Commit Graph

2018 Commits

Author SHA1 Message Date
John Safranek a935f2f86d FIPS CAST Update
1. In the unit test, when checking the build options, also check for
   FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
   getting called, so the FIPS flags didn't get checked. (It was using
   wc_InitSha_ex() which bypasses the FIPS checks.)
2021-10-26 20:24:24 -05:00
JacobBarthelmeh 4825534062 Merge pull request #4500 from cconlon/errorQueueFix
fix wc_ERR_print_errors_fp() unit test with NO_ERROR_QUEUE
2021-10-27 05:56:32 +07:00
David Garske 9c665d7282 Merge pull request #4501 from embhorn/zd13114
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 10:47:59 -07:00
David Garske 87baf7818e Merge pull request #4505 from julek-wolfssl/fix-nids
Make NID's consistent v2
2021-10-26 10:29:42 -07:00
Eric Blankenhorn 19feab7850 Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow 2021-10-26 07:14:53 -05:00
Juliusz Sosinowicz 48b304be00 Fix issues with AIA_OCSP_OID and AIA_CA_ISSUER_OID 2021-10-26 11:47:27 +02:00
Juliusz Sosinowicz 348fec3d29 wc_ClearErrorNodes is a local API that is not exported for linking 2021-10-26 09:14:48 +02:00
Juliusz Sosinowicz 57b9170ac0 Make NID's consistent
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-26 09:14:25 +02:00
Sean Parkinson 08d9b145d9 ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist
Change SSL_FATAL_ERROR to  WOLFSSL_FATAL_ERROR
2021-10-26 15:50:52 +10:00
John Safranek a0c7c079b8 Revert "Make NID's consistent" 2021-10-25 21:57:28 -07:00
Sean Parkinson cdf72facbf Merge pull request #4429 from julek-wolfssl/fix-nids
Make NID's consistent
2021-10-26 09:59:26 +10:00
Sean Parkinson 6070981366 Merge pull request #4490 from dgarske/static_mem_unittest
Add CTX static memory API unit tests
2021-10-26 09:52:14 +10:00
Chris Conlon eb0b6ca122 fix unit test for wc_ERR_print_errors_fp() when NO_ERROR_QUEUE is defined 2021-10-25 13:50:39 -06:00
Chris Conlon 402ee29163 fix nid2oid/oid2nid for oidCertAuthInfoType 2021-10-22 16:53:18 -06:00
John Safranek d83d16af59 Merge pull request #4483 from julek-wolfssl/cov-reports 2021-10-22 13:07:57 -07:00
David Garske 229f0d5fd1 Merge pull request #4485 from JacobBarthelmeh/certs
Improve permitted alternate name logic in certificate ASN handling
2021-10-22 11:59:16 -07:00
David Garske c027fffa92 Fix for CTX free heap hint issue. With openssl extra the param and x509_store.lookup.dirs are allocated at CTX init and if heap or static pool was used depends on ctx->onHeapHint. Added test case for this and inline code comment. 2021-10-22 11:58:02 -07:00
John Safranek aad230a7e3 Restore a test case. Add a missing null-check. 2021-10-22 10:36:17 -07:00
David Garske 4c0527490d Fixes for API unit test with WOLFSSL_NO_ASN_STRICT. Fix spelling error. 2021-10-22 09:59:16 -07:00
Hayden Roche 0b6523d933 Rename pem_password_cb to wc_pem_password_cb.
Recently, we had a wolfEngine customer report a compilation error because
wolfSSL and OpenSSL both define the typedef pem_password_cb. The solution is to
namespace our typedef with the wc_ prefix. In order to not break existing code
that relies on wolfSSL providing pem_password_cb, if OPENSSL_COEXIST is not
defined, we define pem_password_cb as a macro that maps to wc_pem_password_cb.
