Commit Graph

18755 Commits

Author SHA1 Message Date
Andras Fekete c1cf8a8f34 Add in README.md 2022-12-15 12:54:21 -05:00
Andras Fekete 9c135e59dc Script can run from an arbitrary folder 2022-12-15 12:22:05 -05:00
Andras Fekete 64d39dbd74 Cleaner base image 2022-12-15 12:10:48 -05:00
Andras Fekete c1ad3457f3 Run as non-root local user 2022-12-15 12:10:25 -05:00
Andras Fekete be1b3ec007 Fix issue with multiple command arguments 2022-12-15 11:25:43 -05:00
Andras Fekete d55ef14cc7 First crack at creating a common Docker environment 2022-12-14 13:17:22 -05:00
Daniel Pouzzner 64ef6aedd6 Merge pull request #5882 from SparkiDev/sp_aarch64_be
SP: support aarch64 big endian
2022-12-12 22:06:38 -06:00
Sean Parkinson a7a6d5b297 Merge pull request #5874 from JacobBarthelmeh/tls13
adjust post auth support with TLS 1.3
2022-12-13 09:39:31 +10:00
Sean Parkinson bc3b723609 SP: support aarch64 big endian 2022-12-13 09:33:16 +10:00
David Garske d0c9ec6681 Merge pull request #5854 from JacobBarthelmeh/Certs
fix other name san parsing and add RID cert to test parsing
2022-12-12 14:44:07 -08:00
David Garske a1e883b43d Merge pull request #5875 from JacobBarthelmeh/Compatibility-Layer
fix for handling DEFAULT:... cipher suite list
2022-12-12 14:43:50 -08:00
David Garske 334042d7f5 Merge pull request #5881 from anhu/warn_session_ticket
Warn that renegotiation in TLS 1.3 requires session ticket.
2022-12-12 13:51:28 -08:00
David Garske 36413a2c11 Merge pull request #5879 from SparkiDev/api_test_timing
API test: Report time taken to perform test
2022-12-12 12:31:06 -08:00
David Garske f87859a00e Whitespace cleanups. Use const for test_tls_ext_duplicate. 2022-12-12 08:59:53 -08:00
David Garske 78f495cdae Merge pull request #5877 from SparkiDev/x509v3_d2i_aia
X509v3 EXT d2i: fix freeing of aia
2022-12-12 08:59:15 -08:00
David Garske 2a97862d26 Merge pull request #5878 from SparkiDev/benchmark_aesofb_fix
Benchmark AES-OFB: initialize and free AES object
2022-12-12 08:57:44 -08:00
Anthony Hu b017795413 Remove changes around wolfSSL_set_session() as it breaks tests. 2022-12-12 11:44:27 -05:00
Anthony Hu fffd3adc30 Warn that renegotiation in TLS 1.3 requires session ticket. 2022-12-12 11:30:01 -05:00
David Garske b871829833 Merge pull request #5811 from lealem47/zd15184
Async Sniffer: Fix for decryption after second handshake
2022-12-12 08:21:35 -08:00
Sean Parkinson b4b1739783 API test: Report time taken to perform test
API test now displays timing taken to perform a test case to help
identify ones that are doing too much work.
2022-12-12 12:24:38 +10:00
David Garske 50c5d61998 Merge pull request #5872 from SparkiDev/tls_ext_no_dup
TLS: detect duplicate known extensions
2022-12-11 16:53:38 -08:00
Sean Parkinson 819d40a76f Benchmark AES-OFB: initialize and free AES object
Device ID is not initialized unless wc_AesInit() is called.
Call wc_AesFree() for possible hardware implementations.
2022-12-12 10:45:21 +10:00
Sean Parkinson 7f3de91e25 X509v3 EXT d2i: fix freeing of aia
aia is a stack and must be pop freed rather than freed with XFREE.
Extract function that creates Authority Info Access stack.

Fix spelling issue raised by codespell.
2022-12-12 10:13:13 +10:00
Sean Parkinson 9ab8867b42 TLS: detect duplicate known extensions
TLS specification requires that there not be more than one extension of
the same type in a given extension block. E.g. ClientHello
2022-12-12 08:35:04 +10:00
JacobBarthelmeh f974bd4ad6 move test function call into macro guard 2022-12-10 15:45:14 -08:00
JacobBarthelmeh 8b296877ab fix for handling DEFAULT:... cipher suite list 2022-12-10 14:53:43 -08:00
JacobBarthelmeh 389cf6ed0a adjust post auth support with TLS 1.3 2022-12-10 06:49:51 -08:00
Daniel Pouzzner 11c4a0e228 Merge pull request #5866 from dgarske/ecc_pub_import
Fix API test `test_wc_ecc_import_raw` with SP math
2022-12-09 14:00:57 -06:00
David Garske 793bd6620b Fix unicode char in logging.c. 2022-12-09 10:36:35 -08:00
David Garske 52c6710783 Fix test_wc_ecc_import_raw to handle ECC_INF_E or MP_VAL on point failures. SP math returns MP_VAL in sp_256_ecc_is_point_4. 2022-12-09 10:32:46 -08:00
Tesfa Mael 85dc7a61c5 Detect SIZEOF_LONG in armclang and diab 2022-12-09 09:29:25 +01:00
Sean Parkinson c959d22b98 Merge pull request #5868 from dgarske/ecc_pub_math
Expose more ECC math functions and improve async shared secret
2022-12-09 08:37:26 +10:00
David Garske f8484fb5f3 Merge pull request #5869 from anhu/NO_SERVER_fix
Add proper gating on !NO_WOLFSSL_SERVER
2022-12-08 14:30:23 -08:00
Sean Parkinson 5d9532b0ee Merge pull request #5865 from dgarske/fix_-5864
Fix for implicit conversion with 32-bit in SP math
2022-12-09 08:24:04 +10:00
JacobBarthelmeh ab6233a01b Merge pull request #5870 from anhu/fix_sgx_stdout
stdout is undeclared
2022-12-08 15:22:30 -07:00
Anthony Hu 3aa74e3c8c stdout is undeclared 2022-12-08 15:29:48 -05:00
Anthony Hu cdaa4d8aa0 Add proper gating on !NO_WOLFSSL_SERVER
Found with the following configuration:

