Lealem Amedie
064aace824
Add ability to switch to STD RSA method
2025-07-02 10:03:28 -06:00
kaleb-himes
844e961ff5
Check-in FIPS 140-3 PILOT changes
2023-08-28 15:43:24 -07:00
Daniel Pouzzner
ceae7d56fa
Merge pull request #4551 from ejohnstown/aes-ofb
...
Add AES-OFB to FIPS boundary
2021-11-15 22:56:43 -06:00
Daniel Pouzzner
cae3fcb9ce
Merge pull request #4569 from masap/i386-segfault
...
dsa.c: fix error-path mp_clear()s on uninitialized mp_ints in wc_DsaSign() and wc_DsaVerify().
2021-11-15 22:51:23 -06:00
Masashi Honma
6086728968
Fix possible segfault occurs when mp_clear() is executed for uninitialized mp_int
...
If NULL is passed as the digest argument of wc_DsaSign(), mp_clear() will be
called before mp_init() is called. This can cause segmentation fault.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-16 09:57:02 +09:00
Masashi Honma
f621defefe
Fix the segfault occurs when mp_clear() is executed for uninitialized mp_int on i386
...
test_wc_DsaSignVerify() passes the tests but causes an error.
free(): invalid pointer
If NULL is passed as the digest argument of wc_DsaVerify(), mp_clear() will be
called before mp_init() is called. On qemu-i386, the dp field of the mp_int
structure is non-null by default, which causes a segmentation fault when calling
mp_clear(). However, if WOLFSSL_SMALL_STACK is enabled, this problem does not
occur.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-16 09:56:56 +09:00
Sean Parkinson
64407bbd7d
Merge pull request #4564 from rizlik/unused_ret_value_fix
...
woflcrypt/src/rsa.c: check memory allocation return value
2021-11-16 08:56:47 +10:00
Daniel Pouzzner
c80e63a822
Merge pull request #4566 from ejohnstown/fips-check
...
fips-check script update
2021-11-15 13:23:54 -06:00
John Safranek
13871cf547
Set RC10 to be the default v5 FIPS build.
2021-11-15 10:03:50 -08:00
John Safranek
0d465cf42f
Add AES-OFB to FIPSv5 build as v5-RC10 (5,2)
2021-11-15 10:03:49 -08:00
David Garske
ab74bbcfee
Merge pull request #4567 from SparkiDev/sp_scripts_sync_1
...
SP sync: Missing update
2021-11-15 07:04:08 -08:00
Sean Parkinson
79f18c7585
SP sync: Missing update
2021-11-15 08:33:14 +10:00
Sean Parkinson
d6219567c1
Merge pull request #4565 from dgarske/spelling
...
Fixes for spelling errors
2021-11-15 08:20:41 +10:00
John Safranek
3384159cb9
Add WCv5.0-RC10 to fips-check script. Remove some new whitespace from sniffer.
2021-11-12 14:10:58 -08:00
David Garske
25054bd87f
Merge pull request #4538 from julek-wolfssl/sk_free-refactor
...
Refactor sk_*_free functions and stack type
2021-11-12 10:30:14 -08:00
David Garske
a626a4fb02
Fixes for spelling errors.
2021-11-12 10:27:49 -08:00
David Garske
600d562168
Merge pull request #4558 from anhu/falcon_bench
...
Add Falcon benchmarking.
2021-11-12 09:14:08 -08:00
Juliusz Sosinowicz
4112cd4b99
Make stack type an enum
2021-11-12 14:48:17 +01:00
Juliusz Sosinowicz
361975abbc
Refactor sk_*_free functions
...
Use a single `wolfSSL_sk_pop_free` and `wolfSSL_sk_free` function that free's the stack and optionally free's the node content as well.
2021-11-12 13:55:37 +01:00
John Safranek
2501aef34e
Merge pull request #4562 from SparkiDev/cert_suite_check
2021-11-11 15:36:12 -08:00
John Safranek
af67692e4a
Merge pull request #4559 from dgarske/sniffer_ht
2021-11-11 14:44:01 -08:00
John Safranek
4e20b93e72
Merge pull request #4556 from douzzer/updateFipsHash
2021-11-11 14:23:01 -08:00
John Safranek
c702dab988
Merge pull request #4561 from haydenroche5/wc_prf_fix
2021-11-11 13:03:58 -08:00
Marco Oliverio
3ea4e35737
woflcrypt/src/rsa.c: check memory allocation return value
2021-11-11 16:25:03 +01:00
Sean Parkinson
b5fd899113
TLS 1.2: check signature algo in ServerKeyExchange
2021-11-11 18:54:30 +10:00
Hayden Roche
2f29ca1092
Make fixes/improvements to TLS PRF code.
...
Make `wc_PRF` return an error if it doesn't find a corresponding hash for the
passed in hash type. Currently, if `wc_PRF_TLS` is called with `NO_OLD_TLS`
defined, it will do nothing but still return success. Make it return an error
instead. These problems were uncovered when running the wolfEngine unit tests
with wolfSSL 5.0.0 FIPS Ready, which defines `NO_MD5` and `NO_OLD_TLS`.
2021-11-10 15:19:43 -08:00
David Garske
607a3bfaa7
Merge pull request #4554 from SparkiDev/mp_test_32bit
...
mp_test: when SP_INT_DIGITS is even calc was wrong
2021-11-10 15:07:43 -08:00
David Garske
3c1deff611
Fix falcon bench cleanup case (should not free if init fails). Fix RSA key gen keySz with ./wolfcrypt/benchmark/benchmark -asym.
2021-11-10 15:03:44 -08:00
Anthony Hu
f2465e5688
include.am
2021-11-10 18:01:40 -05:00
Anthony Hu
242847760a
More appropriate file names.
2021-11-10 17:55:46 -05:00
Anthony Hu
453404a864
Get the falcon keys into wolfssl/certs_test.h
2021-11-10 17:33:24 -05:00
Anthony Hu
5fe078d7db
sig1, sig5 --> sig
2021-11-10 16:52:05 -05:00
Anthony Hu
246d470956
Refactor to do proper memory management.
2021-11-10 16:42:48 -05:00
David Garske
1cadf88f26
Fixes for sniffer and handling of out-of-order situations that can occur with a saturated link.
2021-11-10 13:37:21 -08:00
Anthony Hu
6165323829
Satisfy a jenkins test.
2021-11-10 15:29:09 -05:00
Anthony Hu
237b098ba5
Add Falcon benchmarking.
2021-11-10 14:53:35 -05:00
David Garske
b2ba6f94af
Merge pull request #4557 from LinuxJedi/doxygen-fixes
...
Fix up some Doxygen issues for 1.9
2021-11-10 11:29:47 -08:00
Andrew Hutchings
231546dacc
Fix more Doxygen typos
2021-11-10 17:26:33 +00:00
Andrew Hutchings
afe8d74333
Fix up some Doxygen issues for 1.9
...
Some of the Doxygen content was not processed correctly by Doxygen.
This patch fixes all the issues found.
2021-11-10 16:20:13 +00:00
Daniel Pouzzner
6d55f8e42a
ssl.c: fixes for C++ pointer type hygiene.
2021-11-09 22:41:06 -06:00
Daniel Pouzzner
ed0418c2a8
fix whitespace.
2021-11-09 22:17:38 -06:00
Daniel Pouzzner
313d29f752
linuxkm: in module_hooks.c, refactor WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED gates to WOLFSSL_LINUXKM_SIMD_X86, and add updateFipsHash().
2021-11-09 22:02:17 -06:00
Sean Parkinson
341bd7bbbc
mp_test: when SP_INT_DIGITS is even calc was wrong
2021-11-10 09:33:14 +10:00
Sean Parkinson
8e0fdc64be
Merge pull request #4522 from dgarske/static_eph
...
Fixes and refactor for static ephemeral key support
2021-11-10 08:22:51 +10:00
David Garske
9a83842c29
Merge pull request #4536 from luizluca/refactor_nameconstraints-permit
...
ASN: refactor name constraints checks
2021-11-09 10:44:17 -08:00
David Garske
bd0f6736c5
Merge pull request #4513 from masap/wpa_sup_dpp
...
Fix X509_PUBKEY_set() to show correct algorithm and parameters
2021-11-09 10:26:59 -08:00
David Garske
fe172ed9c1
Fix for generation of ephemeral key if static ephemeral is not set.
2021-11-09 10:14:23 -08:00
David Garske
eebed0cc1c
Fix for possible ret may be used uninitialized.
2021-11-09 08:27:44 -08:00
David Garske
df82b01e68
Added x448 static ephemeral support.
2021-11-09 08:27:42 -08:00
David Garske
e91439f2eb
Fixes for static ephemeral key support with threading and possible use after free.
2021-11-09 08:25:47 -08:00
David Garske
4a04e56ac8
Fix to allow calls to get TLS session random even if wolfSSL_KeepArrays has not been called.
2021-11-09 08:23:19 -08:00
David Garske
5dac25f470
Eliminate EIGHTK_BUF use in asn. Cleanup uses of 0 in set_verify for callback.
2021-11-09 08:23:19 -08:00
David Garske
1d9832c0de
Merge pull request #4545 from douzzer/misc-fixes-20211105
...
global typographic and file mode fixes
2021-11-08 20:54:20 -08:00
Daniel Pouzzner
97557ed29b
linuxkm: add --enable-benchmark switch (default yes) and BUILD_BENCHMARK conditional to configure.ac to allow build with testwolfcrypt but without benchmark; change gate in wolfcrypt/benchmark/include.am from if !BUILD_LINUXKM to if BUILD_BENCHMARK.
2021-11-08 18:25:15 -06:00
Daniel Pouzzner
03d5c4e6d3
test.c: fix whitespace.
2021-11-08 18:24:42 -06:00
Daniel Pouzzner
18e487069b
src/internal.c: fix typo introduced in earlier "typographic cleanup".
2021-11-08 18:24:08 -06:00
Daniel Pouzzner
95bed1cdfd
test.c: smallstack refactors for idea_test(), ed448_test(), and verifyBundle() (fixes various error-dependent leaks too).
2021-11-08 17:35:10 -06:00
Daniel Pouzzner
25f74d4967
ssl.c: wolfSSL_UseALPN(): allocate char **token (2kB) on the heap, not the stack.
2021-11-08 17:35:10 -06:00
Daniel Pouzzner
f8565f26e2
fixes for --disable-harden.
2021-11-08 17:35:10 -06:00
Daniel Pouzzner
27d4bb304c
test.c add smallstack refactor of pkcs7enveloped_run_vectors().
2021-11-08 17:35:10 -06:00
Daniel Pouzzner
26cc534dd2
wolfcrypt/test/test.c: fix memory leaks in pkcs7signed_run_[SingleShot]Vectors() added in smallstack refactor.
2021-11-08 17:35:10 -06:00
Daniel Pouzzner
11ffb037ba
linuxkm/module_exports.c.template: remove accidentally added MSC clause.
2021-11-08 17:35:10 -06:00
Daniel Pouzzner
beebd1411d
linuxkm/module_hooks.c: fix whitespace, and update code around WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE and updateFipsHash().
2021-11-08 17:35:10 -06:00
Daniel Pouzzner
8b3048a0ea
wolfcrypt/test/test.c: smallstack refactors for pkcs7authenveloped_run_vectors(), pkcs7signed_run_vectors(), and pkcs7signed_run_SingleShotVectors(); typographic&whitespace cleanup.
2021-11-08 17:35:10 -06:00
Daniel Pouzzner
59ec9fc285
configure.ac: refactor setup for --enable-reproducible-build; remove mutex between --enable-sp-math and --enable-sp-math-all (they can now coexist); whitespace cleanup.
2021-11-08 17:35:10 -06:00
Daniel Pouzzner
0b4f34d62a
typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C.
2021-11-08 17:35:05 -06:00
Luiz Angelo Daros de Luca
01335e2e1c
ASN: refactor name constraints checks
...
Use the same logic for any type of name constraint.
It could be even cleaner if there were a altNamesByType[],
permittedNamesByType[] and excludedNamesByType[] in cert.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com >
2021-11-08 20:29:18 -03:00
Daniel Pouzzner
8f121e7752
file modes: clear inappropriate executable bits.
2021-11-08 17:28:11 -06:00
Sean Parkinson
dd833807d8
Merge pull request #4523 from dgarske/nxp_se050_fixes
...
Fixes for NXP SE050 ECC create and key store id
2021-11-09 08:56:03 +10:00
David Garske
5a4577eb6c
Merge pull request #4541 from SparkiDev/mp_hexchar_asm
...
SP, TFM: fixes
2021-11-08 14:49:02 -08:00
Sean Parkinson
49024b131e
Merge pull request #4534 from JacobBarthelmeh/fuzzing
...
check size of values with sp_gcd
2021-11-09 08:40:21 +10:00
Masashi Honma
ee39fd079f
Fix X509_PUBKEY_set() to show correct algorithm and parameters
...
When build with OpenSSL, trailing program outputs these messages.
algorithm: id-ecPublicKey
parameters: prime256v1
But with wolfSSL, X509_PUBKEY_get0_param() fails.
This patch fixes wolfSSL to display the same values as OpenSSL.
This program was extracted from wpa_supplicant in order to reproduce the
issue.
----------------
int main(void)
{
EVP_PKEY *pkey;
X509_PUBKEY *pub = NULL;
ASN1_OBJECT *ppkalg, *poid;
const ASN1_OBJECT *pa_oid;
const uint8_t *pk;
int ppklen, ptype;
X509_ALGOR *pa;
void *pval;
char buf[100];
const uint8_t data[] = {
0x30, 0x39, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, 0x03, 0x33, 0x6d, 0xb4, 0xe9, 0xab,
0xf1, 0x1c, 0x96, 0x87, 0x5e, 0x02, 0xcc, 0x92, 0xaf, 0xf6, 0xe1, 0xed, 0x2b, 0xb2, 0xb7, 0xcc,
0x3f, 0xd2, 0xb5, 0x4e, 0x6f, 0x20, 0xc7, 0xea, 0x2f, 0x3f, 0x42
};
size_t data_len = sizeof(data);
const uint8_t *p;
int res;
p = data;
pkey = d2i_PUBKEY(NULL, &p, data_len);
if (!pkey) {
fprintf(stderr, "d2i_PUBKEY() failed\n");
return -1;
}
if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) {
fprintf(stderr, "invalid type\n");
EVP_PKEY_free(pkey);
return -1;
}
res = X509_PUBKEY_set(&pub, pkey);
if (res != 1) {
fprintf(stderr, "X509_PUBKEY_set() failed\n");
return -1;
}
res = X509_PUBKEY_get0_param(&ppkalg, &pk, &ppklen, &pa, pub);
if (res != 1) {
fprintf(stderr, "X509_PUBKEY_get0_param() failed\n");
return -1;
}
res = OBJ_obj2txt(buf, sizeof(buf), ppkalg, 0);
if (res < 0 || (size_t) res >= sizeof(buf)) {
fprintf(stderr, "OBJ_obj2txt() failed\n");
return -1;
}
fprintf(stdout, "algorithm: %s\n", buf);
X509_ALGOR_get0(&pa_oid, &ptype, (void *) &pval, pa);
if (ptype != V_ASN1_OBJECT) {
fprintf(stderr, "X509_ALGOR_get0() failed\n");
return -1;
}
poid = pval;
res = OBJ_obj2txt(buf, sizeof(buf), poid, 0);
if (res < 0 || (size_t) res >= sizeof(buf)) {
fprintf(stderr, "OBJ_obj2txt() failed\n");
return -1;
}
fprintf(stdout, "parameters: %s\n", buf);
X509_PUBKEY_free(pub);
EVP_PKEY_free(pkey);
return 0;
}
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-09 07:30:58 +09:00
David Garske
4453001fac
Merge pull request #4550 from kareem-wolfssl/gh4547
...
Fix doAsync warning in bench_ecc.
2021-11-08 13:24:18 -08:00
David Garske
478f57b347
Merge pull request #4535 from kareem-wolfssl/zd13165
...
Fix building with NO_ECC_KEY_EXPORT.
2021-11-08 11:11:53 -08:00
David Garske
67a11df15b
Merge pull request #4548 from anhu/TlS
...
Fix capitalization.
2021-11-08 11:07:00 -08:00
Kareem
2f1a37769e
Fix doAsync warning in bench_ecc.
2021-11-08 11:42:05 -07:00
Anthony Hu
a28e44730c
Fix capitalization.
2021-11-08 11:45:49 -05:00
David Garske
3a9be7373f
Merge pull request #4532 from embhorn/zd13139
...
Fix mem leak in HandleTlsResumption
2021-11-08 08:39:45 -08:00
John Safranek
d46b140250
Merge pull request #4544 from dgarske/hmachash
2021-11-05 15:11:07 -07:00
David Garske
3941eea626
Fixes for peer review feedback. Improve the ECC key bit calculation. Improve the signature RS unsigned bin creation.
2021-11-05 14:53:20 -07:00
Kaleb Himes
ba291b519d
Merge pull request #4543 from julek-wolfssl/server-echo-return
...
Check correct var for `server.c` echo return.
2021-11-05 11:26:15 -06:00
Eric Blankenhorn
d6264059ac
Fix mem leak in HandleTlsResumption
2021-11-05 11:40:40 -05:00
David Garske
e9aa76b34e
Merge pull request #4542 from SparkiDev/dh_enc_fix
...
DH encoding: use correct length for inner sequence
2021-11-05 08:50:43 -07:00
David Garske
4fe17cc143
Merge pull request #4527 from julek-wolfssl/zd13097
...
Fix a heap buffer overflow with mismatched PEM structure ZD13097
2021-11-05 08:50:28 -07:00
David Garske
7fca031346
Remove duplicate code in wc_HmacFree (looks like past merge error).
2021-11-05 08:20:39 -07:00
Juliusz Sosinowicz
6d89de4f11
Check correct var for server.c echo return.
2021-11-05 16:10:17 +01:00
Sean Parkinson
d01f0d7a4c
DH encoding: use correct length for inner sequence
...
Only affect small DH keys (like 512 bits).
2021-11-05 15:02:14 +10:00
Sean Parkinson
dc911b94e7
SP, TFM: fixes
...
HexCharToByte must be cast to a signed char as a char is unsigned on
some platforms.
Redefine the __asm__ and __volatile__ for ICC and KEIL in sp_int.c
mp_test: don't use large bit lengths if unsupported.
2021-11-05 11:49:24 +10:00
Chris Conlon
ae84a2a326
Merge pull request #4293 from TakayukiMatsuo/set_min_proto
...
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
2021-11-04 14:59:34 -06:00
David Garske
74a32e92eb
Rename the internal "Hash" structure used by Hmac as it is too generic.
2021-11-04 11:56:00 -07:00
David Garske
d8faa22194
Fix for ecc_def_curve_test test changes.
2021-11-04 11:54:09 -07:00
David Garske
16afe7ff87
Merge pull request #4540 from anhu/forLealem
...
Changes suggest by Lealem after he tried the instructions.
2021-11-04 11:44:18 -07:00
Anthony Hu
6f9e501f45
Changes suggest by Lealem after he tried the instructions.
2021-11-04 11:00:18 -04:00
Juliusz Sosinowicz
1faa9e66b6
Check wolfSSL_BIO_read return
2021-11-04 15:34:33 +01:00
Kareem
60a86157c7
Fix building with NO_ECC_KEY_EXPORT.
2021-11-03 16:03:26 -07:00
Jacob Barthelmeh
ca72beb688
check size of values with sp_gcd
2021-11-03 16:56:45 -06:00
Sean Parkinson
8f7df68869
Merge pull request #4533 from JacobBarthelmeh/Testing
...
additional checks on fp montgomery return value
2021-11-04 08:36:27 +10:00
David Garske
b84edb5c67
Fixes for NXP SE050 testing with hardware.
2021-11-03 12:47:07 -07:00
Jacob Barthelmeh
7ca95bfaca
additional checks on fp montgomery return value
2021-11-03 11:40:14 -06:00
David Garske
d24bfb6bf7
Merge pull request #4530 from anhu/falcon-pqsig
...
The NIST round 3 Falcon Signature Scheme integration.
2021-11-03 09:35:01 -07:00
David Garske
e9fbd94150
Fix for _ecc_validate_public_key and unused parameters for partial and priv.
2021-11-03 08:10:37 -07:00
David Garske
495cac8ad7
Fixes for NXP SE050 key sizes and key id use. Related to #4526
2021-11-02 16:34:19 -07:00
Anthony Hu
dbe3e550b0
Correct the directory to pq in reference to wolfssl-examples
2021-11-02 15:35:39 -04:00
David Garske
2abb2eae7d
Changed NXP SE050 to not use symmetric offloading by default. If desired use WOLFSSL_SE050_HASH and WOLFSSL_SE050_CRYPT.
2021-11-02 12:00:24 -07:00
Anthony Hu
04f27551aa
Some more sensible constants.
2021-11-02 14:59:31 -04:00
David Garske
945e4a0885
Merge pull request #4529 from anhu/disable_dh
...
Fix for being able to build with LIBOQS but without DH
2021-11-02 08:54:40 -07:00
David Garske
b652d2e631
Merge pull request #4524 from JacobBarthelmeh/Release
...
bump to dev version and touch up readme
2021-11-02 08:54:14 -07:00
Anthony Hu
81def76b18
The NIST round 3 Falcon Signature Scheme integration.
2021-11-02 11:12:10 -04:00
Anthony Hu
e1cc1e831e
Fix for being able to build with LIBOQS but without DH
...
The following configuration yielded a compile error:
./configure --with-liboqs --disable-dh
This fixes bug reported on ZD13028.
2021-11-02 10:16:38 -04:00
Juliusz Sosinowicz
23487a4532
Fix a heap buffer overflow with mismatched PEM structure ZD13097
2021-11-02 11:31:22 +01:00
Sean Parkinson
2745f394e5
Merge pull request #4525 from cconlon/sslopno
...
TLS 1.3: check SSL_OP_NO_TLSv1_2 in TLS 1.3 clients
2021-11-02 09:40:59 +10:00
Jacob Barthelmeh
ac5e9e5e7c
bump to dev version and touch up readme
2021-11-01 15:50:03 -06:00
David Garske
7e01af0121
Merge pull request #4521 from JacobBarthelmeh/Release
...
prepare for release v5.0.0
2021-11-01 12:45:22 -07:00
Jacob Barthelmeh
7c3d1c7fbc
update rpm spec
2021-11-01 12:24:53 -06:00
Jacob Barthelmeh
44219906e0
add kdf.c to cs+ project
2021-11-01 12:02:53 -06:00
Daniel Pouzzner
6f18ba15b0
linuxkm: accommodate printk()->_printk() renaming in kernel 5.15+.
2021-11-01 11:49:56 -06:00
Daniel Pouzzner
742492cb5e
linuxkm/Makefile: fix module sign-file error handling.
2021-11-01 11:49:48 -06:00
Jacob Barthelmeh
d869c60605
prepare for release v5.0.0
2021-11-01 11:43:25 -06:00
David Garske
f63a799f18
Fix for ECC create key public export size and key size bits. Fix for key store ID vs key ID.
2021-11-01 09:52:12 -07:00
David Garske
99f44149eb
Merge pull request #4520 from JacobBarthelmeh/Testing
...
add kdf.c file to IDE projects and cmake, few edge case fuzz reports, remove exe bit and c files
2021-11-01 08:35:11 -07:00
Jacob Barthelmeh
fb7baf28ca
fix for xcode build and revert cmake change
2021-10-29 16:55:05 -06:00
Daniel Pouzzner
6ba55edd50
fix async warnings
2021-10-29 14:37:39 -06:00
Jacob Barthelmeh
1d91ccb41b
remove exe bit on example.c and server.c
2021-10-29 13:12:43 -06:00
Jacob Barthelmeh
03bc45c5b1
check if private key exists before using with private key check function
2021-10-29 10:51:24 -06:00
David Garske
5ad580b233
Merge pull request #4517 from elms/cmake/kdf
...
cmake: Add `kdf.c` and `FIPS_V5`
2021-10-29 09:29:23 -07:00
JacobBarthelmeh
fc01723407
Merge pull request #4516 from dgarske/asn_templ_genname
...
Fix for ASN template general name parsing
2021-10-29 23:14:50 +07:00
David Garske
a6415493eb
Merge pull request #4518 from douzzer/nestable-save-vector-registers
...
linuxkm: fixes for {save,restore}_vector_registers_x86().
2021-10-29 09:14:32 -07:00
David Garske
8a8a6cf17f
Merge pull request #4515 from kareem-wolfssl/zd13006
...
wc_scrypt: Check for underflow in blocksSz calculation.
2021-10-29 08:23:37 -07:00
Daniel Pouzzner
ddf927ae41
linuxkm: fixes for {save,restore}_vector_registers_x86().
2021-10-29 01:26:48 -05:00
Elms
49389f3074
cmake: Add kdf.c and FIPS_V5
2021-10-28 16:50:15 -07:00
David Garske
e60c2201b2
Fix for general name parsing with WOLFSSL_ASN_TEMPLATE to use right length for general names and properly NULL terminate.
2021-10-28 16:13:58 -07:00
Jacob Barthelmeh
8775823fa0
handling edge cases with ecc import and decrypt functions
2021-10-28 17:11:56 -06:00
Chris Conlon
afad1374a3
check SSL_OP_NO_TLSv1_2 in TLS 1.3 enabled client
2021-10-28 16:30:02 -06:00
Jacob Barthelmeh
e10e3a92b8
add kdf.c to cmake build
2021-10-28 16:27:45 -06:00
Jacob Barthelmeh
9ec9ace7ea
adding kdf.c to IDE builds
2021-10-28 16:19:18 -06:00
Kareem
39c9fa96bc
wc_scrypt: Code review feedback.
2021-10-28 15:02:53 -07:00
David Garske
6b3ff9bae2
Merge pull request #4459 from julek-wolfssl/missing-ext
...
Add x509 name attributes and extensions to DER parsing and generation
2021-10-28 14:30:37 -07:00
Kareem
0ecb81e74a
wc_scrypt: Check for underflow in blocksSz calculation.
2021-10-28 14:18:22 -07:00
David Garske
0a26335243
Merge pull request #4446 from ejohnstown/dtls-sizing
...
DTLS Sizing
2021-10-28 14:15:36 -07:00
David Garske
2c42770eea
Merge pull request #4508 from elms/cmake/tlsx
...
cmake: add SNI and TLSx
2021-10-28 14:03:59 -07:00
Juliusz Sosinowicz
9c8e4f558c
Explicit cast to int
2021-10-28 21:05:19 +02:00
Juliusz Sosinowicz
adee6a86d1
Return the close notify error when expecting an error.
2021-10-28 20:53:58 +02:00
David Garske
6bb7e3900e
Merge pull request #4511 from JacobBarthelmeh/Testing
...
build fixes and PKCS7 BER encoding fix
2021-10-28 10:52:58 -07:00
David Garske
e4e6242fde
Merge pull request #4514 from SparkiDev/zephyr_fix_2
...
Fixes for Zephyr OS
2021-10-28 07:52:32 -07:00
Juliusz Sosinowicz
8cba5dda17
Need to free x509 in tests
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
a738c16b2f
Can't have macros within macros
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
7d6f8ea255
Update wrong email in gen script
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
ef37eeaeaa
Code review fixes
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
a6be157628
Gate new AKID functionality on WOLFSSL_AKID_NAME
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
cb79bc5c46
Use same code for DecodeNsCertType with templates
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
842dba7946
Put address and postal code in WOLFSSL_CERT_EXT
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
2531cd961f
Code review fixes
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
d9af698aa4
Implement raw AKID with WOLFSSL_ASN_TEMPLATE
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
c162196b27
Add x509 name attributes and extensions to DER parsing and generation
...
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
894303be59
Make the wolfSSL_GetMaxFragSize parameter meaning consistent
...
- Add testing for sending as much app data as possible in a single DTLS record
2021-10-28 14:46:15 +02:00
Sean Parkinson
623a84ed7b
Fixes for Zephyr OS
...
time is not available.
Must include clock module
kdf.c missing from file list
2021-10-28 15:57:46 +10:00
Sean Parkinson
7baffd9cf1
Merge pull request #4512 from douzzer/fips-check-linuxv5-uses-tag-WCv5.0-RC9
...
fips-check.sh update for WCv5.0-RC9 tags
2021-10-28 14:15:55 +10:00
Sean Parkinson
0e18e9c404
Merge pull request #4502 from dgarske/async_test
...
Fixes for async TLS v1.3
2021-10-28 14:13:32 +10:00
David Garske
55ee5e41db
Merge pull request #4510 from SparkiDev/sp_cmp_c64
...
SP: change to sp_c32.c now in scripts caused changes to sp_c64.c
2021-10-27 18:50:13 -07:00
Daniel Pouzzner
46ecf752b4
fips-check.sh: update wolfSSL remote & tag for linuxv5 aka linuxv5-RC9.
2021-10-27 18:17:57 -05:00
John Safranek
7cbfb27fa0
When adding cipherExtraData(), also account for TLSv1.3.
2021-10-27 15:12:31 -07:00
John Safranek
9f3f9c53fd
Remove debugging printfs. Added some guards around DTLS and AEAD only things.
2021-10-27 15:12:31 -07:00
Juliusz Sosinowicz
be3b6b47ef
DTLS MTU fixes
2021-10-27 15:12:31 -07:00
John Safranek
77ebd11781
Updating based on MTU. Debugging prints.
2021-10-27 15:12:31 -07:00
John Safranek
be2e7e25ac
Change the calculation for the extra data size in a DTLS message when checking to see if it'll fit in an MTU. (ZD12983)
2021-10-27 15:12:31 -07:00
David Garske
c16f0db1b5
Fixes for handling WC_PENDING_E async responses in API unit test and examples. Resolves all issues with --enable-all --enable-asynccrypt --with-intelqa=.
2021-10-27 15:08:39 -07:00
David Garske
a2ad01604f
Fix devId, which must be -2 or INVALID_DEVID (not 0). Fix RSA doc typo.
2021-10-27 15:08:38 -07:00
David Garske
eb56b652ca
Fix for async TLS v1.3 with multiple WC_PENDING_E on client_hello and server_hello processing. Fix for not aligned NUMA.
2021-10-27 15:08:38 -07:00
Sean Parkinson
34095dfd38
Merge pull request #4509 from dgarske/fix_sesstick
...
Fix for session ticket handling with error cases
2021-10-28 08:07:10 +10:00
David Garske
f14bd41733
Merge pull request #4359 from douzzer/fipsv3-rebased
...
fips 140-3 linuxkm edition
2021-10-27 15:06:48 -07:00
Jacob Barthelmeh
f585dcd5ab
adjust inSz with BER PKCS7 parsing
2021-10-27 15:12:04 -06:00
Daniel Pouzzner
f413ff8b3a
tls.c: TLSX_SupportedFFDHE_Set(): add handling for malloc failures.
2021-10-27 15:11:04 -05:00
Jacob Barthelmeh
00249b70ae
fix for build with WOLFSSL_SGX
2021-10-27 13:22:45 -06:00
Daniel Pouzzner
3a80ba6744
configure.ac: fixes for --enable-fips logic.
2021-10-26 22:51:59 -05:00
Daniel Pouzzner
d105256330
fips-check.sh: remap fips-ready target to be ready flavor of 140-3, temporarily with FIPS_VERSION="master"; add fips-v3-ready target with FIPS_VERSION="v4.1.1"; add linuxv5|linuxv5-RC9 target to be updated after merge with tags.
2021-10-26 20:24:29 -05:00
Daniel Pouzzner
d527b25034
configure.ac: FIPS: remap "ready" to be ready flavor of 140-3 (i.e. v5-ready); add v3-ready for ready flavor of 140-2.
2021-10-26 20:24:29 -05:00
Daniel Pouzzner
8ee49cd50c
linuxkm: in module_hooks.c:wolfssl_init(), add support for WC_RNG_SEED_CB.
2021-10-26 20:24:29 -05:00
Daniel Pouzzner
071be3171e
linuxkm: in module_hooks.c, fix logic+gating around CONFIG_MODULE_SIG and WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE.
2021-10-26 20:24:29 -05:00
John Safranek
9b5f8c84b0
Change the WIN10 project files to build for FIPS v5.
2021-10-26 20:24:29 -05:00
Daniel Pouzzner
073bef579b
linuxkm: add missing #ifdef OPENSSL_EXTRA around openssl includes in module_exports.c.template, and add an assert to configure.ac disallowing linuxkm+opensslextra.
2021-10-26 20:24:29 -05:00
Daniel Pouzzner
ac8fbe3fbd
ssl.c: fix a couple trivial rebase errors.
2021-10-26 20:24:29 -05:00
John Safranek
6e9f9c8fe8
Update the Windows user_settings for recent updates.
2021-10-26 20:24:29 -05:00
Daniel Pouzzner
7915f6acb0
linuxkm: add the remainder of known needed SAVE_VECTOR_REGISTERS() wrappers to PK algs, add DEBUG_VECTOR_REGISTERS_{EXIT,ABORT}_ON_FAIL options; add a slew of ASSERT_SAVED_VECTOR_REGISTERS() to sp_x86_64.c (autogenerated, separate scripts commit to follow).
2021-10-26 20:24:29 -05:00
John Safranek
75df6508e6
Add a read enable for private keys when in FIPS mode.
2021-10-26 20:24:29 -05:00
Daniel Pouzzner
1d07034fb9
linuxkm: fix line length in types.h, and add #ifdef _MSC_VER #pragma warning(disable: 4127) to work around MSC bug re "conditional expression is constant"; fix flub in ecc.c.
