfSSL_BIO_*_connect and wolfSSL_BIO_set_conn_port
...
Forgot to commit csr.dsa.pem for api.c
2020-12-17 14:26:49 +01:00
78a20ec3ae
Extension manipulation
2020-12-17 14:26:49 +01:00
65c6a71bde
Init wolfSSL_X509_REQ_add_extensions
2020-12-17 14:26:49 +01:00
6a635b339c
Fixes
...
- Fix challengePw copy in ReqCertFromX509
- Proper header length in wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio
- Special case for extended key usage in wolfSSL_OBJ_cmp
- Numerical input in wolfSSL_OBJ_txt2obj can just be encoded with EncodePolicyOID. Searching for the sum can return wrong values since they are not unique.
2020-12-17 14:26:49 +01:00
b808124a47
Add DSA support to ConfirmSignature and add DSAwithSHA256
2020-12-17 14:26:49 +01:00
2a20896e44
Add CRL loading to wolfSSL_PEM_X509_INFO_read_bio
2020-12-17 14:26:49 +01:00
86d2177876
wolfSSL_X509_resign_cert updates x509 der buffer as well
2020-12-17 14:26:49 +01:00
932ef25e79
Set default digest NID
2020-12-17 14:26:49 +01:00
2689d499b9
Tests starting to pass
2020-12-17 14:26:49 +01:00
ff7b8d3715
Don't attempt TLS 1.3 if server options disable it
2020-12-17 14:26:49 +01:00
2e2beb279d
WIP
2020-12-17 14:26:49 +01:00
8e62bf2588
Pass libest estclient_simple example
2020-12-17 14:26:49 +01:00
aaba7ed286
OpenSSL Compat layer
...
Implement/stub:
- wolfSSL_X509V3_EXT_add_nconf
- wolfSSL_EVP_PKEY_copy_parameters
2020-12-17 14:26:49 +01:00
ff2574b3cb
OpenSSL Compat layer
...
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
2020-12-17 14:26:49 +01:00
753a3babc8
OpenSSL Compat layer
...
Implement/stub:
- wolfSSL_NCONF_get_number
- wolfSSL_EVP_PKEY_CTX_ctrl_str
- wolfSSL_PKCS12_verify_mac
- wc_PKCS12_verify_ex
- wolfSSL_BIO_new_fd
- wolfSSL_X509_sign_ctx
- wolfSSL_ASN1_STRING_cmp
- wolfSSL_ASN1_TIME_set_string
- X509V3_EXT_add_nconf
- X509V3_set_nconf
Implement TXT_DB functionality:
- wolfSSL_TXT_DB_read
- wolfSSL_TXT_DB_free
- wolfSSL_TXT_DB_create_index
- wolfSSL_TXT_DB_get_by_index
2020-12-17 14:26:49 +01:00
e7f1d39456
OpenSSL Compat layer
...
Implement WOLFSSL_CONF_VALUE:
- wolfSSL_CONF_VALUE_new
- wolfSSL_CONF_VALUE_new_values
- wolfSSL_CONF_add_string
- wolfSSL_X509V3_conf_free
- wolfSSL_sk_CONF_VALUE_push
- wolfSSL_NCONF_load
- wolfSSL_NCONF_free
- wolfSSL_CONF_new_section
- wolfSSL_CONF_get_section
Implment some buffer functions
- wolfSSL_strlcat
- wolfSSL_strlcpy
2020-12-17 14:26:49 +01:00
42d4f35a98
Implement OpenSSL Compat API:
...
- Implement lhash as a stack with hash members
- wolfSSL_lh_retrieve
- wolfSSL_LH_strhash
- IMPLEMENT_LHASH_COMP_FN
- IMPLEMENT_LHASH_HASH_FN
- wolfSSL_sk_CONF_VALUE_new
- wolfSSL_sk_CONF_VALUE_free
- wolfSSL_sk_CONF_VALUE_num
- wolfSSL_sk_CONF_VALUE_value
- wolfSSL_NCONF_new
- wolfSSL_NCONF_get_string
- wolfSSL_NCONF_get_section
- wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
- wolfSSL_CONF_modules_load
2020-12-17 14:26:49 +01:00
be98404b3b
Implement wolfSSL_X509_REQ_verify
2020-12-17 14:26:49 +01:00
4aa30d0bde
Add CSR parsing capabilities to ParseCertRelative and wc_GetPubX509
...
- wolfSSL_BIO_get_mem_data now returns the last memory BIO in the chain
- Change wolfSSL_BIO_pending calls to wolfSSL_BIO_get_len calls to get accurate length depending on BIO
- Refactor X509 and X509_REQ functions to reuse similar code
- X509 and X509_REQ i2d functions now generate their DER outputs instead of returning the input DER
- Signature generated by wolfSSL_X509_resign_cert is now saved in the x509->sig buffer and added when calling *i2d
- Add test_wolfSSL_d2i_X509_REQ
2020-12-17 14:26:49 +01:00
1a50d8e028
WIP
...
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
2020-12-17 14:26:49 +01:00
a7ec58003e
PKCS7 changes
...
- Allow PKCS7_EncodeSigned to be called with a zero content length
- wc_HashUpdate now doesn't error out on zero length data
- First cert in wolfSSL_PKCS7_encode_certs is treated as main cert and the PKCS7 struct is initialized with it
- wolfSSL_BIO_get_mem_data returns the buffer from the last bio in chain
2020-12-17 14:26:49 +01:00
85b1196b08
Implement/stub:
...
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
2020-12-17 14:26:49 +01:00
728f4ce892
Implement/stub:
...
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
2020-12-17 14:26:49 +01:00
b52e11d3d4
Implement/stub the following:
...
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
2020-12-17 14:26:30 +01:00
3721d80e84
Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT
...
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
2020-12-17 14:26:30 +01:00
1e26238f49
Implement/stub the following functions:
...
- X509_REQ_sign_ctx
- X509_REQ_get_subject_name
- X509_REQ_set_version
- X509_NAME_print_ex_fp
- X509_STORE_CTX_get0_parent_ctx
- wolfSSL_PKCS7_encode_certs
Add cms.h file to avoid including the OpenSSL version.
2020-12-17 14:26:30 +01:00
777bdb28bc
Implement/stub the following:
...
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
2020-12-17 14:26:30 +01:00
7bd0b2eb44
Implement ASN1_get_object
2020-12-17 14:26:30 +01:00
a9d502ef85
Add --enable-libest option to configure.ac
...
Refactoring and adding defines for functions
2020-12-17 14:26:30 +01:00
641a2a8cb0
update RTTHREAD/readme.md
2020-12-17 08:44:45 +08:00
498e3eb6fe
Add include.am
2020-12-17 08:42:53 +08:00
6d9cf6b31e
fix for wc_AesFeedbackCFB8() on big endian platforms
2020-12-16 16:38:38 -07:00
b4fddf3f24
Merge pull request #3572 from dgarske/zd11381
...
Fix for `wc_SetAltNamesBuffer`
2020-12-16 15:33:12 -08:00
eeefe043ec
scripts/: nix timeout wrappers in ocsp-stapling.test and ocsp-stapling2.test, for portability.
2020-12-16 17:31:53 -06:00
7e1a066963
Merge pull request #3555 from kojo1/doc-PSS_Sign-Verify
...
Doc wc_RsaPSS_Sign/Verify/CheckPadding
2020-12-16 15:18:24 -07:00
51c3f87811
Fix for wc_SetAltNamesBuffer broken in PR #2728 . The SetAltNames was changed in PR 2728 to rebuild the SAN OID, so only the flattened list of DNS entries is required. Fix is in SetAltNamesFromDcert to use already has a parsed DecodedCert and flatten the alt names DNS_Entry list. ZD 11381
2020-12-16 12:28:28 -08:00
502e471cde
fix spelling of Nitrox in configure option summary
2020-12-16 13:08:32 -07:00
f375cff685
enable AES-CTR for libsignal build
2020-12-16 12:44:01 -07:00
16ce8e077a
only call wolfSSL_UseKeyShare() in example client with TLS 1.3
2020-12-16 12:06:35 -07:00
9a968bdf53
disable XChaCha with armasm
2020-12-17 01:58:36 +07:00
a948066f86
some infer fixes
2020-12-17 01:49:48 +07:00
f6c3eae1de
g++ build fix
2020-12-16 15:05:33 -05:00
5f30727b32
Merge pull request #3531 from vppillai/patch-1
...
support TNGTLS certificate loading for Harmony3
2020-12-16 09:21:28 -08:00
7f20b97927
Merge pull request #3569 from SparkiDev/cppcheck_fixes_5
...
cppcheck: fixes
2020-12-16 09:04:59 -08:00
cee91c91f5
Merge pull request #3532 from julek-wolfssl/nginx-1.7.7
...
Changes for Nginx 1.7.7
2020-12-16 09:01:27 -08:00
b0464c93e2
Merge pull request #3542 from SparkiDev/sp_mod_odd
...
SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops
2020-12-16 08:51:10 -08:00
3063264f00
formatting updates
2020-12-16 18:05:58 +05:30
63f8fbe92f
update formatting
2020-12-16 17:59:36 +05:30
6dc06993bf
SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops
2020-12-16 21:49:09 +10:00
75c062a298
cppcheck: fixes
2020-12-16 17:28:20 +10:00
010c8db54e
duplicated \ingroup, missing closing comment
2020-12-16 08:52:12 +09:00
922ca916a9
Merge pull request #3554 from ejohnstown/psk-fix
...
PSK Alert
2020-12-16 09:40:04 +10:00
bab2f55661
Merge pull request #3563 from SparkiDev/base64_cr
...
Base64: Cache attack resistant decode
2020-12-15 15:16:09 -08:00
c47b98bca1
Allow OCSP stapling and NO_WOLFSSL_CLIENT to coexist.
2020-12-15 16:56:21 -06:00
eb6473b00f
Fix bugs that made it so client side wasn't verifying certificate status.
2020-12-15 16:56:21 -06:00
801aa18b9e
Fix bug where OCSP stapling wasn't happening even when requested by client.
...
The OCSP request that we created didn't have a URL for the OCSP responder, so
the server couldn't reach out to the responder for its cert status.
2020-12-15 16:56:21 -06:00
7f44247954
Merge pull request #3567 from SparkiDev/sp_math_fix
...
SP math all: fixes for different compilers and configs
2020-12-15 15:37:25 -06:00
575f4ba140
Nginx 1.7.7 changes
...
- Push error when decryption fails
- If wolfSSL_CTX_use_certificate keeps passed in cert then it should either copy it or increase its reference counter
- Make wolfSSL_PEM_read_bio_DHparams available with FIPS
2020-12-15 19:32:55 +01:00
e0b0c329b3
build fix for --enable-afalg
2020-12-15 10:50:57 -07:00
c048ce5f99
build fix for --enable-ip-alt-name
2020-12-15 23:56:04 +07:00
38a11368e0
Merge pull request #3557 from JacobBarthelmeh/Cert-Report2
...
Strict alt names check with DIR name constraint
2020-12-15 08:51:55 -08:00
f362c6ecf5
Merge pull request #3562 from SparkiDev/session_mutex
...
SESSION mutex: copying a session overwrote mutex
2020-12-15 08:50:57 -08:00
aa2e02807d
Avoid conversions to PEM and register DER certificate chain
2020-12-15 16:15:36 +05:30
356b419532
SP math all: fixes for different compilers and configs
2020-12-15 17:37:59 +10:00
972d6cfefc
Base64: Cache attack resistant decode
2020-12-15 17:22:02 +10:00
52f63ca44b
SESSION mutex: copying a session overwrote mutex
...
New session creation function, NewSession, that doesn't initialize
mutex.
Calling functions, wolfSSL_SESSION_new() and wolfSSL_SESSION_copy(),
initialize the mutex.
2020-12-15 17:20:40 +10:00
65d0cc62fd
Merge pull request #3566 from douzzer/STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK-decl-order
...
C89 decl order in STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK()
2020-12-15 17:01:22 +10:00
4f15cfde16
Add rt-thread porting files
2020-12-15 14:49:49 +08:00
87e5b55033
don't special case get_digit_count for SP, i.e. eliminate sp_get_digit_count(), to fix -Waddress in sp_get_digit_count macro use in api.c:test_get_digit_count() (sp_get_digit_count() was a non-inline function before commit 91d23d3f5a (sp-math-all)).
2020-12-14 20:14:39 -06:00
123c713658
Key Change
...
Move the setting of the key in the handshake from right before
sending the finished message to between building change cipher spec
and sending it. This way there won't be any opportunity to send a
message after the change cipher spec that won't be encrypted.
2020-12-14 18:13:26 -08:00
f8e674e45d
PSK Alert
...
When the server cannot match the client's identity, the server sends a unknown_psk_identity alert to the client.
2020-12-14 17:56:19 -08:00
7fe24daf6c
Merge pull request #3561 from dgarske/st_cube_rel
...
ST Cube Pack Fixes
2020-12-14 16:20:18 -08:00
3f6a444bef
Merge pull request #3564 from SparkiDev/tls13_add_sess
...
TLS 1.3: Don't add a session without a ticket
2020-12-14 16:09:52 -08:00
43182b9389
Merge pull request #3548 from gstrauss/HAVE_SNI
...
put all SNI code behind simpler preprocessor directive HAVE_SNI
2020-12-14 16:08:53 -08:00
70808647ef
move decl of _ret to top in STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(), for C89 happiness.
2020-12-14 17:50:28 -06:00
bd871280d7
Merge pull request #3497 from elms/erf32/se_acceleration
...
ERF32: HW acceleration
2020-12-14 15:43:15 -08:00
56e2c0e268
Merge pull request #3534 from douzzer/linuxkm-cryptonly
...
--enable-linuxkm --enable-cryptonly
2020-12-14 15:14:54 -08:00
428c6b4301
Merge pull request #3523 from SparkiDev/pkcs11_fixes_2
...
Pkcs11 fixes 2
2020-12-14 14:09:26 -08:00
032b289835
Merge pull request #3559 from tmael/cc310_ecc_k
...
Fix Cryptocell ecc build err
2020-12-14 10:50:30 -08:00
fb5b415e83
TLS 1.3: Don't add a session without a ticket
...
TLS 1.3 doesn't support resumption with PSK (session ticket or with the
PSK callback).
2020-12-14 14:03:31 +10:00
337e95e52b
Fix for AES GCM with hardware crypto and missing wc_AesSetKeyLocal. Broken in PR #3388 .
2020-12-13 13:59:30 -08:00
757c07801a
Updates to v4.5.1.
2020-12-13 13:59:30 -08:00
203b7739c9
fix paths, add download site in README
2020-12-13 19:42:20 +09:00
d3aacf4934
add IDE/MQX
2020-12-13 17:41:14 +09:00
6154f29a31
Merge https://github.com/wolfssl/wolfssl
2020-12-13 17:27:53 +09:00
4ee5ae0115
Fix Cryptocell ecc build err
2020-12-11 15:12:42 -08:00
b2a66a10f4
add XXX_ex APIs, corret spelling, descriptions
2020-12-12 07:29:24 +09:00
0e9926bd83
Merge pull request #3553 from haydenroche5/cert_status_fix
...
Fix OCSP cert status check in internal.c
2020-12-11 13:27:29 -08:00
2804cb2521
wolfcrypt/test/test.c: more smallstack refactoring in aes_test().
2020-12-11 14:17:25 -06:00
0b42f3ae72
wolfcrypt/src/dsa.c: disable MSVC warning C4127 (compiler bug) as in wolfcrypt/src/tfm.c and src/internal.c.
2020-12-11 14:16:44 -06:00
f2e1595eef
wolfcrypt/src/dsa.c: use do{}while(0) with break, rather than goto, for top level flow control in wc_DsaSign() and wc_DsaVerify() smallstack refactor.
2020-12-11 14:16:44 -06:00
53c6d33695
test.c:aes_test(): add WOLFSSL_SMALL_STACK codepaths for WOLFSSL_AESNI test.
2020-12-11 14:16:44 -06:00
1c0df61247
wolfssl/test.h and wolfcrypt/test/test.c: add STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(), recognize macro WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES, and add to wolfcrypt_test() runtime settability of relative cumulative stack depth assert threshold using "-s stacksize".
2020-12-11 14:16:44 -06:00
2ed75402b8
wc_DsaSign(): removal several redundant mp_clear()s preceded by mp_forcezero()s.
2020-12-11 14:16:44 -06:00
bfff28ab28
ecc.c: fix mp_init_multi() vs mp_clear() dynamics in wc_ecc_verify_hash_ex() and mp_sqrtmod_prime().
2020-12-11 14:16:44 -06:00
ec96e5ad74
wolfSSL_BN_is_odd(): fix function signature to match header (unsigned long reverted to WOLFSSL_BN_ULONG).
2020-12-11 14:16:44 -06:00
525382fb13
test.c:pkcs7authenveloped_run_vectors(): small stack refactor, and reenable for WOLFSSL_LINUXKM.
2020-12-11 14:16:44 -06:00
18984abc9e
configure.ac: replace --enable-stacksize-verbose with --enable-stacksize=verbose, and change _LINUXKM_DEFAULTS ENABLED_SP_DEFAULT and ENABLED_SP_MATH_ALL_DEFAULT from small to yes.
2020-12-11 14:16:44 -06:00
4efa85dc03
linuxkm/module_hooks.c: add support for WOLFCRYPT_ONLY.
2020-12-11 14:16:44 -06:00
f73fc23282
ecc.c: add smallstack codepaths to ecc_mul2add().
2020-12-11 14:16:44 -06:00
cb8c6608f3
Merge pull request #3558 from douzzer/fix-mp_mod_2d-sub-byte-clearing
...
fix mp_mod_2d() for DIGIT_BIT != sizeof(mp_digit)*8
2020-12-11 08:43:51 -08:00
40087f1fd0
SiLabs: AES return code fixup and comment cleanup
2020-12-10 22:56:11 -08:00
8b2bd1277a
Merge pull request #3551 from douzzer/fix-unit-test-EVP-arc4-32-bit
...
32 bit targets vs test_wolfSSL_EVP_X_STATE_LEN()
2020-12-11 16:46:10 +10:00
3e8e7aa17f
Merge pull request #3550 from douzzer/sp-math-all-sp-word-typo
...
sp_int.c: fix typos in _sp_mul_4() and _sp_sqr_4().
2020-12-11 16:16:48 +10:00
ef1284165f
wolfcrypt/src/integer.c: fix sub-byte clearing step of mp_mod_2d() to work when DIGIT_BIT != sizeof(mp_digit)*8.
2020-12-10 23:50:30 -06:00
04e22b0747
add restriction to excluded DIR name constraint
2020-12-11 10:00:11 +07:00
f00263889b
add test case
2020-12-11 08:20:48 +07:00
a075540343
Merge pull request #3552 from tmael/shiftNeg
...
Check shift value
2020-12-11 10:19:27 +10:00
9042843e42
Fix shift and clear digits
2020-12-10 16:13:30 -08:00
2c652151ac
Merge pull request #3510 from SparkiDev/sp_modinv_nct
...
SP modinv: add non-constant time modinv
2020-12-10 16:06:12 -08:00
cb61dc7d2f
Merge pull request #3522 from douzzer/cleanups-20201119
...
misc cleanups re sp-math-all, FIPS, smallstack
2020-12-10 15:58:33 -08:00
47f7e46ffe
Add wc_RsaPSS_Sign/Verify/CheckPadding
2020-12-11 07:58:39 +09:00
17f32c3e05
add strict check on name constraints with DIR alt names
2020-12-11 05:22:46 +07:00
e9a79b2e0d
configure.ac: fix rebase error, re enable-sp-asm on ARM.
2020-12-10 14:46:22 -06:00
59cefd2c99
match preproc defs around wolfSSL_ctrl()
...
match preproc defs around wolfSSL_ctrl() in src/ssl.c
2020-12-10 15:46:20 -05:00
9d095066eb
wrap SNI-related code with HAVE_SNI
...
perhaps some of this code should additionally be wrapped in
- #ifndef NO_WOLFSSL_SERVER
It is fragile and ugly to litter the code with the likes of
- #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
- defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
- defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
while it is much clearer and much more maintainable to wrap SNI-related
code with an SNI-specific feature-define HAVE_SNI (and possibly further
restrict with feature-define #ifndef NO_WOLFSSL_SERVER).
2020-12-10 15:46:20 -05:00
f4af6c053c
wolfssl/openssl/aes.h: restore ALIGN16 attribute to pad member of struct WOLFSSL_AES_KEY.
2020-12-10 14:21:19 -06:00
0fa4bde5b5
configure.ac: move --enable-sp-asm handling to follow --enable-sp-math-all handling, so that $ENABLED_SP requirement is properly met.
2020-12-10 14:21:08 -06:00
f277339528
add explicit casts to XMALLOC()s, even for (void *), to avoid warnings in C++ and MSVC/MSVS builds, and to avoid false positives on simple text searches.
2020-12-10 14:16:21 -06:00
f47cdfcaed
wolfcrypt/test/test.c: fix skipped initialization warned by LLVM11 scan-build.
2020-12-10 14:16:21 -06:00
3b8e7d546a
sp_int.h: force C linkage, so that enable-sp-math-all is compatible with CC=g++.
2020-12-10 14:16:21 -06:00
741098c108
sp_int.c, srp.c: fixes for 5 deadcode.DeadStores found by LLVM11 scan-build.
2020-12-10 14:16:21 -06:00
f49e9bf954
dsa.c, srp.c, wolfcrypt/test/test.c: smallstack refactors: wc_DsaExportKeyRaw(), wc_DsaSign(), wc_SrpSetKey(), ecc_test_cdh_vectors(), ecc_test_custom_curves().
2020-12-10 14:16:21 -06:00
1fc2c7714c
hmac.c: include wc_port.h rather than settings.h, to pick up WOLFSSL_LINUXKM namespace tweaks.
2020-12-10 14:16:21 -06:00
f4ecaf05c0
openssl/aes.h: refactor WOLFSSL_AES_KEY typedef to inline sizeof(Aes) long words, rather than computing the size of Aes from its members.
2020-12-10 14:16:21 -06:00
b723c7ddbe
bn.h and ssl.c: define WOLFSSL_BN_ULONG to be target-native unsigned long, revert *_word() bn.h API functions to use WOLFSSL_BN_ULONG, and change wolfSSL_BN_get_word() to return WOLFSSL_BN_ULONG rather than unsigned long, for consistency.
2020-12-10 14:16:21 -06:00
27a6de2c2f
configure.ac, wolfssl/wolfcrypt/settings.h, wolfssl/wolfcrypt/wc_port.h: update linuxkm defaults and settings for compatibility with sp-math-all, and change linuxkm default math from sp-math to sp-math-all; refactor enable-all and enable-all-crypto logic to allow piecemeal exclusion of options from the command line.
2020-12-10 14:16:21 -06:00
78b2b3ca3b
ssl.c:wolfSSL_BN_get_word_1(): remove dead logic inadvertently retained.
2020-12-10 14:16:21 -06:00
f7bf0a78fb
test.c:ecc_test_curve_size(): use a macro, not a static const size_t, for size of exportBuf, to make MS Visual Studio happy.
2020-12-10 14:16:21 -06:00
89e6b1eebc
wc_ecc_mulmod_ex(): be more careful freeing temp key.
2020-12-10 14:16:21 -06:00
e6b587772f
fix pointer type clash in wolfSSL_BN_mod_word(); restore accidentally removed WOLFSSL_KEY_GEN gate in dsa_test().
2020-12-10 14:16:21 -06:00
cbc190f13c
wolfcrypt/src/ecc.c: smallstack refactors of wc_ecc_mulmod_ex() and mp_sqrtmod_prime().
2020-12-10 14:16:21 -06:00
ad2cb67047
wolfcrypt/test/test.c: _SMALL_STACK refactors of dsa_test(), srp_test(), openssl_pkey1_test(), and ecc_test_curve_size(); add missing FIPS gates.
2020-12-10 14:16:20 -06:00
5286cb1a46
optimize domain check in wolfcrypt/src/integer.c and wolfcrypt/src/tfm.c.
2020-12-10 14:16:20 -06:00
53cfa55941
src/ssl.c and wolfssl/openssl/bn.h: refactor _word mp routines to consistently accept/return target-native unsigned long type, for compatibility with sp-math-all. needed because WOLFSSL_BN_ULONG can, surprisingly, be only 16 bits, when sp-math-all in a 32 bit build.
2020-12-10 14:16:20 -06:00
7cfe1e2143
sha3.h: rename struct Sha3 to struct wc_Sha3 for consistency, and compatibility with FIPS source.
2020-12-10 14:16:20 -06:00
cfc08cc13f
configure.ac: remove smallstackcache from linuxkm default options; add several feature exclusions to enable-all and enable-all-crypto to make them compatible with fips=ready; render the FIPS option in the feature summary at end.
2020-12-10 14:16:20 -06:00
2a2ba896ec
documentation typo: wc_InitSha356() sounds like an interesting algorithm but, alas, we will have to settle for wc_InitSha256().
2020-12-10 14:16:20 -06:00
c5e2ccabb1
fix --enable-stacksize-verbose: relocate declarations for HAVE_STACK_SIZE_VERBOSE global variables from wolfssl/test.h to wolfssl/wolfcrypt/logging.h, matching their location in wolfcrypt/src/logging.c.
2020-12-10 14:16:20 -06:00
b93109cf1c
Merge pull request #3540 from SparkiDev/int_toradix_fix
...
MP integer: fix map string for toradix and read_radix
2020-12-10 12:01:45 -08:00
cd3b91a8fe
Merge pull request #3536 from SparkiDev/arm64_rev
...
ByteReverseWord32 AARCH64: Use proper instruction - REV32
2020-12-10 11:59:00 -08:00
9ba78eb825
SiLabs: Clarify comments and fix sig buffer size
2020-12-10 10:45:55 -08:00
a6378de4f0
Fix OCSP cert status check in internal.c
...
I missed one line in internal.c when I recently modified the OCSP ASN code.
2020-12-10 10:32:30 -06:00
4bd49d2b28
Update with a proper check
2020-12-09 17:05:56 -08:00
93fc37f87b
SiLabs: add cleanup and address PR comments
2020-12-09 16:28:39 -08:00
2862a9ce56
SP modinv: add non-constant time modinv
...
Can only be used in ECC verify - sign operation must be constant time.
Not used for small code.
2020-12-10 09:24:22 +10:00
44903ff8ae
Check shift value
2020-12-09 15:04:28 -08:00
ad1118326b
Merge pull request #3546 from dgarske/gh_no_rng
...
Fix for `WC_NO_RNG` with GreenHills
2020-12-09 14:30:44 -08:00
21625ab0c2
Merge pull request #3533 from JacobBarthelmeh/PKCS7
...
fix for PKCS7 decompress
2020-12-09 14:00:42 -07:00
586a75302b
SiLabs: extra check on importing key to se_key buffer
2020-12-09 12:54:24 -08:00
181f439028
api.c: in test_wolfSSL_EVP_X_STATE_LEN(), fix assert on size of EVP state to work on 32 bit targets.
2020-12-09 14:04:16 -06:00
2de261c2de
sp_int.c: fix typos in _sp_mul_4() and _sp_sqr_4().
2020-12-09 12:10:46 -06:00
f31b41fcca
Merge pull request #3495 from haydenroche5/httpd
...
Add OpenSSL compatibility functions for latest version of Apache httpd
2020-12-09 09:55:13 -08:00
b7aa0ebf57
Merge pull request #3458 from julek-wolfssl/EVP_Cipher-api
...
EVP_Cipher should return length written.
2020-12-09 09:52:44 -08:00
367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe
...
TLS 1.3: PSK only
2020-12-09 09:45:34 -08:00
7834dee991
Merge pull request #3503 from SparkiDev/dtls_mtu_write
...
DTLS MTU: check MTU on write
2020-12-09 09:42:44 -08:00
6c62899ea8
Merge pull request #3535 from SparkiDev/sp_fixes_4
...
SP: change implicit casting downs to be explicit
2020-12-09 09:25:57 -08:00
0b78137dfa
Merge pull request #3537 from SparkiDev/sp_int_configs
...
SP math all: fixes for configurations that don't specify size
2020-12-09 09:16:46 -08:00
cbf8e754e0
Merge pull request #3541 from SparkiDev/rsavfy_sp
...
SP: Get RSA verify only to build with DH
2020-12-09 09:15:45 -08:00
b726ec52d2
Merge pull request #3547 from haydenroche5/benchmarking_tput
...
Fix RX/TX throughput reporting in example server.
2020-12-09 09:15:00 -08:00
ec6163c0f6
Merge pull request #3549 from ejohnstown/sniffer-fix
...
Sniffer Test Filename Fix
2020-12-09 08:18:51 -08:00
3e8bad7ae9
Sniffer Test Filename Fix
...
1. When using multiple filenames, keep the original entered string
around so it may be reused for each IP address.
2. Strip the trailing newline from the entered filename list.
2020-12-08 17:16:34 -08:00
d34b0072a2
ARM: identify ARM CPU for Thumb and Cortex
...
Better detailed check of CPU architecture for 32-bit byte reversal asm
2020-12-09 08:54:18 +10:00
5fdc4cf6e1
Fix RX/TX throughput reporting in example server.
...
- I observed that client TX throughput < client RX throughput, but server TX
throughput > server RX throughput. Turns out this is just a typo in the
printing of the stats. The RX stat was being printed as the TX stat and vice-
versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
for the server to come up. If you were to time this script with the time
command, you'll see that 2 seconds in the result, which might be confusing
if you didn't realize the sleep was there.
2020-12-08 16:49:09 -06:00
ef4db5b808
SiLabs: simplify init
2020-12-08 13:16:13 -08:00
620fe2da14
SiLabs: Fix tests and wc_ecc_import_private_key
2020-12-08 12:22:35 -08:00
9ced741ef3
Fix for WC_NO_RNG with GreenHills.
2020-12-08 12:16:41 -08:00
bc50b7b836
fix order of arguments with PKCS7 decompression
2020-12-08 23:11:59 +07:00
081cea7405
set optional limit on max decompression buffer size
2020-12-08 20:16:27 +07:00
919c2a2dfb
SiLabs: address PR comments to cleanup
2020-12-07 16:16:11 -08:00
3abc4719ae
SiLabs: cleanup TODOs
2020-12-07 15:32:44 -08:00
44243278a5
SiLabs: renable ecc_ssh_test and disable AES non-12Byte IV
2020-12-07 15:04:00 -08:00
227faedcc7
Port for RT-Thread
2020-12-07 16:22:28 +08:00
9b894048fd
PKCS #11 : only open/close session when performing op, use C_Sign for RSA
...
Was opening and closing sessions when operations not compiled in were
being attempted (e.g. hashing during certificate signing).
C_Sign can be used with X509 RSA (raw) as it does the same operations as
C_Decrypt. Use the function matching hig level operation where
supported.
Make debugging functions take a CK_ULONG rather than an int - to avoid
casting.
2020-12-07 10:15:43 +10:00
dbe4ce0e24
SP: Get RSA verify only to build with DH
...
Fix configuration: --enable-rsavfy --enable-sp --enable-cryptonly
[--enable-sp-asm]
2020-12-07 09:46:14 +10:00
9bbef90546
MP integer: fix map string for toradix and read_radix
2020-12-07 09:12:53 +10:00
034248b964
add more missing HAVE_LIGHTY
2020-12-05 15:52:17 -05:00
281ba96bd0
SP math all: fixes for configurations that don't specify size
2020-12-04 16:47:11 +10:00
d475463c91
Merge pull request #3528 from JacobBarthelmeh/Testing
...
fix build with ARM64 SP, FP_ECC and WC_NO_CACHE_RESISTANT
2020-12-04 12:17:24 +10:00
a72393eb33
ByteReverseWord32 AARCH64: Use proper instruction - REV32
2020-12-04 12:05:33 +10:00
56cb4c8ea7
SP: change implicit casting downs to be explicit
2020-12-04 11:52:39 +10:00
03c7e52f5f
Add OpenSSL compatibility functions for Apache httpd's OCSP module.
2020-12-03 11:22:43 -06:00
bca43654df
Make changes to OCSP ASN code.
...
- Use OcspEntry in OcspResponse instead of CertStatus. OcspEntry is more
analogous to an OCSP SingleResponse, which contains issuer name and key
hashes. Correspondingly, remove these hashes from OcspResponse, since they'll
now be stored per SingleResponse in an OcspEntry.
- Add a hashAlgoOID to OcspEntry (corresponds to hashAlgorithm in CertId in RFC
6960). This makes OcspEntry more closely resemble an OCSP SingleResponse.
- Change WOLFSSL_OCSP_CERTID to map to OcspEntry. OcspEntry contains all the
information that an OCSP CertID contains, and is a better fit than
OcspRequest.
- Add a pointer to the raw CertId in an OCSP SingleResponse to OcspEntry, along
with a size field to indicate how many bytes the CertId occupies. This will
be used in an OpenSSL compatibility function, i2d_OCSP_CERTID, which yields
the raw bytes of the CertId.
2020-12-03 11:22:43 -06:00
c31f20706b
use const variable as the size for an array
2020-12-03 22:25:28 +05:30
fbf56bcf96
fix for PKCS7 decompress
2020-12-03 18:57:25 +07:00
376cac5ab1
Implement review comments
2020-12-03 08:25:40 +05:30
69d642206d
Merge pull request #3513 from SparkiDev/ecc_vfy_r_s_check
...
ECC verify: validate r and s before any use
2020-12-02 14:33:38 -08:00
9f5141a333
Merge pull request #3524 from SparkiDev/ocsp_resp_free
...
OCSP callback: call embed free in test callback
2020-12-02 13:48:09 -08:00
b4c7b5e6ce
Merge pull request #3525 from SparkiDev/tls13_session
...
TLS 1.3: always add session when sending finished message
2020-12-02 13:47:38 -08:00
36b73b738b
Merge pull request #3526 from SparkiDev/aes_prefetch
...
AES: When not X86_64, PreFetch*() not used
2020-12-02 13:28:58 -08:00
d75a983766
Merge pull request #3527 from SparkiDev/ecc_safe
...
ECC add and dbl point: always use safe add and dbl
2020-12-02 13:28:10 -08:00
0be45e731b
Merge pull request #3529 from SparkiDev/ocsp_single_ext
...
OCSP: Handle extensions in singleResponse
2020-12-02 13:26:46 -08:00
3a2675fb63
implement additional review comments
2020-12-02 22:30:02 +05:30
9e475b01be
implement review comments
2020-12-02 22:15:02 +05:30
fd158411e8
Merge pull request #3494 from JacobBarthelmeh/CSharp
...
pin the C# verify callback
2020-12-02 06:08:41 -07:00
ecc6ec4d97
support TNGTLS certificate loading for Harmony3
...
Changes to atmel.c file that lets a user to
1. Use Harmony3 generated configurations to initialize the device in atmel_init().
2. Read the device certificate chain from ECC608 TNGTLS and initialize the ctx with it to use as device certificate.
- This is the true purpose of going with TNGTLS
2020-12-02 13:53:46 +05:30
3d9b4f10f0
AES: When not X86_64, PreFetch*() not used
...
When WC_INLINE is defined then compiler doesn't mind. Otherwise, this is
a warning.
2020-12-02 09:04:48 +10:00
0d87dfa493
EVP_Cipher should return length written.
2020-12-01 18:36:36 +01:00
dbcb42e509
SiLabs: fix unused variable #if
2020-12-01 08:56:01 -08:00
9b5b9fd85d
OCSP: Handle extensions in singleResponse
2020-12-01 16:41:20 +10:00
099ed25da8
SiLabs: fixing compiler warnings and better error checking
2020-11-30 21:01:49 -08:00
e1e8ca48c3
SiLabs: README and include updates
2020-11-30 21:01:49 -08:00
9f7ef0b3e6
SiLabs: Add ECC hardware acceleration support
2020-11-30 21:01:49 -08:00
a9f8b6e5b7
SiLabs: TRNG hardware acceleration
2020-11-30 21:01:49 -08:00
e501346047
SiLabs: add AES-CCM hardware acceleration support
2020-11-30 21:01:49 -08:00
79c31a5f2c
SiLbs: SHA and AES-{GCM,CBC} hardware acceleration using se_manager
2020-11-30 21:01:49 -08:00
1899a72d27
Micrium: benchmark fixes
...
* Time update for v5.8 to avoid rollover issues
* define `XSNPRINTF`
* `printf` based on Micrium version
2020-11-30 16:32:30 -08:00
6e21f547ff
Micrium: fix compiler warnings
2020-11-30 16:32:30 -08:00
0cbf8c7f28
Micrium: readme url fix and add additional link to k70 example with TCP
2020-11-30 16:32:30 -08:00
165cb443e7
Micrium v5.8 support
...
* OS error type change from uc OS3 to v5
* detect if network or TCP is available
* XMEMCMP change workaround
2020-11-30 16:32:30 -08:00
6fc64263f2
Merge pull request #3519 from julek-wolfssl/scr-timeout
...
Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage
2020-11-30 11:40:35 -08:00
42a63e8cc8
fix build with ARM64 SP, FP_ECC and WC_NO_CACHE_RESISTANT
2020-11-29 20:26:55 -08:00
6bb38a1066
ECC add and dbl point: always use safe add and dbl
...
Can be using basepoint or public key at any time. Can't tell difference.
Always use the safe versions.
For private key operations, only working on the basepoint and will never
do any timinig different operations.
No impact on performance.
2020-11-30 11:44:50 +10:00
22a8be412b
TLS 1.3: always add session when sending finished message
2020-11-27 09:46:02 +10:00
40154d69cf
OCSP callback: call embed free
...
Leaks memory if not called.
Configuration:
./configure --disable-shared --enable-ocsp --enable-sni
C_EXTRA_FLAGS="-DWOLFSSL_NONBLOCK_OCSP"
Leaking test:
valgrind ./examples/client/client -X -C -h www.globalsign.com -p
443 -A certs/external/ca-globalsign-root.pem -g -o -N -v d -S
www.globalsign.com
2020-11-27 09:16:24 +10:00
35acfa0f42
SP ECC: check the length of public key ordinates and private key
...
Do quick bit length check before loading the MP integers into fixed size
arrays.
Changed ECC to use SP key check function if SP enabled and not only with
SP Math.
2020-11-27 08:49:30 +10:00
38740a1caa
Fix dynamic type name
2020-11-27 08:37:16 +10:00
5ca8e8f87c
PKCS#11: Label fixes and add support for checking private key
...
Check private key matches the public key passed in.
Need to use a new API to pass in the token to use to perform PKCS #11
operations with.
2020-11-27 08:37:16 +10:00
43aeac4cf4
PKCS #11 SSL: detect key size when certificate set
2020-11-27 08:31:45 +10:00
19f10cd382
PKCS #11 : implement identifying keys by label
2020-11-27 08:31:45 +10:00
84a9e16805
Merge pull request #3388 from SparkiDev/aesgcm_4bit_table
...
AES-GCM: GMULT using 4-bit table
2020-11-25 15:45:28 -08:00
86bbaad7fa
Merge pull request #3505 from kojo1/EVP-gcm
...
set tag for zero inl case 2
2020-11-25 15:43:27 -08:00
dc76a4d522
Merge pull request #3511 from cconlon/zd11268
...
return err from fp_invmod_slow() when fp_add() fails
2020-11-25 15:41:12 -08:00
e882159a02
Merge pull request #3516 from cconlon/zd11287
...
wc_ecc_rs_to_sig(): move r and s zero check before StoreECC_DSA_Sig()
2020-11-25 15:36:30 -08:00
9f07f3e96e
Merge pull request #3520 from ejohnstown/vrf-fix
...
Verify Callback Fix
2020-11-25 11:37:06 -08:00
1668b7060c
Merge pull request #3500 from cconlon/zd11011v2
...
PKCS#7: verify extracted public key in wc_PKCS7_InitWithCert
2020-11-26 02:26:08 +07:00
719403cd0c
Merge pull request #3509 from kojo1/openssl-version
...
OPENSSL_VERSION_NUMBER to be defined by the user
2020-11-26 02:10:24 +07:00
a0cd75081d
Merge pull request #3514 from SparkiDev/aesni_sse4
...
AESNI compile flags: clang doesn't need -msse4
2020-11-25 08:55:35 -08:00
ca5ffc0743
AESNI compile flags: clang can't have -msse4
...
Setting the SSE4 architecture with clang creates executables that can't
run on old machines.
2020-11-25 10:32:42 +10:00
d0703f8931
AES-GCM: GMULT using 4-bit table
...
When 64-bit data type available and not big endian code is faster.
--enable-aesgcm=4bit
2020-11-25 08:47:50 +10:00
4baf923218
Verify Callback Fix
...
1. Removed a flag set that would force all certificates in a chain
to be verified. There was a compile time option to make that happen
already.
2. Replace some options for some test failure test cases that were added
and immediately removed.
(ZD 11292)
2020-11-24 11:46:10 -08:00
95132b1c55
Make renegotiation information available outside of OPENSSL_EXTRA
2020-11-24 17:03:40 +01:00
41d58465c0
Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage
...
Reset DTLS stored messages on a FreeHandshakeResources call even if secure renegotiation is enabled. Without this, in a server initiated rehandshake, the server would keep old messages (ChangeCipherSpec and Finished) even when it sent a HelloRequest message.
2020-11-24 16:06:35 +01:00
b1f9aba0ca
SP div: stop overflow on divide
2020-11-24 16:14:14 +10:00
b9a2725429
ECC verify: validate r and s before any use
...
SP code assumes r and s are valid values.
Code for ATECC508A, ATECC608A and CRYPTOCELL assumes that the r and s
are the size of the key when converting to byte arrays.
2020-11-24 16:14:14 +10:00
f5c2bef78f
Merge pull request #3492 from julek-wolfssl/dtls-scr-optimizations
...
Save the HelloRequest message just like other handshake mesasges
2020-11-20 11:50:51 -08:00
69bea008dd
Save the HelloRequest message just like other handshake mesasges
...
Implement a timeout mechanism for non-blocking sockets
2020-11-20 11:41:19 +01:00
2d79e38436
Merge pull request #3485 from julek-wolfssl/dtls-scr-seq-correct-num
...
Fix overlapping sequence number error.
2020-11-19 14:19:13 -08:00
64429693ff
add MP_ZERO_E unit tests for wc_ecc_rs_to_sig()
2020-11-19 14:41:02 -07:00
f8fd3f8bc1
wc_ecc_rs_to_sig: check r,s for zero before StoreECC_DSA_Sig()
2020-11-19 14:35:35 -07:00
1d599272e7
add unit test for wc_PKCS7_InitWithCert() with malformed cert
2020-11-19 14:19:55 -07:00
d4c59e369e
Merge pull request #3335 from julek-wolfssl/RSA-PSS-padding-in-EVP_Digest-API
...
Enable RSA-PSS padding in EVP_Digest* API
2020-11-19 09:31:12 -08:00
43f8eac8ba
Merge pull request #3362 from SparkiDev/sp_math_all
...
Implement all relevant mp functions in sp_int
2020-11-19 08:10:11 -08:00
91d23d3f5a
Implement all relevant mp functions in sp_int
2020-11-19 11:58:14 +10:00
aa9ed17afa
Merge pull request #3512 from dgarske/openssl_pem
...
Fix for missing `wolfSSL_PEM_write_bio_PrivateKey` with WebRTC
2020-11-18 16:17:46 -08:00
de6f1c1ae2
Merge pull request #3508 from JacobBarthelmeh/DH
...
fix for no filesystem build with DH test case
2020-11-18 16:15:42 -08:00
3808865f57
Merge pull request #3504 from SparkiDev/fp_div_oob_read
...
TFM div: fix initial value of size in q so clamping doesn't OOB read
2020-11-18 16:15:08 -08:00
ca281f976e
Merge pull request #3493 from dgarske/zd11245
...
Sniffer fixes for handling TCP `out-of-range sequence number`
2020-11-18 16:14:09 -08:00
7c68136a8b
OPENSSL_VERSION_NUMBER to be defined by the user
2020-11-19 09:13:05 +09:00
a280df1892
Merge pull request #3488 from kabuobeid/x509_objtxt_lname
...
Return long names instead of short names in wolfSSL_OBJ_obj2txt().
2020-11-18 16:10:46 -08:00
6860d419c6
Merge pull request #3483 from SparkiDev/mp_rshb_word
...
rshb: handle cases of shift amount being multiple of DIGIT_BIT
2020-11-18 16:07:57 -08:00
b0979f4225
Merge pull request #3476 from dgarske/sniffer_hrr
...
Fixes for TLS sniffer with v1.3 (HRR and Certs)
2020-11-18 16:07:11 -08:00
3adeff672b
Merge pull request #3472 from SparkiDev/pickhashsigalgo_rework
...
TLS PickHashSigAlgo: rework
2020-11-18 15:58:59 -08:00
dedde4c058
Merge pull request #3456 from JacobBarthelmeh/Certs
...
strict certificate version allowed from client
2020-11-18 15:55:50 -08:00
9183c35fb8
Merge pull request #3446 from haydenroche5/client_want_write_sim
...
Add an option to the example client to simulate WANT_WRITE errors.
2020-11-18 15:54:09 -08:00
9bde34ef5b
Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names
...
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
2020-11-18 15:52:52 -08:00
f02187eef7
fix additional err returns in fp_invmod_slow()
2020-11-18 16:29:13 -07:00
d8b58286d1
TLS 1.3: PSK only
...
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
2020-11-19 09:21:24 +10:00
fa08930921
Merge pull request #3498 from ethanlooney/30th_branch
...
Added unit tests for blake2b
2020-11-18 13:34:21 -07:00
4cfe5a1bc1
Fix for missing wolfSSL_PEM_write_bio_PrivateKey with WebRTC. If keygen or certgen is not specified this was incorrectly being excluded with opensslextra or opensslall.
2020-11-18 11:30:53 -08:00
68744c4da0
return err from fp_invmod_slow() when fp_add() fails
2020-11-18 10:25:15 -07:00
3b552fecc9
Merge pull request #3481 from dgarske/no_ecc
...
Fixes for various build configurations
2020-11-17 17:11:27 -08:00
c17f8b58e4
Merge pull request #3506 from dgarske/sp_check_ecc
...
Fixes for SP math only with ECC check key
2020-11-18 09:19:54 +10:00
3692c760b9
Changed key to size BLAKE2B_KEYBYTES
2020-11-17 14:03:08 -07:00
3640bf241c
Merge pull request #3507 from ethanlooney/32nd_branch
...
Doxygen - Removed link/button to annotated.html page as it is currently broken
2020-11-17 13:40:27 -07:00
a0a3a2b74c
Review changes
2020-11-17 19:15:12 +01:00
508ba85b69
Fixes for SP math only with ECC check key. Fix SP math when loading an ECC public only and calling wc_ecc_check_key. Fix for missing ecc_check_privkey_gen with SP math only. Applies to: /configure --enable-sp --enable-sp-math CFLAGS="-DWOLFSSL_VALIDATE_ECC_IMPORT".
2020-11-17 08:13:08 -08:00
8fe6186621
Merge pull request #3496 from haydenroche5/pre_commit_stash_fix
...
Modify pre-commit.sh to only stash and stash pop if there are modified files not add to the index
2020-11-17 07:54:50 -08:00
b4754d5706
CAVP, Windows, and FIPS tests
2020-11-17 15:06:35 +01:00
d18e2d7386
Refactoring and use salt length discover if available
2020-11-17 15:06:35 +01:00
fa03113460
enum wc_HashType switch
...
switch needs to handle all possible enum values or else the compiler generates warnings
2020-11-17 15:04:57 +01:00
248dd12993
Enable RSA-PSS padding in EVP_Digest* API
2020-11-17 15:04:57 +01:00
9cdbff8ee7
fix for no filesystem build with DH test case
2020-11-17 18:27:32 +07:00
7467b4c456
Removed link/button to annotated.html page as it is currently broken
2020-11-16 14:25:22 -07:00
549c446aaa
Removed leftovers from merge conflict
2020-11-16 13:17:49 -07:00
710cb7c9f5
Fixes for ECC tests with WOLFSSL_NO_MALLOC defined.
2020-11-16 12:17:30 -08:00
e5a0a264b3
Fix for coverity report with possible use of uninitialized value "err" in WC_ECC_NONBLOCK case. More fixes for building with WOLFSSL_NO_MALLOC.
2020-11-16 12:17:28 -08:00
40387ab0a0
Fixes for building with WOLFSSL_NO_MALLOC and/or NO_ASN_CRYPT defined.
2020-11-16 12:17:28 -08:00
f3b176d7e3
Fix for unused parameter with NO_ASN in ECC.
2020-11-16 12:17:28 -08:00
4a790cd024
Fixes for building with --disable-ecc and --disable-dh.
2020-11-16 12:17:27 -08:00
48f2d917b9
Added unit tests for blake2b
2020-11-16 13:06:51 -07:00
4e37036cba
Merge pull request #3499 from ethanlooney/31st_branch
...
Added blake2s unit tests
2020-11-16 09:37:31 -07:00
4efbb2fc70
Merge pull request #3418 from cconlon/zd11003
...
