wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 03:59:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,391 Commits 12 Branches 184 Tags
89797db9460c8dbfbdf02c8657d6abada9a96a7f
Commit Graph

1710 Commits

Author SHA1 Message Date
John Safranek
a935f2f86d FIPS CAST Update 
1. In the unit test, when checking the build options, also check for
   FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
   getting called, so the FIPS flags didn't get checked. (It was using
   wc_InitSha_ex() which bypasses the FIPS checks.)
 2021-10-26 20:24:24 -05:00
JacobBarthelmeh
4825534062 Merge pull request #4500 from cconlon/errorQueueFix 
fix wc_ERR_print_errors_fp() unit test with NO_ERROR_QUEUE
 2021-10-27 05:56:32 +07:00
David Garske
9c665d7282 Merge pull request #4501 from embhorn/zd13114 
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
 2021-10-26 10:47:59 -07:00
David Garske
87baf7818e Merge pull request #4505 from julek-wolfssl/fix-nids 
Make NID's consistent v2
 2021-10-26 10:29:42 -07:00
Eric Blankenhorn
19feab7850 Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow 2021-10-26 07:14:53 -05:00
Juliusz Sosinowicz
48b304be00 Fix issues with AIA_OCSP_OID and AIA_CA_ISSUER_OID 2021-10-26 11:47:27 +02:00
Juliusz Sosinowicz
348fec3d29 wc_ClearErrorNodes is a local API that is not exported for linking 2021-10-26 09:14:48 +02:00
Juliusz Sosinowicz
57b9170ac0 Make NID's consistent 
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
 2021-10-26 09:14:25 +02:00
Sean Parkinson
08d9b145d9 ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist 
Change SSL_FATAL_ERROR to  WOLFSSL_FATAL_ERROR
 2021-10-26 15:50:52 +10:00
John Safranek
a0c7c079b8 Revert "Make NID's consistent" 2021-10-25 21:57:28 -07:00
Sean Parkinson
cdf72facbf Merge pull request #4429 from julek-wolfssl/fix-nids 
Make NID's consistent
 2021-10-26 09:59:26 +10:00
Sean Parkinson
6070981366 Merge pull request #4490 from dgarske/static_mem_unittest 
Add CTX static memory API unit tests
 2021-10-26 09:52:14 +10:00
Chris Conlon
eb0b6ca122 fix unit test for wc_ERR_print_errors_fp() when NO_ERROR_QUEUE is defined 2021-10-25 13:50:39 -06:00
Chris Conlon
402ee29163 fix nid2oid/oid2nid for oidCertAuthInfoType 2021-10-22 16:53:18 -06:00
John Safranek
d83d16af59 Merge pull request #4483 from julek-wolfssl/cov-reports 2021-10-22 13:07:57 -07:00
David Garske
229f0d5fd1 Merge pull request #4485 from JacobBarthelmeh/certs 
Improve permitted alternate name logic in certificate ASN handling
 2021-10-22 11:59:16 -07:00
David Garske
c027fffa92 Fix for CTX free heap hint issue. With openssl extra the param and x509_store.lookup.dirs are allocated at CTX init and if heap or static pool was used depends on ctx->onHeapHint. Added test case for this and inline code comment. 2021-10-22 11:58:02 -07:00
John Safranek
aad230a7e3 Restore a test case. Add a missing null-check. 2021-10-22 10:36:17 -07:00
David Garske
4c0527490d Fixes for API unit test with WOLFSSL_NO_ASN_STRICT. Fix spelling error. 2021-10-22 09:59:16 -07:00
Hayden Roche
0b6523d933 Rename pem_password_cb to wc_pem_password_cb. 
Recently, we had a wolfEngine customer report a compilation error because
wolfSSL and OpenSSL both define the typedef pem_password_cb. The solution is to
namespace our typedef with the wc_ prefix. In order to not break existing code
that relies on wolfSSL providing pem_password_cb, if OPENSSL_COEXIST is not
defined, we define pem_password_cb as a macro that maps to wc_pem_password_cb.
 2021-10-21 16:47:29 -07:00
David Garske
b5f4a0c005 Improve API unit test to use X509_NAME_get_sz and make it widely available. 2021-10-21 16:42:19 -07:00
David Garske
f17187aad9 Fixes for static memory testing. Fix clang memory sanitizer warnings. 2021-10-21 16:33:57 -07:00
David Garske
785e37790a Cleanup API test case debugging. 2021-10-21 12:35:06 -07:00
David Garske
911d95e5e4 Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS. 2021-10-21 11:47:00 -07:00
Juliusz Sosinowicz
