Commit Graph

4068 Commits

Author SHA1 Message Date
Jacob Barthelmeh 2e88151cfd crypto only sha256 cryptodev
formating and refactoring

update configure for devcrypto

add AES algorithms to cyrptodev port

increase structure size for compatibility AES with cryptodev

add wc_devcrypto.h to install path
2018-09-19 10:41:29 -06:00
Chris Conlon 085daa78cd Merge pull request #1833 from dgarske/norng_fixes
Fixes for building without RNG enabled
2018-09-18 14:52:21 -06:00
David Garske 9e305a01b4 More fixes for building with ./configure --disable-rng. 2018-09-18 11:17:39 -07:00
David Garske 77cd361bca Fixes for building with WC_NO_RNG. 2018-09-13 13:23:55 -07:00
toddouska e071f1ca7e Merge pull request #1825 from SparkiDev/compat_apis_1
Add more compatability APIs.
2018-09-13 13:13:12 -07:00
Chris Conlon 8a6a9e7620 Merge pull request #1820 from kojo1/portingAid
Porting aid
2018-09-13 11:06:55 -06:00
Sean Parkinson 0275366fb6 Fixes from code review
Document how length of ECDSA signature calculated.
Check parameter not NULL before use.
Formatting fix.
Also, disable RSA test of EVP_DigestSign/Verify* when HAVE_USER_RSA.
2018-09-13 08:47:09 +10:00
toddouska 324235f698 Merge pull request #1823 from dgarske/cert_ext_only
Fix for build with cert extensions and openssl extra only
2018-09-12 13:03:37 -07:00
Sean Parkinson df20daa1ae Support RSA and ECC in wolfSSL_DigestSign/Verify* 2018-09-12 16:31:39 +10:00
Takashi Kojo 7ddc756d15 eliminate double semi-colon 2018-09-12 10:13:30 +09:00
Sean Parkinson 330a7048c7 Add more compatability APIs.
d2i_ECDSA_SIG, i2d_ECDSA_SIG, EVP_DigestVerifyInit,
EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_PKEY_id,
PEM_read_bio_PUBKEY
2018-09-11 09:28:03 +10:00
David Garske 238f45d89d Fix for build with ./configure --enable-certext --enable-opensslextra. 2018-09-10 08:22:17 -07:00
David Garske f48e2067ae Added new API wolfSSL_CTX_load_verify_chain_buffer_format for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID. 2018-09-10 08:15:17 -07:00
Sean Parkinson f8ac5b5f71 Merge pull request #1819 from dgarske/fix_load_loc
Fix for load location test to handle multiple failure codes
2018-09-10 08:36:19 +10:00
Takashi Kojo 0d44252608 error pass though build flag WOLFSSL_PASSTHRU_ERR 2018-09-08 10:19:31 +09:00
Takashi Kojo 902008f5ea refer unit_PassThrough flag at least once 2018-09-08 09:17:52 +09:00
Eric Blankenhorn 412eecd51a Add wc_SetIssuerRaw and EncodeCert with raw fields (#1798)
* Make cert with raw issuer
* Add wc_SetIssuerRaw
* Use issuer raw in EncodeCert
2018-09-07 16:22:23 -07:00
David Garske 575382e5a9 Fix for load location test to handle multiple failure codes (failure may return ProcessFile error code or WOLFSSL_FAILURE). Moved expired certs and setup load location test for expired certs. 2018-09-07 15:30:30 -07:00
Takashi Kojo e677c32714 test file access functions 2018-09-08 07:27:33 +09:00
Takashi Kojo 294a22e938 flag to pass throug errors for correcting as many error information as possible. 2018-09-08 06:02:20 +09:00
Daniele Lacamera 27555d6eb7 Fix old-style function definitions 2018-09-07 09:13:20 +02:00
David Garske ae3d8d3779 * Fixed wolfSSL_CTX_load_verify_locations to continue loading if there is an error (ZD 4265).
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
2018-09-06 12:51:22 -07:00
toddouska d149795648 Merge pull request #1759 from dgarske/verifycbfail
Fix to resolve issue with verify callback not causing an error
2018-09-04 15:52:58 -07:00
Sean Parkinson 17a70aee1b Added test and minor fixes for CheckCertSignature 2018-09-03 10:50:47 +10:00
David Garske d2b9b230a0 Added additional verify callback override test cases. 2018-08-31 16:26:51 -07:00
David Garske b369e524d4 Fix for the ECDSA verify callback override test case. Switched to AES128-GCM cipher suite (better cipher suite overall). 2018-08-30 11:48:08 -07:00
David Garske 3d0d10345a Added test cases for ensuring forced error fails on client and server. Added test cases to ensure bad certificate can be overriden. 2018-08-30 11:17:21 -07:00
toddouska 7f324d2c3b Merge pull request #1781 from JacobBarthelmeh/Compatibility-Layer
fix for IV of DES_ncbc function
2018-08-24 10:16:21 -07:00
Jacob Barthelmeh f23eb37ade fix for IV of DES_ncbc function 2018-08-23 09:03:09 -06:00
David Garske d0d28c82cd Added new PKCS7 ex API's for supporting signing and validation of large data blobs. New API's are wc_PKCS7_EncodeSignedData_ex and wc_PKCS7_VerifySignedData_ex. Includes header docx and unit tests for new API's. Cleanup for the PKCS7 small stack and const oid's. 2018-08-22 15:46:37 -07:00
Takashi Kojo 08c2d94011 return value check of XFSEEK 2018-08-22 10:46:46 +09:00
David Garske b12386fbb1 Fixes for building with TLS v1.3 only (./configure --disable-tlsv12 --enable-tls13 --disable-aescbc --enable-ed25519 --enable-curve25519) 2018-08-20 15:49:03 -07:00
toddouska 0f539616be Merge pull request #1766 from JacobBarthelmeh/UnitTests
cleanup with test cases and access to FP_MAX_BITS
2018-08-20 09:19:14 -07:00
toddouska 555714afa3 Merge pull request #1764 from SparkiDev/tls13_psk_cb
Separate PSK callback for TLS 1.3
2018-08-20 09:17:01 -07:00
Jacob Barthelmeh cc10c971cd make sure that even if wolfSSL_Init has been called multiple times that wolfSSL_Cleanup gets called in tests 2018-08-17 11:04:21 -06:00
Sean Parkinson f1222c3f9f Separate PSK callback for TLS 1.3
It is highly recommended that the PSK be different for each protocol.
Example callback already returns a different key for TLS 1.3.
New callback includes the ciphersuite, as a string, to use with the key.
2018-08-17 10:18:28 +10:00
Sean Parkinson f487b0d96a Config option to disable AES-CBC
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
2018-08-16 08:25:13 +10:00
Eric Blankenhorn 2420af3cf2 Merge pull request #1758 from dgarske/certext
Fix for building certext without certgen
2018-08-14 17:00:51 -05:00
David Garske d1e13a973c Fix for building WOLFSSL_CERT_EXT without WOLFSSL_CERT_GEN due to missing CTC_MAX_EKU_OID_SZ. Change to allow --enable-certext without certgen. 2018-08-14 15:00:56 -06:00
David Garske c073aee87c Added new ECC export API's to support export as hex string. New API's are wc_ecc_export_ex and wc_ecc_export_int. For hex string use ECC_TYPE_HEX_STR as encType arg. Refactor to reduce duplicate code. Build fixes for NO_ECC_KEY_EXPORT. 2018-08-14 12:05:22 -06:00
toddouska d4f908c372 Merge pull request #1728 from JacobBarthelmeh/HardwareAcc
Add build for AF_ALG
2018-08-13 16:27:51 -07:00
Eric Blankenhorn bb574d28b2 Support for more cert subject OIDs and raw subject access (#1734)
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
2018-08-12 12:53:29 -07:00
David Garske a43d4d16ba Merge pull request #1719 from MJSPollard/OpenSSLAllFix
Added boost define and openssl bug fix with WOLFSSL_KEY_GEN
2018-08-02 15:20:27 -07:00
JacobBarthelmeh cb756397b3 inital AES-CBC with af_alg
progress on AES-GCM with AF_ALG and add SHA256