PKCS#7: check PKCS7 VerifySignedData content length against total bundle size
2020-11-16 18:14:41 +07:00
10380c6850
(ctx->gcmBuffer != NULL && ctx->gcmBufferLen == 0)
2020-11-16 15:48:39 +09:00
a00c75c51b
DTLS MTU: check MTU on write
2020-11-16 09:30:04 +10:00
837de435ba
TFM div: fix initial value of size in q so clamping doesn't OOB read
2020-11-16 09:29:13 +10:00
e9f0cb234b
Merge pull request #3425 from haydenroche5/cmake
...
CMake improvements
2020-11-14 08:35:54 -08:00
c436bc44e6
verify extracted public key in wc_PKCS7_InitWithCert
2020-11-13 17:23:40 -07:00
0541a59edd
Added blake2s unit tests
2020-11-13 14:43:50 -07:00
cd61fbd0fe
Modify pre-commit.sh to only stash and stash pop if there are modified files not
...
added to the index.
Before this change, if there was nothing to stash, the last thing you stashed
would get popped at the end of the script.
2020-11-13 13:38:58 -06:00
da06ef8c3f
Return long names instead of short names in wolfSSL_OBJ_obj2txt().
2020-11-13 12:03:26 -07:00
d4e1340027
Merge pull request #3486 from douzzer/refactor-gccish-macros
...
sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions
2020-11-13 09:26:00 -08:00
8f6c21d600
CMake improvements.
...
- Begin adding options to enable/disable different features.
- Increase minimum CMake version to 3.2.
- Support installation of the built files.
- Add checks for necessary include files, functions etc.
- Generate options.h and config.h.
- Use GNUInstallDirs to support installation, which is designed to be somewhat
cross-platform.
- Export wolfssl CMake target during installation, so others using CMake can
link against wolfssl easily.
- Disallow in-source builds.
- Place the generation of BUILD_* flags (controlled with AM_CONDITIONALs
in configure.ac) in a separate function in functions.cmake,
generate_build_flags.
- Implement the logic to conditionally add source files from
src/include.am in a function in functions.cmake, generate_lib_src_list.
- Exclude tls_bench from Windows. Doesn't compile with MSVC. WIP.
- Update INSTALL with latest CMake build instructions.
- Add a cmake/include.am to ensure CMake files get added to the distribution.
2020-11-13 11:25:04 -06:00
7f559b1d1a
Merge pull request #3487 from ejohnstown/sbf
...
Scan-Build Fixes
2020-11-13 09:24:17 -08:00
3d5c747ed5
Modify a couple tests to use WANT_WRITE simulation.
2020-11-13 10:35:56 -06:00
2fc594d319
Modify example server to be resilient to WANT_WRITE errors.
2020-11-13 10:33:10 -06:00
e035eb8f8a
Add an option to the example client to simulate WANT_WRITE errors.
...
- Add this option as "-6."
- Turn on non-blocking mode if WANT_WRITE simulation is enabled.
- Create a send IO callback that gets registered when this option is turned on.
This callback alternates between letting the TX through and returning a
WANT_WRITE error.
2020-11-13 10:30:24 -06:00
28be1d0cb3
Scan-Build Fixes
...
1. Fix some potential uninitialized pointer errors in the functions sp_RsaPublic_2048, sp_RsaPublic_3072, and sp_RsaPublic_4096 for small stack builds.
To recreate:
$ scan-build ./configure --enable-sp=small --enable-smallstack --enable-smallstackcache CPPFLAGS="-DECC_CACHE_CURVE -DHAVE_WOLF_BIGINT"
2020-11-12 20:58:25 -08:00
1e348b991d
Scan-Build Fixes
...
1. Fix a potential dereference of NULL pointer.
To recreate:
$ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
2020-11-12 20:58:17 -08:00
3773d33070
pin the C# verify callback
2020-11-13 11:57:20 +07:00
a8333b09a0
memory cleanup with test case
2020-11-12 20:24:47 -08:00
f02cc650a2
Fixes for handling TCP out-of-range sequence number.
2020-11-12 16:09:09 -08:00
c7053e9a36
Fix scenario where FreeHandshakeResources is called and server hello is recevied and WOLFSSL arrays is NULL.
2020-11-12 16:09:00 -08:00
53c6698678
Merge pull request #3445 from kojo1/EVP-gcm
...
set tag for zero inl case
2020-11-12 15:49:45 -07:00
735fb19ea9
break out on error parsing PKCS#7 SignedData inner OCTET_STRING
2020-11-12 15:44:25 -07:00
b931b1bd4d
Fix to not allow free for globally cached sessions. Resolves a false-positive scan-build warning.
2020-11-12 12:51:41 -08:00
38867ae2bf
Scan-Build Fixes
...
1. Added a check to see if the "d" in sp_div() ended up with a negative used length. Return error if so.
To recreate:
$ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
2020-11-12 10:24:11 -08:00
cdf44f6ff6
Pass static ephemeral keys for TLS v1.2 as well.
2020-11-12 09:18:24 -08:00
e996a7d15b
Scan-Build Fixes
...
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.
To recreate:
$ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
$ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
2020-11-12 09:06:59 -08:00
a6f2081af1
Fixes for key loading errors in snifftest application.
2020-11-12 08:59:11 -08:00
a53b734c83
Fix for client_hello keyshare with multiple entries. Fix for change_cipher_spec after finished.
2020-11-12 08:59:11 -08:00
ea21ddf540
Fix to only free existing key in SetStaticEphemeralKey if the incoming algorithm type has been specified.
2020-11-12 08:59:11 -08:00
5cda549d00
Allow passing multiple keys (comma separated) with the sniffer test tool. This allows setting both DH and ECC static ephemeral keys. Do not fail on resume not found.
2020-11-12 08:59:11 -08:00
720919198f
Fix for Scan-buld and when building without ECC or DH.
2020-11-12 08:59:11 -08:00
71d9f1e9bd
Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral.
2020-11-12 08:59:11 -08:00
1c87f3bdc1
Improve sniffer resume logic.
2020-11-12 08:59:10 -08:00
d208779974
Added test case for TLS v1.3 with HRR (hello_retry_request)
2020-11-12 08:59:10 -08:00
b74f0fb6b8
Fixes for sniffer with hello_retry_request. Fix for TLS v1.3 certificate processing.
2020-11-12 08:59:10 -08:00
c7bb602a30
Merge pull request #3482 from douzzer/scan-build-fixes-20201110
...
scan-build fixes -- 1 null deref, 34 unused results
2020-11-12 07:45:45 -08:00
1cbc2e8608
openssl.test: recognize TLS13-AES128-CCM-8-SHA256 and TLS13-AES128-CCM8-SHA256 as equivalent while iterating through $wolf_ciphers.
2020-11-11 23:23:28 -06:00
7850d71ccb
add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases.
2020-11-11 22:47:47 -06:00
68ebca8573
wolfcrypt/test/test.c: fix typos in aesgcm_test() malloc checks.
2020-11-11 22:47:47 -06:00
d3e3b21c83
Merge pull request #3393 from dgarske/zd11104
...
Fix for TLS ECDH (static DH) with non-standard curves
2020-11-11 14:22:37 -08:00
197c85289b
Merge pull request #3468 from SparkiDev/sp_c_mul_d
...
SP C32/64 mul_d: large div needs mul_d to propagate carry
2020-11-11 14:06:25 -08:00
f96fbdb7d1
sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions.
2020-11-11 13:44:26 -06:00
5fe1586688
fix 34 deadcode.DeadStores detected by llvm11 scan-build.
2020-11-11 13:04:14 -06:00
fe2dcf76fe
Merge pull request #3413 from cconlon/zd11011
...
PKCS#7: check PKCS7 SignedData private key is valid before using it
2020-11-11 22:55:03 +07:00
4705ebde88
add guard on test case for cert gen
2020-11-11 21:53:52 +07:00
d49038ae24
Fix overlapping sequence number error.
...
wolfSSL wants to use the same sequence number for the ServerHello as the ClientHello. This is an issue when this sequence number is already taken.
2020-11-11 15:35:05 +01:00
979216d595
add test case for rejecting version 2 x509
2020-11-11 18:57:09 +07:00
5f0d788bfb
TLS PickHashSigAlgo: rework
...
Make default to pick lowest hash with RSA and ECC (TLS 1.2 and lower).
WOLFSSL_STRONGEST_HASH_SIG picks the strongest hash.
WOLFSSL_ECDSA_MATCH_HASH will pick the hash to match the ECC curve.
2020-11-11 10:06:09 +10:00
f5561b926c
rshb: handle cases of shift amount being multiple of DIGIT_BIT
...
tfm.c and integer.c fixed
2020-11-11 10:04:14 +10:00
d7ea8b953b
fold long lines
2020-11-11 08:43:16 +09:00
eab3bf9ab4
Add a test case for zero len plain text
2020-11-11 08:43:16 +09:00
417ff1b0f2
set tag for zero len case
2020-11-11 08:43:16 +09:00
1d2eb44bfb
Merge https://github.com/wolfssl/wolfssl
2020-11-11 08:34:03 +09:00
68209f91fb
Merge pull request #3465 from kaleb-himes/DOX_UPDATE_wc_RsaPublicEncrypt
...
Address report on issue #3161
2020-11-10 14:52:20 -08:00
fcd73135f5
Merge pull request #3479 from tmael/ocsp_NULL
...
Check <hash> input parameter in GetCA
2020-11-10 14:46:05 -08:00
958fec3b45
internal.c:ProcessPeerCerts(): fix a core.NullDereference detected by llvm9 and llvm11 scan-builds.
2020-11-10 16:40:28 -06:00
7b50cddf8c
Merge pull request #3387 from ethanlooney/27th_branch
...
Added unit test for evp.c
2020-11-10 13:27:33 -07:00
8645e9754e
Only set ssl->ecdhCurveOID if not already populated.
2020-11-10 09:47:38 -08:00
1d531fe13b
Peer review fixes.
2020-11-10 09:47:37 -08:00
fa1af37470
Fix for FIPS ready CAVP tests. For now it requires ECC 192-bit.
2020-11-10 09:47:37 -08:00
5de80d8e41
Further refactor the minimum ECC key size. Adds --with-eccminsz=BITS option. Fix for FIPSv2 which includes 192-bit support. If WOLFSSL_MIN_ECC_BITS is defined that will be used.
2020-11-10 09:47:37 -08:00
b13848e568
Fix tests to handle ECC < 224 not enabled.
2020-11-10 09:47:37 -08:00
6bd98afdd0
Only allow TLS ECDH key sizes < 160-bits if ECC_WEAK_CURVES is defined.
2020-11-10 09:47:37 -08:00
c697520826
Disable ECC key sizes < 224 bits by default. Added --enable-eccweakcurves or ECC_WEAK_CURVES to enable smaller key sizes. Currently this option is automatically enabled if WOLFSSL_MIN_ECC_BITS is less than 224-bits.
2020-11-10 09:47:36 -08:00
62dca90e74
Fix for server-side reporting of curve in wolfSSL_get_curve_name if client_hello includes ffdhe, but ECC curve is used.
2020-11-10 09:47:36 -08:00
d7dee5d9e6
Fix for ECC minimum key size, which is 112 bits.
2020-11-10 09:47:36 -08:00
6ac1fc5cff
Fix include.am typo.
2020-11-10 09:47:36 -08:00
10f459f891
Added TLS v1.2 and v1.3 test cases for ECC Koblitz and Brainpool curves (both server auth and mutual auth). Cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256 and TLS13-AES128-GCM-SHA256.
2020-11-10 09:47:36 -08:00
fb9ed686cb
Fix for TLS with non-standard curves. The generted ECC ephemeral key did not use the same curve type as peer. Only the server was populating ssl->ecdhCurveOID. Now the curveOID is populated for both and as a fail-safe the peer key curve is used as default (when available).
2020-11-10 09:47:36 -08:00
045fc4d686
Fixes to support overriding minimum key sizes for examples.
2020-11-10 09:47:36 -08:00
bfb6138fc5
Merge pull request #3480 from douzzer/fix-sniffer-printf-null-Wformat-overflow
...
TraceSetNamedServer() null arg default vals; FIPS wc_MakeRsaKey() PRIME_GEN_E retries; external.test config dependencies
2020-11-10 09:37:36 -08:00
5625929c83
scripts/external.test: skip test when -UHAVE_ECC.
2020-11-10 01:27:45 -06:00
196ae63eb2
scripts/external.test: skip test when -DWOLFSSL_SNIFFER (staticCipherList in client.c is incompatible).
2020-11-10 00:03:02 -06:00
bd38124814
ssl.c: refactor wolfSSL_RSA_generate_key() and wolfSSL_RSA_generate_key_ex() to retry failed wc_MakeRsaKey() on PRIME_GEN_E when -DHAVE_FIPS, matching non-FIPS behavior, to eliminate exposed nondeterministic failures due to finite failCount.
2020-11-09 21:24:34 -06:00
3050f28890
Merge pull request #3467 from cconlon/rc2vs
...
rc2.c to Visual Studio projects, fix warnings
2020-11-09 13:52:03 -08:00
f02c3aab2e
Merge pull request #3475 from ejohnstown/nsup
...
Hush Unused Param Warning
2020-11-09 11:04:05 -08:00
4b1a779fcc
tests: fix for fips-test -Wunused-variable on "rng"
2020-11-09 11:54:49 -06:00
7e3efa3792
Merge pull request #3474 from douzzer/lighttpd-update-1.4.56
...
lighttpd support update for v1.4.56
2020-11-09 09:24:58 -08:00
a5caf1be01
Check for NULL
2020-11-09 08:45:48 -08:00
22bcceb2d3
src/sniffer.c: guard against null arguments to TraceSetNamedServer(), to eliminate -Werror=format-overflow= warnings from gcc.
2020-11-06 17:40:12 -06:00
c0c452b0a1
reset content length in PKCS7_VerifySignedData for multiPart OCTET_STRING bundles
2020-11-06 16:36:58 -07:00
937a7ce8ce
Merge pull request #3448 from dgarske/crypto_cb
...
Improve the crypto callback for ASN
2020-11-06 15:26:11 -07:00
884a9b59ab
Merge pull request #3461 from dgarske/fips_ready_wopensslextra
...
Fix for FIPS ready with openssl compat
2020-11-06 13:14:06 -08:00
a6e0d3eb29
Changed hardcoded values to variables, changed where some variables were defined, etc
2020-11-06 14:04:27 -07:00
ac4c8a0112
Merge pull request #3419 from ethanlooney/29th_branch
...
Added case for Logging.c unit test
2020-11-06 13:10:24 -07:00
4110297b62
Merge pull request #3473 from embhorn/zd11198
...
wc_SetIssuerRaw should copy raw subject to issuer
2020-11-06 10:48:37 -08:00
b4e7f196df
Merge pull request #3470 from SparkiDev/config_fix_3
...
TLS configurations fixes
2020-11-06 10:35:51 -08:00
3f25cda354
Merge pull request #3469 from SparkiDev/cpuid_sp_asm
...
cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined
2020-11-06 10:34:40 -08:00
abd6f6ce18
Hush Unused Param Warning
...
Removed a guard check for NO_WOLFSSL_STUB from wolfSSL_X509_print_ex().
To recreate:
$ ./configure --enable-opensslextra CPPFLAGS="-DNO_WOLFSSL_STUB"
$ make
2020-11-06 10:30:47 -08:00
f3d961b1b1
Merge pull request #3453 from dgarske/ZD11159
...
Fix for possible memory leak when overriding error for verify callback
2020-11-06 10:18:52 -08:00
f9ec7c472a
Merge pull request #3440 from ejohnstown/ntf3
...
Nightly Test Fix
2020-11-06 10:15:23 -08:00
2cad844d29
Merge pull request #3421 from dgarske/apache_httpd
...
Apache httpd w/TLS 1.3 support
2020-11-06 12:14:58 -06:00
0d2e28ce80
Fix for error: unused function 'MonthStr'
2020-11-06 10:11:48 -08:00
dcff103c84
tests/api.c: fixes for compilability re NO_BIO
2020-11-05 22:19:16 -06:00
4030523eb5
ssl.c: remove duplicate definition of wolfSSL_CTX_check_private_key().
2020-11-05 21:57:33 -06:00
f9e48ee361
build updates for lighttpd: recommend -DNO_BIO
...
(cherry picked from commit bfe12839e18ccc3ab95cfc33b34c875ebe55c14a)
2020-11-05 20:40:43 -06:00
92c3296e13
preprocessor -DNO_BIO to omit OpenSSL BIO API
2020-11-05 20:40:43 -06:00
030eb9347c
lighttpd: allow ssl3, tls1.0 if explicitly enabled
2020-11-05 20:40:43 -06:00
7cee131e37
restore --enable-lighty with --enable-all
...
protect lighttpd recommendations (and recommended restrictions)
to when building wolfSSL specifically for use by lighttpd, and
omit these optional settings when building `--enable-all`
2020-11-05 20:40:43 -06:00
a9a495270c
Fix to disable CRL monitor for single threaded or lighttpd. Do not set --enable-lighty with --enable-all.
2020-11-05 20:40:43 -06:00
daca327ba3
expose (get|set)_(app|ex)_data with HAVE_EX_DATA
...
when OPENSSL_EXTRA_X509_SMALL is set
2020-11-05 20:40:43 -06:00
d01616a357
unhide some non-fs funcs hidden by NO_FILESYSTEM
2020-11-05 20:40:43 -06:00
bcf1f0375b
build updates for lighttpd: recommended flags
2020-11-05 20:40:43 -06:00
f4e2db831e
enable SNI_Callback for lighttpd
2020-11-05 20:40:43 -06:00
be7592fb43
implement wolfSSL_dup_CA_list()
...
wolfSSL_dup_CA_list() duplicates a WOLF_STACK_OF(WOLFSSL_X509_NAME)
(replaces stub function)
2020-11-05 20:40:43 -06:00
e5ed227a87
build updates for lighttpd: -DOPENSSL_ALL
...
avoid potential for WolfSSL to silently omit expected functionality
2020-11-05 20:40:43 -06:00
503de43cbd
build updates for lighttpd
...
Update configure.ac and various #ifdefs to enable WolfSSL to
build features for use by lighttpd.
Change signature of wolfSSL_GetVersion() to take const arg.
Pass (const WOLFSSL*) to wolfSSL_GetVersion() for use with
SSL_CTX_set_info_callback(), where OpenSSL callback takes (const SSL *)
2020-11-05 20:40:43 -06:00
182a3e6bc2
Also addressing opensslall, pkcs7 and combinations
2020-11-05 17:29:30 -07:00
232ac03bbe
Changed it to only the inverse
2020-11-05 14:38:23 -07:00
0aee4b78cd
Changed md5 to sha256 in DigestFinal_ex function
2020-11-05 14:36:42 -07:00
a92e31f6cb
Fix from review
2020-11-05 14:47:10 -06:00
d784bd61cd
Merge pull request #3462 from kabuobeid/wolfrand_freescale_ecc_fix
...
Fix build issue when building wolfrand on a Freescale platform.
2020-11-05 12:29:49 -08:00
06f1a1870d
Added inverse case
2020-11-05 13:05:15 -07:00
1dc7293b19
Fix the return code. openssl uses void on these, but let's go ahead and do a return code.
2020-11-05 09:31:12 -08:00
063fb2cfa0
Merge pull request #3455 from douzzer/linuxkm-install-rules
...
add "module", "modules_install", and "clean_module" rules for linuxkm
2020-11-05 09:09:35 -08:00
648c5e4735
Merge pull request #3471 from douzzer/fix-scan-build-20201104
...
fix various possibly spurious scan-build null deref reports.
2020-11-05 09:36:42 -07:00
fa9a0a4b49
Copy raw subject to issuer
2020-11-05 09:06:02 -06:00
5751319e00
fix various possibly spurious scan-build null deref reports.
2020-11-04 23:11:42 -06:00
b40543b342
Merge pull request #3466 from douzzer/fix-benchmark-dh-key-size
...
fix bench_dh() key size initialization
2020-11-04 20:33:06 -07:00
78309cd7aa
SP C32/64 mul_d: large div needs mul_d to propagate carry
...
Change implementation to pre-calc products to allow for reordering of
operations.
2020-11-05 12:50:33 +10:00
8a42ee7ffd
TLS configurations fixes
...
--enable-leanpsk --disable-tls13:
ensure WriteSEQ is defined when !WOLFSSL_NO_TLS12 (tls.c)
CFLAGS=-DWOLFSSL_NO_CLIENT_AUTH -disable-tls13"
TLS server was expecting certificate from peer when verifyPeer is
set. Fix with checks for !WOLFSSL_NO_CLIENT_AUTH.
2020-11-05 12:21:19 +10:00
2588fe366e
cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined
...
WOLFSSL_X86_64_BUILD is defined only when fast math is enabled.
Define it when SP ASM is enabled and on an x86_64 host.
Undo cpuid code being enabled when WOLFSSL_SP_ASM as it shouldn't for
non-Intel CPUs.
2020-11-05 11:16:27 +10:00
37952b2776
Fix build issue when building wolfrand on a Freescale platform.
2020-11-04 16:52:59 -07:00
3b4ec74174
Fixes for openssl compatibility. Added SSL_CTX_set_post_handshake_auth and SSL_set_post_handshake_auth API's for enabling or disabling post handshake authentication for TLS v1.3.
2020-11-04 15:05:50 -08:00
eb19306f16
Merge pull request #3459 from haydenroche5/sniffer_fixes
...
Fix a couple of issues related to the sniffer.
2020-11-04 14:09:43 -08:00
2d149b1bef
benchmark.c: backport fixes to bench_dh() DH key size initialization from SparkiDev:sp_math_all.
2020-11-04 15:35:58 -06:00
3858bda7e9
add "module", "modules_install", and "clean_module" rules to BUILD_LINUXKM section of Makefile.am, and add working install rule to linuxkm/Makefile, so that "make module" and "make modules_install" now work when --enable-linuxkm; fix "make dist" logic in Makefile.am and scripts/include.am to be unaffected by --enable-linuxkm; don't build wolfcrypt/benchmark or testwolfcrypt when --enable-linuxkm and --enable-crypttests.
2020-11-04 14:13:39 -06:00
6953049305
fix Visual Studio type conversion warnings
2020-11-04 11:11:40 -07:00
83b0847e66
add rc2.c to Visual Studio projects
2020-11-04 10:37:47 -07:00
288ad68b4d
Address report on issue #3161
2020-11-04 10:37:46 -07:00
3b1c536418
Fix a couple of issues related to the sniffer.
...
- Fix an issue in sniffer.c where some pointer math was giving a warning.
- Fix an issue in snifftest.c where a local variable was never read.
- Ignore non-TCP/IP packets in snifftest.c. Fixes some tests with pcaps with
other types of packets.
2020-11-04 10:46:11 -06:00
00dd22adc4
Merge pull request #3464 from SparkiDev/sha512_valgrind_fix
...
SHA-512 AVX2: use register for wk other than rsp
2020-11-04 07:15:04 -08:00
235ea98b90
SHA-512 AVX2: use register for wk other than rsp
...
Valgrind thinks that stack values are uninitialised when the stack
pointer is added to.
The asm code was moving rsp around rather than use another register.
Put length to hash onto stack and use that register instead.
2020-11-04 12:02:34 +10:00
b76ac0b842
Merge pull request #3442 from SparkiDev/config_fix_2
...
Configuration fixes
2020-11-03 14:48:49 -08:00
e52efc7a8a
Merge pull request #3441 from SparkiDev/ecdsa_vfy_safe
...
ECDSA verification: handle doubling of infinity
2020-11-03 14:47:45 -08:00
2acef1c114
Merge pull request #3436 from haydenroche5/chacha_msvc_fix
...
Fix MSVC compile issue in chacha.c.
2020-11-03 14:44:43 -08:00
63bf5dc56c
Merge pull request #3426 from SparkiDev/rsa_pss_fix
...
RSA-PSS: Handle edge case with encoding message to hash
2020-11-03 14:43:56 -08:00
3cce86d7a8
Merge pull request #3420 from dgarske/small_pk
...
ECC memory reductions with key and signature parsing
2020-11-03 14:42:43 -08:00
9f9901e10e
Merge pull request #3417 from douzzer/fix-ipv6-ocsp-tests
...
Fix ipv6 ocsp tests
2020-11-03 14:38:32 -08:00
d6b219bd38
Fix for ./configure --enable-fips=ready --enable-opensslextra.
2020-11-03 14:23:08 -08:00
813a94ab9a
Added bad and good case to EVP_DigestFinal_ex test
2020-11-03 14:57:30 -07:00
39d0b032e8
strict certificate version allowed from client
2020-11-03 19:30:56 +07:00
f8176dd646
Merge pull request #3454 from SparkiDev/sp_def_fix
...
SP C64/32: Fix define check
2020-11-02 17:07:56 -08:00
b3f6c483bf
SP C64/32: Fix define check
...
WOLFSSL_SP_DH -> WOLFSSL_HAVE_SP_DH
2020-11-03 08:42:55 +10:00
48073fb678
Removed unnecessary test
2020-11-02 14:22:01 -07:00
cf05a060f7
Removed cases that caused fips test to fail
2020-11-02 14:16:02 -07:00
05d01dcccd
Added if defined checks for rc4 and fips
2020-11-02 14:11:07 -07:00
251f3e15d4
Added fips check for specific size
2020-11-02 14:11:07 -07:00
7412374496
Changed from hardcoded values, changed types and deleted comments
2020-11-02 14:11:07 -07:00
8122c031bf
Added ifdef's, changed key sizes to relevant sizes
2020-11-02 14:11:07 -07:00
b46f87ffe6
Added unit test for evp.c
2020-11-02 14:11:07 -07:00
89c39dcfe5
Fix for possible memory leak when overriding error for verify callback on cert 0 (peer) if OPENSSL_EXTRA or OPENSSL_EXTRA_X509_SMALL and KEEP_PEER_CERT is not defined.
2020-11-02 12:04:56 -08:00
29c7351fe0
Merge pull request #3383 from kaleb-himes/ACVP_TESTING_UPDATE
...
In ACVP testing NIST needs to see failed decryption output
2020-11-02 10:42:28 -08:00
87abb5257e
Merge pull request #3447 from dgarske/microchip
...
Fixes for building with Microchip
2020-11-02 10:09:13 -07:00
a411dab74f
Merge pull request #3410 from cconlon/zd11001
...
PKCS#7: Reset variables correctly in VerifySignedData
2020-11-02 11:33:52 +08:00
d24add10f2
Nightly Test Fix
...
When performing a fast_mp_montgomery_reduce(), scan-build didn't like
that the destination buffer was fully zeroed out. We were only zeroing
what was expected to be used. This zeroes only the expected to be used
section of the output buffer.
2020-11-01 18:58:05 -08:00
0df5079f8b
Fixes for building with Microchip. The min/max patch allows non PIC32MZ parts to build in MPLABX. The cryptoauthlib already defines SHA_BLOCK_SIZE, so undef to prevent redef error.
2020-10-30 12:46:14 -07:00
8728eaf93f
Removed duplicate return check and added return check
2020-10-30 13:19:12 -06:00
64b081f3c9
Improve the SHA256 crypto callback for ASN, so a wc_Sha/wcSha256 context exists for certificate hashing.
2020-10-30 12:18:19 -07:00
54fe98716d
Merge pull request #3415 from kojo1/config-options
...
Config options
2020-10-30 11:55:11 -06:00
22816b53de
set tag for zero len case
2020-10-30 16:13:37 +09:00
e4f3f8b80a
Further tuning of the zero trim / is leading set logic for new ECC signature encoding/decoding API's.
2020-10-29 15:59:51 -07:00
bd3841c7d1
Merge pull request #3444 from julek-wolfssl/aad-reset
...
AAD should be reset on Init call
2020-10-30 08:11:26 +10:00
95c8a48285
Trim leading zero's first, then check for MSB being set.
2020-10-29 08:38:55 -07:00
aff14091e0
AAD should be reset on Init call
2020-10-29 12:13:35 +01:00
320afab227
Configuration fixes
...
--enable-sp --enable-sp-asm --disable-fastmath:
cpuid.h - check for WOLFSSL_SP_ASM as well
-enable-curve448 --enable-ed448 --disable-rsa --disable-dh
--enable-tls13 --disable-ecc --enable-certgen --enable-keygen:
api.c - certificate loaded that was RSA but RSA disabled
--enable-sp --enable-sp-asm --enable-sp-math:
cpuid.c - check for WOLFSSL_SP_ASM as well
--disable-shared --disable-ecc --disable-dh --enable-cryptonly
--enable-rsavfy --disable-asn --disable-rng --disable-filesystem:
test.c - rsa_test()
'CC=clang -fsanitize=address' '-enable-distro' '--enable-stacksize':
testsuit.c - echoclient_test_wrapper needs to free ECC FP cache when
it is in a separate thread
2020-10-29 16:21:06 +10:00
32ea0910de
ECDSA verification: handle doubling of infinity
2020-10-29 12:12:01 +10:00
ef7a987759
Peer review fixes.
2020-10-28 17:09:15 -07:00
7d177e78d7
don't include wolfssl/options.h in logging.c, use AM_CFLAGS (not wolfssl/options.h) to communicate HAVE_WC_INTROSPECTION to the compiler, and use config.h (not wolfssl/options.h) to communicate LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS to the compiler (for logging.c).
2020-10-28 17:28:05 -05:00
fda84576b0
name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h.
2020-10-28 17:28:05 -05:00
139b0431cb
ocsp-stapling*.test: prefix waited servers with "timeout 60" to avoid deadlock failure modes; grep output from "openssl s_client" in "test interop fail case" for expected error message ("self signed certificate in certificate chain").
2020-10-28 17:28:05 -05:00
a5d96721ac
wolfcrypt/src: remove wc_debug.c and move its contents to logging.c.
2020-10-28 17:28:05 -05:00
0568ec304f
pass -4 flag to openssl and nc only when IPV6_SUPPORTED.
2020-10-28 17:28:05 -05:00
94a3f86dcd
scripts/ocsp-stapling*.test: check if IPv6 is supported by the installed openssl and nc executables, and if not, don't attempt to wrestle the version. with no IPv6 support, and an --enable-ipv6 wolfssl build, skip the test entirely. also, restore a couple -b (bind-all-interfaces) flags to examples/server/server recipes in case that's useful.
2020-10-28 17:28:05 -05:00
94d4ea3a57
examples/client/client.c:client_usage_msg[][]: add correct sensing and reporting of WOLFSSL_SP_4096.
2020-10-28 17:28:05 -05:00
1ba0883f4c
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-28 17:28:05 -05:00
f37c25f9c0
wc_XChaCha20Poly1305_crypt_oneshot(): use ForceZero, not XMEMSET(), to safely clear the AEAD state before return.
2020-10-28 17:28:05 -05:00
7a5cbaa9bc
fix scripts/ocsp-stapling*.test to accommodate IPv6 examples/ client/server build.
2020-10-28 17:28:05 -05:00
b918e1fd4c
examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively.
2020-10-28 17:28:05 -05:00
8be2d7690a
add API functions libwolfssl_configure_args() and libwolfssl_global_cflags() to retrieve build parameters at runtime.
2020-10-28 17:28:01 -05:00
931eea30f5
Merge pull request #3397 from cconlon/rc2
...
RC2 ECB/CBC and PKCS#12 Integration
2020-10-28 15:06:47 -07:00
90258b6f34
Fix MSVC compile issue in chacha.c.
...
Use XMEMSET instead of initializing with {}.
2020-10-28 14:57:59 -05:00
112cce8cf2
Merge pull request #3407 from SparkiDev/pkcs11_sign_vfy
...
PKCS #11 : changes for signing and loading RSA public key from private
2020-10-28 12:53:58 -07:00
6a98601895
Merge pull request #3427 from SparkiDev/ecdsa_shamir_precomp
...
ECC Shamir's Trick: infinity in precomp
2020-10-28 12:08:40 -07:00
3a9758f257
Merge pull request #3433 from dgarske/sniffer_sni
...
Fix for Sniffer with SSLv3 where SNI is not supported
2020-10-28 12:06:37 -07:00
a15769b12e
Merge pull request #3435 from ejohnstown/ntf2
...
Nightly Test Fix 2
2020-10-28 06:39:15 -07:00
91f0d8bfef
Fix MSVC compile issue in chacha.c.
...
MSVC generates a syntax error when you initialize
an array with {}. {0} has the same effect and compiles.
2020-10-27 21:14:15 -05:00
4277ec62f9
Merge pull request #3431 from kaleb-himes/NO_FILESYSTEM_FIX
...
Remove file system constraint on wolfSSL_CTX_check_private_key()
2020-10-27 15:25:59 -07:00
6a77a8d8d6
Compatibility Layer
...
When making a AUTHORITY KEY object, if the ASN1 OBJECT fails, the key object is leaked.
2020-10-27 14:51:35 -07:00
a43d239271
Fix for Sniffer with SSLv3 where SNI is not supported. ZD 11169.
2020-10-27 11:26:02 -07:00
76e84e0830
Merge pull request #3423 from ejohnstown/nightly-test-fix
...
Nightly Scan-Build Test Fixes
2020-10-27 08:31:19 -07:00
f934fb03bd
Remove file system constraint on wolfSSL_CTX_check_private_key()
2020-10-27 08:57:46 -06:00
fb2288c46d
RSA-PSS: Handle edge case with encoding message to hash
...
When the key is small relative to the digest (1024-bit key, 64-byte
hash, 61-byte salt length), the internal message to hash is larger than
the output size.
Allocate a buffer for the message when this happens.
2020-10-27 12:39:06 +10:00
7dbd6102d2
Compatibility Layer
...
When wolfSSL_X509_NAME_ENTRY_create_by_txt() needs to make a new ASN.1 object ID, actually store it in the name entry.
2020-10-26 16:10:44 -07:00
2ebb47ec32
Merge pull request #3424 from douzzer/fix-save-vector-registers-gating
...
wc_port.h: improve/fix gating on {SAVE,RESTORE}_VECTOR_REGISTERS()
2020-10-26 15:33:00 -07:00
fd5a309a47
wc_port.h: improve gating on {SAVE,RESTORE}_VECTOR_REGISTERS() to assure no-op fallback definitions in non-autotools builds.
2020-10-26 12:06:18 -05:00
74b834a78c
Merge pull request #3422 from ejohnstown/ecc-name
...
Tautological Name Fix
2020-10-26 10:12:51 +10:00
9c1049f112
Compatibility Layer
...
1. Changed the ASN1_OBJECT member of the X509_NAME_ENTRY to be a pointer
rather than an object. It could lead to a double free on the name
entry.
2. The ASN1_OBJECT allocator should set the dynamic flag, as the
deallocator is the one that uses it.
3. General changes to treat the member as a pointer rather than a
member.
4. In the api test, we were iterating over the name members in the name
checking the NIDs. After the loop we freed the name member object.
This led to a double free error.
2020-10-25 14:38:07 -07:00
f5f883597e
RSA PSS Fix
...
1. Change the utility function in wc_encrypt that returns the size of a
hash to initialize the size to HASH_TYPE_E, like the other utility
functions.
2. When getting the hash size returns an error, RSA-PSS verify inline
should return a BAD_FUNC_ARG error.
2020-10-24 13:06:42 -07:00
3f5620089e
PKCS7: In EncodeEncryptedData, free the attribs and flattenedAttribs if
...
they were allocated, not based on if they should be allocated.
2020-10-24 12:41:10 -07:00
bfccf35eaf
Tautological Name Fix
...
Depending on the build option WOLFSSL_ECC_CURVE_STATIC, the name in the
ecc_set may be a pointer (default) or an array. With the above set with
the CFLAG -Wtautological-pointer-compare you'll get a build error.
Changed the comparison in the for loop with this problem to check the
name's pointer only if appropriate.
2020-10-23 15:23:16 -07:00
277edbb514
fix for --disable-tls13 --enable-sniffer
2020-10-24 07:14:43 +09:00
02536461e6
fix for --enable-opensslall --disable-sha224
2020-10-24 07:06:24 +09:00
685a35e097
Add missing stdint.h reference.
2020-10-23 13:42:25 -07:00
e24ac4211d
Merge pull request #3405 from kojo1/EVP-gcm-zero
...
set tag including if(inl == 0) case
2020-10-23 14:35:47 -06:00
a5f86729f9
Deleted comment
2020-10-23 13:52:06 -06:00
a50e88430f
Add OPENSSL_init_crypto and OPENSSL_init_ssl API's.
2020-10-23 12:13:08 -07:00
6dbc1cb75d
Add support for TLS v1.3 compatibility API SSL_verify_client_post_handshake for the server-side to support rehandshake. Required for Apache v2.4.39 with TLS v1.3.
2020-10-23 12:13:08 -07:00
589057245f
Improvement to ECC wc_ecc_rs_raw_to_sig to reduce memory use (avoid the mp_int). Additional test cases. Fixes for previous function changes.
2020-10-23 11:00:46 -07:00
c27d5f57c4
check PKCS7 content length is not larger than bundle if not using separate header/footer
2020-10-23 09:56:34 -07:00
a7b325f542
Merge pull request #3414 from kabuobeid/wolfrand_build_fix
...
Fix wolfrand build failure.
2020-10-22 22:54:05 -07:00
24af0497b5
PKCS #11 : changes for signing and loading RSA public key from private
2020-10-23 14:02:59 +10:00
ff092c02d2
Merge pull request #3396 from SparkiDev/fips_armasm
...
FIPS ARMASM: get build working
2020-10-22 15:26:24 -07:00
05094460b2
Merge pull request #3353 from douzzer/XChaCha
...
XChaCha
2020-10-22 15:25:56 -07:00
42583b5270
Fix wolfrand build failure, caused by defining NO_ASN without NO_CERTS.
2020-10-22 14:48:37 -07:00
2bd761bb4c
Added a case for logging.c unit test with debug not enabled
2020-10-22 14:51:07 -06:00
0065756efc
Improvement to ECC wc_ecc_sig_to_rs to reduce memory use (avoid the mp_int).
2020-10-22 13:34:19 -07:00
cb8e625e32
Fix to allow import of private key with ATECC. Its okay to load private key material into ecc_key struct.
2020-10-22 13:26:00 -07:00
6265006553
Merge pull request #3403 from elms/cppcheck/cleaup_fixes
...
Address some cppcheck issues
2020-10-22 12:56:19 -07:00
be8e4d1949
Fix to reduce memory use with small stack on ECC key import.
2020-10-22 12:41:49 -07:00
1ced948391
check PKCS7 SignedData private key is valid before using it
2020-10-22 10:37:11 -07:00
df382f382f
fix case in PKCS7_VerifySignedData where pkiMsgSz may not be set correctly
2020-10-22 09:23:32 -07:00
f75dc4727d
Merge pull request #3408 from ejohnstown/opt-fix
...
Example Client OCSP Option Fix
2020-10-22 09:00:04 -07:00
5e78a0107d
check Rc2EcbEncrypt/Decrypt returns during CBC ops
2020-10-22 09:57:34 -06:00
d1f13a6570
rearrange Rc2 struct for optimal alignment
2020-10-22 09:43:40 -06:00
e28303b40a
In DoServerKeyExchange(), when reading the DH key from the server, the
...
client was checking it too strictly. The pubkey value should be checked
as strictly as the generator, for too large. The public key value is
checked mathematically elsewhere.
2020-10-21 21:47:32 -07:00
81849e64b8
scripts/openssl.test: for "-psk" cases, use "-psk key", not "-psk=key", for OpenSSL 1.0.2 compatibility.
2020-10-21 23:30:14 -05:00
ca7161a86f
Example Client OCSP Option Fix
...
1. Before checking to see if the must staple flag is on the 'W' option,
check the length of myoptarg.
2020-10-21 23:23:45 -05:00
d2dac8e4b8
Example Client OCSP Option Fix
...
1. Before checking to see if the must staple flag is on the 'W' option,
check the length of myoptarg.
2020-10-21 13:30:51 -07:00
b468ea77ea
linuxkm: use EXPORT_SYMBOL_NS(x, WOLFSSL) if available, else fall back to EXPORT_SYMBOL(x).
2020-10-21 14:37:43 -05:00
c910c94824
rename API wc_XChaCha20Poly1305_{encrypt,decrypt}_oneshot to wc_XChaCha20Poly1305_{Encrypt,Decrypt} for consistency; remove stray debugging printf in XChaCha20Poly1305_test().
2020-10-21 14:36:46 -05:00
299e88a993
minor fixes and commentary.
2020-10-21 14:08:41 -05:00
99b76241bd
wolfcrypt/test/test.c: remove debugging printf in XChaCha20Poly1305_test().
2020-10-21 14:08:41 -05:00
e1d3f2c7b4
chacha20_poly1305.c: add _SMALL_STACK code in wc_XChaCha20Poly1305_crypt_oneshot().
2020-10-21 14:08:41 -05:00
1949378d61
wc_Chacha_purge_current_block(): init "scratch" buffer to zeros, to avoid "garbage value" warnings.
2020-10-21 14:08:41 -05:00
f65947ae09
rename wc_XChaCha_init() to wc_XChacha_SetKey() for consistency, and add a counter argument to provide for future random access scenarios; refactor wc_Chacha_purge_current_block() to use a dummy wc_Chacha_Process() call for intrinsically correct counter dynamics.
2020-10-21 14:08:41 -05:00
6142c22948
add wc_XChaCha_init(), wc_XChaCha20Poly1305_Init(), wc_XChaCha20Poly1305_encrypt_oneshot(), wc_XChaCha20Poly1305_decrypt_oneshot(), and wc_Poly1305_EncodeSizes64(). also, remove redundant arg check (typo) in wc_Poly1305Update().
2020-10-21 14:08:41 -05:00
c3dba3f9af
Add additional checks to sp_ecc_point_new
2020-10-21 09:59:39 -07:00
00ee24b998
ECC Shamir's Trick: infinity in precomp
...
Code now handles generating and having infinity in the precomp.
2020-10-21 11:58:31 +10:00
e4eda3e125
Merge pull request #3384 from SparkiDev/tls13_sess_tick_compat
...
TLS session tickets: cannot share between TLS 1.3 and TLS 1.2
2020-10-20 15:56:03 -07:00
7aae784a53
Merge pull request #3399 from dgarske/zd11128
...
Fix for TLS sniffer with non-standard curves
2020-10-20 15:14:53 -07:00
7c38be407c
Merge pull request #3398 from dgarske/async_test
...
Fixes for `--enable-asynccrypt` tests
2020-10-20 15:13:51 -07:00
a1afc6ca4f
Merge pull request #3389 from tmael/ocsp_status
...
Process multiple OCSP responses
2020-10-20 15:11:42 -07:00
1e43d65d2a
Merge pull request #3392 from SparkiDev/ocsp_must_staple
...
TLS OCSP Stapling: MUST staple option
2020-10-20 15:07:08 -07:00
ffd55ac1fe
Merge pull request #3406 from ejohnstown/dh-fix-2
...
DH Fix 2
2020-10-21 08:05:42 +10:00
c863ca54a3
Merge pull request #3308 from julek-wolfssl/thread-safety
...
Introduce thread safety to unsafe functions in wolfSSL
2020-10-20 14:56:04 -07:00
7c89d10e53
Merge pull request #3260 from julek-wolfssl/non-blocking-scr
...
(D)TLS non-blocking SCR with example
2020-10-20 13:45:19 -07:00
2c5a4ba508
DH Fix 2
...
1. Add some missing frees for the error cases when the server DH public
key is rejected.
2020-10-20 10:32:09 -07:00
a575403ca3
Merge pull request #3404 from haydenroche5/cmake
...
Tweak CMakeLists.txt
2020-10-20 06:58:00 -07:00
6767646e54
set tag for zero len case
2020-10-20 19:11:35 +09:00
ebde736ee7
Merge pull request #3400 from ejohnstown/dh-fix
...
DH Fix
2020-10-20 11:45:18 +10:00
fb35013bf2
Merge pull request #3402 from douzzer/lkm-kernel_time_t
...
Linux __kernel_time_t version test
2020-10-19 17:28:48 -07:00
06977ebbdf
Tweak CMakeLists.txt
...
- Change minimum CMake version from 2.6 to 3.0, which has support for targets.
- Favor explicit file lists in CMakeLists.txt over globs.
- Use target_compile_options to specify -DNO_MAIN_DRIVER for the unit_test target.
2020-10-19 16:38:51 -05:00
31b6c507f9
Tweak CMakeLists.txt
...
- Add generated CMake files/directories to .gitignore.
- Use lowercase for CMake commands, UPPERCASE for variables.
- Favor the CMake "option" command over SET(... CACHE BOOL ...).
- Use CMAKE_CURRENT_SOURCE_DIR in place of CMAKE_CURRENT_BINARY_DIR.
- Use CMAKE_USE_PTHREADS_INIT instead of CMAKE_HAVE_PTHREAD_H.
- Use target_include_directories on the wolfssl library target instead of include_directories.
2020-10-19 16:07:48 -05:00
86b2118550
Address some cppcheck issues
2020-10-19 11:47:53 -07:00
48f4b927f6
wc_port.h: fix threshold of change in __kernel_time_t typedef from kernel 5.0.0 to 5.5.0 to accommodate Ubuntu 20.02 (kernel 5.4) -- see 2a785996cc (diff-2cd5bedb19d5e0a575d6f73a6c3290ecf8d9c01eb7567ba6fa282cb1b0ce2d54)
2020-10-19 13:27:00 -05:00
cd05ed3347
iDH Fix
...
1. Changed the bounds of checking the key from comparisons to constants
to comparisons against WOLFSSL object settings for the DH key bounds.
2. Removed redundant bounds check on the server's prime.
2020-10-19 08:08:04 -07:00
79dea1c85c
add test-servercert-rc2.p12 to include.am
2020-10-19 08:01:19 -06:00
147cb8e60c
Jenkins scope fixes
2020-10-19 12:46:11 +02:00
f0d400a506
Merge pull request #3401 from kojo1/EVPcipher_tbl
...
cipher_tbl for EVP_get_cipherbyname
2020-10-19 14:28:59 +10:00
a87f7c9185
cipher_tbl for EVP_get_cipherbyname
2020-10-19 06:17:15 +09:00
4f8c2b971f
Move the binSz check variable to a spot where it is only declared in the same condition it is used and initialize it to zero.
2020-10-17 19:07:44 -07:00
fc86e6a960
Fix a double error return.
2020-10-16 18:18:47 -07:00
ec0aab1a23
DH Fix
...
1. Check the length values for the DH key domain and public key in the
server key exchange message to make sure they are within the bounds
set by the configuration. (Minimum key size is 2048 bits for DH.)
2020-10-16 16:28:27 -07:00
85b4170047
Fix for TLS sniffer with non-standard curves. If curve not provided in key share data, then use private key curve. ZD 11128.
2020-10-16 16:13:42 -07:00
fbd98be7af
Fixes for --enable-asynccrypt tests after PR #3244 .
2020-10-16 15:55:17 -07:00
4364700c01
DH Fix
...
These changes fix several fuzz testing reports. (ZD 11088 and ZD 11101)
1. In GetDhPublicKey(), the DH Pubkey is owned by the SSL session. It
doesn't need to be in the check for weOwnDh before freeing. There
could be a chance it leaks.
2. In GeneratePublicDh() and GeneratePrivateDh(), the size of the
destination buffer should be stored at the location pointed to by the
size pointer. Check that before writing into the destination buffer.
3. Ensure the size of the private and public key values are in the size
value before generating or getting the DH keys.
2020-10-16 15:35:23 -07:00
d4bbe529fb
switch RC2 struct name to Rc2 for consistent camel case across algorithms
2020-10-16 15:19:47 -06:00
062df01737
add PKCS12 RC2 test case, example p12 bundle
2020-10-16 12:02:20 -06:00
2c0f4b619e
add RC2-40-CBC support to PKCS#12 parsing
2020-10-16 12:02:20 -06:00
0854efe168
add API unit tests for RC2
2020-10-16 12:02:20 -06:00
a6923ff100
initial implementation of RC2-CBC
2020-10-16 12:02:16 -06:00
4c75037bdb
initial implementation of RC2-ECB
2020-10-16 12:00:56 -06:00
b58ea5842a
wolfSSL RC2 template.
2020-10-16 11:46:40 -06:00
24030d5f32
Move globalRNG and co to ssl.c
2020-10-16 17:33:28 +02:00
ab88ab160c
Merge pull request #3395 from douzzer/misc-fixes-20201015
...
misc fixes for coverage and buildability
2020-10-16 07:28:48 -07:00
aeb44c5352
FIPS ARMASM: get build working
2020-10-16 16:41:18 +10:00
07e69829d7
TLS 1.3 PSK: fix for session ticket timeout
...
Return straightaway if the ticket is out of date.
Need to fallback to full handshake.
2020-10-16 14:48:29 +10:00
a595e3cc48
Merge pull request #3394 from ejohnstown/wolfssh-update
...
wolfSSH Update
2020-10-16 09:08:37 +10:00
60b0b0170b
TLS OCSP Stapling: MUST staple option
...
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
2020-10-16 09:03:27 +10:00
9793414d78
Merge pull request #3381 from SparkiDev/ecc_ct_fix
...
ECC mulmod: some curves can't do order-1
2020-10-15 14:46:46 -07:00
eb7a79aa5e
misc fixes for coverage and buildability: add MD2 to --enable-all*; fix spelling of "Sno" to "no" for $ENABLED_BLAKE2S default; when ENABLED_QSH add -DWOLFSSL_STATIC_DH -DWOLFSSL_STATIC_PSK (relates to ZD11073); add missing gating for !defined(WOLFSSL_DEVCRYPTO) in api.c:test_wc_Sha256FinalRaw(); fix tests/api.c:IsValidCipherSuite() to build under gcc10 (relates to ZD11073).
