Commit Graph

3238 Commits

Author SHA1 Message Date
Colton Willey 6607314dc6 Address code comments, rewrite get issuer internals, use better internal names, get rid of all lines over 80 chars 2024-10-23 16:55:34 -05:00
Colton Willey 17c9e92b7f Initial rewrite of X509 STORE to replicate openssl behavior 2024-10-23 16:55:34 -05:00
Daniel Pouzzner ea491b80ef tests/api.c: gate test_GENERAL_NAME_set0_othername() on OPENSSL_ALL, not OPENSSL_EXTRA, as it fails with --enable-all-crypto --enable-opensslextra, and is commented to require --enable-opensslall. 2024-10-23 00:02:29 -05:00
Juliusz Sosinowicz 901384e704 Init SoftHSMv2 support
- wolfSSL_EVP_PKEY_set1_DH: If both private and public present, output private key
- ToTraditionalInline_ex2: Add DH checking
- wc_ecc_get_curve_id: check index is not negative
- Fix i2d_PKCS8_PRIV_KEY_INFO to actually output pkcs8 instead of just der
- wolfSSL_EVP_PKEY2PKCS8: Create duplicate to avoid double free
- wolfSSL_DH_generate_key: Fix case where not enough buffer was allocated for 128 bit case
- pkcs8_encode: Add DSA and DH support
- wolfSSL_d2i_PKCS8_PKEY: Correctly advance buffer
- RSA_LOW_MEM: export all integers in compat layer
- Add softhsm action
- Define
  - OPENSSL_DH_MAX_MODULUS_BITS
  - OPENSSL_DSA_MAX_MODULUS_BITS
  - OPENSSL_RSA_MAX_MODULUS_BITS
- Implement
  - BN_mul_word
  - i2d_ECPKParameters
  - PEM_write_bio_PKCS8_PRIV_KEY_INFO
  - PEM_read_bio_PKCS8_PRIV_KEY_INFO
  - i2d_PKCS8_PRIV_KEY_INFO
  - RSA_padding_add_PKCS1_PSS_mgf1
  - RSA_verify_PKCS1_PSS_mgf1
2024-10-21 17:26:42 +02:00
Daniel Pouzzner 06de22e72b api.c:test_wolfSSL_dtls_stateless_maxfrag(): add missing condition (clang-analyzer-core.NullDereference). 2024-10-17 10:57:19 -05:00
Daniel Pouzzner fa65da7bb0 analyzer-driven cleanups of --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch:
Dtls13HashClientHello(): fix wc_HashType handling;

Dtls13SendFragment(): fix identicalConditionAfterEarlyExit;

GetDtlsRecordHeader(): fix error handling around GetDtls13RecordHeader() (incorrectLogicOperator);