add aes-gcm test cases and finish logic of aes-gcm with AF_ALG

formating of tabs and white space

add files to dist

adding ecb and ctr mode with af_alg

make length of buffers for ctr be AES_BLOCK_SIZE

formating and add support for sha256 copy/gethash

sanity checks on arguments

cast return values and valgrind tests

make it easier to use sha256 with af_alg

remove hard tabs

add endif for after rebase
2018-08-01 08:54:20 -06:00
David Garske 656c0453a2 Fix for unit test abort(). 2018-07-30 13:53:54 -07:00
David Garske 4eff7b641b First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL. 2018-07-30 13:53:54 -07:00
David Garske 6ed6876b1f Enhanced the --enable-memtrack option to keep list of pointers allocated and reports leaked memory at end. Cleanup of the wolfCrypt_Init and wolfCrypt_Cleanup calls in unit.test and SrpTest memory tracking feature. 2018-07-30 13:53:54 -07:00
David Garske 2c3475c1d6 Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295. 2018-07-30 13:53:35 -07:00
toddouska 62cb69ded6 Merge pull request #1724 from dgarske/pemtoder
Added API's to expose alloc/free of DerBuffer and new unit tests
2018-07-30 13:50:19 -07:00
toddouska 335f467b8c Merge pull request #1714 from dgarske/pic32hashleak
Fixes for PIC32MZ hash memory leak
2018-07-30 13:48:59 -07:00