2020-10-15 15:05:29 -05:00
69ac13c2e9
wolfSSH Update
...
Originally, wolfSSH required some algorithms to be enabled in wolfCrypt
to work correctly. wolfSSH is now more flexible with how wolfCrypt is
configured, and these combinations do not have to be restricted.
2020-10-15 11:37:31 -07:00
49b3fb21c8
Merge pull request #3391 from ejohnstown/autoconf-fix
...
Automake Fixes
2020-10-15 10:12:27 -07:00
134e1be189
TLS session tickets: cannot share between TLS 1.3 and TLS 1.2
...
When parsing ticket, check TLS version to see whether they are version
compatible.
2020-10-15 13:02:06 +10:00
c2bb359eb4
Automake Fixes
...
1. A couple cert scripts don't need to be included in the makefile or the distribution.
2020-10-14 17:23:58 -07:00
f69fa13e02
Merge pull request #3357 from guidovranken/StoreECC_DSA_Sig-fix
...
Improve StoreECC_DSA_Sig bounds checking
2020-10-14 16:53:46 -07:00
b18d43abb9
Fix for possible uninitialized use of prev.
2020-10-14 15:52:51 -07:00
026ba4e750
Merge pull request #3368 from dgarske/zd11057
...
Fix for possible malformed encrypted key with DES3 causing negative length
2020-10-14 15:32:48 -07:00
751f64b4aa
Fix for OCSP single response last optional part handling and restore original size arg since its required for the ASN elements.
2020-10-14 14:55:18 -07:00
10b1884993
Added support for handling an OCSP response with multiple status responses.
2020-10-14 14:47:24 -07:00
1c4b15d427
Merge pull request #3369 from dgarske/sniffer_ccm
...
Add AES CCM support to sniffer
2020-10-14 14:31:57 -07:00
8898abcc99
Merge pull request #3378 from dgarske/zd11085
...
Fixes SSLv3 use of ECDH in sniffer
2020-10-14 14:30:15 -07:00
3f4bf9144b
Merge pull request #3366 from SparkiDev/pkcs11_lookup
...
PKCS #11 : improve key lookup
2020-10-14 14:22:56 -07:00
5ac3e7d542
Process multiple ocsp responses
2020-10-14 01:10:07 -07:00
232028d03b
Merge pull request #3386 from ejohnstown/dh-maint
...
Fuzz Fix
2020-10-13 15:47:11 -07:00
b68828d3c9
Merge pull request #3361 from tmael/ocsp-nocheck
...
Add support for id-pkix-ocsp-nocheck
2020-10-13 15:46:02 -07:00
048a3a8d5b
Merge pull request #3374 from JacobBarthelmeh/Testing
...
NO_FILESYSTEM build on Windows
2020-10-13 13:26:46 -07:00
422683f4c3
Fuzz Fix
...
GetPublicDhKey() assumes the ssl session owns the DH public key parts, and
tries to free them. They belong to the CTX initially, so it shouldn't be
freeing them, necessarily.
1. Add a check for weOwnDh first, then free the buffers if needed.
2. If there is a problem reading the keys, free the new buffers before exiting.
3. Set weOwnDh once the buffers and values have been stored
successfully.
2020-10-13 10:15:58 -07:00
6aa0eacc62
use correct key buffer for example private key
2020-10-13 09:26:54 -06:00
f0db2c177e
ECC mulmod: some curves can't do order-1
...
Change implementation of timing resistant scalar multiplication to use
Joye double-add ladder.
No longer have fake operations being performed therefore can remove the
order adding operations.
Still need to check for boundary condition: order-1 wil not work with
SECP256K1 as it results in an add of order/2 and (order/2)+1 times base
point which are the negatives of each other. The sum is infinity and not
handled by maths.
Added mp_cond_swap_t - Conditionally swap in constant time.
2020-10-13 09:55:35 +10:00
0d685e4f28
Merge pull request #3358 from douzzer/wolfSSL_get_ocsp_producedDate
...
add wolfSSL_get_ocsp_producedDate().
2020-10-12 15:21:10 -07:00
de6164df5a
Merge pull request #3382 from ejohnstown/aes-clear
...
AES Clear Temp
2020-10-12 15:17:00 -07:00
4396e10500
Merge pull request #3379 from ejohnstown/mfix
...
Maintenance Fixes
2020-10-12 14:53:56 -07:00
1f78297c5c
Merge pull request #3372 from miyazakh/Renesas_APRA6M
...
added set up guide for APRA6M board
2020-10-12 14:23:06 -06:00
2a1efda140
Merge pull request #3380 from kojo1/mqx
...
minor fix for MQX, Kinetis
2020-10-12 14:03:20 -06:00
8826823724
In ACVP testing NIST needs to see failed decryption output
2020-10-12 12:05:44 -06:00
5ead4386b3
AES Clear Temp
...
ForceZero()'ed a couple local variables that have keying material at some point.
2020-10-12 10:30:34 -07:00
0ca202f389
Rename SKIP_SUITE to something more descriptive. Add some comments.
2020-10-12 09:49:02 -07:00
a4bfa0dec7
Add support for id-pkix-ocsp-nocheck
2020-10-11 19:47:50 -07:00
ce97eadae1
fix for MQX
2020-10-11 06:57:33 +09:00
9de5eea1d9
configure.ac: supplement AC_CHECK_FUNCS() (function link test) with AC_CHECK_DECLS() (function declaration test) to avoid false positives. fixes various build failure modes.
2020-10-09 22:18:51 -05:00
bf59d169dd
Update include.am to include new README files
2020-10-10 09:57:05 +09:00
a05a305d70
Fix unused parameters in SKIP_SUITE.
2020-10-09 15:59:14 -07:00
6cfb038d11
Fix a bad ifdef.
2020-10-09 15:54:44 -07:00
2d85061c47
Maintenance Fixes
...
Improve the reporting of the NTRU based cipher suites with the function
wolfSSL_sk_CIPHER_description().
2020-10-09 15:01:39 -07:00
d8299e2764
Maintenance Fixes
...
When building the list of ciphers with wolfSSL_get_ciphers_compat(),
skip the fake indicator ciphers like the renegotiation indication
and the quantum-safe hybrid since they do not have encryption or mac
algorithms associated to them.
2020-10-09 15:01:38 -07:00
aeeeb666a7
Maintenance Fixes
...
1. The test_wolfSSL_X509V3_EXT_print() test was using stderr for output,
changed to stdout.
2. A call to XFREAD wasn't typecasting its output to the size of the
variable getting the output in decodedCertCache_test().
2020-10-09 15:01:32 -07:00
724eb96047
Merge pull request #3377 from douzzer/PR3371
...
fix pkcs7compressed_test() (test gated on HAVE_LIBZ), broken by PR#3244.
2020-10-09 15:00:15 -07:00
f3fbb921c0
Fixes SSLv3 use of ECDH. The public key length byte needs to be skipped for import with SSLv3 and TLS (not TLS v1.3). ZD 11085
2020-10-09 12:01:41 -07:00
29d4de6307
fix pkcs7compressed_test() (test gated on HAVE_LIBZ), broken by PR#3244.
2020-10-09 12:42:14 -05:00
bfb10ddfb5
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
3e69318ac7
Merge pull request #3373 from danielinux/imx-rt1060-shaonly-fix
...
Fixed SHA256 support for IMX-RT1060
2020-10-09 09:30:11 -07:00
9cb2c9f1ac
Fixed SHA256 support for IMX-RT1060
2020-10-09 13:36:53 +02:00
1765eeddb2
added set up guide for APRA6M board
...
added TLS 1.3 settings into user_settings.h
2020-10-09 19:52:20 +09:00
570f55a0e3
wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac.
2020-10-08 23:26:28 -05:00
7a77b6d990
rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true).
2020-10-08 22:47:16 -05:00
e162d0f889
add wolfSSL_get_ocsp_producedDate().
2020-10-08 22:47:16 -05:00
4d11e3c83b
Merge pull request #3365 from SparkiDev/ticket_align
...
SSL session ticket: decrypted ticket access aligned
2020-10-08 15:01:41 -07:00
8bc3d33c4e
Merge pull request #3360 from SparkiDev/ecc_safe_add
...
ECC add points: more cases where add point is a double or infinity
2020-10-08 14:55:04 -07:00
f0c5fb76bb
Merge pull request #3359 from ejohnstown/tfm-read-radix-16
...
TFM Read Radix 16 OOB Read
2020-10-08 14:52:42 -07:00
c69e9927fa
Merge pull request #3354 from SparkiDev/mac_arm_asm_2
...
ARM ASM ChaCha20: Fix calc of left over bytes
2020-10-08 14:49:33 -07:00
6b4b92a549
Merge pull request #3356 from embhorn/zd11044
...
Allow wolfSSL_EVP_get_hashinfo with x509small
2020-10-08 14:48:28 -07:00
e0f3ceefa2
Merge pull request #3349 from vaintroub/remove_gccism
...
#3348 - Fix MSVC build
2020-10-08 14:47:15 -07:00
8a57eead51
Add AES CCM support to sniffer. ZD 11078.
2020-10-08 13:58:31 -07:00
d33d100526
Fix for possible malformed encrypted key with DES3 causing negative length. If length is less than DES_BLOCK_SIZE then it could result in a negative der->length. ZD 11057
2020-10-08 13:07:07 -07:00
46f8f53268
Merge pull request #3367 from kaleb-himes/NTRU_MAINTENANCE
...
Fix NTRU + QSH build
2020-10-08 14:04:21 -06:00
d9eaeb4a3b
Fix NTRU + QSH build
2020-10-08 09:13:00 -06:00
15aa0a2f8c
PKCS #11 : improve key lookup
...
Refactor the find key by template to eliminate duplicate code.
Improve documentation.
Add more informative debugging information.
2020-10-08 13:36:30 +10:00
4f6c1db9a2
Merge pull request #3355 from douzzer/enable-more-all
...
--enable-all coverage update, plus --enable-all-crypto and --enable-linuxkm-defaults
2020-10-08 09:52:56 +10:00
257551b134
ECC add points: more cases where add point is a double or infinity
...
Extract method to perform safe point add (handling double and infinity
result).
Replace all instances of the extracted code.
2020-10-08 09:26:10 +10:00
8d82fb2add
SSL session ticket: decrypted ticket access aligned
...
Decrypted session ticket using encrypted ticket buffer.
Alignment not correct on platforms requiring 32-bit aligned access.
Copy the decrypted data into temporary for access.
Also zeroize the unencrypted tickets after use.
2020-10-08 08:56:49 +10:00
270da3c33c
Merge pull request #3364 from dgarske/zd11064
...
Fix for sniffer without TLS v1.3
2020-10-08 08:10:21 +10:00
4f3632c7a6
Fix for sniffer without TLS v1.3 (--enable-sniffer --disable-tls13). ZD11064.
2020-10-07 11:08:05 -07:00
1c492dc0b6
cosmetic cleanups.
2020-10-06 22:14:08 -05:00
413b0d171d
TFM Read Radix 16 OOB Read
...
Change the location of the update of the write index when in
fp_read_radix_16(). It will do multiple writes into a word, and update
the index when the word is full and there is more to write. If there
isn't more to write, the index isn't incremented. This ensures the used
value in the mp_digit is correct, and not off-by-one when the last word
is full.
2020-10-06 17:03:03 -07:00
4c5c1d5dac
Improve StoreECC_DSA_Sig bounds checking
2020-10-06 23:11:50 +02:00
6bc34cb1a8
Allow wolfSSL_EVP_get_hashinfo with x509small
2020-10-06 11:18:08 -05:00
a7fdfbaf40
Passing scr-app-data in to -i to client sends a message during SCR
...
Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-10-06 17:28:23 +02:00
c18f7010cf
configure.ac: remove enable_apachehttpd and enable_secure_renegotiation from new --enable-all (valgrind woes).
2020-10-02 18:54:45 -05:00
84ee1509b7
Merge pull request #3311 from tmael/neclab
...
Update release notes
2020-10-02 15:50:20 -06:00
d900e57ae4
improve --enable-linuxkm-defaults fidelity.
2020-10-01 18:07:48 -05:00
232eb6a620
Merge pull request #3323 from danielinux/nxp_imxrt_dcp
...
Added support for NXP DCP (i.MX-RT series)
2020-10-01 16:44:58 -06:00
a522207b14
fix memory leaks in src/internal.c:DoSessionTicket() and testsuite/testsuite.c:file_test().
2020-10-01 14:38:26 -05:00
2ed8f93592
src/internal.c: fix memory leaks in ProcessPeerCerts() and GetDhPublicKey().
2020-10-01 14:38:26 -05:00
7fb8457459
fix whitespace.
2020-10-01 14:38:26 -05:00
c37ba164bf
configure.ac: don't include enable_certgencache=yes in --enable-all[-crypto] feature sets, to avoid memory leak false alarms.
2020-10-01 14:38:26 -05:00
24b20352f8
configure.ac: refactor-for-clarity enable-all[-crypto] feature selection logic conditionalized on sp-math and linuxkm.
2020-10-01 14:38:26 -05:00
a3185310ca
tests/api.c: clean up and parameterize key/buffers sizes in test_wc_CheckProbablePrime().
2020-10-01 14:38:26 -05:00
70474659a0
wc_ShaFinal(): remove superfluous ret=0 when WOLF_CRYPTO_CB, complained by PRB-scan-build-distro-check.
2020-10-01 14:38:26 -05:00
fd3815c708
configure.ac: include enable_xchacha in --enable-all-crypto.
2020-10-01 14:38:26 -05:00
a4bd213099
configure.ac: improve --enable-all coverage and make it compatible with --enable-sp-math, add --enable-all-crypto (crypto-only subset of --enable-all), and add --enable-linuxkm-defaults ("Enable feature defaults for Linux Kernel Module").
2020-10-01 14:38:26 -05:00
79978f5c7a
ecc_check_pubkey_order(): add missing braces.
2020-10-01 14:38:26 -05:00
3ef242e889
tests/api.c: change RSA keysize from 1024 to 2048 for sp-math compatibility, in test_wc_CheckProbablePrime(), test_wc_CheckProbablePrime(), test_wc_RsaPSS_Verify(), test_wc_RsaPSS_VerifyCheck(), test_wc_RsaPSS_VerifyCheck(), test_wc_RsaPSS_VerifyCheckInline(), and test_wolfSSL_DC_cert().
2020-10-01 14:38:26 -05:00
cec3d542d1
Rework of DCP after reviewer's comments.
...
- using wolfSSL_CryptHwMutexLock/UnLock as DCP mutex.
- fixed AES Free
- using separate per-channel key store
2020-10-01 11:36:03 -07:00
ce62f46442
Fixed comments
2020-10-01 11:36:03 -07:00
9244bbbf83
NXP-DCP: Fixed AES-GCM setkey; added AES direct.
2020-10-01 11:36:03 -07:00
05098f7ab8
Reentrant DCP driver. DCP protected by mutex.
2020-10-01 11:36:03 -07:00
a07f9ded63
Added support for NXP DCP (i.MX-RT series)
2020-10-01 11:36:03 -07:00
050252e5d4
Merge pull request #3340 from kabuobeid/fsanitize_thread
...
Fix issues found by -fsanitize=thread.
2020-10-01 11:28:05 -07:00
d59784e646
Fix issues found by -fsanitize=thread.
2020-09-30 14:24:20 -07:00
20d28e1b65
Merge pull request #3221 from julek-wolfssl/wolfSSL_dtls_import-const-buf
...
Change buffer in wolfSSL_dtls_import to be const
2020-09-30 10:45:25 -07:00
bb6c612209
Merge pull request #3312 from kabuobeid/apple_arm64
...
Added instructions for building for Apple ARM64.
2020-09-30 10:44:22 -07:00
74259fe9ce
Merge pull request #3351 from dgarske/sniffer_sesstick
...
Fix for sniffer with TLS v1.2 session ticket
2020-09-30 10:42:56 -07:00
9bfe4f1fb2
Merge pull request #3341 from SparkiDev/fp_sqr_size
...
TFM mp_sqr: error on number overflow
2020-09-30 10:35:01 -07:00
f76165a3fa
ARM ASM ChaCha20: Fix calc of left over bytes
2020-09-30 15:57:33 +10:00
a1991da458
TFM mp_sqr: error on number overflow
...
Change mp_sqr to return an error if the result won't fit into the fixed
length dp.
2020-09-30 08:54:20 +10:00
0a791a957e
Added instructions for building for Apple ARM64.
2020-09-29 15:12:34 -07:00
fc988ad3e7
Merge pull request #3325 from julek-wolfssl/openssl-compat-aes-gcm-2-part-aad
...
Buffer AAD in wolfSSL_EVP_CipherUpdate_GCM so that whole value is hashed
2020-09-29 13:46:44 -07:00
d415bbf2eb
Merge pull request #3346 from SparkiDev/mac_arm_asm
...
ARM asm: fixes for compiling on Mac and ChaCha20 streaming
2020-09-29 13:36:13 -07:00
3e0d478543
Fix for sniffer with TLS v1.2 session ticket. Logic broken in PR #3044 . ZD 10926.
2020-09-29 11:11:32 -07:00
2153009efa
Fix access violation in Visual Studio Test
2020-09-29 19:47:58 +02:00
efe7c42775
Fix MSVC build
...
Don't use GCC-specific extensions
Fixes #3348
2020-09-29 18:00:21 +02:00
52be7c94b8
Introduce thread safety to unsafe functions in wolfSSL
...
Add warnings to one shot hash functions
2020-09-29 16:29:45 +02:00
78e003e7de
Plug leak
2020-09-29 12:24:59 +02:00
66ed9b1522
ARM asm: fixes for compiling on Mac and ChaCha20 streaming
...
Don't set the CPU to generic on Mac.
Implement streaming for ChaCha20.
2020-09-29 13:38:02 +10:00
46b9531bec
Merge pull request #3345 from dgarske/sp_spell
...
Fix spelling error and sync with latest scripts
2020-09-29 08:46:52 +10:00
30a74e0597
Merge pull request #3343 from ejohnstown/test-ecc521
...
Test ECC-521 Only
2020-09-28 14:06:42 -07:00
07f6c19156
Update EVP_CIPHER to handle multi-part AAD
2020-09-28 20:42:23 +02:00
a85c93e44a
Fix spelling error and sync with latest scripts.
2020-09-28 10:41:31 -07:00
d01dae00bc
Merge pull request #3342 from SparkiDev/arm64_clang_fix
...
SP ARM64: Fix assembly for clang
2020-09-28 09:57:19 -07:00
dbf18b8532
Test ECC-521 Only
...
Update benchmark and wolfcrypt test to support using only ECC-521 in a custom curve list.
2020-09-28 09:22:24 -07:00
d143015059
Merge pull request #3336 from ethanlooney/26th_branch
...
Added unit test for Des3
2020-09-28 10:14:31 -06:00
942168c62d
Add decrypt tests
2020-09-28 15:59:50 +02:00
b61b3e34dd
SP ARM64: Fix assembly for clang
...
clang doesn't auto correct size of register (declared byte n but 64-bit
usage)
clang doesn't always handle use of x29 (FP or Frame Pointer) in inline
assembly code correctly - reworked sp_2048_sqr_8 to not use x29.
2020-09-28 12:35:58 +10:00
7d33312f4b
Merge pull request #3339 from ejohnstown/dtls-flag
...
DTLS Flag
2020-09-25 17:05:22 -07:00
e1f54b1df1
Merge pull request #3296 from dgarske/sniffer_fixes
...
Fixes for Sniffer (Max Fragment, ECC Static and SNI)
2020-09-25 12:50:07 -07:00
8266680ab7
Merge pull request #3338 from SparkiDev/dh_fips3
...
DH EXTRA test: Disable DH test unless not FIPS or FIPS > 2
2020-09-25 12:42:40 -07:00
e49505fbb8
Added key free
2020-09-25 13:42:19 -06:00
6f1d626671
Merge pull request #3337 from SparkiDev/evp_xts_3
...
EVP AES XTS: check correct define
2020-09-25 12:42:09 -07:00
2d97acadc9
Merge pull request #3331 from dgarske/armasm
...
Fixes for ARM ASM and API unit test bad build macros
2020-09-25 12:41:30 -07:00
b36877c20b
DTLS Flag
...
Fix an ifdef flag that should have been WOLFSSL_DTLS, not HAVE_DTLS.
2020-09-25 10:49:34 -07:00
84f0fc56ef
check ClientWrite return
2020-09-25 11:35:23 +02:00
7e38b6bee6
Test 2 part GCM data and EVP context re-use
2020-09-25 11:03:58 +02:00
c798c7f396
DH EXTRA test: Disable DH test unless not FIPS or FIPS > 2
...
statickeys/dh-ffdhe2048.der is an alternate format that is supported
when WOLFSSL_DH_EXTRA is defined.
The decoding is not supported when FIPS and FIPS version is less than 3.
Fix test to not use file unless not FIPS or FIPS > 2.
2020-09-25 11:41:59 +10:00
d514189710
EVP AES XTS: check correct define
...
HAVE_AES_CTX -> WOLFSSL_AES_XTS
2020-09-25 11:17:04 +10:00
5ef5c279b5
Fix for previous max fragment commit to correctly process a TLS packet with multiple handshake messages. Fix to free the wolfSSL objects first then wolfSSL_CTX.
2020-09-24 15:53:12 -07:00
bbaf4090b8
Fixes for sniffer when using static ECC keys. Adds TLS v1.2 ECC key fallback detection and fixes new ECC RNG requirement for timing resistance.
2020-09-24 15:03:26 -07:00
4662690fdc
Added unit test for Des3
2020-09-24 14:05:14 -06:00
7cfbc598ed
Fix to not assume TLS v1.3 based on extended key share extension.
2020-09-24 13:05:01 -07:00
bc960a9c25
Fix for sniffer with SNI enabled to properly handle WOLFSSL_SUCCESS error code in ProcessClientHello. ZD 10926
2020-09-24 13:05:01 -07:00
adedde7d16
Fix to not treat cert/key not found as error in myWatchCb and WOLFSSL_SNIFFER_WATCH. The key can be pased as argument to ./snifftest and if built with sniffer watch let's keep trying to parse instead of throwing an error.
2020-09-24 13:05:01 -07:00
7e2d44ba9a
Fix possible unused rhSize.
2020-09-24 13:05:01 -07:00
b5163bd1fa
Added support for 802.11Q VLAN frames. Fix build error with unused "ret" when building with WOLFSSL_SNIFFER_WATCH. Fixed bad characters in sniffer README.md configure example.
2020-09-24 13:05:01 -07:00
ce1c1fe0a6
Fix for sniffer using HAVE_MAX_FRAGMENT in "certificate" type message. ZD 10903
2020-09-24 13:05:01 -07:00
1668f6f626
Merge pull request #3244 from douzzer/20200820-linuxkm
...
Linux Kernel Module support
2020-09-24 12:57:22 -07:00
1eed409bdf
Merge pull request #3332 from SparkiDev/sp_cortexm_fix_1
...
SP Cortex-M4 assembly: Fix for GCC compile
2020-09-24 12:55:21 -07:00
1e293e4be4
Merge pull request #3321 from SparkiDev/evp_xts_2
...
EVP CIPHER: fix block size, mode and table
2020-09-24 12:49:38 -07:00
d75d3108b0
Merge pull request #3314 from SparkiDev/evp_hmac_sha3
...
Test wolfSSL_HMAC with SHA-3
2020-09-24 12:48:40 -07:00
b3fc5eb254
Merge pull request #3326 from ethanlooney/25th_branch
...
Added unit tests for PKCS7
2020-09-24 13:33:57 -06:00
679b107044
Merge pull request #3333 from miyazakh/espidf_pkcs7
...
add user settings of pkcs7 for ESP-IDF port
2020-09-24 09:58:00 -06:00
6780e5eb0b
Merge pull request #3290 from ethanlooney/22nd_branch
...
Added unit tests for RSA.c
2020-09-24 09:54:11 -06:00
a22b2085b1
add settings for pkcs7
...
add wrapper to check the return value of snprintf
fixed unit test
fixed uninitialized variable
2020-09-24 17:20:45 +09:00
3adb64b196
Merge pull request #3330 from ejohnstown/tfm-no-64bit
...
TFM NO 64-BIT
2020-09-23 18:47:48 -07:00
ec59acbae0
SP Cortex-M4 assembly: Fix for GCC compile
...
b<cond>.n not allowed with GCC.
Fix sizeof to use tmp_arr not tmp which is now a pointer.
2020-09-24 11:03:50 +10:00
09b9ac8b86
add AM_CONDITIONAL([BUILD_DEBUG],...) to configure.ac, and use it to gate inclusion of wolfcrypt/src/debug.c in src/include.am; remove superfluous includes from wolfcrypt/src/debug.c.
2020-09-23 18:32:17 -05:00
6a3da9477e
fix --enable-stacksize[-verbose] (HAVE_STACK_SIZE[_VERBOSE]) to work correctly in testsuite.c.
2020-09-23 18:32:17 -05:00
38cb4a2d69
blake2{b,s}.c: return and propagate meaningful error codes.
2020-09-23 18:32:17 -05:00
fda22f851a
random.c: use "DRBG_internal", not "__DRBG", for typedef struct DRBG_internal, to avoid possible conflict with reserved-label restrictions with some compilers.
2020-09-23 18:32:17 -05:00
6a7a87545a
wc_MakeRsaKey(): add missing allocation failure checks for WOLFSSL_SMALL_STACK.
2020-09-23 18:32:17 -05:00
0f3283ce7b
add wc_curve25519_generic().
2020-09-23 18:32:17 -05:00
4742a17006
configure.ac: move AC_ARG_ENABLE([linuxkm] before AC_ARG_ENABLE([filesystem], and add ENABLED_FILESYSTEM_DEFAULT=no when ENABLED_LINUXKM.
2020-09-23 18:32:17 -05:00
529549f117
settings.h: protect against double definitions in _LINUXKM case.
2020-09-23 18:32:17 -05:00
fc592e8434
tests/api.c: in test_wc_PKCS7_BER(), provide for !NO_DES3 && !NO_RSA && WOLFSSL_SP_MATH case.
2020-09-23 18:32:16 -05:00
10bf7a2086
examples/: fix undersized array lengths in client_usage_msg and server_usage_msg.
2020-09-23 18:32:16 -05:00
8a6216363d
ecc.c: add (void)rng to wc_ecc_mulmod_ex2() to cover WOLFSSL_SP_MATH case.
2020-09-23 18:32:16 -05:00
a571378b5f
blake2.h/blake2b.c: fix typos.
2020-09-23 18:32:16 -05:00
0c9ba76a93
fix rebase error on aes.c
2020-09-23 18:32:16 -05:00
60506af5f5
add WOLFSSL_API wrappers wc_InitBlake2b_WithKey(), wc_InitBlake2s_WithKey(), and wc_curve25519_make_priv().
2020-09-23 18:32:16 -05:00
c0823c8a7e
Refactor of AES wc_AesSetKeyLocal and wc_AesSetKey for software only use. Added missing aes argument check on wc_AesSetKeyDirect.
2020-09-23 18:32:16 -05:00
a75f88cbcd
wolfssl/test.h: gate strerror() in err_sys_with_errno() on HAVE_STRING_H && HAVE_ERRNO_H as in PR #3291 .
2020-09-23 18:32:16 -05:00
bf054838a1
wc_port.h: WOLFSSL_LINUXKM: fix typo in WOLFSSL_ARMASM definition of RESTORE_VECTOR_REGISTERS().
2020-09-23 18:32:16 -05:00
da6a5566b6
wc_port.h: for WOLFSSL_LINUXKM, gate kernel includes and libwolfssl-specific preprocessor directives on BUILDING_WOLFSSL, to avoid disrupting environment for builds of other kernel components.
2020-09-23 18:32:16 -05:00
185994cb0b
scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh.
2020-09-23 18:32:16 -05:00
8b53b181dd
add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET.
2020-09-23 18:32:16 -05:00
1c3415e26f
wolfssl/test.h:err_sys_with_errno(): printing the errno msg seems to blow up all the parse tests, so only do it when -DDEBUG_TEST_ERR_SYS_WITH_ERRNO.
2020-09-23 18:32:16 -05:00
1ebd851b2e
wolfssl/test.h: if SO_REUSEPORT is defined, use it in tcp_listen() and udp_accept(). also, add err_sys_with_errno(), identical to err_sys() unless defined(HAVE_STRING_H) && defined(HAVE_ERRNO_H), in which case strerror(errno) is appended to the rendered message. changed to use err_sys_with_errno() wherever applicable.
2020-09-23 18:32:16 -05:00
62bbef2f2e
wolfcrypt/test/test.c: add missing gating for -DBENCH_EMBEDDED.
2020-09-23 18:32:16 -05:00
92fa0f18f0
Makefile.am: use an aux variable to add linuxkm to $SUBDIRS when BUILD_LINUXKM is true, to avoid recursion into linuxkm/ for "make distdir". solution by John Safranek, with a million thanks.
2020-09-23 18:32:16 -05:00
291febb270
configure.ac: clean up AC_ARG_ENABLE() for linuxkm, and make AC_ARG_WITH for linux-source and linux-arch unconditional.
2020-09-23 18:32:16 -05:00
2609fa9aeb
test.c:rsa_test(): fix cpp gating for clearing of keypub buffer.
2020-09-23 18:32:16 -05:00
453698ba27
add explanatory comments for do_div(), used when WOLFSSL_LINUXKM.
2020-09-23 18:32:16 -05:00
8496a64ed4
linuxkm/Kbuild: the x86 _asm object files still reference "_GLOBAL_OFFSET_TABLE_", so they can't work in the kernel as-is.
2020-09-23 18:32:16 -05:00
7c2aefcfdd
linuxkm: enable the rest of the _asm implementations for x86, wrapped in {SAVE,RESTORE}_VECTOR_REGISTERS().
2020-09-23 18:32:16 -05:00
331fe47eb6
linuxkm: add ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE ASFLAGS_FPUSIMD_DISABLE ASFLAGS_FPUSIMD_ENABLE to facilitate erroring for unexpected fp/simd instructions in Kbuild, while allowing expected ones.
2020-09-23 18:32:16 -05:00
96fe6dc049
test.h: fix math in final "stack used" message when -DHAVE_STACK_SIZE_VERBOSE.
2020-09-23 18:32:16 -05:00
60a686f48c
tidying suggested by Sean in review.
2020-09-23 18:32:16 -05:00
a9cad51b65
sp_mod_word(): add unoptimized alternative if -U__GNUC__.
2020-09-23 18:32:16 -05:00
c8cd042bdd
configure.ac: for linuxkm, make --enable-sp-math the default, and add additional exclusions --enable-fastrsa and --with-libz.
2020-09-23 18:32:16 -05:00
5f972d2ae6
test.c: now that sp math is fixed and working in linuxkm, reenable prime_test() for WOLFSSL_LINUXKM, and add a small stack refactor for it.
2020-09-23 18:32:16 -05:00
fdbd6addd0
sp_int.c: add sp_mod_word() gated on WOLFSSL_SP_MOD_WORD_RP for runtimes lacking intrinsic support for int128 % int64; for linuxkm, use WOLFSSL_SP_DIV_WORD_HALF and the new WOLFSSL_SP_MOD_WORD_RP.
2020-09-23 18:32:16 -05:00
8f130f3642
test.c: tweaks to accommodate clang's belligerent -Wparentheses-equality.
2020-09-23 18:32:16 -05:00
447a238e8e
test.c: missed a _SMALL_STACK spot in rsa_ecc_certgen_test().
2020-09-23 18:32:16 -05:00
5bfb5a3a83
test.c: fix missed spot in rsa_certgen_test(), and do another _SMALL_STACK refactor of a missed object in rsa_ecc_certgen_test().
2020-09-23 18:32:16 -05:00
fdf87fe152
test.c: another missed spot.
2020-09-23 18:32:16 -05:00
ebca451c93
test.c: missed a spot -- inadvertently unused return value.
2020-09-23 18:32:16 -05:00
99501ffefd
m4/ax_linuxkm.m4: use test "$var" = "" construct, not test -z "$var", for maximal portability.
2020-09-23 18:32:16 -05:00
43c12ede50
ge448_double_scalarmult_vartime(): streamline WOLFSSL_SMALL_STACK refactor.
2020-09-23 18:32:16 -05:00
80961ea913
test.c:ecc_decode_test(): WOLFSSL_SMALL_STACK refactor
2020-09-23 18:32:16 -05:00
5801719ac3
wolfcrypt/src/asn.c:wc_GetKeyOID(): stack->heap refactor.
2020-09-23 18:32:16 -05:00
dbe0273bf4
test.c: additional WOLFSSL_SMALL_STACK refactoring, covering --enable-sp-math and various missed spots.
2020-09-23 18:32:16 -05:00
4f5bbbdca8
rsa.c:wc_CheckProbablePrime(): WOLFSSL_SMALL_STACK refactor
2020-09-23 18:32:16 -05:00
af6bd1d163
configure.ac: tidying linuxkm reqs/exclusions tests at end.
2020-09-23 18:32:16 -05:00
16267a1889
configure.ac: error when ENABLED_LINUXKM but $KERNEL_ARCH is empty (no default, no user value).
2020-09-23 18:32:16 -05:00
cd88a2c7df
wolfcrypt/test/test.c: when WOLFSSL_LINUXKM, don't do the large-malloc-incurring wc_scrypt()s in scrypt_test().
2020-09-23 18:32:16 -05:00
76cba38971
wolfcrypt/src/ge_448.c: redo small stack refactor of ge448_double_scalarmult_vartime(), so that when -UWOLFSSL_SMALL_STACK, code is effectively unchanged.
2020-09-23 18:32:16 -05:00
f4981d4c91
linuxkm/module_exports.c.template: include openssl compat layer headers in case user configuration needs them.
2020-09-23 18:32:16 -05:00
8331079c36
configure.ac: --enable-compkey gates in the recursive do_mp_jacobi(). mutex with --enable-linuxkm.
2020-09-23 18:32:16 -05:00
dc4b15a265
test.c: fix gating on heap deallocation in hc128_test() to match earlier tweak to gating on allocation.
2020-09-23 18:32:16 -05:00
b52d50d903
test.c: various improvements and fixes pursuant to dgarske's comments on PR #3244
2020-09-23 18:32:16 -05:00
a80b0c1982
test.c: don't exclude prime_test when -DOLD_PRIME_CHECK, but to exclude it when -DWOLFSSL_LINUXKM.
2020-09-23 18:32:16 -05:00
170322956b
wolfssl/test.h: polish implementation of HAVE_STACK_SIZE_VERBOSE, now enabled with --enable-stacksize-verbose; internal symbol renamed from original DEBUG_STACK_SIZE_VERBOSE, helper functions and macros refactored to be formally threadsafe and to track the overall high water mark (reports same "stack used" value as --enable-stacksize after final return); add "setting stack relative offset reference mark in funcname() to x" message at entry; add configure mutexing of --enable-stacksize[-verbose] relative to --enable-linuxkm.
2020-09-23 18:32:16 -05:00
63e3eae416
src/wolfio.c: update patch to wolfIO_HttpProcessResponse() (PR #3204 ).
2020-09-23 18:32:16 -05:00
b99908ae66
configure.ac: refactor test -z "${KERNEL_ROOT}" into "${KERNEL_ROOT}" = "", and remove new AM_CFLAGS="$AM_CFLAGS -msse4" (bringing back identical to logic in master) now that $CFLAGS_SIMD_ENABLE et al take care of it.
2020-09-23 18:32:16 -05:00
d033b1fe24
m4/ax_linuxkm.m4: add autosensing of -msse4.
2020-09-23 18:32:16 -05:00
5589565051
linuxkm: add autotools detection of usable compiler flags for enabling and disabling SIMD and fp registers and auto-vectorization, and integrate into linuxkm makefiles.
2020-09-23 18:32:16 -05:00
5d1bea4ff7
linuxkm/Makefile: rename KERNEL_OPT to KERNEL_EXTRA_CFLAGS.
2020-09-23 18:32:16 -05:00
767f1972e3
aes.{c,h}: move SIMD includes from aes.h to aes.c, to avoid compiler errors on other .c's compiled -mno-sse for linuxkm.
2020-09-23 18:32:16 -05:00
5504d9cd4e
linuxkm: dial in SIMD options in Kbuild; add boilerplate at the top of all files added for linuxkm.
2020-09-23 18:32:16 -05:00
4f38fb2f78
linuxkm/Kbuild: gate EXPORT_SYMBOL(wolfcrypt_test) on -UNO_CRYPT_TEST.
2020-09-23 18:32:16 -05:00
cd14cfb092
linuxkm: override-disable SIMD instructions for all .c.o's, with exceptions enumerated in Kbuild (currently only aes.c), and couple -msse with -fno-builtin-functions; export ENABLED_ASM for use as a pivot in Kbuild; use asm/i387.h, not asm/simd.h, for kernel_fpu_{begin,end}() protos.
2020-09-23 18:32:16 -05:00
3626332334
wolfcrypt/src/aes.c for linuxkm: add missing vector register push/pops.
2020-09-23 18:32:16 -05:00
87b2384cac
linuxkm settings.h: define NO_STDIO_FILESYSTEM
2020-09-23 18:32:16 -05:00
69052ff535
linuxkm: explanatory message and error exit on attempted make install.
2020-09-23 18:32:16 -05:00
e881d92366
add linuxkm/module_exports.c.template to linuxkm/include.am $EXTRA_DIST.
2020-09-23 18:32:16 -05:00
05bca8b0ee
when BUILD_LINUXKM, suppress building the library; rename $KROOT/$KARCH to $KERNEL_ROOT/$KERNEL_ARCH; remove SIMD enablement from linuxkm CFLAGS; add linuxkm support for -DKERNEL_OPT=x.
2020-09-23 18:32:16 -05:00
360c749703
add {SAVE,RESTORE}_VECTOR_REGISTERS() macros for kernel_fpu_{begin,end} when WOLFSSL_LINUXKM, to allow safe use of AESNI and SIMD instructions in the kernel.
2020-09-23 18:32:16 -05:00
2c564a7728
update .gitignore with more artifacts from linuxkm build.
2020-09-23 18:32:16 -05:00
9549a5f973
linuxkm: add linuxkm/module_exports.c.template, and autogenerate linuxkm/module_exports.c.
2020-09-23 18:32:16 -05:00
e8b69f8a6a
dh_test(): fix missing casts for XMALLOC().
2020-09-23 18:32:16 -05:00
7bc33f4ec1
linuxkm: retain noinline from kernel headers, and use it directly in wolfssl/wolfcrypt/sp.h.
2020-09-23 18:32:16 -05:00
9aa3a4c559
linuxkm/Kbuild: make dependency on get_thread_size order-only, to suppress frivolous rebuilds on kernel 4.x.
2020-09-23 18:32:16 -05:00
f440089e92
dh_test(): fix typo (undersized dynamic buffers).
2020-09-23 18:32:16 -05:00
8b19a9b58c
benchmark.c: fix always-true tests for DECLARE_VAR_IS_HEAP_ALLOC.
2020-09-23 18:32:16 -05:00
f106fea0d8
rsa_no_pad_test(): fix uninited pointer.
2020-09-23 18:32:16 -05:00
4ea8b46177
dh_test(): refactor remaining bare returns to ERROR_OUT().
2020-09-23 18:32:16 -05:00
2ee218761e
dh_test(): missed a spot in last commit.
2020-09-23 18:32:16 -05:00
ca1a991de5
wolfcrypt/test/test.c: fix an error-path leak in dh_test(), and deal with possible -Wdeclaration-after-statement for XFILE file.
2020-09-23 18:32:16 -05:00
a7381f8a48
test.c:rsa_test(): fix uninited pointer
2020-09-23 18:32:16 -05:00
6c32a730c2
more work on DECLARE_VAR -- fix allocation failure handling in bench_rsa_helper() to avoid uninitialized variables.
2020-09-23 18:32:16 -05:00
426de2101a
more work on DECLARE_VAR -- proper handling of failed allocations. WIP.
2020-09-23 18:32:16 -05:00
d8e71e8dd2
linuxkm/Kbuild: disable objtool on AESNI asm objects -- they work in the kernel as-is, despite "unannotated intra-function call" and "BP used as a scratch register" warnings.
2020-09-23 18:32:16 -05:00
3c91ce9342
wolfcrypt/src/sp_int.c: undo 8efb1142f1f2744ff128033df8a3a2d43e42fd93 to take dgarske's better wc_bigint_init()-based take on it (aa870861921a317cca9a978a75a7de127809e100).
2020-09-23 18:32:15 -05:00
d7450b85f7
linuxkm/Makefile: use -Wno-declaration-after-statement (needed for heapful DECLARE_VAR() et al).
2020-09-23 18:32:15 -05:00
c5d28c16b5
wolfcrypt/src/sp_int.c: clear whole struct in sp_init() and sp_init_multi(), to fix uninited pointer free()s in sp_free() when --enable-sp-math -DHAVE_WOLF_BIGINT.
2020-09-23 18:32:15 -05:00
9b7c753165
wolfssl/wolfcrypt/types.h: make DECLARE_VAR() et al use heap allocation not only when WOLFSSL_ASYNC_CRYPT but also when WOLFSSL_SMALL_STACK.
2020-09-23 18:32:15 -05:00
ce8f2e65de
wolfcrypt/src/sha256.c: undo c801de9d23c2f3348b84fdb8d893f81e6c3c2849 (dgarske has better&correct fix in 76e1760f915934bdc4911f3ae41abe6803ae094a).
2020-09-23 18:32:15 -05:00
571bf897c4
wolfcrypt/test/test.c: stack->heap refactor for dh_test().
2020-09-23 18:32:15 -05:00
66b59bda9b
Fix for expected fail test in openssl_test for partial block. Fix for mp_test with ECC disabled, which uses mp_init_copy.
2020-09-23 18:32:15 -05:00
0f8cf32122
Fix for possible leak in openssl_test because EVP free not called with WOLFSSL_SMALL_STACK_CACHE (SHA256/SHA512). Added return code checking to the openssl_test in wolfCrypt test.
2020-09-23 18:32:15 -05:00
32e30d23c6
wolfcrypt/test/test.c: fix uninitialized values in aesofb_test().
2020-09-23 18:32:15 -05:00
e09487de1f
sha256.c: add missing _SMALL_STACK_CACHE initialization in InitSha256().
2020-09-23 18:32:15 -05:00
922b023aea
wolfcrypt/src/random.c: rename the DRBG internal type __DRBG, because some customer is compiling libwolfssl with a "g++" override, which precludes typedefs and structs with different types but equal labels.
2020-09-23 18:32:15 -05:00
9611f7abfd
linuxkm/Makefile: add no-op distdir rule.
2020-09-23 18:32:15 -05:00
03fe9c15c0
linuxkm/Makefile: add do-nothing dist rule, and refactor setness tests for libwolfssl.ko to be make-dist-compatible.
2020-09-23 18:32:15 -05:00
f56c6d1d8f
wolfcrypt/test/test.c and wolfssl/test.h: implement DEBUG_STACK_SIZE_VERBOSE, measuring and reporting stack usage separately for each test. to use, ./configure --enable-stacksize && make CFLAGS+=-DDEBUG_STACK_SIZE_VERBOSE; also, remove a throwaway dev pragma that snuck into an earlier commit.
2020-09-23 18:32:15 -05:00
925afe3b74
cast XMALLOC() return values assiduously, for Visual Studio compatibility.
2020-09-23 18:32:15 -05:00
195b5d2d2c
lkm: add linuxkm/include.am, and include it in Makefile.am.
2020-09-23 18:32:15 -05:00
d86b0601b9
lkm: tweak Kbuild to work on 4.x (hardcoded fallback stack size); add linuxkm/get_thread_size.c.
2020-09-23 18:32:15 -05:00
c194fb3beb
lkm: add autodetection of kernel stack frame size; reactivate objtool scrutiny since _asm files are indeed not yet kernel-compatible; delete linuxkm/lkm_testcrypto.c and use wolfcrypt/test/test.c.
2020-09-23 18:32:15 -05:00
535822f4df
wolfcrypt/test/test.c: refactor for stack size and namespace control, allowing embedding of wolfcrypt_test() in kernel module.
2020-09-23 18:32:15 -05:00
f5975d95db
src/ssl.c: use heap for workspace in wolfSSL_X509_sign(), wolfSSL_d2i_RSAPrivateKey_bio(), and wolfSSL_CTX_use_RSAPrivateKey().
2020-09-23 18:32:15 -05:00
9ca94d6ca7
wolfcrypt/src/ge_448.c: refactor ge448_double_scalarmult_vartime() to use heap for workspace unless WOLFSSL_NO_MALLOC.
2020-09-23 18:32:15 -05:00
1735bd7430
lkm_testcrypto.c: refactor subtests at end of dh_test() to use ERROR_OUT() with proper codes.
2020-09-23 18:32:15 -05:00
217ec4ebd3
lkm: tweaks to self-test dynamics/messages.
2020-09-23 18:32:15 -05:00
554879da00
lkm: self-test working now (certain options, which ones TBD, crash kernel).
2020-09-23 18:32:15 -05:00
34fd53b4fc
linuxkm: WIP support for wolfcrypt_test() at module load time.
2020-09-23 18:32:15 -05:00
0c35998178
linuxkm/module_hooks.c: log "cleanup complete" at unload time.
2020-09-23 18:32:15 -05:00
92df5692b1
wolfcrypt/src/ecc.c: revert to commit g0fa5af9, which has all the necessary fixes.
2020-09-23 18:32:15 -05:00
0cfe9ca5d6
configure.ac: --enable-linuxkm: improved defaults and consistency checking.
2020-09-23 18:32:15 -05:00
92406e17ca
wolfssl/wolfcrypt/settings.h: for _LINUXKM, set WOLFSSL_SP_DIV_64 to help avoid gcc xdivti3() references.
2020-09-23 18:32:15 -05:00
5efdee4277
wolfssl/wolfcrypt/types.h: tweak _LINUXKM macros XMALLOC(), XFREE(), and XREALLOC() to dummy-use "heap" and "dynamic type" arguments.
2020-09-23 18:32:15 -05:00
add78dfba9
wolfcrypt/src/sp_int.c: add _LINUXKM do_div codepaths for a couple more 64 bit divisions, in sp_div_word() and sp_mod_d().
2020-09-23 18:32:15 -05:00
9ab1df690a
wolfcrypt/src/ecc.c: fix uncompilable !WOLFSSL_SP_MATH && WOLFSSL_SMALL_STACK_CACHE implementations of ecc_key_tmp_init() and ecc_key_tmp_free() (the latter misnamed ecc_key_tmp_final()).
2020-09-23 18:32:15 -05:00
836915d05f
linuxkm: configure.ac more incompatible options: --enable-fastmath, --enable-iopool, and --enable-fips; linuxkm/Makefile: reduce -Wframe-larger-than from 65536 to kernel-compatible 5000; wolfssl/wolfcrypt/settings.h: unset HAVE_THREAD_LS when WOLFSSL_LINUXKM; wolfssl/wolfcrypt/types.h: when NO_INLINE and __GNUC__, #define WC_INLINE __attribute__((unused)) rather than to nothing to avoid -Wunused-function warnings; wolfssl/wolfcrypt/wc_port.h: #undef noinline after Linux kernel header includes (another macro conflict).
2020-09-23 18:32:15 -05:00
03d5a4eadd
wolfcrypt/src/integer.c: mp_div_d(): refactor another 64 bit division to use do_div() when WOLFSSL_LINUXKM.
2020-09-23 18:32:15 -05:00
2a3fd57b36
linuxkm/Kbuild, linuxkm/module_hooks.c: tweaks for buildability on kernel 4.9 (may also fix build on 3.x).
2020-09-23 18:32:15 -05:00
2591479866
linuxkm: add macros mapping malloc(), free(), and realloc() to the kernel equivalents, don't set WOLFSSL_NO_MALLOC, and reduce -Wframe-larger-than= from 256k to 64k; tweak fix for HAVE_INTEL_RDSEED conflict with WOLFSSL_LINUXKM; add clean rule to linuxkm/Makefile.
2020-09-23 18:32:15 -05:00
911b23d2b4
configure.ac: check for incompatible combinations, and restore check for non-empty $KROOT when --enable-linuxkm.
2020-09-23 18:32:15 -05:00
2bcdfce6df
wolfcrypt/src/evp.c: tweak to silence gcc -Wmaybe-uninitialized.
2020-09-23 18:32:15 -05:00
dff5344d82
configure.ac: when --enable-asm (default on), for gcc amd64 target always include -msse4 even if not --enable-intelasm (it's needed for TFM_X86_64 inline asm).
2020-09-23 18:32:15 -05:00
c0d831ea3a
whoops, can't assert on non-empty "$(AM_CCASFLAGS)$(CCASFLAGS)" in linuxkm/Makefile -- they are often legitimately empty.
2020-09-23 18:32:15 -05:00
1aa15632ce
initial buildability of full libwolfssl.ko loadable kernel module for Linux via ./configure --enable-linuxkm && make.
2020-09-23 18:32:15 -05:00
0e480d1a14
Linux KM compilability cont'd: conform to C89isms (declarations before statements); iffdef WOLFSSL_LINUXKM use do_div() for long long division rather than C operator (avoids unresolvable compile-time callouts to libgcc function); misc gating and relocations for includes.
