Commit Graph

1657 Commits

Author SHA1 Message Date
John Safranek 774bc36603 Merge pull request #4061 from JacobBarthelmeh/sessionExport 2021-10-01 10:21:42 -07:00
John Safranek 98b1e93429 Merge pull request #4402 from JacobBarthelmeh/Compatibility-Layer 2021-09-30 15:53:58 -07:00
Jacob Barthelmeh ed8b87306d account for test case where psk and anon is off 2021-09-30 15:48:55 -06:00
Jacob Barthelmeh cb4b57c5c7 add tls 1.3 test case 2021-09-30 10:08:47 -06:00
Chris Conlon cf1ce3f073 Add get_default_cert_file/env() stubs, SSL_get/set_read_ahead(), SSL_SESSION_has_ticket/lifetime_hint() (#4349)
* add wolfSSL_X509_get_default_cert_file/file_env/dir/dir_env() stubs

* add SSL_get_read_ahead/SSL_set_read_ahead()

* add SSL_SESSION_has_ticket()

* add SSL_SESSION_get_ticket_lifetime_hint()

* address review feedback - comments, return values

* make SSL_get_read_ahead() arg const

* add unit tests for SESSION_has_ticket/get_ticket_lifetime_hint

* test for SESSION_TICKET_HINT_DEFAULT in api.c for wolfSSL_SESSION_get_ticket_lifetime_hint()

* fix variable shadow warning in api.c
2021-09-30 08:35:23 +10:00
Chris Conlon 95b9fae605 Add DIST_POINT compatibility functions (#4351)
* add DIST_POINT compatibility functions

* switch X509_LU_* from enum to define, prevent compiler type warnings

* refactoring, adding in comments, and formating

* refactoring and a memory leak fix

* cast return value for g++ warning

* refactor wolfSSL_sk_DIST_POINT_pop_free and remove NULL assign after free

* fix get next DIST_POINT node for free function

Co-authored-by: Jacob Barthelmeh <jacob@wolfssl.com>
2021-09-30 08:27:39 +10:00
Jacob Barthelmeh 707385724e adjust macro guard around test cases 2021-09-29 13:28:20 -06:00
Jacob Barthelmeh 5f9f6fd9fa add some test cases and use allocator 2021-09-29 12:02:26 -06:00
Jacob Barthelmeh dd7b62d067 fix for use with idea enabled 2021-09-29 11:15:51 -06:00
Jacob Barthelmeh ae47cb3bcd update check on is TLS, update macro guard for test case 2021-09-28 16:57:30 -06:00
Anthony Hu 0e80923fb3 Unit tests for post-quantum groups.
Also, fixes for the things they caught such as:

- ssl->arrays->preMasterSecret is pre-allocated so copy into it instead of
  moving ownership of buffer.
- server does not need to save the public key.
- in TLSX_KeyShare_Parse() don't call TLSX_KeyShare_Use() because its done in
  TLSX_PopulateExtensions().
- in TLSX_KeyShare_Use(), the server generates the ciphertext while the client
  generates the public key.
- in TLSX_PopulateExtensions(), prevent client from calling TLSX_KeyShare_Use()
  because its already been done.
- Support longer curve/group names.
2021-09-28 17:16:44 -04:00
Jacob Barthelmeh 21181f2437 canned test was made without the wolfssl_idea enum on 2021-09-27 14:01:15 -06:00
Jacob Barthelmeh 8b456b90e0 add test case for tls export/import 2021-09-27 14:01:15 -06:00
Jacob Barthelmeh 2871fc670f initial serialization of TLS session 2021-09-27 14:00:13 -06:00
David Garske 3bdce348e9 Added NID_pkcs9_contentType and ub_ to compatibility layer (#4408)
* Added `NID_pkcs9_contentType` and `ub_` values.  ZD 11742

* Improve the API unit test. Also only include when `WOLFSSL_CERT_REQ` defined.
2021-09-27 08:21:53 +10:00
Chris Conlon 9e4ab9b638 Add BIO_up_ref(), PEM_read_DHparam(), EVP_MD_nid() (#4348)
* add BIO_up_ref

