Commit Graph

5684 Commits

Author SHA1 Message Date
Jacob Barthelmeh 03bc45c5b1 check if private key exists before using with private key check function 2021-10-29 10:51:24 -06:00
David Garske 6b3ff9bae2 Merge pull request #4459 from julek-wolfssl/missing-ext
Add x509 name attributes and extensions to DER parsing and generation
2021-10-28 14:30:37 -07:00
David Garske 0a26335243 Merge pull request #4446 from ejohnstown/dtls-sizing
DTLS Sizing
2021-10-28 14:15:36 -07:00
David Garske 6bb7e3900e Merge pull request #4511 from JacobBarthelmeh/Testing
build fixes and PKCS7 BER encoding fix
2021-10-28 10:52:58 -07:00
Juliusz Sosinowicz 8cba5dda17 Need to free x509 in tests 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz a6be157628 Gate new AKID functionality on WOLFSSL_AKID_NAME 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz d9af698aa4 Implement raw AKID with WOLFSSL_ASN_TEMPLATE 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz c162196b27 Add x509 name attributes and extensions to DER parsing and generation
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz 894303be59 Make the wolfSSL_GetMaxFragSize parameter meaning consistent
- Add testing for sending as much app data as possible in a single DTLS record
2021-10-28 14:46:15 +02:00
John Safranek 7cbfb27fa0 When adding cipherExtraData(), also account for TLSv1.3. 2021-10-27 15:12:31 -07:00
John Safranek 9f3f9c53fd Remove debugging printfs. Added some guards around DTLS and AEAD only things. 2021-10-27 15:12:31 -07:00
Juliusz Sosinowicz be3b6b47ef DTLS MTU fixes 2021-10-27 15:12:31 -07:00
John Safranek 77ebd11781 Updating based on MTU. Debugging prints. 2021-10-27 15:12:31 -07:00
John Safranek be2e7e25ac Change the calculation for the extra data size in a DTLS message when checking to see if it'll fit in an MTU. (ZD12983) 2021-10-27 15:12:31 -07:00
David Garske c16f0db1b5 Fixes for handling WC_PENDING_E async responses in API unit test and examples. Resolves all issues with --enable-all --enable-asynccrypt --with-intelqa=. 2021-10-27 15:08:39 -07:00
David Garske a2ad01604f Fix devId, which must be -2 or INVALID_DEVID (not 0). Fix RSA doc typo. 2021-10-27 15:08:38 -07:00
David Garske eb56b652ca Fix for async TLS v1.3 with multiple WC_PENDING_E on client_hello and server_hello processing. Fix for not aligned NUMA. 2021-10-27 15:08:38 -07:00
Sean Parkinson 34095dfd38 Merge pull request #4509 from dgarske/fix_sesstick
Fix for session ticket handling with error cases
2021-10-28 08:07:10 +10:00
Daniel Pouzzner f413ff8b3a tls.c: TLSX_SupportedFFDHE_Set(): add handling for malloc failures. 2021-10-27 15:11:04 -05:00
Daniel Pouzzner ac8fbe3fbd ssl.c: fix a couple trivial rebase errors. 2021-10-26 20:24:29 -05:00
John Safranek 75df6508e6 Add a read enable for private keys when in FIPS mode. 2021-10-26 20:24:29 -05:00
John Safranek 40e3cac695 Use correct value for pSz when setting the dhKeySize in the session. 2021-10-26 20:24:28 -05:00
John Safranek f2c4567164 Like the public key, zero pad the front of the private key. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner bc91187063 tls.c:TLSX_KeyShare_GenDhKey(): fix typo. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner e61d88657d WOLFSSL_ASYNC_CRYPT: in EccSharedSecret(), don't try to wolfSSL_AsyncInit() if there's no priv_key to supply an asyncDev; in RSA _ifc_pairwise_consistency_test(), disable async to force blocking crypto. 2021-10-26 20:24:28 -05:00
David Garske 303aa312a8 Fix the TLS v1.3 async key share support. Added WOLFSSL_NO_PUBLIC_FFDHE option to test without public FFDHE API's. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner e4d075de20 src/internal.c: FreeX509(): remove redundant free of x509->CRLInfo. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner 32349749a6 internal.c: SendServerKeyExchange(): check retval from wc_DhGetNamedKeyParamSize(). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner f60cb94b82 wolfcrypt/src/include.am and src/include.am: don't disrupt modtimes of fips/async source files if they already exist. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner e894340a64 tls13.c: mac2hash(): accommodate scenario where all hashes are gated out of the build (peer review). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner 972c6c032e ssl.c: clean up MD5->SHA refactor of wolfSSL_LH_strhash() (peer review). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner 87b965c964 include.am: in FIPS clauses, include wolfcrypt/src/aes_gcm_asm.S in src_libwolfssl_la_SOURCES when BUILD_AESNI, regardless of BUILD_INTELASM, as in the corresponding non-FIPS clause. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner 4a451caf7b src/sniffer.c: fix rebase errors. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner 083b97c5a3 tls.c: fix rebase error in TLSX_KeyShare_FreeAll(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner b93a18b34e src/internal.c: in SendServerKeyExchange() case diffie_hellman_kea, #ifdef HAVE_SECURE_RENEGOTIATION, enlarge buffers.serverDH_Pub.buffer to accomodate larger new key replacing smaller old key, whether or not ssl->namedGroup is set (copy-paste of existing in !ssl->namedGroup path). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner 67db7b7f32 fixes for issues identified by Jenkins run:
Makefile.am: clean .build_params file;

ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();

move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);

fix new unused-label defect in wc_ecc_shared_secret_gen_sync();

fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);

fix NO_INLINE ForceZero() prototype;

ecc.c: add missing if (err == MP_OKAY) in build_lut();

wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;

ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;

WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner 947a0d6a2f autotools/Makefiles: enable reproducible build by default for FIPS, and add -DHAVE_REPRODUCIBLE_BUILD to AM_CFLAGS;
refactor the HAVE_WC_INTROSPECTION mechanism to pass build params via $output_objdir/.build_params rather than abusing autotools config.h to pass them;

add support for EXTRA_CFLAGS on the make command line;

in FIPS builds, exclude pkcallbacks from --enable-all;

linuxkm: move test.o out of PIE container (uses function pointers as operands).
2021-10-26 20:24:27 -05:00
Daniel Pouzzner f1c1f76851 ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner 220a255281 use WOLFSSL_BIO_ERROR, not SOCKET_INVALID (both macros have value -1), as the default/unset value of WOLFSSL_BIO.num, to avoid unnecessary dependency on HAVE_SOCKADDR. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 4cf1826c8f PRAGMA_GCC_*: refactor macros to properly push a context, and refactor their use in src/tls13.c:DeriveKey() to deal with gcc context quirks that otherwise disabled the warning mask when defined(HAVE_FIPS); add a missing #ifndef NO_MD5 in ssl.c:wolfSSL_LH_strhash(). 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 54b3f1b252 src/tls.c:TLSX_KeyShare_GenDhKey(): don't generate a key if one is already set. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner b673622322 FIPS 140-3 misc fixes including fixes for rebase errors. 2021-10-26 20:24:26 -05:00
John Safranek f53a4db4e7 Unwind a few changes adding guards so it'll build with old FIPS. 2021-10-26 20:24:26 -05:00
John Safranek 04ffd2ab45 Fixes:
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
2021-10-26 20:24:26 -05:00
John Safranek 908ec9b14a Modify ffdhe to not return addresses. 2021-10-26 20:24:25 -05:00
John Safranek 7af87e5b32 Restore the HKDF code to hmac.c. For compatibility between FIPS builds. 2021-10-26 20:24:25 -05:00
John Safranek 6cf186696e Update the BUILD_FIPS_V4 flag to V5. Consolidate the Makefile include for the flavors of FIPS. 2021-10-26 20:24:25 -05:00
John Safranek 2de6b3b2bd Move the KDF functions into their own source file. 2021-10-26 20:24:25 -05:00
John Safranek 6dfef1400d Use the new APIs for HKDF extract with label. 2021-10-26 20:24:25 -05:00
John Safranek 7f64fc4efb Move the TLSv1.3 KDF into wolfCrypt with the other KDFs. 2021-10-26 20:24:25 -05:00