2021-10-26 20:24:29 -05:00
Daniel Pouzzner
62c1bcae8a
linuxkm: {SAVE,RESTORE}_VECTOR_REGISTERS() wrappers around RSA, DH, and ECC routines that might use sp-asm.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
0eb76bcfd8
linuxkm: add missing RESTORE_VECTOR_REGISTERS() in wolfcrypt/src/poly1305.c:wc_Poly1305Update().
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
85a8c06062
linuxkm: add DEBUG_VECTOR_REGISTER_ACCESS (debug feature switch), ASSERT_SAVED_VECTOR_REGISTERS, and ASSERT_RESTORED_VECTOR_REGISTERS macros, and move the fallback no-op definitions of the SAVE_VECTOR_REGISTERS and RESTORE_VECTOR_REGISTERS to types.h. also fixed several ASCII TAB characters in types.h.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e0395c6441
linuxkm: in wolfcrypt/src/sha{256,512}.c, remove {SAVE,RESTORE}_VECTOR_REGISTERS() wrappers around AVX implementations, as this needs to be refactored for efficiency and the underlying assembly is not yet kernel-compatible.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
ad4c200cd2
linuxkm: wolfcrypt/src/memory.c: in {save,restore}_vector_registers_x86(), allow for recursive calls (some crypto calls are recursive).
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
fc73c6dbea
linuxkm: fix Makefile to properly pivot module signature on CONFIG_MODULE_SIG==y; remove not-yet-kernel-compatible asm files from the ASFLAGS_FPU_DISABLE_SIMD_ENABLE list, matching the OBJECT_FILES_NON_STANDARD list, for clarity.
2021-10-26 20:24:28 -05:00
John Safranek
40e3cac695
Use correct value for pSz when setting the dhKeySize in the session.
2021-10-26 20:24:28 -05:00
John Safranek
f2c4567164
Like the public key, zero pad the front of the private key.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
bc91187063
tls.c:TLSX_KeyShare_GenDhKey(): fix typo.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
aca43cfe52
linuxkm/Kbuild: include -fno-omit-frame-pointer in HOST_EXTRACFLAGS, in case the target kernel has profiling enabled; remove the "always := $(hostprogs)" rule, as it doesn't work and causes warnings on kernel 5.10.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
8bdae98a93
fips-check.sh: temporarily arrange for "linuxv5" to be an alias of "linuxv5-ready", to arrange for Jenkins testing of wolfcrypt code in the PR in FIPS mode.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
a3435ca062
fips-check.sh: exit (fatal error) if git fails.
2021-10-26 20:24:28 -05:00
John Safranek
f1d43f6891
Add error code for the private key read lockout.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
31f13a7f41
wolfcrypt/test/test.c: when HAVE_FIPS, wrap wc_MakeRsaKey() calls in infinite iteration while ret == PRIME_GEN_E, to inhibit nondeterministic failure mode from FIPS-limited _CheckProbablePrime() iteration.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
490a1238a8
configure.ac: refactor AC_CHECK_FILES brought in by rebase, to fix warning.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
b577984574
rsa.c: fix whitespace.
2021-10-26 20:24:28 -05:00
David Garske
3fcdcbc1f9
Fix for RSA _ifc_pairwise_consistency_test to make the async blocking.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e61d88657d
WOLFSSL_ASYNC_CRYPT: in EccSharedSecret(), don't try to wolfSSL_AsyncInit() if there's no priv_key to supply an asyncDev; in RSA _ifc_pairwise_consistency_test(), disable async to force blocking crypto.
2021-10-26 20:24:28 -05:00
David Garske
303aa312a8
Fix the TLS v1.3 async key share support. Added WOLFSSL_NO_PUBLIC_FFDHE option to test without public FFDHE API's.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
75e4c0869e
DH: move declaration of wc_DhPublicKeyDecode() from dh.h to asn.h (it is defined in asn.c).
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
10304c9143
linuxkm: portability fix in aes.c for SAVE_VECTOR_REGISTERS() call ("embedding a directive within macro arguments is not portable").
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
c0778e5ad9
gate access to wc_Sha512.devId on !NO_SHA2_CRYPTO_CB.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
5d796ba06c
settings.h: add WOLFSSL_MAKE_FIPS_VERSION(), WOLFSSL_FIPS_VERSION_CODE, and FIPS_VERSION_{LT,LE,EQ,GE,GT} macros; define NO_SHA2_CRYPTO_CB macro if HAVE_FIPS && FIPS_VERSION_LT(5,1); refactor other FIPS version dependencies in settings.h to use new macros.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
0f05a71bfb
linuxkm: refactor SAVE_VECTOR_REGISTERS() macro to take a fail clause as an argument, to allow the preprocessor to completely eliminate it in non-kernel builds, and for backward compat with WCv5.0-RC8.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
6160da243d
linuxkm: use EXPORT_SYMBOL_NS_GPL() for exports.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
c2c2e5b4f5
tests/api.c: post_auth_version_cb(): add missing gating on !NO_ERROR_QUEUE for wolfSSL_ERR_get_error() test.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e4d075de20
src/internal.c: FreeX509(): remove redundant free of x509->CRLInfo.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
61df408d70
configure.ac: fix handling of ENABLED_FIPS->REPRODUCIBLE_BUILD_DEFAULT=yes; take JNI back out of from enable-all feature set because it adds -DNO_ERROR_QUEUE to flags; fix typo in FIPS test for --with-max-rsa-bits setup.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
32349749a6
internal.c: SendServerKeyExchange(): check retval from wc_DhGetNamedKeyParamSize().
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
361559ca30
settings.h: set HAVE_PUBLIC_FFDHE as in configure.ac (FIPS v2 and SELFTEST) if it isn't already set.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
342e319870
dsa.c: fix up comment spelling/typography in wc_MakeDsaKey().
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
a5c03f65e3
tests/api.c: fix test_CryptoCb_Func() to not attempt signing op on ephemeral ECC keys.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
1f6eb4648e
configure.ac: remove WOLFSSL_VALIDATE_ECC_IMPORT and WOLFSSL_VALIDATE_ECC_KEYGEN from enable-all and enable-all-crypto feature sets.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
7a4ec22953
pkcs7.c: further smallstack refactor of PKCS7_EncodeSigned().
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
fb49d814c5
configure.ac and autogen.sh: fix warnings in configure.ac, and enable WARNINGS=all,error in autogen.sh. also, remove --verbose to avoid obscuring warning output.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
f60cb94b82
wolfcrypt/src/include.am and src/include.am: don't disrupt modtimes of fips/async source files if they already exist.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
ab4c96292b
autogen.sh: disable WARNINGS=all until autotools config is fixed.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e894340a64
tls13.c: mac2hash(): accommodate scenario where all hashes are gated out of the build (peer review).
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
972c6c032e
ssl.c: clean up MD5->SHA refactor of wolfSSL_LH_strhash() (peer review).
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e9332c1ce4
autogen.sh: refactor to not disrupt modtimes of fips/async source files if they already exist. also, assert success on any file ops, and properly export WARNINGS to autoreconf.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
255d2d650f
rsa.c: add missing WOLFSSL_ASYNC_CRYPT clauses to _ifc_pairwise_consistency_test().
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
87b965c964
include.am: in FIPS clauses, include wolfcrypt/src/aes_gcm_asm.S in src_libwolfssl_la_SOURCES when BUILD_AESNI, regardless of BUILD_INTELASM, as in the corresponding non-FIPS clause.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
0f407b4bfc
test.c: fix indirection flubs in _ASYNC_CRYPT parts of ecc_test_sign_vectors().
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f264741aa0
benchmark.c: fix -Wstringop-truncation in _ASYNC_CRYPT bench_stats_add().
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
0231446006
configure.ac: don't warn about loading real async files if async.c is present and non-empty.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
3745b1c9db
linuxkm: fix clean rules/definitions to not pick up top level Makefile, and to clean up empty object directories.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
8e131620ae
.gitignore: add linuxkm/libwolfssl.lds
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
14f39f07a2
fips-check.sh: add linuxv5-ready (--enable-fips=v5-ready).
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f9627e4b14
configure.ac: for --enable-fips, make v5 an alias for v5-RC8 (alias to be updated after newer lab-approved snapshots are tagged), and add v5-ready and a placeholder v5-REL.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
5ef97acbab
types.h: add back missing WC_HASH_TYPE_MAX to enum wc_HashType when HAVE_FIPS_VERSION <= 2 (now WC_HASH_TYPE_BLAKE2S, since SHAKE is now excluded from the enum).
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
40c32081bb
types.h: rename STRINGIFY() macro to WC_STRINGIFY().
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
e3989edd39
wolfcrypt/benchmark/benchmark.c: fix typo.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
4a451caf7b
src/sniffer.c: fix rebase errors.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
834efe4ff6
fips-check.sh: update to test 140-3 using --enable-fips=v5-RC8 and the WCv5.0-RC8 version tags.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
db26e0a40a
Makefile.am: .build_params belongs in DISTCLEANFILES, not CLEANFILES.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
9f36df44a4
wolfssl/wolfcrypt/types.h: define WOLFSSL_NOSHA512_224, WOLFSSL_NOSHA512_256, and WOLFSSL_NO_SHAKE256 in SELFTEST/FIPS<=v2 version of enum wc_HashType definition, to assure synchrony.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
1c27654300
configure.ac and wolfssl/wolfcrypt/types.h: don't change wc_HashType for FIPS <= v2 (reverts commit 56843fbefd as it affected that definition); add -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256 to FIPS v2 and v3.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
aa6ca43e91
api.c: skip test_wolfSSL_EVP_PBE_scrypt() when FIPS 140-3 (test uses impermissibly short HMAC key).
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
22f947edd6
configure.ac and wolfssl/wolfcrypt/asn_public.h: add --enable-fips=v5-RC8 for use with WCv5.0-RC8 codebase; add HAVE_FIPS_VERSION_MINOR, and refactor main $ENABLED_FIPS switch to set HAVE_FIPS_VERSION and if applicable HAVE_FIPS_VERSION_MINOR for use in subsequent tests and the main FIPS setup code; in asn_public.h, use HAVE_FIPS_VERSION_MINOR to exclude declaration of wc_RsaKeyToPublicDer() when building FIPS WCv5.0-RC8.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
8c3cbf84f9
add missing gating around WOLFSSL_NO_SHAKE256, WOLFSSL_NOSHA512_224, and WOLFSSL_NOSHA512_256.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
7b40cd6cef
configure.ac: fips tweaks: add --enable-fips=disabled to allow non-fips build in a fips tree, for convenient testing; add ENABLED_SHAKE256=no override to fipsv5 setup; don't add an RSA_MAX_SIZE setting to AM_CFLAGS when FIPS, to avoid a conflict with old rsa.h.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
083b97c5a3
tls.c: fix rebase error in TLSX_KeyShare_FreeAll().
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
19b33d5a76
configure.ac: don't include rc2 in enable-all or enable-all-crypto (memory leaks).
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
b77000bcfb
add smallstack codepath to ecc_test_sign_vectors(), and add missing rc2.h include to linuxkm/module_exports.c.template.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
9e3fb73567
configure.ac: improvement for enable-all and enable-all-crypto:
...
remove haproxy from enable-all set, to avoid SECURE_RENEGOTIATION;
add enable-aescbc-length-checks to enable-all-crypto set, inadvertently omitted;
add enable-base16 to all (where it was implicit) and to all-crypto (where it was missing);
add ssh, rc2 and srp to all-crypto;
reorder the portion of the enable-all set that's common with enable-all-crypto, to have matching order.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
fae342940c
.gitignore: add .build_params.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
d39d389c6e
aes.c: in CheckAesGcmIvSize(), don't disallow GCM_NONCE_MIN_SZ for FIPS 140-3, i.e. always allow it.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
b93a18b34e
src/internal.c: in SendServerKeyExchange() case diffie_hellman_kea, #ifdef HAVE_SECURE_RENEGOTIATION, enlarge buffers.serverDH_Pub.buffer to accomodate larger new key replacing smaller old key, whether or not ssl->namedGroup is set (copy-paste of existing in !ssl->namedGroup path).
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
67db7b7f32
fixes for issues identified by Jenkins run:
...
Makefile.am: clean .build_params file;
ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();
move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);
fix new unused-label defect in wc_ecc_shared_secret_gen_sync();
fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);
fix NO_INLINE ForceZero() prototype;
ecc.c: add missing if (err == MP_OKAY) in build_lut();
wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;
ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;
WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
87578262aa
wolfcrypt smallstack refactors:
...
rsa.c: wc_CompareDiffPQ()
dh.c: wc_DhGenerateParams()
dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters()
srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic()
ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync()
test.c: GenerateNextP() dh_generate_test() GenerateP()
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
0f201a7394
wolfcrypt/types.h: revert change to WOLFSSL_LINUXKM XFREE() macro added in commit "remove frivolous semicolons at end of several macro definitions."
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
947a0d6a2f
autotools/Makefiles: enable reproducible build by default for FIPS, and add -DHAVE_REPRODUCIBLE_BUILD to AM_CFLAGS;
...
refactor the HAVE_WC_INTROSPECTION mechanism to pass build params via $output_objdir/.build_params rather than abusing autotools config.h to pass them;
add support for EXTRA_CFLAGS on the make command line;
in FIPS builds, exclude pkcallbacks from --enable-all;
linuxkm: move test.o out of PIE container (uses function pointers as operands).
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f1c1f76851
ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
ddda108de6
sp_int.c:sp_set(): use PRAGMA_GCC_* macros, not ad hoc gated __Pragmas, to mask spurious -Warray-bounds.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
cdcb8fb9da
configure.ac: revert change (AC_MSG_NOTICE reverted to AC_MSG_ERROR) for "FIPS source tree used for non-FIPS build"; in enable_all set, move enable_stunnel and enable_tcpdump to the !ENABLED_LINUXKM_DEFAULTS section.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
220a255281
use WOLFSSL_BIO_ERROR, not SOCKET_INVALID (both macros have value -1), as the default/unset value of WOLFSSL_BIO.num, to avoid unnecessary dependency on HAVE_SOCKADDR.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
1e3d47af57
remove frivolous semicolons at end of several macro definitions.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
64bfe81ff5
configure.ac: test for cryptonly && opensslextra, if so error "mutually incompatible".
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
2bf711341b
wolfcrypt/test/test.c: use HAVE_FIPS_VERSION, not FIPS_VERSION.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
4cf1826c8f
PRAGMA_GCC_*: refactor macros to properly push a context, and refactor their use in src/tls13.c:DeriveKey() to deal with gcc context quirks that otherwise disabled the warning mask when defined(HAVE_FIPS); add a missing #ifndef NO_MD5 in ssl.c:wolfSSL_LH_strhash().
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
cff7c5b3c0
wolfcrypt/benchmark/benchmark.c: in bench_dh(), add a missing #ifdef HAVE_PUBLIC_FFDHE around a DhParams use.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
8de8af8b43
wolfcrypt/test/test.c: disable hmac_md5_test() for FIPS 140-3, and rename hkdf_test to wc_hkdf_test to eliminate namespace collision.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
89797db946
configure.ac: enable_stunnel for enable-all only if !FIPS; add enable_tcpdump if !FIPS; add -DWOLFSSL_ECDSA_SET_K to FIPS 140-3 CFLAGS; use DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS to set FP_MAX_BITS indirectly for FIPS 140-3; use AC_MSG_NOTICE() for informational notices previously echoed; gate informational output appropriately on $verbose and $silent.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
5293180566
linuxkm/module_exports.c.template: tweaks for FIPS compatibility.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
ed33315f25
wolfcrypt/src/sp_int.c: add pragma to sp_set() to suppress false positive -Warray-bounds on gcc-11.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
54b3f1b252
src/tls.c:TLSX_KeyShare_GenDhKey(): don't generate a key if one is already set.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
34e88b0605
linuxkm: properly pass {AM_,}CPPFLAGS to Kbuild, and include kdf.h in module_exports.c.template.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
b673622322
FIPS 140-3 misc fixes including fixes for rebase errors.
2021-10-26 20:24:26 -05:00
John Safranek
b615309a7b
update FFDHE4096 test with the updated usage
2021-10-26 20:24:26 -05:00
John Safranek
c31ed64eb5
Add guard around the public key check for DH to skip it when we have
...
the condition to perform the small key test. The small key is
mathematically valid, but does not necessarily pass the SP 800-56Ar3
test for DH keys. The most recent FIPS build will add the tested file.
This change is only used in the older FIPS releases and in some rare
configurations that include the small key test.
2021-10-26 20:24:26 -05:00
John Safranek
aeb8f5bb51
For the WIN10 user_settings, remove the forced set of FIPS version to 5.
2021-10-26 20:24:26 -05:00
John Safranek
b00b95ef6c
Cofactor flag in wolfcrypt test needed a guard.
2021-10-26 20:24:26 -05:00
John Safranek
f53a4db4e7
Unwind a few changes adding guards so it'll build with old FIPS.
2021-10-26 20:24:26 -05:00
John Safranek
b54459ace3
When the ECC PCT verify result is 0, the PCT fails.
2021-10-26 20:24:26 -05:00
John Safranek
175bab9a6f
Add missed step in DH key pair generation.
2021-10-26 20:24:26 -05:00
John Safranek
b815939c53
Add missing settings for the Windows 10 FIPS build.
2021-10-26 20:24:26 -05:00
John Safranek
f42106201a
In the RSA PCT, initialize the plain output pointer.
2021-10-26 20:24:26 -05:00
John Safranek
aa3fb6f0d0
Update visibility on a SP math function for DH.
2021-10-26 20:24:26 -05:00
John Safranek
04ffd2ab45
Fixes:
...
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
2021-10-26 20:24:26 -05:00
John Safranek
3eaeaf3a57
Add sign/verify PCT to ECC.
2021-10-26 20:24:25 -05:00
John Safranek
9bf36f329a
Add sign/verify PCT to RSA key gen.
2021-10-26 20:24:25 -05:00
John Safranek
5d7c6dda72
Restore the PCTs to ECC and DH.
2021-10-26 20:24:25 -05:00
John Safranek
1065d2accf
Fix some Windows build warnings.
2021-10-26 20:24:25 -05:00
John Safranek
9022762e5a
Check to see if a pointer is nonnull that is expected to be.
2021-10-26 20:24:25 -05:00
John Safranek
908ec9b14a
Modify ffdhe to not return addresses.
2021-10-26 20:24:25 -05:00
John Safranek
ebdadefb9a
Update WIN10 user_settings.h for new FIPS build.
2021-10-26 20:24:25 -05:00
John Safranek
f49a09749e
When building for FIPS, the unit test will run all the CASTs up front.
2021-10-26 20:24:25 -05:00
John Safranek
52432382a2
Add kdf.c to the Windows builds.
2021-10-26 20:24:25 -05:00
John Safranek
82e63cee1e
Remove the unused ECDSA PCT tests in the CAST list.
2021-10-26 20:24:25 -05:00
John Safranek
ae7a2e5a48
Remove the unused RSA PCT test in the CAST list.
2021-10-26 20:24:25 -05:00
John Safranek
7af87e5b32
Restore the HKDF code to hmac.c. For compatibility between FIPS builds.
2021-10-26 20:24:25 -05:00
John Safranek
54a1b4c881
Remove redundant pairwise test from DH and ECC.
2021-10-26 20:24:25 -05:00
John Safranek
c5d575c8ae
Remove RDSEED from the intel asm build.
2021-10-26 20:24:25 -05:00
John Safranek
f69b6ac5eb
Add missing verify curves into configure. Copy the kdf files when building for FIPSv5.
2021-10-26 20:24:25 -05:00
John Safranek
c0e6a55aaa
Skip the small key DH test for SP and FFDHE builds.
2021-10-26 20:24:25 -05:00
John Safranek
3b5c8231c2
Move the PCT down to where it used to be located as CheckKeyPair.
2021-10-26 20:24:25 -05:00
John Safranek
6cf186696e
Update the BUILD_FIPS_V4 flag to V5. Consolidate the Makefile include for the flavors of FIPS.
2021-10-26 20:24:25 -05:00
John Safranek
2de6b3b2bd
Move the KDF functions into their own source file.
2021-10-26 20:24:25 -05:00
John Safranek
f78887d2ab
Add 'static' to the test vector arrays for the SSH KDF test.
2021-10-26 20:24:25 -05:00
John Safranek
dee2a67720
Change visibility of wc_GenerateSeed() to API.
2021-10-26 20:24:25 -05:00
John Safranek
86c040a3ae
Rename the PCT error codes to remove 'FIPS' since they can be enabled without FIPS.
2021-10-26 20:24:25 -05:00
John Safranek
9c5607a677
Add guard around ECC PCT for builds without validate keygen.
2021-10-26 20:24:25 -05:00
John Safranek
7a2b661c0c
Add types for the RNG seed callback and the OS_Seed.
2021-10-26 20:24:25 -05:00
John Safranek
133faea89a
Hushed compiler warnings about unused variables.
2021-10-26 20:24:25 -05:00
John Safranek
a967cbcb7b
56Ar3 Testing Updates
...
1. Add PCTs for ECC and FFC.
2. Update the public key checks for ECC and FFC.
2021-10-26 20:24:25 -05:00
John Safranek
976402e04b
RNG Update
...
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
as a default callback.
2. Modify all the tests and examples to use the default seed callback if
the seed callback is enabled.
2021-10-26 20:24:25 -05:00
John Safranek
0c6d8cfc22
If the RNG seeding callback is missing or returns an error, the RNG instantiate fails.
2021-10-26 20:24:25 -05:00
John Safranek
c6486d7392
Removed an outdated comment.
2021-10-26 20:24:25 -05:00
John Safranek
a562db82ef
1. Rename and relabel the FIPS 140-3 option as wolfCrypt v5.
...
2. Make sure the correct SHA assembly files are copied over for the latest FIPS build.
2021-10-26 20:24:25 -05:00
John Safranek
c47e354eed
Add callback option for RNG seeding.
2021-10-26 20:24:25 -05:00
John Safranek
bffe4f64dd
Add option to fips-check script to checkout specific named files from the FIPS tag.
2021-10-26 20:24:25 -05:00
John Safranek
a2f802199d
DH key gen should call DH check key.
2021-10-26 20:24:25 -05:00
John Safranek
e3b2be5ea3
ECC key gen should call ECC check key.
2021-10-26 20:24:25 -05:00
John Safranek
1f67e4519c
Restrict AES-GCM IV minimum size to 96-bits for newer FIPS builds.
2021-10-26 20:24:25 -05:00
John Safranek
e03b29966c
Remove MD5 and old TLS from the newest FIPS build.
2021-10-26 20:24:25 -05:00
John Safranek
17a4c891ce
Add CASTs for TLSv1.2, TLSv1.3, and SSH KDFs.
2021-10-26 20:24:25 -05:00
John Safranek
1fcf33b898
Fix another configure error due to rebase.
2021-10-26 20:24:25 -05:00
John Safranek
e32c58d533
Add RSA PAT.
2021-10-26 20:24:25 -05:00
John Safranek
9656b83a03
Add ECDSA-KAT CAST.
2021-10-26 20:24:25 -05:00
John Safranek
3994a6b5e7
FIPSv3
...
1. Remove the CAST IDs for the redundant RSA tests.
2. Remove the flags in configure.ac that enable the keys for the redundant RSA tests.
2021-10-26 20:24:25 -05:00
John Safranek
90752e89fb
Restore a configure check lost in a rebase.
2021-10-26 20:24:25 -05:00
John Safranek
6dfef1400d
Use the new APIs for HKDF extract with label.
2021-10-26 20:24:25 -05:00
John Safranek
e67bbf7526
1. Add flag to DH keys when using safe parameters.
...
2. The LN check is skipped when using safe parameters.
3. Enable all FFDHE parameter sets when building for FIPS 140-3.
2021-10-26 20:24:25 -05:00
John Safranek
7f64fc4efb
Move the TLSv1.3 KDF into wolfCrypt with the other KDFs.
2021-10-26 20:24:25 -05:00
John Safranek
38064bb396
Add HMAC-SHA2-512 to the TLSv1.2 PRF.
2021-10-26 20:24:25 -05:00
John Safranek
c7ea896759
Add prototype for the ssh-kdf test in the wolfCrypt test.
2021-10-26 20:24:24 -05:00
John Safranek
de4af35f89
KDF Update
...
1. Move wolfSSH's KDF into wolfCrypt.
2021-10-26 20:24:24 -05:00
John Safranek
a49125e613
FIPS KDF Update
...
1. Copied the TLSv1.2 PRF into hmac.c since it uses it and the TLSv1.3
HKDF is in there as well.
2. Added guard around the old TLS PRF so that it switches in correctly
for older FIPS builds only.
2021-10-26 20:24:24 -05:00
John Safranek
a935f2f86d
FIPS CAST Update
...
1. In the unit test, when checking the build options, also check for
FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
getting called, so the FIPS flags didn't get checked. (It was using
wc_InitSha_ex() which bypasses the FIPS checks.)
2021-10-26 20:24:24 -05:00
John Safranek
11fb1abe74
Fix a bad assignment in the configure script.
2021-10-26 20:24:24 -05:00
John Safranek
e855654fff
FIPS CAST Update
...
1. Added a public API to run a CAST.
2. Added the other test certs for the RSA tests.
3. Added IDs for the new RSA tests and the SHA3-pairwise test.
2021-10-26 20:24:24 -05:00
John Safranek
a5032e8087
Update the fips-check script to pull the sources from GitHub rather than
...
from a directory on a local machine.
2021-10-26 20:24:24 -05:00
John Safranek
df859d30f3
FIPS 140-3
...
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
EccMakeKey().
2021-10-26 20:24:24 -05:00
John Safranek
1683644e77
FIPS 140-3
...
1. Fix issue with FIPS Ready and FIPS 140-3. FR acts at the latest
version in the code, but that leaves DES3 out of the build. The code
was still including the header. Force DES3 disabled in FIPS Ready
builds.
2021-10-26 20:24:24 -05:00
John Safranek
9e92c118ed
FIPS 140-3
...
1. Add the old known answer test prototype back into fips_test.h for FIPSv2 builds.
2021-10-26 20:24:24 -05:00
John Safranek
f1bd79ac50
FIPS 140-3
...
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
2021-10-26 20:24:24 -05:00
JacobBarthelmeh
d27a49b98c
Merge pull request #4507 from cconlon/cavpselftest2
...
fix CAVP selftest v2 build error in test.c
2021-10-27 06:04:06 +07:00
JacobBarthelmeh
4825534062
Merge pull request #4500 from cconlon/errorQueueFix
...
fix wc_ERR_print_errors_fp() unit test with NO_ERROR_QUEUE
2021-10-27 05:56:32 +07:00
Sean Parkinson
4235602c1e
SP: change to sp_c32.c now in scripts caused changes to sp_c64.c
2021-10-27 08:46:32 +10:00
Jacob Barthelmeh
3d5eea8f56
fix for disable memory build
2021-10-26 16:17:32 -06:00
elms
fdf2b711f7
cmake: add SNI and TLSx
2021-10-26 15:03:29 -07:00
Jacob Barthelmeh
583a50a3f6
account for case where XTIME returns an unsigned type
2021-10-26 15:50:11 -06:00
David Garske
a08b2db692
Fix for session ticket handling with error cases. Session ticket callback return code failures were still trying to do resumption. Behavior broken in PR #3827 .
2021-10-26 11:37:01 -07:00
David Garske
9c665d7282
Merge pull request #4501 from embhorn/zd13114
...
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 10:47:59 -07:00
David Garske
87baf7818e
Merge pull request #4505 from julek-wolfssl/fix-nids
...
Make NID's consistent v2
2021-10-26 10:29:42 -07:00
Chris Conlon
5810e45cb7
fix CAVP selftest v2 build error in test.c
2021-10-26 10:33:05 -06:00
David Garske
529f1c63dd
Merge pull request #4503 from SparkiDev/opensslcoexist_ed
...
ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist
2021-10-26 09:19:08 -07:00
Eric Blankenhorn
19feab7850
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 07:14:53 -05:00
Juliusz Sosinowicz
48b304be00
Fix issues with AIA_OCSP_OID and AIA_CA_ISSUER_OID
2021-10-26 11:47:27 +02:00
Juliusz Sosinowicz
348fec3d29
wc_ClearErrorNodes is a local API that is not exported for linking
2021-10-26 09:14:48 +02:00
Juliusz Sosinowicz
fa3cf590d5
Fix NID conflicts
...
- `NID_sha224` conflicted with `NID_sha1WithRSAEncryption`
- `NID_commonName` conflicted with `PBE-SHA1-3DES`
- `NID_X9_62_prime239v3` conflicted with `AES128CBCb`
- `NID_md5` conflicted with `NID_surname`
- `NID_md2WithRSAEncryption` conflicted with `NID_localityName`
- `NID_md5WithRSAEncryption` conflicted with `NID_stateOrProvinceName`
NID conflicts found by examining the runtime values in `wolfssl_object_info`
2021-10-26 09:14:34 +02:00
Juliusz Sosinowicz
57b9170ac0
Make NID's consistent
...
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-26 09:14:25 +02:00
Sean Parkinson
08d9b145d9
ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist
...
Change SSL_FATAL_ERROR to WOLFSSL_FATAL_ERROR
2021-10-26 15:50:52 +10:00
Daniel Pouzzner
49e29eb811
Merge pull request #4504 from wolfSSL/revert-4429-fix-nids
...
Revert "Make NID's consistent"
2021-10-26 00:09:56 -05:00
John Safranek
a0c7c079b8
Revert "Make NID's consistent"
2021-10-25 21:57:28 -07:00
Sean Parkinson
cdf72facbf
Merge pull request #4429 from julek-wolfssl/fix-nids
...
Make NID's consistent
2021-10-26 09:59:26 +10:00
Sean Parkinson
905683c98c
Merge pull request #4496 from dgarske/sniffer_keywatch
...
Fix for sniffer key watch callback
2021-10-26 09:55:17 +10:00
Sean Parkinson
6070981366
Merge pull request #4490 from dgarske/static_mem_unittest
...
Add CTX static memory API unit tests
2021-10-26 09:52:14 +10:00
David Garske
aa72f0685d
Merge pull request #4499 from SparkiDev/dec_ku_len
...
KeyUsage dcoding: Ensure data length is 1 or 2
2021-10-25 15:11:18 -07:00
Chris Conlon
eb0b6ca122
fix unit test for wc_ERR_print_errors_fp() when NO_ERROR_QUEUE is defined
2021-10-25 13:50:39 -06:00
David Garske
517225e135
Merge pull request #4497 from cconlon/authInfo
...
fix nid2oid/oid2nid for oidCertAuthInfoType
2021-10-25 09:29:09 -07:00
Sean Parkinson
8e6c6e7757
KeyUsage dcoding: Ensure data length is 1 or 2
2021-10-25 09:22:31 +10:00
David Garske
bf2b13939f
Merge pull request #4329 from kaleb-himes/OE22-Porting-Changes
...
Oe22 porting changes
2021-10-22 16:16:26 -07:00
Chris Conlon
402ee29163
fix nid2oid/oid2nid for oidCertAuthInfoType
2021-10-22 16:53:18 -06:00
David Garske
e4da9c6f48
Fix for sniffer key callback. Fix for building sniffer without RSA. Fix for wolfCrypt test cert ext without RSA.
2021-10-22 14:29:06 -07:00
kaleb-himes
5859779ddf
Check-in non-FIPS specific porting changes for OE22
...
Fix no new line
Change comment style in testsuite.c
Add include for proper socket header in wolfio.h
Add dc_log_printf support to benchmark application
Pull in changes for examples
Refector NETOS check in test.c
Fix format and remove settings used only for validation testing
Implement peer review feedback
Address last items noted in peer review
Add new README to include.am
Adjust comment style on TODO
Gate changes in client and server properly
Add static on customer feedback
Fix settings include
Update latest peer feedback
2021-10-22 15:01:14 -06:00
John Safranek
d83d16af59
Merge pull request #4483 from julek-wolfssl/cov-reports
2021-10-22 13:07:57 -07:00
David Garske
229f0d5fd1
Merge pull request #4485 from JacobBarthelmeh/certs
...
Improve permitted alternate name logic in certificate ASN handling
2021-10-22 11:59:16 -07:00
David Garske
c027fffa92
Fix for CTX free heap hint issue. With openssl extra the param and x509_store.lookup.dirs are allocated at CTX init and if heap or static pool was used depends on ctx->onHeapHint. Added test case for this and inline code comment.
2021-10-22 11:58:02 -07:00
John Safranek
734a73dd35
Add missing null-check. Fix dead store.
2021-10-22 11:17:41 -07:00
David Garske
f8178b4896
Merge pull request #4495 from utzig/fix-mmacu-sha256-warn
...
Fix MMCAU_SHA256 type warnings
2021-10-22 10:55:43 -07:00
David Garske
587077856e
Merge pull request #4494 from utzig/fix-forcezero-comment
...
Fix comment that applies to fp_forcezero
2021-10-22 10:55:30 -07:00
David Garske
c54f906678
Merge pull request #4492 from haydenroche5/pem_password_cb
...
Rename pem_password_cb to wc_pem_password_cb.
2021-10-22 10:51:47 -07:00
John Safranek
aad230a7e3
Restore a test case. Add a missing null-check.
2021-10-22 10:36:17 -07:00
David Garske
4c0527490d
Fixes for API unit test with WOLFSSL_NO_ASN_STRICT. Fix spelling error.
2021-10-22 09:59:16 -07:00
Fabio Utzig
29f4f09e6c
Fix MMCAU_SHA256 type warnings
...