--enable-dtls --enable-dtls13 --enable-dtls-mtu CFLAGS="-DNO_WOLFSSL_SERVER"
2022-12-08 14:20:17 -05:00
David Garske 9cb19e36fe Merge pull request #5867 from anhu/dont_make_broken_key
For compatibility `EC_KEY_new_by_curve_name` check that we found curve
2022-12-08 11:09:56 -08:00
David Garske 9ad4e3f9ba Expose the safe version of point double/add and mulmod_ex with WOLFSSL_PUBLIC_ECC_ADD_DBL. Eliminate int wc_ecc_shared_secret_gen used by async/nb and improve async use of curve spec allocations. 2022-12-08 10:43:03 -08:00
Anthony Hu 937d247c7d Don't create a key if we don't support the curve.
Found with the following configuration:

./configure --enable-tls13 --disable-oldtls --enable-static --enable-singlethreaded --enable-dtls --enable-dtls13 --enable-dtls-mtu --enable-sp=yes,4096 --disable-shared --disable-sha3 --disable-dh --enable-curve25519 --enable-secure-renegotiation --enable-debug --enable-opensslextra 'CFLAGS=-DWOLFSSL_DTLS_ALLOW_FUTURE -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DFP_MAX_BITS=8192 -fomit-frame-pointer'
2022-12-08 12:13:12 -05:00
David Garske d264cbc899 Fix for implicit conversion with 32-bit in SP math.
Fixes `error: implicit conversion loses integer precision: sp_int64' (aka long long) to sp_digit (aka int)` building with `./configure CC="clang -m32" --enable-sp && make`
2022-12-08 08:31:02 -08:00
JacobBarthelmeh eb69ccb22c Merge pull request #5856 from icing/errq-improvements
Improvements in OpenSSL Compat ERR Queue handling.
2022-12-08 09:28:05 -07:00
Stefan Eissing 02094ebb2e Updates after review by JacobBarthelmeh.
- fix err/ret rename leftover for python builds
- add documenetation to thread-local functions
- move generic queue functions up
2022-12-08 09:53:05 +01:00
David Garske bdadbefb4c Merge pull request #5862 from JacobBarthelmeh/Compatibility-Layer
map SSL_CTX_get_session_cache_mode compat API
2022-12-07 14:50:31 -08:00
Sean Parkinson 1f607ee560 Merge pull request #5860 from tmael/entropy_memuse
Increase RNG_SECURITY_STRENGTH for FIPS
2022-12-08 08:26:07 +10:00
David Garske 099135b2f9 Merge pull request #5861 from kosmas-valianos/FixTypo
Fix wrong function name in wolfSSL_X509_get_name_oneline()
2022-12-07 13:03:54 -08:00
Jacob Barthelmeh 94212e68e5 map SSL_CTX_get_session_cache_mode compat API 2022-12-07 11:35:48 -07:00
Stefan Eissing 45f9ef5dd9 Improvements in OpenSSL Compat ERR Queue handling.
Configuration
- thread-local storaoge is selected when available
- '--enable-error-queue-per-thread' and '--disable-error-queue-per-thread' can
  be used as before to explicitly en-/disable the feature.

Implementation:
- with thread-local-storage, error queue is realized in one struct without
  allocations. Queue size is restricted to 16 entries (per thread), which
  is the same limit in OpenSSL 1.1.x.
- without thread-local-storage, all error queue operations are mutex locked
- wc_PeekErrorNodeLineData() and wc_GetErrorNodeErr() added for use by SSL
  functions to allow locked queue iterations/manipulations.
2022-12-07 18:14:45 +01:00
Kosmas Valianos 11f9bd85ee Fix wrong function name in wolfSSL_X509_get_name_oneline() 2022-12-07 16:00:05 +01:00
Tesfa Mael 1e0886180b Adjust ENTROPY_SCALE_FACTOR for FIPS 2022-12-06 23:01:13 -08:00