Commit Graph

3025 Commits

Author SHA1 Message Date
Tesfa Mael f894d4c0d2 FIPS on Solaris 2020-05-14 10:11:54 -07:00
toddouska 6c9a0e440e Merge pull request #2959 from dgarske/wpas_tiny
Added wpa_supplicant support with reduced code size option
2020-05-11 08:55:22 -07:00
David Garske 10aa8a4ffc Added support --enable-wpas=small for reduced code size when building against the WPA supplicant with EAP-TLS. This does not use OPENSSL_EXTRA, which helps reduce code size. 2020-05-08 13:38:26 -07:00
toddouska 6b930d996c Merge pull request #2958 from julek-wolfssl/ASN_IP_TYPE-without-openssl
Support IP alternative subject name without OpenSSL
2020-05-08 13:27:27 -07:00
Juliusz Sosinowicz 9e68de0fb7 Add test certs for ASN_IP_TYPE 2020-05-07 11:52:49 +02:00
Jacob Barthelmeh 6619db580d fix for scep build without aes 2020-05-06 16:58:54 -06:00
Sean Parkinson 09bc460c2e Merge pull request #2946 from dgarske/gcc9
Fix for GCC9 warning
2020-05-05 10:29:56 +10:00
David Garske 8161dfe3aa Fix for GCC9 warning.
```
src/tls.c:201:13: note: in expansion of macro 'XSTRNCMP'
  201 |         if (XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
      |             ^~~~~~~~
In file included from src/tls.c:33:
./wolfssl/internal.h:4312:19: note: referenced argument declared here
 4312 | static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
      |                   ^~~~~~
```
2020-05-04 15:07:28 -07:00
Chris Conlon df067b6781 Merge pull request #2919 from kaleb-himes/ZD10194
Fix for Freescale common examples that predated hardening warning
2020-05-04 13:43:07 -06:00
toddouska d848495a66 Merge pull request #2937 from dgarske/wolfio_tcpcon_fd
Fix issue with failed TCP connect using invalid socket file descriptor
2020-05-04 11:22:54 -07:00
David Garske 31502ec3f9 Fix issue with failed TCP connect using invalid socket file descriptor on close. Fixes #2936 2020-05-01 07:32:00 -07:00
toddouska a1489d981c Merge pull request #2930 from JacobBarthelmeh/SanityChecks
check on tag length for AES-CCM
2020-04-30 14:51:20 -07:00
toddouska 7e267546cb Merge pull request #2933 from SparkiDev/tls13_rsa8192
Allow TLS 1.3 CertificateVerify to handle 8192-bit RSA
2020-04-29 11:24:44 -07:00
Sean Parkinson 390f066028 Allow TLS 1.3 CertificateVerify to handle 8192-bit RSA 2020-04-29 12:37:41 +10:00
Sean Parkinson e9b433a998 Merge pull request #2928 from julek-wolfssl/evp-aes-gcm-fix
Fix AES-GCM in EVP layer to have compatiblity with OpenSSL
2020-04-29 09:00:04 +10:00
Jacob Barthelmeh b73e52f33f move AES-CCM tag check into a local function 2020-04-28 14:46:06 -06:00
toddouska f770d28ff0 Merge pull request #2916 from dgarske/testfixes
Improvements to ECC key decode and tests
2020-04-28 09:57:44 -07:00
toddouska cb6fc56f3b Merge pull request #2921 from dgarske/fixes_g++
Fixes for G++ and enable-all
2020-04-28 09:51:34 -07:00
Juliusz Sosinowicz 01a6dded72 Fix AES-GCM in EVP layer to have compatiblity with OpenSSL
- Tag checking in AES-GCM is done in Final call
- Reset `WOLFSSL_EVP_CIPHER_CTX` structure after Final call
- Don't zero `ctx->authTag` struct in Init call so that user can get the AES-GCM tag using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag)`
- `ctx->authTag` is only zeroed before authenticated, non-confidential data Update call since this means we are entering a new Udate-Final cycle. This doesn't need to be done in the decrypt case since the tag should be supplied by the user before the final call using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)`
2020-04-27 15:52:01 +02:00
David Garske 6d025f8c0f Refactor of the EVP macType to use enum wc_HashType to resolve issues with invalid casting. 2020-04-24 07:43:44 -07:00
David Garske 28b686a8ca * Exposed useful sizes MAX_X509_HEADER_SZ and PEM_LINE_SZ
* Refactor the PEM saving code in `test.c`, so its not using large 4K buffer and calculates based on DER.