Fix warnings in the usage of MMCAU_SHA256 routines, where digest is
expected to be `uint32_t*`, but is defined as `word32*`, which results
in:
```
expected 'uint32_t *' {aka 'long unsigned int *'} but argument is of
type 'word32 *' {aka 'unsigned int *'}
```
Signed-off-by: Fabio Utzig <utzig@apache.org >
2021-10-22 09:51:14 -03:00
Fabio Utzig
a00e3024ce
Fix comment that applies to fp_forcezero
...
Fix comment mentioning the use of `ForceZero` besides `fp_clear`, which
uses `XMEMSET`, and puts it above `fp_forcezero` where it should belong.
Signed-off-by: Fabio Utzig <utzig@apache.org >
2021-10-22 09:01:31 -03:00
Sean Parkinson
6e7dee3283
Change to compare each name to each matching type in permittedNames list.
2021-10-22 10:57:11 +10:00
Hayden Roche
0b6523d933
Rename pem_password_cb to wc_pem_password_cb.
...
Recently, we had a wolfEngine customer report a compilation error because
wolfSSL and OpenSSL both define the typedef pem_password_cb. The solution is to
namespace our typedef with the wc_ prefix. In order to not break existing code
that relies on wolfSSL providing pem_password_cb, if OPENSSL_COEXIST is not
defined, we define pem_password_cb as a macro that maps to wc_pem_password_cb.
2021-10-21 16:47:29 -07:00
David Garske
b5f4a0c005
Improve API unit test to use X509_NAME_get_sz and make it widely available.
2021-10-21 16:42:19 -07:00
David Garske
f17187aad9
Fixes for static memory testing. Fix clang memory sanitizer warnings.
2021-10-21 16:33:57 -07:00
David Garske
785e37790a
Cleanup API test case debugging.
2021-10-21 12:35:06 -07:00
David Garske
911d95e5e4
Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS.
2021-10-21 11:47:00 -07:00
David Garske
37a976b4bf
Fix example server to support option 7 (which exists). Fix static mem size required with session cert (matches client now).
2021-10-21 11:41:30 -07:00
Juliusz Sosinowicz
79b738b5a6
commit-test and jenkins fixes
2021-10-21 14:29:28 +02:00
Juliusz Sosinowicz
44d8ab20e1
#456
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
f512514fd6
#450
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
a4a093ebed
#449
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
9e3ff9c92c
#427
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
9386a882b9
#424
...
Refactor d2i key API to use common code
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
4d5dceaa4e
#421
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
9d989689c6
#420
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
86f93e5c1b
#419
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
70901f0626
#257
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
3894021a53
#246
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
af64d4347d
#244
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
f7f12da8ec
#242
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
e70dfe7265
#239
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz
3563585274
#240
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
df1d817f1f
#129
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
1d5f4a6664
#118
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
81c3f4b925
#114
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
1239a7f57d
#96
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
a1127be18e
#95
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
2678a3b981
#67
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
e97e8bc7d0
#59
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
5bacc0c9ab
In first |= op r always equals 0
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
8e6759384c
#40
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
344a07051e
#39
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
74cf332a8b
#37
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
e82ae7b072
#17
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
79682fd30a
#15
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
97c89dd072
#9
2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz
4268763adb
wc_ClearErrorNodes is a local API that is not exported for linking
2021-10-21 13:47:55 +02:00
Juliusz Sosinowicz
642d0e0fba
Fix NID conflicts
...
- `NID_sha224` conflicted with `NID_sha1WithRSAEncryption`
- `NID_commonName` conflicted with `PBE-SHA1-3DES`
- `NID_X9_62_prime239v3` conflicted with `AES128CBCb`
- `NID_md5` conflicted with `NID_surname`
- `NID_md2WithRSAEncryption` conflicted with `NID_localityName`
- `NID_md5WithRSAEncryption` conflicted with `NID_stateOrProvinceName`
NID conflicts found by examining the runtime values in `wolfssl_object_info`
2021-10-21 13:01:57 +02:00
Juliusz Sosinowicz
20473ba563
Make NID's consistent
...
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-21 13:01:57 +02:00
Jacob Barthelmeh
12f86b020a
clean up test case memory and common name size
2021-10-20 17:13:34 -06:00
Sean Parkinson
817cd2f2a6
Merge pull request #4487 from haydenroche5/openssh
...
Make several changes to support OpenSSH 8.5p1.
2021-10-21 08:59:38 +10:00
Sean Parkinson
ac3612bbef
Merge pull request #4469 from dgarske/android_keystore
...
Support for Android KeyStore compatibility API's
2021-10-21 08:30:08 +10:00
Sean Parkinson
a9f467a6b0
Merge pull request #4457 from dgarske/zd13036
...
Fix for sniffer to trap negative size calculation
2021-10-21 08:17:52 +10:00
John Safranek
ff8e7609f5
Merge pull request #4458 from kosmas-valianos/SkipCRLnoCDP
2021-10-20 13:45:58 -07:00
Jacob Barthelmeh
f57801c17b
more name constraint test cases and adjust DNS base name matching to not require .
2021-10-20 14:25:02 -06:00
Hayden Roche
864f913454
Make several changes to support OpenSSH 8.5p1.
...
- Permit more wolfSSL_EC_POINT_* functions for FIPS builds. This requires one
workaround in wolfSSL_EC_POINT_mul where wc_ecc_get_generator isn't available.
- Permit more AES-GCM code in EVP code for FIPS v2 builds. It's unclear why this
code wasn't already available.
- Add EVP_CIPHER_CTX_get_iv to the compatibility layer.
- Clear any existing AAD in the EVP_CIPHER_CTX for AES-GCM when we receive the
EVP_CTRL_GCM_IV_GEN control command. OpenSSL does this, and OpenSSH is relying
on this behavior to use AES-GCM correctly.
- Modify ecc_point_test in testwolfcrypt so that it doesn't fail when doing a
FIPS build with HAVE_COMP_KEY defined.
2021-10-20 11:00:42 -07:00
John Safranek
e572c6b9d7
Merge pull request #4486 from dgarske/set_secret
2021-10-20 10:54:13 -07:00
David Garske
1d6c7b542d
Update the user_settings.h template for Android, based on final testing.
2021-10-20 10:10:15 -07:00
David Garske
6d2a5fab9b
Added test cases for EVP_PKCS82PKEY and EVP_PKEY2PKCS8.
2021-10-20 09:18:13 -07:00
Jacob Barthelmeh
ab6939d200
add new test cert to make dist
2021-10-19 23:34:03 -06:00
Jacob Barthelmeh
e0e43b6a16
clean up test case
2021-10-19 23:12:07 -06:00
Jacob Barthelmeh
3b73c6e3ae
handle multiple permitted name constraints
2021-10-19 23:12:07 -06:00
Jacob Barthelmeh
afee92e0cf
bail out when a bad alt name is found in the list of alt names
2021-10-19 23:12:07 -06:00
David Garske
e5caf5124c
Merge pull request #4477 from luizluca/zero-terminate-constraints
...
ASN: zero-terminate name constraints strings
2021-10-19 21:16:46 -07:00
David Garske
892685ac59
Merge pull request #4472 from utzig/ksdk-port-koblitz
...
nxp: ksdk: add support for Koblitz curves
2021-10-19 21:14:38 -07:00
David Garske
a145f3107d
Merge pull request #4481 from SparkiDev/mod_exp_even
...
SP int: handle even modulus with exponentiation
2021-10-19 21:09:15 -07:00
David Garske
4e7ce45a8c
Allow loading public key with PK callbacks also.
2021-10-19 17:04:18 -07:00
David Garske
de8798f4be
Fix API unit tests where DH 3072-bit is not enabled.
2021-10-19 17:04:18 -07:00
David Garske
a03ed32380
Support for Android KeyStore compatibility API's:
...
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
2021-10-19 17:04:18 -07:00
David Garske
00bdc69284
Fix for wolfSSL_set_secret with DTLS where TLS v1.3 is not defined. Function assumed ssl->arrays->preMasterSecret was allocated.
2021-10-19 16:22:39 -07:00
Sean Parkinson
f04380d624
Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode
...
scan-build LLVM-13 fixes and expanded coverage
2021-10-20 08:30:46 +10:00
Sean Parkinson
d880403207
SP int: handle even modulus with exponentiation
...
Fix testing of mp_int to only call when implementation included.
2021-10-20 08:21:26 +10:00
Sean Parkinson
7f5a3a4e74
Merge pull request #4484 from dgarske/memtest
...
Fix for openssl test with --enable-memtest (also DH test build edge case)
2021-10-20 08:19:30 +10:00
Sean Parkinson
41eecd37e5
Merge pull request #4471 from embhorn/zd11886
...
Fix build errors with NO_BIO config
2021-10-20 08:06:42 +10:00
Sean Parkinson
93f033823c
Merge pull request #4482 from miyazakh/mindowngarde_staticrsa
...
TLS 1.3: ServerHello downgrade with no extensions fix
2021-10-20 07:58:34 +10:00
David Garske
d297a06c25
Fix for wolfCrypt test with custom curves without Brainpool. Tested all changes on NXP K82 LTC.
2021-10-19 13:12:12 -07:00
David Garske
498884eadb
Fix for missing dhKeyFile and dhKeyPubFile with file system enabled, WOLFSSL_DH_EXTRA and USE_CERT_BUFFERS_2048 set.
2021-10-19 13:06:37 -07:00
David Garske
dcb2ebba39
Fix for openssl.test extraction of version and cipher suites. Fix mem tracking to use stderr. Fix client version print to use single printf with newline.
2021-10-19 13:00:25 -07:00
Eric Blankenhorn
c0b592ef82
Fix build error with WOLFSSL_USER_IO
2021-10-19 08:27:43 -05:00
Hideki Miyazaki
91cd2b1731
TLS 1.3 ServerHello additional fix for PR4439 in Static RSA case
2021-10-19 17:51:00 +09:00
Daniel Pouzzner
768496be4a
scan-build LLVM-13 fixes: in examples/echoclient/echoclient.c, remove frivolous "break;", avoiding need to pragma-ignore clang -Wunreachable-code-break.
2021-10-18 21:46:10 -05:00
Daniel Pouzzner
e341291d99
scan-build LLVM-13 fixes: tests/api.c: fix -Wunused-but-set-variable for drive_len in test_wolfSSL_EVP_Cipher_extra() by removing the unused drive_len code.
2021-10-18 21:46:10 -05:00
Daniel Pouzzner
69bc801c13
scan-build LLVM-13 fixes: src/ssl.c: work around deadcode.DeadStores warning in wolfSSL_X509_REQ_sign() in a different way, avoiding WC_MAYBE_UNUSED.
2021-10-18 21:46:09 -05:00
Daniel Pouzzner
76332069ea
examples/client/client.c: remove frivolous break to avoid need for PRAGMA_CLANG("clang diagnostic ignored \"-Wunreachable-code-break\"").
2021-10-18 21:46:09 -05:00
Daniel Pouzzner
a5006d580c
scan-build LLVM-13 fixes: sp_int.c: drop "&& defined(SP_DEBUG_VERBOSE)" from preprocessor gates around debugging printfs.
2021-10-18 21:46:09 -05:00
Daniel Pouzzner
007f01e7ec
scan-build LLVM-13 fixes: in src/tls.c TLSX_PopulateExtensions(), avoid -Wunreachable-code-return by refactoring iteration to use an array terminator (a new "WOLFSSL_NAMED_GROUP_INVALID" with value 0) rather than a compile-time-calculated constant of iteration.
2021-10-18 21:46:09 -05:00
Daniel Pouzzner
816527e826
scan-build fixes: back out all "#ifndef __clang_analyzer__" wrappers added to suppress false and frivolous positives from alpha.deadcode.UnreachableCode, and rename new macro WC_UNUSED to WC_MAYBE_UNUSED to make its meaning more precisely apparent. build is still clean with -Wunreachable-code-break -Wunreachable-code-return under scan-build-13.
2021-10-18 21:46:09 -05:00
Daniel Pouzzner
f621a93081
more scan-build LLVM-13 fixes and expanded coverage: deadcode.DeadStores in client.c and server.c (no functional changes).
2021-10-18 21:46:09 -05:00
Daniel Pouzzner
62822be6ce
scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all.
2021-10-18 21:46:09 -05:00
Sean Parkinson
7447a567e1
Merge pull request #4480 from JacobBarthelmeh/fuzzing
...
sanity check on q value with DSA sign
2021-10-19 11:10:51 +10:00
Sean Parkinson
84b845c65b
Merge pull request #4478 from maximevince/zephyr-user-settings-override
...
Zephyr: Rename leftover CONFIG_WOLFSSL_OPTIONS_FILE
2021-10-19 09:51:15 +10:00
David Garske
a50d1f4870
Merge pull request #4301 from julek-wolfssl/issue-4298
...
`mem_buf` only used with memory BIO
2021-10-18 10:29:55 -07:00
Jacob Barthelmeh
c07a7deec2
sanity check on q value with DSA sign
2021-10-18 10:17:49 -06:00
Maxime Vincent
77895ac964
Rename leftover CONFIG_WOLFSSL_OPTIONS_FILE to CONFIG_WOLFSSL_SETTINGS_FILE
...
Signed-off-by: Maxime Vincent <maxime@veemax.be >
2021-10-16 15:43:21 +02:00
Luiz Angelo Daros de Luca
0e3218dcd0
ASN: zero-terminate name constraints strings
...
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com >
2021-10-15 20:19:05 -03:00
David Garske
b2c003d7d4
Fix for sniffer to trap negative sslBytes. Revert logic from PR 3493 blocking out of range sequence numbers. Fix ack sequence rollover logic. ZD13036
2021-10-15 11:31:53 -07:00
Daniel Pouzzner
60adf22ce1
Merge pull request #4468 from SparkiDev/sp_fixes_6
...
SP: regenerated SP code
2021-10-15 02:27:19 -05:00
Sean Parkinson
b2b39f01b7
Merge pull request #4474 from cconlon/includekds
...
include IDE/KDS in make dist archive
2021-10-15 08:33:23 +10:00
Chris Conlon
7bd92e606b
Merge pull request #4473 from JacobBarthelmeh/dks7g2
...
Update DK-S7G2 README.md
2021-10-14 16:29:08 -06:00
Eric Blankenhorn
17e0249a26
Fixing NO_BIO and OPENSSL_ALL errrors
2021-10-14 16:03:52 -05:00
Chris Conlon
228f1e233a
include IDE/KDS in make dist archive
2021-10-14 14:01:19 -06:00
Jacob Barthelmeh
82a1c4b9f1
Update DK-S7G2 README.md
2021-10-14 13:09:42 -06:00
David Garske
2aa2ef84b2
Merge pull request #4470 from LinuxJedi/md-cleanups
...
Cleanup markdown documentation
2021-10-14 11:04:48 -07:00
Fabio Utzig
ed243b3327
nxp: ksdk: add support for Koblitz curves
...
The Kinetis port implementation currently only supports SECP random
curves. This commit expands it to also support the accepted SECP
koblitz curves, based on user settings. The implementation also makes
it easy to add Brainpool curves.
Signed-off-by: Fabio Utzig <utzig@apache.org >
2021-10-14 12:33:30 -03:00
Eric Blankenhorn
61bab6f68b
Fix test build errors with NO_BIO
2021-10-14 09:37:01 -05:00
Eric Blankenhorn
1396c46281
Fix build errors with NO_BIO config
2021-10-14 09:06:54 -05:00
Sean Parkinson
4c70ac73f1
Merge pull request #4467 from dgarske/smtp
...
Example client: fix for SMTP temp buffer size
2021-10-14 08:16:42 +10:00
Sean Parkinson
b93b7b07a9
Merge pull request #4463 from JacobBarthelmeh/fuzzing
...
DSA: add check on bit length of q
2021-10-14 08:06:53 +10:00
Andrew Hutchings
11e3f867b0
Cleanup markdown documentation
...
* Add syntax highlighting where appropriate
* Fix some markdown compliance issues
* Add some links for things
* Add some inline code quoting
* Fix some headings
* Fix copyright date in doxygen html output
2021-10-13 16:39:46 +01:00
Chris Conlon
cc63668691
Merge pull request #4445 from TakayukiMatsuo/tsip113
...
Add support for TSIPv1.13
2021-10-13 09:26:58 -06:00
Sean Parkinson
5748818427
SP: regenerated SP code
2021-10-13 08:37:38 +10:00
Sean Parkinson
7f1dbd8709
Merge pull request #4420 from douzzer/smallstack-ge-sp
...
SP, Ed25519: smallstack
2021-10-13 08:33:36 +10:00
Sean Parkinson
03d2e9ad8c
Merge pull request #4466 from embhorn/zd13059
...
Fix for ecc_projective_*_safe visibility
2021-10-13 08:27:47 +10:00
David Garske
bc97539756
Increase the size of the temp buffer for starttls. Some SMTP servers send larger messages.
2021-10-12 15:13:38 -07:00
David Garske
b9b5661550
Merge pull request #4465 from LinuxJedi/stm32-fixes
...
Minor STM32F1 fixes
2021-10-12 11:57:18 -07:00
Andrew Hutchings
66c4b6d270
Improve STM32 documentation
...
Walk through how to create a new STM32CubeMX project for wolfSSL.
2021-10-12 17:13:41 +01:00
Eric Blankenhorn
be6bf5687b
Fix for ecc_projective_*_safe visibilty
2021-10-12 11:12:42 -05:00
Andrew Hutchings
97883d78ac
Minor STM32F1 fixes
...
* Not all STM32 RTCs support subseconds in the time struct, so this is
now ifdef'd using the only obvious define which exists when subseconds
exist.
* Let wc_GenerateSeed detect STM32's without RNG correctly.
* wolfCrypt test was attempting to use variables that don't exist when
both WOLFSSL_SMALL_STACK and WC_NO_RNG is defined.
2021-10-12 16:20:36 +01:00
David Garske
f20f883e94
Merge pull request #4464 from SparkiDev/tls_hs_state_fix
...
TLS: don't set the handshake state to the record type
2021-10-12 08:18:17 -07:00
Daniele Lacamera
ec78b2e368
Merge pull request #4322 from dgarske/se050_branch
...
NXP SE050 Support
2021-10-12 07:37:58 -07:00
Sean Parkinson
6fbc9be71a
Merge pull request #4462 from guidovranken/zd13048
...
Check return value of mp_grow in mp_mod_2d
2021-10-12 11:36:59 +10:00
Sean Parkinson
544e64f9e4
TLS: don't set the handshake state to the record type
2021-10-12 08:52:58 +10:00
Sean Parkinson
69d5405e91
Merge pull request #4350 from cconlon/pythonCompatD
...
OpenSSL compatibility fixes: BIO_set_nbio(), SHA3 NID, WOLFSSL_PYTHON
2021-10-12 08:14:34 +10:00
David Garske
70894383ce
Fix for new SHA512 224/256 support with NXP SE050.
2021-10-11 13:01:38 -07:00
David Garske
90a51490a9
Peer review feedback. Improvements with small stack.
2021-10-11 11:54:03 -07:00
David Garske
0c1d12c224
Improve keyId logic. Fix minor compile warnings. Change wc_se050_set_config to match naming convention of other function in port.
2021-10-11 11:53:21 -07:00
Ethan Looney
09ce1e3c5f
Improvements to the key id allocation
2021-10-11 11:53:21 -07:00
David Garske
185d48938d
Fixes for building NXP SE050. Add support for automatic initialization of the SE050 if WOLFSSL_SE050_INIT is defined. Optionally can override the portName using SE050_DEFAULT_PORT.
2021-10-11 11:53:21 -07:00
David Garske
2028d8b63d
Add missing se050_port.h.
2021-10-11 11:53:21 -07:00
David Garske
29f051e585
Fixes and cleanups for NXP SE050 support.
2021-10-11 11:53:19 -07:00
Ethan
3f76a76c46
SE050 port with support for RNG, SHA, AES, ECC (sign/verify/shared secret) and ED25519
2021-10-11 11:52:12 -07:00
Jacob Barthelmeh
63c9fa7a37
add check on bit length of q with DSA
2021-10-11 09:52:57 -06:00
Sean Parkinson
b8c4e89ea0
Merge pull request #4460 from dgarske/test_init
...
Refactor API unit test named initializer code for `callback_functions`
2021-10-11 08:25:38 +10:00
Sean Parkinson
511c74ea52
Merge pull request #4456 from dgarske/zd13032
...
Fix to not try OCSP or CRL checks if there is already an error
2021-10-11 08:20:58 +10:00
Guido Vranken
0522e19fc1
Check return value of mp_grow in mp_mod_2d
...
ZD13048
2021-10-10 21:02:03 +02:00
David Garske
a395305cab
Refactor API unit test named initializer code for callback_functions, to avoid older g++ build issues.
2021-10-08 14:04:21 -07:00
JacobBarthelmeh
f757318eeb
Merge pull request #4454 from dgarske/static_mem
...
Fix for `Bad memory_mutex lock` on static memory cleanup
2021-10-09 00:13:10 +07:00
Kosmas Valianos
8760f39476
Skip CRL verification in case no CDP in peer cert
2021-10-08 13:16:08 +02:00
David Garske
854512105f
Merge pull request #4314 from SparkiDev/libkcapi
...
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
2021-10-07 21:23:05 -07:00
Sean Parkinson
e0abcca040
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
...
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
Sean Parkinson
dd6e4093b3
Merge pull request #4448 from JacobBarthelmeh/Compatibility-Layer
...
remove error queue from JNI build and set a default upper bound on it
2021-10-08 08:35:03 +10:00
David Garske
668f8700a4
Fix to not try OCSP or CRL checks if there is already an error. This fix prevents an error code from being overwritten if there is already a failure. ZD13032
2021-10-07 15:30:16 -07:00
David Garske
725e503c57
Merge pull request #4451 from SparkiDev/asn_templ_fix_1
...
ASN template: replicate AddAltName change in template code
2021-10-07 09:23:37 -07:00
elms
8c178118a4
Configure: add option to enable alternate certificate chains ( #4455 )
2021-10-07 11:14:51 +10:00
David Garske
9d2082f7e1
Fixes and improvements for crypto callbacks with TLS (mutual auth) ( #4437 )
...
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.
* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.
* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.
* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.
* Fix to use proper devId in `ProcessBufferTryDecode`.
* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.
* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.
* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
2021-10-07 11:12:06 +10:00
Sean Parkinson
dfbdcf9400
ASN template: replicate AddAltName change in template code
2021-10-07 09:51:56 +10:00
Jacob Barthelmeh
34c9367cbe
refactor location of error queue count and consolidate no error queue macro
2021-10-06 11:55:40 -06:00
David Garske
928f4ad430
Merge pull request #4452 from LinuxJedi/stm32-readme-fix
...
Fixes to STM32 README
2021-10-06 10:07:41 -07:00
David Garske
9f57345614
Fix for Bad memory_mutex lock on static memory cleanup (was free'ing mutex then trying to use it).
2021-10-05 13:46:42 -07:00
David Garske
da15356c2a
Merge pull request #4444 from anhu/pq_bench
...
Benchmarking the supported groups.
2021-10-05 09:52:51 -07:00
JacobBarthelmeh
43ffe26133
Merge pull request #4430 from embhorn/zd12976
...
Add support for X9.42 header
2021-10-05 23:47:42 +07:00
Andrew Hutchings
fd54dc4838
Fixes to STM32 README
...
* Reordered things so that the installation of the Cube Pack comes
before the Cube Pack usage.
* Added another way to find the pack installation menu (because I'm
blind to the box on the screen apparently).
* Two extra steps in the Cube Pack Usage that were missing (6 & 8)
* Added syntax highlighting to the markdown.
2021-10-05 14:19:35 +01:00
David Garske
310a75ff43
Merge pull request #4449 from SparkiDev/fix_1
...
X509 name: remove unused variable
2021-10-04 20:01:04 -07:00
David Garske
024c59a04c
Merge pull request #4439 from SparkiDev/tls13_min_down_no_ext
...
TLS 1.3: Check min downgrade when no extensions in ServerHello
2021-10-04 16:39:29 -07:00
Sean Parkinson
152da35ca4
X509 name: remove unused variable
2021-10-05 09:06:10 +10:00
Anthony Hu
41b9b14cfb
whitespace
2021-10-04 18:35:09 -04:00
Anthony Hu
f77a5e26b5
semi-colon --> colon and use wolfTLSv1_3_server_method when NO_WOLFSSL_CLIENT.
2021-10-04 18:31:28 -04:00
Jacob Barthelmeh
b582e152ea
add test case max error queue size
2021-10-04 14:52:05 -06:00
Anthony Hu
310ab6692a
Drop a function brace and WOLFSSL_TLS13.
2021-10-04 13:56:01 -04:00
Jacob Barthelmeh
40ac1c4dd2
remove error queue from JNI build and put a default max on error queue size
2021-10-04 11:45:18 -06:00
Anthony Hu
0bee624ee5
Merge pull request #4447 from lealem47/oqs-doc
2021-10-04 13:03:46 -04:00
Eric Blankenhorn
1440b8966d
Add test for X9.42 parsing
2021-10-04 11:05:58 -05:00
Lealem Amedie
4084928d93
Slight changes to liboqs documentation in INSTALL and example client/server
2021-10-02 13:14:32 -06:00
TakayukiMatsuo
72ea8dffe2
Add support for TSIPv1.13
2021-10-02 07:03:12 +09:00
David Garske
0abbd9b1ec
Merge pull request #4438 from ejohnstown/dtls-big
...
DTLS Related Fixes
2021-10-01 13:04:20 -07:00
Anthony Hu
2fa0114d54
Benchmarking the supported groups.
2021-10-01 15:38:07 -04:00
David Garske
97d96c6cf8
Merge pull request #4422 from haydenroche5/cmake
...
Add a CMake option to build wolfcrypt test and bench code as libraries.
2021-10-01 12:32:50 -07:00
John Safranek
774bc36603
Merge pull request #4061 from JacobBarthelmeh/sessionExport
2021-10-01 10:21:42 -07:00
John Safranek
cd2bd0b7a3
Enable All Disable DTLS fixes
...
1. Remove mcast and jni from enable-all.
2. Add comment to DTLS section.
Testing `./configure --enable-all --disable-dtls` would leave DTLS still
enabled. enable-all was also enabling mcast, which it doesn't need to
do, that would force DTLS back on. JNI also forces DTLS on. The other
language wrappers are not included in enable-all, so leave JNI out.
2021-10-01 09:56:58 -07:00
John Safranek
faca24c00d
Merge pull request #4434 from SparkiDev/armv8_nighlty_1
2021-10-01 09:06:33 -07:00
David Garske
d48dc55611
Merge pull request #4440 from SparkiDev/jenkins_powerpc_fix_1
...
ASN: tidy up SetAsymKeyDerPublic()
2021-10-01 08:17:12 -07:00
David Garske
a575595e5f
Merge pull request #4256 from SparkiDev/arm_keil_fix
...
SP ARM Thumb support for Keil and performance improvements
2021-10-01 07:10:41 -07:00
Sean Parkinson
4473e9335e
TLS 1.3: Check min downgrade when no extensions in ServerHello
...
TLS 1.3 ServerHello must have extensions, so server attempting to
downgrade, but min downgrade was not checked in that case.
2021-10-01 12:51:10 +10:00
David Garske
66a6153456
Merge pull request #4436 from elms/makefile/add_ed448
...
GCC makefile: Add sources files
2021-09-30 18:44:36 -07:00
Sean Parkinson
ca002b5ee9
ASN: tidy up SetAsymKeyDerPublic()
...
Also, nighlty PowerPC Jenkins test complained of use of uninitialized in
function. Ensure vars initialized despite not needing it.
2021-10-01 10:44:07 +10:00
Sean Parkinson
6300989937
SP: Thumb assembly for older Keil compilers and optimize
...
Improve the generated instructions for multiplying 32 bits by 32 bits
and squaring 32 bits with 64 bit results.
Minimize loads in montgomery reduction, mul and sqr.
Pull conditional subtract into montgomery reduction assembly code.
Added unrolled square and multiply
Define WOLFSSL_SP_LARGE_CODE to use the unrolled versions.
2021-10-01 09:52:29 +10:00
John Safranek
98b1e93429
Merge pull request #4402 from JacobBarthelmeh/Compatibility-Layer
2021-09-30 15:53:58 -07:00
elms
f1a0d00f4e
GCC Makefile: wrap async and selftest
2021-09-30 15:51:19 -07:00
Jacob Barthelmeh
ed8b87306d
account for test case where psk and anon is off
2021-09-30 15:48:55 -06:00
John Safranek
b0de40d10a
Forgive a DTLS session trying to send too much at once. (ZD12921)
2021-09-30 14:27:21 -07:00
elms
2dfc3f308b
GCC makefile: Add other missing source files
2021-09-30 14:25:15 -07:00
John Safranek
998c7a9cb9
Merge pull request #4435 from anhu/docfix
2021-09-30 09:50:38 -07:00
Jacob Barthelmeh
cb4b57c5c7
add tls 1.3 test case
2021-09-30 10:08:47 -06:00
Anthony Hu
833c9d3f71
Fix INSTALL file to specify levels.
2021-09-30 09:43:32 -04:00
Sean Parkinson
38cfec89e8
ARMv8: fix configurations
...
Poly1305: poly1305_block() is void for ARMv8 ASM
SHA512: explicitly include cryptocb.h.
AES: set keylen for EVP API
AES: Implement streaming AES-GCM.
2021-09-30 10:33:08 +10:00
Chris Conlon
cf1ce3f073
Add get_default_cert_file/env() stubs, SSL_get/set_read_ahead(), SSL_SESSION_has_ticket/lifetime_hint() ( #4349 )
...
* add wolfSSL_X509_get_default_cert_file/file_env/dir/dir_env() stubs
* add SSL_get_read_ahead/SSL_set_read_ahead()
* add SSL_SESSION_has_ticket()
* add SSL_SESSION_get_ticket_lifetime_hint()
* address review feedback - comments, return values
* make SSL_get_read_ahead() arg const
* add unit tests for SESSION_has_ticket/get_ticket_lifetime_hint
* test for SESSION_TICKET_HINT_DEFAULT in api.c for wolfSSL_SESSION_get_ticket_lifetime_hint()
* fix variable shadow warning in api.c
2021-09-30 08:35:23 +10:00
Chris Conlon
bcd6930581
Various OpenSSL compatibility expansion items, for Python 3.8.5 ( #4347 )
...
* make ASN1_OBJECT arg const in OBJ_obj2txt
* add ERR_LIB values to openssl/ssl.h
* add missing alert type definitions in openssl/ssl.h
* add definition for X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, no support
* define value for X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
* use correct CRYPTO_THREADID arg type for wolfSSL_THREADID_set_callback callback
* add handshake type defines for compat layer message callback types
* define ASN1_R_HEADER_TOO_LONG for compatibility builds
* use correct return type for wolfSSL_THREADID_set_callback, remove Qt code no longer needed
2021-09-30 08:32:49 +10:00
Chris Conlon
95b9fae605
Add DIST_POINT compatibility functions ( #4351 )
...
* add DIST_POINT compatibility functions
* switch X509_LU_* from enum to define, prevent compiler type warnings
* refactoring, adding in comments, and formating
* refactoring and a memory leak fix
* cast return value for g++ warning
* refactor wolfSSL_sk_DIST_POINT_pop_free and remove NULL assign after free
* fix get next DIST_POINT node for free function
Co-authored-by: Jacob Barthelmeh <jacob@wolfssl.com >
2021-09-30 08:27:39 +10:00
Jacob Barthelmeh
707385724e
adjust macro guard around test cases
2021-09-29 13:28:20 -06:00
Jacob Barthelmeh
5f9f6fd9fa
add some test cases and use allocator
2021-09-29 12:02:26 -06:00
David Garske
ecf7dea6a1
Merge pull request #4433 from anhu/unit_tests
...
Unit tests for post-quantum groups.
2021-09-29 10:31:00 -07:00
Jacob Barthelmeh
dd7b62d067
fix for use with idea enabled
2021-09-29 11:15:51 -06:00
elms
f46f69c1dc
GCC makefile: Add ed448 files
2021-09-29 08:17:44 -07:00
Jacob Barthelmeh
ae47cb3bcd
update check on is TLS, update macro guard for test case
2021-09-28 16:57:30 -06:00
Anthony Hu
a55cedd357
Fixup in response to dgarske comments
2021-09-28 18:36:18 -04:00
Anthony Hu
0e80923fb3
Unit tests for post-quantum groups.
...
Also, fixes for the things they caught such as:
- ssl->arrays->preMasterSecret is pre-allocated so copy into it instead of
moving ownership of buffer.
- server does not need to save the public key.
- in TLSX_KeyShare_Parse() don't call TLSX_KeyShare_Use() because its done in
TLSX_PopulateExtensions().
- in TLSX_KeyShare_Use(), the server generates the ciphertext while the client
generates the public key.
- in TLSX_PopulateExtensions(), prevent client from calling TLSX_KeyShare_Use()
because its already been done.
- Support longer curve/group names.
2021-09-28 17:16:44 -04:00
David Garske
f4be011b91
Merge pull request #4432 from haydenroche5/cmake_user_settings
...
Don't automatically set BUILD_ED25519_SMALL and BUILD_CURVE25519_SMALL in the CMake build when using user_settings.h.
2021-09-28 14:01:39 -07:00
John Safranek
a4f927999f
Merge pull request #4431 from haydenroche5/is_on_curve_fips
...
Don't compile wolfSSL_EC_POINT_is_on_curve for FIPS.