test_wolfSSL_dtls_stateless_maxfrag(): fix a clang-analyzer-core.NullDereference,
test_dtls_frag_ch(): fix a clang-diagnostic-embedded-directive,
test_AEAD_limit_client(): fix an united-data defect found by valgrind.
2024-10-17 00:06:32 -05:00
Daniel Pouzzner 9665434694 Merge pull request #8080 from SparkiDev/coverity_fix_5
Unit test: fix coverity issue
2024-10-16 16:31:27 -05:00
philljj 2abbab2fd8 Merge pull request #8082 from SparkiDev/bn_bin2bn_fix
BN API: fix BN_bin2bn to handle NULL data properly
2024-10-16 12:00:41 -04:00
Sean Parkinson 64a9e6f7c4 BN API: fix BN_bin2bn to handle NULL data properly
BN_bin2bn was freeing the BN and returning it.
Added test for this.
2024-10-16 14:08:55 +10:00
Sean Parkinson b8d3b990ea Unit test: fix coverity issue
test_wolfSSL_i2d_ASN1_TYPE: don't use str after freeing it.
2024-10-16 12:40:02 +10:00
Daniel Pouzzner cd8d158964 Merge pull request #8073 from philljj/fix_infer_issues
infer: fix dead store, and uninitialized value errors.
2024-10-15 15:42:48 -05:00
Daniel Pouzzner c7146640f9 Merge pull request #8055 from rizlik/ocsp-cb-ret-propagate
ocsp: propagate ocsp cb return error
2024-10-15 15:38:09 -05:00
jordan f5074772da infer: fix more uninitialized value errors. 2024-10-15 12:41:09 -05:00
Daniel Pouzzner 3e1f365e75 Merge pull request #8064 from SparkiDev/regression_fixes_14
Regression test fixes
2024-10-15 11:47:37 -05:00
Marco Oliverio 724fdae7d7 ocsp: propagate ocsp cb return error 2024-10-15 10:03:15 +00:00
jordan e3c2c650aa infer: fix dead store, and uninitialized value errors. 2024-10-14 22:45:17 -05:00
Daniel Pouzzner dfd8ead95e Merge pull request #8050 from philljj/fix_acert_defines
Fix acert defines, add more tests, cleanup.
2024-10-11 16:22:34 -05:00
Daniel Pouzzner f8da04d8b0 Merge pull request #7766 from miyazakh/zd18141_tls13_ocsp
Add OCSP response for intermediate cert into Certificate extension on TLS1.3
2024-10-11 15:49:19 -05:00
Sean Parkinson 5f1ddadf71 Regression test fixes
Fix unit tests to not compile when NO_RSA is defined and RSA used.
test_wc_PKCS7_EncodeSignedData: only RSA supported with streaming.
test_wolfSSL_RSA when SP math and SP: CRT parameters required.
test_wolfSSL_OCSP_REQ_CTX to compile with NO_ASN_TIME.
test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS: make sure all objects freed even
on memory allocation failure.
test_wolfSSL_error_cb: don't use bio if is NULL.
test_wolfSSL_BN_enc_dec: don't free a twice on memory allocation error.
test_wc_dilithium_der: remove debug printing
test_othername_and_SID_ext: make sid_oid NULL after free to ensure no
double free on later memory allocation failure.
test_wolfSSL_RSA: don't leak when BN_dup fails.
test_wolfSSL_i2d_ASN1_TYPE: free ASN1 string whn no ASN1 type to put it
into.
test_tls13_rpk_handshake: don't leak on failure
test_dtls_client_hello_timeout_downgrade: only move memory when test is

wolfSSL_certs_clear, wolfSSL_set_SSL_CTX, SetSSL_CTX: Check return from
AllocCopyDer.
d2i_generic: make sure impBuf is only freed once.
wolfSSL_BIO_write: don't dereference front unless it is not NULL.
wolfssl_dns_entry_othername_to_gn: don't free obj twice
wolfSSL_X509_REQ_add1_attr_by_NID: don't access reqAttributes if NULL.
succeeding.
2024-10-11 11:49:01 +10:00
jordan 244fff844f acert: pacify c++ style comment warning. 2024-10-08 21:21:25 -05:00
jordan deda512598 acert: fix unused store error. 2024-10-08 17:05:53 -05:00
jordan 410e2f148c Missing free call. 2024-10-08 16:17:16 -05:00
jordan 052cf77233 acert: fix defines, cleanup, more testing. 2024-10-08 16:11:46 -05:00
Daniel Pouzzner e6dac68ce3 Merge pull request #7966 from cconlon/x509CheckHostLeftWildcardOnly
Add left-most wildcard matching support to X509_check_host()
2024-10-08 15:17:27 -05:00
Chris Conlon f878220b81 add WOLFSSL_LEFT_MOST_WILDCARD_ONLY support to X509_check_host() 2024-10-08 10:38:14 -06:00
Aidan Garske e10c943bf3 wolfCrypt CSharp Wrapper:
* Adds RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing to the CSharp wrapper.
* Adds GitHub action for building the CSharp wrapper solution and running wolfCrypt test and a TLS server/client example.
* Adds "new" API's for wolfCrypt for platforms that cannot tolerate the structs directly.
* Fixes for several scan-build warnings.
2024-10-05 11:44:58 -07:00
Hideki Miyazaki b84a4e1c8d fix pr unit test 2024-10-05 15:25:34 +09:00
Daniel Pouzzner e814d1baea Merge pull request #8016 from SparkiDev/dilithium_draft_final_fix
Dilithium: Final and draft available in one build
2024-10-02 14:02:00 -05:00
Reda Chouk 10f0885d88 Merge branch 'master' into fix-conversion 2024-10-02 17:14:06 +02:00
Sean Parkinson 50bbdbbe42 Dilithium: Final and draft available in one build
Make draft version of ML-DSA compiled in with final.
Use WC_ML_DSA_44_DRAFT, WC_ML_DSA_65_DRAFT and WC_ML_DSA_87_DRAFT for
the level to get the draft implementation.
2024-10-02 22:23:25 +10:00
Sean Parkinson ac788ec40d Merge pull request #7995 from julek-wolfssl/dtls12-cid
Implement DTLS 1.2 Connection ID (CID)
2024-10-02 09:00:59 +10:00
Reda Chouk 666e658398 trailing spaces and overlong lines fixes 2024-10-01 16:28:31 +02:00
Reda Chouk 3193ecb2c3 fixed Wconversion in the api.c file 2024-10-01 15:07:59 +02:00
JacobBarthelmeh bea285c8ef initialize values for -Og test 2024-09-25 14:57:09 -06:00
Marco Oliverio 76f71a31f1 dtls13: support either side DTLSv1_3 method 2024-09-24 16:56:02 +00:00
Marco Oliverio 9dccd66a3a address review: better guarding in test 2024-09-24 12:54:15 +00:00
JacobBarthelmeh 8017c816bb check on RNG init return with test, and make input const 2024-09-20 08:34:28 -07:00
JacobBarthelmeh ca3b1a1412 add test case 2024-09-20 08:34:28 -07:00
Juliusz Sosinowicz 99a99e3d6e Implement DTLS 1.2 Connection ID (CID) 2024-09-20 15:31:01 +02:00
András Fekete bbbc40dacc Merge pull request #7996 from julek-wolfssl/move-mymemmem
memmem is only being used in testing so move it there