* Enable ECC key generation test even without `WOLFSSL_KEY_GEN`.
* Added `ECC_KEYGEN_SIZE` macro for ECC key generation testing.
* Refactor ECC DER key generation to use `ECC_BUFSIZE`.
2020-04-23 16:11:54 -07:00
David Garske b07dfa425d Fixes for ./configure CC="g++" --enable-all && make. Resolves issues with implicit casts and use of reserved template keyword. 2020-04-23 15:26:04 -07:00
toddouska 7318121d3a Merge pull request #2915 from dgarske/async_v4.4.0
Fixes for async release v4.4.0
2020-04-23 09:26:08 -07:00
toddouska 54aa50e628 Merge pull request #2912 from SparkiDev/sp_movbe
Only use Intel instruction movbe when available
2020-04-23 09:25:02 -07:00
David Garske 36a556f927 Resolve issues with the openssl compatibility CRYPTO_malloc and CRYPTO_free. 2020-04-22 10:15:16 -07:00
kaleb-himes 12e4718c67 Fix for Freescale common examples that predated hardening warning 2020-04-22 11:06:36 -06:00
John Safranek 27011ff7ff Release Rollup
1. Update configure with the new version.
2. Update the ChangeLog.
3. Update the readme.
2020-04-21 10:21:53 -07:00
JacobBarthelmeh 0cfde0794b Merge pull request #2848 from julek-wolfssl/wpa-supplicant-openssl-compat
Added partial support for wpa_supplicant, hostapd, and cjose:
2020-04-20 12:17:55 -06:00
Sean Parkinson 75c14e4c8e Only use Intel instruction movbe when available 2020-04-20 09:09:45 +10:00
John Safranek 40ea386509 Revert "DTLS Fix"
This reverts commit 04dcb8f774.
2020-04-15 21:33:33 -07:00
Juliusz Sosinowicz 36403c1dad Merge remote-tracking branch 'wolfSSL/master' into wpa-supplicant-openssl-compat 2020-04-15 16:55:03 +02:00
Juliusz Sosinowicz 1d3fd5cd07 Code review
- make `wc_ecc_export_point_der_compressed` a local function
- use `int` for `shortKeySize` in `wc_ecc_import_point_der_ex`
- check for null return value from `wolfSSL_OBJ_nid2obj` and `wolfSSL_d2i_PUBKEY`
- add comments to `ssl.c`
- check `lnlen` in `wolfSSL_OBJ_ln2nid`
2020-04-15 12:53:38 +02:00
Eric Blankenhorn be437c0bd2 Fix EVP API to use NID instead of WC_ types 2020-04-14 12:47:10 -05:00
toddouska 9c1b90170a Merge pull request #2903 from SparkiDev/test_4096
Fix testing using 4096 bits keys and parameters
2020-04-14 09:25:00 -07:00
toddouska 06c6e583c8 Merge pull request #2891 from julek-wolfssl/refactor-evp-functions
Move EVP functions to evp.c
2020-04-14 09:22:51 -07:00
David Garske b6d6b1db77 Added new DH 4096-bit key to gencertbuf.pl. 2020-04-14 07:11:07 -07:00
Juliusz Sosinowicz dad0bc0159 Keep compatibility with old OPENSSL_EXTRA_X509_SMALL functions 2020-04-14 12:52:23 +02:00
Juliusz Sosinowicz 0ded4d4ccb wolfSSL_RSA_*_PKCS1_PSS rewrite 2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 20e669a65a New API
Add `wc_ecc_import_point_der_ex` for correct importing DER ECC point and keep `wc_ecc_import_point_der` old functionality
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz dbe4e778d3 Test fixes
- Add `parameter` to `WOLFSSL_X509_ALGOR`
- Implement `wolfSSL_ASN1_TYPE_new`, `wolfSSL_ASN1_TYPE_free`, and `wolfSSL_ASN1_TYPE_set`
- Fix leak where `pval` in `wolfSSL_X509_ALGOR_set0` was lost if `aobj` was provided
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 18093a6b0b Code review changes
- Don't include `ENABLED_OPENSSLALL` with `ENABLED_WPAS`
- Return length in `wolfSSL_i2d_DHparams`
- Implement `wolfSSL_EC_POINT_mul` with independent multiplication and addition if `ECC_SHAMIR` not defined
- Implment `ASN1_SIMPLE` without `offsetof` by using a dummy struct
- Style fixes
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 9722082372 Fix nid2* and *2nid functions 2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 680a481e61 Test fixes