2020-09-23 18:32:15 -05:00
603da9e747
fix whitespace.
2020-09-23 18:32:15 -05:00
14e3da9206
.gitignore: add *~ for emacs backup files.
2020-09-23 18:32:15 -05:00
bc1c85842d
WIP: autotools support for LKM
2020-09-23 18:32:15 -05:00
0f783077f8
fix stray whitespace
2020-09-23 18:32:15 -05:00
dd825d90c4
more LKM WIP: polish up the struct DRBG refactor ("struct DRBG_internal"), tweaks for buildability on 3.x kernels (now builds on 3.x, 4.x, and 5.x up to 5.8.1), move a slew of #[un]def[ines] from wc_port.h to settings.h where they belong, misc cleanup.
2020-09-23 18:32:15 -05:00
3c2155f4a9
linuxkm WIP -- update for kernels 4.9.x (LTS representative) and 5.8.x (latest).
2020-09-23 18:32:15 -05:00
6425ebb60e
Linux Kernel Module support using "--enable-linuxkm".
2020-09-23 18:32:15 -05:00
8d2c8b0c89
And the CAVP self test.
2020-09-23 16:23:55 -07:00
4136e132b2
EVP CIPHER: fix block size, mode and table
...
Block size incorrect for GCM - 1.
Add block size for more ciphers in wolfSSL_EVP_CIPHER_block_size().
Add more ciphers to WOLFSSL_CIPHER_mode().
Cipher table was compiling in entries without support.
2020-09-24 09:18:25 +10:00
1c07de883c
Merge pull request #3306 from SparkiDev/tls13_pha_psk
...
TLS 1.3: Post-handshake Authentication and resumption secret
2020-09-23 16:06:55 -07:00
f77157bfea
Looks like FinalRaw was added post FIPS v2.
2020-09-23 16:06:21 -07:00
5e1c0f886f
Fix for FIPS and raw hash API's.
2020-09-23 15:59:35 -07:00
3c28fe3640
Fixes for bad build options around new hash unit tests. Cleanup indent and newlines.
2020-09-23 15:45:31 -07:00
b34bf65b66
Fix for --enable-armasm missing wc_Sha256FinalRaw. Reproduced with ./configure --enable-all --enable-cryptocb --enable-armasm && make.
2020-09-23 15:32:43 -07:00
2bb8427ab2
Merge pull request #3320 from dgarske/stmcube
...
STM32 Cube Pack and AES GCM improvements
2020-09-23 14:39:53 -07:00
b7fb202ad3
Merge pull request #3294 from miyazakh/espidf_win
...
Add setup script for ESP-IDF windows
2020-09-23 14:15:17 -06:00
95995d2272
Removed forgotten comment
2020-09-23 13:42:33 -06:00
59294708a8
Changed test function call, uses internal AssertIntEQ instead of single call
2020-09-23 13:22:59 -06:00
c46301f111
Merge pull request #3328 from ejohnstown/fips-ready-fix
...
FIPS Ready Windows Fix
2020-09-23 12:18:23 -07:00
9dfbf896a8
TFM NO 64-BIT
...
When diabling 64-bit fastmath using the flag NO_TFM_64BIT, the sizes of
fp_digit and fp_word get smaller. Using them in math with an int gives
incorrect values. Changed the fp_cmp_mag_ct to return a fp_digit since
its return value is used with an fp_digit. Compare its result against
a FP_LT cast as a fp_digit.
2020-09-23 12:17:41 -07:00
ecd5a015eb
Merge pull request #3317 from ejohnstown/evp-fix
...
EVP Fix
2020-09-23 11:10:07 -07:00
b0998fb030
Merge pull request #3327 from SparkiDev/pkcs11_ecc
...
PKCS#11 fix: Generate ECC key for decrypt/sign or derive
2020-09-23 09:28:53 -07:00
ad00cf0fc8
Merge pull request #3268 from dr-m/intel-intrinsics
...
Use Intel intrinsic functions for RDSEED and RDRAND
2020-09-23 09:24:47 -07:00
2f74817e32
Merge pull request #3288 from embhorn/zd10901
...
Fix mp_radix_size off by 1 error
2020-09-23 09:19:02 -07:00
cee99de6e1
Merge pull request #3324 from JacobBarthelmeh/Testing
...
fix WOLFSSL_X509_NAME parse of empty field and add test case
2020-09-23 09:15:24 -07:00
4ed3438be0
TLS 1.3: Post-handshake Authentication and resumption secret
...
The master secret in arrays is not available post-handshake.
Use the master secret in the session when calculating resumption secret.
2020-09-23 17:09:06 +10:00
07e1baadc9
EVP Fix
...
Change a few missed strings to use the constant names.
2020-09-22 15:55:46 -07:00
f1effea638
Improve the IDE/WIN10 readme to clarify the difference between this and IDE/WIN.
2020-09-22 15:55:08 -07:00
e539322a88
PKCS#11 fix: Generate ECC key for decrypt/sign or derive
...
Add debugging information to PKCS#11.
2020-09-23 08:30:22 +10:00
54c4258c4b
FIPS Ready Windows Fix
...
1. Modify the WIN10 FIPS solution user_settings.h to check for a
FIPS Ready flag and to override HAVE_FIPS_VERSION to 3 if set.
2. Removed some redundant constants from the EVP file.
2020-09-22 15:23:36 -07:00
41ebc9161a
Fix include.am for the renamed configuration example wolfSSL_conf.h
2020-09-22 15:18:11 -07:00
99d96246bd
Fix for STM32 issue with some Cube HAL versions (such as F777) which could modify non-block aligned bytes in the output buffer during decrypt. For TLS these bytes are the authentication tag. Workaround is to save off the incoming expected authentication tag. ZD 10961.
2020-09-22 15:04:30 -07:00
1d4e7d8278
Added unit tests for PKCS7
2020-09-22 14:50:08 -06:00
77969ae042
Buffer AAD in wolfSSL_EVP_CipherUpdate_GCM so that whole value is hashed
2020-09-22 21:58:57 +02:00
53b82fccdb
Fixed valgrind issues -2
2020-09-22 13:26:52 -06:00
87d042e37d
EVP Fix
...
Clean up a bad guard check for AES-CTR.
2020-09-22 09:46:27 -07:00
8816577824
Merge pull request #3319 from kojo1/no_dh
...
fix NO_DH guard
2020-09-22 10:33:01 -06:00
fc425b74fc
EVP Fix
...
Add a few more guard flag checks to leave out things appropriately.
2020-09-22 09:06:30 -07:00
4922baee30
Updates to README.md. Fix tabs to spaces.
2020-09-22 08:26:20 -07:00
99a481b28e
Use Intel intrinsic functions for RDSEED and RDRAND
...
Starting with GCC 9 or clang 9, we can actually use <immintrin.h>
without any problems. We only have to flag such
functions where such instructions are being used.
The benefit of using intrinsic functions over inline assembler
is that the compiler is given more flexibility. In particular,
clang -fsanitize=memory (MemorySanitizer, MSAN) will not raise
bogus alarms about memory being uninitialized.
Both intrinsic functions are available starting with GCC 5 and
clang 3.8. The RDRAND wrapper is available starting with clang 3.7
via <immintrin.h>. Before GCC 9 and clang 9, the RDSEED wrapper is
not available via <immintrin.h> but via <x86intrin.h>, and only after
jumping through some hoops to enable it.
2020-09-22 09:45:46 +03:00
cb3338bd57
fix WOLFSSL_X509_NAME parse of empty feild and add test case
2020-09-21 18:44:13 -06:00
f4db9c8986
Test wolfSSL_HMAC with SHA-3
...
Add more support for HMAC with SHA-3.
2020-09-22 09:39:09 +10:00
0f48ae77ef
Added the wolfSSL configuration template that is used for the Cube pack. This will be the source for the template going forward. Added some useful debugging options and increased the timeout for the TLS example.
2020-09-21 15:35:35 -07:00
83cdd1c314
fix NO_DH guard
2020-09-22 07:30:21 +09:00
deaf3b4b40
Merge pull request #3318 from wolfSSL/revert-3310-stmcubemx/add_401
...
Revert "stmcubemx: add flags for STM32F401"
2020-09-21 15:05:10 -07:00
d3ac2eebe3
Revert "stmcubemx: add flags for STM32F401"
2020-09-21 15:02:56 -07:00
3067e28c4a
Merge pull request #3310 from elms/stmcubemx/add_401
...
stmcubemx: add flags for STM32F401
2020-09-21 14:46:50 -07:00
4f8dbf4f3e
EVP Fix
...
There are some cases when the EVP wrapper code could call strncmp with
a null pointer. This was refactored to remove this possibility.
2020-09-21 14:31:42 -07:00
47a720bdc6
Merge pull request #3315 from SparkiDev/evp_xts
...
EVP XTS key length: two keys used so double length
2020-09-21 13:56:35 -07:00
b0dca724d4
Merge pull request #3303 from dgarske/spcortexm
...
Fixes for building with SP Cortex-M ASM in Rowley CrossWorks and the GCC-ARM examples
2020-09-21 13:53:36 -07:00
0e66f9d835
Merge pull request #3299 from dgarske/ocsp_certchain
...
Fix for possible NULL use if certChain not loaded and OCSP cert request called
2020-09-21 13:40:21 -07:00
1274a01dc7
Merge pull request #3289 from dgarske/wpas_small
...
Fixes for building `--enable-wpas=small` with WPA Supplicant v2.7
2020-09-21 13:37:58 -07:00
0f6d391ea1
Merge pull request #3295 from SparkiDev/tls13_p521
...
TLS 1.3: Fix P-521 algorithm matching
2020-09-21 13:36:48 -07:00
117d0e3916
Merge pull request #3273 from dgarske/xilinx_vitis
...
Xilinx SDK / Vitis improvements
2020-09-21 13:31:06 -07:00
793a7bd8c7
Merge pull request #3228 from SparkiDev/expired_cert_crl
...
Script to find exipred CRLs and certificates
2020-09-21 13:29:32 -07:00
d7525f0f86
EVP XTS key length: two keys used so double length
2020-09-21 11:02:07 +10:00
0fd65a2ae3
added ESP-IDF setup script for windows
...
fixed warnings when using v4.0 esp-idf
added new file, setup_win.bat to include.am
2020-09-20 17:13:39 +09:00
5afd313912
Merge pull request #3298 from ejohnstown/fix-client-usage
...
Fix Client Usage
2020-09-18 17:32:19 -06:00
f1b4c52c78
Update release note credits
2020-09-18 13:11:10 -07:00
13c54627e2
stmcubemx: add flags for STM32F401
2020-09-18 09:17:32 -07:00
b4aed22eb1
Remove execute bit on files.
2020-09-18 09:16:31 -07:00
3eb12cc8e9
Port for Xilinx (xilffs) file system support.
2020-09-18 09:16:31 -07:00
0ae9adcfd9
Add Xilinx SDK printf support.
2020-09-18 09:16:31 -07:00
63e993b9c1
Fix to allow XTIME override for Xilinx. Spelling fixes in Xilinx README.md.
2020-09-18 09:16:31 -07:00
b4c964f729
Fix for possible NULL buffer use if certChain not loaded and OCSP cert request called.
2020-09-18 09:15:44 -07:00
135cf1680f
Fixes for building with SP Cortex-M ASM in Rowley CrossWorks and the generic IDE/GCC-ARM examples.
2020-09-18 09:15:21 -07:00
9deb85ceb1
Fixes to reduce code size.
2020-09-18 09:14:41 -07:00
cd6283d3a2
Fix last commit macro logic.
2020-09-18 09:14:41 -07:00
d37adefe98
Fixes for edge case builds with certificate req/gen/ext without --enable-opensslextra.
2020-09-18 09:14:41 -07:00
d61be6f030
Restore the normal --enable-wpas macro.
2020-09-18 09:14:41 -07:00
780e8a4619
Fixes for building --enable-wpas=small with WPA Supplicant v2.7.
2020-09-18 09:14:41 -07:00
eb466668ce
Merge pull request #3304 from douzzer/20200917-fix-script-races-and-bwrap-unit-test
...
20200917 fix script races and bwrap unit test
2020-09-18 08:33:16 -06:00
409daa665d
Script to find exipred CRLs and certificates
...
Check for expiration in 3 months.
First argument is the offset. e.g. "+1 year"
2020-09-18 11:26:27 +10:00
d63ff07edc
TLS 1.3: Fix P-521 algorithm matching
...
Digest size compared to key size - P521 has large key size.
Fixed to round down.
Added P-521 keys and certificates.
Added testing of P-521 keys and certificcates to unittest.
2020-09-18 10:51:55 +10:00
a1d231b4dc
tests/api.c:test_wolfSSL_ERR_print_errors(): add missing gating on !defined(NO_ERROR_STRINGS).
2020-09-17 12:03:44 -05:00
cc1d016d1e
configure.ac: define BUILD_TESTS as ENABLED_EXAMPLES, rather than ENABLED_EXAMPLES && !ENABLED_LEANTLS; add missing preprocessor gating in tests/api.c test_wolfSSL_EVP_Digest() and test_wolfSSL_i2d_PrivateKey().
2020-09-17 12:03:44 -05:00
9df9fb7936
unit.test: add bwrap wrapper script at scripts/unit.test.
2020-09-17 12:03:44 -05:00
5ed2fe8092
scripts/: more race elimination/mitigation.
2020-09-17 12:03:44 -05:00
26901d1cd9
scripts/ocsp-stapling2.test: eliminate races.
2020-09-17 12:03:44 -05:00
d22de947b7
Merge pull request #3300 from elms/fix/sp_iar_v6.70
...
CortexM SP ASM compiling for IAR 6.70
2020-09-17 09:41:52 -07:00
cd077d74c1
CortexM SP ASM compiling for IAR 6.70
...
* asm can handle pointers but not arrays, use redirection pointers
* branch width must be specified explicitly
2020-09-16 16:23:51 -07:00
0694eafb5e
Merge pull request #3286 from dgarske/aesctr_aesni
...
Fix for AES CTR with AESNI
2020-09-16 15:11:11 -07:00
fe92fa6f3f
Merge pull request #3282 from SparkiDev/sp_mod_exp_bits
...
SP mod exp: support exponents of different lengths
2020-09-16 15:07:31 -07:00
86e5a2c528
Merge pull request #3276 from SparkiDev/jacobi_iterative
...
ECC mp_jacobi: iterative implementation
2020-09-16 15:04:20 -07:00
85da1a1d0a
Merge pull request #3271 from SparkiDev/tls13_peek
...
TLS 1.3: allow wolfSSL_peek() to return WANT_READ
2020-09-16 15:02:42 -07:00
533bc099eb
Merge pull request #3265 from SparkiDev/cpuid_set
...
Allow the CPU Id flags to be programmatically set
2020-09-16 15:00:30 -07:00
ab7408f7d6
Merge pull request #3258 from dgarske/nxp_hw
...
Fixes for NXP MMCAU/LTC mutex locking and build
2020-09-16 14:57:58 -07:00
a3fca7f593
Merge pull request #3247 from JacobBarthelmeh/Compatibility-Layer
...
Compatiblity Layer Fixes for serial number / ASN1 time / and order of name components
2020-09-16 14:53:51 -07:00
30443dbf23
Fix Client Usage
...
A string in the client's usage text was made optional depending on the
NO_PSK option, but there was still an attempt to print it. This lead to
a NULL being printed instead. Fixed the print statement.
2020-09-16 13:37:01 -07:00
04b4ef3e3b
Don't send null byte
2020-09-16 14:02:51 +02:00
da4478bdf1
Fixed valgrind issues
2020-09-15 12:58:52 -06:00
b22d2a2195
Merge pull request #3291 from douzzer/ocsp-stapling-script-happy-birthday
...
fix birthday problem in ocsp-stapling*.test
2020-09-15 08:47:39 -06:00
5d69c9f1dc
Move neg check
2020-09-15 09:12:45 -05:00
b669f8eeb9
scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh.
2020-09-14 16:06:45 -05:00
6451c4e471
Fix for negative values
2020-09-14 10:00:02 -05:00
b9527600f4
Return size of consumed buffer
2020-09-14 09:22:47 +02:00
d8dc6be5b9
scripts/ocsp-stapling2.test: try using a static prechecked port for the servers on ready_file5 too.
2020-09-12 01:13:35 -05:00
51046d45d3
add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET.
2020-09-12 00:20:38 -05:00
1e9971f64c
scripts/ocsp-stapling*.test: add bwrap attempt at top, to isolate network namespace.
2020-09-11 18:20:27 -05:00
2ac5835ee8
Fix for CAAM to evaluate before the keylen check. Added checking to make sure keylen cannot overrun buffer.
2020-09-11 15:07:31 -07:00
8f25456f86
scripts/ocsp-stapling*.test, wolfssl/test.h: refactor scripts/ocsp-stapling*.test for orthogonality and robustness, with retries and early failure detection. also, reduce sleeps in ocsp-stapling-with-ca-as-responder.test to 0.1, matching sleeps in other 2 scripts. finally, in wolfssl/test.h, #ifdef SO_REUSEPORT do that when binding ports, and add optional rendering of errno strings for failed syscalls using err_sys_with_errno() when -DDEBUG_TEST_ERR_SYS_WITH_ERRNO.
2020-09-11 15:30:37 -05:00
a466a57f1d
Added fips check and cast variable to word32
2020-09-11 14:28:10 -06:00
3e77dcab5d
Merge pull request #3285 from julek-wolfssl/DtlsCheckWindow-window-check
...
Fix window check
2020-09-11 11:35:02 -07:00
01ad4d59a1
Merge pull request #3263 from douzzer/20200828-neg-SN-invalid-padding
...
GetASNInt(): check for invalid padding on negative integer.
2020-09-11 08:48:43 -07:00
4688f5fa59
Handle leading zero
2020-09-11 08:39:34 -05:00
6fcdd848c9
Refactor of AES wc_AesSetKeyLocal and wc_AesSetKey for software only use. Added missing aes argument check on wc_AesSetKeyDirect.
2020-09-10 15:57:36 -07:00
5010572856
Merge pull request #3287 from dgarske/sp_mask
...
Fix for wrong cast type and added "U" and "UL".
2020-09-11 08:14:13 +10:00
7dce2e7f2c
Added unit tests for RSA.c
2020-09-10 14:47:51 -06:00
78a1670334
Fix mp_radix_size off by 1 error
2020-09-10 09:58:26 -05:00
f68eee0788
Fix for wrong cast type and added "U" and "UL".
2020-09-09 16:35:05 -07:00
7a0fba20cf
Merge pull request #3281 from dgarske/sp_mask
...
Fix in SP math for casting signed -1 to unsigned
2020-09-10 08:43:30 +10:00
dfc8ed5a73
Fix for AES CTR with AESNI. The flag to indicate use of AES was not set with wc_AesSetKeyDirect.
2020-09-09 14:53:08 -07:00
e34ccaf481
Fix window check
...
If `curLT` then diff needs to be decremented. For example: `diff` = 1 represents last packet so it would be the `window[idx] & (1 << 0)` bit of the window variable.
2020-09-09 23:27:49 +02:00
a65ffe15bc
Implement non-blocking SCR on server side
2020-09-09 21:41:20 +02:00
29a840aee0
Merge pull request #3280 from dgarske/ebsnet
...
Fix for bad pre-processor logic
2020-09-09 13:17:45 -06:00
3ecbc7762a
SP mod exp: support exponents of different lengths
2020-09-09 15:23:04 +10:00
39b5448601
Merge pull request #3279 from dgarske/minor_fixes
...
Minor build fixes for typo and CMake
2020-09-08 16:45:52 -07:00
b8bdeec940
Fix in SP math for casting signed -1 to unsigned.
2020-09-08 14:18:09 -07:00
58e03b2d26
Merge pull request #3272 from embhorn/zd10650
...
Check for non-blocking return code in BioSend
2020-09-08 14:25:16 -06:00
7b8fa42ae1
Fix for bad pre-processor logic. Some compilers are unhappy with the #sslpro even in a block of code not used!
2020-09-08 13:12:11 -07:00
6f5a7e87c5
Fix for CMake to only set ranlib arguments for Mac. Fix for stray typo of , -> ;. Fixes #3275 and Fixes #3278
2020-09-08 11:07:12 -07:00
234705a80c
Change buffer in wolfSSL_dtls_import to be const
2020-09-08 09:25:34 +02:00
6fb1feadc7
ECC mp_jacobi: iterative implementation
...
Slightly faster and less stack used.
2020-09-08 10:05:52 +10:00
5b43977b95
Merge pull request #3277 from julek-wolfssl/failing-nightly-532c2f5
...
wolfSSL_SESSION_free: Fix failing nightly
2020-09-08 08:11:37 +10:00
ee2d051536
Fix failing nightly
...
Failed tests when configured with `./configure --enable-dtls --enable-opensslextra --enable-sessioncerts`. Valgrind discovered a use after free bug. Nulling session->peer fixes the issue.
2020-09-07 14:36:57 +02:00
93bb12ce86
TLS 1.3: allow wolfSSL_peek() to return WANT_READ
...
When handshake message is processed in wolfSSL_peek() then return
WANT_READ from peek instead of blocking waiting for application data.
Server may send an alert if the client certificate is invalid.
The server also may send NewSesionTicket after client has sent finished
message.
To detect alert before handling application data, then the socket needs
to be checked for data. If the data is an alert then wolfSSL_peek() will
handle the alert, but if it is a NewSessionTicket then wolfSSL_peek()
will process it and block waiting for application data - so return
WANT_READ if no application data seen after processing handshake
message.
2020-09-07 08:30:24 +10:00
70854b8eec
Allow the CPU Id flags to be programmatically set
2020-09-04 09:01:27 +10:00
7fd51cf9d9
Merge pull request #3267 from SparkiDev/no_client_auth
...
Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing
2020-09-03 15:55:38 -07:00
e2b0b11732
Fix for AES CBC with NXP MMCAU locking.
2020-09-03 15:28:45 -07:00
a9ff89eafa
Refactor of the MMCAU and LTC hardware mutex locking.
2020-09-03 15:28:45 -07:00
e791b78d23
Fix to add wrapper for new timing resistant wc_ecc_mulmod_ex2 function version in HW ECC acceleration. Broken in PR #2982 .
2020-09-03 15:26:10 -07:00
8753b5b947
Merge pull request #3257 from kojo1/user-mutex
...
fix guard, user define mutex
2020-09-03 15:21:53 -07:00
a626ac39f2
Merge pull request #3253 from SparkiDev/chacha20_stream_fix
...
ChaCha20: Enable streaming with Intel x86_64 asm
2020-09-03 15:18:00 -07:00
862eea3962
Merge pull request #3252 from SparkiDev/fe448_32bit_fix
...
Curve448: fix 32-bit implementation
2020-09-03 15:12:28 -07:00
d8ee6fc96d
Merge pull request #3251 from SparkiDev/rsa_pkcs11_dox
...
Add doxygen comments for wc_InitRsaKey_Id()
2020-09-03 15:10:20 -07:00
9901eb9272
Merge pull request #3249 from SparkiDev/tls13_early_data_fix
...
TLS 1.3 Early Data: fix
2020-09-03 14:49:39 -07:00
db805524de
Merge pull request #3248 from SparkiDev/aes_cbc_oob
...
AES-CBC check for input size of 0
2020-09-03 13:40:34 -07:00
682b1468b8
free test certificate when test is done
2020-09-02 16:05:05 -06:00
b3acd57de5
Merge pull request #3254 from dgarske/leaks
...
Fixes valgrind leak reports (related to small stack cache)
2020-09-02 10:44:49 -07:00
9268de229a
Merge pull request #3266 from dgarske/unit_test
...
Fix for DH compute key compatibility function failure
2020-09-02 10:23:23 -07:00
914905f1bc
Merge pull request #3193 from embhorn/zd10457_b
...
Fix CheckHostName matching
2020-09-02 10:36:02 -06:00
6f56c3c800
Merge pull request #3204 from dgarske/ocsp_nonblock
...
Fix for OCSP response in non-blocking mode and testing script improvements
2020-09-01 15:56:52 -07:00
97241331ac
Merge pull request #3246 from ethanlooney/23rd_branch
...
Added ecc.c unit tests to api.c - final PR
2020-09-01 14:44:14 -06:00
fd2074da00
fix for order of components in issuer when using compatiblity layer api to generate cert
2020-09-01 09:27:45 -06:00
89b9a77eca
Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing
...
Fix build for no client or server and no client auth.
Fix tests to detect when no client auth compiled and test is trying to
do client auth.
2020-09-01 15:27:46 +10:00
c587ff72d2
Fix for occasional unit.test failure in test_wolfSSL_EVP_PKEY_derive.
2020-08-31 14:04:51 -07:00
568184f53f
Changed len from hardcoded value to sizeof oid
2020-08-31 13:42:23 -06:00
c8d93d4d5e
Added ecc.c unit tests to api.c
2020-08-31 13:42:23 -06:00
e9b1ceae7e
Merge pull request #3255 from tmael/big_endian
...
Make ByteReverseWords available for big and little endian
2020-08-31 07:34:50 -07:00
28b2be37cd
Merge pull request #3259 from ejohnstown/sniffer-no-oldtls
...
Sniffer without OldTls
2020-08-31 07:34:24 -07:00
54c8774103
ChaCha20: Enable streaming with Intel x86_64 asm
2020-08-31 09:06:51 +10:00
91c131fbd8
Curve448: fix 32-bit implementation
...
Fix small define check
2020-08-31 09:05:06 +10:00
db864be6a4
TLS 1.3 Early Data: fix
...
Will process early data packets now.
Added test to check output of server for early data being received.
2020-08-31 09:03:05 +10:00
d2802f2d15
Merge pull request #3264 from dgarske/iar_sp
...
Fix for building SP math with IAR
2020-08-31 08:40:50 +10:00
f444c63560
Merge pull request #3262 from julek-wolfssl/missing-cipherExtraData-2
...
HAVE_SESSION_TICKET can also be defined without TLS 1.2
2020-08-31 08:34:54 +10:00
5692135819
Fix for building SP math with IAR to force noinline. ZD 10839
2020-08-28 11:04:28 -07:00
9c76f19625
GetASNInt(): check for invalid padding on negative integer.
2020-08-28 12:43:21 -05:00
c6d1d524fc
HAVE_SESSION_TICKET can also be defined without TLS 1.2
2020-08-28 16:05:28 +02:00
605b274442
Jenkins fixes
2020-08-28 12:04:11 +02:00
015c73686f
Merge pull request #3261 from dgarske/zd10848
...
Fixes for several implicit cast warnings
2020-08-28 16:49:03 +10:00
94b0dcb7e9
Peer review feedback to add explicit parenthesis on cast.
2020-08-27 16:18:54 -07:00
0d2e37cc42
Fixes for several implicit cast warnings. ZD 10848.
2020-08-27 13:51:55 -07:00
52df9d6c69
TLS and DTLS both need to support APP DATA during SCR
...
Also some misc fixes
2020-08-27 21:13:19 +02:00
21d17b17d0
Fix typo in code comment for ECC curve cache. Fix for valgrind report of possible use of uninitialized value with ChaCha/Poly AEAD test.
2020-08-27 12:01:24 -07:00
32b46e344d
Fix for ECC curve cache without custom curves enabled.
2020-08-27 11:18:55 -07:00
3e685fdb5b
Fix for DTLS DoClientHello HMAC free (function has another exit point).
2020-08-27 10:02:15 -07:00
ab52bcf43d
add overried for max entries and certificate generation size
2020-08-26 19:22:57 -06:00
5b39976cc0
Sniffer without OldTls
...
1. Put a guard around the call to DeriveKeys() when building with
--enable-sniffer --disable-oldtls. Disabling OldTls removes the
DeriveKeys() function. Similar logic used in internal.c.
2020-08-26 16:47:44 -07:00
ea5c290d60
Fix CheckHostName matching
2020-08-26 14:03:17 -05:00
9af0e5528e
New openssl_test return code checking requires fix from PR #3243 .
2020-08-26 10:22:00 -07:00
b90acc91d0
Make ByteReverseWords available for big and little endian
2020-08-26 10:13:06 -07:00
1b2b3de2c9
Fixes for missing free calls on hash tests.
2020-08-26 09:48:46 -07:00
6d5731b8e9
Fixes for HMAC_CTX cleanup not being called to free SHA2 resources with WOLFSSL_SMALL_STACK_CACHE. Added return code checking and cleanup for openssl_test.
2020-08-26 09:45:26 -07:00
5c76afc41c
Fix for SHA256 missing initialization of small stack cache variable. Fixes issue with Intel ASM and WOLFSSL_SMALL_STACK_CACHE
2020-08-26 09:44:32 -07:00
3878af96cd
Fix for SP init and free with HAVE_WOLF_BIGINT. Fix for sp_free macro typo. Fix to expose mp_init_copy with ECC disabled because its used by mp_test.
2020-08-26 09:42:29 -07:00
61545df606
Fix to make sure DTLS cookie HMAC free gets called. Note: This does not cover the many error case paths.
2020-08-26 09:41:26 -07:00
14e1489365
Fix for SRP leaks with WOLFSSL_SMALL_STACK_CACHE
2020-08-26 09:41:09 -07:00
bc58dde700
fix for serial number containing 0's and for RNG fail case
2020-08-26 00:03:39 -06:00
e2b5de2657
Add doxygen comments for wc_InitRsaKey_Id()
2020-08-26 09:04:40 +10:00
6a984da53f
Fixes and Improvements to OCSP scripts. Fix for OCSP test with IPV6 enabled (use -b bind to any on server). Fix to use random port number for the oscp-stapling.test script. Reduce delay times in scripts.
2020-08-25 10:55:41 -07:00
8b934624f5
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
3a25faea60
AES-CBC check for input size of 0
...
Don't need to do anything when size is 0.
2020-08-25 13:36:45 +10:00
ef9beaf271
adjust sanity check on serial number size to match fix
2020-08-24 18:15:05 -06:00
c7136498ec
add test case
2020-08-24 17:19:03 -06:00
c4a6fba591
fix for ASN1 time and serial number
2020-08-24 17:00:19 -06:00
d077efcbb3
Merge pull request #3237 from SparkiDev/mp_oob_1
...
Fix out of bounds read when writing to very long buffer
2020-08-24 15:28:00 -07:00
c5cab6afba
Merge pull request #3236 from dgarske/retcheck
...
Various fixes and improvements (return codes, build warns and func doc)
2020-08-24 15:27:04 -07:00
7e6100593e
Merge pull request #3223 from SparkiDev/fp_gcd_fix
...
Check the error return from fp_mod in fp_gcd
2020-08-24 15:24:20 -07:00
cf208901fd
Merge pull request #3218 from guidovranken/wc_PKCS12_PBKDF_ex-leak-fix
...
In wc_PKCS12_PBKDF_ex, free outer loop variable if inner loop fails
2020-08-24 15:23:47 -07:00
a23b30bc18
Merge pull request #3245 from tmael/ctx_pKey
...
Correct a mismatch of directives
2020-08-24 14:39:43 -07:00
749025963e
Merge pull request #3239 from SparkiDev/ed448_cast
...
Ed448: Fix compiler warning Intel -m32
2020-08-24 10:13:25 -07:00
7ee2b61a5a
Peer review feedback to also check EAGAIN and always have supported.
2020-08-24 08:18:25 -07:00
47cc8d232a
Fix in ED448 wc_ed448_check_key function for possible dereference of a null pointer.
2020-08-24 07:31:06 -07:00
4f44df96dc
MP: integer OOB write fix
...
mp_to_unsigned_bin_len() now checks length passed in is greater than or
equal length to write.
2020-08-24 22:48:52 +10:00
955a53dce3
Ed448: Fix compiler warning Intel -m32
2020-08-24 16:29:48 +10:00
e30361e186
Fix out of bounds read when writing to very long buffer
...
mp_to_unsigned_bin_len() didn't handle buffers longer than maximum MP
size. Fixed tfm and sp_int versions.
2020-08-24 09:18:07 +10:00
085f55195a
Fix for handling OCSP response in non-blocking mode.
2020-08-21 15:50:34 -07:00
7d45e85b03
Add ED448 to the "all" options.
2020-08-21 15:47:02 -07:00
083f143c89
Fixes for warnings with minimum ECC build.
2020-08-21 15:47:02 -07:00
51c2960407
Added function comment for wolfSSL_i2a_ASN1_OBJECT. Added heap context for wolfSSL_CertManagerCheckOCSP
2020-08-21 15:47:02 -07:00
5f059306fd
Fix for case with ssl->error not being set.
2020-08-21 15:47:02 -07:00
03b7ac559a
Fix for example return code checking.
2020-08-21 15:47:02 -07:00
44e575b8c4
Merge pull request #3227 from dgarske/release-4.5.0-async
...
Release 4.5.0 async
2020-08-21 15:34:20 -07:00
fd2aece058
Fix for building ECC_CACHE_CURVE without WOLFSSL_CUSTOM_CURVES.
2020-08-20 16:16:18 -07:00
3fbaccc8a1
Fix for API unit test test_wolfSSL_X509_sign, which can have a varying length depending on if MSB is set. About 1 in 200 tests would fail.
2020-08-20 15:33:28 -07:00
dd517fd81c
Fixed several compiler warnings with inline variable declaration, deprecated func decl and small stack use of invaid memory (heap). Thanks @douzzer for these.
2020-08-20 15:13:43 -07:00
92cf0d7b10
Fix numerous maybe-uninitialized errors in WOLFSSL_SP_SMALL and WOLFSSL_SMALL_STACK cases.
2020-08-20 15:05:20 -07:00
25f9d15980
Fix for benchmark example when using the ECC encrypt (--enable-eccencrypt) and timing resistance. New timing resistance RNG requirements for ECC Shared Secret.
2020-08-20 14:25:06 -07:00
1d55b2f526
Fixes for several memory leaks related to HAVE_WOLF_BIGINT.
2020-08-20 14:25:06 -07:00
79c0fd3f29
Fix for ECC make key test not waiting for async completion.
2020-08-20 14:25:05 -07:00
0011b7b376
Fix possible ECC curve cache leak for custom curves. Fix possible memory leak with wc_DhKeyDecode and WOLFSSL_DH_EXTRA. Fix leak in dh_test with new call to DH key import.
2020-08-20 14:25:05 -07:00
0fa5af9929
Merge pull request #3224 from ejohnstown/release-update
...
Release v4.5.0 Supplement
2020-08-20 09:34:58 -07:00
05671d183c
update README/ChangeLog
2020-08-19 10:53:26 -07:00
549c47de65
Handle when k is 1 or order + 1 for timing resistant ECC
2020-08-19 10:50:37 -07:00
362e328180
NTRU fixes
...
1. When configuring for NTRU, enable static RSA.
2. The echoserver should not try to use NTRU with TLSv1.3.
2020-08-19 10:46:03 -07:00
1f10e77b0f
Fix for SP math with WOLFSSL_VALIDATE_ECC_KEYGEN. Fixes logic error on point x/y zero check.
2020-08-19 09:30:32 -07:00
55632a0567
Two more out of order DTLS message fixes.
2020-08-18 17:54:25 -07:00
38b717eb42
Clear MP in ECC to free allocated memory
2020-08-18 17:54:25 -07:00
113753370d
Long Test Fixes
...
1. Sniffer was trying to log a NULL pointer as a string. Logged a string instead.
2. Few misc fixes in ECC.
2020-08-18 17:54:25 -07:00
fbe0e04388
Correct mismatch of directives
2020-08-18 16:44:43 -07:00
3a7ad4f03b
Check the error return from fp_mod in fp_gcd
...
Error can occur when using small stack and memory allocation fails.
2020-08-19 08:50:27 +10:00
6e49a63e50
fix call to MakeAnyCert from wc_MakeNtruCert(); it was missing the new parameter
2020-08-17 17:12:11 -07:00
c1090cff3f
update rpm-spec.in
2020-08-17 14:42:20 -07:00
028bddd7ab
Merge pull request #3215 from ejohnstown/release-4.5.0
...
Release Update
2020-08-17 13:51:23 -07:00
5c6da52ac1
Update release notes.
2020-08-17 09:20:53 -07:00
cb5d6a5c12
Check ECC scalar before multiplication
...
A k with more bits than in order doesn't work in ECC scalar
multiplication.
Check private key length in wc_ecc_check_key()
Check private key length in ecc_make_pub_ex()
2020-08-17 08:39:39 -07:00
3be7f3ea3a
Reject DTLS application data messages in epoch 0 as out of order.
2020-08-14 17:21:39 -07:00
ef5271dd9f
fips-check script shouldn't force FIPS-ready build to be v2.
2020-08-14 14:31:50 -07:00
3f6861ee82
FIPS Ready Fix with ECC Timing Resistance
...
Commit 6467de5
2020-08-14 10:54:55 -07:00
1dc0a76436
Patch from Jacob. When parsing a certificate name, if an item is unknown, its NID is set to 0. Don't try to add NID's of 0.
2020-08-13 17:01:26 -07:00
e16496512e
Merge pull request #3216 from SparkiDev/rel_fixes_1
...
Fixes from C++ and address access checking
2020-08-13 15:32:16 -07:00
7744f0d543
Check for non-blocking return code in BioSend
2020-08-13 15:33:20 -05:00
7e6863e78b
resolving build issues for FIPSv2 OE2 with --enable-opensslextra
2020-08-13 13:24:44 -07:00
64084bcba2
Add a void to the empty parameter list for the function wolfSSL_SESSION_new().
2020-08-13 13:18:29 -07:00
087fa7cbec
In wc_PKCS12_PBKDF_ex, free outer loop variable if inner loop fails
2020-08-13 19:22:36 +02:00
bc74bfebdd
Fixes from C++ and address access checking
...
Fix access of table for cache resistance.
Don't name variable public or private.
Cast from void*
2020-08-13 15:19:49 +10:00
ceed98b952
Modify the openssl test script to run the openssl commands in an eval.
2020-08-12 16:59:10 -07:00
3bd27f7912
fix a bad path in renewcerts
2020-08-12 15:17:21 -07:00
95337e666c
Release Update
...
1. Update the usual versions.
2. Update README and ChangeLog.
3. Modify genecc and renewcerts to update two certificate files that had expired.
4. Update the expired certificate files.
2020-08-12 14:43:47 -07:00
e30341ea83
Merge pull request #3190 from embhorn/zd10712
...
Sanity check key sizes
2020-08-12 09:37:40 -07:00
21ed05b85e
Merge pull request #3214 from dgarske/snifferFreeFix
...
Fix for SSL sniffer free to properly cleanup globals
2020-08-11 20:27:09 -07:00
fa146870bd
Merge pull request #3155 from julek-wolfssl/openssh-fixes-cherry-picked
...
Additional OpenSSL compat stuff for OpenSSH
2020-08-11 16:32:31 -07:00
532c2f50e8
Merge pull request #3083 from julek-wolfssl/openssl-compat-X509V3_EXT_i2d
...
Implement more OpenSSL compatibility functions
2020-08-11 15:01:41 -07:00
65bcc03885
Fix for SSL sniffer free to properly cleanup globals (resolves issue with then calling ssl_InitSniffer -> ssl_FreeSniffer then ssl_InitSniffer again). ZD 10757.
2020-08-11 14:07:32 -07:00
1681ed1b85
Merge pull request #3211 from cconlon/jniconfig
...
Update "enable-jni" option for current JSSE requirements
2020-08-11 12:39:54 -07:00
5cede22d1e
wait to set size till after sanity check
2020-08-11 12:59:01 -06:00
e4fe6b6573
Merge pull request #3210 from dgarske/rsa_checkkey_sp
...
Fix for `unit.test` error with SP and RSA 1024-bit key gen
2020-08-11 12:00:41 -05:00
87a00df2ea
Merge pull request #3118 from julek-wolfssl/aead-only-fix
...
Check for WOLFSSL_AEAD_ONLY in wolfSSL_dtls_import_internal
2020-08-11 09:33:47 -07:00
4e6bc02257
Merge pull request #2982 from SparkiDev/ecc_sc
...
ECC now calls mp_submod_ct and mp_addmod_ct
2020-08-11 09:26:56 -07:00
8b7f588aaf
Merge pull request #3108 from SparkiDev/openssl_interop
...
Update OpenSSL interopability testing
2020-08-11 09:42:43 -06:00
6e14b224da
Add NULL check in wolfSSL_EC_POINT_invert
2020-08-11 10:11:48 +02:00
93cdfd7132
Update OpenSSL interopability testing
...
Added TLS 1.3 testing.
Added Ed25519 and Ed448 testing.
Added tesitng of OpenSSL client against wolfSSL server.
Fixed builds of Curve25519/Curve448/Ed25519/Ed448 in different
configurations.
2020-08-11 16:44:45 +10:00
6467de5a88
Randomize z ordinates in scalar mult when timing resistant
...
An RNG is required for shared secret calculation now.
Use wc_ecc_set_rng() to set an RNG against the ECC object.
ECC verification does not need timing resistance and does not randomize
z ordinates.
2020-08-11 16:12:47 +10:00
3ce933c90a
Make fp_montgomery_reduce constant time
2020-08-11 16:12:10 +10:00
0102902445
Add and use a mp_cmp_mag that is constant time.
2020-08-11 16:12:10 +10:00
8b05160349
Reworked ECC mulmod and fix size of k
...
When using wc_ecc_mulmod_ex2(), the k size can be fixed to be one bit
longer than order.
2020-08-11 16:12:10 +10:00
9ef9671886
ECC uses CT vers of addmod, submod and div_2_mod
...
The TFM implementations of mp_submod_ct, mp_addmod_ct,
mp_div_2_mod_t are more resilient to side-channels.
2020-08-11 16:12:10 +10:00
4f30e37094
Merge pull request #3074 from julek-wolfssl/dtls-multiple-app-records
...
Handle 2+ dtls APP data records in one udp packet
2020-08-10 14:52:04 -07:00
242df3d11a
Merge pull request #3209 from SparkiDev/jenkins_fixes_1
...
Fixes from Jenkins failures
2020-08-10 14:30:27 -07:00
98b4272e5b
Merge pull request #3202 from ejohnstown/abi-server
...
ABI Update for Server
2020-08-10 14:25:05 -07:00
26aaf473db
Fix for unit.test error with RSA 1024-bit key gen when using ./configure --enable-keygen --enable-sp. Issue started in PR #3119
2020-08-10 12:40:29 -07:00
a50affb408
Malloc enough space
2020-08-10 16:08:46 +02:00
50647ccdb1
Sanity check key sizes
2020-08-10 07:19:33 -05:00
ef4b29ebc7
Jenkins fixes
2020-08-10 12:49:18 +02:00
55d4817956
Jenkins fixes
2020-08-10 12:39:16 +02:00
da190b8177
Don't map back to affine in wc_ecc_mulmod. It is done in ecc_map later.
2020-08-10 12:33:18 +02:00
3444b115ba
Fix valgrind check to ignore bash leak
2020-08-10 14:02:50 +10:00
0232239959
Ignore test-log-dump-to-file.txt
...
Sometimes left behind by unit.test
2020-08-10 12:46:53 +10:00
7bb2a69161
Fix memory leak in api.c
...
When testing wc_ecc_import_raw(), the mp_int's in the ecc object are
initialized.
For small math, this throws away the allocated buffer.
Must free the object before importing.
2020-08-10 12:42:46 +10:00
72d1352bd6
Fix ARM builds
...
Need to include options.h in assembly now.
bufPt declared in block but not outside.
poly1305_block and poly1305_blocks need prototype - declaration in
wolfcrypt/src/port/arm/armv8-poly1305.c (__arch64__ only).
2020-08-10 11:59:10 +10:00
920c97963c
Fix Jenikins failure - ToTraditional not declared
...
./configure --disable-asn --disable-ecc -disable-rsa --enable-psk
--enable-testcert
2020-08-10 10:57:07 +10:00
19ade820b0
Merge pull request #3208 from dgarske/sp_nonblock
...
Fixes and improvements for SP ECC non-blocking
2020-08-10 09:59:23 +10:00
b25eccb07e
Merge pull request #3203 from tmael/libwebsockets
...
Enable HAVE_EX_DATA for libwebsockets
2020-08-08 14:34:18 -07:00
62e78b7cf4
Fix state machine after script rebase.
2020-08-07 16:56:58 -07:00
bc03b5793c
Add state for ECC verify non-blocking and mont_inv_order to reduce maximum blocking time.
2020-08-07 16:48:16 -07:00
f7fcef5f32
Fix for build error / typo for ECC 256-bit non-blocking only.
2020-08-07 16:47:08 -07:00
c0a664a8e5
Merge pull request #3200 from douzzer/20200805
...
Add an error-checking wc_curve25519_make_pub() routine to the API for use by Wireguard
2020-08-07 16:32:52 -07:00
1724347f7a
Merge pull request #3091 from julek-wolfssl/sess-serialization
...
Expose session serialization outside of `OPENSSL_EXTRA`
2020-08-07 15:41:27 -07:00
89e6f3bcd5
Merge pull request #3206 from SparkiDev/ed448_oob
...
ED448: Fix out of bounds read in import public
2020-08-07 15:36:11 -07:00
17cc941b29
Merge pull request #3195 from SparkiDev/sp_ecc_cache
...
SP ECC Cache Resitance
2020-08-07 15:35:06 -07:00
dd6238fb77
Merge pull request #3174 from embhorn/zd10655
...
Fix CheckAltNames to handle IP type
2020-08-07 16:04:56 -06:00
0faff24a65
refactor wc_curve25519_make_key() to use wc_curve25519_make_pub() to complete the pair. also, add call to fe_init() in the non-NXP codepath of wc_curve25519_make_pub() (note fe_init() is currently a no-op).
2020-08-07 13:02:35 -05:00
cbd9b3717f
Map points to Montgomery form for arithmetic.
2020-08-07 18:18:30 +02:00
ea6edb6913
Fix memory leak
2020-08-07 17:39:48 +02:00
b03e1dd2a9
Merge pull request #3197 from ethanlooney/19th_branch
...
Added asn.c unit tests
2020-08-07 09:25:50 -06:00
064bfa583d
Fix CheckAltNames to handle IP type
2020-08-07 10:12:56 -05:00
9e1012b48a
Merge pull request #3205 from SparkiDev/sp_fixes_3
...
SP ECC: initialize infinity in make key
2020-08-07 07:12:04 -07:00
4c00af1136
ED448: Fix out of bounds read in import public
...
Fix formatting
2020-08-07 14:11:11 +10:00
1ea3dc5f55
SP ECC: initialize infinity in make key
2020-08-07 12:15:31 +10:00
f6acbd5f97
test_wc_curve25519_make_pub(): fix order of args to wc_curve25519_make_pub().
2020-08-06 18:37:00 -05:00
6379ca8e10
libwebsockets requires *CRYPTO_EX_DATA* APIs
2020-08-06 16:29:39 -07:00
c325001d0d
note argument endianness and return values in intro comment for wc_curve25519_make_pub().
2020-08-06 18:07:39 -05:00
82d927d40f
Merge pull request #3199 from dgarske/openssl_sha
...
Fix for building openssl compat without SHA-1
2020-08-06 15:59:26 -07:00
0f59e632e1
tests/api.c: add test_wc_curve25519_make_pub(); fix some old stray tabs; remove weird extra string-terminating null in test_wolfSSL_sk_CIPHER_description().
2020-08-06 17:52:48 -05:00
758665e347
Fix for TLS anonymous cipher and PKCS11 cast warnings. (author=dgarske)
2020-08-06 17:49:55 -05:00
132adeac14
Merge pull request #3188 from julek-wolfssl/missing-cipherExtraData
...
Move `cipherExtraData` so that it is available when HAVE_SESSION_TICKET
2020-08-07 08:18:57 +10:00
52a2222c79
curve25519.c: call the new API routine wc_curve25519_make_pub(), not wc_curve25519(), for clarity and consistency (hat tip to Jacob).
2020-08-06 14:48:29 -05:00
14ff41a88c
ABI Update for Server
...
Added WOLFSSL_ABI tags to the functions wolfTLSv1_2_server(),
wolfTLSv1_3_server(), and wolfSSL_accept().
2020-08-06 11:17:25 -07:00
e121139178
Merge pull request #3179 from ejohnstown/suitesz
...
Suite Size Check
2020-08-06 11:05:10 -07:00
15be5476e9
Merge pull request #3185 from SparkiDev/fp_check_max
...
tfm: Check for overflow and return error (fixed max size)
2020-08-06 10:54:26 -07:00
4e9d49556e
Merge pull request #3194 from SparkiDev/unit_fix_1
...
Fix unit.test to not fail randomly
2020-08-06 10:51:12 -07:00
462f4f9e45
Merge pull request #3196 from cconlon/cavpmarvell
...
Add fips-check.sh target for marvell-linux-selftest, selftest v2 support
2020-08-06 10:45:03 -07:00
b2e7c09b71
ksdk_port.c: third time's the charm? (typo, s/curve25529_bCurveParam/curve25519_bCurveParam)
2020-08-06 12:02:01 -05:00
7ae789dbb0
wolfcrypt/src/curve25519.c: fix typo in wc_curve25519() -- CURVE25519_KEYSIZE, not CURVE25519_KEY_SIZE; add static kCurve25519BasePoint at top level
2020-08-06 11:45:54 -05:00
5cad0b10e5
fix typo in wolfcrypt/src/port/nxp/ksdk_port.c ("curve_bCurveParam" vs correct curve25529_bCurveParam) introduced in aadec345ab.