* add PEM_read_DHparams()

* add EVP_MD_nid()

* exclude PEM_read_DHparams when NO_FILESYSTEM defined

* review feedback: single threaded, indents, EVP_MD_nid
2021-09-27 08:20:37 +10:00
Hayden Roche 24e2eded1e Add to the OpenSSL compatibility layer. (#4404)
- X509_get_extension_flags
- X509_get_key_usage
- X509_get_extended_key_usage
- ASN1_TIME_to_tm
- ASN1_TIME_diff
- PEM_read_X509_REQ
- ERR_load_ERR_strings
- BIO_ssl_shutdown
- BIO_get_ssl
- BIO_new_ssl_connect
- BIO_set_conn_hostname
2021-09-24 12:26:53 +10:00
Anthony Hu 33cb823148 Remove legacy NTRU and OQS (#4418)
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
Eric Blankenhorn e6e7795140 Make subj alt name order match openSSL (#4406) 2021-09-22 10:29:57 +10:00
John Safranek df30a88dc6 Merge pull request #4414 from JacobBarthelmeh/devcrypto
update macro guard on SHA256 transform call
2021-09-21 10:03:51 -07:00
John Safranek 7ec7faddef Merge pull request #4405 from anhu/truncating_last_char
Fix for `set1_curves_list` ignoring last character
2021-09-21 08:49:53 -07:00
Daniel Pouzzner ec21dd6d13 miscellaneous buildability fixes:
configure.ac: fix ed25519/sha512 dependency test to not misfire when ENABLED_32BIT;

wolfssl/wolfcrypt/curve{25519,448}.h: fix redundant typedefs of curve{25519,448}_key (fixes -Wpedantic warnings);

configure.ac: fix for "ISO C forbids an empty translation unit [-Werror=pedantic]", re wolfcrypt/src/sp_c{32,64}.c;

configure.ac: fixes for --enable-32bit versus pedantic "ISO C forbids an empty translation unit", including explicit exclusion of 32bit-incompatible algorithms from enable-all and enable-all-crypto sets;

tests/api.c: fixes for a couple inadequately gated SHA2 dependencies;

tests/api.c:test_wolfSSL_set_alpn_protos(): fix prototype missing (void);

wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h: fix ForceZero() definition and NO_INLINE prototype to not counterfactually constify the mem ptr, to avoid -Wmaybe-uninitialized from gcc11;

wolfcrypt/src/des3.c: drop obsolete register qualifier from declaration in DesSetKey(), for c++17 compatibility;

src/ssl.c:wolfSSL_BN_mod_word(): fix cast of arg2 to mp_mod_d().
2021-09-20 13:38:52 -05:00
Daniel Pouzzner 1209908468 tests/api.c: fix key size in test_wc_ecc_shared_secret(). 2021-09-20 10:27:13 -05:00
Anthony Hu c733be728f Trivial change to re-trigger jenkins. 2021-09-20 08:37:56 -04:00
Kaleb Himes 9bd300e07d AESNI in FIPS mode does not support zero length inputs (#4411)
* AESNI in FIPS mode does not support zero length inputs

* Update note to specifically note AESNI
2021-09-20 08:29:15 +10:00
JacobBarthelmeh f447e4c1fa update macro guard on SHA256 transform call 2021-09-17 15:06:13 -07:00
Anthony Hu 79cc6be806 Make jenkins happy 2021-09-17 15:50:06 -04:00
John Safranek 3503be2c13 Merge pull request #4362 from JacobBarthelmeh/wolfCLU
add wolfclu enable option and remove test macro guard
2021-09-15 13:57:50 -07:00
Anthony Hu 07656e371c Parameter sanity check and a unit test. 2021-09-15 16:29:55 -04:00
Juliusz Sosinowicz 4ad8b07c1c wolfSSL_PEM_write_bio_PUBKEY needs to write only the public part (#4354)
* `wolfSSL_PEM_write_bio_PUBKEY` needs to write only the public part

The `wolfSSL_PEM_write_bio_PUBKEY` output can't contain the private portion of the key. This output could be used to distribute the public key and if it contains the private part then it gets leaked to others.