Remove redundant macros
2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz 73b4d78d5b Added partial support for wpa_supplicant, hostapd, and cjose:
- Moved `SetECKeyInternal` and `SetECKeyExternal` to `internal.h` to allow usage outside of `ssl.c`
- Added `asn1t.h`
- Implemented the `IMPLEMENT_ASN1_FUNCTIONS` macro for a small subset of ASN1 tags
-- So far only `X509_ALGOR` and `ASN1_BIT_STRING` are supported
- Implemented `BN_mod_add` function
- Allow for setting of `EC_KEY` export form through EC_KEY_set_conv_form
- Implemented `i2o_ECPublicKey`
- Implemented `EC_POINT_copy`
- Implemented deriving DH and ECDH keys in `EVP_PKEY_CTX`. Functions added:
-- `EVP_PKEY_derive_init`
-- `EVP_PKEY_derive_set_peer`
-- `EVP_PKEY_derive`
- Implemented `EVP_PKEY_get0_DH`
- Implemented `X509_ALGOR_new`
- Implemented `X509_ALGOR_free`
- Implemented `X509_ALGOR_set0`
- Implemented `X509_PUBKEY_new`
- Implemented `X509_PUBKEY_free`
- Implemented `X509_PUBKEY_set`
- Implemented `RSA_padding_add_PKCS1_PSS`
- Implemented `RSA_verify_PKCS1_PSS`
- Changed second parameter of `wolfSSL_d2i_PUBKEY` to be constant
- Corrected long names in `asn.h`
- Added `wc_ecc_get_generator` as a way to get the generator point of a curve
- Added `wc_ecc_export_point_der_ex` to export an ECC point in compressed or uncompressed format with one API
- Added `wc_ecc_export_point_der_compressed` to export a point in an `ecc_point` structure in compressed DER format
- Added 'wc_RsaSSL_Verify_ex` which adds the option to choose a padding type
- Added `wc_RsaPad_ex` and `wc_RsaUnPad_ex` to `rsa.h` as `WOLFSSL_LOCAL` functions
- `CopyDecodedToX509` now fills `x509->key` and `x509->algor` when populating x509
- `wolfSSL_EVP_CipherInit` now uses `wc_AesGcmSetExtIV` to set the IV so that it is copied to `ctx->iv` by `wolfSSL_StoreExternalIV`
- Added error checking to `wolfSSL_EVP_PKEY_get_der`
- `wolfSSL_X509_ALGOR_get0` now attempts to return something in all parameters
- Refactored `wolfSSL_EC_KEY_new` to use `*_new` functions when available
- Added `setupPoint` to set the internal point if not yet set
- Always set external point in `wolfSSL_ECPoint_d2i`
- Added compressed point support to `wolfSSL_EC_POINT_point2oct`
- Fix `wolfSSL_EC_POINT_mul` so that it will calculate the full `generator * n + q * m` then OpenSSL does
- Added `WOLFSSL_RSA_GetRNG` helper function to get a `WC_RNG` from `WOLFSSL_RSA`
- Correct short names in `wolfssl_object_info`
- Added all currently supported curves to `wolfssl_object_info`
- Added `oidCurveType` to `oid2nid`
- Add more padding types to `wolfSSL_RSA_public_decrypt`
- Fix `keysize` in `wc_ecc_import_point_der`
- Added tests for new additions
2020-04-14 11:45:32 +02:00
Sean Parkinson ba401c9bde Fix testing using 4096 bits keys and parameters
RSA PKCS #1.5 padding for signing is not reliant on a random.
2020-04-14 12:03:51 +10:00
toddouska 3cb0c600ba Merge pull request #2894 from SparkiDev/ecc_cr_fix
Change constant time and cache resistant ECC mulmod
2020-04-13 16:36:22 -07:00
toddouska ee0289bea6 Merge pull request #2825 from julek-wolfssl/self-include-options
OpenVPN changes
2020-04-13 13:11:18 -07:00
Sean Parkinson ffd06e359f Change constant time and cache resistant ECC mulmod
Ensure points being operated on change to make constant time.
2020-04-10 09:28:20 +10:00
Juliusz Sosinowicz f6b9b2e0eb Remove redundant guards 2020-04-09 18:26:23 +02:00
Juliusz Sosinowicz 9cbbd164e0 Fix test errors 2020-04-09 14:54:09 +02:00