2020-08-06 11:35:04 -05:00
77bb300409
Removed unnecessary pointers, matched Xfree arugments and checked the return values of generated keys
2020-08-06 09:21:41 -07:00
afcb40724e
Added proper ifdef's to EccPrivateKeyToDer
2020-08-06 08:06:06 -07:00
435eabfb4b
Fix build error with unused variables. Added compat function for X509_add_ext.
2020-08-06 07:51:04 -07:00
25619119b4
Change implicit conversions to explicit conversions
2020-08-06 15:52:11 +02:00
f1e2a3c8b9
Code review changes
2020-08-06 15:52:11 +02:00
139a192185
Implement wolfSSL_d2i_X509_NAME
2020-08-06 15:52:11 +02:00
ca3a608408
Implement functions
...
- `wolfSSL_d2i_ECPrivateKey`
- `wolfSSL_EC_POINT_add`
- `wolfSSL_EC_POINT_invert`
2020-08-06 15:52:11 +02:00
2529ce21b0
Implement wolfSSL_EC_GROUP_dup
2020-08-06 15:52:11 +02:00
ea8dd31de0
Implement wolfSSL_i2d_PUBKEY and refactor wolfSSL_i2d_PrivateKey
2020-08-06 15:52:11 +02:00
1f0d6d5f31
New functions implemented
...
- `EC_POINT_is_on_curve`
- `i2d_EC_PUBKEY`
- `i2d_ECPrivateKey`
- `wc_ecc_point_is_on_curve`
2020-08-06 15:52:11 +02:00
88b9bf3fba
Fix memory leak with EncryptDerKey
2020-08-06 15:52:11 +02:00
e131d6be5b
group->curve_nid is now set to the real NID of the curve
2020-08-06 15:52:11 +02:00
471a9bd9fd
Handle 2+ dtls APP data records in one udp packet
...
Just return one message at a time if processing application data
2020-08-06 14:03:38 +02:00
c28b7b59c3
Fix jenkins leaks
2020-08-06 13:47:26 +02:00
ad2e710563
Fix missing free
2020-08-06 13:47:26 +02:00
a6651a21f8
Fix segfault
2020-08-06 13:47:26 +02:00
229c5e9563
wolfSSL_X509V3_EXT_i2d cont.
2020-08-06 13:47:26 +02:00
dfee8d0346
wolfSSL_X509V3_EXT_i2d now copies structs instead of trying to convert to DER format
2020-08-06 13:47:26 +02:00
fe1f815761
wolfSSL_X509V3_EXT_i2d: NID_ext_key_usage
2020-08-06 13:45:36 +02:00
e89015b58a
WIP: wolfSSL_X509V3_EXT_i2d
2020-08-06 13:45:36 +02:00
3621af9996
Implement new OpenSSL API
...
- i2d_PKCS8PrivateKey_bio
- X509V3_EXT_i2d
- SSL_renegotiate_pending
2020-08-06 13:45:36 +02:00
42c8f8f9b5
Check for WOLFSSL_AEAD_ONLY in wolfSSL_dtls_import_internal
2020-08-06 13:44:09 +02:00
18178e056d
add missing const qualifiers to arch variants of curve25519(), and to nxp_ltc_curve25519().
2020-08-05 21:12:50 -05:00
4a167c0f2c
Merge pull request #3119 from tmael/do178-fix
...
DO-178 fix
2020-08-05 16:30:00 -07:00
8afd629a30
Fix unit.test to not fail randomly
...
Get the serial number from the certificate to calculate the encoding size.
Fix making of the certificate to copy serial number out if not already set.
2020-08-06 08:52:21 +10:00
9671901de6
Added a free call to SetSubjectBuffer
2020-08-05 15:52:09 -07:00
83caf39caa
SP ECC Cache Resitance
...
SP ECC improved cache attack resistant implementation.
On by defualt and turn off with WC_NO_CACHE_RESISTANT.
2020-08-06 08:21:08 +10:00
e5e87db6aa
add HAVE_EX_DATA, OPENSSL_ALL, HAVE_ALPN to enable-jni configure option
2020-08-05 15:43:26 -06:00
c421445ba9
Added no SHA-1 hash support for OPENSSL compatibility. Fix for ./configure --enable-opensslextra --disable-sha. This allows using SHA2-256 for the hashing including the derived issuerHash and subjectHash. Adds issuer hash openssl compatibility function X509_issuer_name_hash.
2020-08-05 14:43:24 -07:00
ffa2cdd2d1
add public function wc_curve25519() "compute the public key from an existing private key, using bare vectors."; rename existing _LOCAL functions wc_curve25519_GetBasePoint() and wc_curve25519() to nxp_ltc_curve25519_GetBasePoint() and nxp_ltc_curve25519() respectively; add const qualifiers opportunistically to existing _LOCAL function curve25519()
2020-08-05 16:28:17 -05:00
49e5d8efea
Added additional ifdef's to Ed25519 functions and cast derSz to word32
2020-08-05 12:31:50 -07:00
633e950942
Added asn.c unit tests
2020-08-05 10:57:32 -07:00
d12b80abdf
Merge pull request #3192 from ethanlooney/21st_branch
...
Added check for wolfmath.c for digits == 0 and test for api.c
2020-08-05 09:51:51 -06:00
1034139214
Merge pull request #3081 from kaleb-himes/GH2998_REWORK_FOLLOWUP
...
Cleanup of example client/server buffer sizes
2020-08-05 09:31:30 -06:00
6c4bcb3b59
tfm: Check for overflow and return error (fixed max size)
2020-08-05 10:42:32 +10:00
5d7649c959
Review comment in sp_int file
2020-08-04 15:37:20 -07:00
def3192073
Merge pull request #3189 from SparkiDev/ed448_pkcb_fix
...
Fix calls to Ed448 sign and verify in test.h
2020-08-04 17:23:45 -05:00
0bdaa2d572
Merge pull request #3169 from dgarske/stmcube
...
STM Cube fixes and documentation improvements
2020-08-04 15:08:04 -07:00
42856287ee
Added check for wolfmath.c for digits == 0 and test for api.c
2020-08-04 13:25:10 -07:00
8d00b015c1
Merge pull request #3182 from dgarske/configall_noold
...
Fix to NOT enable SSLV3 and TLS v1.0 with `--enable-all`
2020-08-04 12:25:59 -07:00
5641e2ae50
Merge pull request #3173 from ethanlooney/18th_branch
...
Added unit tests for wolfmath.c
2020-08-04 09:10:21 -06:00
c6f83645fe
Fix calls to Ed448 sign and verify in test.h
2020-08-04 09:56:14 +10:00
0df2da47ff
Merge pull request #3180 from embhorn/zd10697
...
Fix OOB in fp_read_radix_16
2020-08-03 16:44:01 -07:00
a536e8acd6
Merge pull request #3187 from SparkiDev/config_fix_1
...
Fixes for different configurations
2020-08-03 16:41:50 -07:00
48be407852
Merge pull request #3186 from SparkiDev/rsa_pss_oob
...
RSA PSS check input length is hash length
2020-08-03 16:41:15 -07:00
87f5dac3c4
Merge pull request #3170 from kaleb-himes/FIPS_USER_SETTINGS
...
Remove fixed len constraint in FIPS mode
2020-08-03 16:35:26 -07:00
bfb4b2079b
Merge pull request #3163 from dgarske/nrf52
...
Fixes for building against latest nRF52 SDK
2020-08-03 16:33:49 -07:00
3e84f1c53f
Merge pull request #2882 from dgarske/example_configs
...
Added area for template user_settings files in `examples/config`
2020-08-03 16:32:57 -07:00
7f381275b1
Removed comment and changed len equal to variables instead of numbers
2020-08-03 13:31:11 -07:00
6c92116124
Move cipherExtraData so that it is available when HAVE_SESSION_TICKET
2020-08-03 15:32:49 +02:00
d0969ea1ce
Fixes for different configurations
...
Fix SkipInt() to work with DSA.
Fix protection around SetBitString16Bit() - when WOLFSSL_CERT_GEN and
WOLFSSL_CERT_EXT defined is only use.
WOLFSSL_RSA_VERIFY_ONLY and PSS means testing of PSS won't work.
Fix g++ build around ASN1_SEQUENCE - const variable required to be
initialized.
2020-08-03 14:55:09 +10:00
3ffa4350e8
RSA PSS check input length is hash length
...
Input is the hash of the message and the hash type is the hash used to
generate the hash/input.
2020-08-03 12:17:03 +10:00
4f91d60d22
Fixes for build issues without OPENSSL_EXTRA defined.
2020-07-31 15:25:58 -07:00
776b1a2d17
Fix for ED25519 with user_settings.h. Fixes for build warnings. Fix spelling error. Added template for wolfBoot key/sign tools.
2020-07-31 15:17:53 -07:00
197c21a508
Fix for --enable-all (also used by --enable-distro) to NOT enable SSLV3 and TLS v1.0.
2020-07-31 13:54:08 -07:00
d21d95c629
Fix OOB in fp_read_radix_16
2020-07-31 15:19:40 -05:00
3531b581b5
Added return code check wolfSSL_CryptHwMutexInit
2020-07-31 12:01:09 -07:00
904241cba4
Fix to only init the RNG once for nRF51/nRF52x.
2020-07-31 11:56:32 -07:00
fd4f8fe7a0
Suite Size Check
...
1. Check that the cipher suite size is even when doing the Client
Hello message.
2. Check that the cipher suite size is a multiple of three when doing
the Old Client Hello message.
3. Check that the hash/signature algorithm list size is even when
processing the extensions.
2020-07-31 11:44:24 -07:00
ff08a01f94
Merge pull request #3171 from SparkiDev/tls13_fin_fix
...
TLS 1.3: Client requires cert_vfy before finished when not PSK
2020-07-31 11:28:24 -07:00
e7fe460fac
Merge pull request #2746 from dgarske/cmake
...
Adds CMake support to wolfSSL
2020-07-31 11:14:59 -07:00
71cc5381ad
Added new examples/config area with template user_settings.h files and instructions for using.
2020-07-31 11:01:58 -07:00
b627610cde
Added bad test cases for get_digit and corrected comment formatting
2020-07-31 09:44:10 -07:00
db20fb6ca1
Fixes for using CMake with Visual Studio. Improvements to documentation for portability.
2020-07-30 16:44:36 -07:00
c30ffad622
Fix for STM PKA ECC parameters. Improvements to the STM AES GCM code. Cleanup of hardware mutex code.
2020-07-30 16:00:19 -07:00
48e1dfc910
Remove the STM Cube .ioc files. These examples have been moved to the wolf Cube pack ( https://www.wolfssl.com/files/ide/I-CUBE-WOLFSSL-WOLFSSL.pack )
2020-07-30 14:45:52 -07:00
c52930bb8a
Added freerng to 'test_mp_rand'
2020-07-30 09:37:05 -07:00
d03971e233
Add comment to clarify errno in test
2020-07-30 09:18:45 -07:00
493510e2ea
Review comments
2020-07-30 09:18:45 -07:00
4cc7f9e4a9
Check correct returned value
2020-07-30 09:18:45 -07:00
cebb283822
DO-178 changes
2020-07-30 09:18:45 -07:00
3381eb2094
Added tests for Sha512.c
2020-07-30 09:18:45 -07:00
d96f86fcd9
Merge branch 'master' into GH2998_REWORK_FOLLOWUP
2020-07-30 09:47:48 -06:00
1168bdd05b
Merge pull request #3165 from ethanlooney/17th_branch
...
Added unit tests for wc_port.c
2020-07-30 09:08:28 -06:00
4c0105ed9d
Merge pull request #3175 from ejohnstown/dtls-speed-redux
...
DTLS Test Speed Fix Redux
2020-07-30 22:17:40 +10:00
a38f7a4fca
Added STM32F1 Cube HAL support (we had StdPeriLib, not Cube).
2020-07-29 17:22:41 -07:00
397d1ab19c
DTLS Test Speed Fix Redux
...
1. Fix the check for XSLEEP_US in the client.
2. Added XSLEEP_MS to mirror XSLEEP_US, in terms of XSELECT().
2020-07-29 16:51:08 -07:00
64f6dc08f7
Merge pull request #3164 from SparkiDev/tls13_ocsp2
...
TLS 1.3 server MUST NOT use OCSP Status V2
2020-07-29 16:23:24 -07:00
46ef82e2fd
For for STM32 with TLS v1.3 and AES-GCM. The IV was not being reset after using hardware causing the aes->reg to be incorrect.
2020-07-29 15:39:49 -07:00
e4650a9151
Fixes for STM32 Crypto hardware acceleration locking to work with multiple threads. Fix for api.c missing devId in new RNG test. Added STM32F207 to configuration template.
2020-07-29 14:55:35 -07:00
b4cd0886bb
Changed test returns for 'get_digit' to remove implicit conversion errors
2020-07-29 14:23:03 -07:00
7861a22d28
add marvell-linux-selftest target to fips-check.sh
2020-07-29 15:10:47 -06:00
c6b4fa3be3
add selftest version for newer 4.1.0 validation
2020-07-29 15:10:47 -06:00
dafc2bf8d4
Added redirect note for OpenSTM32 to STM32Cube example. PR #3031 . Updates to README.md from ST.
2020-07-29 12:04:14 -07:00
7c59c74e07
Added unit tests for wolfmath.c
2020-07-29 10:34:15 -07:00
b524926837
Deleted unneeded xfopen and xfclose
2020-07-29 09:31:37 -07:00
80678d96b6
Change to inline comment
2020-07-29 10:10:33 -06:00
af92c531bf
Merge pull request #3168 from ethanlooney/16th_branch
...
Added semicolons to two functions to fix doxygen issues and deleted ssl param and replaced it with ctx param
2020-07-29 09:31:14 -06:00
f59a1fa295
TLS 1.3: Client requires cert_vfy before finished when not PSK
2020-07-29 10:21:34 +10:00
e618257f21
Merge pull request #3167 from dgarske/test_fixups
...
Fixes for `mutex_test` and API unit test `derSz`
2020-07-28 16:45:58 -07:00
4cbf3c3dcd
Fixes for the STM Cube TLS in-memory example for CMSIS RTOS v2.
2020-07-28 15:52:02 -07:00
70aa11f0a9
Merge pull request #3153 from ethanlooney/15th_branch
...
Added unit tests for Logging.c
2020-07-28 16:35:31 -06:00
567f1b8be4
Add to settings.h w a warning directive
2020-07-28 15:52:36 -06:00
1ed66f11a9
Fixes for STM32L5 benchmarks.
2020-07-28 13:56:23 -07:00
ffdc2eddf6
Remove fixed len constraint in FIPS mode
2020-07-28 13:34:52 -06:00
223f848dae
Expanded documentation for using the wolfSSL Cube pack. Added STM32 benchmarks for several boards.
2020-07-28 12:08:12 -07:00
9160a126e4
Fixes for running wolfCrypt test/benchmark with SECP256R1 disabled. Improved detection of ECC key generation size.
2020-07-28 11:43:48 -07:00
ff12da30df
Merge pull request #2713 from akmcomau/16bit
...
Updates for 16bit processors / Disable ATECC transport key
2020-07-28 09:27:27 -07:00
5af4872bab
Changed lock type to 0
2020-07-28 09:16:43 -07:00
0448004535
Added semicolons to two functions to fix doxygen issues and deleted ssl param and replaced it with ctx param
2020-07-28 08:39:23 -07:00
25fcd082d7
Improve the mutex_test test with pthreads. Fixes #3109
2020-07-28 08:19:32 -07:00
8440973d99
Fix for derSz calculation on non-const value keySz. ZD 10654
2020-07-28 08:18:42 -07:00
c67aeba806
Merge pull request #3156 from dgarske/armasm
...
Fixes for building with `WOLFSSL_ARMASM` when `user_settings.h` is used
2020-07-27 16:45:25 -07:00
f46e08e9ea
Merge pull request #3158 from kaleb-himes/ZD10580_R2
...
Address buffer underflow, thanks to J.S. for the report on ZD10580
2020-07-27 16:42:42 -07:00
5ef7ff6054
Merge pull request #3149 from SparkiDev/tls13_no_cli_cert_err
...
TLS 1.3: Client with no certificate an error with define
2020-07-27 16:40:07 -07:00
13eab0aeab
Also check for NRF52_SERIES, since NRF52 is only for NRF52832_XXAA.
2020-07-27 15:26:55 -07:00
99f72faedb
Fix for nRF5x AES GCM so key is set. Fixes GMAC test. Don't force enable wolf memory and no ASN time for WOLFSSL_NRF5x.
2020-07-27 14:30:41 -07:00
8b25b48621
Improvements to CMake support based on feedback from users.
2020-07-27 12:13:08 -07:00
b273ba771e
Add new file to automake.
2020-07-27 11:04:37 -07:00
9a281e5e3a
Adds CMake support to wolfSSL:
...
* Build wolfSSL as a library and builds all examples / tests.
* Added instructions in the INSTALL file.
* Fix for evp.c when being included directly due to improperly placed `WOLFSSL_EVP_INCLUDED`.
2020-07-27 11:04:37 -07:00
e7429c8504
Added unit tests for wc_port.c
2020-07-27 09:32:25 -07:00
6b3b37604f
Merge pull request #3159 from ethanlooney/16th_branch
...
Added doxygen comments and changed footer date to 2020
2020-07-27 09:24:59 -06:00
b0ed250f09
Merge pull request #3162 from ethanlooney/18th_branch
...
Changed ifndef(NO_SHA224) to ifdef(WOLFSSL_SHA224)
2020-07-27 09:21:28 -06:00
76a35f2a77
TLS 1.3: Client with no certificate an error with define
...
WOLFSSL_NO_CLIENT_CERT_ERROR
2020-07-27 09:54:51 +10:00
b775058f49
TLS 1.3 server MUST NOT use OCSP Status V2
...
Parses the extension but does not use the information.
TLSX code change to ensure that the OCSP Status V2 extension is not
written out in EncryptedExtension, CertificateRequest nor Certificate
messages.
2020-07-27 09:32:14 +10:00
7883156f49
Merge pull request #3160 from dgarske/ecc_nb_noctx
...
Fix for ECC non-blocking only to allow calling without context set
2020-07-27 08:53:42 +10:00
8417e0b725
Fixes for building against latest nRF52 SDK. Allow nRF5x AES GCM to be enabled (uses software, but ECB is accelerated). Fix in wolfCrypt test for building AES GSM only with NO_AES_DECRYPT.
2020-07-24 15:46:17 -07:00
b734b13120
Changed ifndef(NO_SHA224) to ifdef(WOLFSSL_SHA224) due to 'NO_SHA224' not existing
2020-07-24 14:24:50 -07:00
7b357cff39
Changed param's, examples and brief's
2020-07-24 12:54:29 -07:00
e84defb268
Merge pull request #3044 from dgarske/sniffer_tls13
...
TLS v1.3 sniffer support
2020-07-24 11:46:38 -07:00
6088a7bd79
Added if defined debug check to only print to file if debug is enabled
2020-07-24 10:03:49 -07:00
6324aec179
Fix for ./configure --enable-sp=yes,nonblock --enable-sp-math CFLAGS="-DWC_ECC_NONBLOCK_ONLY".
2020-07-24 09:30:45 -07:00
38cef2b3c9
Merge pull request #3151 from ejohnstown/dtls-size
...
DTLS Size Fix
2020-07-24 08:19:50 -07:00
8789ebb02e
Merge pull request #3152 from ejohnstown/dtls-test-speedup
...
DTLS Test Speedup
2020-07-23 16:53:39 -07:00
1559d66261
Fix for WC_ECC_NONBLOCK_ONLY case to also check WC_ECC_NONBLOCK.
2020-07-23 15:41:09 -07:00
fd1a1bd0f7
Add some missing frees to the example client when using in the return-not-exit mode for tests.
2020-07-23 14:32:48 -07:00
20ef2daa9f
Fix for ECC non-blocking to allow calling without context set and block when WC_ECC_NONBLOCK_ONLY is defined. In FIPS mode we need "blocking".
2020-07-23 14:31:41 -07:00
6bc4bfd7f2
Added doxygen comments to include all missing ABI functions and changed footer date from 2017 to 2020
2020-07-23 13:25:18 -07:00
81475fac96
Merge pull request #3154 from embhorn/zd10651
...
Fix build error with X509_SMALL config
2020-07-23 13:34:29 -06:00
839044d9e1
1. Remove dead assignment from client test.
...
2. Fix memory leak in example server test.
3. Use verify callback on certificates to allow callback to fail
them.
4. Restore the forced failure test cases.
5. Make the verify action thread local.
2020-07-23 12:26:49 -07:00
303d0dfedb
Merge pull request #3157 from embhorn/zd10631
...
Fix build issue with OPENSSL_EXTRA_X509_SMALL
2020-07-23 13:18:28 -06:00
3c5c0f88d4
Address buffer underflow, thanks to J.S. for the report on ZD10580
2020-07-23 12:20:41 -06:00
563806c497
Changed the log dump txt file's directory to include /tests and added it to make clean
2020-07-23 10:12:40 -07:00
1f8d4149a5
Merge in master
2020-07-23 21:39:18 +10:00
d02e52e07b
More updates from code review
2020-07-23 21:28:51 +10:00
568fc8f5bd
Fixes for compiling for ARM64 iOS
...
Fix bug in ChaCha20 assembly code (was writing one byte too many).
Fix the assembly code to have APPLE format.
Change Poly1305 inline assembly as requested by compiler.
Initialize variables that will be set anyway - compiler complaint.
Change to use the assembly code files for Curve25519 and SHA-512.
Ed25519 not suported with ARM assembly.
2020-07-23 18:08:37 +10:00
e198f6e73b
Merge pull request #3141 from SparkiDev/tls_cert_alert
...
Send more detail alerts for bad certificates
2020-07-22 16:46:14 -07:00
ab7535c3f6
Merge pull request #3135 from SparkiDev/fp_set_bit
...
fp_set_bit: return error when bit offset is too large
2020-07-22 16:40:17 -07:00
d75e6d4f55
Merge pull request #3131 from JacobBarthelmeh/Testing
...
add sanity check on padSz
2020-07-22 16:39:27 -07:00
ea21d56463
Merge pull request #3127 from SparkiDev/mp_sub_d
...
mp_sub_d (integer.c): return error when digit is too big
2020-07-22 16:38:37 -07:00
f7e4c1c8ad
Added SetLoggingCb check
2020-07-22 15:44:13 -07:00
9b421ce497
Fix for config failure
2020-07-22 17:22:46 -05:00
5f2de9e176
Merge pull request #3130 from TakayukiMatsuo/master
...
Add support for "X72N Envision Kit" evaluation board
2020-07-22 16:22:14 -06:00
98ae3a2352
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
fe08f23a50
Improved test sleep. Cleanup sleep calls.
2020-07-22 13:08:57 -07:00
3a2be13043
Remove execute bit on file.
2020-07-22 12:52:53 -07:00
c5371a2dbd
Fix for kResumeMsg unused if NO_SESSION_CACHE defined.
2020-07-22 12:15:14 -07:00
39271e9234
Fix build issue with OPENSSL_EXTRA_X509_SMALL
2020-07-22 14:08:57 -05:00
1af38c5c55
Fixes for building with WOLFSSL_ARMASM when user_settings.h is used.
2020-07-22 10:47:35 -07:00
5e515c12fb
Removed unneeded comment
2020-07-22 08:28:43 -07:00
c8e9d058f0
DTLS Test Speedup
...
Change the example client to use select instead of sleep.
If building for the standalone client, it will wait 1 second.
If built for no main driver, it'll wait 10ms rather than 1 second.
2020-07-21 18:40:18 -07:00
11b0d963d3
Fix for example client to send HTTP GET on resume with "-g". Fixes issue with ./scripts/openssl.test.
2020-07-21 15:42:33 -07:00
056ee0987c
Merge pull request #3146 from dgarske/sp_nonblock
...
ECC non-blocking support
2020-07-22 08:36:21 +10:00
953e7cf181
Changed sz type from int to long
2020-07-21 15:28:17 -07:00
89913076f1
Fix build error with X509_SMALL config
2020-07-21 16:36:30 -05:00
639f73fe1f
Fix for client writes to not include the null term.
2020-07-21 13:42:01 -07:00
4e637ddf10
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
8ead28f2f4
Merge pull request #3150 from ejohnstown/sctp-test
...
SCTP Test
2020-07-21 12:46:13 -07:00
b500a54fc5
Added new file to read in and dump error message and added cleanup within cleanup script
2020-07-21 12:30:43 -07:00
e8034619ba
Add more if defined to ERR_print_errors_fp
2020-07-21 12:30:43 -07:00
9268ae1397
Fix line length issues. Add debug msg in test to show number of non-blocking iterations.
...
```
$ ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" --enable-debug && make
$ ./wolfcrypt/test/testwolfcrypt
...
ECC non-block sign: 18063 times
ECC non-block verify: 35759 times
ECC test passed!
```
2020-07-21 10:41:25 -07:00
c45e192581
Send more detail alerts for bad certificates
2020-07-22 00:07:23 +10:00
c204eb0fb1
commented out NO_ASM_TIME macro to enable certificate validation
2020-07-21 16:09:16 +09:00
5d5aa129ca
When attempting to send a message with DTLS, if it is too large, return an error rather than splitting it across records. (ZD 10602)
2020-07-20 16:14:53 -07:00
10c293a76c
SCTP Test
...
1. Removed test cases for DTLSv1.0 that used AEAD ciphers.
2. Cleaned up some typos in the test configs.
3. Fixed typo in a WOLFSSL_SCTP ifdef check.
2020-07-20 15:03:48 -07:00
61d81dd878
Merge pull request #3123 from SparkiDev/mp_rshb
...
rshb check range of n
2020-07-20 13:08:45 -07:00
29abd72c39
Merge pull request #3024 from kaleb-himes/ZD10411
...
Update arduino script to reflect includes of inline files
2020-07-20 11:29:49 -07:00
e6017de19d
Fix in snifftest to try loading private key into static ephemeral and private key. Updated pcap files (were missing TCP packets).
2020-07-20 11:10:46 -07:00
ddb2923c19
Merge pull request #3133 from ethanlooney/13th_branch
...
Added unit tests for Hash.c - Fixed hash formatting errors
2020-07-20 10:03:28 -06:00
86745dd7fc
Merge pull request #3134 from ethanlooney/14th_branch
...
Added unit tests for Random.c
2020-07-20 10:02:22 -06:00
52d363390a
rshb check range of n
2020-07-20 11:12:35 +10:00
a8f121b5f8
Merge pull request #3144 from JacobBarthelmeh/examples
...
increase example client key share group array size
2020-07-20 08:38:20 +10:00
23a3ead758
Framework for new TLS v1.3 sniffer tests.
2020-07-17 15:56:56 -07:00
9409d8682f
Fix for building without session-ticket.
2020-07-17 15:22:35 -07:00
e15e0828bf
Cleanup of the SHOW_SECRET debugging. Use only latest wolf API's (not older Cyassl names).
2020-07-17 15:22:35 -07:00
3be390d50d
Added TLS v1.3 session resumption support. TLS v1.3 uses session tickets and a resumption secret is derived after the "finished" message. This uses the internal static wolf session cache to retain the resumption secret between sniffer sessions.
2020-07-17 15:22:35 -07:00
1b051d9c5b
TLS v1.3 sniffer support:
...
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
2020-07-17 15:22:35 -07:00
80f5fe1494
Added documentation for wc_ecc_set_nonblock.
2020-07-17 15:20:23 -07:00
90ee12f51a
Added test case for ECC non-blocking. ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" && make.
2020-07-17 15:13:50 -07:00
547144bc9c
Adds ECC non-blocking sign/verify support when used with SP math. New --enable-sp=nonblock and --enable-ecc=nonblock options. Example ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock.
2020-07-17 15:13:50 -07:00
080ccd9820
Merge pull request #3145 from JacobBarthelmeh/Compatibility-Layer
...
sanity check on return value for wolfSSL_X509_NAME_ENTRY_get_object
2020-07-17 15:05:25 -07:00
ef71099225
Removed duplicate semicolon and deleted unneeded initrng
2020-07-17 10:34:38 -07:00
01a01c373f
sanity check on return value for wolfSSL_X509_NAME_ENTRY_get_object
2020-07-17 11:03:12 -06:00
e55ca1a8cf
increase example client key share group array size
2020-07-17 10:26:34 -06:00
93c6e99aef
Added a ret check
2020-07-17 08:45:39 -07:00
4ff6b6a908
Merge pull request #3142 from SparkiDev/sp_int_small
...
Fix SP math for small builds. Fixes #3139
2020-07-17 08:33:05 -07:00
0336fdb98d
Fix SP math for small builds
2020-07-17 12:00:14 +10:00
cd025d4e03
Added RX72NEnvisionkit/include.am
2020-07-17 09:30:40 +09:00
96e59118fc
Changed the if defined order and to include fips and selftest
2020-07-16 15:50:03 -07:00
2275b89654
Removed unnecessary comments and added HashInit's and checked that they returned errors when they should
2020-07-16 12:38:55 -07:00
50f228af0a
Merge pull request #3125 from SparkiDev/mp_leading_bit
...
Change mp_leading_bit (integer.c) to not to require a copy
2020-07-16 11:05:09 -07:00
859a1eebe4
Merge pull request #3124 from SparkiDev/sp_add_d
...
Fix sp_add_d
2020-07-16 10:56:28 -07:00
9137794cb4
Merge pull request #3105 from embhorn/zd10457_a
...
Adding wolfSSL_X509_check_ip_asc
2020-07-16 10:53:27 -07:00
eb7a01342f
fp_set_bit: return error when bit offset is too large
...
If the bit to set is beyond the predefined maximum size then return an
error.
Same for fp_is_bit_set().
2020-07-16 12:34:31 +10:00
f2b279e834
Update from review
2020-07-15 20:57:04 -05:00
fbe0c8cba7
Merge pull request #3122 from JacobBarthelmeh/Compatibility-Layer
...
fix X509 multiple OU's and refactor
2020-07-15 15:06:22 -07:00
925e9d9213
Merge pull request #3075 from julek-wolfssl/dtls-no-cookie
...
DTLS session resumption fixes
2020-07-15 14:07:34 -07:00
edf88c3da1
Merge pull request #3073 from SparkiDev/tls13_dox
...
Update TLS 1.3 function Doxygen documentation
2020-07-15 13:58:07 -07:00
d54a51cd20
Added if not defined wc_no_rng
2020-07-15 13:56:12 -07:00
7a642e2b78
Added unit tests for Random.c
2020-07-15 12:55:19 -07:00
6be76e84ec
Fixed formatting for Shake256Hash
2020-07-15 12:52:17 -07:00
9a07df9631
Changed hash size to 144 for Shake256Hash
2020-07-15 12:52:17 -07:00
379212acec
Initialized variable data
2020-07-15 12:52:17 -07:00
aaa6e892da
Added unit tests for hash.c
2020-07-15 12:52:17 -07:00
525a3cb9c3
Move API out of OPENSSL_EXTRA
2020-07-15 10:48:11 -05:00
d1a82589f9
Adding wolfSSL_X509_check_ip_asc
2020-07-15 10:48:11 -05:00
12478a4534
Merge pull request #3128 from tmael/fips_ossl
...
Correct string truncation of XSTRNCAT
2020-07-14 17:17:27 -07:00
e754076c37
Change mp_leading_bit (integer.c) to not to require a copy
2020-07-15 09:20:15 +10:00
ddad95d52c
mp_sub_d (integer.c): return error when digit is too big
...
Code can't handle subtracting a number (an mp_digit) larger than
DIGIT_BIT. Now returns an error rather than giving wrong result.
2020-07-15 09:18:35 +10:00
51e49dbfac
Fix sp_add_d
2020-07-15 09:15:04 +10:00
a8736dd89d
set heap hint for name malloc
2020-07-14 14:23:49 -06:00
1caa6f860b
Merge pull request #3088 from kaleb-himes/ZD10539
...
Change Hash union to wc_Hmac_Hash
2020-07-14 11:23:30 -07:00
2dcf4c1696
Merge pull request #3087 from SparkiDev/sp_math_mod
...
Fix div implementation in SP int
2020-07-14 11:19:15 -07:00
173b9833fc
fixes for edge build cases and static memory
2020-07-14 09:07:23 -06:00
20682ef0aa
Add support for RX72N Envision Kit
2020-07-14 11:33:19 +09:00
aee208f1b1
Correct build
2020-07-13 17:29:12 -07:00
4938baa892
Merge pull request #3121 from ethanlooney/12th_branch
...
Added unit tests for Sha3.c
2020-07-13 17:29:45 -06:00
85437e4097
add sanity check on padSz
2020-07-13 17:17:57 -06:00
63c8f7d1b1
x509 small build and memory free
2020-07-13 15:51:27 -06:00
a77085960e
Merge pull request #3103 from TakayukiMatsuo/master
...
Supprted TSIP v1.09 for target board GR-ROSE
2020-07-13 14:35:07 -06:00
c5b8181005
Added a free call for shake256_copy
2020-07-13 09:58:00 -07:00
cbfda8e596
Merge pull request #3111 from ethanlooney/tenth_branch
...
Changed EXTRACT_ALL from NO to YES in order to document every function using Doxygen
2020-07-13 10:05:54 -06:00
d880d59974
fix for init of renegotiation and fix for compiler warnings
2020-07-13 00:31:40 -06:00
eec5f4a109
set initial NID value and account for null character on string
2020-07-12 19:54:50 -06:00
af1b532758
Applied review comments to the code
2020-07-11 17:17:33 +09:00
ed9648770d
Merge pull request #3120 from ethanlooney/11th_branch
...
Added unit tests for Sha512.c
2020-07-10 17:12:23 -06:00
2aaeb2a2df
fix X509 multiple OU's and refactor
2020-07-10 17:12:20 -06:00
84aa7d746a
Added unit tests for Sha3
2020-07-10 15:43:08 -07:00
a90d6b2a5e
Merge pull request #3039 from tmael/cov-fix2
...
Coverity fix in wolfSSL 4.4.0 - part 2
2020-07-10 13:06:22 -07:00
b8078ab789
Merge pull request #3092 from dgarske/sniffer_loadbuf
...
Added sniffer API's to load buffer directly
2020-07-10 12:58:45 -07:00
7e23273d1c
Changed directory for Doxygen's search to only the necessary header files
2020-07-10 12:51:21 -07:00
b931dc0d6e
Merge pull request #3110 from JacobBarthelmeh/SGX
...
add SP build for SGX
2020-07-10 10:29:50 -07:00
295aa4ac55
Added tests for Sha512.c
2020-07-10 10:15:32 -07:00
64c0d53a2d
Use portable friendly XVALIDATE_DATE in ssl.c and add wc_ to default
2020-07-10 09:43:24 -06:00
03839ea641
Changed EXTRACT_ALL from NO to YES in order to document every function
2020-07-10 08:16:15 -07:00
ed0f2bb8f5
Added sniffer API's to load buffer directly, not file. ZD 10547
2020-07-09 08:54:26 -07:00
942226dc5a
Merge branch 'master' of https://github.com/wolfSSL/wolfssl to get updated ocsp tests
2020-07-09 07:47:54 +09:00
b952f18eb4
Merge pull request #3104 from JacobBarthelmeh/nginx
...
Nginx 1.15.7
2020-07-09 08:46:30 +10:00
3e0d0677ee
Merge pull request #3116 from embhorn/zd10570
...
Sanity check in DoTls13HandShakeMsgType
2020-07-09 08:42:37 +10:00
e37bd2ade6
Merge pull request #3113 from guidovranken/scrypt-return-memory-e
...
Return MEMORY_E from wc_scrypt if allocation fails
2020-07-09 08:28:51 +10:00
890500c1b1
Fix Coverity
2020-07-08 08:20:43 -07:00
1e94f0478c
Added resetting size info output-buffer before calling export APIs
...
Added resetting size into output-buffer before calling export APIs
2020-07-08 08:20:43 -07:00
b9855b51bf
Sanity check in DoTls13HandShakeMsgType
2020-07-08 07:55:05 -05:00
5f5040686e
Merge pull request #3112 from kaleb-himes/INTERNAL_OCSP_STAPLING_FIX
...
Put both potential roots for login.live.com into collection for stapl…
2020-07-07 20:46:09 -05:00
7f66671449
In wc_PKCS12_PBKDF_ex, break out of outer loop on error
2020-07-08 01:38:02 +02:00
43e1eee55d
Return MEMORY_E from wc_scrypt if allocation fails
2020-07-08 01:04:37 +02:00
aa704420fd
Fix typo in include.am
2020-07-07 16:39:39 -06:00
c8dcd59565
Merge pull request #3082 from JacobBarthelmeh/Testing
...
restrict the cert version allowed
2020-07-07 15:37:01 -07:00
42f3a6d7a4
Put both potential roots for login.live.com into collection for stapling test
2020-07-07 16:02:48 -06:00
6196698d8b
Merge pull request #3099 from ethanlooney/eighth_branch
...
Added unit tests to sha256.c for sha224 and sha256.
2020-07-07 15:37:38 -05:00
333f4ccced
add SP build for SGX
2020-07-07 10:43:44 -06:00
a95b31041c
Added NO_ASN_TIME macro to avoid cert expiration validation
2020-07-07 18:40:41 +09:00
80246dfbc3
Merge pull request #3102 from guidovranken/free-tlsx
...
In TLSX_SupportedFFDHE_Set, free TLSX list if TLSX_PopulateSupportedG…
2020-07-07 08:25:13 +10:00
296b562113
Fixed formatting and forgotten curly bracket
2020-07-06 12:33:06 -07:00
1b7a96627c
Changed formatting
2020-07-06 12:05:55 -07:00
301e5c03b9
Merge pull request #3097 from SparkiDev/sp_int_mul_of
...
Fix SP int size of result checks
2020-07-06 11:17:01 -07:00
b8314a70f9
Merge pull request #3089 from kaleb-himes/ZD10539_LICENSING
...
Add or later verbage to LICENSING and sync header license versions
2020-07-06 11:11:11 -07:00
514254e294
Merge pull request #3069 from SparkiDev/gnu-stack
...
Add section to asm files to avoid exe stack
2020-07-06 11:08:24 -07:00
e194a11cb8
add wolfSSL_SESSION_new and change to peek error
2020-07-06 10:47:46 -06:00
dfde73620c
Added if defined cases for tests using hashes
2020-07-06 08:07:03 -07:00
9554e54e8f
Resolved conflict
2020-07-06 10:58:58 +09:00
1af2e5cf02
Fix div implementation in SP int
2020-07-06 08:52:44 +10:00
04d063f2ba
In TLSX_SupportedFFDHE_Set, free TLSX list if TLSX_PopulateSupportedGroups fails
2020-07-05 23:41:50 +02:00
464cd49e45
Supprted TSIP v1.09 for target board GR-ROSE
2020-07-04 23:40:10 +09:00
0e79943a5c
Fix SP int size of result checks
...
sp_lshb: Only put values in extra word id necessary
2020-07-03 09:12:27 +10:00
5f3a287a6a
Added tests to sha256.c for sha224 and sha256.
2020-07-02 14:30:30 -07:00
fd257ee8b9
fix guard
2020-07-03 05:42:44 +09:00
655022cfc5
Merge pull request #3095 from ethanlooney/sixth_branch
...
Added additional tests for curve25519 and fixed a print format error from previous tests.
2020-07-02 10:07:55 -05:00
3efd8a8576
Jenkins fixes
2020-07-02 14:59:07 +02:00
3242fa3669
Fixed formatting, redundant if's and added a comment explaining why a value was chosen.
2020-07-01 16:01:50 -07:00
df9a1a2a0e
revert error peek function
2020-07-01 16:26:38 -06:00
fd79ebfe8d
TLS 1.3 requires chacha and poly1305 for myTicketEncCb
2020-07-01 20:24:50 +02:00
f526a11126
Added additional tests for curve25519 and fixed a print format error from previous tests
2020-07-01 10:19:40 -07:00
a59560a1d5
Added tests to curve25519.c and fixed a print error from previous curve25519 tests
2020-07-01 09:32:03 -07:00
f89686a1ec
Merge pull request #3086 from SparkiDev/sp_c_mod_fix
...
Fix normalization in all SP C divs
2020-07-01 09:02:29 -07:00
eb4b575b3a
Merge pull request #3085 from ethanlooney/fourth_branch
...
API tests for Curve448
2020-06-30 17:24:07 -05:00
4ad904909c
Added a return check
2020-06-30 12:40:20 -07:00
78efb48acf
Added two more tests to hit xmemset lines
2020-06-30 12:40:20 -07:00
b7e682e677
Added more tests to api.c for curve448
2020-06-30 12:40:20 -07:00
94654c7a46
Merge pull request #3062 from TakayukiMatsuo/branch-2
...
Added testcases for wc_curve25519_export_key_xx
2020-06-30 14:27:24 -05:00
e63a80f1af
Use NO_SESSION_CACHE as well in preproc checks
2020-06-30 21:21:43 +02:00
e6746639af
add SSL_SESSION_up_ref and fix for get lib
2020-06-30 13:16:28 -06:00
8d37f57990
Change variable name from Hash to hashAlg
2020-06-30 12:50:26 -06:00
b57cf802eb
Expose session serialization outside of OPENSSL_EXTRA
...
Use `./configure CFLAGS='-DHAVE_EXT_CACHE'` to enable session serialization without `OPENSSL_EXTRA`.
2020-06-30 20:17:21 +02:00
24e10bf4ab
Convert a header file to UTF-8 encoding.
...
The file contained characters from the ISO 8859-1 legacy text
encoding. This commit onverts the file to UTF-8.
2020-06-30 11:14:52 -07:00
970391319b
Add or later verbage to LICENSING and sync header license versions
2020-06-30 12:13:13 -06:00
55985ad1b4
Change Hash union to wc_Hmac_Hash
2020-06-30 12:01:57 -06:00
c39bd55aca
Removed comment, deleted redundent WC_RNG initialization and fixed indentation
2020-06-30 09:32:10 -07:00
2c11f96c9d
Merge pull request #3048 from embhorn/zd10216
...
Override CRL error for NO_VERIFY
2020-06-29 15:35:53 -07:00
4e584595f0
Fix normalization in all SP C divs
2020-06-30 08:32:42 +10:00
e32e206d7c
Added a return check
2020-06-29 12:55:42 -07:00
7fb4a98009
Added two more tests to hit xmemset lines
2020-06-29 09:48:22 -07:00
6745733e2e
Added more tests to api.c for curve448
2020-06-29 09:30:17 -07:00
b6aaedd3b4
Merge pull request #3080 from ethanlooney/second_branch
...
Added additional tests to curve448.c through api.c
2020-06-29 11:21:15 -05:00
7a2384deaf
Merge pull request #3071 from kojo1/user-mutex
...
User defined mutex
2020-06-28 21:45:30 -07:00
14d0b4e7d6
adjust test case
2020-06-26 10:25:50 -06:00
7bd5da70a6
Merge pull request #3066 from kaleb-himes/DOX_UPDATES
...
Update v23 methods to reflect TLSv1.3
2020-06-26 10:59:04 -05:00
1c1ddaa6c2
Added checks to initial returns and free rng
2020-06-25 16:40:38 -07:00
a10500e5a7
Merge pull request #3079 from tmael/sp_mod
...
Correct SP mod calculation
2020-06-26 08:38:07 +10:00
f6d26b4e81
Merge pull request #3072 from kaleb-himes/SANITY_CHECKS
...
ed25519 and ed448 check sigLen against expected
2020-06-26 08:31:55 +10:00
0c7b851bd3
restrict the cert version allowed
2020-06-25 15:45:18 -06:00
e2afbae6aa
Merge pull request #3054 from JacobBarthelmeh/CRL
...
fix for x509 store add crl
2020-06-25 09:52:12 -07:00
26f0a74d29
Merge pull request #3023 from kaleb-himes/GH2998-REWORK
...
cleanup GET messages
2020-06-25 10:22:09 -06:00
73c26c5188
Merge pull request #3078 from dgarske/dup_defines
...
Remove duplicate macros in VS user_settings.h files.
2020-06-25 09:09:30 -07:00
17466727b2
Implement peer review feedback
2020-06-25 09:43:22 -06:00
4dbdfdea08
Merge pull request #3077 from kaleb-himes/ZD10235_CONFIG
...
configure.ac change == to = when not C code
2020-06-25 08:21:01 -07:00
60d6f616c2
Fix typo
2020-06-25 08:06:14 -07:00
a8f5602e10
Correct mod calculation
2020-06-25 08:01:05 -07:00
fe7d9ea7c1
changed RNG to WC_RNG
2020-06-24 15:40:58 -07:00
79981e3cf7
Added additonal tests to curve448.c
2020-06-24 15:40:38 -07:00
86b7f18502
Added additional tests to curve448.c through api.c
2020-06-24 15:40:22 -07:00
a10ee78980
Remove duplicate macros in VS user_settings.h files.
2020-06-24 15:08:49 -07:00
07c5f36d6d
Merge pull request #3068 from SparkiDev/modexp-cr
...
Use temp with mont mul in constant time exptmod
2020-06-24 13:19:06 -07:00
308562e853
configure.ac change == to = when not C code
2020-06-24 13:41:03 -06:00
483b970772
Merge pull request #3061 from embhorn/zd10457
...
Remove multiple defines of GEN_IPADD
2020-06-24 11:33:16 -06:00
fdce5152c5
Address peer feedback
2020-06-24 11:25:12 -06:00
9cd6f92d19
Merge pull request #3058 from JacobBarthelmeh/Certs
...
Fix and test case for malformed name constraint
2020-06-24 10:15:08 -07:00
b8b2f7ef7d
vs build warning fixes
2020-06-24 10:57:31 -06:00
be5648986c
Update TLS 1.3 function Doxygen documentation
...
Give parameters a name in function prototypes.
2020-06-24 12:35:47 +10:00
23ddc1c4c2
Merge pull request #3067 from SparkiDev/tls13-test-fix
...
Cleanup after TLS 1.3 tests
2020-06-23 17:35:48 -06:00
722961f55c
ed25519 and ed448 check sigLen against expected
2020-06-23 17:32:00 -06:00
ec755f8dd9
Override CRL error for NO_VERIFY
2020-06-23 18:09:03 -05:00
582240a84d
Merge pull request #3051 from embhorn/zd10451
...
Sanity check wc_ecc_import_raw x, y, and key
2020-06-24 08:52:10 +10:00
55bb95823c
coding template
2020-06-24 07:31:20 +09:00
8511d07698
store chain is free'd when store is free'd
2020-06-23 15:42:32 -06:00
ae90119af4
remove double free in test case
2020-06-23 14:45:31 -06:00
7cc64377d0
Sanity check wc_ecc_import_raw x, y, and key
2020-06-23 08:54:47 -05:00
1253be0142
Remove user_setting.h and user-mutex.c example files
2020-06-23 17:30:03 +09:00
e8e455bf39
Add section to asm files to avoid exe stack
...
For Linux ELF need a note section for GNU to indicate stack is not
executable.
2020-06-23 11:58:46 +10:00
7c615967a9
Use temp with mont mul in constant time exptmod
...
For cache attack resistance.
2020-06-23 10:45:31 +10:00
392e09c474
Cleanup after TLS 1.3 tests
...
Make sure the server is dead after each test.
Client may not connect to server if cipher suite not supported and
return error as expected.
2020-06-23 09:14:51 +10:00
5b07905818
Merge pull request #3065 from dgarske/sp_revert
...
Fix SP cache resistant build (reverts part of PR 2970)
2020-06-23 08:42:00 +10:00
877b9975eb
Merge pull request #3064 from dgarske/dox_sni
...
Fixes for dox SNI documentation / examples.
2020-06-22 13:38:41 -07:00
180439ca34
Merge pull request #3060 from dgarske/git3059_cryptocell
...
Fixes for CryptoCell
2020-06-22 13:37:37 -07:00
93bd0dbfe1
Merge pull request #2980 from dgarske/psoc6
...
Fix for `WOLFSSL_ALT_CERT_CHAINS` with long chain
2020-06-22 13:36:35 -07:00
646ecb54c2
Update v23 methods to reflect TLSv1.3
2020-06-22 12:04:16 -06:00
a29250e87d
Revert SP changes in https://github.com/wolfSSL/wolfssl/pull/2970 that broke --enable-sp CFLAGS="-DWOLFSSL_SP_CACHE_RESISTANT". This was generated with latest scripts.
2020-06-22 07:56:54 -07:00
6ecb88da47
Fixes for dox SNI documentation / examples.
2020-06-22 07:37:04 -07:00
b88342eeaf
memory handling fixes
2020-06-19 10:08:42 -07:00
22d6774966
Merge pull request #2909 from SKlimaRA/SKlimaRA/crl-and-pkcb
...
ParseCrl fix, GetPrivateKeySigSize moved from client only section and Coverity fixes.
2020-06-19 10:51:50 -06:00
771d60c085
Replaced some hard-tabs with spaces in wc_curve25519_export_key_raw_ex()
2020-06-19 13:40:16 +09:00
6b1a6309ce
Fixes for CryptoCell. Fix for signature wrapper signing to allow larger signing input buffer. Cleanup of some duplicate code. Fix for bad cryptocell ECC make key result check (-9628). Fixes #3059 . Thanks Sylwester.