Failing test is disabled in: https://github.com/wolfSSL/wolfssl/pull/7991/commits/5be198fa0e7aa035cbba1b2cc58162bd359a1208
2024-09-20 09:08:44 -04:00
Juliusz Sosinowicz d7303664b5 memmem is only being used in testing so move it there 2024-09-19 15:54:20 +02:00
Daniel Pouzzner 263cb5bf78 tests/api.c:test_Sha512_Family_Final(): fix unreachable null pointer deref reported by clang-tidy in FIPS/Async configs. 2024-09-18 17:42:05 -05:00
Daniel Pouzzner 072c5311a5 m4/ax_atomic.m4: fixes for C++ compatibility.
wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_API attribute to wolfSSL_Atomic_Int_Init, wolfSSL_Atomic_Int_FetchAdd, and wolfSSL_Atomic_Int_FetchAdd, and add fallback definitions for them, allowing elimination of SINGLE_THREADED implementations of wolfSSL_Ref*(), and allowing ungated use of wolfSSL_Atomic_* calls in api.c.

wolfcrypt/src/dh.c: in wc_DhAgree_ct(), remove frivolous XMEMSET() and stray semicolon.

wolfcrypt/benchmark/benchmark.c: fix bench_rsaKeyGen() to skip tests of key sizes below RSA_MIN_SIZE, and add 4096 bit benchmark if RSA_MAX_SIZE is big enough.

tests/unit.h:
* adopt definitions of TEST_FAIL, TEST_SUCCESS, and TEST_SKIPPED from unit.c, remap TEST_SKIPPED from -7777 to 3, and add TEST_SUCCESS_NO_MSGS, TEST_SKIPPED_NO_MSGS, EXPECT_DECLS_NO_MSGS(), and EXPECT_FAILURE_CODEPOINT_ID, to support existing and future expected-particular-failure test cases without log noise.
* rename outer gate from CyaSSL_UNIT_H to TESTS_UNIT_H.

tests/api.c:
* use EXPECT_DECLS_NO_MSGS() in test_ssl_memio_setup(), test_ssl_memio_read_write(), and test_wolfSSL_client_server_nofail_memio(), and globally update affected expected error codes to correspond.
* use atomics for {client,server}SessRemCount{Malloc,free} to fix races in SessRemCtxCb() and SessRemSslSetupCb().
2024-09-18 16:25:26 -05:00
JacobBarthelmeh 87dc45b938 Merge pull request #7986 from julek-wolfssl/crl-cb
Add crl error override callback
2024-09-18 10:43:37 -06:00
Reda Chouk 949565f156 Merge branch 'wolfSSL:master' into fix-conversion 2024-09-18 17:16:48 +02:00
Reda Chouk be88ddda15 more Wconversion fixes: api/test* block 2024-09-18 16:53:39 +02:00
Juliusz Sosinowicz ae6c872797 Add crl error override callback 2024-09-18 11:58:53 +02:00
Juliusz Sosinowicz 1e75a2367c Address code review 2024-09-18 10:35:29 +02:00
Juliusz Sosinowicz ee2b77c0bd Move manual memio to api.c 2024-09-18 10:35:29 +02:00
Juliusz Sosinowicz 8ce6f17144 Add dtls 1.3 cid api test 2024-09-18 10:35:29 +02:00