79b738b5a6 commit-test and jenkins fixes 2021-10-21 14:29:28 +02:00
Juliusz Sosinowicz
4268763adb wc_ClearErrorNodes is a local API that is not exported for linking 2021-10-21 13:47:55 +02:00
Juliusz Sosinowicz
20473ba563 Make NID's consistent 
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
 2021-10-21 13:01:57 +02:00
Jacob Barthelmeh
12f86b020a clean up test case memory and common name size 2021-10-20 17:13:34 -06:00
Jacob Barthelmeh
f57801c17b more name constraint test cases and adjust DNS base name matching to not require . 2021-10-20 14:25:02 -06:00
David Garske
6d2a5fab9b Added test cases for EVP_PKCS82PKEY and EVP_PKEY2PKCS8. 2021-10-20 09:18:13 -07:00
Jacob Barthelmeh
e0e43b6a16 clean up test case 2021-10-19 23:12:07 -06:00
Jacob Barthelmeh
3b73c6e3ae handle multiple permitted name constraints 2021-10-19 23:12:07 -06:00
Jacob Barthelmeh
afee92e0cf bail out when a bad alt name is found in the list of alt names 2021-10-19 23:12:07 -06:00
David Garske
de8798f4be Fix API unit tests where DH 3072-bit is not enabled. 2021-10-19 17:04:18 -07:00
David Garske
a03ed32380 Support for Android KeyStore compatibility API's: 
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
 2021-10-19 17:04:18 -07:00
Sean Parkinson
f04380d624 Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode 
scan-build LLVM-13 fixes and expanded coverage
 2021-10-20 08:30:46 +10:00
Sean Parkinson
41eecd37e5 Merge pull request #4471 from embhorn/zd11886 
Fix build errors with NO_BIO config
 2021-10-20 08:06:42 +10:00
Eric Blankenhorn
c0b592ef82 Fix build error with WOLFSSL_USER_IO 2021-10-19 08:27:43 -05:00
Daniel Pouzzner
e341291d99 scan-build LLVM-13 fixes: tests/api.c: fix -Wunused-but-set-variable for drive_len in test_wolfSSL_EVP_Cipher_extra() by removing the unused drive_len code. 2021-10-18 21:46:10 -05:00
Daniel Pouzzner
816527e826 scan-build fixes: back out all "#ifndef __clang_analyzer__" wrappers added to suppress false and frivolous positives from alpha.deadcode.UnreachableCode, and rename new macro WC_UNUSED to WC_MAYBE_UNUSED to make its meaning more precisely apparent. build is still clean with -Wunreachable-code-break -Wunreachable-code-return under scan-build-13. 2021-10-18 21:46:09 -05:00
Daniel Pouzzner
62822be6ce scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all. 2021-10-18 21:46:09 -05:00
Jacob Barthelmeh
c07a7deec2 sanity check on q value with DSA sign 2021-10-18 10:17:49 -06:00
Eric Blankenhorn
17e0249a26 Fixing NO_BIO and OPENSSL_ALL errrors 2021-10-14 16:03:52 -05:00
Eric Blankenhorn
61bab6f68b Fix test build errors with NO_BIO 2021-10-14 09:37:01 -05:00
Jacob Barthelmeh
63c9fa7a37 add check on bit length of q with DSA 2021-10-11 09:52:57 -06:00
David Garske
a395305cab Refactor API unit test named initializer code for callback_functions, to avoid older g++ build issues. 2021-10-08 14:04:21 -07:00
David Garske
854512105f Merge pull request #4314 from SparkiDev/libkcapi 
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
 2021-10-07 21:23:05 -07:00
Sean Parkinson
e0abcca040 KCAPI: add support for using libkcapi for crypto (Linux Kernel) 
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
 2021-10-08 09:07:22 +10:00
Sean Parkinson
dd6e4093b3 Merge pull request #4448 from JacobBarthelmeh/Compatibility-Layer 
remove error queue from JNI build and set a default upper bound on it
 2021-10-08 08:35:03 +10:00
David Garske
9d2082f7e1 Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437) 
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.

* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.

* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.

* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.

* Fix to use proper devId in `ProcessBufferTryDecode`.

* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.

* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with  `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.

* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
 2021-10-07 11:12:06 +10:00