2021-09-28 09:42:08 -07:00
Hayden Roche
a9870d59a3
Don't automatically set BUILD_ED25519_SMALL and BUILD_CURVE25519_SMALL in the
...
CMake build when using user_settings.h.
See https://github.com/wolfSSL/wolfssl/pull/4367 for the same change to the
autotools build.
2021-09-28 09:00:50 -07:00
Hayden Roche
6a0bc995a0
Don't compile wolfSSL_EC_POINT_is_on_curve for FIPS.
...
This function uses wc_ecc_point_is_on_curve, which isn't in the current (v2)
FIPS module.
2021-09-27 16:08:04 -07:00
David Garske
847b8f9a1f
Reduce openssl verbosity in BIO due to PEM_X509_INFO_read_bio reading 1 byte at a time. Remove duplicate PEM_X509_INFO_read_bio macro. ( #4428 )
2021-09-28 08:21:23 +10:00
Eric Blankenhorn
702ba65b1c
Add support for X9.42 header
2021-09-27 15:37:11 -05:00
Jacob Barthelmeh
6e7c6e8a66
add comments to dox header file
2021-09-27 14:01:15 -06:00
Jacob Barthelmeh
41f3a006ac
sanity check on padding size imported
2021-09-27 14:01:15 -06:00
Jacob Barthelmeh
21181f2437
canned test was made without the wolfssl_idea enum on
2021-09-27 14:01:15 -06:00
Jacob Barthelmeh
13478a94a8
sanity check on block size with block cipher type
2021-09-27 14:01:15 -06:00
Jacob Barthelmeh
8b456b90e0
add test case for tls export/import
2021-09-27 14:01:15 -06:00
Jacob Barthelmeh
1929024029
fix for getting export buffer size
2021-09-27 14:01:15 -06:00
Jacob Barthelmeh
64f53c4e1b
fix macro name and make api public
2021-09-27 14:01:15 -06:00
Jacob Barthelmeh
22b6cc675a
add import/export of peer info with tls
2021-09-27 14:01:15 -06:00
Jacob Barthelmeh
2871fc670f
initial serialization of TLS session
2021-09-27 14:00:13 -06:00
David Garske
943c98a45e
Fix some PKCS11 warnings and spelling errors. ( #4427 )
2021-09-27 08:23:48 +10:00
David Garske
3bdce348e9
Added NID_pkcs9_contentType and ub_ to compatibility layer ( #4408 )
...
* Added `NID_pkcs9_contentType` and `ub_` values. ZD 11742
* Improve the API unit test. Also only include when `WOLFSSL_CERT_REQ` defined.
2021-09-27 08:21:53 +10:00
Chris Conlon
9e4ab9b638
Add BIO_up_ref(), PEM_read_DHparam(), EVP_MD_nid() ( #4348 )
...
* add BIO_up_ref
* add PEM_read_DHparams()
* add EVP_MD_nid()
* exclude PEM_read_DHparams when NO_FILESYSTEM defined
* review feedback: single threaded, indents, EVP_MD_nid
2021-09-27 08:20:37 +10:00
Juliusz Sosinowicz
32e4d5ad70
Use record size instead of buffer size to validate alert length ( #4425 )
2021-09-27 08:05:13 +10:00
Hayden Roche
709a84f8b5
Add support for libwolfcrypttest and libwolfcryptbench to autotools flow.
...
These can be built by configuring with `--enable-crypttests-libs`.
2021-09-25 10:31:06 -07:00
Hayden Roche
302938d3c6
Improve wolfcrypt test/bench library comments.
...
These can be built as shared libraries, too, so the comments shouldn't be
specific about static libraries.
2021-09-25 10:30:01 -07:00
John Safranek
7319627533
Merge pull request #4423 from elms/gcc_makefile_options
...
GCC makefile: allow overriding and provide more flexibility
2021-09-24 14:07:48 -07:00
Hayden Roche
9634a54b8f
Improve CMake build option handling.
...
Prior to this commit, we only allowed CMake options to be specified according to
a finite set of values. For example if an option "WOLFSSL_FEATURE" was permitted
to take only the values "yes" and "no" and a user ran
`cmake -DWOLFSSL_FEATURE=ON`, that would fail because ON isn't in `[yes, no]`.
However, this behavior runs counter to CMake's way of evaluating boolean values,
which permits a variety of values that evaluate to true/false (see
https://cmake.org/cmake/help/latest/command/if.html#basic-expressions ). This
commit will allow the user to specify any value for a build option. If it's not
in the predefined set of values, we use CMake's "if" logic to reduce the value
to yes or no.
2021-09-24 13:54:18 -07:00
Hayden Roche
ec857f6f62
Add a CMake option to build wolfcrypt test and bench code as static libs.
...
Application code can use the resulting CMake targets or the static library
artifacts directly (e.g. libwolfcrypttest.a on *nix).
2021-09-24 13:54:18 -07:00
elms
690b7d9800
GCC makefile: fix warning for hard fault format strings
2021-09-24 10:47:47 -07:00
TakayukiMatsuo
0bf832bd2a
fix uninitialized variables
2021-09-24 23:22:04 +09:00
TakayukiMatsuo
5b3dfabc32
Introduce global protoVerTbl for SSL_CTX_set_min/max_proto_version
2021-09-24 16:05:55 +09:00
David Garske
8169e12975
Merge pull request #4424 from SparkiDev/rsa_dec_pkcs15
...
RSA: cast bitwise negate value to byte before converting to int
2021-09-23 21:47:36 -07:00
Hayden Roche
24e2eded1e
Add to the OpenSSL compatibility layer. ( #4404 )
...
- X509_get_extension_flags
- X509_get_key_usage
- X509_get_extended_key_usage
- ASN1_TIME_to_tm
- ASN1_TIME_diff
- PEM_read_X509_REQ
- ERR_load_ERR_strings
- BIO_ssl_shutdown
- BIO_get_ssl
- BIO_new_ssl_connect
- BIO_set_conn_hostname
2021-09-24 12:26:53 +10:00
Sean Parkinson
d5a803d81d
RSA: cast bitwise negate value to byte before converting to int
2021-09-24 09:18:49 +10:00
Anthony Hu
33cb823148
Remove legacy NTRU and OQS ( #4418 )
...
* Remove NTRU and OQS
* Keep the DTLS serialization format backwards compatible.
* Remove n from mygetopt_long() call.
* Fix over-zealous deletion.
* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
Elms
23f4aadf27
GCC makefile: allow overriding and provide more flexibility
...
- older GCC and additional platforms
- `NO_EXAMPLES` to exclude building .o files
- add FIPS optional
2021-09-23 14:55:34 -07:00
John Safranek
79787eaaa4
Merge pull request #4419 from anhu/set1_groups_list
...
Make quantum-safe groups available to the compatibility layer.
2021-09-23 10:28:02 -07:00
Chris Conlon
82a3d79c2f
unnecessary variable init, else formatting in bio.c
2021-09-23 11:26:17 -06:00
John Safranek
a4609c612f
Merge pull request #4413 from kabuobeid/wpas_keying
...
Add HAVE_KEYING_MATERIAL requirement to WPAS, to use wolfSSL_export_keying_material
2021-09-23 10:20:34 -07:00
John Safranek
8818df2d34
Merge pull request #4415 from elms/ppc/define_gates_64bit_literals
...
Define gate fixes and sha3 64bit literal definitions
2021-09-23 10:18:03 -07:00
Anthony Hu
58a02495fe
Make the quantum-safe groups available to the OpenSSL compatibility layer.
2021-09-22 15:28:44 -04:00
Daniel Pouzzner
b716c88e01
smallstack refactors for ge_double_scalarmult_vartime(), sp_ModExp_4096(), and sp_DhExp_4096().
2021-09-22 13:58:05 -05:00
Eric Blankenhorn
e6e7795140
Make subj alt name order match openSSL ( #4406 )
2021-09-22 10:29:57 +10:00
John Safranek
df30a88dc6
Merge pull request #4414 from JacobBarthelmeh/devcrypto
...
update macro guard on SHA256 transform call
2021-09-21 10:03:51 -07:00
John Safranek
63a3eef97a
Merge pull request #4403 from dgarske/zd12852_sniffer
...
Sniffer improvements for handling TCP ack unseen and retransmission issues
2021-09-21 09:53:27 -07:00
John Safranek
7ec7faddef
Merge pull request #4405 from anhu/truncating_last_char
...
Fix for `set1_curves_list` ignoring last character
2021-09-21 08:49:53 -07:00
David Garske
34c6e8f975
Merge pull request #4407 from douzzer/linuxkm-SIMD-IRQ
...
linuxkm-SIMD-IRQ
2021-09-20 14:57:38 -07:00
Elms
ef33445316
Define gate fixes and sha3 64bit literal definitions
...
Found when supporting PPC750
2021-09-20 13:48:34 -07:00
Daniel Pouzzner
6d715130a2
linuxkm: cleanups and smallstack refactors related to WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED, associated linuxkm-SIMD-IRQ PR, and associated peer review:
...
smallstack refactors for wolfcrypt/src/rsa.c:wc_CheckProbablePrime_ex() and wolfcrypt/src/pwdbased.c:wc_PKCS12_PBKDF_ex();
add WARN_UNUSED_RESULT macro to types.h;
text format cleanup;
fix internal.c:LowResTimer() implementation.
refactor tls13.c:TimeNowInMilliseconds() for kernel 4.9 and 3.16 compat.
use ktime_get_coarse_real_ts64() only for kernel 5.x+. in kernel 4.x, use its older form, current_kernel_time64(), and in 3.x, use getnstimeofday().
linuxkm/module_hooks.c: fix wolfssl_init() pie code to be compatible with kernel 4.4-;
fix allocate_wolfcrypt_irq_fpu_states() return codes to all be wolfcrypt codes, and in calling code, pass up that code (suggested by dgarske peer review).
2021-09-20 13:46:51 -05:00
Daniel Pouzzner
ec21dd6d13
miscellaneous buildability fixes:
...
configure.ac: fix ed25519/sha512 dependency test to not misfire when ENABLED_32BIT;
wolfssl/wolfcrypt/curve{25519,448}.h: fix redundant typedefs of curve{25519,448}_key (fixes -Wpedantic warnings);
configure.ac: fix for "ISO C forbids an empty translation unit [-Werror=pedantic]", re wolfcrypt/src/sp_c{32,64}.c;
configure.ac: fixes for --enable-32bit versus pedantic "ISO C forbids an empty translation unit", including explicit exclusion of 32bit-incompatible algorithms from enable-all and enable-all-crypto sets;
tests/api.c: fixes for a couple inadequately gated SHA2 dependencies;
tests/api.c:test_wolfSSL_set_alpn_protos(): fix prototype missing (void);
wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h: fix ForceZero() definition and NO_INLINE prototype to not counterfactually constify the mem ptr, to avoid -Wmaybe-uninitialized from gcc11;
wolfcrypt/src/des3.c: drop obsolete register qualifier from declaration in DesSetKey(), for c++17 compatibility;
src/ssl.c:wolfSSL_BN_mod_word(): fix cast of arg2 to mp_mod_d().
2021-09-20 13:38:52 -05:00
David Garske
753a931196
Merge pull request #4416 from SparkiDev/mp_submod_addmod_ct
...
SP math, TFM: constant time addmod, submod
2021-09-20 11:37:45 -07:00
David Garske
a62f103899
Merge pull request #4412 from anhu/level
...
Convert post-quantum algorithm group names
2021-09-20 11:27:20 -07:00
Daniel Pouzzner
83e0e19e03
linuxkm feature additions:
...
add build-time support for module signing using native Linux facility;
add support for alternative licenses using WOLFSSL_LICENSE macro;
improve load-time kernel log messages;
add support for sp-math-all asm/AVX2 acceleration;
add error-checking and return in SAVE_VECTOR_REGISTERS();
implement support for x86 accelerated crypto from interrupt handlers, gated on WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED:
* wolfcrypt_irq_fpu_states
* am_in_hard_interrupt_handler()
* allocate_wolfcrypt_irq_fpu_states()
* free_wolfcrypt_irq_fpu_states()
* save_vector_registers_x86()
* restore_vector_registers_x86()
add WOLFSSL_LINUXKM_SIMD, WOLFSSL_LINUXKM_SIMD_X86, and WOLFSSL_LINUXKM_SIMD_ARM macros for more readable gating.
2021-09-20 10:27:13 -05:00
Daniel Pouzzner
2629b8b1fb
wolfcrypt/src/wc_port.c LINUXKM time(): use ktime_get_coarse_real_ts64 instead of ktime_get_real_seconds, to avoid GPL-only function, and fix the calculation in the kernel 3.x codepath.
2021-09-20 10:27:13 -05:00
Daniel Pouzzner
1209908468
tests/api.c: fix key size in test_wc_ecc_shared_secret().
2021-09-20 10:27:13 -05:00
Daniel Pouzzner
45e9872714
wolfcrypt/benchmark: fix output buffer size in bench_eccEncrypt().
2021-09-20 10:27:13 -05:00
Anthony Hu
ebf1168240
Documenting the level meanings
2021-09-20 10:11:49 -04:00
Anthony Hu
c733be728f
Trivial change to re-trigger jenkins.
2021-09-20 08:37:56 -04:00
Jacob Barthelmeh
f1ff3da47c
fix for case of long type on 32bit systems
2021-09-19 21:20:58 -06:00
Hayden Roche
ec0335cdb3
Use WOLFSSL_SUCCESS instead of 1.
2021-09-19 17:20:55 -07:00
Jacob Barthelmeh
1bf4dbfa32
rename enum value
2021-09-19 17:20:55 -07:00
Jacob Barthelmeh
3f534e7e07
return macro and macro guards
2021-09-19 17:20:55 -07:00
Chris Conlon
dae4d637c9
define SSL_OP_* in openssl/ssl.h for compatibility
2021-09-19 17:20:54 -07:00
Chris Conlon
b8c90b369e
bump openssl version for Python 3.8.5 port with WOLFSSL_PYTHON
2021-09-19 17:20:54 -07:00
Chris Conlon
0f344e4b64
add SHA3 NID and name info to wolfssl_object_info[]
2021-09-19 17:20:54 -07:00
Chris Conlon
f6b91f04ed
BIO_set_nbio() should always return 1, check input bio for NULL before using
2021-09-19 17:20:54 -07:00
Sean Parkinson
f63fac82cd
SP math, TFM: constant time addmod, submod
...
Improve performance of fp_submod_ct() and fp_addmod_ct().
Improve performance of sp_submod_ct() and sp_addmod_ct().
2021-09-20 10:12:21 +10:00
Kaleb Himes
9bd300e07d
AESNI in FIPS mode does not support zero length inputs ( #4411 )
...
* AESNI in FIPS mode does not support zero length inputs
* Update note to specifically note AESNI
2021-09-20 08:29:15 +10:00
JacobBarthelmeh
f447e4c1fa
update macro guard on SHA256 transform call
2021-09-17 15:06:13 -07:00
Kareem Abuobeid
5c3c2dd1bf
Add HAVE_KEYING_MATERIAL requirement to WPAS, to use wolfSSL_export_keying_material
2021-09-17 14:53:01 -07:00
JacobBarthelmeh
989179a94a
set value for number of protocols in table
2021-09-17 14:04:42 -07:00
David Garske
b14e9c1134
Sniffer improvements for handling TCP out of order, ack unseen and retransmission issues.
2021-09-17 13:16:39 -07:00
Anthony Hu
79cc6be806
Make jenkins happy
2021-09-17 15:50:06 -04:00
Jacob Barthelmeh
9ee96c484b
update macro guard
2021-09-17 13:17:05 -06:00
Anthony Hu
13d4722678
Convert post-quantum algorithm group names
...
... from using parameter set names from the papers to NIST levels.
2021-09-17 13:28:34 -04:00
John Safranek
ffa13f314b
Merge pull request #4409 from SparkiDev/tfm_submod_ct
...
TFM: fp_submod_ct fix check for greater
2021-09-17 08:41:20 -07:00
John Safranek
bb70fee1ec
Merge pull request #4390 from anhu/hybridizing
...
Hybridizing NIST ECC groups with the OQS groups.
2021-09-16 22:01:39 -07:00
Sean Parkinson
9623797064
TFM: fp_submod_ct fix check for greater
...
a can be greater than modulus.
Update fp_montgomery_reduce_mulx() to reflect the updates to
fp_montgomery_reduce_ex().
2021-09-17 10:12:07 +10:00
JacobBarthelmeh
ff963e7259
fall back to previous version if PRF not compiled in
2021-09-16 14:08:12 -07:00
Anthony Hu
5151cc289e
Make clang happy.
2021-09-16 14:41:19 -04:00
John Safranek
4380e8b94a
Merge pull request #4391 from JacobBarthelmeh/Sniffer
...
add sanity check on buffer size
2021-09-16 09:36:48 -07:00
JacobBarthelmeh
f2bce42bbd
add function wolfSSL_CTX_get_max_proto_version and handling for edge cases
2021-09-16 01:01:38 -07:00
JacobBarthelmeh
60aa7b9a62
compat layer adjustments, pseudo rand update, fix for peek with ASN1_R_HEADER_TOO_LONG
2021-09-16 00:56:44 -07:00
John Safranek
3503be2c13
Merge pull request #4362 from JacobBarthelmeh/wolfCLU
...
add wolfclu enable option and remove test macro guard
2021-09-15 13:57:50 -07:00
Anthony Hu
07656e371c
Parameter sanity check and a unit test.
2021-09-15 16:29:55 -04:00
John Safranek
71e8d3ca3c
Merge pull request #4358 from SparkiDev/arm_sha512_crypto
...
AARCH64 SHA512: implementation using crypto instructions added
2021-09-15 09:51:09 -07:00
Anthony Hu
4f3c55988b
We were ignoring the last character of the group name.
2021-09-15 12:50:04 -04:00
Juliusz Sosinowicz
4ad8b07c1c
wolfSSL_PEM_write_bio_PUBKEY needs to write only the public part (#4354 )
...
* `wolfSSL_PEM_write_bio_PUBKEY` needs to write only the public part
The `wolfSSL_PEM_write_bio_PUBKEY` output can't contain the private portion of the key. This output could be used to distribute the public key and if it contains the private part then it gets leaked to others.
* Add heap hint to `wolfSSL_RSA_To_Der`
* Correct function name in logs
2021-09-15 17:34:43 +10:00
Sean Parkinson
17c2e9e1cd
AARCH64 SHA512: implementation using crypto instructions added
...
Use --enable-armasm=sha512-crypto or define WOLFSSL_ARMASM_CRYPTO_SHA512
to use SHA512 cryptographic instructions.
Checks system register for the feature before using the SHA512
instructions.
Added SHA512 input data alignment test.
Add support for SHA512/224 and SHA512/256 to ARM port.
2021-09-15 12:05:48 +10:00
David Garske
d86aed210b
Merge pull request #4398 from SparkiDev/cppcheck_fixes_7
...
cppcheck fixes and a config fix
2021-09-14 18:19:30 -07:00
Hideki Miyazaki
d9767207b7
call alpn selection call-back at server side only ( #4377 )
...
* call alpn selection call-back at server side only
* addressed review comment
* addressed jenkins failure
2021-09-15 10:02:18 +10:00
David Garske
3c21996002
Merge pull request #4353 from SparkiDev/pkcs11_static_link
...
PKCS #11 : support static linking with PKCS #11 library
2021-09-14 15:26:52 -07:00
David Garske
4be3b2b351
Merge pull request #4401 from embhorn/gh4400
...
Fix overflow check in ClientMemSend
2021-09-14 12:20:32 -07:00
David Garske
9c3d3ffcd2
Merge pull request #4396 from kabuobeid/iotsafe_header
...
Fix exporting iotsafe functions by adding missing include in iotsafe.c.
2021-09-14 10:01:44 -07:00
Eric Blankenhorn
2274d0b773
Fix overflow check in ClientMemSend
2021-09-14 11:17:01 -05:00
Juliusz Sosinowicz
bfbb445e06
Register cleanup with atexit for OpenSSL compat layer
2021-09-14 16:45:11 +02:00
Sean Parkinson
142c7a9892
cppcheck fixes and a config fix
...
./configure --disable-rsa --disable-ecc --disable-dsa
--enable-curve25519 --disable-ed25519 --disable-curve448
--disable-ed448 --enable-cryptonly
suites.c, testsuite.c: ensure port is an integer for snprintf.
unit.c: make memFailCount an integer for printf.
aes.c:
Reduce variable scope.
Check aes is not NULL before use in GHASH implementations.
XTS check sz is greater than or equal to a AES_BLOCK_SIZE rather than
0 as another block is processed.
wc_AesXtsEncrypt, wc_AesXtsEncrypt - simplify braces and ifdefs
wc_AesEcbEncrypt - subtracting from sz is unnecessary as is unused
after.
asn.c:
StoreKey, StoreEccKey - compiler doesn't see ret != 0 when publicKey
is NULL.
DecodeAuthInfo - count is not used when after break.
DecodeSubtree - don't use min and max as variables (already macros).
SetEccPublicKey - initialize pubSz and set sz regardless for
compiler's sake.
wc_EncodeName_ex - use unique variable 'namesASN'; ret isn't set after
last check.
SetEccPublicKey - simplify code by using else rather than check ret
wasn't set.
DecodeAsymKey - ret not modified in non-template implementaiton.
SetAsymKeyDer - ret still at initialized value here.
DecodeResponseData - ensure dataASN is freed when single->next->status
failed to allocate.
test.c:
curve255519_der_test() can't be compiled when NO_ASN is defined.
types.h:
cast to the appropriate type in EXIT_TEST
test.h
don't return anything when THREAD_RETURN is void and EXIT_TEST is for
threading with stack size.
2021-09-14 16:08:26 +10:00
Hideki Miyazaki
ab3bbf11e9
add ASN1_R_HEADER_TOO_LONG case ( #4392 )
...
* add ASN1_R_HEADER_TOO_LONG case
* addressed review comments
2021-09-14 12:32:30 +10:00
TakayukiMatsuo
c8bcfe4763
Add implementation to make wolfSSL_BIO_flush work for WOLFSSL_BIO_FILE ( #4395 )
2021-09-14 10:08:55 +10:00
Kareem
39ce723577
Fix exporting iotsafe functions by adding missing include in iotsafe.c.
2021-09-13 16:45:18 -07:00
Hideki Miyazaki
4d49ab6342
add store finished message on Tls13 ( #4381 )
...
* add to store finished message on Tls13
* addressed jenkins failure
* jenkins failures
sanity check for size before copying memory
* remove check of finishSz
* addressed review comments
2021-09-14 09:22:16 +10:00
David Garske
a65ab0c4af
Merge pull request #4189 from SparkiDev/sp_calc_vfy_check_ret
...
SP ECC: calc vfy point not check mod_inv return
2021-09-13 11:17:50 -07:00
David Garske
f08b1c49a9
Merge pull request #4371 from anhu/doc_update
...
Documentation fixup to reflect that we will error out if you set a ba…
2021-09-13 11:14:25 -07:00
Jacob Barthelmeh
f06414903c
fix for scan build warning and better check on size
2021-09-13 09:35:55 -06:00
David Garske
f64c22839e
Merge pull request #4380 from SparkiDev/fp_submod_ct_overflow
...
TFM: check size of inputs
2021-09-13 07:56:54 -07:00
David Garske
05ed3dc9ea
Merge pull request #4387 from SparkiDev/popen_host
...
Get host name: add code to use popen and the command 'host'
2021-09-13 07:55:45 -07:00
David Garske
51c1f27065
Merge pull request #4393 from SparkiDev/srp_test_1536
...
SRP test; increase size of N
2021-09-13 07:29:59 -07:00
David Garske
bce2c010de
Merge pull request #4394 from SparkiDev/regression_fixes_2
...
Fixes for configurations and a cppcheck fix
2021-09-13 07:22:24 -07:00
Sean Parkinson
c42573096a
Fixes for configurations and a cppcheck fix
...
configure --disable-shared --enable-opensslextra --enable-dsa
--enable-curve25519 --enable-ed25519 --enable-curve448 --enable-ed448
--enable-ocsp --enable-all --enable-asn=template
GetCertName() sets raw in ASN template code too.
GetBasicDate() not needed for template ASN.
SetAsymKeyDer() ASN template version now returns 0 when output is NULL
too.
./configure '--disable-shared' '--enable-curve25519' '--enable-ed25519'
'--disable-rsa' '--disable-ecc'
SetBitString() is needed now.
Close the file before return in wolfSSL_save_session_cache() and
wolfSSL_restore_session_cache().
2021-09-13 10:25:19 +10:00
Sean Parkinson
33028de0de
SRP test; increase size of N
...
SHA512 digest was sometimes too big for the 1024-bit N.
Increase N to 1536 bits to ensure no intermittent fails.
2021-09-13 09:18:26 +10:00
JacobBarthelmeh
4bd87a0c41
sanity check on pkcs7 input size ( #4386 )
2021-09-13 08:34:23 +10:00
Jacob Barthelmeh
602ec188ad
sanity checks on ed25519 private key decode
2021-09-10 21:51:18 -06:00
Jacob Barthelmeh
ae4766ae96
add sanity check on buffer size
2021-09-10 16:49:42 -06:00
David Garske
42db91e454
Merge pull request #4389 from SparkiDev/sha512_rework
...
SHA512: Tidy up and have Sha512_224/256 FinalRaw return smaller digest
2021-09-10 13:01:08 -07:00
Jacob Barthelmeh
93d805352f
move setting of ENABLED_MD5
2021-09-10 12:17:11 -06:00
Anthony Hu
1168d4ce49
changes to address dgarske's comments
2021-09-10 13:51:44 -04:00
Anthony Hu
c9cf39de64
Make jenkins windows happy?
2021-09-10 13:26:19 -04:00
Anthony Hu
fb733b4662
Hybridizing the OQS groups with NIST ECC groups.
2021-09-10 13:12:12 -04:00
Anthony Hu
5a5bc9c571
Remove NAMED_DH_MASK as its usage catches some OQS groups.
2021-09-10 09:44:12 -04:00
Sean Parkinson
cd8bff272c
SHA512: Tidy up and have Sha512_224/256 FinalRaw return smaller digest
...
Make code cleaner by passing in parameters instead of determining from
type.
Remove trailing whitespace.
2021-09-10 09:52:01 +10:00
Eric Blankenhorn
5e3f7d8778
Add return value checking for FREESCALE_RNGA ( #4388 )
2021-09-10 08:52:34 +10:00
elms
98f286d8cb
Consistent return value from SSL_CTX_load_verify_locations{,_ex} ( #4341 )
...
On any failure, return `WOLFSSL_FAILURE`
If there was a failure and a successful processing of certs from the
same directory, the return value depended on the last cert processed
which not guarenteed to be the same order. If the last cert load
failed, it would return the specific wolfSSL error code. If it
succeeded, then WOLFSSL_FAILURE would be returned as a generic failure
due to a previous cert error.
2021-09-10 08:45:13 +10:00
Eric Blankenhorn
649aa9c95f
Add error handling to wolfSSL_BIO_get_len ( #4385 )
2021-09-10 08:15:30 +10:00
Sean Parkinson
72486333c3
Get host name: add code to use popen and the command 'host'
...
When compiling for QEMU, the gethostbyname call doesn't have access to
the OS DNS.
Implemented a lookup of hostname that uses the system command host.
Fix for QEMU Aarch64 where 'char' is unsigned and the -1 return is being
converted to 255 in wolfSSL_OPENSSL_hexchar2int().
Test TLSv1.3 with www.google.com if wolfSSL supports it.
CMAC: cannot cast size_t* to word32* when big-endian.
SP math all: Random prime - munge bits before moving them around for
big-endian.
BIO, no filesystem: Allow BIO_prinf to be used with mem BIO.
2021-09-09 18:32:19 +10:00
Sean Parkinson
89dd1a65ca
TFM: check size of inputs
...
fp_submod_ct and fp_addmod_ct need modulus (c) words plus one.
Check that the modulus length is valid for fixed data array size.
Improved fp_submod_ct to only use as many words as necessary.
Added comments to fp_submod_ct and fp_addmod_ct.
2021-09-09 09:20:11 +10:00
JacobBarthelmeh
934b0ab572
free structure on error case ( #4383 )
2021-09-09 08:07:22 +10:00
David Garske
b6665df6a8
Fixes for sniffer handling of TCP spurious retransmission ( #4372 )
...
* Fix for sniffer to better handle spurious retransmission edge case. ZD 12852
* Fix for sniffer to not send alerts during application data processing.
* Fix for missing semi-colon on XFREE.
* Fix for `bench_stats_print` with stack variable name used in `bench_ecc`. Improve benchmark thread cleanup, CPU count calcuation and stat blocking logic.
2021-09-08 09:40:58 +10:00
JacobBarthelmeh
078e0a7379
add unlock of mutex in fail cases ( #4378 )
2021-09-08 08:51:34 +10:00
Hideki Miyazaki
a118de1043
copy sessionCtxSz ( #4375 )
2021-09-08 08:03:35 +10:00
David Garske
3ca1900528
Merge pull request #4379 from haydenroche5/cmake
...
Fix issue with CMake build where CMAKE_C_FLAGS is empty.
2021-09-07 14:15:18 -07:00
Hayden Roche
93d3739ae7
Fix issue with CMake build where CMAKE_C_FLAGS is empty.
2021-09-07 12:11:43 -07:00
Hideki Miyazaki
51a2f9de17
return value convention on compatibility layer ( #4373 )
...
* return value convention
* addressed review comments
* addressed review comment part2
* fix jenkins failures
2021-09-07 08:15:08 +10:00
Hideki Miyazaki
d4387493fb
keep CRLInfo at own cert memory ( #4374 )
2021-09-07 08:11:29 +10:00
Anthony Hu
10a4cfae9d
Documentation fixup to reflect that we will error out if you set a bad group identifier
2021-09-03 12:46:44 -04:00
Jacob Barthelmeh
4844f7598e
account for 32bit build with ed25519
2021-09-03 10:03:37 -06:00
TakayukiMatsuo
90116a2873
Add support for wolfSSL_EVP_PBE_scrypt ( #4345 )
2021-09-03 15:49:02 +10:00
David Garske
35cef831bf
Fix for missing heap hint with RSA PSS and WOLFSSL_PSS_LONG_SALT ( #4363 )
...
* Fix for missing heap hint with RSA PSS and `WOLFSSL_PSS_LONG_SALT`. This fix will only allocate buffer if it exceeds the local buffer. Added `wc_RsaPSS_CheckPadding_ex2` to support heap hint if required. Fixed asn.c build issue with `NO_CERTS`. Fixed several spelling errors in asn.c. ZD12855.
* Improve the dynamic memory NULL checking in `wc_RsaPSS_CheckPadding_ex2` with `WOLFSSL_PSS_LONG_SALT` defined.
2021-09-03 15:42:31 +10:00
David Garske
a3ee84bf6d
Merge pull request #4355 from anhu/check_support_of_group
...
BUGFIX: Its possible to send a supported group that is not supported.
2021-09-02 20:03:32 -07:00
David Garske
43cb7d5ada
Merge pull request #4368 from haydenroche5/cmake
...
Make sure CMAKE_C_FLAGS gets parsed for defines to add to options.h.
2021-09-02 20:01:08 -07:00
elms
fd77cb8918
fix wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex bound checks ( #4369 )
...
RFC3394 in must be at least 2 64-bit blocks and output is one block longer.
On Unwrapping the input must then be a minimum of 3 64-bit blocks
2021-09-03 12:48:01 +10:00
John Safranek
1662b01157
Merge pull request #4367 from julek-wolfssl/zd12834
...
Changes for ED25519 and `HAVE_SECRET_CALLBACK`
2021-09-02 15:46:44 -07:00
Jacob Barthelmeh
c412d23b07
add wolfclu enable option
2021-09-02 16:46:38 -06:00
Kaleb Himes
a9a1158f46
Remove test cases not supported by ARM64_ASM in FIPS mode - OE25 ( #4342 )
2021-09-03 08:37:34 +10:00
Anthony Hu
26c7592d4b
leantls only supports secp256r1.
2021-09-02 17:38:04 -04:00
Hayden Roche
12d7487774
Make sure CMAKE_C_FLAGS gets parsed for defines to add to options.h.
...
For example, if a user does
```
cmake -DCMAKE_C_FLAGS="-DWOLFSSL_AESGCM_STREAM -DFP_MAX_BITS=16384" ..
```
definitions for `WOLFSSL_AESGCM_STREAM` and `FP_MAX_BITS 16384` should wind up
in options.h (same as the autotools build).
2021-09-02 13:00:24 -07:00
Anthony Hu
428fe29537
Remove authentication related logic from TLSX_ValidateSupportedCurves()
2021-09-02 14:07:06 -04:00
David Garske
03fba72027
Merge pull request #4361 from julek-wolfssl/GetASNHeader-return
...
Missing `GetASNHeader` return handling
2021-09-02 09:18:06 -07:00
David Garske
587389d137
Merge pull request #4366 from douzzer/cpp-anon-inline-unions
...
C++ HAVE_ANONYMOUS_INLINE_AGGREGATES sensing
2021-09-02 09:14:31 -07:00
Juliusz Sosinowicz
4a26b53dfc
Changes for ED25519 and HAVE_SECRET_CALLBACK
...