* Add heap hint to `wolfSSL_RSA_To_Der`

* Correct function name in logs
2021-09-15 17:34:43 +10:00
Hideki Miyazaki d9767207b7 call alpn selection call-back at server side only (#4377)
* call alpn selection call-back at server side only

* addressed review comment

* addressed jenkins failure
2021-09-15 10:02:18 +10:00
Hideki Miyazaki 4d49ab6342 add store finished message on Tls13 (#4381)
* add to store finished message on Tls13

* addressed jenkins failure

* jenkins failures

sanity check for size before copying memory

* remove check of finishSz

* addressed review comments
2021-09-14 09:22:16 +10:00
Eric Blankenhorn 649aa9c95f Add error handling to wolfSSL_BIO_get_len (#4385) 2021-09-10 08:15:30 +10:00
Hideki Miyazaki 51a2f9de17 return value convention on compatibility layer (#4373)
* return value convention

* addressed review comments

* addressed review comment part2

* fix jenkins failures
2021-09-07 08:15:08 +10:00
TakayukiMatsuo 90116a2873 Add support for wolfSSL_EVP_PBE_scrypt (#4345) 2021-09-03 15:49:02 +10:00
David Garske a3ee84bf6d Merge pull request #4355 from anhu/check_support_of_group
BUGFIX: Its possible to send a supported group that is not supported.
2021-09-02 20:03:32 -07:00
elms fd77cb8918 fix wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex bound checks (#4369)
RFC3394 in must be at least 2 64-bit blocks and output is one block longer.
On Unwrapping the input must then be a minimum of 3 64-bit blocks
2021-09-03 12:48:01 +10:00
Jacob Barthelmeh c412d23b07 add wolfclu enable option 2021-09-02 16:46:38 -06:00
Anthony Hu 26c7592d4b leantls only supports secp256r1. 2021-09-02 17:38:04 -04:00
TakayukiMatsuo 56843fbefd Add support for EVP_sha512_224/256 (#4257) 2021-09-02 14:05:07 +10:00
Anthony Hu 0d6d171fa4 BUGFIX; Its possible to sending a supported group that is not supported.
This change fixes that.
2021-09-01 10:54:52 -04:00
David Garske 9b6cf56a6e Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335)
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.

* Fix for sniffer with TLS v1.3 session tickets.

* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).

* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.

* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.

* Fix for static ephemeral loading of file buffer.

* Added sniffer Curve25519 support and test case.

* Fix for sniffer to not use ECC for X25519 if both are set.

* Fix Curve448 public export when only private is set.

* Fix for `dh_generate_test` for small stack size.

* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.

* Fix invalid comment.
2021-09-01 09:28:24 +10:00
David Garske 4645a6917c Merge pull request #4168 from JacobBarthelmeh/wolfCLU
function additions and fixes for expansion of wolfCLU
2021-08-30 13:42:50 -07:00
John Safranek 85df95e10d Merge pull request #4324 from miyazakh/maxfragment
add set_tlsext_max_fragment_length support
2021-08-30 10:21:59 -07:00
Sean Parkinson 0488caed4c Merge pull request #4346 from cconlon/verifyPostHandshake
TLS 1.3: add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-30 09:47:23 +10:00
Chris Conlon 070029fd08 add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode 2021-08-27 14:49:47 -06:00
JacobBarthelmeh 65cfef5337 fix for free with test case 2021-08-27 14:10:06 -06:00
Jacob Barthelmeh 83d39932bb add test case for X509 EXTENSION set 2021-08-27 11:30:44 -06:00
John Safranek 8b79f77fb0 Merge pull request #4327 from JacobBarthelmeh/Compatibility-Layer-Part3
add implementation of AUTHORITY_INFO_ACCESS_free
2021-08-27 09:27:34 -07:00
Jacob Barthelmeh 21159659cf add implementation of AUTHORITY_INFO_ACCESS_free 2021-08-26 14:48:12 -06:00