2020-06-18 13:40:30 -07:00
a5664b5ba9
Remove multiple defines of GEN_IPADD
2020-06-18 15:40:22 -05:00
f8c6c783db
Merge pull request #3047 from SparkiDev/curve448_dox
...
Add Doxygen documentation for Curve448/Ed448
2020-06-18 13:05:59 -07:00
352328348a
For example client "-H verifyFail", which was not setting the verify callback.
2020-06-18 12:54:47 -07:00
823b3d90d8
Add braces around new debug message to avoid compiler warning.
2020-06-18 12:12:28 -07:00
248b8c9b62
Merge pull request #3057 from kaleb-himes/FIPSv2_plus_OPENSSLALL
...
Resolve issues with FIPSv2 when opensslall set
2020-06-18 10:12:06 -07:00
48cd6f36ff
Merge pull request #2967 from dgarske/ecc_null
...
Fixes for ECC key import
2020-06-18 10:10:49 -07:00
1e431e1ade
add test case and fixes from review
2020-06-18 10:57:25 -06:00
667d9ca896
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
efa169e595
Fix for invalid files in include.am. Improvement to new alt-chain tests to catch case this PR fixes.
2020-06-18 08:33:59 -07:00
d70f6b7ede
Fix for tests/test-chains.conf with new intermediate CA.
2020-06-18 08:33:59 -07:00
9be61c61f5
Add alternate chain test case where peer presents chain (INT -> INT2 -> PEER) and only INT2 is loaded as trusted. Update existing alternate chain partial test cases to use INT2. Fix for test suite to allow extra newlines in .test files.
2020-06-18 08:33:59 -07:00
5a5bc34aa5
Added second intermediate CA to testing certs. This creates a chain that looks like: ROOT (www.wolfssl.com) -> INT (wolfSSL Intermediate CA) -> INT2 (wolfSSL Intermediate2 CA) -> PEER (wolfSSL Client Chain / wolfSSL Server Chain).
2020-06-18 08:33:59 -07:00
0ef5a3d00e
Fix for WOLFSSL_ALT_CERT_CHAINS incorrectly failing on success case.
2020-06-18 08:33:59 -07:00
21e0f863b9
Fix for NO_WOLFSSL_SERVER typo.
2020-06-18 08:33:58 -07:00
03c5359fcd
Add session resumption testing for DTLS
2020-06-18 14:18:02 +02:00
b590e06f42
DTLS fixes
...
- `SendFinished` resetting`dtls_expected_peer_handshake_number` should depend on side and if we are resuming a connection
- No need to do a cookie exchange on session resumption
2020-06-18 12:13:52 +02:00
28819bd45e
Made two lines wrap around in test_wc_curve25519_export_key_raw_ex()
2020-06-18 12:25:21 +09:00
a855d6355e
Added cleanup to test_wc_curve25519_export_key_raw_ex
2020-06-18 12:25:21 +09:00
1d98c960cf
Added resetting size info output-buffer before calling export APIs
...
Added resetting size into output-buffer before calling export APIs
2020-06-18 12:24:03 +09:00
13753d56bb
Cleanup in wc_ecc_sign_hash_ex for blinding value to not call free twice (mp_clear already does mp_free).
2020-06-17 17:11:54 -07:00
0fd5eda5af
Fix for test_wolfSSL_DTLS_either_side, which was not properly free'ing in error case. Improves the test shared context logic to make it explicit.
2020-06-17 17:08:09 -07:00
220e2634af
Merge pull request #3056 from dgarske/nullcipher_noaes
...
Fixes for a few build edge cases (async w/o DTLS, null cipher w/o AES)
2020-06-17 16:48:48 -07:00
f20a2de284
Merge pull request #3055 from dgarske/ocsp_resp
...
Fix for possible use of NULL in the OCSP response nonce
2020-06-17 16:45:53 -07:00
3acc31400c
Merge pull request #3053 from SparkiDev/ed448_fixes
...
Fix ED448 calls to use context and correct variable name
2020-06-17 16:41:40 -07:00
dafd35e4c1
remove unused variable
2020-06-17 15:55:08 -06:00
f75659641a
test on malformed name constraint
2020-06-17 14:33:10 -06:00
e2fb4c55b8
Resolve issues with FIPSv2 when opensslall set
2020-06-17 14:03:02 -06:00
3fb432cef8
Fix for building async without DTLS.
2020-06-17 11:20:08 -07:00
81892f4594
Fix for use of WC_MAX_SYM_KEY_SIZE in macro. Fixes build case with --enable-nullcipher --disable-aes.
2020-06-17 11:16:33 -07:00
0a38ab8ac2
Fix for possible use of NULL is the OCSP response nonce. This is optional and may not be provided in the OCSP response and should be skipped if not set in the response. ZD 10475.
2020-06-17 11:00:05 -07:00
82921f8650
fix for x509 store add crl
2020-06-17 11:30:18 -06:00
b1aa903c1b
Merge pull request #3052 from julek-wolfssl/infinite-loop-fuzzer
...
Alert level must be cleared or ProcessReply will loop indefinitely
2020-06-16 18:55:15 -06:00
6bb73fb25d
Fix ED448 calls to use context and correct variable name
...
Added basic test of OpenSSL compatability APIs:
- wolfSSL_ED25519_generate_key
- wolfSSL_ED25519_sign
- wolfSSL_ED25519_verify
- wolfSSL_ED2448_generate_key
- wolfSSL_ED448_sign
- wolfSSL_ED448_verify
2020-06-17 10:05:50 +10:00
90caeaf925
Alert level must be cleared or ProcessReply will loop indefinitely
2020-06-16 23:21:54 +02:00
7c6dccd4a0
Merge pull request #3038 from embhorn/zd10457
...
Unused var error
2020-06-16 14:10:54 -06:00
7a15639927
Add Doxygen documentation for Curve448/Ed448
...
Update Curve25519/Ed25519 Doxygen documentation too.
Make public key is a public API - check pubKey pointer is not NULL.
2020-06-16 22:16:13 +10:00
b9f13dba61
Merge pull request #3030 from TakayukiMatsuo/usertime
...
ASN1_TIME_new in correct macro condition
2020-06-15 17:49:44 -05:00
aa7168df0b
Merge pull request #3045 from SparkiDev/aes_small_fix
...
AES small table fix
2020-06-15 14:19:09 -07:00
096d0073ef
Merge pull request #3043 from dgarske/renesas_ra6m3
...
Renesas requested name change to "RA6M3"
2020-06-15 14:18:19 -07:00
9d932d09bf
Merge pull request #3042 from dgarske/xcode_updates
...
Updates to Xcode projects to add new files / features
2020-06-15 14:16:14 -07:00
74098340ff
Merge pull request #3031 from dgarske/stm32cubeide
...
Adding STM32CubeIDE support
2020-06-15 14:14:43 -07:00
f020b0f24a
add check on decode subtree return value
2020-06-15 14:41:05 -06:00
3f344b7d89
AES small table fix
...
Symbol not needed when only compiling AES algorithms (AES-GCM, AES-CCM,
AES-CTR) not using AES decrypt.
Allow AES-CCM to be compiled without AES-GCM.
2020-06-15 14:46:39 +10:00
8ff1b474bc
Tentative: User defined mutex
2020-06-14 07:12:13 +09:00
baaf741c79
Merge pull request #3037 from JacobBarthelmeh/CSharp
...
add peer certificate print to callback with C#
2020-06-12 13:32:50 -07:00
1e07563411
Merge pull request #2984 from julek-wolfssl/dtls-scr
...
Add secure renegotiation to DTLS 1.2
2020-06-12 11:22:55 -07:00
6166902f66
Merge pull request #2990 from julek-wolfssl/fix-leak
...
Fix leak in SetIndividualInternal
2020-06-12 11:17:40 -07:00
4c2dee77d8
Merge pull request #3028 from julek-wolfssl/CRYPTO_memcmp
...
Implement CRYPTO_memcmp
2020-06-12 11:16:18 -07:00
eea22eb65d
Renesas requested name change to "RA6M3".
2020-06-12 10:58:20 -07:00
d43d75bf81
Updates to xcode projects to add new files.
...
Ran updated iPhone X benchmarks:
```
RNG 330 MB took 1.010 seconds, 326.879 MB/s
AES-128-CBC-enc 920 MB took 1.005 seconds, 915.507 MB/s
AES-128-CBC-dec 6095 MB took 1.000 seconds, 6092.130 MB/s
AES-192-CBC-enc 820 MB took 1.000 seconds, 819.644 MB/s
AES-192-CBC-dec 4860 MB took 1.001 seconds, 4855.794 MB/s
AES-256-CBC-enc 710 MB took 1.005 seconds, 706.419 MB/s
AES-256-CBC-dec 3935 MB took 1.001 seconds, 3930.830 MB/s
AES-128-GCM-enc 1245 MB took 1.003 seconds, 1241.589 MB/s
AES-128-GCM-dec 575 MB took 1.001 seconds, 574.547 MB/s
AES-192-GCM-enc 1235 MB took 1.001 seconds, 1234.343 MB/s
AES-192-GCM-dec 570 MB took 1.003 seconds, 568.521 MB/s
AES-256-GCM-enc 1230 MB took 1.003 seconds, 1226.034 MB/s
AES-256-GCM-dec 570 MB took 1.001 seconds, 569.199 MB/s
3DES 10 MB took 1.386 seconds, 7.213 MB/s
MD5 95 MB took 1.037 seconds, 91.629 MB/s
SHA 80 MB took 1.013 seconds, 78.943 MB/s
SHA-256 1625 MB took 1.000 seconds, 1624.565 MB/s
SHA3-224 60 MB took 1.010 seconds, 59.399 MB/s
SHA3-256 60 MB took 1.073 seconds, 55.921 MB/s
SHA3-384 45 MB took 1.042 seconds, 43.195 MB/s
SHA3-512 35 MB took 1.164 seconds, 30.063 MB/s
HMAC-MD5 95 MB took 1.044 seconds, 91.014 MB/s
HMAC-SHA 80 MB took 1.007 seconds, 79.480 MB/s
HMAC-SHA256 1705 MB took 1.001 seconds, 1703.126 MB/s
RSA 2048 public 32800 ops took 1.003 sec, avg 0.031 ms, 32716.405 ops/sec
RSA 2048 private 1200 ops took 1.041 sec, avg 0.868 ms, /33 ops/sec
DH 2048 key gen 2354 ops took 1.000 sec, avg 0.425 ms, 2353.254 ops/sec
DH 2048 agree 2500 ops took 1.013 sec, avg 0.405 ms, 2467.525 ops/sec
ECC 256 key gen 46503 ops took 1.000 sec, avg 0.022 ms, 46502.069 ops/sec
ECDHE 256 agree 14100 ops took 1.005 sec, avg 0.071 ms, 14034.697 ops/sec
ECDSA 256 sign 29600 ops took 1.003 sec, avg 0.034 ms, 29500.554 ops/sec
ECDSA 256 verify 11000 ops took 1.007 sec, avg 0.092 ms, 10921.516 ops/sec
```
2020-06-12 10:39:26 -07:00
f30eb0197b
Merge pull request #3032 from JacobBarthelmeh/PKCS12
...
fix error checking when parsing a PKCS12 DER into an internal structure
2020-06-12 09:57:40 -07:00
2b5ed1564c
add error function and print out
2020-06-12 09:45:23 -07:00
0f36cdf066
Unused var error
2020-06-12 10:43:01 -05:00
cab8dd3731
Ignore duplicate or out of order CCS message
...
Init variables since compiler complains they might be used without initialization.
2020-06-12 12:27:48 +02:00
ac028e551d
Code Review
2020-06-12 11:36:43 +02:00
69802ed1a9
Missing ssl->heap in FreeBuildMsgArgs
2020-06-12 11:36:43 +02:00
3980d6117d
Fix Jenkins
2020-06-12 11:36:43 +02:00
01b446f469
Fix SessionTicket length in unencrypted case
2020-06-12 11:36:43 +02:00
f2d2dadc89
ASYNC: Fix issues with TLS and DTLS
2020-06-12 11:36:43 +02:00
eb7a49a1d7
ASYNC: Working TLS SCR
2020-06-12 11:36:43 +02:00
a7c4d88876
ASYNC: Working AES128-SHA
2020-06-12 11:36:43 +02:00
7b604ad714
WIP
2020-06-12 11:36:43 +02:00
73105305cf
WIP
2020-06-12 11:36:43 +02:00
a107688891
Fix asynchronous DTLS issue
2020-06-12 11:36:43 +02:00
d88f6f1156
DTLS test cases
2020-06-12 11:36:43 +02:00
4e60e4b3b7
DTLS Message Grouping
...
Flush output buffer when we suspect that the grouped messages may exceed MTU.
2020-06-12 11:36:43 +02:00
d2542dcf38
Restore StoreKeys functionality for TLS case
2020-06-12 11:36:43 +02:00
c2ca9f614e
Jenkins tests fixes
2020-06-12 11:36:43 +02:00
eb910a64d0
Comments and formatting
2020-06-12 11:36:43 +02:00
651a7a97b9
Add secure renegotiation to DTLS 1.2
...
- Hash of fragmented certificate was not calculated as a single message and instead we were hashing individual fragments which produced the wrong digest, shared secret, etc...
- Reset handshake number after server Finished packet is sent or received (depending on side)
- Reserve space in buffer for cipher stuff
- Take `DTLS_RECORD_EXTRA` and `DTLS_HANDSHAKE_EXTRA` into size and offset calculations for DTLS path
- Fix renegotiation in DTLS with AES128-SHA
- Fix renegotiation in DTLS with AES-GCM
- Support HelloVerify request during secure renegotiation
- Save renegotiation handshake messages for retransmission in timeout
- Handle cipher parameters from different epochs. DTLS may need to resend and receive messages from previous epochs so handling different sets of encryption and decryption parameters is crucial.
2020-06-12 11:36:43 +02:00
255cc016b3
Merge pull request #3034 from kaleb-himes/FORUM_DSA_ISSUE
...
Seperate QT and DSA dependencies
2020-06-11 15:40:12 -07:00
ad7e636e34
Adds STM32H7 support. Tested on NUCLEO-H753ZI board.
...
STM32H753ZI at 480MHz
```
Running wolfCrypt Benchmarks...
------------------------------------------------------------------------------
wolfSSL version 4.4.1
------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 250 KB took 1.047 seconds, 238.777 KB/s
AES-128-CBC-enc 4 MB took 1.004 seconds, 3.623 MB/s
AES-128-CBC-dec 4 MB took 1.004 seconds, 3.623 MB/s
AES-192-CBC-enc 4 MB took 1.000 seconds, 3.613 MB/s
AES-192-CBC-dec 4 MB took 1.000 seconds, 3.613 MB/s
AES-256-CBC-enc 4 MB took 1.000 seconds, 3.613 MB/s
AES-256-CBC-dec 4 MB took 1.000 seconds, 3.613 MB/s
AES-128-GCM-enc 3 MB took 1.004 seconds, 3.380 MB/s
AES-128-GCM-dec 3 MB took 1.004 seconds, 3.356 MB/s
AES-192-GCM-enc 3 MB took 1.004 seconds, 3.380 MB/s
AES-192-GCM-dec 3 MB took 1.003 seconds, 3.359 MB/s
AES-256-GCM-enc 3 MB took 1.000 seconds, 3.369 MB/s
AES-256-GCM-dec 3 MB took 1.004 seconds, 3.356 MB/s
CHACHA 850 KB took 1.020 seconds, 833.333 KB/s
CHA-POLY 650 KB took 1.015 seconds, 640.394 KB/s
POLY1305 4 MB took 1.004 seconds, 4.037 MB/s
SHA-256 3 MB took 1.004 seconds, 3.088 MB/s
HMAC-SHA256 3 MB took 1.004 seconds, 3.015 MB/s
RSA 2048 public 78 ops took 1.023 sec, avg 13.115 ms, 76.246 ops/sec
RSA 2048 private 4 ops took 1.682 sec, avg 420.500 ms, 2.378 ops/sec
DH 2048 key gen 6 ops took 1.165 sec, avg 194.167 ms, 5.150 ops/sec
DH 2048 agree 6 ops took 1.165 sec, avg 194.167 ms, 5.150 ops/sec
ECC 256 key gen 96 ops took 1.004 sec, avg 10.458 ms, 95.618 ops/sec
ECDHE 256 agree 50 ops took 1.027 sec, avg 20.540 ms, 48.685 ops/sec
ECDSA 256 sign 64 ops took 1.000 sec, avg 15.625 ms, 64.000 ops/sec
ECDSA 256 verify 32 ops took 1.039 sec, avg 32.469 ms, 30.799 ops/sec
Benchmark complete
Benchmark Test: Return code 0
```
2020-06-11 15:17:29 -07:00
3b86a4db20
Adding STM32CubeIDE support (and deprecation of OpenSTM32).
...
* Updated example to add support for CMSIS v2 and static memory.
* Improved example to support more build options.
* Added support for detecting Cube HAL and including `wolfSSL.wolfSSL_conf.h`.
2020-06-11 14:45:17 -07:00
d97c23edd8
set dynamic flag
2020-06-11 12:46:21 -07:00
6af052faae
add peer certificate print to callback
2020-06-11 10:57:26 -07:00
cc13c9f062
Merge pull request #3035 from ejohnstown/changelog
...
Fix changelog error
2020-06-11 10:19:10 -05:00
29bdc7d8b5
Merge pull request #3015 from tmael/cov-fix
...
Coverity fix in wolfSSL 4.4.0
2020-06-10 17:07:47 -07:00
f7c233af9c
Fix error in the changelog. AES-CTR with AES-NI wasn't actually added.
2020-06-10 15:15:11 -07:00
d5577c9404
Explicit convert
2020-06-10 18:43:27 +02:00
2fe08e1951
Update comment
...
Thanks @dgarske, great catch!
2020-06-09 17:10:57 -06:00
80e888c1c8
Seperate QT and DSA dependencies
2020-06-09 16:47:35 -06:00
fb51a2298e
Merge pull request #3019 from kaleb-himes/ZD10380
...
init components as best practice
2020-06-09 17:23:55 -05:00
e993cb6cc0
Merge pull request #2942 from dgarske/tls13_on
...
Enable TLS v1.3 by default
2020-06-09 13:30:02 -07:00
48783c1982
Merge pull request #2996 from dgarske/stm32hal
...
Fixes and improvements for STM32 crypto hardware
2020-06-09 13:24:27 -07:00
c023efb2aa
Merge pull request #3025 from JacobBarthelmeh/Compatibility-Layer
...
fix macro to match *_FLAGS_*
2020-06-09 13:19:29 -07:00
7a7bfce565
Merge pull request #3026 from cconlon/selftestfixes
...
Fix warnings with NetBSD gcc compiler
2020-06-09 13:18:44 -07:00
ef742c4a42
Merge pull request #3027 from danielinux/psoc6_crypto
...
Cypress PSoC6 wolfcrypt driver
2020-06-09 13:17:37 -07:00
8fc908989a
Merge pull request #3029 from SparkiDev/aes-ccm-fix
...
Fix optimized AES-CCM - counter
2020-06-09 13:13:42 -07:00
3a430522da
fix error checking when parsing a PKCS12 DER into an internal structure
2020-06-08 14:23:40 -06:00
72360dee38
Also bring over openSSL headers
2020-06-08 11:39:06 -06:00
8b6b54603f
Add STM32WB55 crypto hardware support for AES.
2020-06-08 08:48:59 -07:00
28913a276f
Include GCM in latest FIPS and Windows build
2020-06-08 08:38:59 -07:00
5837c70e99
Support for STM32L5 PKA ECC sign/verify acceleration.
2020-06-08 08:37:55 -07:00
16c0160e63
Added support for STM32L5.
2020-06-08 08:37:55 -07:00
21a34bde8c
Fix whitespace.
2020-06-08 08:37:55 -07:00
6f82f15d1b
Performance improvements for STM32 AES CBC and GCM crypto hardware.
...
* AES CBC:
- Do all blocks, not just one at a time.
* AES GCM:
- Use local stack for authentication header if < block size.
- Use hardware GHASH for all authentication header sizes.
Tested with STM32F437II (old/new Cube HAL/StdPeriLib), STM32F777ZI (CubeMX) and STM32L4A6ZG (CubeMX).
2020-06-08 08:37:55 -07:00
efe9da0994
Fix for STM32 crypto hash with WOLFSSL_SMALL_STACK_CACHE possible free of invalid pointer.
2020-06-08 08:37:55 -07:00
dff7c0fcfa
Fix for hardware mutex protection in case where STM32 hardware acceleration is used for RNG or HASH only.
2020-06-08 08:37:55 -07:00
42ee313286
Fix for using WOLFSSL_SMALL_STACK_CACHE with STM32 SHA256 hardware acceleration.
2020-06-08 08:37:55 -07:00
8791573dfe
Fix for building with NO_PUBLIC_GCM_SET_IV when ChaCha20/Poly1305 is enabled. Cleanup use of not used STD_PERI_LIB.
2020-06-08 08:37:54 -07:00
b883617c0d
Moved wolfSSL_ASN1_TIME_new() to under #ifndef NO_ASN_TIME condition
2020-06-08 14:10:20 +09:00
d543e305f1
Fix optimized AES-CCM - counter
...
AES-NI optimized 4 block at a time was not incrementing counter
poprerly.
2020-06-08 10:48:19 +10:00
3af4316cfd
Fix for session test with TLS v1.3 and session tickets not enabled. Cleanups in AddSession.
2020-06-05 13:33:03 -07:00
fb5c9e5268
Adjust static memory case with TLS v1.3 enabled.
2020-06-05 11:11:23 -07:00
3b8455fcd0
Fix for building without ECC and DH (TLS v1.3 cannot be enabled).
2020-06-05 10:26:32 -07:00
a75f83c9f2
Implement CRYPTO_memcmp
2020-06-05 16:44:12 +02:00
254dd9f823
Added new files to include.am
2020-06-05 15:28:49 +02:00
76ab8bfb6b
Added psoc6 ECDSA verification support
2020-06-05 11:30:29 +02:00
b1947478bb
Added support for SHA512 via psoc6 crypto
2020-06-05 11:30:29 +02:00
82520572b0
Initial support for psoc6_crypto (sha256 only)
2020-06-05 11:30:29 +02:00
dffc677561
Fix for TLS v1.3 with --enable-sniffer.
2020-06-04 16:42:40 -07:00
7879e83ae0
Fixes for building with ./configure --enable-tls13 --disable-rsa --disable-ecc --enable-psk. Fix to properly detect if missing a asymmetric key algorithm (required by TLS v1.3).
2020-06-04 16:31:19 -07:00
1d01b87741
Fix to detect if NO_CERTS / --disable-asn is used in scripts/tls13.test.
2020-06-04 16:08:08 -07:00
66fdc2c536
Disable TLS v1.3 if none of these are available "ECC, CURVE25519, CURVE448 or DH".
2020-06-04 15:31:19 -07:00
93be04f380
Can't send empty list for the client when sniffer is enabled or it will use AES128-SHA.
2020-06-04 15:31:18 -07:00
ad93813d75
Fix for expected failure case on client write. Resolves test-fails.con server TLSv1.3 fail on no client certificate test.
2020-06-04 15:31:18 -07:00
d4fdd1e590
Fix for TLS v1.3 test PSK callback to support cipher list. Add support for GetCipherSuiteFromName to accept a name ending with colon.
2020-06-04 15:31:18 -07:00
3b63e55a68
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just TLS13-AES128-GCM-SHA256) and the echo server/client.
2020-06-04 15:31:18 -07:00
8823a581d0
Add PSK user context support (Fixes #2952.).
2020-06-04 15:31:18 -07:00
0228d1eeea
Cleanups for the TLS v1.3 build requirements. Add check for TLS v1.3 call to EncodeSigAlg.
2020-06-04 15:31:18 -07:00
ab2afbd37b
Allow the TLS 13 draft 18 build option and just use the final version. This allows the automated test scripts to pass.
2020-06-04 15:31:18 -07:00
4d8cf5b571
Fixes for building TLSv1.3 with FIPS v1 (no RSA PSS or HKDF).
2020-06-04 15:31:18 -07:00
8300754ecd
Fix for "testsuite" with TLSv1.3 and --enable-sniffer.
2020-06-04 15:31:18 -07:00
ba8227bcf7
Fix for building TLS v1.3 with NO_WOLFSSL_CLIENT.
2020-06-04 15:31:18 -07:00
b417a76613
Fixes for build TLS v1.3 with NO_CERTS.
2020-06-04 15:31:18 -07:00
093d9981fb
Disable fast-rsa if RSA PSS is enabled (not supported).
2020-06-04 15:31:18 -07:00
cd1c2d5fae
Enable TLS v1.3 by default. Remove old TLS v1.3 draft build support.
2020-06-04 15:31:18 -07:00
ca9dc7d509
Fix for wc_ecc_import_unsigned failing if first private key byte is zero ( Fixes #2950 ). Fix wc_ecc_is_point to return better code IS_POINT_E on failure (was returning -1). Improved ECC import API unit tests. Added WOLFSSL_VALIDATE_ECC_IMPORT and WOLFSSL_VALIDATE_ECC_KEYGEN to --enable-all.
2020-06-04 15:25:56 -07:00
3529d9a40d
Merge pull request #3016 from kaleb-himes/FIPSv2-MAINTENANCE
...
New OpenSSL features relying on changes in module files must account for locked FIPS versions of those files
2020-06-04 15:08:17 -07:00
976db2545d
Merge pull request #3007 from embhorn/zd10318
...
Fix OOB access in ParseCRL
2020-06-04 13:11:59 -06:00
23d1550439
Merge pull request #2989 from julek-wolfssl/openvpn
...
Additional OpenSSL compat layer stuff
2020-06-04 11:57:55 -07:00
b48699c1f0
Merge pull request #3022 from cconlon/jnisni
...
enable SNI by default for JNI/JSSE build
2020-06-04 11:07:56 -07:00
79465d70f7
Merge pull request #3020 from SparkiDev/tls13_psk_cr
...
TLS 1.3: Never send CertiifcateRequest when PSK
2020-06-04 11:07:22 -07:00
c8b87eab5f
fix macro to match *_FLAGS_*
2020-06-04 11:53:46 -06:00
27f37df0e0
Update arduino script to reflect includes of inline files
2020-06-04 09:50:47 -06:00
2285071fbc
Use old convention, consolidate assignments
2020-06-04 09:34:49 -06:00
923fc30043
Change to memcpy
2020-06-03 17:36:40 -06:00
8c3f7a77ca
cleanup GET messages
2020-06-03 16:53:36 -06:00
5a4d84ecad
Consolidate to one-line where possible
2020-06-03 16:19:34 -06:00
c3407e2052
Merge pull request #3004 from SparkiDev/asn1_int_lead_0_any
...
Define to allow badly formed ASN integers
2020-06-03 14:55:04 -07:00
4ddbe546a3
Merge pull request #2993 from dgarske/math_fixes
...
Improvements around the ECC max bits calculation
2020-06-03 14:53:51 -07:00
4b10f6aa03
Update from review
2020-06-03 15:56:46 -05:00
0b9d06e529
return value from FailTestCallBack to prevent NetBSD noreturn warning
2020-06-03 14:45:31 -06:00
d000ceb495
Resolve Warnings
2020-06-03 13:42:37 -07:00
cafcaa4181
enable SNI by default for JNI/JSSE build
2020-06-03 14:24:10 -06:00
504b887851
fix NetBSD warnings in ASN1_INTEGER_set() tests around int max/min
2020-06-03 14:14:43 -06:00
1c1a01fffe
rename dup to resolve NetBSD global shadow warnings
2020-06-03 14:11:12 -06:00
d220168384
Merge pull request #3017 from kojo1/supplicant-error
...
alertWhy: unknown_ca for ASN_NO_SIGNER_E
2020-06-03 10:44:31 -05:00
6176f8537f
Typecast to fix conversion loses
2020-06-02 22:06:14 -07:00
0d1ed9efc7
TLS 1.3: Never send CertiifcateRequest when PSK
...
Server must not send a CertificateRequest when authenticating with a
PSK.
Increase the max size of the signature algorithms as ED448 has been
added.
2020-06-03 12:48:31 +10:00
d5241bbcc6
Coverity fix
2020-06-02 15:35:27 -07:00
8cd92f68f2
init components as best practice
2020-06-02 14:28:50 -06:00
dc1472692a
Merge pull request #3011 from dgarske/nomalloc
...
Fixes for using static memory with no malloc
2020-06-02 11:46:29 -07:00
c7331fa699
Merge pull request #3008 from embhorn/zd10320
...
Fix possible NULL dereference error in TLSX_SecureRenegotiation_Parse
2020-06-02 11:13:17 -07:00
6ab5f2d9d7
remove unused variables
2020-06-01 17:56:03 -06:00
0604e7d208
no priv or pub in dhKey struct in FIPS
2020-06-01 17:36:27 -06:00
bc02f2c74e
Revert GCM_NONCE_MID_SZ changes
2020-06-01 17:13:23 -06:00
6217118ee4
Account for unmodifiable FIPS module files when adding new OpenSSL functionality
2020-06-01 16:28:32 -06:00
5bcd121ab5
alertWhy: unknown_ca for ASN_NO_SIGNER_E
2020-06-02 05:54:16 +09:00
b947f69f60
Fix to correct SP 4096-bit enable. Correct nonexistent WOLFSSL_SP_NO_4096, which should be WOLFSSL_SP_4096.
2020-06-01 10:49:08 -07:00
bfe1760c17
Improvements to the ECC max bits calculation used with fast math (USE_FAST_MATH and ALT_ECC_SIZE). Updated example code comments to reflect accurate calculation.
2020-06-01 10:48:52 -07:00
9c73a4bdbc
Merge pull request #3009 from embhorn/zd10358
...
Fix OOB access in RsaUnPad
2020-06-01 09:29:10 -07:00
aeefc09579
Merge pull request #3013 from miyazakh/fix_espidf_buildfail
...
fix build failrue on esp-idf
2020-06-01 09:56:29 -06:00
5f783f0198
fix build failrue on esp-idf
2020-05-30 15:19:37 +09:00
63a1ccda9b
Merge pull request #3012 from SparkiDev/ecc_mulmod_fix
...
Fix ecc mulmod to only do one more bit than modulus len
2020-05-29 13:07:18 -07:00
2ee8f335b7
Merge pull request #2992 from SparkiDev/tls13_enc_alert_2
...
Actually make TLS 1.3 alerts encrypted when possible
2020-05-29 13:04:49 -07:00
2eb9e05518
Fix ecc mulmod to only do one more bit than modulus len
2020-05-29 11:21:37 +10:00
e498e07390
Merge pull request #3005 from cconlon/608a
...
ATECC608A improvements for use with Harmony 3 and PIC32MZ
2020-05-28 16:10:39 -07:00
10a1cad2dc
Fix for TFM _fp_exptmod_nct with WOLFSSL_NO_MALLOC.
2020-05-28 15:15:52 -07:00
fd51eecb4f
Fix for using signature wrapper with WOLFSSL_NO_MALLOC. Improve wc_SignatureVerifyHash to use RSA verify inline.
2020-05-28 15:12:01 -07:00
7ce7d244f8
Fix for using static memory AES GCM test.
2020-05-28 15:12:01 -07:00
5962931b21
Merge pull request #2947 from SparkiDev/tls13_integ_fix
...
Fix TLS 1.3 integrity only for interop
2020-05-28 13:48:43 -07:00
5360783d7e
Merge pull request #3003 from JacobBarthelmeh/Testing
...
fix for gcc 10+ error on snprintf
2020-05-28 13:28:30 -07:00
233a5ca6b8
Fix OOB access
2020-05-28 14:14:19 -05:00
4e8f5fce66
Fix NULL dereference error
2020-05-28 12:17:29 -05:00
91fb6216a9
Fix OOB access
2020-05-28 09:39:44 -05:00
99d8be4f4d
Merge pull request #3002 from ejohnstown/bump-minor-ver
...
Bump Patch Version
2020-05-27 21:09:38 -07:00
3fec01c0aa
Actually make TLS 1.3 alerts encrypted when possible
...
Pervious fix didn't work.
This time, if TLS 1.3 and encryption is on then it will encrypt the
alert.
2020-05-28 10:57:33 +10:00
8dee048b04
Define to allow badly formed ASN integers
...
Define: WOLFSSL_ASN_INT_LEAD_0_ANY
Allows positive integers to have a leading 0 byte.
DER/BER encoding specifies that leding 0 only on negative numbers
(highest bit of first octet set).
2020-05-28 08:50:21 +10:00
896fcd9aec
add WOLFSSL_ATECC6088A, Trust&GO support, PIC32 HAL compatibility, 608A expansions
2020-05-27 16:49:29 -06:00
8ebd121cac
add extern prototype for PIC32 pic32_time()
2020-05-27 16:46:40 -06:00
d8a6d16f72
add MICROCHIP_TCPIP_BSD_API for using Microchip TCP/IP with BSD API
2020-05-27 16:46:40 -06:00
b8e1fe666b
include errno.h with MICROCHIP_PIC32 for GetLastError use
2020-05-27 16:46:40 -06:00
1cc9a8ffbf
Merge pull request #3001 from DKubasekRA/DKubasekRA-fix-ctMask16LT
...
Reverted comparison in ctMask16LT
2020-05-28 08:24:48 +10:00
8e9f518caa
fix for gcc 10+ error on snprintf
2020-05-27 16:20:39 -06:00
19fba3648c
Bump Patch Version
...
1. Increase the patch level of the version number in configure.ac.
2. Added a template for the next version in ChangeLog.md.
3. Bumped version.h.
2020-05-27 10:11:58 -07:00
5ef738855c
Reverted comparison in ctMask16LT
2020-05-27 10:43:36 +02:00
e388885407
Merge pull request #2997 from kaleb-himes/ZD10356
...
Fix a seg fault when cert not loaded prior to key check
2020-05-26 16:19:43 -07:00
c5ebf23c25
Merge pull request #2994 from JacobBarthelmeh/Xilinx
...
add additional sanity check on pointer before free
2020-05-26 16:18:58 -07:00
5179503e8f
Merge pull request #2995 from julek-wolfssl/va-copy-check
...
Enable wolfSSL_BIO_vprintf on Windows
2020-05-26 08:58:05 -07:00
eed5943b6f
Fix TLS 1.3 integrity only for interop
...
Make key size the size of the digest.
2020-05-25 16:02:53 +10:00
165fce7c57
Merge pull request #2988 from miyazakh/peakmem
...
added WOLFSSL_LEAVE for measuring peak memory script
2020-05-22 15:37:30 -06:00
53d2a17b43
Fix a seg fault when cert not loaded prior to key check
2020-05-22 15:03:11 -06:00
de61a8e5d3
Enable wolfSSL_BIO_vprintf on Windows
...
Enable wolfSSL_BIO_vprintf use with WOLFSSL_BIO_MEMORY and WOLFSSL_BIO_SSL on Windows with the HAVE_VA_COPY flag
2020-05-21 19:41:40 +02:00
d27c023dd9
Merge pull request #2983 from dgarske/stm_stdperilib
...
Fixes for building with STM32 StdPeriLib and CubeMX
2020-05-21 10:39:36 -07:00
cd1a50bfb6
add additional sanity check on pointer before free
2020-05-21 11:19:17 -06:00
a67e1fc2ad
Fix implicit conversions
2020-05-21 13:20:42 +02:00
70c55ce30a
Set offset in cipher struct
2020-05-21 12:51:23 +02:00
986c8f351c
Fix leak in SetIndividualInternal
...
SetIndividualInternal should not do mp_init on mpi since it should have been zero'ed during allocation and if it isn't zero'ed then it must mean that memory has already been allocated to it
2020-05-20 20:34:45 +02:00
363b9528af
Fix for STM32 AES only (L4) AES Decrypt Direct (ECB).
2020-05-20 11:23:14 -07:00
de4d2e6436
Fix for CubeMX HAL headerSize (older CubeMX HAL uses actual bytes, not multiple of 32-bit). Fix for GMAC case in STM32_CRYPTO_AES_ONLY.
2020-05-20 10:49:26 -07:00
a6f5bc84e6
Merge pull request #2987 from JacobBarthelmeh/Xilinx
...
Update for RSA calls to Xilsecure
2020-05-20 09:03:52 -07:00
516f329f23
Merge pull request #2975 from JacobBarthelmeh/Testing
...
init FP mutex on wolfCrypt init
2020-05-20 09:01:46 -07:00
19848076ec
Merge pull request #2986 from kaleb-himes/ZD9610_REPORT2
...
Fix building with openssl extra x509 small writes to heap without alloc
2020-05-20 08:10:43 -07:00
5f7832909b
BIO_new_mem_buf with negative len should take strlen of buf as len
2020-05-20 16:55:16 +02:00
4a85bf8108
Additional OpenSSL compat layer stuff
...
- Add X509_get0_notBefore and X509_get0_notAfter
- Implement EVP_PKEY_get0_DSA and DSA_bits
- OpenSSL_version now prints "wolfSSL $VERSION"
- Remove define guards in `wolfSSL_internal_get_version` as all protocols are defined regardless in `wolfssl/internal.h`and this function just returns the string description of the protocol
2020-05-20 16:55:16 +02:00
d09b947478
update for test case and sha3
2020-05-19 19:27:38 -06:00
03ed495f84
free temporary buffer
2020-05-19 19:27:29 -06:00
6a7a8fa5b7
updated RSA calls to Xilsecure
2020-05-19 19:27:21 -06:00
2033be9aed
Fixes for building against older STM32 CubeMX HAL.
2020-05-19 17:42:36 -07:00
13e6462ea7
Fixes for build with STM32 Standard Periperal Library (StdPeriLib).
2020-05-19 17:42:36 -07:00
99ebae9f7c
Merge pull request #2985 from cconlon/iarwarn
...
fix minor IAR warnings in test.c
2020-05-19 16:42:47 -07:00
08c02b037c
Fix building with openssl extra x509 small writes to heap without alloc
2020-05-19 17:12:36 -06:00
0af4e76c40
Merge pull request #2978 from SparkiDev/curve448_cast
...
Curve448 - cast down
2020-05-19 15:55:32 -07:00
7901f74d0b
Merge pull request #2977 from SparkiDev/tlsx_ks_ecc_fix
...
KeyShare ECC shift index range check
2020-05-19 15:49:41 -07:00
754c96965a
Merge pull request #2974 from SparkiDev/tls13_enc_alert
...
If encryption setup, TLS 1.3 alerts encrypted
2020-05-19 15:48:54 -07:00
9efd9afdfb
fix minor IAR warnings in test.c
2020-05-19 14:12:13 -06:00
45def39c18
Merge pull request #2972 from ejohnstown/portability
...
Script Portability
2020-05-18 14:53:27 -07:00
ba9fd89314
Script Portability
...
1. The openssl interop test script should check that it should run before
doing anything else.
2. The process to create a random port number was using a non-portable
option to the head command. Changed to use the od tool reading from
/dev/random.
3. Ran into a sed that doesn't use the -i option, so changed it to cp its
own bak file and sed from that.
2020-05-18 09:04:41 -07:00
adb3bdd26e
Curve448 - cast down
2020-05-18 09:07:20 +10:00
5b918f7ace
KeyShare ECC shift index range check
2020-05-18 08:49:38 +10:00
c4fee4ce38
Merge pull request #2969 from julek-wolfssl/fix-lut-cache
...
Fix LUT cache implementation
2020-05-15 15:15:18 -07:00
b615dbe9d5
add additional FP_ECC lock sanity check for case where wolfCrypt_Init is not called
2020-05-15 11:50:05 -06:00
684654cd25
Merge pull request #2962 from tmael/fips_solaris
...
FIPS on Solaris
2020-05-15 10:15:09 -07:00
bdddb00ebc
Merge pull request #2973 from kaleb-himes/FIPS-OE6
...
for OE6 sp_arm32.c asm code is inlined in rsa.c and ecc.c
2020-05-14 10:55:54 -07:00
91bfa31f70
Merge pull request #2968 from dgarske/stm32_hal_v2
...
Fixes for STM32 CubeMX HAL with AES GCM
2020-05-14 10:55:04 -07:00
fbfb28d5ee
Merge pull request #2926 from SparkiDev/tls13_failnocert
...
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-05-14 10:53:18 -07:00
f894d4c0d2
FIPS on Solaris
2020-05-14 10:11:54 -07:00
24634a02c9
Fix comment
2020-05-14 10:54:45 +02:00
88b8ea04f6
Merge pull request #2971 from SparkiDev/sp_cortexm_comment
...
Fix SP Cortex-M ASM comments
2020-05-13 16:30:14 -07:00
902e3a2d97
Merge pull request #2970 from SparkiDev/sp_arm32_divw
...
Fix div word in SP ARM32
2020-05-13 16:29:31 -07:00
6f750c07b5
Merge pull request #2964 from SparkiDev/tls13down_tls12
...
Only check downgrade when TLS 1.2 and no flag set
2020-05-13 16:25:02 -07:00
1876fe1c22
init FP mutex on wolfCrypt init
2020-05-13 13:59:35 -07:00
0295b5ae3b
If encryption setup, TLS 1.3 alerts encrypted
2020-05-13 16:14:47 +10:00
57756bfa8d
Remove unused 4096-bit functions
2020-05-13 10:23:05 +10:00
9a8fc94181
for OE6 sp_arm32.c asm code is inlined in rsa.c and ecc.c
2020-05-12 16:28:39 -06:00
778b5dd9d5
Fixes for STM32 CubeMX HAL with AES GCM. Fix AES GCM authentication header size, which expects size as number of 32-bit values. Fix the authentication size round up logic. Fix to use software for authentication tag if authentication data size is not multiple of 4. Fix to ensure 32-bit aligned buffers are used.
2020-05-12 08:27:43 -07:00
786e21b107
Fix SP Cortex-M ASM comments
2020-05-12 23:28:39 +10:00
479b54e78e
Fix div word in SP ARM32
2020-05-12 23:14:57 +10:00
3d2cbdd3e8
Fix LUT cache implementation
...
- Make sure that the cache is actually set (and not just depend on the LRU_count)
- test_wolfSSL_EC should also be run without ECC_SHAMIR
2020-05-12 13:48:59 +02:00
6c9a0e440e
Merge pull request #2959 from dgarske/wpas_tiny
...
Added wpa_supplicant support with reduced code size option
2020-05-11 08:55:22 -07:00
ed4899dd91
Only check downgrade when TLS 1.2 and no flag set
...
The flag, SSL_OP_NO_TLSv1_2, indicates not to negotiate TLS v1.2.
2020-05-11 13:18:50 +10:00
7c98451f24
Merge pull request #2961 from kaleb-himes/WOLFSSL_EXAMPLES
...
Fix failing build for rsa_verify_only example
2020-05-11 09:31:31 +10:00
5dfc36d32a
added WOLFSSL_LEAVE for measuring peak memory script
2020-05-09 17:03:17 +09:00
81dc0ac56f
Merge pull request #2956 from tmael/hkdf
...
Check HKDF-Expand length of output <= 255*HashLen
2020-05-08 16:36:40 -06:00
82c86447e7
Fix failing build for rsa_verify_only example
2020-05-08 16:18:30 -06:00
51b5f84d00
Merge pull request #2938 from JacobBarthelmeh/Xilinx
...
add Xilinx Vitis 2019.2 example and update README
2020-05-08 15:05:19 -07:00
10aa8a4ffc
Added support --enable-wpas=small for reduced code size when building against the WPA supplicant with EAP-TLS. This does not use OPENSSL_EXTRA, which helps reduce code size.
2020-05-08 13:38:26 -07:00
6b930d996c
Merge pull request #2958 from julek-wolfssl/ASN_IP_TYPE-without-openssl
...
Support IP alternative subject name without OpenSSL
2020-05-08 13:27:27 -07:00
4a44b7b781
Merge pull request #2954 from SparkiDev/sp_rsa_pq_len
...
Only use SP for RSA private operations if P and Q half bits
2020-05-08 08:30:30 -07:00
b5886e0e37
Add option --enable-ip-alt-name
...
This commit adds the configure option `--enable-ip-alt-name` that enables support for the IP alternative subject name parsing in `wolfcrypt/src/asn.c:DecodeAltNames`.
2020-05-08 13:20:24 +02:00
b39e384cfd
Review comment
2020-05-07 13:39:53 -07:00
cb0fb88e44
Merge pull request #2955 from JacobBarthelmeh/Testing
...
fix for scep build without aes
2020-05-07 08:44:39 -07:00
3ef7e588d2
Merge pull request #2932 from kaleb-himes/ZD10223
...
Fix building with one-side only tls13/dtls
2020-05-07 08:43:36 -07:00
943f6c4447
Merge pull request #2957 from SparkiDev/sp_c_cr_fix
...
SP C: Fix array size for cache resistant modexp
2020-05-07 06:26:39 -07:00
9e68de0fb7
Add test certs for ASN_IP_TYPE
2020-05-07 11:52:49 +02:00
b331804c27
SP C: Fix array size for cache resistant modexp
2020-05-07 10:00:14 +10:00
6619db580d
fix for scep build without aes
2020-05-06 16:58:54 -06:00
2ab478f8fd
Check length of output <= 255*HashLen
2020-05-06 15:47:39 -07:00
c4af5db4b9
Only use SP for RSA private operations if P and Q half bits
2020-05-07 08:46:48 +10:00
c962aa4181
add sprj file
2020-05-06 12:13:22 -07:00
be3c39ed1c
Merge pull request #2948 from JacobBarthelmeh/SanityChecks
...
update armv8 aes gcm sanity checks
2020-05-06 10:31:09 -07:00
3b6b59cea0
add 2019.2 Xilinx example and update README
...
fix to remove xml extension
add missing project file
update project
update dist include
rm prj files
2020-05-06 09:54:06 -06:00
5e45767cc3
Merge pull request #2943 from JacobBarthelmeh/Testing
...
check on length of unwrap before memmove
2020-05-05 11:09:06 -07:00
0f6fef8384
update armv8 aes gcm sanity checks
2020-05-05 09:47:05 -06:00
74040c62af
Merge pull request #2944 from dgarske/sp_cacheres
...
Fixes for C32/C64 SP math with `WOLFSSL_SP_CACHE_RESISTANT`
2020-05-05 10:43:00 +10:00
09bc460c2e
Merge pull request #2946 from dgarske/gcc9
...
Fix for GCC9 warning
2020-05-05 10:29:56 +10:00
8161dfe3aa
Fix for GCC9 warning.
...
```
src/tls.c:201:13: note: in expansion of macro 'XSTRNCMP'
201 | if (XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
| ^~~~~~~~
In file included from src/tls.c:33:
./wolfssl/internal.h:4312:19: note: referenced argument declared here
4312 | static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
| ^~~~~~
```
2020-05-04 15:07:28 -07:00
174b4d5159
Cleanup of SP with small stack. Expand support for WOLFSSL_SP_NO_MALLOC. Fix for evp.c when included directly.
2020-05-04 14:23:32 -07:00
df067b6781
Merge pull request #2919 from kaleb-himes/ZD10194
...
Fix for Freescale common examples that predated hardening warning
2020-05-04 13:43:07 -06:00
62d67c3da1
Don't need if not using TLS 1.2
2020-05-04 12:54:36 -06:00
da01961254
Merge pull request #2939 from JacobBarthelmeh/SanityChecks
...
sanity check on PemToDer type
2020-05-04 11:26:33 -07:00
d848495a66
Merge pull request #2937 from dgarske/wolfio_tcpcon_fd
...
Fix issue with failed TCP connect using invalid socket file descriptor
2020-05-04 11:22:54 -07:00
8e0f5ef8ce
Fixes for WOLFSSL_SP_CACHE_RESISTANT with small stack.
2020-05-04 11:22:12 -07:00
c28ad38b16
Fix for cast issue caused by PR #2900 . Applies to WOLFSSL_SP_CACHE_RESISTANT and c32/c64 versions only.
2020-05-04 10:49:59 -07:00
082e51d778
check on length of unwrap before memmove
2020-05-04 10:32:05 -06:00
9f735b4d6e
sanity check on PemToDer type
2020-05-01 16:41:18 -06:00
3944c8eb73
Merge pull request #2935 from ejohnstown/hush-tfm
...
Hush TFM Warnings
2020-05-01 08:26:42 -07:00
31502ec3f9
Fix issue with failed TCP connect using invalid socket file descriptor on close. Fixes #2936
2020-05-01 07:32:00 -07:00
b6bd86d2b1
TFM Warnings
...
When building in VS, the MSC will complain about some constants getting
implicitly promoted to 64-bit. Added some type-casts to hush the warnings.
2020-04-30 19:43:18 -07:00
f772bc8d9a
Merge pull request #2923 from dgarske/pic32mz
...
Fixes for PIC32MZ crypto hardware cache and large hash
2020-04-30 16:22:13 -07:00
df9dd3012f
Merge pull request #2934 from SparkiDev/tls13_cookie_ks
...
TLS13: Prepend the SupportedVersions extension to list
2020-04-30 14:58:11 -07:00
a1489d981c
Merge pull request #2930 from JacobBarthelmeh/SanityChecks
...
check on tag length for AES-CCM
2020-04-30 14:51:20 -07:00
7879d3762a
TLS13: Prepend the SupportedVersions extension to list
...
Must have SupportedVersions at start of list for Cookie to be
constructed correctly.