- `HAVE_SECRET_CALLBACK` needs to have `wolfSSL_SSL_CTX_get_timeout` and `wolfSSL_SSL_get_timeout` available
- Call `wolfSSL_KeepArrays` for `HAVE_SECRET_CALLBACK`
- Increase the default `DTLS_MTU_ADDITIONAL_READ_BUFFER` and make it adjustable by the user
- Don't truncate application data returned to user in `wolfSSL_read_internal`
2021-09-02 15:58:30 +02:00
Juliusz Sosinowicz
abc046b5b7
Missing GetASNHeader return handling
2021-09-02 14:56:58 +02:00
TakayukiMatsuo
56843fbefd
Add support for EVP_sha512_224/256 ( #4257 )
2021-09-02 14:05:07 +10:00
David Garske
504e27dfa7
Merge pull request #4357 from gojimmypi/patch-1
...
Espressif README Syntax / keyword highlighting / clarifications
2021-09-01 18:35:32 -07:00
gojimmypi
e079b357df
copy missing Espressif/ESP-IDF files from wolfssl/wolfcrypt/benchmark ( #4273 )
...
* copy missing files from wolfssl/wolfcrypt/benchmark
* instead of GitHub copy, update setup to perform the copy of ESP-IDF benchmark files; add --verbose option
* update setup to perform the copy of ESP-IDF benchmark files; add --verbose option
* copy benchmark.c / benchmark.h at setup time
2021-09-01 18:34:46 -07:00
JacobBarthelmeh
bac0497c35
PKCS7 fix for double free on error case and sanity check on set serial number ( #4356 )
...
* check for error value on set serial number
* set pointer in fail case
2021-09-02 09:13:35 +10:00
Daniel Pouzzner
c8f65ec404
wolfcrypt/types.h: fix HAVE_ANONYMOUS_INLINE_AGGREGATES sensing to correctly accommodate C++ builds.
2021-09-01 17:01:55 -05:00
Anthony Hu
5e12fa3eb7
Some small bugfixes uncovered by the unit tests.
2021-09-01 16:25:04 -04:00
Anthony Hu
096db7577f
Make jenkins happy. \n\nI feel like I should put the guard around the whole function but then other things break.
2021-09-01 10:54:52 -04:00
Anthony Hu
0d6d171fa4
BUGFIX; Its possible to sending a supported group that is not supported.
...
This change fixes that.
2021-09-01 10:54:52 -04:00
David Garske
d23b0784b3
Fix for building session tickets without TLS v1.3. Broken in PR #4275 . ( #4360 )
2021-09-01 10:06:31 +10:00
David Garske
9b6cf56a6e
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer ( #4335 )
...
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.
* Fix for sniffer with TLS v1.3 session tickets.
* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).
* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.
* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.
* Fix for static ephemeral loading of file buffer.
* Added sniffer Curve25519 support and test case.
* Fix for sniffer to not use ECC for X25519 if both are set.
* Fix Curve448 public export when only private is set.
* Fix for `dh_generate_test` for small stack size.
* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.
* Fix invalid comment.
2021-09-01 09:28:24 +10:00
gojimmypi
e25b17b108
Syntax / keyword highlighting / clarifications
...
See https://github.com/espressif/esp-wolfssl/issues/11
2021-08-30 17:35:17 -07:00
John Safranek
0f0ba46ac5
Merge pull request #4352 from haydenroche5/dsa_fips
...
Allow OpenSSL DSA sign/verify functions with FIPS.
2021-08-30 15:47:38 -07:00
John Safranek
35a917e527
Merge pull request #4337 from miyazakh/py_get_ca_certs
...
fix python ut, get_ca_certs
2021-08-30 14:02:05 -07:00
David Garske
4645a6917c
Merge pull request #4168 from JacobBarthelmeh/wolfCLU
...
function additions and fixes for expansion of wolfCLU
2021-08-30 13:42:50 -07:00
John Safranek
078d49ea6f
Merge pull request #4333 from dgarske/evp_devid
...
EVP key support for heap hint and crypto callbacks
2021-08-30 11:59:27 -07:00
John Safranek
ee07bd3fa9
Merge pull request #4331 from SparkiDev/jenkins_fixes_4
...
Jenkins nighlty fixes
2021-08-30 10:29:00 -07:00
John Safranek
85df95e10d
Merge pull request #4324 from miyazakh/maxfragment
...
add set_tlsext_max_fragment_length support
2021-08-30 10:21:59 -07:00
David Garske
2a6b8f4912
Merge pull request #4275 from JacobBarthelmeh/Compatibility-Layer
...
add set num tickets compat function
2021-08-30 09:26:49 -07:00
Sean Parkinson
218f4c80f9
PKCS #11 : support static linking with PKCS #11 library
...
--enable-pkcs11=static LIBS=-l<pkcs11 static library>
or
define HAVE_PKCS11_STATIC
2021-08-30 12:28:28 +10:00
Hayden Roche
3ca77bb09b
Allow OpenSSL DSA sign/verify functions with FIPS.
2021-08-29 18:22:30 -07:00
Sean Parkinson
0488caed4c
Merge pull request #4346 from cconlon/verifyPostHandshake
...
TLS 1.3: add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-30 09:47:23 +10:00
David Garske
c7645a42a7
Merge pull request #4320 from anhu/liboqs_keyshare_updated
...
WolfSSL support for OQS's implementation of NIST Round 3 KEMs as TLS 1.3 groups
2021-08-27 17:42:25 -07:00
Chris Conlon
070029fd08
add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-27 14:49:47 -06:00
JacobBarthelmeh
65cfef5337
fix for free with test case
2021-08-27 14:10:06 -06:00
Kareem
9a438ce289
liboqs integration using keyshare/supported_groups extensions in TLS 1.3
2021-08-27 13:56:53 -04:00
Jacob Barthelmeh
83d39932bb
add test case for X509 EXTENSION set
2021-08-27 11:30:44 -06:00
John Safranek
412528e18b
Merge pull request #4336 from elms/sp_out_of_range
...
sp_math: error on multiplier larger than curve order
2021-08-27 10:15:42 -07:00
John Safranek
8b79f77fb0
Merge pull request #4327 from JacobBarthelmeh/Compatibility-Layer-Part3
...
add implementation of AUTHORITY_INFO_ACCESS_free
2021-08-27 09:27:34 -07:00
Jacob Barthelmeh
40a4015491
add no server macro guard
2021-08-27 08:28:50 -06:00
Jacob Barthelmeh
ff9fed08a3
fix count on number of tickets sent
2021-08-26 21:17:45 -06:00
Sean Parkinson
db8f4e4f19
Jenkins nighlty fixes
...
wolfSSL_Rehandshake(): don't set 'ret' unless HAVE_SESSION_TICKET
defined (otherwise compiler will complain: warning: Value stored to
'ret' is never read)
AES GCM streaming: fix 64-bit word version to compile and pass testing
Use '--enable-aesgcm=word' to get the word32 or word64 implementation
depending on the availabilty of 64-bit type.
2021-08-27 08:46:39 +10:00
Jacob Barthelmeh
a52df87c8a
adjust type for max tickets variable and number sent with WOLFSSL_TLS13_TICKET_BEFORE_FINISHED macro
2021-08-26 15:45:21 -06:00
Jacob Barthelmeh
21159659cf
add implementation of AUTHORITY_INFO_ACCESS_free
2021-08-26 14:48:12 -06:00
David Garske
ef0fb6520d
Merge pull request #4283 from JacobBarthelmeh/Compatibility-Layer-Part2
...
couple more compatibility functions
2021-08-26 11:50:09 -07:00
Chris Conlon
c631cffe3d
Merge pull request #4334 from miyazakh/py_store_stats
...
fix python unit test failure, cert_store_stats
2021-08-26 10:24:24 -06:00
Chris Conlon
b5d42eb773
Merge pull request #4318 from kojo1/i2d_RSA
...
arg type compatibility
2021-08-26 09:51:43 -06:00
Hideki Miyazaki
3896016121
fix python ut, get_ca_certs
2021-08-26 13:51:28 +09:00
elms
be2ad82e6d
sp_math: error on multiplier larger than curve order
...
zd 12674
2021-08-25 14:59:51 -07:00
John Safranek
cb3f42482b
Merge pull request #4332 from dgarske/zd12791
...
Improve CRL error codes
2021-08-25 13:57:46 -07:00
David Garske
3a9d463ef4
Fix use of hardcoded number and added comment.
2021-08-25 09:57:10 -07:00
Hideki Miyazaki
77eff68b95
addressed review comment
2021-08-25 11:07:32 +09:00
Hideki Miyazaki
9b4a635372
fix python unit test failure, cert_store_stats
2021-08-25 10:20:48 +09:00
John Safranek
3f2abef212
Merge pull request #4321 from haydenroche5/libimobiledevice
...
Make changes to support libimobiledevice.
2021-08-24 17:19:26 -07:00
David Garske
b8263f44f7
Added new EVP API for creating a private key for use with crypto callbacks. Improvements to heap hint and devId with EVP layer.
2021-08-24 12:14:44 -07:00
David Garske
700b1c56c1
Improve CRL error codes. Add --enable-crl=io option. ZD 12791
2021-08-24 11:12:12 -07:00
John Safranek
196e092023
Merge pull request #4328 from dgarske/zd12801
...
Fix for sniffer TCP sequence rollover
2021-08-24 10:05:49 -07:00
JacobBarthelmeh
3d8dc68266
free test case object
2021-08-24 10:59:38 -06:00
JacobBarthelmeh
ff521a14e4
add test case and macro mapping
2021-08-24 10:59:38 -06:00
JacobBarthelmeh
de3416998c
fix for memory leak
2021-08-24 10:58:33 -06:00
Jacob Barthelmeh
80d4e0f644
function additions and fixes for expansion of wolfCLU
2021-08-24 10:58:33 -06:00
Hayden Roche
7ff1351971
Make changes to support libimobiledevice.
...
- `EVP_PKEY_assign_RSA` should store the private key in DER format, not the
public key.
- The last call to `infoCb` in `wolfSSL_BIO_write` should provide the length of
the data to write.
- We should be able to parse RSA public keys starting with BEGIN RSA PUBLIC KEY
and ending with END RSA PUBLIC KEY.
2021-08-24 08:52:43 -07:00
Sean Parkinson
a1e26e7bc7
Merge pull request #4308 from dgarske/sess_row_cache
...
Improvements to session locking to allow per-row
2021-08-24 09:07:03 +10:00
John Safranek
9c541568fc
Merge pull request #4313 from SparkiDev/rsa_vfy_only
...
SP RSA verify only: fix to compile
2021-08-23 14:42:56 -07:00
David Garske
fe83d2d941
Fix for sniffer TCP sequence rollover. The math to detect and compute the rollover was off by one. ZD 12801.
2021-08-23 13:54:28 -07:00
Jacob Barthelmeh
da6e8d394f
shift instead of multiply and add comment
2021-08-23 13:24:27 -06:00
David Garske
a13c2e2304
Fix for macro arg paren and double ampersand. Fixes building with ENABLE_SESSION_CACHE_ROW_LOCK.
2021-08-23 09:56:07 -07:00
David Garske
6ec28f508e
Merge pull request #4325 from SparkiDev/jenkins_fixes_3
...
OpenSSL Extra builds: fixes from nightly builds failing
2021-08-23 09:30:15 -07:00
David Garske
206b4641e8
Merge pull request #4326 from danielinux/iotsafe-fix-warning
...
Fix compiler warnings
2021-08-23 08:35:29 -07:00
Daniele Lacamera
b56c89bb84
Fix compiler warnings (ZD12802 and others)
2021-08-23 08:12:24 +02:00
Sean Parkinson
4bfd0443a7
OpenSSL Extra builds: fixes from nightly builds failing
...
Prototype is required when internal.h is not included and GetCA is not
defined.
wolfSSL_EVP_CIPHER_CTX_set_iv_length() is called with CBC cipher in
api.c. Function is not specificly for GCM, though not strictly needed
for CBC.
2021-08-23 12:55:27 +10:00
Hideki Miyazaki
8808e6a3ac
implement set_tlsext_max_fragment_length
2021-08-23 09:08:14 +09:00
David Garske
26cf17e602
Merge pull request #4317 from SparkiDev/math_x86_asm_fix
...
Maths x86 asm: change asm snippets to get compiling
2021-08-20 13:42:15 -07:00
David Garske
c8926a45ab
Improvements to session locking to allow per-row. Can manually be enabled with ENABLE_SESSION_CACHE_ROW_LOCK or forcefully disabled using NO_SESSION_CACHE_ROW_LOCK. Enabled by default for Titan cache. ZD 12715.
2021-08-20 13:03:50 -07:00
Takashi Kojo
10c5e33027
arg type compatibility
2021-08-20 15:21:06 +09:00
Sean Parkinson
dbb03cb5a3
SP RSA verify only: fix to compile
...
Configurations:
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math-all
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math --enable-sp-asm
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math --enable-sp-asm
2021-08-20 13:16:58 +10:00
Sean Parkinson
fa8f23284d
Maths x86 asm: change asm snippets to get compiling
...
TFM:
Use register or memory for c0, c1, c2 in SQRADD and SQRADD2.
SP:
Use register or memory for vl, vh, vo in SP_ASM_MUL_ADD,
SP_ASM_MUL_ADD2 and SP_ASM_SQR_ADD.
2021-08-20 10:35:49 +10:00
John Safranek
e7ef48d2b7
Merge pull request #3869 from SparkiDev/asn1_template
...
ASN1 Template: stricter and simpler DER/BER parsing/construction
2021-08-19 12:47:04 -07:00
Daniel Pouzzner
3226e69649
--enable-linuxkm-pie (FIPS Linux kernel module) ( #4276 )
...
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
2021-08-19 09:15:52 -07:00
John Safranek
16ad5cf3c5
Merge pull request #4315 from SparkiDev/g++_fix_3
...
SRP test: use proper SRP hash type for g++
2021-08-19 08:56:43 -07:00
Sean Parkinson
17a569d4dd
SRP test: use proper SRP hash type for g++
2021-08-19 11:40:43 +10:00
Sean Parkinson
d486b89c61
ASN1 Template: stricter and simpler DER/BER parsing/construction
...
Reduce debug output noise
2021-08-19 11:32:41 +10:00
John Safranek
63fde01e32
Merge pull request #4311 from haydenroche5/rsyslog
...
Make improvements for rsyslog port.
2021-08-18 16:55:32 -07:00
John Safranek
9a1233c04d
Merge pull request #4312 from julek-wolfssl/DH_set_length
...
Implement `DH_set_length`.
2021-08-18 16:42:38 -07:00
John Safranek
eaded189ff
Merge pull request #4310 from haydenroche5/dsa_fips
...
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
2021-08-18 16:33:26 -07:00
John Safranek
18314e5a4f
Merge pull request #4309 from dgarske/sniff_cleanups
...
Improved sniffer statistics and documentation
2021-08-18 16:03:38 -07:00
John Safranek
c2b88a1fca
Merge pull request #4306 from dgarske/pk_tls13
...
Fixes for PK callbacks with TLS v1.3
2021-08-18 15:42:19 -07:00
Sean Parkinson
8df65c3fa7
Merge pull request #4270 from dgarske/zd12586
...
Fixes for various PKCS7 and SRP build issues
2021-08-19 08:12:15 +10:00
John Safranek
ef77cd05d4
Merge pull request #4302 from haydenroche5/libssh2
...
Add missing ECDSA_SIG getter/settter for libssh2.
2021-08-18 15:08:06 -07:00
David Garske
c5f9e55567
Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled.
2021-08-18 11:30:18 -07:00
Chris Conlon
6237a7a00d
Merge pull request #4305 from TakayukiMatsuo/i2t
...
Add support for wolfSSL_i2t_ASN1_OBJECT
2021-08-18 10:37:08 -06:00
Juliusz Sosinowicz
162f14aaf9
Implement DH_set_length.
2021-08-18 13:24:51 +02:00
Sean Parkinson
3c06dd6fa8
SP ECC: calc vfy point not check mod_inv return
...
Not all implementations return an error though.
2021-08-18 10:05:29 +10:00
Sean Parkinson
8f7e09d9b5
Merge pull request #4294 from dgarske/tls13_earlydata
...
Fix early data max size handling in TLS v1.3
2021-08-18 08:48:42 +10:00
David Garske
d1e027b6fa
Fix for pedantic warning with pre-processor in macro.
2021-08-17 14:55:42 -07:00
David Garske
f5076cad1b
Added new files to include.am.
2021-08-17 13:20:34 -07:00
David Garske
d6f5f815e1
Fix for srp_test_digest return code checking. Added GCC-ARM TLS server example.
2021-08-17 11:12:40 -07:00
David Garske
95178e3bdc
Use void* on heap hint test. Also previously fixed in hmac.c.
2021-08-17 10:52:50 -07:00
David Garske
89904ce82e
Fixes for building without AES CBC and support for PKCS7 without AES CBC.
2021-08-17 10:47:19 -07:00
David Garske
a9b8b6d3de
Fix for PKCS7 heap hint in API unit test.
2021-08-17 10:46:53 -07:00
David Garske
e1f603301b
Fixes for SRP with heap hint.
2021-08-17 10:45:50 -07:00
David Garske
c598688f89
Fix for static memory with bucket size matching.
2021-08-17 10:38:27 -07:00
David Garske
69d01afd3a
Merge pull request #4250 from danielinux/iotsafe
...
IoT-Safe with TLS demo
2021-08-17 08:26:19 -07:00
David Garske
5209e235a7
Merge pull request #4307 from SparkiDev/srp_test_digests
...
SRP test: increase size of N to support larger digests
2021-08-17 08:24:47 -07:00
Hayden Roche
c16127d9ab
Make improvements for rsyslog port.
...
- Remove FP_MAX_BITS and RSA_MAX_BITS definitions from rsyslog config. A user
configuring wolfSSL for rsyslog support should set them as they see fit (i.e.
based on the key sizes they need to support).
- After testing with wolfSSL FIPS, I discovered that some functions were missing
from the compatibility layer that rsyslog needs. Notably wolfSSL_DH_generate_key
and wolfSSL_DH_set0_pqg. These were gated out of compilation based on HAVE_FIPS.
However, they only need to be compiled out if WOLFSSL_DH_EXTRA is defined. This
is because these functions call SetDhInternal, which calls wc_DhImportKeyPair
if WOLFSSL_DH_EXTRA is defined. wc_DhImportKeyPair isn't available in the FIPS
module's dh.c. So, these functions can exist in the FIPS build provided
WOLFSSL_DH_EXTRA isn't defined. This commit accounts for this scenario.
2021-08-17 08:19:43 -07:00
TakayukiMatsuo
421be50cb8
Add support for wolfSSL_i2t_ASN1_OBJECT
2021-08-17 10:52:20 +09:00
Hayden Roche
95ab6ce4b8
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
...
This test calls `wolfSSL_DSA_do_sign_ex` and `wolfSSL_DSA_do_verify_ex`, both
of which don't exist if `HAVE_FIPS` is defined.
2021-08-16 17:42:00 -07:00
David Garske
5c00951f09
Do not add DH padding on failure.
2021-08-16 16:31:18 -07:00
David Garske
9898b5d82b
Various spelling fixes.
2021-08-16 16:31:18 -07:00
David Garske
0ea5046b39
Improved documentation for sniffer statistics (ZD 12731).
2021-08-16 16:31:18 -07:00
Sean Parkinson
9066ab6051
SRP test: increase size of N to support larger digests
...
Test all digests supported by SRP.
2021-08-17 09:15:07 +10:00
David Garske
6ac03d41ef
Merge pull request #4203 from SparkiDev/tls13_peek_fix_off
...
TLS 1.3: ability to turn peek change off
2021-08-16 15:25:58 -07:00
Hayden Roche
63d1bd13d4
Add missing ECDSA_SIG getter/settter for libssh2.
2021-08-16 14:43:13 -07:00
David Garske
c8fd5d552e
IoTSafe Improvements. Use new hex to char functions in misc.c. Fix for arm-none-eabi missing nano specs. Cleanups for IoTSafe code, README.md and user_settings.h. Fix linker script to use flash at 0x8000000. Support for TLS v1.3.
2021-08-16 13:13:32 -07:00
Daniele Lacamera
490eeb4003
Support for IoT-Safe with TLS demo
2021-08-16 13:13:30 -07:00
David Garske
70535f51d5
Fixes for PK callbacks with TLS v1.3. Tested with ./configure --enable-pkcallbacks CFLAGS="-DTEST_PK_PRIVKEY -DDEBUG_PK_CB".
2021-08-16 13:09:17 -07:00
Hayden Roche
c6f0fb11d0
Merge pull request #4253 from julek-wolfssl/lighttpd-1.4.55
...
Implement `wolfSSL_set_client_CA_list` and add 'HIGH' cipher suite
2021-08-16 15:05:51 -05:00
David Garske
1ac95b5716
Merge pull request #4303 from haydenroche5/rsyslog
...
Add support for rsyslog.
2021-08-16 11:20:28 -07:00
David Garske
6a37309ece
Merge pull request #4300 from julek-wolfssl/libimobiledevice
...
Missing API for libimobiledevice
2021-08-16 09:40:42 -07:00
Juliusz Sosinowicz
93a53d72de
mem_buf only used with memory and pair BIOs
2021-08-16 13:38:51 +02:00
Hayden Roche
bbb514fa6d
Add support for rsyslog.
...
- Add an --enable-rsyslog option to configure.ac.
- Add a few missing `WOLFSSL_ERROR` calls that were expected by rsyslog unit
tests.
- Add better documentation around `WOLFSSL_SHUTDOWN_NOT_DONE` and define it to
be 0 (rather than 2) when `WOLFSSL_ERROR_CODE_OPENSSL` is defined. This is in
accordance with OpenSSL documentation. Without this change, rsyslog was
failing to do the bidirectional shutdown properly because it was checking the
shutdown return value against 0. I'm keeping the old value when
`WOLFSSL_ERROR_CODE_OPENSSL` isn't defined because it's part of the public
wolfssl interface (it's in ssl.h).
2021-08-13 23:24:28 -07:00
Juliusz Sosinowicz
0f6e564093
Rebase fixes
2021-08-14 00:35:55 +02:00
Juliusz Sosinowicz
6a5f40d698
Code review fixes.
2021-08-14 00:25:00 +02:00
Juliusz Sosinowicz
72f1d0adac
Refactor client_CA API to use wolfSSL_sk_X509_NAME_* API
2021-08-14 00:24:24 +02:00
Juliusz Sosinowicz
62cab15c64
Reorganize wolfSSL_sk_X509_NAME_*
...
Make the `wolfSSL_sk_X509_NAME_*` API's available in OPENSSL_EXTRA for use with `client_CA_list` API's.
2021-08-14 00:24:24 +02:00
Juliusz Sosinowicz
d4391bd997
Parse distinguished names in DoCertificateRequest
...
The CA names sent by the server are now being parsed in `DoCertificateRequest` and are saved on a stack in `ssl->ca_names`.
2021-08-14 00:24:08 +02:00
Juliusz Sosinowicz
647e007eea
Implement wolfSSL_set_client_CA_list and add 'HIGH' cipher suite
2021-08-14 00:24:08 +02:00
elms
b2380069f0
Merge pull request #4261 from dgarske/rsa_der_pub
2021-08-13 13:36:01 -07:00
Chris Conlon
ca06694bfb
Merge pull request #4282 from miyazakh/SSL_CIPHER_xx
...
Add SSL_CIPHER_get_xxx_nid support
2021-08-13 13:48:31 -06:00
Chris Conlon
5235b7d1e6
Merge pull request #4291 from miyazakh/PARAM_set1_ip
...
Add X509_VERIFY_PARAM_set1_ip support
2021-08-13 13:45:33 -06:00
TakayukiMatsuo
1acf64a782
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
2021-08-14 02:16:34 +09:00
David Garske
ec4e336866
Merge pull request #4299 from haydenroche5/evp_pkey_dec_enc_improvements
...
Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
2021-08-13 08:10:20 -07:00
David Garske
14bbf49118
Merge pull request #3726 from julek-wolfssl/openresty
...
Openresty
2021-08-13 08:06:46 -07:00
Juliusz Sosinowicz
59d04efee8
Missing API for libimobiledevice
2021-08-13 16:32:53 +02:00
Hayden Roche
3be13f7358
Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
...
- Handle case where output buffer is NULL. In this case, passed in output buffer
length pointer should be given the maximum output buffer size needed.
- Add better debug messages.
2021-08-12 18:46:15 -07:00
Juliusz Sosinowicz
7dea1dcd39
OpenResty 1.13.6.2 and 1.19.3.1 support
...
# New or Updated APIs
- wolfSSL_get_tlsext_status_type
- wolfSSL_X509_chain_up_ref
- wolfSSL_get0_verified_chain
- SSL_CTX_set_cert_cb
- SSL_certs_clear
- SSL_add0_chain_cert ssl_cert_add0_chain_cert
- SSL_add1_chain_cert ssl_cert_add1_chain_cert
- sk_X509_NAME_new_null
- SSL_CTX_set_cert_cb
- SSL_set0_verify_cert_store
- SSL_set_client_CA_list
# Other Changes
- Ignore gdbinit
- Add api.c tests for new API
- Add `WOLFSSL_X509_STORE* x509_store_pt` to `WOLFSSL`
- Add macro to select the `WOLFSSL` specific store when available and the associated `WOLFSSL_CTX` store otherwise. Calls to `ssl->ctx->cm` and `ssl->ctx->x509_store*` were replaced by macros.
- NO-OP when setting existing store
- Add reference counter to `WOLFSSL_X509_STORE`
- Cleanup MD5 redundant declarations
- WOLFSSL_ERROR may map to nothing so make assignment outside of it
- refMutex fields are excluded with SINGLE_THREADED macro
- Chain cert refactor
- Make `wolfSSL_add0_chain_cert` and `wolfSSL_add1_chain_cert` not affect the context associated with the SSL object
- `wolfSSL_CTX_add1_chain_cert` now updates the `ctx->certChain` on success and stores the cert in `ctx->x509Chain` for later free'ing
2021-08-12 23:58:22 +02:00
David Garske
8601c14f1c
Merge pull request #4297 from anhu/master
...
Fix a race condition in the benchmark example and …
2021-08-12 13:51:43 -07:00
David Garske
cccb8f940a
Merge pull request #4209 from julek-wolfssl/net-snmp
...
Add support for net-snmp
2021-08-12 13:06:21 -07:00
David Garske
96c223e585
Merge pull request #4288 from julek-wolfssl/get-date-from-cert
...
Add a test/example for parsing the date from a certificate
2021-08-12 12:52:52 -07:00
David Garske
93a1fe4580
Merge pull request #4205 from julek-wolfssl/wpas-include-extra-stuff
...
Include stuff needed for EAP in hostap
2021-08-12 11:17:23 -07:00
Chris Conlon
d4b0ec0705
Merge pull request #4290 from TakayukiMatsuo/general
...
Add wolfSSL_GENERAL_NAME_print
2021-08-12 09:51:28 -06:00
Anthony Hu
7c75b9836e
Changes to make Jenkins happy and reduce verbosity.
...
- added HAVE_PTHREAD guards
- usleep ---> XSLEEP_MS
- only print polling message if verbose output requested.
2021-08-12 11:13:15 -04:00
JacobBarthelmeh
5dff4dd4e0
Merge pull request #4280 from dgarske/caam_macros
...
Fixes for CAAM build macros and spelling
2021-08-12 19:19:31 +07:00
Juliusz Sosinowicz
e583d0ab76
SslSessionCacheOn -> SslSessionCacheOff
2021-08-12 13:52:25 +02:00
TakayukiMatsuo
517309724a
Add wolfSSL_GENERAL_NAME_print
2021-08-12 14:17:41 +09:00
Hideki Miyazaki
0b070166cb
addressed review comments
2021-08-12 10:44:07 +09:00
Hideki Miyazaki
4fa69c0a3a
addressed review comments
2021-08-12 07:41:24 +09:00
David Garske
9c3502bea9
Merge pull request #4285 from haydenroche5/alerts
...
During the handshake, make sure alerts are getting read on the client side in the event of an error.
2021-08-11 15:22:05 -07:00
David Garske
0a238483c1
Merge pull request #4296 from lealem47/fix-link
...
Fix broken link in examples/README.md
2021-08-11 15:21:43 -07:00
Chris Conlon
fc4e4eacba
Merge pull request #4292 from kojo1/evp
...
EVP_CIPHER_CTX_set_iv_length
2021-08-11 16:13:26 -06:00
Anthony Hu
586317f198
Fix a race condition in the benchmark example and all output goes to stderr.
2021-08-11 17:07:01 -04:00
David Garske
9bbb32c352
Merge pull request #4295 from haydenroche5/stunnel_key_gen
...
Turn on key generation for --enable-stunnel.
2021-08-11 11:17:30 -07:00
elms
d39b91de27
Merge pull request #4266 from dgarske/hexchar
2021-08-11 10:56:53 -07:00
Lealem Amedie
d4d225e33f
Fix broken link in examples/README.md
2021-08-11 10:49:38 -06:00
Juliusz Sosinowicz
dd4adacee8
Code review changes
2021-08-11 17:58:46 +02:00
elms
d487916557
Merge pull request #4279 from haydenroche5/pkcs12
...
Cleanups for PKCS8 and PKCS12 macros (always support parsing PKCS8 header)
2021-08-10 18:37:33 -07:00
Hayden Roche
65a00d9430
Turn on key generation for --enable-stunnel.
2021-08-10 17:14:06 -07:00
David Garske
0c74e18eaf
Fix early data max size handling. Fixes issue with size checking around wolfSSL_CTX_set_max_early_data and wolfSSL_set_max_early_data, which was checking against the padded size. Also was adding to the earlyDataSz and checking against it with un-padded data size. ZD 12632.
2021-08-10 16:32:41 -07:00
David Garske
b258321219
Fixes for misc.c to not be included unless required.
2021-08-10 16:11:22 -07:00
David Garske
df10152b54
Refactor hex char to byte conversions.
2021-08-10 12:07:41 -07:00
David Garske
fdb6c8141e
Merge pull request #4274 from haydenroche5/pyopenssl
...
Add support for pyOpenSSL.
2021-08-10 11:49:07 -07:00
Hayden Roche
fdc350fb52
Add a macro guard WOLFSSL_CHECK_ALERT_ON_ERR that has the client check for
...
alerts in the event of an error during the handshake.
2021-08-10 09:43:12 -07:00
Hayden Roche
ef5510cbcc
During the handshake, make sure alerts are getting read on the client side in
...
the event of an error.
2021-08-09 14:26:53 -07:00
David Garske
0e4b200df1
Merge pull request #4267 from elms/key_overflow
...
tls13: avoid buffer overflow with size check
2021-08-09 09:19:46 -07:00
JacobBarthelmeh
1a8109f77d
rename function parameter
2021-08-09 22:52:45 +07:00
David Garske
e698d08317
Merge pull request #4286 from douzzer/cryptocb-pedantic-c99
...
--enable-cryptocb CFLAGS='-std=c99 -pedantic'
2021-08-09 08:29:36 -07:00
Hideki Miyazaki
5c55be72ec
fix jenkins failure part2
2021-08-09 10:00:35 +09:00
Takashi Kojo
c0b085dd4a
EVP_CIPHER_CTX_set_iv_length
2021-08-08 14:49:28 +09:00
Hideki Miyazaki
cf9d5ea8b6
fix jenkins failure part2
2021-08-07 14:14:39 +09:00
Hideki Miyazaki
dbf0977ed0
fix fenkins failure
2021-08-07 11:42:03 +09:00
Hideki Miyazaki
a066c48f55
fix jenkins failure
2021-08-07 11:13:41 +09:00
Hideki Miyazaki
a851e13f1d
implemented X509_VERIFY_PARAM_set1_ip
2021-08-07 10:50:57 +09:00
David Garske
bd6b765b17
Merge pull request #4287 from ejohnstown/ac-upd
...
flags update
2021-08-06 16:22:15 -07:00
John Safranek
2c62880fd2
flags update
...
1. Fixed typo in ifdef for HAVE_ED448.
2. Fixed typos in comments in sha512.
3. Add include config.h to bio.c.
2021-08-06 11:28:20 -06:00
Juliusz Sosinowicz
b4131f355e
Add a test/example for parsing the date from a certificate
2021-08-06 14:51:57 +02:00
Daniel Pouzzner
1b2d57123f
tests/api.c: add missing (void) arg lists.
2021-08-05 15:30:33 -05:00
Daniel Pouzzner
6a92db7722
add overrideable HAVE_ANONYMOUS_INLINE_AGGREGATES macro, set to 0 or 1 in wolfcrypt/types.h, and use it to conditionalize feature usage in wolfcrypt/cryptocb.h.
2021-08-05 15:30:16 -05:00
David Garske
0df28083d3
Fixes for CAAM build macros and spelling.
2021-08-05 10:12:59 -07:00
Juliusz Sosinowicz
fab227411f
Free ECC cache per thread when used
2021-08-05 15:34:47 +02:00
JacobBarthelmeh
1e491993ca
add a2i_IPADDRESS
2021-08-05 16:53:36 +07:00
Hideki Miyazaki
67e773db91
implement SSL_CIPHER_xxxx
2021-08-05 09:42:55 +09:00
David Garske
5465d40ee3
Attempt to move asn.c RSA API defs into asn_public.h, since ASN is not in FIPS boundary.
2021-08-04 17:42:46 -07:00
David Garske
699728c70c
Fix for PKCS12 with NO_ASN.
2021-08-04 17:37:05 -07:00
Elms
d8a54e1a32
tls13: avoid buffer overflow with size check
...
For cases where a private key that is larger than the configured
maximum is passed.
2021-08-04 17:14:25 -07:00
Hayden Roche
35a33b2f00
Add support for pyOpenSSL.