2021-10-21 16:47:29 -07:00
David Garske b5f4a0c005 Improve API unit test to use X509_NAME_get_sz and make it widely available. 2021-10-21 16:42:19 -07:00
David Garske f17187aad9 Fixes for static memory testing. Fix clang memory sanitizer warnings. 2021-10-21 16:33:57 -07:00
David Garske 785e37790a Cleanup API test case debugging. 2021-10-21 12:35:06 -07:00
David Garske 911d95e5e4 Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS. 2021-10-21 11:47:00 -07:00
Juliusz Sosinowicz 79b738b5a6 commit-test and jenkins fixes 2021-10-21 14:29:28 +02:00
Juliusz Sosinowicz 4268763adb wc_ClearErrorNodes is a local API that is not exported for linking 2021-10-21 13:47:55 +02:00
Juliusz Sosinowicz 20473ba563 Make NID's consistent
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-21 13:01:57 +02:00
Jacob Barthelmeh 12f86b020a clean up test case memory and common name size 2021-10-20 17:13:34 -06:00
Jacob Barthelmeh f57801c17b more name constraint test cases and adjust DNS base name matching to not require . 2021-10-20 14:25:02 -06:00
David Garske 6d2a5fab9b Added test cases for EVP_PKCS82PKEY and EVP_PKEY2PKCS8. 2021-10-20 09:18:13 -07:00
Jacob Barthelmeh e0e43b6a16 clean up test case 2021-10-19 23:12:07 -06:00
Jacob Barthelmeh 3b73c6e3ae handle multiple permitted name constraints 2021-10-19 23:12:07 -06:00
Jacob Barthelmeh afee92e0cf bail out when a bad alt name is found in the list of alt names 2021-10-19 23:12:07 -06:00
David Garske de8798f4be Fix API unit tests where DH 3072-bit is not enabled. 2021-10-19 17:04:18 -07:00
David Garske a03ed32380 Support for Android KeyStore compatibility API's:
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
2021-10-19 17:04:18 -07:00
Sean Parkinson f04380d624 Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode
scan-build LLVM-13 fixes and expanded coverage
2021-10-20 08:30:46 +10:00
Sean Parkinson 41eecd37e5 Merge pull request #4471 from embhorn/zd11886
Fix build errors with NO_BIO config
2021-10-20 08:06:42 +10:00
Eric Blankenhorn c0b592ef82 Fix build error with WOLFSSL_USER_IO 2021-10-19 08:27:43 -05:00
Daniel Pouzzner e341291d99 scan-build LLVM-13 fixes: tests/api.c: fix -Wunused-but-set-variable for drive_len in test_wolfSSL_EVP_Cipher_extra() by removing the unused drive_len code. 2021-10-18 21:46:10 -05:00
Daniel Pouzzner 816527e826 scan-build fixes: back out all "#ifndef __clang_analyzer__" wrappers added to suppress false and frivolous positives from alpha.deadcode.UnreachableCode, and rename new macro WC_UNUSED to WC_MAYBE_UNUSED to make its meaning more precisely apparent. build is still clean with -Wunreachable-code-break -Wunreachable-code-return under scan-build-13. 2021-10-18 21:46:09 -05:00
Daniel Pouzzner 62822be6ce scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all. 2021-10-18 21:46:09 -05:00
Jacob Barthelmeh c07a7deec2 sanity check on q value with DSA sign 2021-10-18 10:17:49 -06:00
Eric Blankenhorn 17e0249a26 Fixing NO_BIO and OPENSSL_ALL errrors 2021-10-14 16:03:52 -05:00
David Garske 2aa2ef84b2 Merge pull request #4470 from LinuxJedi/md-cleanups
Cleanup markdown documentation
2021-10-14 11:04:48 -07:00
Eric Blankenhorn 61bab6f68b Fix test build errors with NO_BIO 2021-10-14 09:37:01 -05:00
Andrew Hutchings 11e3f867b0 Cleanup markdown documentation
* Add syntax highlighting where appropriate
* Fix some markdown compliance issues
* Add some links for things
* Add some inline code quoting
* Fix some headings
* Fix copyright date in doxygen html output
2021-10-13 16:39:46 +01:00
Jacob Barthelmeh 63c9fa7a37 add check on bit length of q with DSA 2021-10-11 09:52:57 -06:00
David Garske a395305cab Refactor API unit test named initializer code for callback_functions, to avoid older g++ build issues. 2021-10-08 14:04:21 -07:00
David Garske 854512105f Merge pull request #4314 from SparkiDev/libkcapi
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
2021-10-07 21:23:05 -07:00
Sean Parkinson e0abcca040 KCAPI: add support for using libkcapi for crypto (Linux Kernel)
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00