Application can set the key share extension before handshake and
SupportedVersions will be added after. Extensions written in order of
adding to list.
Prepend SupportedVersions so that it will always appear in the correct
place so when reconstructing HelloRetryRequest, the extensions will
always be in the same order.
2020-04-30 08:46:23 +10:00
505fbed4df
fix AES-CCM tag size check on decryption
2020-04-29 15:15:54 -06:00
7e267546cb
Merge pull request #2933 from SparkiDev/tls13_rsa8192
...
Allow TLS 1.3 CertificateVerify to handle 8192-bit RSA
2020-04-29 11:24:44 -07:00
390f066028
Allow TLS 1.3 CertificateVerify to handle 8192-bit RSA
2020-04-29 12:37:41 +10:00
e9b433a998
Merge pull request #2928 from julek-wolfssl/evp-aes-gcm-fix
...
Fix AES-GCM in EVP layer to have compatiblity with OpenSSL
2020-04-29 09:00:04 +10:00
b73e52f33f
move AES-CCM tag check into a local function
2020-04-28 14:46:06 -06:00
951cb4aaf4
Fix building with one-side only tls13/dtls
2020-04-28 14:33:00 -06:00
f770d28ff0
Merge pull request #2916 from dgarske/testfixes
...
Improvements to ECC key decode and tests
2020-04-28 09:57:44 -07:00
a585e4115e
Merge pull request #2927 from SparkiDev/tls13_ccs
...
In TLS 1.3, don't allow multiple ChangeCipherSpecs in a row
2020-04-28 09:52:46 -07:00
cb6fc56f3b
Merge pull request #2921 from dgarske/fixes_g++
...
Fixes for G++ and enable-all
2020-04-28 09:51:34 -07:00
c02c408409
Only 80 characters a line
2020-04-28 12:38:02 +02:00
a104caef13
Merge pull request #2929 from dgarske/sp_rsalowmem
...
Fix for SP math with `RSA_LOW_MEM` (ARM only)
2020-04-28 08:43:31 +10:00
c85a53c631
add macro guard for fips and selftest builds
2020-04-27 15:36:53 -06:00
6185e0f477
Remove execute bit on files.
2020-04-27 11:16:02 -07:00
327cdefc24
Fix for SP math with RSA_LOW_MEM, which was broken in PR #2892 .
2020-04-27 08:59:54 -07:00
01a6dded72
Fix AES-GCM in EVP layer to have compatiblity with OpenSSL
...
- Tag checking in AES-GCM is done in Final call
- Reset `WOLFSSL_EVP_CIPHER_CTX` structure after Final call
- Don't zero `ctx->authTag` struct in Init call so that user can get the AES-GCM tag using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag)`
- `ctx->authTag` is only zeroed before authenticated, non-confidential data Update call since this means we are entering a new Udate-Final cycle. This doesn't need to be done in the decrypt case since the tag should be supplied by the user before the final call using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)`
2020-04-27 15:52:01 +02:00
1e726e19a4
Fix for XMALLOC cast.
2020-04-27 06:48:41 -07:00
c153873337
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-04-27 16:17:03 +10:00
df1b7f34f1
In TLS 1.3, don't allow multiple ChangeCipherSpecs in a row
2020-04-27 15:27:02 +10:00
3c93a7b757
Fix Value stored to 'ret' is never read.
2020-04-24 11:31:12 -07:00
a4caa42793
Improve the Base64 line size for NO_ASN case. Fix report of unread ret.
2020-04-24 11:26:55 -07:00
589712f870
PIC32MZ Fix for cache coherency to enable write-through (no write allocation) to resolve descriptor corruption. ZD 10212.
2020-04-24 09:13:28 -07:00
0f11369680
PIC32MZ Fix for WOLFSSL_PIC32MZ_LARGE_HASH: Only submit to hardware if update data provided matches expected. ZD 10211.
2020-04-24 09:01:51 -07:00
cfc0aeb857
Fix for RSA and KeyGen only in test.c.
2020-04-24 08:56:31 -07:00
41fc208195
Fixes for isHMAC checks.
2020-04-24 08:51:56 -07:00
5fa7bb5b9f
Fix possible unused args.
2020-04-24 07:48:41 -07:00
6d025f8c0f
Refactor of the EVP macType to use enum wc_HashType to resolve issues with invalid casting.
2020-04-24 07:43:44 -07:00
922ab1e944
Merge remote-tracking branch 'upstream/master' into branch-1
2020-04-24 18:00:29 +09:00
bcc408442b
Added test cases for wc_curve25519_key_export_xx
2020-04-24 17:50:17 +09:00
28b686a8ca
* Exposed useful sizes MAX_X509_HEADER_SZ and PEM_LINE_SZ
...
* Refactor the PEM saving code in `test.c`, so its not using large 4K buffer and calculates based on DER.
* Enable ECC key generation test even without `WOLFSSL_KEY_GEN`.
* Added `ECC_KEYGEN_SIZE` macro for ECC key generation testing.
* Refactor ECC DER key generation to use `ECC_BUFSIZE`.
2020-04-23 16:11:54 -07:00
81f959336b
Added support for important private key DER using wc_EccPublicKeyDecode. Added ECC key generation and decode test case.
2020-04-23 16:07:43 -07:00
b07dfa425d
Fixes for ./configure CC="g++" --enable-all && make. Resolves issues with implicit casts and use of reserved template keyword.
2020-04-23 15:26:04 -07:00
5376763638
Merge pull request #2913 from SparkiDev/sp_cortexm4_ecc
...
Improve performance of SP Cortex M asm
2020-04-23 09:47:05 -07:00
7318121d3a
Merge pull request #2915 from dgarske/async_v4.4.0
...
Fixes for async release v4.4.0
2020-04-23 09:26:08 -07:00
54aa50e628
Merge pull request #2912 from SparkiDev/sp_movbe
...
Only use Intel instruction movbe when available
2020-04-23 09:25:02 -07:00
6132176715
Merge pull request #2917 from ejohnstown/postrelease
...
Minor wolfCrypt Test Fixes
2020-04-23 07:16:07 -07:00
7a0cbe084e
Improve performance of SP Cortex M asm
2020-04-23 11:05:42 +10:00
a064cb3943
Fix a couple of wolfCrypt test issues found during the long release build test.
2020-04-22 11:30:57 -07:00
e116c89a58
Merge pull request #2906 from ejohnstown/release-rollup
...
Release Rollup
2020-04-22 10:43:44 -07:00
4592e0ec95
Fix for use of incorrect devId for wolfSSL_SHA3_256_Init.
2020-04-22 10:16:20 -07:00
88d04e5eeb
Fix for NULL == NULL test case in test_wolfSSL_EC_get_builtin_curves.
2020-04-22 10:15:52 -07:00
36a556f927
Resolve issues with the openssl compatibility CRYPTO_malloc and CRYPTO_free.
2020-04-22 10:15:16 -07:00
12e4718c67
Fix for Freescale common examples that predated hardening warning
2020-04-22 11:06:36 -06:00
83152c767f
touch dates
2020-04-21 10:50:59 -07:00
bf680b4a92
Fix for QAT with Shake256. Fix for XFREE missing semicolon.
2020-04-21 10:38:27 -07:00
7b6cc2056b
Update release date in readme and changelog.
2020-04-21 10:21:59 -07:00
ccd096e1bb
Memory Leak Fix
...
1. In `wolfSSL_d2i_DHparams()`, when setting the internal key on a
WOLFSSL_KEY, set the flag inSet.
2. Not a leak, but in `wolfSSL_EVP_PKEY_set1_DH()`, only allocate one
buffer to store the flat key. Saves an alloc, memcpy, and free.
2020-04-21 10:21:59 -07:00
61f3783111
Fixes to test.c for the following build configurations:
...
1. ./configure --disable-rsa --enable-certgen --enable-certreq
2. ./configure --disable-ecc --enable-pkcs7
2020-04-21 10:21:59 -07:00
c134626946
Update credit names on vuln notice in README.
2020-04-21 10:21:59 -07:00
087675e31e
Update the RPM build spec.
2020-04-21 10:21:59 -07:00
4331b7df18
Update the VS library build resource.
2020-04-21 10:21:58 -07:00
bf4f50ab93
Add Azure Sphere file missing from release.
2020-04-21 10:21:58 -07:00
a29eac035b
Update credit for vulnerability report.
2020-04-21 10:21:58 -07:00
836e77508d
Remove notes for reverted DTLS commits.
2020-04-21 10:21:58 -07:00
7cbf496329
Encrypt key requirements check
...
The file wc_encrypt.c offers a function named wc_CryptKey(), which
requires PWDBASED and ASN. Added the check for ASN.
2020-04-21 10:21:58 -07:00
e84cd1a887
Updated the README file and ChangeLog for some spelling and omissions.
2020-04-21 10:21:58 -07:00
27011ff7ff
Release Rollup
...
1. Update configure with the new version.
2. Update the ChangeLog.
3. Update the readme.
2020-04-21 10:21:53 -07:00
231c488ddf
check on tag length for AES-CCM
2020-04-20 13:44:41 -06:00
0cfde0794b
Merge pull request #2848 from julek-wolfssl/wpa-supplicant-openssl-compat
...
Added partial support for wpa_supplicant, hostapd, and cjose:
2020-04-20 12:17:55 -06:00
75c14e4c8e
Only use Intel instruction movbe when available
2020-04-20 09:09:45 +10:00
f87f09fcd7
Merge pull request #2910 from embhorn/zd10169
...
Fix forbidden iv length 0 with AES-GCM
2020-04-16 16:01:03 -07:00
8112c81fc5
Added missing NO_CERTS check.
2020-04-16 23:30:11 +02:00
6b3642db36
Fix forbidden iv length 0 with AES-GCM
2020-04-16 13:48:56 -05:00
75deec250c
Merge pull request #2908 from ejohnstown/dtls-revert
...
DTLS Revert
2020-04-16 09:58:48 -07:00
9918ee8b68
Merge pull request #2907 from SparkiDev/sp_arm64_reg
...
SP ARM64 - use fewer registers in mont_reduces
2020-04-16 09:58:07 -07:00
dd68074104
Fix merge issues
2020-04-16 10:09:15 +02:00
eab451339c
Fixed dereference after null check.
2020-04-16 09:52:02 +02:00
83044d7560
Fixed dereference after null check.
2020-04-16 09:46:15 +02:00
40ea386509
Revert "DTLS Fix"
...
This reverts commit 04dcb8f774
2020-04-15 21:33:33 -07:00
78a9185d0b
Revert "DTLS Fuzz Fix"
...
This reverts commit 70d03f3ba0
2020-04-15 21:33:27 -07:00
da5d9a923b
SP ARM64 - use fewer registers in mont_reduces
2020-04-16 09:20:04 +10:00
36403c1dad
Merge remote-tracking branch 'wolfSSL/master' into wpa-supplicant-openssl-compat
2020-04-15 16:55:03 +02:00
314ff1137b
Fixed resource leak.
2020-04-15 16:29:11 +02:00
68a2e03bd4
Fixed resource leak.
2020-04-15 16:27:34 +02:00
1a80975d9e
Fixed resource leaks.
2020-04-15 15:47:32 +02:00
e19334266e
This function is required by HAVE_PK_CALLBACKS option and it's used by server as well.
2020-04-15 14:43:12 +02:00
74893edaf0
Fix of size constraint for parsing.
2020-04-15 14:36:36 +02:00
1d3fd5cd07
Code review
...
- make `wc_ecc_export_point_der_compressed` a local function
- use `int` for `shortKeySize` in `wc_ecc_import_point_der_ex`
- check for null return value from `wolfSSL_OBJ_nid2obj` and `wolfSSL_d2i_PUBKEY`
- add comments to `ssl.c`
- check `lnlen` in `wolfSSL_OBJ_ln2nid`
2020-04-15 12:53:38 +02:00
ebb490204a
Merge pull request #2898 from embhorn/zd9856
...
Fix EVP API to return NID types / SHA3 for RSA sign
2020-04-14 16:09:00 -07:00
f97a56b9ce
Merge pull request #2905 from ejohnstown/dtls-fuzz
...
DTLS Fuzz Fix
2020-04-14 14:19:09 -07:00
d9472b895f
Fix conflicts after rebase
2020-04-14 15:24:52 -05:00
19ca00bcd4
Adding support for SHA3 in wolfSSL_RSA_sign_ex
2020-04-14 14:31:00 -05:00
1487917214
Fix EVP_MD_CTX_type to return NID
2020-04-14 14:27:21 -05:00
be437c0bd2
Fix EVP API to use NID instead of WC_ types
2020-04-14 12:47:10 -05:00
70d03f3ba0
DTLS Fuzz Fix
...
Only save a next epoch message if it is in the next epoch, not any future epoch.
2020-04-14 10:13:37 -07:00
9c1b90170a
Merge pull request #2903 from SparkiDev/test_4096
...
Fix testing using 4096 bits keys and parameters
2020-04-14 09:25:00 -07:00
06c6e583c8
Merge pull request #2891 from julek-wolfssl/refactor-evp-functions
...
Move EVP functions to evp.c
2020-04-14 09:22:51 -07:00
a2892f66c0
Merge pull request #2889 from JacobBarthelmeh/SanityChecks
...
sanity check on input length before secure renegotiation compare
2020-04-14 09:21:29 -07:00
b6d6b1db77
Added new DH 4096-bit key to gencertbuf.pl.
2020-04-14 07:11:07 -07:00
dad0bc0159
Keep compatibility with old OPENSSL_EXTRA_X509_SMALL functions
2020-04-14 12:52:23 +02:00
0b3a331265
Revert wc_OBJ_sn2nid
2020-04-14 11:48:14 +02:00
0ded4d4ccb
wolfSSL_RSA_*_PKCS1_PSS rewrite
2020-04-14 11:48:14 +02:00
89f7a51838
Add option to enable DPP support in wpa_supplicant (note DPP not yet supported as of this commit)
2020-04-14 11:48:14 +02:00
20e669a65a
New API
...
Add `wc_ecc_import_point_der_ex` for correct importing DER ECC point and keep `wc_ecc_import_point_der` old functionality
2020-04-14 11:48:14 +02:00
dbe4e778d3
Test fixes
...
- Add `parameter` to `WOLFSSL_X509_ALGOR`
- Implement `wolfSSL_ASN1_TYPE_new`, `wolfSSL_ASN1_TYPE_free`, and `wolfSSL_ASN1_TYPE_set`
- Fix leak where `pval` in `wolfSSL_X509_ALGOR_set0` was lost if `aobj` was provided
2020-04-14 11:48:14 +02:00
18093a6b0b
Code review changes
...
- Don't include `ENABLED_OPENSSLALL` with `ENABLED_WPAS`
- Return length in `wolfSSL_i2d_DHparams`
- Implement `wolfSSL_EC_POINT_mul` with independent multiplication and addition if `ECC_SHAMIR` not defined
- Implment `ASN1_SIMPLE` without `offsetof` by using a dummy struct
- Style fixes
2020-04-14 11:48:14 +02:00
9722082372
Fix nid2* and *2nid functions
2020-04-14 11:48:14 +02:00
eb549f7095
Test fixes
2020-04-14 11:45:32 +02:00
ef5eefac91
Test fixes
2020-04-14 11:45:32 +02:00
b4d9007a48
Test fixes
...
Config fixes
Fix windows FIPS
2020-04-14 11:45:32 +02:00
680a481e61
Test fixes
...
Remove redundant macros
2020-04-14 11:45:32 +02:00
9ced70edc1
Test fixes
...
Free `x509->key.pkey` in `FreeX509
Fix type conversions
Fix memory leaks and use of uninitialized memory
2020-04-14 11:45:32 +02:00
73b4d78d5b
Added partial support for wpa_supplicant, hostapd, and cjose:
...
- Moved `SetECKeyInternal` and `SetECKeyExternal` to `internal.h` to allow usage outside of `ssl.c`
- Added `asn1t.h`
- Implemented the `IMPLEMENT_ASN1_FUNCTIONS` macro for a small subset of ASN1 tags
-- So far only `X509_ALGOR` and `ASN1_BIT_STRING` are supported
- Implemented `BN_mod_add` function
- Allow for setting of `EC_KEY` export form through EC_KEY_set_conv_form
- Implemented `i2o_ECPublicKey`
- Implemented `EC_POINT_copy`
- Implemented deriving DH and ECDH keys in `EVP_PKEY_CTX`. Functions added:
-- `EVP_PKEY_derive_init`
-- `EVP_PKEY_derive_set_peer`
-- `EVP_PKEY_derive`
- Implemented `EVP_PKEY_get0_DH`
- Implemented `X509_ALGOR_new`
- Implemented `X509_ALGOR_free`
- Implemented `X509_ALGOR_set0`
- Implemented `X509_PUBKEY_new`
- Implemented `X509_PUBKEY_free`
- Implemented `X509_PUBKEY_set`
- Implemented `RSA_padding_add_PKCS1_PSS`
- Implemented `RSA_verify_PKCS1_PSS`
- Changed second parameter of `wolfSSL_d2i_PUBKEY` to be constant
- Corrected long names in `asn.h`
- Added `wc_ecc_get_generator` as a way to get the generator point of a curve
- Added `wc_ecc_export_point_der_ex` to export an ECC point in compressed or uncompressed format with one API
- Added `wc_ecc_export_point_der_compressed` to export a point in an `ecc_point` structure in compressed DER format
- Added 'wc_RsaSSL_Verify_ex` which adds the option to choose a padding type
- Added `wc_RsaPad_ex` and `wc_RsaUnPad_ex` to `rsa.h` as `WOLFSSL_LOCAL` functions
- `CopyDecodedToX509` now fills `x509->key` and `x509->algor` when populating x509
- `wolfSSL_EVP_CipherInit` now uses `wc_AesGcmSetExtIV` to set the IV so that it is copied to `ctx->iv` by `wolfSSL_StoreExternalIV`
- Added error checking to `wolfSSL_EVP_PKEY_get_der`
- `wolfSSL_X509_ALGOR_get0` now attempts to return something in all parameters
- Refactored `wolfSSL_EC_KEY_new` to use `*_new` functions when available
- Added `setupPoint` to set the internal point if not yet set
- Always set external point in `wolfSSL_ECPoint_d2i`
- Added compressed point support to `wolfSSL_EC_POINT_point2oct`
- Fix `wolfSSL_EC_POINT_mul` so that it will calculate the full `generator * n + q * m` then OpenSSL does
- Added `WOLFSSL_RSA_GetRNG` helper function to get a `WC_RNG` from `WOLFSSL_RSA`
- Correct short names in `wolfssl_object_info`
- Added all currently supported curves to `wolfssl_object_info`
- Added `oidCurveType` to `oid2nid`
- Add more padding types to `wolfSSL_RSA_public_decrypt`
- Fix `keysize` in `wc_ecc_import_point_der`
- Added tests for new additions
2020-04-14 11:45:32 +02:00
ba401c9bde
Fix testing using 4096 bits keys and parameters
...
RSA PKCS #1.5 padding for signing is not reliant on a random.
2020-04-14 12:03:51 +10:00
416f0775d3
Merge pull request #2900 from dgarske/sp_no_malloc
...
Added option to build SP small without malloc
2020-04-14 09:40:11 +10:00
3cb0c600ba
Merge pull request #2894 from SparkiDev/ecc_cr_fix
...
Change constant time and cache resistant ECC mulmod
2020-04-13 16:36:22 -07:00
f309173518
Merge pull request #2899 from embhorn/zd9564
...
Adding check for invalid SAN ext with no entries
2020-04-13 15:31:06 -06:00
ee0289bea6
Merge pull request #2825 from julek-wolfssl/self-include-options
...
OpenVPN changes
2020-04-13 13:11:18 -07:00
aadec345ab
Merge pull request #2871 from vaintroub/master
...
Fix clang warnings (issue #2870 )
2020-04-13 09:02:51 -07:00
1f5a7bffaa
Build fixes for WOLFSSL_NO_MALLOC in wolfCrypt test.
2020-04-13 07:39:06 -07:00
b01ce168ea
Fixes for SP small with no malloc in sp_256_ecc_mulmod_10 and sp_384_ecc_mulmod_15.
2020-04-13 07:19:06 -07:00
4748254b60
Merge pull request #2896 from embhorn/zd9916
...
Fix wc_KeyPemToDer with PKCS1 and empty key
2020-04-10 15:38:07 -07:00
d412ccb6f8
Added new option WOLFSSL_SP_NO_MALLOC for building small SP without malloc. Added SP documentation. Added ./configure --enable-sp=yes,nomalloc supprt. https://github.com/wolfSSL/scripts/pull/79
2020-04-10 11:13:55 -07:00
8644fdca7d
Update from review
2020-04-10 08:29:31 -05:00
ffd06e359f
Change constant time and cache resistant ECC mulmod
...
Ensure points being operated on change to make constant time.
2020-04-10 09:28:20 +10:00
0a40bbe2a9
Merge pull request #2897 from ejohnstown/omit-omit
...
Omit -fomit-frame-pointer from CFLAGS
2020-04-09 16:01:34 -07:00
cf8459e518
Merge pull request #2892 from SparkiDev/cppcheck_fixes_4
...
Fixes from cppcheck
2020-04-09 16:01:11 -07:00
7d82c4e3f2
Adding check for invalid SAN ext with no entries
2020-04-09 16:49:52 -05:00
c3e0575914
Fix from review
2020-04-09 12:52:32 -05:00
f6b9b2e0eb
Remove redundant guards
2020-04-09 18:26:23 +02:00
2bf9dc4037
Merge pull request #2895 from dgarske/qat_tls13
...
Fix for asynchronous TLS v1.3 issue
2020-04-09 09:25:36 -07:00
9cbbd164e0
Fix test errors
2020-04-09 14:54:09 +02:00
6621465433
Merge pull request #2890 from JacobBarthelmeh/Testing
...
set ChaCha counter state for TLS 1.3 AEAD
2020-04-09 10:28:50 +10:00
7a6de91296
Omit -fomit-frame-pointer from CFLAGS.
2020-04-08 14:06:11 -07:00
4d6e33b1dd
Fix wc_KeyPemToDer with PKCS1 and empty key
2020-04-08 11:34:24 -05:00
97d798743a
Merge pull request #2893 from SparkiDev/tls13_capable_fix
...
Another place where TLS 1.3 capable check is required
2020-04-08 09:09:19 -07:00
5e5af8e93a
Fix for asynchronous TLS v1.3 issue where connect or accept state is incorrectly advanced when there is data to queued to send.
2020-04-08 07:26:21 -07:00
7001599782
Another place where TLS 1.3 capable check is required
2020-04-08 11:36:47 +10:00
411aee6e05
Fixes from cppcheck
...
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
9e08efe8e0
Merge pull request #2885 from SparkiDev/sp_x64_ecc_tweak
...
Tweak the SP x86_64 ECC assembly
2020-04-07 14:27:12 -07:00
6e8d3f224d
Merge pull request #2888 from SparkiDev/tls13_down_rand
...
Fix downgrade fixed random to match spec
2020-04-07 14:22:07 -07:00
690b546260
Merge pull request #2887 from dgarske/nodir
...
Fix for building with `NO_WOLFSSL_DIR`
2020-04-07 14:14:34 -07:00
b6f98a3cde
Merge pull request #2886 from kaleb-himes/ZD10106
...
Avoid leak when HAVE_AESGCM and NO_AES_DECRYPT. Thanks to G.G. on ZD …
2020-04-07 14:13:43 -07:00
4c0ea10e45
Move EVP functions to evp.c
2020-04-07 22:36:50 +02:00
ebcf86070d
Merge pull request #2883 from miyazakh/esp_aescounter
...
add aes counter on esp32
2020-04-07 13:24:53 -07:00
77b75ef3a2
Merge pull request #2881 from dgarske/ecc_asn
...
Fixes for building ECC without ASN
2020-04-07 13:09:37 -07:00
dec111722f
Merge pull request #2880 from SparkiDev/tls_csr_ext_empty
...
GNU TLS server sends empty CSR extension
2020-04-07 13:08:21 -07:00
c002df4cce
Merge pull request #2879 from ejohnstown/dtls-fix
...
DTLS Fix
2020-04-07 13:07:30 -07:00
154dd552e9
Merge pull request #2877 from SparkiDev/tls_hmac_trunc
...
Allow use of truncated HMAC with TLS_hmac checking
2020-04-07 13:06:36 -07:00
65cf5a0d46
Merge pull request #2802 from embhorn/zd9764
...
Fix for bidirectional shutdown
2020-04-07 13:03:54 -07:00
f742693062
Merge pull request #2867 from SparkiDev/aes-ccm-aesni
...
For CCM using AES-NI, do 4 blocks at a time if possible
2020-04-07 13:03:23 -07:00
4a4f383485
Merge pull request #2842 from julek-wolfssl/set_curve_groups_list
...
Check length to avoid XSTRNCMP accessing memory after `list`
2020-04-07 13:02:18 -07:00
bf332b459b
set ChaCha counter state for TLS 1.3 AEAD
2020-04-07 10:36:23 -06:00
1ce0268477
sanity check on input length before secure renegotiation compare
2020-04-07 10:10:03 -06:00
e6affa386f
Fix downgrade fixed random to match spec
2020-04-07 09:42:08 +10:00
31ea4b388c
Fix for building with NO_WOLFSSL_DIR when compatibility layer is enabled. ZD 10117.
2020-04-06 10:33:16 -07:00
4ec0591e45
Avoid leak when HAVE_AESGCM and NO_AES_DECRYPT. Thanks to G.G. on ZD #10106 for the report
2020-04-06 09:43:24 -06:00
06f23223e4
Allow wolfSSL to include options.h with EXTERNAL_OPTS_OPENVPN header
2020-04-06 15:06:15 +02:00
9c67bc2864
For CCM using AES-NI, do 4 blocks at a time if possible
2020-04-06 11:11:28 +10:00
7dad0d3965
Tweak the SP x86_64 ECC assembly
...
Put back fixes undone in previous commits:
- Fix casting warning in SP when mp_digit < sp_digit
- SP fix check for NULL in EC point_new
2020-04-06 11:02:30 +10:00
302e1d6818
add aes counter on esp32
2020-04-04 14:04:44 +09:00
1831193c20
* Fixes for building ECC without ASN.
...
* Fix to expose `wc_ecc_import_private_key_ex` and its ability to import a private key even when `NO_ASN` is defined.
* Remove execute bit on CSharp files.
2020-04-03 10:55:31 -07:00
c0dc3091e1
GNU TLS server sends empty CSR extension
2020-04-03 16:03:41 +10:00
9a1687d00e
Merge pull request #2836 from dgarske/fips_ld
...
Example for FIPS Linker Descriptor (.ld)
2020-04-02 14:28:30 -07:00
8128a269f3
Merge pull request #2876 from SparkiDev/sp_arm64
...
Improve speed of AArch64 assembly
2020-04-02 14:26:48 -07:00
48e40fac2b
OpenVPN changes
...
Include <wolfssl/options.h> in settings.h for OpenVPN
Additional API fixes
2020-04-02 20:23:13 +02:00
6126aca387
Merge pull request #2874 from SparkiDev/tls13_cert_hash
...
When picking hash alg for ECC certs use key size
2020-04-02 09:52:10 -07:00
86adb7f9c5
Merge pull request #2873 from SparkiDev/aes_small
...
Smaller table version of the AES encrypt/decrypt
2020-04-02 09:50:58 -07:00
5df5ab5931
Merge pull request #2862 from dgarske/iar_ropi
...
Support for IAR with position independent code (ROPI)
2020-04-02 09:49:00 -07:00
06442c410d
Merge pull request #2861 from dgarske/zynqmp
...
Fixes for Xilinx SDK and Zynq UltraScale+ MPSoC
2020-04-02 09:46:48 -07:00
b1a80973dd
size_t -> int
2020-04-02 18:45:53 +02:00
c48ea3f567
When picking hash alg for ECC certs use key size
2020-04-02 11:53:35 +10:00
04dcb8f774
DTLS Fix
...
If the finished message (well, next epoch handshake message) is received,
store it. Process it after a change cipher spec message.
2020-04-01 17:17:51 -07:00
e23a6b46b0
Allow use of truncated HMAC with TLS_hmac checking
2020-04-02 08:52:40 +10:00
b1ec15de3e
Only try shutdown once in example
2020-04-01 17:48:17 -05:00
3f7ce61dbd
Updates from review
2020-04-01 11:14:25 -05:00
df1819b79f
Improve speed of AArch64 assembly
...
Improve point_dbl and point_dbl_n for all platforms.
2020-04-01 15:06:50 +10:00
47d1cb8415
Changes to support IAR with position independent code (ROPI). Updated example wolfSSL IAR project to use "ropi" (Position indipendance for code and read-only data).
2020-03-31 08:17:09 -07:00
568ce62b81
Updates from code review
2020-03-31 18:29:06 +10:00
3bd52b166b
Merge pull request #2863 from miyazakh/dtls_benchmark
...
added dtls benchmark
2020-03-27 12:06:06 -07:00
9339808ea1
Smaller table version of the AES encrypt/decrypt
...
Use WOLFSSL_AES_SMALL_TABLES.
Much slower. Decrypt much slower then encrypt.
2020-03-27 15:53:01 +10:00
99b9f46e58
fixed not working on mac
...
fixed case of -s or -c
2020-03-27 12:33:51 +09:00
ddb4b5eb89
Merge pull request #2872 from SparkiDev/rsa_pub_fix
...
Fix performance of RSA public key ops with TFM
2020-03-26 11:56:23 -07:00
16fa1a4747
Merge pull request #2855 from JacobBarthelmeh/PKCS12
...
maintenance to PKCS12 create for outputting encrypted bundles
2020-03-26 10:41:04 -07:00
1bc2ecff6a
Merge pull request #2849 from dgarske/csharp_wrapper
...
CSharp wrapper improvements
2020-03-26 09:10:24 -06:00
c82531a41a
Fix performance of RSA public key ops with TFM
...
Have a constant and non-constant time modular exponentation available in
tfm.c.
Call the non-constant time version explicitly when performing RSA public
key mod exp.
2020-03-26 17:33:07 +10:00
a6034a38c7
Fix for building with WOLFSSL_SMALL_STACK_CACHE only (no WOLFSSL_SMALL_STACK).
2020-03-25 16:04:45 -07:00
d57d194de3
Fix clang warnings (issue #2870 )
...
The warning was "comparison of array 'ecc_sets[i].name' not equal to a null
pointer is always true [-Wtautological-pointer-compare]"
Compiler is correct, ecc_sets[i].name is an array of size 16, thus
can't be NULL
Also, fix build error on Windows by changing uint8_t to "unsigned char"
(alternative fix could be including stdint.h)
2020-03-25 23:07:12 +01:00
3717982d47
Fix to build wolfssl/testsuite in Any CPU case.
2020-03-25 14:53:58 -07:00
70773f3b3e
Added "WOLFSSL_ARMASM" ifdef checks on ARMv8 port files.
2020-03-25 12:54:40 -07:00
93fd1b1eeb
Merge pull request #2869 from JacobBarthelmeh/Testing
...
add single quotes around -? in test scripts
2020-03-25 11:03:19 -07:00
083b8f680f
Merge pull request #2868 from JacobBarthelmeh/Certs
...
refactor decrypt content with PKCS12 and fix for AES-256 + HMAC SHA25…
2020-03-25 11:02:34 -07:00
2116c20f5d
add test case for PKCS12 to DER and back
2020-03-25 10:38:18 -06:00
469de9a580
Fix for CSharp solution to eliminate Debug/Release. Only DLL Debug and DLL Release should be available.
2020-03-25 08:57:58 -07:00
0a6b93fda2
add single quotes around -? in test scripts
2020-03-24 22:40:48 -06:00
59ab600d76
refactor decrypt content with PKCS12 and fix for AES-256 + HMAC SHA256 case
2020-03-24 22:23:44 -06:00
9fac21f463
replace the size at bench_embedded
2020-03-25 08:09:42 +09:00
26f539400a
Merge pull request #2866 from SparkiDev/curve448_gcc_bug
...
Curve448 - 128-bit impl workaround for compiler
2020-03-24 09:55:43 -07:00
e66334e56b
Merge pull request #2865 from SparkiDev/sp_cast_fix
...
Fix casting warning in SP when mp_digit < sp_digit
2020-03-24 09:52:26 -07:00
b92e5d83c5
Merge pull request #2864 from JacobBarthelmeh/ARMv8
...
Fix for clang warning with ARM assembly build
2020-03-24 09:51:11 -07:00
75eca61b3e
address review comments
2020-03-24 20:35:21 +09:00
c95e7f88aa
Curve448 - 128-bit impl workaround for compiler
...
Old gcc compilers can keep track of the 128-bit multiplication and left
shift results' size.
Split all multiplication and left shift results into separate variables.
Add/subtract into the correct variable at end.
Don't want variable declarations after statements so reduce doesn't use
'tr' anymore.
2020-03-24 16:28:14 +10:00
a7d265bf46
Fix casting warning in SP when mp_digit < sp_digit
2020-03-24 12:41:25 +10:00
7fabd74a90
Merge pull request #2859 from SparkiDev/tfm_ec_invmod_ct
...
Constant time EC map to affine for private operations
2020-03-23 19:16:45 -07:00
dde1c3bc08
Fix for clang warning with ARM assembly build
2020-03-23 15:08:28 -06:00
5c424769a0
Added DH and Curve/Ed25519.
2020-03-23 09:08:45 -07:00
7d4b4e4994
added dtls benchmark
2020-03-22 17:56:28 +09:00
a8f2c97e13
Added CSharp example for multi-threaded TLS server. Refactor to separate the ssl and ctx handles.
2020-03-20 16:10:19 -07:00
97f08393e2
Added wolfCrypt Xilinx SDK project. Fix for stsafe.h inclusion of ssl.h with WOLFCRYPT_ONLY.
2020-03-20 14:40:17 -07:00
2706d6d48a
Improve the benchmark to use snprintf then printf. Resolve issue showing results with xil_printf.
2020-03-20 12:34:08 -07:00
3127a7e9e5
Fixes for building with bare-metal on Xilinx SDK with zynqmp. Added Zynqmp benchmark timer support.
2020-03-20 12:22:47 -07:00
9b8752e314
Merge pull request #2858 from SparkiDev/netscape_cert_ext
...
Recognise Netscape Certificate Type extension
2020-03-19 16:33:25 -07:00
0c3667ba93
Merge pull request #2857 from SparkiDev/sp_null_check
...
SP fix check for NULL in EC point_new
2020-03-19 16:30:59 -07:00
33b95b8ad7
Merge pull request #2854 from JacobBarthelmeh/Certs
...
add +1 for string null terminator
2020-03-19 16:24:42 -07:00
49f01450de
Merge pull request #2853 from SparkiDev/dtls_mtu
...
Allow setting of MTU in DTLS
2020-03-19 16:23:39 -07:00
f4a8430115
Merge pull request #2851 from JacobBarthelmeh/SanityChecks
...
add space for null terminator and check on header pointer
2020-03-19 16:00:57 -07:00
1de07da61f
Constant time EC map to affine for private operations
...
For fast math, use a constant time modular inverse when mapping to
affine when operation involves a private key - key gen, calc shared
secret, sign.
2020-03-20 08:59:41 +10:00
ce6aeebdb4
fixes for static analysis checks
2020-03-19 16:34:02 -06:00
62a593e72e
Recognise Netscape Certificate Type extension
...
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
2020-03-19 12:43:03 +10:00
c776a4219a
SP fix check for NULL in EC point_new
2020-03-19 08:56:52 +10:00
a28fc5e70b
Peer review feedback. Handle socket.Connect() failures.
2020-03-18 13:33:15 -07:00
09dedfbe17
maintenance to PKCS12 create for outputting encrypted bundles
2020-03-18 12:00:57 -06:00
00630baa53
Merge pull request #2826 from miyazakh/fix_csharp_dtlsexample
...
fix dtl server example of CSharp when freeing stuff
2020-03-18 09:26:14 -07:00
2bf39307f1
add +1 for string null terminator
2020-03-18 10:25:56 -06:00
e17e064ce2
Allow setting of MTU in DTLS
2020-03-18 12:36:11 +10:00
eb6f44e491
Merge pull request #2847 from tmael/memLeak
...
Fix memory leak
2020-03-17 13:31:10 -07:00
d0767164c8
Merge pull request #2846 from SparkiDev/sp_rsa_priv_fix
...
Fix SP RSA private op
2020-03-17 13:28:11 -07:00
aff80ab0d3
adjust test case for no ECC
2020-03-17 08:56:55 -07:00
9fc8c8e0b6
add space for null terminator and check on header pointer
2020-03-16 15:14:29 -07:00
74781a3d45
Merge pull request #2829 from cconlon/pkcs7multioctets
...
PKCS7/CMS EnvelopedData support for fragmented encrypted content
2020-03-16 13:12:23 -06:00
321a43edee
Merge pull request #2850 from JacobBarthelmeh/SanityChecks
...
sanity check on IV size
2020-03-16 09:36:17 -07:00
2d950f1ab4
sanity check on IV size
2020-03-15 18:46:11 -06:00
00a49dffd0
Add new files to autoconf.
2020-03-13 20:40:18 -07:00
6498cb48bc
CSharp wrapper improvements. Added TLS client example. Added TLS v1.3 methods. Added set_verify and CTX_set_verify. Added example code for CTX_set_cipher_list.
2020-03-13 14:54:57 -07:00
a6b01904d2
Release mem during failure
2020-03-13 14:22:06 -07:00
bcc720ef68
Merge pull request #2773 from SKlimaRA/master
...
Coverity issues fixes.
2020-03-13 10:20:45 -07:00
464631f920
Merge pull request #2841 from JacobBarthelmeh/Certs
...
add function wolfSSL_X509_NAME_ENTRY_create_by_txt
2020-03-13 10:17:52 -07:00
fa4ccbe728
Merge pull request #2844 from JacobBarthelmeh/SanityChecks
...
set inital state of TLS 1.3 peerSuites structure
2020-03-13 10:16:53 -07:00
452b4c03a6
Fix memory leak
2020-03-12 23:24:44 -07:00
6321eabf86
Fix SP RSA private op
...
tmpa - tmpb can be less than -p.
Need to conditionally add p twice.
C and multiple platform fix.
2020-03-12 09:33:52 +10:00
0be0cf44e4
fix for returning NULL when text not found and add test case
2020-03-10 09:54:31 -06:00
93326a7aeb
Changed dst NULL check.
2020-03-10 09:55:27 +01:00
fb0ad6532f
set inital state of TLS 1.3 peerSuites structure
2020-03-09 15:13:01 -06:00
3fcbcbf42a
Revert "Logically dead code."
...
This reverts commit 2db62f744a
2020-03-09 17:45:15 +01:00
87ff2fa47d
Merge pull request #2839 from ejohnstown/hmac-init
...
HMAC Init
2020-03-06 11:05:30 -08:00
ab8bfc241d
Merge pull request #2833 from JacobBarthelmeh/Compatibility-Layer
...
compile for NO_WOLFSSL_STUB
2020-03-06 11:04:36 -08:00
4ad8a2bacb
store wc_PKCS7_DecodeEnvelopedData encryptedContentTotalSz in existing variable instead of adding another
2020-03-06 10:50:00 -07:00
fe9a876895
Check length to avoid XSTRNCMP accessing memory after list
2020-03-06 17:13:59 +01:00
1035d73a05
add function wolfSSL_X509_NAME_ENTRY_create_by_txt
2020-03-05 16:29:55 -07:00
9fe2ddacf4
HMAC Init
...
1. wc_HmacSetKey() has a check against the hmac's type that assumes one
has called wc_HmacInit() on the object first. In FIPS Ready builds we
do not have wc_HmacInit() in the boundary. This change removes that check
and action when making a FIPS build. The free called doesn't do anything
in the FIPS build case.
2. Initialize the Hmac's macType to WC_HASH_TYPE_NONE. Check the macType
against that rather than 0. There are some build configs where none isn't
0.
2020-03-05 13:38:02 -08:00
a6385a2b48
Merge pull request #2840 from SparkiDev/tls_show_fddhe
...
Fix to show the FFDHE group when negotiated
2020-03-05 08:33:49 -08:00
59b9483cde
Merge pull request #2837 from SparkiDev/sp_x64_rsa_priv
...
Fix SP x64 RSA Private op
2020-03-05 08:33:11 -08:00
f24622596f
Merge pull request #2827 from kaleb-himes/ZD9976
...
Fix infinite loop with small sha1 inputs. Thanks to Peter W. on ZD997…
2020-03-05 08:32:14 -08:00
6fcfde0651
Fix to show the FFDHE group when negotiated
2020-03-05 12:37:49 +10:00
9f6cf8a154
Merge pull request #2834 from dgarske/various_tls
...
Fix for TLS server with TLSv1.2 or less `wolfSSL_get_curve_name`
2020-03-04 16:24:28 -08:00
9b54af199c
Merge pull request #2822 from dgarske/notime_openssl
...
Fixes for building NO_ASN_TIME with OPENSSL_EXTRA
2020-03-04 16:22:18 -08:00
e1215e0e1b
Merge pull request #2810 from SparkiDev/tls13_mut_auth
...
Allow mutual authentication to be required for TLS server side
2020-03-04 16:21:03 -08:00
3707eea2f3
Fix SP x64 RSA Private op
...
tmpa - tmpb can be less than -p.
Need to conditionally add p twice.
2020-03-04 15:54:17 +10:00
fca5895090
Example for FIPS Linker Descriptor to explicitly set wolfCrypt FIPS boundaries.
2020-03-03 15:47:30 -08:00
c5b4fe1283
Fix for namedGroup missing.
2020-03-03 15:35:56 -08:00
bb76495233
compile for NO_WOLFSSL_STUB
2020-03-03 14:03:11 -07:00
44d2fc55e6
scan-build fixes for wc_PKCS7_DecodeEnvelopedData()
2020-03-03 10:27:22 -07:00
730c95cf38
Fix for TLS server incorrectly showing "FFDHE_2048" for "SSL curve name is" when using ECDHE and TLS v1.2 or less. The PickHashSigAlgo should be resetting ssl->namedGroup to indicate a named group was not used.
2020-03-03 09:20:58 -08:00
4895fd7b0b
Added "either" side functions for SSLv3. These are only enabled with WOLFSSL_EITHER_SIDE and WOLFSSL_ALLOW_SSLV3. ZD 9984.
2020-03-03 09:18:11 -08:00
41ff54f873
Fix for typo with wc_ecc_init in documentation.
2020-03-03 09:16:48 -08:00
d8eeefb4b7
initialize explicitOctet to 0 in pwc_PKCS7_DecodeEnvelopedData()
2020-03-02 09:13:11 -07:00
127e304901
DTLS Fix
...
An endpoint's retransmit pool was being reset when receiving its peer's
change cipher spec message. When the finished message was lost, and
retransmits need to happen, they weren't available, so nothing happened.
Moved the reset to the finished case rather than CCS.
2020-03-01 16:43:10 -08:00
8cccb9008b
Change to work for other TLS versions
...
Send alert when client doesn't send a certificate on request.
2020-03-02 08:50:57 +10:00
6334dd9cb0
Allow mutual authentication to be required for TLS 1.3
2020-03-02 08:50:57 +10:00
debb792690
fix PKCS7 encrypted content decoding for streaming API usage
2020-02-28 17:55:19 -07:00
92114fef75
Fixes for building NO_ASN_TIME with OPENSSL_EXTRA. Fixes #2820 .
...
* `./configure --enable-opensslextra CFLAGS="-DNO_ASN_TIME"`
2020-02-28 09:35:17 -08:00
805034bca3
Merge pull request #2830 from SparkiDev/sp_ff_x86_64
...
Improve performance of RSA/DH ops on x64
2020-02-28 09:03:22 -08:00
5b58130210
Merge pull request #2806 from SparkiDev/curve448
...
Add Curve448, X448, Ed448 implementations
2020-02-28 08:59:08 -08:00
441027a502
Improve performance of RSA/DH ops on x64
...
Focus on 3072-bit ops but others improved as well.
2020-02-28 10:42:37 +10:00
2c6eb7cb39
Add Curve448, X448, Ed448 implementations
2020-02-28 09:30:45 +10:00
d21e370822
add support for PKCS7/CMS EnvelopedData with fragmented encrypted content
2020-02-27 14:42:57 -07:00
c7a2510d97
Merge pull request #2823 from SparkiDev/sp_div_fix
...
Fix for SP x64 div
2020-02-27 12:57:35 -08:00
a313b9d2cb
Merge pull request #2821 from dgarske/crl_bitmask
...
Fix for CRL bit-mask enum value issue
2020-02-27 12:54:08 -08:00
b7d0b81443
Merge pull request #2818 from dgarske/rsa_sha3only
...
RSA with SHA-3 only and RSA 4096-bit tests
2020-02-27 12:44:29 -08:00
6dabe82c65
Merge pull request #2814 from SparkiDev/curve25519_x64_fix
...
Curve25519 x64 asm: Fix negate and add fe_sq_n
2020-02-27 12:21:53 -08:00
60afebdb86
Merge pull request #2811 from miyazakh/fix_espidf_buildtest_failure
...
fixed build failure and warnings in ESP-IDF port
2020-02-27 12:21:14 -08:00
1288c6b249
Merge pull request #2809 from dgarske/conf_usersettings
...
Fix to enable inclusion of all .c files when using `--enable-usersettings`
2020-02-27 12:10:07 -08:00
ed7a5b17d8
Merge pull request #2808 from dgarske/mdk5
...
Fix for minor typos in the MDK5 examples
2020-02-27 12:06:50 -08:00
3349dbc852
Merge pull request #2807 from dgarske/arg_checks
...
Added missing argument checks for public API's in `wolfio.c`
2020-02-27 12:03:32 -08:00
eddf4abf8e
Merge pull request #2775 from embhorn/api_port
...
openSSL compatibility API for EVP, BIO, and SSL_SESSION
2020-02-27 11:51:21 -08:00
d9e221806b
Fix infinite loop with small sha1 inputs. Thanks to Peter W. on ZD9976 for the report
2020-02-27 09:39:22 -07:00
2d530499e3
fix dtl server example when freeing stuff
2020-02-27 21:56:25 +09:00
f568f394b1
Merge pull request #2824 from julek-wolfssl/EVP-aesgcm
...
Fix AES-GCM IV length in wolfSSL_EVP_CIPHER_iv_length
2020-02-27 14:06:56 +10:00
3b822ad3d5
Fix AES-GCM IV length in wolfSSL_EVP_CIPHER_iv_length
2020-02-26 22:11:36 +01:00
2a5d7a2ac3
Fix for SP x64 div
...
Check the top half of number being divided to see if it is greater than
or equal.
If it is then the first div_word may crash as the result is more than
64-bits. So subtract modulus from the top to keep value small.
2020-02-26 10:53:35 +10:00
3bbd8be5c9
ATECC: Don't init transport key if not used
2020-02-25 22:03:55 +10:00
4b83b88a29
Fix for CRL bit-mask enum value issue. ZD 9948.
2020-02-24 18:52:50 -08:00
969e4dccc5
Merge pull request #2803 from julek-wolfssl/EVP-aesgcm
...
Evp aesgcm
2020-02-25 08:24:30 +10:00
ef2c1ae738
Fix for examples/benchmark/tls_bench.c:114:20: error: unused variable 'kShutdown' with WOLFCRYPT_ONLY.
2020-02-23 19:01:46 -08:00
7a3138f841
Merge pull request #2817 from miyazakh/rename_enum_tisp
...
Rename enumeration definition
2020-02-23 18:40:48 -08:00
da882f3912
Added wolfCrypt RSA 4096-bit test support using USE_CERT_BUFFERS_4096 build option (./configure CFLAGS="-DUSE_CERT_BUFFERS_4096").
2020-02-23 18:40:13 -08:00
c8e618a817
Fix build for WOLFSSL_RSA_VERIFY_ONLY.
2020-02-23 15:58:28 -08:00
e80c696d5f
Fix for RSA with SHA3 only (resolves warning with unsed RsaMGF1.
2020-02-23 13:54:48 -08:00
3187624d9e
rename common naming enum
2020-02-22 11:35:02 +09:00
0f188be892
Merge pull request #2805 from ejohnstown/update-config
...
configure
2020-02-21 09:35:52 -08:00
c9ce065f8a
Curve25519 x64 asm: Fix negate and add fe_sq_n
2020-02-21 11:37:45 +10:00
5716862a8a
Merge pull request #2813 from julek-wolfssl/openssh-8.1
...