...
pyOpenSSL needs the OpenSSL function X509_EXTENSION_dup, so this commit adds
that to the compatibility layer. It also needs to be able to access the DER
encoding of the subject alt names in a cert, so that's added as well.
2021-08-04 14:08:43 -07:00
David Garske
3e894a9804
Merge pull request #4277 from lealem47/ex-repo-link
...
Adding README.md to examples dir and links to examples github repo in…
2021-08-04 12:43:57 -07:00
David Garske
ed8edde9c4
Merge pull request #4264 from maximevince/zephyr-module-support
...
wolfSSL as a Zephyr module (without setup.sh)
2021-08-04 12:26:14 -07:00
Chris Conlon
fdbe3f0ff1
Merge pull request #4258 from miyazakh/evp_md_do_all
...
add EVP_MD_do_all and OBJ_NAME_do_all support
2021-08-04 12:17:27 -06:00
David Garske
333aa9f24b
Merge pull request #4269 from JacobBarthelmeh/PKCS7
...
sanity check on pkcs7 stream amount read
2021-08-04 06:41:50 -07:00
JacobBarthelmeh
d39893baa0
add ctx set msg callback
2021-08-04 16:49:01 +07:00
JacobBarthelmeh
b1212ff979
set the default number of tickets to 1
2021-08-04 14:40:17 +07:00
Chris Conlon
f1377ed861
Merge pull request #4215 from lealem47/Md2HashTest
...
Added wc_Md2Hash() unit testing to test.c
2021-08-03 16:51:05 -06:00
Chris Conlon
d64768abff
Merge pull request #4265 from miyazakh/ecc_pubkey
...
update der size in actual length
2021-08-03 16:41:36 -06:00
David Garske
b3c502890c
Merge pull request #4263 from kabuobeid/x509StoreWpas
...
Fix x509_store_p compilation error in WOLFSSL_CERT_MANAGER when defining WOLFSSL_WPAS_SMALL without OPENSSL_EXTRA.
2021-08-03 15:27:11 -07:00
David Garske
45eddc68e2
Fix to always support parsing of the PKCS8 header. Improved macro logic for PKCS8 and PKCS12. Added --disable-pkcs8 option. Fix to enable PWDBASED and PKCS8 if PKCS12 is enabled.
2021-08-03 14:45:45 -07:00
Juliusz Sosinowicz
67ee3ddb0f
Set explicit conversion
2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz
3b366d24f2
Rebase fixes
2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz
c7a6b17922
Need to free ecc cache
2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz
51b6c413d3
For Windows API socklen_t = int
2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz
2bbd04f10f
Implement BIO_new_accept and BIO_do_accept
2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz
8b4345734e
net-snmp support patch
2021-08-03 19:28:53 +02:00
David Garske
9aa528d19d
Merge pull request #4165 from haydenroche5/ntp
...
Make changes to support port of NTP from OpenSSL to wolfSSL.
2021-08-03 09:16:26 -07:00
Juliusz Sosinowicz
2cd499d2df
Refactor session cache on checking into function
2021-08-03 17:52:50 +02:00
Juliusz Sosinowicz
46b061c7bc
Include stuff needed for EAP in hostap
...
Patch that includes the API needed for EAP in hostapd and wpa_supplicant
2021-08-03 17:52:50 +02:00
Hayden Roche
ba7b1d3be0
Only compile in PKCS12 code if PKCS8 is also compiled in.
2021-08-03 07:09:34 -07:00
Maxime Vincent
ea6f81cc54
Move zephyr/include.am to toplevel Makefile.am
2021-08-03 09:43:03 +02:00
Lealem Amedie
0722fb56d8
Adding README.md to examples dir and links to wolfssl-examples github repo in client/server.c
2021-08-02 20:27:41 -06:00
Hayden Roche
dc7ae37f7a
Make changes to support port of NTP from OpenSSL to wolfSSL.
2021-08-02 13:33:18 -07:00
David Garske
9f6a963c60
Merge pull request #4262 from haydenroche5/libssh2
...
Add support for libssh2.
2021-08-02 11:29:54 -07:00
David Garske
9600d533c1
Merge pull request #4268 from JacobBarthelmeh/ECC
...
fix for memset with small stack
2021-08-02 09:53:21 -07:00
JacobBarthelmeh
2479346f5c
add set num tickets compat function
2021-08-02 23:47:53 +07:00
John Safranek
a5b55344b1
Merge pull request #2760 from kojo1/EVP-test
...
additional test on EVP_CipherUpdate/Final
2021-08-02 09:23:00 -07:00
Chris Conlon
96e4970258
Merge pull request #4271 from TakayukiMatsuo/shake
...
Add support for EVP_shake128/256
2021-08-02 09:40:36 -06:00
Maxime Vincent
f932736f23
Fix include.am / EXTRA_DIST
2021-08-02 16:44:07 +02:00
Hayden Roche
279b0facb5
Add support for libssh2.
2021-08-02 05:54:08 -07:00
TakayukiMatsuo
0dc98b8299
Add support for EVP_shake128/256
2021-08-02 13:00:31 +09:00
Hideki Miyazaki
b27b4768ae
fix jenkins failure
2021-07-31 18:26:07 +09:00
Jacob Barthelmeh
293755917e
sanity check on pkcs7 stream amount read
2021-07-30 22:11:45 +07:00
Jacob Barthelmeh
725f95364d
fix for memset with small stack
2021-07-30 20:42:48 +07:00
Hideki Miyazaki
447705a2cb
fix jenkins failure
2021-07-30 10:21:16 +09:00
Takashi Kojo
bad9a973b4
remove hard tabs and other minor fixes
2021-07-30 07:07:40 +09:00
Takashi Kojo
297ae23521
additional test on EVP_CipherUpdate/Final
2021-07-30 06:50:01 +09:00
John Safranek
a802c270e1
Merge pull request #4260 from dgarske/dep_rc4
...
RC4 Cipher Deprecation
2021-07-29 10:26:11 -07:00
John Safranek
07e0c60ce1
Merge pull request #4259 from dgarske/cleanups
...
Cleanups for memory docs and Arduino
2021-07-29 10:16:43 -07:00
John Safranek
2e415ccaed
Merge pull request #4243 from SparkiDev/ecc_large_mul
...
ECC: ecc point multiply doesn't handle large multipliers
2021-07-29 09:30:09 -07:00
David Garske
c69d6d2491
Added public API wc_RsaKeyToPublicDer_ex to allow getting RSA public key without ASN.1 header (can return only seq + n + e). Related to PR #4068 . Cleanup documentation for RSA and wolfIO. Consolidate duplicate code in wc_RsaPublicKeyDerSize.
2021-07-29 09:27:50 -07:00
John Safranek
6f2853ef28
Merge pull request #4251 from dgarske/openssl_all
...
Fixes for edge case builds with openssl all
2021-07-29 08:58:22 -07:00
David Garske
9df4312c4e
Merge pull request #3823 from per-allansson/checkaltname-fix
...
wolfSSL_X509_check_ip_asc/CheckForAltName fixes
2021-07-29 08:08:06 -07:00
Hideki Miyazaki
2b43052f36
update pkey sz in actual length
2021-07-29 23:28:10 +09:00
Maxime Vincent
7acbf61e53
zephyr: fix CMakeLists.txt
2021-07-29 12:36:34 +02:00
Maxime Vincent
3f802d19e4
Update zephyr/README.md
2021-07-29 12:16:05 +02:00
Maxime Vincent
7532ac530a
Remove IDE/zephyr/include.am from IDE/include.am for now
2021-07-29 12:03:40 +02:00
Maxime Vincent
9d562a59bc
wolfSSL as a Zephyr module
2021-07-29 11:58:13 +02:00
Hideki Miyazaki
e333632ad0
add obj_name_do_all
2021-07-29 14:37:10 +09:00
Hideki Miyazaki
2abf23cbc9
fix jenkins failure
2021-07-29 09:03:38 +09:00
Hideki Miyazaki
b2b5d4e603
add evp_md_do_all
2021-07-29 08:59:26 +09:00
David Garske
0ec848e2bd
Merge pull request #4255 from SparkiDev/afalg_msg_fix
...
AF_ALG: fix debug messages
2021-07-28 16:40:09 -07:00
Kareem
85521c2a74
Fix x509_store_p compilation error in WOLFSSL_CERT_MANAGER when defining WOLFSSL_WPAS_SMALL without OPENSSL_EXTRA.
2021-07-28 14:50:08 -07:00
Lealem Amedie
71cf55a947
Added wc_Md2Hash() unit testing to test.c
2021-07-28 13:45:02 -06:00
David Garske
2c1fed8262
Fixes for edge case builds with openssl all. Improvements to the test_wolfSSL_PKCS8_d2i. Allow forceful disable of OCSP with ./configure --enable-opensslall --disable-ocsp.
2021-07-28 12:32:08 -07:00
David Garske
50ae93071d
Merge pull request #4237 from kabuobeid/dupSSL
...
Fix missing CBIOSend and properly guard hmac in DupSSL().
2021-07-28 10:50:17 -07:00
David Garske
27b96753e2
Disable RC4 unless forcefully enabled with --enable-rc4 or if WOLFSSL_ALLOW_RC4 is specified. Related to issue #4248
2021-07-28 10:31:15 -07:00
David Garske
c29a373308
Cleanups for Arduino examples. Resolves PR #3126
2021-07-28 09:50:37 -07:00
John Safranek
1b13eef354
Merge pull request #4254 from dgarske/zd12681
...
Sniffer fix for possible math issue around 64-bit pointer and 32-bit unsigned int
2021-07-28 09:16:57 -07:00
David Garske
8376a2adc2
Improved memory documentation and examples. Resolves PR #3834 .
2021-07-28 09:03:40 -07:00
Per Allansson
c41f10e708
CheckForAltNames fixes
...
- Missing conversion from char to unsigned char caused any IP
address with a byte > 127 to be wrong
- IPv6 address was converted to wrong format XX:YY:...
(which also caused a buffer overrun)
- Anything that is not an IPv4 or IPv6 address should be ignored
2021-07-28 09:46:33 +02:00
Per Allansson
4da7fbb654
tests: use different IPv4 address in + add IPv6 SAN to generated cert
2021-07-28 09:36:21 +02:00
Sean Parkinson
0d0dfc3f5e
Merge pull request #4238 from dgarske/xc32
...
Fixes for building with Microchip XC32 and ATECC
2021-07-28 09:33:01 +10:00
Sean Parkinson
f404107330
AF_ALG: fix debug messages
2021-07-28 09:30:07 +10:00
David Garske
3ea22ffa32
Remove use of assert (replace with soft failures). Note: Session hash will always return value < HASH_SIZE.
2021-07-27 12:07:08 -07:00
David Garske
3abb2b86d6
Fix possible issues with math around 64-bit pointer and unsigned int (32-bit). ZD 12681
2021-07-27 12:05:37 -07:00
Chris Conlon
2dac9a2a81
Merge pull request #4228 from miyazakh/EVP_blake2xx
...
add EVP_blake2 compatibility layer API
2021-07-27 11:45:37 -06:00
David Garske
d49d8a9286
Merge pull request #4204 from SparkiDev/ecies_sec1
...
ECIES: SEC.1 and ISO 18033 support
2021-07-27 09:43:53 -07:00
John Safranek
4f1d30d0db
Merge pull request #4249 from dgarske/ecc_heap
...
Fix for `wc_ecc_ctx_free` and heap hint
2021-07-27 09:31:01 -07:00
David Garske
917fdfbaf7
Peer review fix (second try)
2021-07-27 08:20:22 -07:00
David Garske
f1209367d9
Peer review fix for undef. Cleanup wc_ecc_check_key return code.
2021-07-27 08:20:22 -07:00
David Garske
a92f03a11e
Fixes for building with Microchip XC32 and ATECC.
2021-07-27 08:20:20 -07:00
JacobBarthelmeh
f3cb8e4ada
Merge pull request #4252 from douzzer/gcc-11-fix-pedantic-fallthrough
...
fix FALL_THROUGH for gcc-11 -pedantic
2021-07-27 22:07:01 +07:00
JacobBarthelmeh
3ecd7262b7
Merge pull request #4236 from kabuobeid/serialSz
...
Fix signed comparison issue with serialSz.
2021-07-27 13:54:38 +07:00
John Safranek
8c63701577
Merge pull request #4247 from SparkiDev/dhp_to_der_fix
...
OpenSSL API: DH params to der
2021-07-26 17:00:34 -07:00
Sean Parkinson
31dde4706e
ECIES: Support SEC 1 and ISO 18033
...
Default is SEC 1.
To use old ECIES implementation: --enable-eccencrypt=old or define
WOLFSSL_ECIES_OLD
To use ISO-18033 implememtation: --enable-eccencrypt=iso18033 or
define WOLFSSL_ECIES_ISO18033
Support passing NULL for public key into wc_ecc_decrypt().
Support not having public key in privKey passed into wc_ecc_encrypt() -
public key is calculated and stored in priKey.
Add decrypt KAT test for ECIES.
2021-07-27 09:30:53 +10:00
David Garske
55029acc84
Merge pull request #4244 from SparkiDev/config_fix_4
...
Configuration: fixes for uncommon configurations
2021-07-26 10:32:32 -07:00
Daniel Pouzzner
af3a10ed83
wolfcrypt/types.h: fix FALL_THROUGH macro to work warning-free on gcc-11.
2021-07-26 12:08:56 -05:00
David Garske
28e8f02525
Fix for wc_ecc_ctx_free and heap hint. Fixes #4246 .
2021-07-26 09:56:29 -07:00
JacobBarthelmeh
028c056c55
Merge pull request #4213 from lealem47/leakFixes
...
Addressing possible leaks in ssl.c and api.c
2021-07-26 23:32:19 +07:00
Chris Conlon
ce7e1ef94a
Merge pull request #4230 from douzzer/configure-max-bits-and-ex-data
...
configure options for max rsa/ecc bits and ex_data
2021-07-26 09:27:20 -06:00
Sean Parkinson
7d5271ed71
OpenSSL API: DH params to der
...
Fix calculation of length of encoding in ssl.c.
Fix encoding to check proper length in asn.c.
Fix tests to check for correct value (api.c).
2021-07-26 22:47:46 +10:00
Sean Parkinson
ec6ffb0583
Configuration: fixes for uncommon configurations
...
./configure --enable-all --disable-filesystem
./configure --enable-all CC=g++ --enable-intelasm
2021-07-26 16:34:20 +10:00
Sean Parkinson
da0fd5c6cf
Merge pull request #4235 from JacobBarthelmeh/Docs
...
update mention of report to include CVE number and last names
2021-07-26 15:01:30 +10:00
JacobBarthelmeh
27c49b1673
Merge pull request #4075 from julek-wolfssl/bind-dns
...
Bind 9.17.9 and 9.11.22 Support
2021-07-26 11:24:57 +07:00
Sean Parkinson
6cb4f0fe08
ECC: ecc point multiply doesn't handle large multipliers
...
Detect large multiplier and return error.
2021-07-26 09:34:56 +10:00
Daniel Pouzzner
494e285cf1
configure.ac: add --with-max-rsa-bits, --with-max-ecc-bits, and --enable-context-extra-user-data[=#]; untabify and otherwise clean up whitespace; tweak api.c, ecc.h, rsa.h, and settings.h, for compatibility with new options.
2021-07-23 22:02:58 -05:00
Daniel Pouzzner
cbb013ca11
wolfssl/test.h: in wolfsentry_*(), correctly use WOLFSENTRY_MASKIN_BITS(), not WOLFSENTRY_CHECK_BITS(), to test for setness of bits.
2021-07-23 22:02:58 -05:00
Kareem
671147549f
Fix missing CBIOSend and properly guard hmac in DupSSL().
2021-07-23 12:11:30 -07:00
Kareem
8bd304e4c5
Fix signed comparison issue with serialSz.
2021-07-23 11:15:40 -07:00
kabuobeid
3bb2d55257
Merge pull request #4233 from JacobBarthelmeh/fuzzing
...
fix memory leak with SMIME
2021-07-23 10:26:02 -07:00
John Safranek
e8d636771f
Merge pull request #4231 from haydenroche5/des3-iv-fips
...
Use correct DES IV size when using FIPS v2.
2021-07-23 09:38:56 -07:00
Juliusz Sosinowicz
8ee9024da9
More rebase fixes
2021-07-23 18:22:46 +02:00
Juliusz Sosinowicz
23cff71bbf
Second wc_EccPrivateKeyDecode not needed now that it supports PKCS8
2021-07-23 18:14:54 +02:00
Juliusz Sosinowicz
9f7aa32662
Fix merge conflict resolution in ECC_populate_EVP_PKEY
2021-07-23 18:14:54 +02:00
Juliusz Sosinowicz
10168e093a
Rebase fixes
2021-07-23 18:14:54 +02:00
Juliusz Sosinowicz
c7d6e26437
Fix DSA signature length
...
The length of the DSA signature is 40 bytes for N=160 but 64 bytes for N=256. New enum values are added for better clarity.
2021-07-23 18:14:18 +02:00
Juliusz Sosinowicz
142ff6d885
Bind 9.11.22
2021-07-23 18:14:18 +02:00
Juliusz Sosinowicz
553c930ecb
dot system test passed
2021-07-23 18:14:18 +02:00
Juliusz Sosinowicz
763aa9b66d
Fix race condition with RsaKey
...
When RsaKey is shared and RsaPublicEncryptEx is called simultaneously by multiple threads, the key->state may be incorrectly set in some threads. This side-steps the state logic when building for bind9.
2021-07-23 18:14:18 +02:00
Juliusz Sosinowicz
69948b3648
WIP
2021-07-23 18:14:18 +02:00
Juliusz Sosinowicz
06ebcca913
Code review and mp_int memory leak fixes
2021-07-23 18:14:18 +02:00
Juliusz Sosinowicz
b4fd737fb1
Bind 9.17.9 Support
...
- Add `--enable-bind` configuration option
- New compatibility API:
- `RSA_get0_crt_params`
- `RSA_set0_crt_params`
- `RSA_get0_factors`
- `RSA_set0_factors`
- `RSA_test_flags`
- `HMAC_CTX_get_md`
- `EVP_MD_block_size`
- `EC_KEY_check_key`
- `o2i_ECPublicKey`
- `DH_get0_key`
- `DH_set0_key`
- Calling `EVP_MD_CTX_cleanup` on an uninitialized `EVP_MD_CTX` structure is no longer an error
- `DH_generate_parameters` and `DH_generate_parameters_ex` has been implemented
2021-07-23 18:14:12 +02:00
David Garske
9f99253a8b
Merge pull request #4219 from SparkiDev/math_neg_mod_2d
...
Maths: mp_mod_2d supports negative value now
2021-07-23 08:40:56 -07:00
David Garske
2372ea45fb
Merge pull request #4229 from SparkiDev/ssl_reorg_4
...
Reorg of ssl.c: CONF, BIO, RAND and EVP_CIPHER
2021-07-23 07:45:30 -07:00
David Garske
92b1f233c9
Merge pull request #4234 from SparkiDev/g++_fix_2
...
C++ fix: cast from void* to X509_OBJECT*
2021-07-23 07:45:05 -07:00
Jacob Barthelmeh
b80d14a872
update mention of report to include CVE number and last names
2021-07-23 21:38:58 +07:00
JacobBarthelmeh
e130da181b
Merge pull request #4232 from SparkiDev/small_build_fixes
...
Small configurations: get compiling
2021-07-23 14:20:56 +07:00
Sean Parkinson
94373781b2
C++ fix: cast from void* to X509_OBJECT*
2021-07-23 14:56:38 +10:00
Jacob Barthelmeh
f2852dad4a
fix memory leak with SMIME
2021-07-23 10:38:11 +07:00
Sean Parkinson
9452c22653
Small configurations: get compiling
...
./configure --enable-psk -disable-rsa --disable-dh -disable-ecc
--disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --disable-coding
--disable-filesystem CFLAGS=-DNO_WOLFSSL_SERVER
./configure --enable-psk -disable-rsa --disable-dh -disable-ecc
--disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --disable-coding
--disable-filesystem CFLAGS=-DNO_WOLFSSL_CLIENT
2021-07-23 11:55:08 +10:00
Hayden Roche
ec180f3901
Use correct DES IV size when using FIPS v2.
2021-07-22 18:17:41 -07:00
Sean Parkinson
715a8303d2
Reorg of ssl.c: CONF, BIO, RAND and EVP_CIPHER
...
Remove whitespace at end of lines in ssl.c.
2021-07-23 09:55:07 +10:00
David Garske
ab226e1a73
Merge pull request #4212 from SparkiDev/sp_c_perf
...
SP C: change number of words for RSA/DH
2021-07-22 09:33:51 -07:00
Sean Parkinson
d372f097f7
SP C: change number of words for RSA/DH
...
Faster small code and fast code.
Allow fixed 4096-bit FFDHE parameters in benchmark.
Convert [u]int[32|64|128]*_t types to sp_[u]int[32|64|128].
Add a div for when top bits are all 1
WOLFSSL_SP_FAST_LARGE_CODE added to make mul_add function faster on
non-embedded platforms.
Change mod_exp window sizes for same performance but less memory.
P256 with c32 now 9 words instead of 10.
2021-07-22 13:12:31 +10:00
Hideki Miyazaki
6a3ff81f2d
use EVP_get_digestbyname
2021-07-22 08:17:55 +09:00
Hideki Miyazaki
b4c61b4df9
add EVP_blake2xyyy
2021-07-22 08:17:54 +09:00
Chris Conlon
ffd69f6426
Merge pull request #4141 from kaleb-himes/FIPS_ANDROID_v454
...
Changes to support Android app with wolfCrypt module v4.5.4
2021-07-21 11:23:42 -06:00
Chris Conlon
c544c19013
Merge pull request #4227 from miyazakh/ERR_lib_error_string
...
add ERR_lib_error_string compatibility layer API
2021-07-21 11:19:29 -06:00
JacobBarthelmeh
83c6688bee
Merge pull request #4135 from dgarske/evp_set1_eckey
...
Fixes for handling PKCS8 ECC key with EVP PKEY
2021-07-22 00:17:11 +07:00
Chris Conlon
49a6c19069
Merge pull request #4216 from dgarske/cube_4.8.0
...
Improvements to the ST Cube pack configuration template
2021-07-21 11:16:33 -06:00
David Garske
2177430b8d
Merge pull request #4224 from JacobBarthelmeh/Release
...
update docs for 4.8.1
2021-07-21 09:00:42 -07:00
David Garske
73ad0315ce
Merge pull request #4226 from douzzer/valgrind-fixes-20210720
...
fixes for valgrind-detected leaks and undefined data accesses
2021-07-21 08:43:00 -07:00
David Garske
ede738b6e4
Merge pull request #4223 from SparkiDev/mem_usage_fixes_1
...
Memory allocation: fixes from memory usage generation
2021-07-21 08:20:09 -07:00
Hideki Miyazaki
b76d44dad9
add ERR_lib_error_string
2021-07-21 10:31:00 +09:00
Sean Parkinson
dc19ba2aa7
Memory allocation: fixes from memory usage generation
...
1. Configuration: If not fast math then don't set ALT_ECC_SIZE when
configuring.
2. ECC KeyShare: Key share entry's key was allocated with type
DYNAMIC_TYPE_PRIVATE_KEY, free with same type.
3. Ed25519: free the SHA-512 temporary object. WOLFSSL_SMALL_STACK_CACHE
builds have dynamicaly allocated data.
4. RSA: Don't keep allocating a new hash object in RsaMGF1 when compiled
with WOLFSSL_SMALL_STACK_CACHE.
2021-07-21 09:54:11 +10:00
Daniel Pouzzner
2014d39254
fixes for valgrind-detected leaks and undefined data accesses: wolfSSL_{SHA*,MD5}_Final (OpenSSL compat wrappers): call wc_*Free() on sha state that otherwise leaks when _SMALL_STACK_CACHE; test_wc_curve25519_shared_secret_ex(): properly initialize public_key.
2021-07-20 18:26:05 -05:00
Sean Parkinson
60288a5083
Merge pull request #4222 from TakayukiMatsuo/tk12625
...
SSL APIs: Add sanity check to some APIs
2021-07-21 09:00:03 +10:00
David Garske
f18344c191
Fix logic error for calculation of PKCS header size in wolfSSL_i2d_PUBKEY.
2021-07-20 15:11:32 -07:00
JacobBarthelmeh
aedd2a33db
Merge pull request #4221 from douzzer/sanitizer-fixes-20210719
...
misc sanitizer fixes etc
2021-07-21 00:40:09 +07:00
David Garske
1a7c8ccbd1
Peer review fixes.
2021-07-20 10:02:16 -07:00
David Garske
762b384be2
Fixes for -pedantic errors.
2021-07-20 10:02:16 -07:00
David Garske
be6fd26f54
Fix for backwards compatibility for i2d_PrivateKey.
2021-07-20 10:02:16 -07:00
David Garske
b344246549
Fix the new PKCS8 header check in wc_CreatePKCS8Key to use the right input buffer.
2021-07-20 10:02:16 -07:00
David Garske
b8ed577e9a
Peer review fixes and improvements. Resolves issue with public API compatibility.
2021-07-20 10:02:16 -07:00
David Garske
fd52424dd5
Improvements to PKCS8 handling.
...
* Fixes for handling PKCS8 in keys with EVP PKEY. Resolves QT test issues. Replacement to PR #3925 .
* Improved code handling for PKCS 8 headers. Change PemToDer to not strip the PKCS8 header.
* Add support in the ECC/RSA/DH key import code to support detection / handling of the PKCS8 header.
* Fix for `wc_RsaKeyToDer` to be exposed with `OPENSSL_EXTRA`.
* Adds EVP PKCS8 test case for RSA and ECC.
* Refactor `test_wolfSSL_OPENSSL_hexstr2buf` to resolve g++ compiler warning.
* Added new `WOLFSSL_TRAP_MALLOC_SZ` build option to trap mallocs that are over a specified size.
2021-07-20 10:02:16 -07:00
David Garske
673becee74
Merge pull request #4210 from JacobBarthelmeh/Testing
...
handle edge case of input buffer malloc'd to location immediately aft…
2021-07-20 09:56:27 -07:00
Jacob Barthelmeh
932abbb6e6
update docs for 4.8.1
2021-07-20 21:20:15 +07:00
JacobBarthelmeh
4cdbe0e23e
Merge pull request #4207 from haydenroche5/sblim-sfcb
...
Add support for sblim-sfcb port.
2021-07-20 20:41:46 +07:00
JacobBarthelmeh
38fd577ded
Merge pull request #4218 from SparkiDev/sp_ecc_add_dbl
...
SP: ecc proj add point, dbl point fix
2021-07-20 18:57:48 +07:00
JacobBarthelmeh
35a0258f47
Merge pull request #4220 from SparkiDev/ecc_neg_string
...
ECC: where reading strings, check for neg (invalid)
2021-07-20 18:56:00 +07:00
Sean Parkinson
ed6e173fc3
Maths: mp_mod_2d supports negative value now
...
SRP: don't clear an mp_int that hasn't been initialized
2021-07-20 18:33:55 +10:00
TakayukiMatsuo
f630fded44
Add sanity check to some APIs
2021-07-20 13:23:16 +09:00
Daniel Pouzzner
a43cc4ebfa
openssl/sha.h: enlarge WOLFSSL_SHA384_CTX.holder to accommodate wc_Sha512.{devId,devCtx}.
2021-07-19 21:41:15 -05:00
Daniel Pouzzner
fe94c36a7b
configure.ac: fix wrong constructions in environment setup for ENABLED_REPRODUCIBLE_BUILD.
2021-07-19 18:31:13 -05:00
Hayden Roche
5507a07563
Add support for sblim-sfcb port.
2021-07-19 16:28:44 -07:00
Daniel Pouzzner
f8d1befdff
autogen.sh: leave .git/hooks/pre-{commit,push} alone unless they don't exist, to allow for local ecosystem-dependent customizations of the hooks.
2021-07-19 16:31:22 -05:00
Daniel Pouzzner
4df6fb74b0
fix sanitizer-detected uninitialized/null data accesses: wc_SrpComputeKey(), XChaCha20Poly1305_test().
2021-07-19 16:29:43 -05:00
John Safranek
77c9b36b5a
Merge pull request #4181 from dgarske/sniffer_keycb
...
Sniffer fixes and new sniffer key callback support
2021-07-19 13:26:17 -07:00
JacobBarthelmeh
020e23783b
Merge pull request #4180 from kaleb-himes/DEFAULT_CA_BOOL
...
Fix basic constraints extension present and CA Boolean not asserted
2021-07-19 23:08:27 +07:00
Sean Parkinson
5b621cf039
ECC: where reading strings, check for neg (invalid)
2021-07-19 22:58:07 +10:00
Sean Parkinson
d45e78b715
SP: ecc proj add point, dbl point fix
...
Set infinity field of points.
2021-07-19 12:45:52 +10:00
David Garske
bbe47a81b7
Merge pull request #4183 from douzzer/ED-streaming-verify
...
add streaming API to the ED verify routines
2021-07-18 14:12:42 -07:00
Daniel Pouzzner
186ff2b365
make -DNO_ED25519_KEY_{IMPORT,EXPORT} buildable, and fix api.c and suites.c so that -DNO_ED*_KEY_{IMPORT,EXPORT} pass make check.
2021-07-16 23:07:28 -05:00
Daniel Pouzzner
ac92204c15
make -DNO_ED448_KEY_{IMPORT,EXPORT} buildable
2021-07-16 18:21:30 -05:00
Daniel Pouzzner
785a8f83ed
evp.c: fixes in wolfSSL_EVP_CIPHER_CTX_ctrl() from peer review.
2021-07-16 17:52:28 -05:00
David Garske
070ca6c34d
Fixes to properly support sniffer with secure renegotiation.
2021-07-16 14:48:22 -07:00
Daniel Pouzzner
c97eff6e61
evp.c: add missing checks and logic in wolfSSL_EVP_CIPHER_CTX_ctrl(), and fix api.c:test_IncCtr() to exercise wolfSSL_EVP_CIPHER_CTX_ctrl() with EVP_CTRL_GCM_IV_GEN using an AES cipher, with thanks to Juliusz.
2021-07-16 15:30:23 -05:00
Daniel Pouzzner
05128968f6
fixes for null pointer accesses detected by clang sanitizer. also, gate SuiteTest() on !NO_WOLFSSL_CIPHER_SUITE_TEST in tests/unit.c, greatly reducing time to completion when not debugging cipher suites.
2021-07-16 13:49:47 -05:00
Daniel Pouzzner
5e8da2348f
ED: add --enable-ed25519-stream and --enable-ed448-stream to configure.ac, disabled by default, and add them to --enable-all and --enable-all-crypto lists, along with --enable-aesgcm-stream; report AES-GCM and ED* streaming API options in feature summary rendered at end;
...
refactor ED routines to pivot on WOLFSSL_ED*_PERSISTENT_SHA and WOLFSSL_ED*_STREAMING_VERIFY macros, with sha state in the key struct only when WOLFSSL_ED*_PERSISTENT_SHA, otherwise on the stack as before;
add ed*_hash_init() and ed*_hash_free() local helpers;
ED* peer review: fix line lengths, remove superfluous retval checks, tweaks for efficiency, and add ED448_PREHASH_SIZE to ed448.h.
2021-07-16 13:49:47 -05:00
Daniel Pouzzner
9b43e57ccf
ED: add streaming API to the ED verify routines: wc_ed*_verify_msg_init(), wc_ed*_verify_msg_update(), wc_ed*_verify_msg_final();
...
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;
track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;
add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;
add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.
add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;
add macro asserts near top of ed*.h to assure the required hash functions are available;
fix {NO,HAVE}_ED*_{SIGN,VERIFY};
wolfcrypt/test/test.c: add missing key initializations in ed*_test();
wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
2021-07-16 13:49:47 -05:00
David Garske
fe77e29ba0
Fix for SNI refactor handling of return codes. Fix for possible use of NULL on client array.
2021-07-16 11:23:20 -07:00
kaleb-himes
f408eeb5bb
Implement peer review suggestions
2021-07-16 09:57:11 -06:00
Lealem Amedie
73323e694f
Addressing possible leaks in ssl.c and api.c
2021-07-16 09:48:06 -06:00
JacobBarthelmeh
b9c707511b
Merge pull request #4211 from SparkiDev/ocsp_no_check
...
OCSP: improve handling of OCSP no check extension
2021-07-16 16:06:41 +07:00
Sean Parkinson
f93083be72
OCSP: improve handling of OCSP no check extension
2021-07-16 12:19:39 +10:00
Sean Parkinson
8e6c31b15d
ECC bench: can't use SAKKE curve with ECDH/ECDSA
...
Skip curve benchmarking when all curves are being benchmarked.
2021-07-16 12:06:14 +10:00
Sean Parkinson
af98e64b88
Merge pull request #4208 from dgarske/leaks
...
Fixes for possible leaks with ECCSI and DH test
2021-07-16 08:59:11 +10:00
David Garske
8a8b315ed8
Improvements to the ST Cube pack configuration template.
2021-07-15 14:02:56 -07:00
Jacob Barthelmeh
12a4517d6b
handle edge case of input buffer malloc'd to location immediately after output buffer
2021-07-15 22:38:48 +07:00
David Garske
6c3c635be7
Merge pull request #4206 from julek-wolfssl/remove-api
2021-07-15 06:41:00 -07:00
JacobBarthelmeh
6a0809b53b
Merge pull request #4185 from guidovranken/fix-gh-issue-4184
...
Fix compilation failure with WOLFSSL_PUBLIC_ECC_ADD_DBL
2021-07-15 16:19:30 +07:00
JacobBarthelmeh
fc6aa19eb8
Merge pull request #4200 from haydenroche5/tcpdump
...
Add support for tcpdump with wolfSSL.
2021-07-15 14:57:47 +07:00
JacobBarthelmeh
6458a8cedd
Merge pull request #4187 from SparkiDev/sp_math_mod_red_fix
...
SP math: montgomery reduction edge case
2021-07-15 14:33:26 +07:00
Sean Parkinson
2959902a10
TLS 1.3: ability to turn peek change off
...
Allow post-handshake peeking for handshaking messages to be disabled.
Not all customers want to handle this.
Clear WOLFSSL_ERROR_WANT_READ error on entry to ReceiveData which was
set when peeking found handshake message.
2021-07-15 10:14:13 +10:00
David Garske
fbbb290d9e
Fixes for possible leaks with HAVE_WOLF_BIGINT used by async in ECCSI and DH test. Fixes for GCC -fsanitize=address with --enable-all.
2021-07-14 14:57:32 -07:00
David Garske
3ff21171cb
Fix for secure renegotiation, which was not keeping handshake resources. Added NULL checks for case where handshake resources might be free'd to prevent possible use of NULL. Refactor the SNI client hello processing to not assume TLS header is in prior buffer (not there for decrypted handshake packets).
2021-07-14 10:44:33 -07:00
John Safranek
f82fd01283
Merge pull request #4202 from JacobBarthelmeh/BuildOptions
...
fix for build with wpas and disable tls13
2021-07-14 09:07:08 -07:00
JacobBarthelmeh
b5eef78cdb
Merge pull request #4176 from SparkiDev/sp_math_read_bin_max
...
SP math all: allow reading of bin up to max digit size
2021-07-14 16:03:32 +07:00
JacobBarthelmeh
18399091ce
Merge pull request #4012 from julek-wolfssl/haproxy
...
HaProxy 2.4-dev18 support
2021-07-14 15:46:04 +07:00
Daniel Pouzzner
81f3f417e8
Merge pull request #4190 from SparkiDev/bench_sakke_ecdsa
...
ECC bench: can't use SAKKE curve with ECDH/ECDSA
2021-07-13 15:39:25 -05:00
David Garske
10987a69d7
Merge pull request #4201 from JacobBarthelmeh/Release
...
bump version for dev
2021-07-13 11:41:51 -07:00
JacobBarthelmeh
0d55dcaaa0
Merge pull request #4188 from guidovranken/mp_invmod_slow-check
...
Add missing return value check in mp_invmod_slow
2021-07-14 01:27:10 +07:00
Jacob Barthelmeh
3f22721a86
use version from wolfssl/version.h with driver
2021-07-13 22:39:39 +07:00
Jacob Barthelmeh
2592a04d8a
fix for build with wpas and disable tls13
2021-07-13 15:49:40 +07:00
Jacob Barthelmeh
3bebcaaf54
bump version for dev
2021-07-13 04:18:52 +07:00
John Safranek
52b8c7b1fa
Merge pull request #4192 from haydenroche5/ocsp_http_header
...
Improve wolfIO_HttpProcessResponse HTTP header checking logic.
2021-07-12 14:13:07 -07:00
Hayden Roche
9f8e728672
Add support for tcpdump with wolfSSL.
2021-07-12 14:06:25 -07:00
David Garske
db32570ab3
Fix for missing sp_radix_size with WC_MP_TO_RADIX.
2021-07-12 13:40:55 -07:00
John Safranek
add4a68465
Merge pull request #4199 from JacobBarthelmeh/Certs
...
Lighttpd build fix and gencertbuf on updated ed25519 certs
2021-07-12 09:15:50 -07:00
Jacob Barthelmeh
851c1fe1cf
fix for lighttpd build
2021-07-12 16:25:50 +07:00
Jacob Barthelmeh
2f9af5f753
gencertbuf on updated ed25519 certs
2021-07-12 14:31:03 +07:00
John Safranek
30baa83a0b
Merge pull request #4198 from douzzer/fix-linuxkm-for-v4.8
2021-07-09 19:15:23 -07:00
John Safranek
50d007ded8
Merge pull request #4196 from JacobBarthelmeh/Release
...
Release version 4.8.0
2021-07-09 14:33:26 -07:00
John Safranek
84539be656
Merge pull request #4197 from JacobBarthelmeh/Jenkins
...
Updates found with Jenkins tests
2021-07-09 14:32:43 -07:00
Daniel Pouzzner
15c890179f
Linux kernel module: add an explicit -ffreestanding to CFLAGS in linuxkm/Makefile, and in wc_port.h ifdef WOLFSSL_LINUXKM, ignore -Wtype-limits in Linux kernel header files (needed for kernel v5.13), and suppress inclusion of stdint-gcc.h.
2021-07-09 15:23:07 -05:00
Jacob Barthelmeh
88b70a3906
update google cert that was set to expire in Dec 2021
2021-07-09 23:57:50 +07:00
JacobBarthelmeh
c01a63508a
account for testing on big endian system
2021-07-09 08:18:39 -06:00
Jacob Barthelmeh
f4c4cf8afe
update changelog for release 4.8.0
2021-07-09 17:02:18 +07:00
David Garske
e1b487ab9f
Fix for wc_export_int with WC_TYPE_HEX_STR, which was not returning the correct length.
2021-07-08 14:36:36 -07:00
David Garske
4f055653c7
Restore TLS v1.3 hello_retry behavior with session id. Fix for SNI with default (no name) putting newline due to fgets.
2021-07-08 13:50:08 -07:00
JacobBarthelmeh
500a6c8b27
prepare for release 4.8.0
2021-07-08 12:02:40 -06:00
David Garske
4cb076f22b
Cleanup to remove duplicate stat sslResumptionValid. Add print of sslResumptionInserts.
2021-07-08 09:49:13 -07:00
David Garske
ddbe0e6dab
Fix for sniffer stats on resume miss. The logic for hello_retry_request will no longer try and do resume, so restore BAD_SESSION_RESUME_STR error.
2021-07-08 09:31:59 -07:00
JacobBarthelmeh
127add4bf7
include stddef for size_t type for ptr
2021-07-08 07:06:20 -06:00
Jacob Barthelmeh
7bcd0da164
warning for length used on strncpy
2021-07-08 15:51:17 +07:00
Jacob Barthelmeh
263e03748e
fix issue of handling partially streamed PKCS7 input
2021-07-08 15:25:40 +07:00
JacobBarthelmeh
a250e1f23a
Merge pull request #4194 from ejohnstown/to-fix
...
Timeout Fix
2021-07-08 14:34:42 +07:00
John Safranek
c9aa23ac7a
Merge pull request #4191 from dgarske/htons
...
Fix for missing `XHTONS` with `WOLFSSL_USER_IO` and session tickets
2021-07-07 16:21:59 -07:00
John Safranek
00cab36b36
Timeout Fix
...
The macros setting up the timeout for the select used to timeout just
multiplied the ms by 1000 to make us. The BSD select used on macOS
doesn't like the us to be greater than 999999. Modified to carry the
excess us over into the seconds.
2021-07-07 16:14:48 -07:00
Sean Parkinson
849020660f
Merge pull request #4182 from JacobBarthelmeh/CAAM
...
check return of DSA decode
2021-07-08 08:16:46 +10:00
John Safranek
b9dac74086
Merge pull request #4193 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis tests
2021-07-07 14:23:58 -07:00
JacobBarthelmeh
86e5287a14
Merge pull request #4032 from TakayukiMatsuo/tk11968
...
Make wolfSSL_CTX_set_timeout reflect to Session-ticket-lifetime-hint
2021-07-07 22:26:06 +07:00
Juliusz Sosinowicz
b7bd3766c7
Fix pedantic errors about macros in macros
2021-07-07 10:54:34 +02:00
JacobBarthelmeh
7b9d6a3f5e
Merge pull request #3792 from TakayukiMatsuo/os_keylog
...
Add wolfSSL_CTX_set_keylog_callback
2021-07-07 15:34:33 +07:00
Hayden Roche
7422f07fb5
Improve wolfIO_HttpProcessResponse HTTP header checking logic.
...
Modify this function to just ensure that the response header starts with "HTTP
1.x 200" (where x is 0, 1, etc.).
2021-07-06 15:18:26 -07:00
David Garske
41ac17cdc6
Improve support for XHTONS with WOLFSSL_USER_IO and session tickets with default encryption implementation !WOLFSSL_NO_DEF_TICKET_ENC_CB.
2021-07-06 13:13:35 -07:00
Jacob Barthelmeh
b1a6d88af6
fix for memory leak
2021-07-06 23:37:35 +07:00
Juliusz Sosinowicz
fc7533fe5e
Code review changes
2021-07-06 16:14:25 +02:00
Juliusz Sosinowicz
1acf906612
Code review changes
2021-07-06 15:39:23 +02:00
Juliusz Sosinowicz
6dfc702364
Correct serverDH_Pub length on renegotiation
...
On a renegotiation the serverDH_Pub buffer may be too short. The previous DhGenKeyPair call may have generated a key that has a shorter binary representation (usually by one byte). Calling DhGenKeyPair with this shorter buffer results in a WC_KEY_SIZE_E error.
2021-07-06 15:39:23 +02:00
Juliusz Sosinowicz
1b6b16c2c3
HaProxy 2.4-dev18 support
...
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
- `STACK_TYPE_X509_OBJ`
- `OCSP_id_cmp`
- `X509_STORE_get0_objects`
- `X509V3_EXT_nconf_nid`
- `X509V3_EXT_nconf`
- `X509_chain_up_ref`
- `X509_NAME_hash`
- `sk_X509_NAME_new_null`
- `X509_OBJECT_get0_X509`
- `X509_OBJECT_get0_X509_CRL`
- `ASN1_OCTET_STRING_free`
- `X509_LOOKUP_TYPE`
- `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
- WOLFSSL_CTX
- Enable all compiled in protocols
- Allow anonymous ciphers
- Set message grouping
- Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
- Return first that occured
- Set correct value on date error
- Set revoked error on OCSP or CRL error
- Save value in session and restore on resumption
- Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
2021-07-06 15:39:23 +02:00
Jacob Barthelmeh
a6ce91f3bb
fix for gcc-11 build with blake2
2021-07-06 14:53:39 +07:00
Jacob Barthelmeh
ae00b5acd0
some minor changes for unintialized and null infer reports
2021-07-06 14:13:45 +07:00
Sean Parkinson
34528eb6c9
ECC bench: can't use SAKKE curve with ECDH/ECDSA
...
Skip curve benchmarking when all curves are being benchmarked.
2021-07-06 12:19:50 +10:00
Guido Vranken
e0f268e522
Simplify mp_invmod_slow fix
2021-07-06 02:29:31 +02:00
Guido Vranken
9783d64f7e
Add missing return value check in mp_invmod_slow
2021-07-06 02:13:42 +02:00
Sean Parkinson
08ebd34f31
SP math: montgomery reduction edge case
...
4 and 6 word specific implementations now handle rare overflow correctly
in last mul-add of loop.
2021-07-06 10:03:24 +10:00
Guido Vranken
460b513594
Fix compilation failure with WOLFSSL_PUBLIC_ECC_ADD_DBL
...
Fixes https://github.com/wolfSSL/wolfssl/issues/4184
2021-07-03 19:31:29 +02:00
TakayukiMatsuo
5df0f7820a
Add wolfSSL_CTX_set_keylog_callback
2021-07-03 14:51:23 +09:00
Jacob Barthelmeh
89866846d6
check return of DSA decode
2021-07-03 03:41:40 +07:00
David Garske
26789ef877
Fix variable declaration mid-code.
2021-07-02 13:24:25 -07:00
David Garske
2dd169f9a1
Added new sniffer API for callback for key use ssl_SetKeyCallback. Support indicated by WOLFSSL_SNIFFER_KEY_CALLBACK. Trace cleanup for custom error.
2021-07-02 12:18:56 -07:00
kaleb-himes
93a8f36530
Fix basic constraints extension present and CA Boolean not asserted
2021-07-02 12:16:16 -06:00
TakayukiMatsuo
567d8ed704
Make wolfSSL_set_session return success on timeout under WOLFSSL_ERROR_CODE_OPENSSL macro definition.
2021-07-02 10:50:00 +09:00
TakayukiMatsuo
aef9e560b1
Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint.
2021-07-02 09:15:01 +09:00
David Garske
197b959916
Merge pull request #4177 from SparkiDev/ecc_exp_point_size
...
ECC: validate ordinate length before export
2021-07-01 17:07:35 -07:00
David Garske
d16e374972
Merge pull request #4160 from JacobBarthelmeh/fuzzing
...
better checking on length of streaming buffer
2021-07-01 17:04:49 -07:00
David Garske
43f8c5ba1b
Merge pull request #4121 from JacobBarthelmeh/PKCS7
...
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
2021-07-01 17:03:56 -07:00
JacobBarthelmeh
9b8142c1ff
Merge pull request #4174 from SparkiDev/zephyr_2_6_99
...
Zephyr Project: update port to work with latest
2021-07-02 03:23:10 +07:00
Daniel Pouzzner
e9e41d3344
Merge pull request #4070 from elms/fsanitize/undefined_fixes
...
address errors with `-fsanitize=undefined`
2021-07-01 13:00:06 -05:00
JacobBarthelmeh
45486ac904
Merge pull request #4166 from miyazakh/supportedversion_ex_mindowngrade
...
not include smaller versions than minimum downgrade
2021-07-01 21:00:20 +07:00
JacobBarthelmeh
7a42096643
Merge pull request #4175 from SparkiDev/sp_thumb_clang
...
SP: Thumb implementaton that works with clang
2021-07-01 20:39:06 +07:00
Sean Parkinson
a992480f91
ECC: validate ordinate length before export
2021-07-01 15:50:04 +10:00
Elms
75e807abc6
Fixes for gcc-10 and -fsanitize=undefined for rabbit.c
...
* One introduced in #4156
* One from previous commit in this PR
2021-06-30 22:20:17 -07:00
Sean Parkinson
6694775d4b
Changes to compile without XTREAM_ALIGN
...
Use macro to load 32 bits from input parameters key in hc128.c and input
in rabbit.c
Also fix warning about string copy.
2021-06-30 21:58:30 -07:00
Elms
56d879f422
address scan-build issues for clang 6 and 10
2021-06-30 21:58:30 -07:00
Elms
c9597ea735
sha3: align data for Sha3Update
2021-06-30 21:58:30 -07:00
Elms
dc7beab784
address errors with -fsanitize=undefined
...
- fix null dereferences or undefined `memcpy` calls
- fix alignment in `myCryptoDevCb`
- fix default dtls context assignment
- add align configure option to force data alignment
TESTED:
`./configure CFLAGS=-fsanitize=undefined\ -DWOLFSSL_GENERAL_ALIGNMENT=1 --enable-all`
2021-06-30 21:58:30 -07:00
Sean Parkinson
4cff893c5f
SP math all: allow reading of bin up to max digit size
2021-07-01 14:29:58 +10:00
David Garske
f9cd83743a
Fix include.am typo.
2021-06-30 08:42:15 -07:00
David Garske
23b573c70a
Autoconf Include.am fixes, spelling and copyright.
2021-06-30 08:38:17 -07:00
David Garske
c820b5679a
Merge pull request #4173 from SparkiDev/sp_int_mingw64
2021-06-30 06:57:58 -07:00
Jacob Barthelmeh
893b71e8c1
remove dead code
2021-06-30 19:54:25 +07:00
Juliusz Sosinowicz
0277fa6d7c
Remove unused wolfSSL_StartSecureRenegotiation
2021-06-30 13:51:11 +02:00
Jacob Barthelmeh
23eededc36
simplify and fix max stream buffer length
2021-06-30 15:26:44 +07:00
Hideki Miyazaki
b0688688c1
addressed review comments
2021-06-30 13:52:46 +09:00
Sean Parkinson
60a520c525
SP: Thumb implementaton that works with clang
2021-06-30 13:10:29 +10:00
Sean Parkinson
d1fb736136
Zephyr Project: update port to work with latest
2021-06-30 10:29:54 +10:00
Sean Parkinson
36d534034c
SP math: cast number to sp_digit rather than declare as long
2021-06-30 09:28:51 +10:00
David Garske
ae68de060a
Merge pull request #4171 from SparkiDev/sp_small_fast_modexp
...
SP: allow fast mod_exp to be compiled for small C code
2021-06-29 13:32:55 -07:00
David Garske
0d1672dfee
Merge pull request #4170 from SparkiDev/sp_mingw64
...
SP: Don't cast number to sp_digit rather than declare as long
2021-06-29 13:32:28 -07:00
Chris Conlon
9179071af5
Merge pull request #4153 from JacobBarthelmeh/Testing
...
fix for keyid with ktri cms
2021-06-29 11:40:00 -06:00
David Garske
e59cc79a1f
Document new WOLFSSL_SP_FAST_MODEXP option.
2021-06-29 09:16:27 -07:00
David Garske
a748b5264e
Fix for wolfcrypt/src/sp_int.c:2720:34: error: left shift count >= width of type with mingw64.
2021-06-29 09:13:32 -07:00
David Garske
b0e9531f26
Merge pull request #4169 from SparkiDev/dh_anon_tls12
...
TLS: Get DH anon working TLS 1.2 and below
2021-06-29 08:53:44 -07:00
Sean Parkinson
303f944935
SP: allow fast mod_exp to be compiled for small C code
2021-06-29 12:51:21 +10:00
Sean Parkinson
08e560e0a7
SP: Don't cast number to sp_digit rather than declare as long
...
mingw64 has numbers as 32-bit type when declarted long.
Fixup some line lengths.
2021-06-29 11:07:47 +10:00
Sean Parkinson
f56bf3d8ee
TLS: Get DH anon working TLS 1.2 and below
...
Send the server DH parameters in ServerKeyExchange.
./configure '--enable-anon' '--disable-rsa' '--enable-oldtls'
2021-06-29 10:29:39 +10:00
David Garske
0bb66f3023
Merge pull request #4167 from danielinux/pka_readme
...
port/st: added mention of the PKA support in README
2021-06-28 10:35:32 -07:00
Eric Blankenhorn
33174cec5c
Merge pull request #4161 from dgarske/ssl_doxy
...
Added inline documentation for `wolfSSL_CTX_load_verify_buffer_ex`
2021-06-28 12:35:11 -05:00
Daniele Lacamera
15080317ce
port/st: added mention of the PKA support in README
2021-06-28 14:39:58 +02:00
David Garske
80480e5d1f
Merge pull request #4163 from lealem47/rsa-test
...
Rsa test
2021-06-25 13:12:58 -07:00
David Garske
5adbcfb3be
Merge pull request #4151 from SparkiDev/sp_math_all_base10
...
SP math all: fix read radix 10
2021-06-25 09:37:05 -07:00
David Garske
63ad5d58a2
Merge pull request #4162 from ejohnstown/abi-update
...
ABI Update
2021-06-25 08:36:07 -07:00
John Safranek
5437883da7
Merge pull request #4164 from dgarske/async_frag
...
Fix for async with fragmented packets
2021-06-25 08:33:50 -07:00
David Garske
74b9b5a8cd
Merge pull request #4156 from SparkiDev/regression_fixes_1
...
Regression test fixes
2021-06-25 07:48:02 -07:00
Lealem Amedie
729fea6b71
unused variable fix in rsa_oaep_padding_test fix
2021-06-25 08:39:44 -06:00
Jacob Barthelmeh
5038a27cda
add test cases and set content oid with decode encrypted data
2021-06-25 21:16:01 +07:00
Jacob Barthelmeh
55002c56d2
update for ber padding
2021-06-25 18:57:28 +07:00
Hideki Miyazaki
5bb52915b9
update test conf to fix jenkins failures
2021-06-25 16:31:49 +09:00
Sean Parkinson
fbe086534a
SP math all: fix read radix 10
...
Ensure first digit is 0 when zeroing a number.
Check size of output in _sp_mul_d() - only place to be sure of overflow.
Modify callers of _sp_mul_d() to check return.
2021-06-25 15:55:32 +10:00
Hideki Miyazaki
d576e3ef96
not send smaller versions than minimum downgradable version as supportedversion ext
2021-06-25 14:51:34 +09:00
Sean Parkinson
dab6724059
Regression fixes: more configurations
...
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
&& make
./configure --disable-aescbc --disable-chacha --disable-poly1305
--disable-coding && make
2021-06-25 15:23:51 +10:00
Lealem Amedie
873f10b0cf
Simplifying rsa_test() by extracting sections as separate functions
2021-06-24 20:47:14 -06:00
Sean Parkinson
1994811d24
Merge pull request #4144 from haydenroche5/pkcs8
...
Make a bunch of PKCS#8 improvements.
2021-06-25 12:22:11 +10:00
Sean Parkinson
dae6683803
Merge pull request #4030 from julek-wolfssl/ZD12235
...
Expand SHA-3 support
2021-06-25 12:18:03 +10:00
Sean Parkinson
8592053856
Regression test fixes
...
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
2021-06-25 09:18:06 +10:00
David Garske
45ef68d5c7
Fix for async with fragmented packets where inline crypto could be overwritten on reprocessing fragment. FIxes unit tests with --enable-all --enable-asynccrypt. Minor cleanup for line length and free verify RSA buffer sooner.
...
Reproducible with:
```
./examples/server/server -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -2
./examples/client/client -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 -2
```
2021-06-24 16:03:12 -07:00
John Safranek
66c29ef1ca
ABI Update
...
Add wolfSSL_CTX_set_verify to the ABI list.
2021-06-24 14:08:28 -07:00
David Garske
4ef3c5d75c
Added inline documentation for wolfSSL_CTX_load_verify_buffer_ex.
2021-06-24 10:38:34 -07:00
Juliusz Sosinowicz
656e49cc3b
Expand SHA-3 support
...
Add more support in the EVP layer as well as add signing support. The SHA-3 OID's were also added for DER algorithm identifier encoding.
2021-06-24 19:31:43 +02:00
David Garske
c59d1f2e8d
Merge pull request #4155 from SparkiDev/ssl_reorg_3
...
Reorg of ssl.c: standard C wrappers, EX_DATA, BUF_MEM, TXT_DB
2021-06-24 09:53:53 -07:00
David Garske
1ec212be81
Merge pull request #4159 from SparkiDev/sakke_eccsi_fix_1
...
SAKKE: fix configurations
2021-06-24 09:48:14 -07:00
David Garske
97ab1bb013
Merge pull request #4154 from SparkiDev/hmac_update_ct
...
TLS hmac: handle truncated mac in Hmac_UpdateFinal_CT()
2021-06-24 09:28:22 -07:00
Jacob Barthelmeh
b826083fbf
better checking on length of streaming buffer
2021-06-24 23:06:37 +07:00
Sean Parkinson
2fb6a9eacf
SAKKE: fix configurations
...
Fix position of sp_1024_norm_18 now that div requires it:
./configure --disable-shared --enable-sakke --disable-eccsi
--enable-sp
Fix missing '{' in sp_mulmod_table_1024:
./configure --disable-shared --enable-sakke --enable-eccsi
--enable-smallstack --enable-sp
2021-06-24 14:01:27 +10:00
Sean Parkinson
92a4e30b69
Merge pull request #4158 from dgarske/nxp_ltc_rsa2
...
Fixes for NXP LTC with RSA and Blinding
2021-06-24 12:14:04 +10:00
David Garske
73c90369c6
Fix for int neg being defined mid code. Fix limit check for mp_mulmod using hardware vs software. Resolves issue when using WC_RSA_BLINDING.
2021-06-23 14:45:52 -07:00
David Garske
2d1b113f51
Fix for missing wolfcrypt_mp_prime_is_prime_ex def.
2021-06-23 14:45:52 -07:00
John Safranek
ae2f2b246e
Merge pull request #4148 from BrianAker/master
...
Fix for make distcheck, maintainer-clean, to allow distribution builds.
2021-06-23 10:33:06 -07:00
David Garske
81daf9172b
Merge pull request #3872 from ejohnstown/pcExt
...
Policy Constraints Extension
2021-06-23 09:40:15 -07:00
Hayden Roche
b3401bd102
Make a bunch of PKCS#8 improvements.
...
- Add doxygen documentation for wc_GetPkcs8TraditionalOffset, wc_CreatePKCS8Key,
wc_EncryptPKCS8Key, and wc_DecryptPKCS8Key.
- Add a new API function, wc_CreateEncryptedPKCS8Key, which handles both
creation of an unencrypted PKCS#8 key and the subsequent encrypting of said key.
This is a wrapper around TraditionalEnc, which does the same thing. This may
become a first-class function at some point (i.e. not a wrapper). TraditionalEnc
is left as is since it is used in the wild.
- Added a unit test which exercises wc_CreateEncryptedPKCS8Key and
wc_DecryptPKCS8Key. Testing wc_CreateEncryptedPKCS8Key inherently also tests
TraditionalEnc, wc_CreatePKCS8Key, and wc_EncryptPKCS8Key.
- Modified wc_EncryptPKCS8Key to be able to return the required output buffer
size via LENGTH_ONLY_E idiom.
- Added parameter checking to wc_EncryptPKCS8Key and wc_DecryptPKCS8Key.
2021-06-23 08:39:20 -07:00
John Safranek
f762672a12
Merge pull request #4157 from julek-wolfssl/app-data-reason
...
Add a reason text for APP_DATA_READY
2021-06-23 08:30:19 -07:00
Juliusz Sosinowicz
4eff3ff3dd
Add a reason text for APP_DATA_READY
2021-06-23 13:43:56 +02:00
Sean Parkinson
945acb4c2f
Reorg of ssl.c: standard C wrappers, EX_DATA, BUF_MEM, TXT_DB
2021-06-23 11:28:38 +10:00
Sean Parkinson
2923d812bd
Merge pull request #4058 from miyazakh/qt_oslext_cs
...
TLS: extend set_cipher_list() compatibility layer API
2021-06-23 10:12:11 +10:00
Sean Parkinson
5cf7e17820
TLS hmac: handle truncated mac in Hmac_UpdateFinal_CT()
2021-06-23 09:54:41 +10:00
John Safranek
a5852fe440
Merge pull request #4119 from julek-wolfssl/dtls-seq-num-refactor
...
Refactor `dtls_expected_peer_handshake_number` handling
2021-06-22 16:29:45 -07:00
Sean Parkinson
eccfb4f632
Merge pull request #4125 from dgarske/sniffer_etsi
...
TLS: Fixes for sniffer and static ephemeral keys
2021-06-23 09:17:13 +10:00
Chris Conlon
4b3bd3e384
Merge pull request #4049 from miyazakh/set_verifyDepth_3
...
Set verify depth limit
2021-06-22 10:23:43 -06:00
Chris Conlon
b70e028200
Merge pull request #4087 from miyazakh/get_ciphers_compat
...
higher priority of cipher suite is on top of stack
2021-06-22 10:22:43 -06:00
Chris Conlon
446393bcab
Merge pull request #3793 from TakayukiMatsuo/os_base64
...
Add wolfSSL_EVP_Encode/Decode APIs
2021-06-22 10:19:30 -06:00
Chris Conlon
b050463dce
Merge pull request #4059 from miyazakh/qt_unit_test
...
fix qt unit test
2021-06-22 10:12:48 -06:00
Jacob Barthelmeh
647bde671c
macro guard on test case
2021-06-22 22:56:35 +07:00
Jacob Barthelmeh
2b1a6cfb54
add setting contentOID with decode enveloped data
2021-06-22 22:06:16 +07:00
Jacob Barthelmeh
a4b5ebb62f
remove contentOID check
2021-06-22 21:59:57 +07:00
Jacob Barthelmeh
31e8784057
fix for compressedData eContent encoding with PKCS7
2021-06-22 21:59:57 +07:00
Jacob Barthelmeh
9c2de0e40a
wc_PKCS7_DecodeCompressedData optionally handle a packet without content wrapping
2021-06-22 21:59:57 +07:00
Jacob Barthelmeh
3cd43cf692
fix for keyid with ktri cms
2021-06-22 21:33:12 +07:00
David Garske
67b87a8883
Merge pull request #4127 from douzzer/wolfsentry-client
...
outbound connection filtering and wolfSentry integration
2021-06-22 07:27:18 -07:00
David Garske
c4ea64b7fc
Merge pull request #4140 from SparkiDev/set_sig_algs
2021-06-21 19:18:10 -07:00
David Garske
52582ede28
Merge pull request #4146 from SparkiDev/pkcs11_dec_final
...
PKCS #11 : Use C_Decrypt instead of C_DecryptUpdate
2021-06-21 15:28:45 -07:00
Sean Parkinson
ab2c1e117e
Merge pull request #4149 from guidovranken/wc_ecc_verify_hash_ex-alloc-check
...
ECC: wc_ecc_verify_hash_ex, return if ALLOC_CURVE_SPECS() fails
2021-06-22 08:24:22 +10:00
David Garske
716237c5dd
Fix minor line length and spelling.
2021-06-21 15:09:39 -07:00
David Garske
4942220718
Merge pull request #4150 from elms/fix/sniffer_no_dh
...
Fix build with `--enable-sniffer --disable-dh`
2021-06-21 12:47:58 -07:00
Elms
a409e7c9ce
Fix build with --enable-sniffer --disable-dh
2021-06-21 09:42:51 -07:00
David Garske
7491a44bb4
Fix for possible memory leak case on mp_init failure in wc_ecc_verify_hash_ex with WOLFSSL_SMALL_STACK.
2021-06-21 09:19:47 -07:00
Guido Vranken
7c600e3ebc
In wc_ecc_verify_hash_ex, return if ALLOC_CURVE_SPECS() fails
...
This prevents a NULL pointer dereference later in the function.
2021-06-20 22:29:20 +02:00
Brian Aker
2d497d1cf5
Fix for make distcheck, maintainer-clean, to allow distribution builds.
...
This the second pass at this after seeing how fips is added to tree in later phases.
This allow autoreconf to be directly called which allows the Makefile to rebuild when seeing that changes have been ( having an autogen.sh is older convention which left to history in the way autotools are invoked )
This fixes "make distcheck" and "make maintainer-clean" which are required by most distributions packaging systems.
The files previously touched by autogen.sh are now properly placed into autoconf.
The include files files are generated by configure. ( There is a note placed in configure.ac as to why and reference to the automake documention for this ). Append to file was done on purpose, touch cannot be in configure safetly. Normally autoheader would be used for this but since the include files are created out of tree, care has to be taken to not overwrite those file.
For the source files, they were moved into the coresponding automake file. It is safe to use touch in automake. Since files can optionally copied from elsewhere, they have to be listed in BUILT_SOURCES. They are written srcdir in order to allow make to do VPATH builds ( which is configure by make distcheck ).
To show fips files are preserved without having the actual fips files, a C style comment can be echoed into the files.
There are a few current, but outstanding issues.
1) config.h needs to be fixed configure.ac to use autoheader in order to allow configure to know to rebuilt depencies on its changes. ( Out of scope for this patch. )
2) verion.h checked into the tree and it is a built file. A make maintainer-clean followed by "git status --ignored" will confirm this. ( Out of scope for this patch )
3) autogen.sh has not been updated to reflect fixes. I believe that for this patch, it should be left alone and checked for regression in Jenkins by itself.
4) There is an out of date .spec file for building RPM which should be updated now that distcheck is working.
5) maintainer-clean should have rule added to remove build-aux testdriver.
This has been tested on current Ubuntu testing, OSX, Fedora 34, and Debian 10.
Additionaly "make distcheck" should be added to regression testing, along with "make maintainer-check".
Other improvement possibilities:
A possible future improvement is to let autoconf handle build with optional out of dist files.
Modify fips configure.ac check to allow for an injection of comments into blank fips files in order to prove distribution of fips/non-fips builds.
Update git rules to use 'make maintainer-clean', 'autoreconf -if', 'make distcheck'.
2021-06-19 20:16:14 -07:00
Kaleb Himes
149920fc14
Merge pull request #4110 from dgarske/config_examples
...
Additional user_settings.h examples
2021-06-18 12:00:29 -05:00
David Garske
5a685ca37e
Merge pull request #4139 from SparkiDev/etm_check_pad
...
TLS EtM: check all padding bytes are the same value
2021-06-18 08:14:46 -07:00
David Garske
15065175d8
Merge pull request #4145 from SparkiDev/sp_int_neg_mod
...
SP int negative: check size of a in mp_mod
2021-06-18 08:14:02 -07:00
Sean Parkinson
7224fcd9bc
TLS: add support for user setting signature algorithms
2021-06-18 16:19:01 +10:00
Hideki Miyazaki
fbb7a40295
simplified string parse
2021-06-18 11:55:09 +09:00
Hideki Miyazaki
b52ff200de
addressed code review part2
2021-06-18 11:22:23 +09:00
Hideki Miyazaki
368dd7b501
address review comments part1
2021-06-18 11:22:22 +09:00
Hideki Miyazaki
23a3c7f5f5
fixed no-termination
2021-06-18 11:22:21 +09:00
Hideki Miyazaki
1ebb4a47f6
addressed jenkins failure
2021-06-18 11:22:20 +09:00
Hideki Miyazaki
a4ff5de369
always tls13 suites in the front position
2021-06-18 11:22:20 +09:00
Hideki Miyazaki
4feedb72cc
simulate set_ciphersuites comp. API
2021-06-18 11:22:19 +09:00
Sean Parkinson
699a75c211
PKCS #11 : Use C_Decrypt instead of C_DecryptUpdate
...