Remove redundant wolfSSL_EVP_CIPHER_CTX_iv_length call
2020-02-21 09:52:44 +10:00
403c263e0b
Fix valgrind issue
2020-02-20 17:28:34 -06:00
b74dac6171
Fix WIN test
2020-02-20 17:28:34 -06:00
60dea0c53a
Fix VS error
2020-02-20 17:28:34 -06:00
e4188d935b
Fix WIN error
2020-02-20 17:28:34 -06:00
b4563e6af3
Fix CFB and OFB
2020-02-20 17:28:34 -06:00
61ebfd571c
Fix new file error
2020-02-20 17:28:34 -06:00
a64e1540ba
Adding EVP support for SHA3
2020-02-20 17:28:34 -06:00
6eda4e7b46
Fix in test
2020-02-20 17:28:34 -06:00
95f973a5be
Adding test and dox for ERR_print_errors_cb
2020-02-20 17:28:34 -06:00
936312f77e
Adding ERR_print_errors_cb
2020-02-20 17:28:33 -06:00
a0ddb05a07
change evp with cfb1 expect input size in bytes
2020-02-20 17:28:33 -06:00
1a96558b6e
Adding macro and XTS support functions
2020-02-20 17:28:33 -06:00
922b308029
Fix from review
2020-02-20 17:28:33 -06:00
3eee891cf5
fix redefinition warning on older clang compiler
2020-02-20 17:28:33 -06:00
51d55ed1c8
account for different peer certificate in test case, g++ build fix, static memory size increase
2020-02-20 17:28:33 -06:00
a9accb6c39
add more macro guards for builds
2020-02-20 17:28:33 -06:00
b67ade5164
account for cavp build
2020-02-20 17:28:33 -06:00
76eec8884b
clean up memory after test and don't leak x509 with get session peer
2020-02-20 17:28:33 -06:00
258382048d
Fix test failures
2020-02-20 17:28:33 -06:00
018f313cca
Fix clang warning
2020-02-20 17:28:33 -06:00
5a87dbe094
Adding tests for EVP_CIPHER_CTX_reset
2020-02-20 17:28:33 -06:00
64dcf5740a
Fix for AES_XTS
2020-02-20 17:28:33 -06:00
e421d9f52c
Fix in evp_aes_xts init
2020-02-20 17:28:33 -06:00
d7c1b9561f
fix for cfb1 mode and add EVP tests
2020-02-20 17:28:33 -06:00
d6be24c4f7
add 192/256 key size tests of EVP cfb8
2020-02-20 17:28:33 -06:00
d4428ebc0c
add EVP cfb1 test and update some EVP code
2020-02-20 17:28:32 -06:00
887eeb3c47
add EVP tests for cfb128
2020-02-20 17:28:32 -06:00
9d61ba6c62
initial cfb1/cfb8 support added
2020-02-20 17:28:32 -06:00
9c4e0807e2
Adding EVP_aes_###_xts tests (not complete)
2020-02-20 17:28:32 -06:00
16ce670897
Revert "Testing aes_*_xts"
...
This reverts commit 776eeb756c70b052849323d7645622a3f1d2b76a.
2020-02-20 17:28:32 -06:00
3197d67e62
Testing aes_*_xts
2020-02-20 17:28:32 -06:00
49def96998
add test for get0 session peer certificate
2020-02-20 17:28:32 -06:00
653235cd57
add stub implementation for SSL_MODE_AUTO_RETRY
2020-02-20 17:28:32 -06:00
b83a5840d6
add stub function for wolfSSL_EVP_mdc2
2020-02-20 17:28:32 -06:00
c2c3e0d4aa
add initial implementation for wolfSSL_SESSION_get0_peer
2020-02-20 17:28:32 -06:00
ab49120652
add aesofb benchmark
2020-02-20 17:28:32 -06:00
df0d5f3b08
add EVP_aes_*_ofb implementation and tests, add support for inline with OFB
2020-02-20 17:28:32 -06:00
e837894578
add AES-OFB mode
2020-02-20 17:28:32 -06:00
65732c2269
add bio retry and set close tests
2020-02-20 17:28:32 -06:00
3137312911
update to implementation of BIO_MD type
2020-02-20 17:28:32 -06:00
62f20db48e
Adding more EVP and SSL API
2020-02-20 17:28:32 -06:00
8f7af875a4
add BIO_f_md and BIO_get_md_ctx tests
2020-02-20 17:28:32 -06:00
0abc814792
EVP_MD_CTX_reset and EVP_aes fixes
2020-02-20 17:28:31 -06:00
ba25161f6c
Adding BIO and EVP api
2020-02-20 17:28:31 -06:00
49a9239cf2
Merge pull request #2804 from SparkiDev/sp_cache_resist_fix
...
Fix cache resist compile to work with SP C code
2020-02-20 15:05:18 -08:00
da2980172b
Merge pull request #2812 from kaleb-himes/FAILING_FIPS_IN_MASTER
...
Fix failing FIPS tests in master stemming from PR #2733
2020-02-20 14:29:16 -08:00
70ef925a48
Remove redundant wolfSSL_EVP_CIPHER_CTX_iv_length call
2020-02-20 18:32:56 +01:00
1f003967df
Fix failing FIPS tests in master stemming from PR #2733
2020-02-20 09:20:59 -07:00
d4a9279a6c
Revert "Resource leak." to resolve the conflict (this fix is unapplicable, because the leaking code was removed).
...
This reverts commit 451d0a470a
2020-02-20 15:12:02 +01:00
f7018c4765
fixed build failure and warnings
...
fixed unit test app failure
2020-02-20 18:40:16 +09:00
c62f31cd27
Fix cache resist compile to work with SP C code
2020-02-20 10:10:05 +10:00
418c508eba
Fixes for SCTP example to check build options.
2020-02-19 12:28:49 -08:00
6036f604a6
Added missing argument checks for public API's in wolfio.c.
2020-02-19 12:18:00 -08:00
75183262ad
Minor typos and fixes to the MDK5 examples.
2020-02-19 12:03:14 -08:00
baace2c0e3
Fix to enable inclusion of all .c files when using the --enable-usersettings option.
2020-02-19 11:58:33 -08:00
e72b87f372
Merge pull request #2733 from julek-wolfssl/openssh-8.1
...
Openssh 8.1
2020-02-19 10:14:35 -07:00
cc597add48
Don't always include wolfssl/openssl/bn.h
2020-02-19 11:17:31 +01:00
9953f2d01d
1. Remove duplicate AM_CONDITIONAL statments from configure.ac.
...
2. Update copyright year in configure.ac.
2020-02-18 16:16:59 -08:00
17c3bb00d8
Merge pull request #2798 from ejohnstown/vxworks-strings
...
VxWorks Strings
2020-02-18 17:10:31 -07:00
26e2d6eacf
Adressing Todd's comments
...
Check for HAVE_GETADDRINFO beside WOLF_C99
Move STR_SIZEOF to wolfssl/wolfcrypt/types.h and rename to XSTR_SIZEOF to prevent collision in client projects
Remove wolfssl/openssl/ssl.h and wolfssl/internal.h from crypto layer
2020-02-18 21:37:06 +01:00
b736a65fa8
Fix redefinition issue
2020-02-18 21:37:06 +01:00
2218f7b95d
Fix merge issues
2020-02-18 21:37:06 +01:00
d6686f1320
Remove usage of res in wolfSSL_BN_clear_bit
2020-02-18 21:37:06 +01:00
5a766bd5bb
Change STR_SIZEOF declaration file
2020-02-18 21:37:06 +01:00
1512485926
Fix user-rsa tests
2020-02-18 21:37:06 +01:00
5c4d3df4f3
Fix broken Windows FIPS build
2020-02-18 21:37:06 +01:00
f55cfd7ba7
Fix missing wolfSSL_i2d_RSAPrivateKey references
2020-02-18 21:37:06 +01:00
3fcec191a4
Refactor wolfSSL_RSA_To_Der
2020-02-18 21:37:06 +01:00
5ed1c233b7
Sean comments
2020-02-18 21:37:06 +01:00
dac23dfe15
Add DSA and DH free to wolfSSL_EVP_PKEY_set1_EC_KEY
2020-02-18 21:37:06 +01:00
7aaa89aedc
Cleanup bn_one in wolfSSL_Cleanup
2020-02-18 21:37:06 +01:00
43ce272cb3
Variable declaration at start of scope
2020-02-18 21:37:06 +01:00
eedbce7c0a
Null-check keyFormat
...
Zero all of WOLFSSL_DH struct
Fix macros for self-test
2020-02-18 21:37:06 +01:00
97a4889bb3
Undo some stuff
2020-02-18 21:37:06 +01:00
1df9963b80
sha3.h
2020-02-18 21:37:06 +01:00
7ce7017521
Fix memory leaks when compiling with SMALL_STACK
2020-02-18 21:37:06 +01:00
f765b711bf
More macro preproc stuff
2020-02-18 21:37:06 +01:00
48b39a34c7
Properly Init mp_int number
2020-02-18 21:37:06 +01:00
b592b241c7
Fix Segfault in wolfSSL_EC_KEY_dup
...
Fix more header stuff
2020-02-18 21:37:06 +01:00
b58f26945d
Different configuration fixes
2020-02-18 21:37:06 +01:00
480227704d
Fix missing stuff in headers
2020-02-18 21:37:06 +01:00
59b001c484
Fix header definitions when running CAVP self test
2020-02-18 21:37:06 +01:00
50f8fb1475
Enable wc_RsaKeyToDer even when key generation is turned off
2020-02-18 21:37:06 +01:00
e6547c75cd
Reimplement external data as it was before: a fixed size vector. This makes external data implementation easier as it doesn't require allocation or cleanup. Only zeroing the entire structure that it is in (which happens in all structures anyway) and then calling the appropriate getter and setter functions to manipulate external data.
2020-02-18 21:37:06 +01:00
9a0d3ba369
Check boundaries in B64 decode
...
ERR_get_error will always return a positive error code
2020-02-18 21:37:06 +01:00
58c239a49f
Fix stuff after rebase
2020-02-18 21:37:06 +01:00
d6a160c637
Fix error codes for OpenSSL compatiblity
2020-02-18 21:37:06 +01:00
6e72a299d7
Don't undef HAVE_GETADDRINFO as it disables defines in projects using wolfSSL
...
Change test_wolfssl_EVP_aes_gcm so that changing the tag will fail the authentication check
2020-02-18 21:37:06 +01:00
ab56d078a4
keygen-moduli passed
...
Handle trailing newlines in wolfSSL_BN_hex2bn
2020-02-18 21:37:06 +01:00
ae948e2a07
Pass try-ciphers
...
define EVP_CIPHER_CTX_set_iv as wolfSSL_EVP_CIPHER_CTX_set_iv
add wolfSSL_GetLoggingCb functionality when compiling without enable-debug
fix initialization vector handling of all cipher modes when using our EVP layer. The IV was incorrectly handled in initialization as well as not being updated after processing
2020-02-18 21:37:06 +01:00
fbedabe601
OpenSSH changes
...
- increase FP_MAX_BITS for OpenSSH
- Add helpful loggin API (names are self-explanatory)
-- wolfSSL_GetLoggingCb
-- WOLFSSL_IS_DEBUG_ON
- Define WOLFSSL_EC_METHOD as an alias of WOLFSSL_EC_GROUP
- Add wolfSSL_EC_GROUP_method_of which really just returns the group itself
- Add wolfSSL_EC_METHOD_get_field_type which gets the curve type of the WOLFSSL_EC_GROUP(remember that WOLFSSL_EC_METHOD is an alias of WOLFSSL_EC_GROUP for now)
- Modify Base64_Decode so that it accepts arbitrary PEM line length
- Modify PemToDer so that it accepts private keys with a custom -----BEGIN * PRIVATE KEY----- header
2020-02-18 21:37:06 +01:00
84a2ca7a4e
Map the Jacobian point back to affine space in wolfSSL_EC_POINT_get_affine_coordinates_GFp
2020-02-18 21:37:06 +01:00
aea95232d1
WIP
...
Add EC_POINT conversion to BIGNUM (EC_POINT_point2bn)
Add setting affine coordinates for EC_POINT (EC_POINT_set_affine_coordinates_GFp)
Add bit clearing for BIGNUM (BN_clear_bit)
Add supporting unit tests in api.c
2020-02-18 21:37:06 +01:00
89e35e2547
openssh 8.1 compiles
2020-02-18 21:37:06 +01:00
b5c52d7c70
openssh WIP and some light refactoring
2020-02-18 21:37:06 +01:00
41de1bb156
WIP
2020-02-18 21:36:26 +01:00
b05cfaa601
Add aes-gcm to wolfSSL_EVP_get_cipherbyname and wolfSSL_EVP_get_cipherbynid
2020-02-18 21:34:23 +01:00
6f3623f220
Moved infinite loop check to the other bad func arg check.
2020-02-18 09:59:59 +01:00
41d3ba0efa
Tests and examples for bidirectional shutdown
2020-02-17 16:47:47 -06:00
59fb81c950
Add fix
2020-02-17 16:47:47 -06:00
2566986d41
Merge pull request #2632 from SparkiDev/sp_p384
...
Add support for P384 curve into SP
2020-02-17 11:46:09 -08:00
bf1ec3004a
Merge pull request #2787 from dgarske/size_reduc
...
Adds options to disable the hash wrappers and base64 decode
2020-02-17 11:44:37 -08:00
651ffe2c12
Merge pull request #2789 from JacobBarthelmeh/SanityChecks
...
fix return with error on process peer cert
2020-02-17 11:44:02 -08:00
f2e1266f2d
Merge pull request #2791 from dgarske/async_fixes
...
Fixes for asynchronous crypto issues
2020-02-17 11:43:13 -08:00
14b7355411
Merge pull request #2792 from SparkiDev/rsa_kg_blind_fix
...
Fix for rsa key gen blinding - don't call lcm
2020-02-17 11:42:25 -08:00
44c327ee14
Merge pull request #2795 from SparkiDev/tls13_secret_cb
...
Call secret callback when TLS 1.3 secrets generated
2020-02-17 11:41:16 -08:00
fda322829f
Merge pull request #2796 from JacobBarthelmeh/Compatibility-Layer
...
free existing cert store when setting a new one
2020-02-17 11:37:56 -08:00
8972bf6278
Add support for P384 curve into SP
2020-02-17 15:46:34 +10:00
defa54f40d
Merge pull request #2800 from tmael/trim-padding
...
Trim trailing padding bytes from a key
2020-02-14 16:05:44 -08:00
30936e7ad4
Merge pull request #2793 from kaleb-himes/ZD9865
...
Fix issue in wolfSSL_EVP_PKEY_assign_RSA when RSA key not zeroized
2020-02-14 16:40:52 -07:00
aaaa191937
Trim trailing padding byte
2020-02-14 12:54:35 -08:00
8f6a614d17
Merge pull request #2797 from kaleb-himes/JENKINS_STUFF
...
--disable-supportedcurves --enable-opensslextra - NIGHTLY DISABLE OPT…
2020-02-14 09:01:03 -08:00
614e675a00
Call secret callback when TLS 1.3 secrets generated
2020-02-14 08:42:47 +10:00
b62064f6a8
Merge pull request #2737 from JacobBarthelmeh/dks7g2
...
changes for build with s7g2
2020-02-13 14:07:44 -07:00
cabe30828c
Merge pull request #2786 from cconlon/android-debug
...
add Android debug for logcat
2020-02-13 10:12:40 -08:00
fba40d14d4
Merge pull request #2785 from ottok/bugfix/menu-js-width
...
Wrap JavaScript source on multiple lines to make it readable
2020-02-13 10:07:13 -08:00
b038e2e8f0
Merge pull request #2771 from JacobBarthelmeh/Windows
...
change public Timeval to WOLFSSL_TIMEVAL
2020-02-13 09:38:42 -08:00
63a005d71b
VxWorks Strings
...
When building for VxWorks, set HAVE_STRINGS_H as it uses strings.h, not string.h.
2020-02-13 09:08:54 -08:00
bb7508f570
--disable-supportedcurves --enable-opensslextra - NIGHTLY DISABLE OPTIONS TEST
2020-02-12 15:57:00 -07:00
8e1adb125c
free existing cert store when setting a new one
2020-02-12 15:45:44 -07:00
0814f61b11
fix code formating and turn on HW acc. by default
2020-02-12 10:31:34 -07:00
1b13178182
Fixes possible compile error if NO_PKCS7_STREAM is defined.
2020-02-12 13:46:12 +01:00
1a38c26097
Prevent infinite loop.
2020-02-12 13:29:33 +01:00
109173d756
Fix two resource leaks.
2020-02-12 12:57:40 +01:00
5b7fc7b133
Address failure when blinding disabled and key not initialized to zero
2020-02-11 14:39:30 -07:00
d1397656ef
Merge pull request #2790 from ejohnstown/abi-tweak
...
ABI Additions
2020-02-10 15:07:35 -08:00
61221742b7
Merge pull request #2734 from aaronjense/renesas-ra-port
...
Renesas RA e2studio projects for Client, Server, Test and Benchmark
2020-02-10 14:49:03 -07:00
669d9b1ae4
Fix for rsa key gen blinding - don't call lcm
2020-02-10 08:51:43 +10:00
f322b71526
wolfCrypt fixes for asynchronous (--enable-asynccrypt):
...
* Fix for ECC and using NULL curve->order (wasn't loaded).
* Fix for typo on heap.
* Fix for QT case where GetInt failure retry did not "init" the mp_int.
2020-02-07 13:34:43 -08:00
3c077a3cef
add NO_OLD_TIMEVAL_NAME macro for backwards compatibility
2020-02-07 11:56:30 -07:00
7648997e37
ABI Additions
...
Added the functions wolfSSL_GetRNG(), wolfSSL_CTX_GetDevId(),
wc_ecc_import_x963(), and wc_RNG_GenerateBlock() to the ABI
testing.
2020-02-06 13:33:38 -08:00
17bedbac67
fix return with error on process peer cert
2020-02-06 11:53:42 -07:00
61a5fe3108
add macro for trng and gce driver names
2020-02-06 09:20:07 -08:00
17cfe2589b
Merge pull request #2748 from tmael/fix_cppcheck
...
Fix cppcheck
2020-02-05 16:02:22 -07:00
da3df4f9c6
Changing logic to remove dead code section.
2020-02-05 19:36:37 +01:00
0964272dc6
Resource leak fix.
2020-02-05 18:28:50 +01:00
ba9dc11e62
Adds options to disable the hash wrappers (NO_HASH_WRAPPER) and base64 decode (NO_WOLFSSL_BASE64_DECODE).
2020-02-05 11:58:44 -05:00
bbfefd3cde
Sanity check NULL dereference.
2020-02-05 16:59:20 +01:00
e75b1b5cb9
add suport for AES acceleration
2020-02-04 16:10:20 -08:00
b7d772700a
update sha256 support for endian
2020-02-04 16:03:45 -08:00
b8b0b7da03
add Android debug for logcat
2020-02-04 10:07:26 -07:00
e664a4f206
Review comments
2020-02-04 08:55:37 -08:00
b67fd249e2
Fix for cppcheck
2020-02-04 08:55:37 -08:00
b29fe41a35
Merge pull request #2738 from SparkiDev/cppcheck_fixes_3
...
Changes to clear issues raised by cppcheck
2020-02-03 17:02:40 -07:00
63a73be3f0
Merge pull request #2777 from dgarske/constchar
...
Fixes for char strings not marked as const.
2020-02-03 11:12:55 -08:00
4ee022f788
Merge pull request #2776 from julek-wolfssl/set_curve_groups_list
...
Add SSL_CTX_set1_groups_list and SSL_set1_groups_list APIs
2020-02-03 11:11:59 -08:00
6f2230e459
Merge pull request #2774 from SparkiDev/sp_x86_64_asm
...
Improve performance of SP Intel 64-bit asm
2020-02-03 11:08:17 -08:00
61e78880a5
Merge pull request #2769 from dgarske/zd9791
...
Fix for `wc_EccPublicKeyDecode` to use the length from ASN sequence
2020-02-03 11:05:17 -08:00
c98876d440
Merge pull request #2768 from julek-wolfssl/openvpn-config
...
Add --enable-openvpn build option
2020-02-03 11:01:06 -08:00
0551b1f2de
Merge pull request #2765 from SparkiDev/client_read_write
...
Client using common read and write func
2020-02-03 11:00:15 -08:00
967235c1f3
Wrap JavaScript source on multiple lines to make it readable
...
Closes : wolfSSL/wolfssl#2783
2020-02-03 20:15:18 +02:00
cc2bf03e73
Client using common read and write func
2020-02-03 09:17:27 +10:00
420e597c16
Move functions to ssl.c
2020-02-01 10:06:53 +01:00
6ec136208c
add sha256 hardware acceleration
2020-01-31 14:26:04 -08:00
d63bdf257d
Merge pull request #2337 from MKinclRA/fix-visual-studio-2019-build
...
Added stdio.h include to types.h.
2020-01-31 12:59:58 -08:00
26794e7b5e
Merge pull request #2778 from ejohnstown/fix-abi
...
Fix ABI
2020-01-31 06:49:16 -08:00
20c0beb9e5
'WOLFSSL_USE_FLASHMEM' to store constant tables in flash memory
2020-01-31 23:43:17 +10:00
6c1e0ff049
ATECC: Option to disable I2C transport key
2020-01-31 23:32:48 +10:00
809472febc
Added VERY_SMALL_SESSION_CACHE
2020-01-31 23:32:48 +10:00
14dc5fe2e3
Fixes for 16bit processors
2020-01-31 23:32:48 +10:00
e13d9f7f1b
Add SSL_CTX_set1_groups_list and SSL_set1_groups_list APIs
2020-01-31 06:38:38 +01:00
3d233d624c
Merge pull request #2770 from JacobBarthelmeh/Testing
...
fix typo in wolfSSL_sk_X509_EXTENSION_pop_free
2020-01-30 18:55:54 -08:00
aa498a7956
Merge pull request #2767 from dgarske/freertos
...
Fix for evp.c included and FREERTOS realloc
2020-01-30 15:53:05 -07:00
4bc0f79dd9
Fix ABI
...
Someone removed some of the WOLFSSL_ABI tags from the ssl.h header file. It looks like it was a bad manual merge.
2020-01-30 14:07:27 -08:00
928f641064
Fixes for char strings not marked as const. The const is an optimization to allow use from flash, which saves RAM space on embedded devices.
2020-01-30 13:53:06 -08:00
0fda8cc3b3
Merge pull request #2756 from dgarske/changelog
...
Template for ChangeLog.md for next release
2020-01-30 10:47:12 -07:00
ba49427cc4
Cleanup include.am whitespace.
2020-01-30 08:44:52 -08:00
32f478d335
Better fix for using the ASN.1 provided length, not provided inSz. Confirmed CheckBitString will check case where inSz < ASN.1 length.
2020-01-30 08:38:22 -08:00
75e30a33f1
Merge pull request #2764 from SparkiDev/rsa_q_modinv_p
...
Constant time q modinv p in RSA key gen
2020-01-30 08:08:07 -08:00
3df9ca3fae
Fix to use TBD version for next release.
2020-01-30 06:26:45 -08:00
6cf63b1738
Template for ChangeLog.md for next release. New PR's should update this document if its worth mention in the change log.
2020-01-30 06:26:45 -08:00
e5426f85c9
Fix for evp.c when being included directly due to improperly placed WOLFSSL_EVP_INCLUDED. Fix for FREERTOS to expose XREALLOC for normal math.
2020-01-30 06:22:08 -08:00
9bfbdfe695
Fix for wc_EccPublicKeyDecode to use the length from ASN sequence, not the provided inSz. Also checked the case where the sequence number is larger than supplied inSz and it will properly return ASN_PARSE_E. ZD 9791
2020-01-30 06:20:29 -08:00
a90cc51a5f
Merge pull request #2772 from dgarske/cert_tests
...
Fixes for build with opensslextra and 3072-bit cert buffers
2020-01-30 06:47:51 -07:00
55ea2facdd
Changes to clear issues raised by cppcheck
2020-01-30 14:24:32 +10:00
81bebd8e5c
Improve performance of SP Intel 64-bit asm
...
RSA: Only constant time copy out when doing private key op
Improve performance of sp_count_bits
2020-01-30 12:23:38 +10:00
c938cb35ca
Logically dead code.
2020-01-29 17:35:15 +01:00
ed88e8d1c5
Logically dead code.
2020-01-29 17:34:58 +01:00
2db62f744a
Logically dead code.
2020-01-29 17:34:40 +01:00
37386f5fb5
NULL dereference.
2020-01-29 17:34:19 +01:00
670ba75ea4
Missing varargs cleanup.
2020-01-29 17:33:59 +01:00
2d36624d84
NULL dereference.
2020-01-29 17:33:38 +01:00
c3fabb1da6
NULL dereference.
2020-01-29 17:33:21 +01:00
df0b0a6e91
NULL dereference.
2020-01-29 17:31:14 +01:00
70cb97c116
NULL dereference.
2020-01-29 17:30:57 +01:00
972790fb86
Resource leak.
2020-01-29 17:30:35 +01:00
451d0a470a
Resource leak.
2020-01-29 17:30:14 +01:00
96d1593735
Possible use after free.
2020-01-29 17:29:52 +01:00
77b69ebf56
Logically dead code.
2020-01-29 17:29:23 +01:00
e183d95c86
Fix for moved file.
2020-01-29 07:22:07 -08:00
5677a96c80
Fixes to resolve openssl_pkey1_test with updated test buffer sizes.
2020-01-29 06:51:47 -08:00
5aabebddd8
Fix more 3072-bit cert buffer edge case builds (certext/certgen).
2020-01-29 06:43:35 -08:00
3f1c3392e5
Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key.
2020-01-29 06:37:06 -08:00
a9e9120fa0
change public Timeval to WOLFSSL_TIMEVAL
2020-01-28 17:11:46 -07:00
59af7a8e35
fix typo in wolfSSL_sk_X509_EXTENSION_pop_free
2020-01-28 16:50:54 -07:00
3bdb7d8188
Merge pull request #2761 from JacobBarthelmeh/Testing
...
add close on pre to echoserver example
2020-01-28 09:29:29 -08:00
044ad957e5
Add --enable-openvpn build option
2020-01-28 15:29:24 +01:00
1ea7755232
Merge pull request #2742 from tmael/dsa_mem_leak
...
Fix mem leak in DSA
2020-01-28 06:25:58 -08:00
43b7258d3b
Review comments
2020-01-27 12:44:16 -08:00
91a9117e1b
Renesas RA e2studio projects for Client, Server, Test and Benchmark
2020-01-27 13:22:32 -07:00
695b126a1c
Merge pull request #2739 from dgarske/pkcs8_ed25519
...
Added PKCS8 support for ED25519
2020-01-24 10:56:40 -08:00
b9f39b7c06
Merge pull request #2759 from ejohnstown/config-maint
...
Deprecate some configure flags
2020-01-24 10:40:19 -08:00
126dceee1f
Merge pull request #2763 from SparkiDev/sp_int_div_word
...
Add support to sp_int.c for platforms that do not divide an sp_int_wo…
2020-01-23 18:37:04 -08:00
b4cadae4e2
Constant time q modinv p in RSA key gen
2020-01-23 14:52:29 -08:00
ec877aa91e
Add support to sp_int.c for platforms that do not divide an sp_int_word by an sp_int_digit
2020-01-23 14:39:19 -08:00
945d34533c
Merge pull request #2727 from JacobBarthelmeh/Windows
...
update to ECC key parsing custom curves for Windows
2020-01-23 13:57:06 -08:00
d1e39668aa
Merge pull request #2740 from aaronjense/compatibility-fixes
...
Compatibility Layer Fixes
2020-01-23 08:25:40 -08:00
c7340fd90b
Merge pull request #2750 from ejohnstown/mingw
...
mingw update
2020-01-23 08:00:15 -08:00
1c56d62753
Merge pull request #2754 from dgarske/crypttest_3072
...
wolfCrypt Test 3072-bit Support
2020-01-23 07:55:19 -08:00
d9253afc04
add close on pre to echoserver example
2020-01-22 16:23:46 -08:00
f2db85c07c
Deprecate some configure flags
...
1. Add C_EXTRA_FLAGS and C_FLAGS to CFLAGS.
2. Remove the cached copied of C_EXTRA_FLAGS and C_FLAGS.
3. The option.h is set only on CFLAGS, CPPFLAGS, and the AM_ versions.
2020-01-22 14:26:16 -08:00
06e3c90073
Merge pull request #2732 from kaleb-himes/ZD9730-spellchecker
...
Fixing some typos. Thanks to Fossies for the report
2020-01-22 13:52:56 -08:00
e3efdc4b5d
Merge pull request #2755 from SparkiDev/rsa_enc_3072
...
Fix masking of 16 bits
2020-01-22 13:40:21 -08:00
55d485cc45
Fix masking of 16 bits
2020-01-22 10:39:36 -08:00
b022b651b3
wolfCrypt test fixes for hard coded "256" byte buffers to support 3072-bit RSA. Requires PR #2755
2020-01-22 10:04:53 -08:00
84a878bda2
Fix for include .am issue.
2020-01-22 09:11:00 -08:00
2a5c623c97
Fix for RSA without SHA512 build error. Fix or renew cert PEM to DER.
2020-01-22 08:15:34 -08:00
e3e862c8b6
Test case fixes for sig wrapper test and DH.
2020-01-21 22:25:11 -08:00
4d9dbc9ec3
Adds 3072-bit RSA tests using USE_CERT_BUFFERS_3072.
2020-01-21 22:16:54 -08:00
37cad6e9ba
%zu, pragma: not supported,
2020-01-22 08:12:51 +09:00
aabdec214e
MinGW uses the Win32 setsockopt() function which uses a char for
...
SO_REUSEADDR's option. Everything else uses an int.
2020-01-21 10:53:19 -08:00
2cd3474e9d
Improve "keyFormat" to always set based on "algId" and let the later key parsing code produce failure.
2020-01-20 20:49:55 -08:00
0489cc97a8
Fix for ProcessBuffer with PEM private keys, where PemToDer call was only setting eccKey. Cleanup to use "keyFormat" OID sum.
2020-01-20 20:49:55 -08:00
de8e5ffd6e
Cleanup asn.c use of WOLFSSL_LOCAL (only required in the header).
2020-01-20 20:49:55 -08:00
77426e78e1
Added test case for PKCS8 ED25519 encrypted private key.
2020-01-20 20:47:47 -08:00
40c8562dc2
Added PKCS8 support for ED25519.
2020-01-20 20:47:47 -08:00
7707234901
Merge pull request #2743 from JacobBarthelmeh/Compatibility-Layer
...
adjust set1 curves list function for TLS extension sent
2020-01-20 16:19:55 -08:00
98f14eff9f
Refactor to combine duplicate ECC param parsing code.
2020-01-20 16:17:12 -08:00
23427085af
1. Add an indent to a new line in user settings.
...
2. Remove the execute bit from the changed files.
2020-01-20 12:30:32 -08:00
a08ab1fc7a
fix mnGW error
2020-01-20 12:19:18 -08:00
c581c56999
update return value of local GetCurveByOID
2020-01-20 10:40:56 -07:00
3508579f4c
add check on NETX duo build and return value of opening driver
2020-01-20 09:33:14 -07:00
a624ae14df
Merge pull request #2725 from kaleb-himes/ZD9735
...
Remove redundant packing flag
2020-01-18 21:21:32 -08:00
66daac4c94
Merge pull request #2709 from JacobBarthelmeh/Testing
...
set chacha20 similar to aes-ctr when handling leftover stream and add…
2020-01-17 15:05:24 -08:00
356636e88d
fix typo
2020-01-17 15:13:52 -07:00
87859f9e81
Merge pull request #2747 from dgarske/sizeof_long
...
Improvements for detection of 64-bit support
2020-01-17 15:10:44 -07:00
204ef9543a
Merge pull request #2728 from ejohnstown/maint-x509
...
Maintenance: X509
2020-01-17 13:51:02 -08:00
92877a1214
Merge pull request #2730 from SparkiDev/sp_div_word_fix
...
Fix for div_word builds of SP C code
2020-01-17 13:15:44 -08:00
60afa72330
Merge pull request #2731 from SparkiDev/auth_key_id_set
...
Fix when extAuthKeyIdSet is set.
2020-01-17 13:14:22 -08:00
cca545f76c
Merge pull request #2735 from dgarske/ecc_sign
...
Fixes for ECC sign with `WOLFSSL_ECDSA_SET_K`
2020-01-17 13:13:38 -08:00
dadcce3eb8
Merge pull request #2741 from SparkiDev/ecc_no_cache
...
Fix for ecc and no cache resistance - set M[2]
2020-01-17 13:09:53 -08:00
c5932a9874
account for leantls and selftest builds
2020-01-17 13:32:59 -07:00
9760ed07a9
Based on peer feedback, remove WOLFSSL_PACK from sniffer.h
2020-01-17 12:27:46 -07:00
bd4a9c69dd
convert name to oidsum to curve type for setting supported curves
2020-01-17 11:56:46 -07:00
d8c5353466
adjust set1 curves list function for TLS extension sent
2020-01-16 13:21:14 -07:00
c38d5e9a29
Further improved to use HAVE_LIMITS_H and ULL instead of ui64
2020-01-16 09:06:44 -08:00
541bf3e639
Improvements for detection of 64-bit support. Adds support for IBM s390x. Improves detection on Windows. Adds new WC_USE_LIMITS_FOR_SIZEOF option to use limits.h to detect sizeof long. Fixes #2600 and Fixes #2745 .
2020-01-16 07:15:18 -08:00
fbf91f7397
Fix mem leak in DSA
2020-01-15 16:03:42 -08:00
584d8498f8
Fix for ecc and no cache resistance - set M[2]
...
Need to have a value in order to maintain timing resistance.
Small maths fails also.
2020-01-16 09:35:34 +10:00
3db7b44be4
Compatibility Layer Fixes
2020-01-15 13:49:47 -07:00
bd44091111
refactor solution
2020-01-15 09:29:10 -07:00
c01cd808da
changes for build with s7g2
...
add project info
add project info
adjust wolfssl library template
change TRNG collection
fix include.am
fix argument for TRNG
rename example templates
comment out DEBUG_WOLFSSL
change include.am
update license
2020-01-14 17:48:41 -07:00
989f3d3684
Fix for FREE_VAR call on sharedA.
2020-01-14 14:35:20 -08:00
e429dd8f0b
Peer review feedback minor cleanup.
2020-01-14 14:33:23 -08:00
e9bbf89287
Fix for WOLFSSL_ECDSA_SET_K with normal math. The sign_k mp_int was not initialized.
2020-01-14 14:13:12 -08:00
95b6076fe1
Fixes for ECC sign with WOLFSSL_ECDSA_SET_K, which was not loading all curve params for the wc_ecc_make_pub_ex call and not correctly setting ALLOC_CURVE_SPECS for WOLFSSL_SMALL_STACK. Cleanup around the loading of curve specs.
2020-01-13 16:25:37 -08:00
22f49d8597
Fixes for building with ECC sign/verify only.
2020-01-13 15:35:08 -08:00
8974827fbe
Added WOLFSSL_ECC_CURVE_STATIC build option to allow using fixed arrays for ECC parameters. This is enabled by default on Windows. Fixed several compiler warnings. Fixed build macro for key->deallocSet.
2020-01-13 07:15:17 -08:00
c69bd5169f
Switch strncpy to memcpy in the altname store function.
2020-01-10 20:34:14 -08:00
8d1b20706c
Maintenance: X509
...
1. Add a test for the new alt name handling.
2. Added an API to set altnames in a WOLFSSL_X509 struct. Just adds
DNS_entries.
3. Removed the "static" from a bunch of constant byte arrays used inside
some of the ASN.1 code.
2020-01-10 20:26:35 -08:00
5dcffa6b40
Maintenance: X509
...
1. Fix for issue #2724 . When making a certificate out of an X.509
structure, the subject alt names weren't getting correctly copied.
2. Added a function to flatten the DNS_entries into a sequence of
GeneralNames.
3. Put the proper certificate extension wrapping around the flattened
general names.
2020-01-10 20:26:35 -08:00
7571fbdbfb
Maintenance: X509
...
1. Fix for issue #2718 . Added a flag to the X509 structure when someone
sets the issuer name.
2. When making a certificate out of the X509, if the issuer name is set
clear the self-signed flag in the cert.
3. Propigate the flat X509_NAMEs to the string the cert building code
uses.
2020-01-10 20:25:43 -08:00
6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513
...
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
71f8f3031d
Merge pull request #2729 from dgarske/telit_time
...
Fixes for the Telit time functions
2020-01-10 14:51:39 -08:00
1f104e52a3
Merge pull request #2715 from ejohnstown/maint-dtls
...
Maintentance: DTLS
2020-01-10 14:43:15 -08:00
9b8d4e91c2
Fixing some typos. Thanks to Fossies for the report
2020-01-10 11:45:51 -07:00
544ff3f9ac
Fix length in wolfSSL_sk_CIPHER_description
2020-01-10 11:26:57 -07:00
99d657af4f
adjust test cases
2020-01-10 10:31:56 -07:00
26a075cfec
Merge pull request #2716 from cariepointer/apache-fixes
...
Fixes for Apache nightly Jenkins tests
2020-01-10 10:20:43 -07:00
ef99086aee
Fix valgrind errors
2020-01-10 10:08:39 -07:00
de3536a067
More fixes from review
2020-01-09 17:28:20 -07:00
0c25588ad1
adjust TEST_SMALL_CHACHA_CHUNKS size and add more tests
2020-01-09 17:13:57 -07:00
1538e631a8
revert size of ChaCha structure and delay counter increment
2020-01-09 16:39:48 -07:00
a1944c477a
set chacha20 counter in TLS AEAD use
2020-01-09 16:39:48 -07:00
8e24bf6c2c
add macro guard for optimized versions
2020-01-09 16:39:48 -07:00
0ec7b311d8
set chacha20 similar to aes-ctr when handling leftover stream and add test case
2020-01-09 16:39:48 -07:00
a9cf16cc2b
Merge branch 'master' into apache-fixes
2020-01-09 16:33:35 -07:00
6e8f3faedd
Fix when extAuthKeyIdSet is set.
...
Was set when extension is seen - extension may not have hash.
But is used to indicate that the hash is set - ie look up by hash.
2020-01-10 09:28:45 +10:00
03c42423eb
Fix for div_word builds of SP C code
2020-01-10 09:02:26 +10:00
f3b2815e1f
Merge pull request #2708 from julek-wolfssl/nginx-fix
...
Nginx fix
2020-01-09 15:00:59 -08:00
3c9f7809f1
Merge pull request #2714 from JacobBarthelmeh/Docs
...
update linux sgx readme for wolfssl/options.h creation
2020-01-09 14:58:22 -08:00
51f44cb09b
Merge pull request #2719 from dgarske/nxp_k64_mmcau
...
Fixes for NXP K64
2020-01-09 14:57:11 -08:00
21f82a5662
Merge pull request #2721 from SparkiDev/sp_small_stack_fixes
...
Fix in SP C impl for small stack
2020-01-09 14:55:44 -08:00
99045a2fea
Merge pull request #2723 from SparkiDev/rsa_vfy_only_fix
...
Rsa vfy only fix
2020-01-09 14:55:10 -08:00
3ea69676eb
Merge pull request #2726 from ejohnstown/maint-ren
...
Maintenance: Secure Renegotiation
2020-01-09 14:54:13 -08:00
11a0b117f8
Merge pull request #2706 from dgarske/chapoly_aead_iuf
...
New API's for ChaCha20/Poly1305 AEAD init/update/final
2020-01-09 14:49:26 -08:00
0938cdde52
Remove dup->dynamicName = 1 call
2020-01-09 14:09:38 -08:00
47040f1dae
EC_KEY_dup fixes
2020-01-09 14:35:57 -07:00
8fb586f3ee
Fixes for the Telit time functions. ZD 9733
2020-01-09 11:17:19 -08:00
41f134ae31
update to ECC key parsing custom curves for Windows
2020-01-08 14:45:59 -07:00
1f0f3eb97d
Maintenance: Secure Renegotiation
...
Allow sending application data during the secure renegotiation.
2020-01-08 11:50:18 -08:00
b9c99709f7
Fixes from review
2020-01-08 12:48:01 -07:00
187702efb9
bring sniffer.h inline with types.h
2020-01-08 09:45:59 -07:00
bc1cb4ead8
Fix to keep existing behavior where AAD is optional for wc_ChaCha20Poly1305_Encrypt and wc_ChaCha20Poly1305_Decrypt.
2020-01-07 18:58:26 -08:00
f13cee2689
Add comments above functions
2020-01-07 17:30:25 -07:00
b27ec58d20
Fix RSA verify only build
2020-01-08 10:18:37 +10:00
28cf563c76
Fixes from PR review: styling and formatting, remove duplicate code
2020-01-07 17:01:53 -07:00
89d8a90781
Get code compiling with SP math and RSA key gen again.
2020-01-08 09:51:26 +10:00
1f1a173d56
Fix in SP C impl for small stack
...
Memset correct size and only when pointer is not NULL.
2020-01-08 08:57:20 +10:00
d257003341
Merge pull request #2711 from cconlon/copyright2020
...
update copyright to 2020
2020-01-07 08:40:15 -08:00
190623cbb2
Merge pull request #2705 from dgarske/atecc_leak
...
Fix for possible ECC memory leak when using ATECC and TLS
2020-01-07 08:39:39 -08:00
709d17904a
Merge pull request #2693 from SparkiDev/mp_rand
...
Improve speed of mp_rand
2020-01-07 08:39:11 -08:00
9e4836a863
Fix for jenkins test failure
2020-01-07 08:11:05 -08:00
b7ac709617
Merge pull request #2692 from SparkiDev/rsa_gen_modinv
...
Add blinding of mod inverse to RSA key gen
2020-01-07 07:56:38 -08:00
56e57f3216
Refactor Poly1305 AEAD / MAC to reduce duplicate code. Tested with TLS v1.3 interop and AEAD test vectors.
2020-01-07 07:04:01 -08:00
0f0d307b76
Fix to avoid duplicate symbol for CheckRunTimeSettings when SP and TFM are built. Specifically with these build options: USE_FAST_MATH, WOLFSSL_SP and WOLFSSL_SP_MATH.
2020-01-07 05:43:59 -08:00
acfe9717f8
Fix for K64 MMCAU with WOLFSSL_SMALL_STACK_CACHE. Moved random test prior to cipher tests (was getting called first time in GMAC test).
2020-01-07 05:39:17 -08:00
914cd00e40
Merge pull request #2717 from SparkiDev/sp_cortexm_r7
...
Don't use r7 with Cortex-M SP assembly
2020-01-07 05:28:43 -08:00
e0ab92058b
Check CRL extension errors but don't require them
2020-01-07 11:55:07 +01:00
34a462b342
Don't use r7 with Cortex-M SP assembly
...
r7 not available when compiling Cortex-M4 in debug.
2020-01-07 12:53:34 +10:00
d68d5229e1
Refactor wc_ChaCha20Poly1305_Encrypt and wc_ChaCha20Poly1305_Decrypt to use the new ChaChaPoly_Aead context and init/update/final functions.
2020-01-06 17:07:09 -08:00
681ecf0e58
Fixes for wolfSSL_CTX_load_verify_locations_ex
2020-01-06 14:32:32 -08:00
991ee662c0
Return 0 in ParseCRL_Extensions if there are no CRL extensions to parse
2020-01-06 08:42:37 -08:00
f593ff8776
update linux sgx readme for wolfssl/options.h creation
2020-01-06 09:27:17 -07:00
ce0475a8e0
Merge pull request #2689 from tmael/pkey_freeMutex
...
Free EVP ctx pkey
2020-01-06 23:15:00 +07:00
75637445ee
Improve speed of mp_rand
2020-01-06 09:39:29 +10:00
26eea36d7f
Fix X509_NAME issues for Apache
2020-01-03 15:40:52 -08:00
45c5a2d39c
update copyright to 2020
2020-01-03 15:06:03 -08:00
443b7ed0c4
Accept newline and null teminator at end of X509 certificate
2020-01-02 10:52:02 +01:00
01c7cc6502
Fixes to avoid declaring any variables mid-function and always initializing.
2019-12-31 11:43:13 -08:00
784d95afbe
Improved state handling.
2019-12-31 10:34:06 -08:00
7d2adb2fc0
Merge pull request #2707 from tmael/rsa_cc310
...
Cryptocell RSA improvements to sign/verify more digest types
2019-12-31 09:19:25 -08:00
bff6dcec24
Added support for AAD calc only. Allows Init, UpdateAad and Final sequence. Verfied again with customer test cases.
2019-12-31 08:25:23 -08:00
f01999b322
Peer review feedback.
2019-12-31 08:08:33 -08:00
b901a2cd35
Use byte for bit-field. Line length cleanup.
2019-12-30 18:05:25 -08:00
4f71bcfa7c
Merge pull request #2704 from ejohnstown/renegotiation
...
Maintenance: Renegotiation
2019-12-30 16:45:31 -08:00
f58a9e81e9
Cryptocell rsa improvements to sign/verify more digest types
2019-12-30 16:31:30 -08:00
1ee9d182cf
New API's for ChaCha20/Poly1305 AEAD init/update/final:
...
* Provides a context for AEAD to allow "chunked" updates of data then a final calculation for the authentication tag.
* New API's are on by default and can be disabled using NO_CHACHAPOLY_AEAD_IUF.
2019-12-30 15:20:55 -08:00
abc96f20fb
Merge pull request #2696 from embhorn/cert_vfy_CB
...
CertManager verify callback
2019-12-30 11:57:44 -08:00
1bf6eb466f
CRL extensions are optional so ext errors should be skipped
2019-12-30 19:08:59 +01:00
4004963c6a
test pkey references count
2019-12-30 09:31:23 -08:00
f51d940e34
Fix for ECC memory leak when using ATECC and non SECP256R1 curves for sign, verify or shared secret. Fixes #2701 .
2019-12-30 08:35:30 -08:00
3b7b71c9e0
Merge pull request #2700 from JacobBarthelmeh/HardwareAcc
...
Hardware calls for DSP use
2019-12-27 13:58:43 -08:00
deac82c8ed
Merge pull request #2683 from dgarske/various_items
...
Various cleanups and fixes
2019-12-27 13:53:39 -08:00
95daec5326
Merge pull request #2633 from tmael/cc_310
...
Update Cryptocell readme
2019-12-27 12:58:19 -08:00
78fa84be00
Merge pull request #2649 from SparkiDev/rsa_pubonly
...
Fix RSA public key only builds
2019-12-27 12:55:34 -08:00
dd28f26c44
Merge pull request #2699 from JacobBarthelmeh/Testing
...
big endian changes
2019-12-27 12:52:30 -08:00
38f466bdfe
Keep untrustedDepth = 0 for self signed certs
2019-12-27 17:48:34 +01:00
add7cdd4e2
Maintenance: Renegotiation
...
1. Found a corner case where secure renegotiation would fail trying to
inappropriately use a session ticket.
2. Explicitly split renegotiation into Rehandshake and SecureResume.
2019-12-26 16:39:44 -08:00
e8afcbf031
Merge pull request #2702 from embhorn/spelling
...
Correct misspellings and typos from codespell tool
2019-12-26 08:19:20 -08:00
8580bd9937
CertManager verify callback
...
Execute verify callback from wolfSSL_CertManagerLoadCA
2019-12-26 09:29:03 -06:00
ac0acb3c37
fix for test case with big endian
2019-12-26 05:57:26 -07:00
b83804cb9d
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
ad9011a863
initial DSP build and success with Debug mode
...
build dps with ARM neon 64
fix for release mode build
add in threading protection and seperate out rng
added callback function and updates to README
update default handle to lock, and add finished handle call
cleanup after veiwing diff of changes
2019-12-23 14:17:58 -07:00
5348ecb1f2
initial makefile and build with hexagon
2019-12-23 13:49:06 -07:00
ca59bc2d16
big endian changes
2019-12-23 12:33:59 -07:00
99a7aff31e
Increment pkey references count
2019-12-20 22:38:54 -08:00
48e59eaeb1
Free EVP ctx pkey
2019-12-20 22:38:54 -08:00
9d94b48056
Add blinding of mod inverse to RSA key gen
2019-12-20 12:17:42 +10:00
6c7e86f366
Maintentance: DTLS
...
1. Client wasn't skipping a handshake state when the server sends a
hello without a hello verify. It ended up resetting the handshake hash
and resending Hello with its next messages.
2019-12-19 11:48:05 -08:00
22f0b145d3
Various cleanups and fixes:
...
* Fix for key gen macro name in benchmark.c
* Fix for possible RSA fall-through warning.
* Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`.
* Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`.
* Added options.h includes for test.c and benchmark.c.
* Added printf warning on the math size mismatch in test.c.
* Added support for benchmarking larger sizes.
* TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
69a0c1155f
Review comment
2019-12-17 17:36:38 -08:00
5711d12364
Remove SSL_library_init() calls in unit tests to fix valgrind issues
2019-12-17 15:54:10 -07:00
c66ca1b774
Remove unused dNSName malloc from wolfSSL_X509_get_ext_d2i
2019-12-10 17:00:16 -07:00
b08d180bc9
WOLFSSL_DH redefined error fix
2019-12-09 16:13:18 -07:00
4511557f01
More jenkins test fixes
2019-12-09 15:57:53 -07:00
9ad970d8a4
Fixes for jenkins test failures
2019-12-09 14:04:52 -07:00
ee13dfd878
Add Qt 5.12 and 5.13 support
...
Co-Authored-By: aaronjense <aaron@wolfssl.com >
Co-Authored-By: MJSPollard <mpollard@wolfssl.com >
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com >
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com >
2019-12-06 14:27:01 -07:00
2528121925
Fix RSA public key only builds
...
Client side only and no client auth
2019-12-06 20:42:27 +10:00
4f8a37ef7b
Remove wc_RsaSSL_VerifyInline from Cryptocell
2019-12-05 10:40:21 -08:00
889f111454
Update CC readme
2019-12-02 14:55:21 -08:00
996cef6db2
Added stdio.h include to types.h.
2019-07-10 18:26:43 +02:00