Some PKCS #11 devices need final called (implicit in C_Decrypt).
2021-06-18 12:14:34 +10:00
Hideki Miyazaki
23fc810b3c
added more context
2021-06-18 11:10:13 +09:00
Hideki Miyazaki
ddf2a0227f
additional fix for set verify depth to be compliant with openssl limit
2021-06-18 11:00:51 +09:00
Hideki Miyazaki
2bbf7cc0fb
addressed review comments
2021-06-18 10:49:24 +09:00
David Garske
3d5c5b39ac
Merge pull request #4134 from embhorn/joi-cert
...
Update use of joi cert and add to renew script.
2021-06-17 18:28:12 -07:00
Daniel Pouzzner
b59c60db8a
ssl.c: fix build gating on wolfSSL_X509_get_ex_new_index() again (fixing rebase error).
2021-06-17 20:14:54 -05:00
Daniel Pouzzner
8c75553e08
wolfSentry integration: move rest of recyclable code out of examples and into wolfsentry_setup() in wolfssl/test.h, and implement peer review corrections on error codes and string.h wrapper macros.
2021-06-17 20:05:40 -05:00
Daniel Pouzzner
55ed985c9a
include error-ssl.h, not error-crypt.h, in wolfssl/test.h, and fix rebase error in src/ssl.c.
2021-06-17 20:05:40 -05:00
Daniel Pouzzner
1c9ea6228c
ssl.c: fix build gating on wolfSSL_X509_get_ex_new_index().
2021-06-17 20:05:40 -05:00
Daniel Pouzzner
93dfb4c7f4
add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config.
...
also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-17 20:05:40 -05:00
Sean Parkinson
2fb80ceb59
Merge pull request #4133 from dgarske/crypto_cb_25519
...
Adds crypto callback support for Ed/Curve25519 and SHA2-512/384
2021-06-18 09:47:30 +10:00
David Garske
18fc1b7e63
Merge pull request #4006 from elms/refactor_pointer_manipulation
2021-06-17 16:37:03 -07:00
Sean Parkinson
485cfd798b
SP int negative: check size of a in mp_mod
...
When using negative numbers, t is allocated to be one digit longer than
a->used. Fail when a->used is SP_DIGIT_MAX.
2021-06-18 09:28:51 +10:00
Hideki Miyazaki
951de64e2c
set PSK at the beginning
2021-06-18 07:59:35 +09:00
Hideki Miyazaki
3386069490
add LOAD flag to be compliant with OpenSSL
2021-06-18 07:59:34 +09:00
Hideki Miyazaki
af917cc55e
tell error code
2021-06-18 07:59:34 +09:00
Hideki Miyazaki
976b6ae97c
not push CA, revert error code when being OpensslExtra mode
2021-06-18 07:59:33 +09:00
Hideki Miyazaki
cd73cf3d0f
fix Qt unit test verifyClientCert
2021-06-18 07:59:32 +09:00
Hideki Miyazaki
8b9bf041c1
addressed review comments
2021-06-18 07:50:06 +09:00
Sean Parkinson
98ce4e901a
TLS EtM: check all padding bytes are the same value
...
Must be constant time so as not to provide an oracle.
That is, don't leak length of data and padding.
2021-06-18 08:42:48 +10:00
Hideki Miyazaki
22430ccdd3
higher priority of cipher suite is on top of stack
2021-06-18 07:42:41 +09:00
David Garske
9181c949ae
Added static ciphers and sniffer. Fixed spelling.
2021-06-17 15:19:45 -07:00
David Garske
ffb9a8b440
Improve the user_settings_template to incude Windows. Added STM32 configuration example.
2021-06-17 15:19:45 -07:00
David Garske
8b14bf2951
Additional user_settings.h examples.
2021-06-17 15:19:45 -07:00
David Garske
4bff3b6c69
Fix issue with WOLFSSL object copying CTX and object free'ing. Track ownership of the static key info.
2021-06-17 15:12:07 -07:00
David Garske
155621b611
Fix to prevent static ephemeral memory leak if WC_PK_TYPE_NONE is used for auto-detect. Add DER PK auto detect support. Add sniffer ssl_SetWatchKey_buffer support for static ephemeral.
2021-06-17 15:11:03 -07:00
David Garske
258e0c10da
Merge pull request #4142 from elms/fix/memtest
...
test: Fix memtest callbacks
2021-06-17 14:01:21 -07:00
David Garske
5440b6c63c
Fix for intel asm SHA512 where HAVE_INTEL_AVX1 or HAVE_INTEL_AVX2 is defined, but USE_INTEL_SPEEDUP is not. Fix for scan-build error with test.c ret not used.
2021-06-17 13:50:09 -07:00
Chris Conlon
bd6a353921
Merge pull request #4083 from dgarske/stm32_aes_gcm
...
Fix for STM32 AES GCM for HAL's that support byte sized headers
2021-06-17 13:08:15 -06:00
Elms
91f002235e
make: --enable-memtest track and --enable-memtest=fail to force failure
2021-06-17 10:45:39 -07:00
Elms
ad59b8af45
test: Fix memtest callbacks
2021-06-17 10:15:11 -07:00
David Garske
c802ea7ebd
Fix for unaligned authentication tag sizes when the STM32 Cube HAL supports it with CRYP_HEADERWIDTHUNIT_BYTE.
2021-06-17 08:15:44 -07:00
David Garske
b6ec698a83
Fix for FIPS case with hkdf_test.
2021-06-17 08:15:44 -07:00
David Garske
14b845a9a5
Fixes for wolfCrypt HMAC test without SHA1/SHA2. Added NO RNG option to cube pack configuration template.
2021-06-17 08:15:44 -07:00
David Garske
e8c4f857e1
Fix to use accelerated AES GCM when auth is not 4-byte aligned on platforms supporting byte header size.
2021-06-17 08:15:44 -07:00
David Garske
a1517dbfe4
Merge pull request #4138 from SparkiDev/ssl_reorg_2
...
Reorg of ssl.c: X509_STORE_CTX and X509_STORE APIs isolated
2021-06-17 07:38:25 -07:00
David Garske
eb7896919b
Merge pull request #4137 from SparkiDev/tls13_hrr_ch_ems
...
TLS EMS ext: TLS13 - send in second CH if in first
2021-06-17 07:29:19 -07:00
David Garske
5751e20bcc
Merge pull request #4136 from SparkiDev/tfm_size_checks
...
tfm: fix length check in add and mul_d
2021-06-17 07:28:40 -07:00
kaleb-himes
b29fa9bd33
Changes to support Android app with wolfCrypt module v4.5.4
2021-06-17 08:11:40 -06:00
Sean Parkinson
ad4baec0f5
Merge pull request #4090 from JacobBarthelmeh/CAAM
...
CAAM: add dynamic setup of entropy delay on init
2021-06-17 17:06:01 +10:00
Jacob Barthelmeh
d09b7153f2
address review items
2021-06-17 09:43:06 +07:00
Sean Parkinson
4bba282a70
TLS EMS ext: TLS13 - send in second CH if in first
2021-06-17 11:40:48 +10:00
Sean Parkinson
effa7e079d
Reorg of ssl.c: X509_STORE_CTX and X509_STORE APIs isolated
2021-06-17 11:38:26 +10:00
David Garske
98147de422
Fix for wolfCrypt test not calling init for ed25519 tests.
2021-06-16 16:44:28 -07:00
David Garske
54cef64250
Merge pull request #4128 from SparkiDev/ssl_reorg_1
...
Reorg of ssl.c: PKCS7, PKCS12, crypto-only APIs isolated
2021-06-16 16:12:03 -07:00
Sean Parkinson
9023c4d65a
tfm: fix length check in add and mul_d
...
Check that the overflow digit is going to fit rather than whether we are
at limit after adding digit.
2021-06-17 09:11:01 +10:00
Kaleb Himes
93ae372c55
Merge pull request #4132 from dgarske/exebits
...
Remove execute bit on update pem/der files
2021-06-16 17:20:53 -05:00
David Garske
0fc9c33f84
Wire up Ed25519 SHA512 to use devId.
2021-06-16 13:15:06 -07:00
David Garske
54f69079a8
Merge pull request #4131 from elms/fix/g++_enum_logical_op
...
fixes build with g++ automatically converting enum to int
2021-06-16 13:09:06 -07:00
Eric Blankenhorn
1307972344
Update use of joi cert and add to renew script.
2021-06-16 13:55:36 -05:00
David Garske
15d761a0c2
Added ED25519 and Curve25519 crypto callback support.
2021-06-16 11:49:24 -07:00
David Garske
9c24731e3c
Added SHA2-384/512 crypto callback support.
2021-06-16 11:49:24 -07:00
David Garske
27218e1d40
Merge pull request #4129 from JacobBarthelmeh/Testing
...
add cert generation to renewcerts script
2021-06-16 10:21:59 -07:00
David Garske
90d894b9fd
Remove execute bit on update pem/der files.
2021-06-16 10:17:20 -07:00
David Garske
852892c85b
Merge pull request #4130 from embhorn/zd12463
...
Fix BIO_free_all return type
2021-06-16 10:06:49 -07:00
David Garske
e39fc4b6ec
Merge pull request #4099 from embhorn/zd12274
...
Fix nonblocking ret value from crlIOCb
2021-06-16 10:05:04 -07:00
Elms
75445f7810
fixes build with g++ automatically converting enum to int
2021-06-16 09:40:20 -07:00
Eric Blankenhorn
b3bfe2d12b
Fix BIO_free_all return type
2021-06-16 09:51:45 -05:00
TakayukiMatsuo
9e02655ac4
Merge remote-tracking branch 'upstream/master' into os_base64
2021-06-16 23:19:52 +09:00
Jacob Barthelmeh
d8fc01aabf
add cert generation to renewcerts script
2021-06-16 14:31:33 +07:00
Sean Parkinson
2ca6550207
Reorg of ssl.c: PKCS7, PKCS12, crypto-only APIs isolated
...
Moved functions to bottom of file in groups.
Whitespace changed but not code.
PKCS7 APIs and wolfSSL_d2i_PKCS12_fp now protected by !NO_CERTS
2021-06-16 16:08:24 +10:00
Elms
3a885aba23
Refactor pointer manipulation to be independent of datatype width
...
Tested with `./configure CFLAGS="-DNO_64BIT" --disable-sha512
--disable-sha384 --enable-harden` on a 64-bit machine
2021-06-15 21:08:49 -07:00
Sean Parkinson
5bb639f6db
Merge pull request #4126 from dgarske/certs_test_expired
...
Fixes for expired test certs
2021-06-16 11:25:54 +10:00
Sean Parkinson
d849606bba
Merge pull request #4109 from guidovranken/Base64_SkipNewline-fixes
...
Additional length check improvements in Base64_SkipNewline
2021-06-16 08:52:32 +10:00
Sean Parkinson
b73673a218
Merge pull request #3794 from TakayukiMatsuo/os_keyprint
...
Add wolfSSL_EVP_PKEY_print_public
2021-06-16 08:43:41 +10:00
David Garske
1374ab7da5
Merge pull request #4123 from SparkiDev/sp_int_neg_cmp
...
SP math all: sp_cmp handling of negative values
2021-06-15 15:33:29 -07:00
David Garske
6d95188f4b
Fixes for expired test certs. Generated using cd certs/test && ./gen-testcerts.sh.
2021-06-15 15:07:34 -07:00
Eric Blankenhorn
8900d05167
Fix nonblocking ret value from crlIOCb
2021-06-15 15:31:29 -05:00
David Garske
2f39e6c217
Merge pull request #4122 from kaleb-himes/BUGREPORT_M_W_GCOV
...
Address bug that fails to ignore select files generated by gcov. Thanks to M.W. for the report
2021-06-15 11:07:30 -07:00
David Garske
a9515b80eb
Merge pull request #4108 from elms/fix/scripts/paths_w_spaces
...
tests: fix test scripts for paths with spaces
2021-06-15 08:18:08 -07:00
TakayukiMatsuo
c6680d08ba
Fix coding issues
2021-06-15 11:16:38 +09:00
Sean Parkinson
cce96f5fe6
Merge pull request #4114 from dgarske/secrene_extmst
...
Check for insecure build combination of secure renegotiation and no extended master secret
2021-06-15 10:52:25 +10:00
Sean Parkinson
12c358bc30
Merge pull request #3979 from dgarske/tls13_async
...
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
2021-06-15 10:02:19 +10:00
Sean Parkinson
b9715432f8
SP math all: sp_cmp handling of negative values
2021-06-15 09:44:06 +10:00
Sean Parkinson
07784e9f56
Merge pull request #4066 from dgarske/stm_pka
...
Fixes for STM32 PKA with ECC
2021-06-15 08:33:50 +10:00
David Garske
77df7d8630
Merge pull request #3968 from elms/pedantic_cleanup
...
Fixes for some `-pedantic` errors
2021-06-14 13:46:39 -07:00
David Garske
831e1713f1
Merge pull request #4076 from TakayukiMatsuo/st_timeout
...
Add session ticket timeout check in DoSessionTicket
2021-06-14 13:44:32 -07:00
David Garske
fd6b30ef32
Merge pull request #4111 from elms/silabs/fix_ecc_shared_secret_outlen
...
silabs: fix `wc_ecc_shared_secret` to only return x coordinate
2021-06-14 13:44:00 -07:00
kaleb-himes
eea9866967
Address bug that fails to ignore select files generated by gcov. Thanks to M.W. for the report
2021-06-14 14:40:11 -06:00
Chris Conlon
7ad4a3dffd
Merge pull request #4086 from miyazakh/psk_length_zero
...
treats a return of zero from callback as no psk available
2021-06-14 13:54:00 -06:00
Chris Conlon
a8d185cb9e
Merge pull request #4117 from TakayukiMatsuo/tk12403
...
Add null-parameters-test cases for SHA(), SHA224(), MD5() and MD5_xxx().
2021-06-14 13:52:01 -06:00
Chris Conlon
9d569dfeb7
Merge pull request #4116 from miyazakh/tcp_accept
...
fix api unit test compile failure
2021-06-14 13:49:00 -06:00
Elms
9ae021d2cb
tests: server example doesn't like empty string params
...
But it's ok with them at the end
2021-06-14 12:01:09 -07:00
David Garske
a110f249bd
Merge pull request #4118 from JacobBarthelmeh/ECC
...
add error return with alloc curve macro
2021-06-14 10:46:42 -07:00
David Garske
2ffc0a8392
Remove casts that are not needed.
2021-06-14 08:47:40 -07:00
David Garske
4d4b3c9e8a
Fixes for return codes on STM PKA code. Fix for const warnings.
2021-06-14 08:47:40 -07:00
David Garske
98ab62ea74
Fix for STM32 PKA ECC point mapping, which is handled in hardware.
2021-06-14 08:47:38 -07:00
David Garske
7b6005d467
Remove unused STM32 cofactor.
2021-06-14 08:46:20 -07:00
David Garske
b0782cb8f8
Fix for improperly initialized PKA_ECDSASignOutTypeDef on STM32 PKA sign.
2021-06-14 08:46:20 -07:00
David Garske
839231c508
Fixes for STM32 PKA compiler warnings.
2021-06-14 08:46:20 -07:00
Jacob Barthelmeh
70063213a5
additional comments, code readability, and error check
2021-06-14 21:40:51 +07:00
Juliusz Sosinowicz
1ee0c3a7fd
Refactor dtls_expected_peer_handshake_number handling
...
Moving the `dtls_expected_peer_handshake_number` value along has been moved to one location. It has also been changed to not keep state before a cookie exchange has been completed.
2021-06-14 15:51:04 +02:00
Jacob Barthelmeh
bba1c8b433
add error return with alloc curve macro
2021-06-14 20:33:20 +07:00
JacobBarthelmeh
64298a2c4a
Merge pull request #4094 from guidovranken/DecodePolicyOID-XSNPRINTF
...
Improve checking of XSNPRINTF return value in DecodePolicyOID
2021-06-14 19:58:09 +07:00
Elms
ed4cf6e91c
silabs: fix wc_ecc_shared_secret to only return x coordinate
...
secure element computes and returns the full coordinate. The wolfSSL
API should only return the x component.
2021-06-13 21:46:23 -07:00
TakayukiMatsuo
ebec2fbd25
Fixed uninitialized parameter for Base16_Encode
2021-06-14 13:45:12 +09:00
Elms
21db484f50
tests: fix test scripts for paths with spaces
2021-06-13 21:37:07 -07:00
Guido Vranken
f163a4e18f
Return BUFFER_E from DecodePolicyOID if XSNPRINTF indicates insufficient buffer space
2021-06-14 03:55:13 +02:00
Guido Vranken
220bfe9926
Fix Base64_SkipNewline such that tests pass
2021-06-14 03:42:41 +02:00
Sean Parkinson
3180ec96a5
Merge pull request #3963 from dgarske/nxp_ltc_rsa
...
Fixes for NXP LTC ECC/RSA
2021-06-14 08:29:24 +10:00
TakayukiMatsuo
50526cfe67
Changed some logics for simplicity
2021-06-14 03:26:00 +09:00
Hideki Miyazaki
6d3b9aec80
fix api compile failure
2021-06-12 09:24:11 +09:00
David Garske
5e6b8e50c8
Fix to set groups for client benchmark test.
2021-06-11 14:12:15 -07:00
David Garske
2e4e65f518
Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
...
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
2021-06-11 14:12:12 -07:00
David Garske
7eb840d615
Merge pull request #4115 from SparkiDev/ed25519_openssl_fix
...
ED25119 and SHAKE-256: fixes
2021-06-11 10:41:51 -07:00
David Garske
5f99979597
Peer review feedback and improvements.
2021-06-11 09:10:26 -07:00
David Garske
b28aab4cf9
Merge pull request #4098 from SparkiDev/san_hw_name_fix
...
Certs: fix leak when multiple hardware names in SAN
2021-06-11 08:25:28 -07:00
David Garske
5a78574a8a
Add new scripts to include.am.
2021-06-11 08:19:23 -07:00
TakayukiMatsuo
ed5cb0a1bd
Modified along the revire comments
2021-06-11 21:08:27 +09:00
TakayukiMatsuo
779e3701e6
Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint
2021-06-11 13:56:52 +09:00
TakayukiMatsuo
1a9b59b183
Add macro guard for LowResTimer
2021-06-11 11:58:55 +09:00
Sean Parkinson
89156908da
Merge pull request #4021 from embhorn/zd12233
...
Fix heap-buffer-overflow issues in wolfSSL_SMIME_read_PKCS7
2021-06-11 12:38:52 +10:00
Sean Parkinson
36a9cd3010
Merge pull request #3911 from TakayukiMatsuo/tk11851
...
Fix SSL_read behaving differently from openSSL after bidirectional shutdown
2021-06-11 10:25:39 +10:00
Sean Parkinson
e720762b5a
Merge pull request #4010 from JacobBarthelmeh/fuzzing
...
fix for use after free issue on error cases
2021-06-11 10:21:30 +10:00
Sean Parkinson
ed14e593c7
ED25119 and SHAKE-256: fixes
...
SHAKE-256 is off by default now. Make sure WOLFSSL_SHAKE256 doesn't make
it into options.h.
Fix openssl.test usage of ed25519 certificates.
Add scripts that regenerate certificates
2021-06-11 10:13:31 +10:00
David Garske
61314f3971
Added build error for insecure build combination of secure renegotiation enabled with extended master secret disabled when session resumption is enabled.
2021-06-10 16:44:23 -07:00
John Safranek
4e881a226a
Merge pull request #4088 from julek-wolfssl/dtls-mtu-define
...
Change magic number 100 bytes to an enum define
2021-06-10 09:22:08 -07:00
David Garske
624e150c7b
Merge pull request #3827 from SparkiDev/tls13_psk_hash
...
TLS 1.3 PSK: use the hash algorithm to choose cipher suite
2021-06-10 06:59:40 -07:00
David Garske
2fc5b03d71
Merge pull request #4102 from danielinux/psoc6-sha-fixes
...
[PSOC6_CRYPTO] Do not directly include psoc6 port header to prevent loops
2021-06-10 06:57:17 -07:00
Sean Parkinson
3ecb8d5a3e
Merge pull request #4062 from dgarske/dh_key
...
DH Key and Params Export cleanups and Apache httpd fixes
2021-06-10 20:54:32 +10:00
TakayukiMatsuo
4d3f2f92fd
Add test cases for SHA(), SHA224(), MD5() and MD5_xxx() to test with null parameters.
2021-06-10 16:40:51 +09:00
Sean Parkinson
56c317e1ab
Merge pull request #4052 from elms/gcc11_fixes
...
fixes for gcc 11 compile and other whitespace
2021-06-10 15:51:04 +10:00
Sean Parkinson
7e0c372e4c
TLS 1.3 PSK: use the hash algorithm to choose cipher suite
...
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH
Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
2021-06-10 09:55:27 +10:00
David Garske
c6c7dfd5db
Merge pull request #4053 from SparkiDev/cppcheck_fixes_6
...
cppcheck: fixes from reviewing report
2021-06-09 12:51:30 -07:00
David Garske
a6edff7bd5
Merge pull request #4017 from SparkiDev/not_ecc_pk_cb
...
ECC: Disable ECC but have Curve25519/448 and PK callbacks fix
2021-06-09 12:38:37 -07:00
David Garske
c6fc709502
Merge pull request #4072 from SparkiDev/ecc_sp_c_mod_sub_fix
...
SP C ECC: mont sub - always normalize after sub before check for add
2021-06-09 12:36:46 -07:00
Guido Vranken
fb366f063e
Additional length check improvements in Base64_SkipNewline
2021-06-09 19:16:07 +02:00
Eric Blankenhorn
a68542e6f4
Fix heap-buffer-overflow issues in wolfSSL_SMIME_read_PKCS7
2021-06-09 08:32:52 -05:00
Elms
5a54bb656b
make macros for pragma to compile with gcc11
2021-06-08 19:20:20 -07:00
Sean Parkinson
d8cd7cbee1
Merge pull request #4024 from kabuobeid/zd12245
...
PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.
2021-06-09 10:06:02 +10:00
Sean Parkinson
c6646ae9c8
Merge pull request #4044 from julek-wolfssl/ZD12270
...
Check for XREAD when XFREAD fails
2021-06-09 09:48:25 +10:00
Sean Parkinson
50dca86dcf
Merge pull request #3878 from JacobBarthelmeh/ECC
...
add deterministic k generation for ECC sign
2021-06-09 09:47:19 +10:00
Sean Parkinson
8fa4dedf97
Merge pull request #4096 from vaintroub/master
...
MSVC, ARM64 - correct 64bit detection
2021-06-09 09:40:47 +10:00
Sean Parkinson
32c215775a
Merge pull request #4093 from guidovranken/DecodeResponseData-allocation-check
...
ASN: Catch allocation failure in DecodeResponseData
2021-06-09 09:38:53 +10:00
Sean Parkinson
9580574382
Merge pull request #3999 from dgarske/user_io
...
Fixes for building with `WOLFSSL_USER_IO`
2021-06-09 08:55:36 +10:00
Sean Parkinson
70d2c838bb
Merge pull request #4080 from kaleb-himes/SHAKE_DEFAULT_FIX
...
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-09 08:52:05 +10:00
David Garske
ae4af3c681
Merge pull request #4071 from SparkiDev/fp_ecc_long_order
...
ECC FP: cached doesn't work when order has more bits than prime
2021-06-08 12:17:04 -07:00
David Garske
4a85127507
Improve wc_DhKeyToDer for public key size calculation. Fixes bug with the output too (was missing 1 byte in length for the unused bits byte in bit string).
2021-06-08 09:55:56 -07:00
David Garske
9b215c5138
Fixes for DH Pub key import/export and new test case. Improve wc_DhParamsToDer.
2021-06-08 09:27:30 -07:00
David Garske
6db0b42c7f
* Refactor of DH key and param exports code (moved into asn.c) enabled with WOLFSSL_DH_EXTRA.
...
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
2021-06-08 09:27:26 -07:00
David Garske
54d13f63c1
Merge pull request #4067 from haydenroche5/pkcs8
...
Add an API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key.
2021-06-08 09:21:53 -07:00
Jacob Barthelmeh
34d8073fbd
remove dead code
2021-06-08 22:45:28 +07:00
David Garske
de70681229
Improve code comments to explain FP_ECC limitation for SECP160R1, SECP160R2, SECP160K1 and SECP224K1.
2021-06-08 08:41:36 -07:00
David Garske
61eae79f71
Merge pull request #4074 from SparkiDev/ecdsa_dbl_table_point
...
ECDSA FP ECC: fix corner case
2021-06-08 08:35:17 -07:00
David Garske
5586bc349c
Merge pull request #4056 from SparkiDev/mp_int_rem_apis
...
MP Integer: remove unsupported API prototypes
2021-06-08 08:08:04 -07:00
David Garske
50e8509a36
Merge pull request #4037 from SparkiDev/prime_test_err_check
...
TFM prime checking: check for more errors
2021-06-08 08:06:37 -07:00
David Garske
9497c74283
Merge pull request #4081 from strongX509/master
...
SHA3-based RSA signatures require SHA-3 hash OIDs
2021-06-08 07:46:18 -07:00
TakayukiMatsuo
0186d19aba
Fix some coding style issues.
2021-06-08 16:25:28 +09:00
Daniele Lacamera
6d1981abd1
Do not directly include psoc6 port header to prevent loops
2021-06-08 08:24:43 +02:00
Sean Parkinson
88322b82a5
Merge pull request #3871 from julek-wolfssl/openvpn-master
...
OpenVPN additions and fixes
2021-06-08 13:54:14 +10:00
Sean Parkinson
194b494741
Merge pull request #4034 from embhorn/zd12261
...
Fix declarations for EVP_VerifyFinal and RSA_private_encrypt
2021-06-08 12:15:30 +10:00
Sean Parkinson
b3352648dd
Merge pull request #4097 from guidovranken/blake2-init-key-fixes
...
Check return value in BLAKE2 key init functions
2021-06-08 11:54:29 +10:00
Sean Parkinson
8ee1dda2f9
Merge pull request #4001 from dgarske/time_long
...
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
2021-06-08 11:17:55 +10:00
Sean Parkinson
23d733f837
Merge pull request #4063 from guidovranken/zd12328
...
Fix length calculations in Base64_SkipNewline
2021-06-08 10:55:15 +10:00
Elms
c726cddf1b
session_ticket: Add separate member to track compatCb
...
This resolves an error:
`ISO C forbids conversion of object pointer to function pointer type`
Instead of casting the function pointer, the extra
member contains the function pointer.
2021-06-07 15:42:38 -07:00
Elms
5c01613acb
Add GCC extension to bypass select -pedantic warnings
...
Add wrapper macro for `__extension__` to suppress pedantic warnings
2021-06-07 15:38:15 -07:00
Jacob Barthelmeh
9fadc21e0f
add version print out
2021-06-08 04:18:22 +07:00
David Garske
3e307aa626
Merge pull request #4091 from JacobBarthelmeh/Testing
...
add strict check on signature length
2021-06-07 11:02:02 -07:00
Guido Vranken
4e318ade36
In wc_PBKDF1_ex, break out of outer loop on error
2021-06-07 16:21:02 +02:00
Jacob Barthelmeh
f97ca1c1ca
adjust test case and add useful comments
2021-06-07 19:44:05 +07:00
Sean Parkinson
e76ae2b8ac
Certs: fix leak when multiple hardware names in SAN
...
Can only be one hardware name in SAN as this indicates the certificate
is for verifying signatures created by hardware module.
2021-06-07 12:02:23 +10:00
Guido Vranken
96b7b193d7
Check return value in BLAKE2 key init functions
...
If built with smallstack, allocations in `blake2s_update` and `blake2b_update` may fail,
so the error must be propagated.
2021-06-07 03:34:44 +02:00
Guido Vranken
bd7b57783d
Remove excess space characters
2021-06-07 03:20:16 +02:00
Sean Parkinson
898b9d5e24
Merge pull request #4084 from dgarske/sp_math_keygen
...
Fix for building SP small math only (no DH) with key generation
2021-06-07 10:48:01 +10:00
Vladislav Vaintroub
29968716ea
MSVC, ARM64 - correct 64bit detection
...
Fixes https://github.com/wolfSSL/wolfssl/issues/4095
2021-06-06 23:30:27 +02:00
Guido Vranken
1af3f482cb
Catch allocation failure in ASNToHexString
2021-06-06 19:52:15 +02:00
Hideki Miyazaki
1606746d2d
a return of zero from callback as no psk available
2021-06-06 11:53:02 +09:00
Guido Vranken
8cb576009d
Improve bounds check in EncodePolicyOID
2021-06-06 04:07:02 +02:00
Guido Vranken
a1257429bd
Improve checking of XSNPRINTF return value in DecodePolicyOID
2021-06-06 03:54:15 +02:00
Guido Vranken
76e0a8666b
Catch allocation failure in DecodeResponseData
2021-06-06 03:12:53 +02:00
David Garske
5d33161032
Fixes for RSA keygen with SP (no DH). Thanks Sean.
2021-06-04 13:32:59 -07:00
Jacob Barthelmeh
c245c4a812
add strict check on signature length
2021-06-05 03:09:33 +07:00
Jacob Barthelmeh
9ef43c5aff
add dynamic setup of entropy delay on init
2021-06-05 00:41:10 +07:00
David Garske
d7117cd8bb
Merge pull request #4089 from danielinux/psoc6-sha-fixes
...
psoc6_Crypto port: fixes to sha256/sha512 objects
2021-06-04 09:16:42 -07:00
Daniele Lacamera
a5a4925370
Fixed sha256 and sha512 interface for psoc6 crypto module
2021-06-04 13:22:17 +02:00
Juliusz Sosinowicz
588a424d8d
Change magic number 100 bytes to an enum define
2021-06-04 11:27:57 +02:00
Chris Conlon
961773b384
Merge pull request #4079 from lealem47/PKCS12UnitTest
...
Pkcs12 unit test
2021-06-03 16:07:54 -06:00
David Garske
21060afb80
Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error.
2021-06-03 10:56:54 -07:00
Jacob Barthelmeh
66c7acb076
add use of heap hint for malloc
2021-06-03 23:38:30 +07:00
TakayukiMatsuo
195ca2b3f0
Add corner test cases for EVP_EncodeFinal and EVP_DecodeFinal
2021-06-03 20:02:48 +09:00
David Garske
eb63ab19e2
Fix for mp_mulmod with NXP LTC.
2021-06-01 16:33:58 -07:00
Chris Conlon
6cfb982740
Merge pull request #3981 from miyazakh/qt_oslext_cnf
...
Added compatibility layer API
2021-06-01 15:25:37 -06:00
Lealem Amedie
72fc7e62b8
Fixed spacing
2021-06-01 14:47:51 -06:00
Andreas Steffen
0caf3ba456
SHA3-based RSA signatures require SHA-3 hash OIDs
...
The SHA-3 ASN.1 OIDs are defined by NIST under the
nistalgorithm/hashAlgs node.
2021-06-01 22:02:23 +02:00
Kaleb Himes
a27cdc538a
Fix typo
2021-06-01 13:30:32 -06:00
Kaleb Himes
3a9c6ea924
fix FIPS v2 check ($ENABLED_FIPS not set for v2)
2021-06-01 13:29:39 -06:00
kaleb-himes
94831eadf1
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-01 11:38:17 -06:00
Lealem Amedie
03a5395b53
Fixed casting issue
2021-06-01 09:46:30 -06:00
TakayukiMatsuo
69cf5ef266
Chage to use WOLFSSL_SESSION.bornON instead of WOLFSSL_SESSION.timestamp to hold the ticket creation time.
2021-06-01 15:30:07 +09:00
TakayukiMatsuo
5f7477980c
Add session ticket timeout check in DoSessionTicket
2021-06-01 00:09:50 +09:00
Lealem Amedie
2db233d10e
Added wolfssl_PKCS12_verify_mac testing in test_wolfSSL_PKCS12() function in api.c
2021-05-28 16:33:46 -06:00
Chris Conlon
15931fa199
Merge pull request #4060 from kojo1/encrypt_len
...
FP_MAX_BITS for ENCRYPT_LEN
2021-05-28 15:55:58 -06:00
Jacob Barthelmeh
ab07c55609
check on hmac free and add else if case for check if key is 0's
2021-05-28 16:27:54 +07:00
Sean Parkinson
9fff404313
Merge pull request #4073 from TakayukiMatsuo/tk12138
...
Add calling wc_FreeMutex for globalRNGMutex
2021-05-28 16:11:00 +10:00
Sean Parkinson
c69665b999
ECDSA FP ECC: fix corner case
...
When the same table is used for both base point and public point (which
is not a valid thing to do) then a corner case occurs when the table
point can be added to the same point. This has to be a double operation
instead.
The table point isn't able to be doubled as it has a z-ordinate of 0 and
the original point is overwritten with the invalid add result.
Fix this case by:
- copying the table point into the result,
- setting z-ordinate to Montgomery form of 1,
- double the result point in place.
2021-05-28 13:06:20 +10:00
TakayukiMatsuo
54dba6a2f2
Add calling wc_FreeMutex for globalRNGMutex
2021-05-28 11:19:40 +09:00
Elms
3deb635155
skip memory callback tests with STATIC_MEMORY and LINUXKM
2021-05-27 14:46:45 -07:00
Elms
7a98c517e4
Fixes for some -pedantic errors
...
Some of the API with callbacks may not be compatible with pedantic
2021-05-27 14:46:45 -07:00
Jacob Barthelmeh
252971aad7
better comments on RFC steps and fixes for combining code blocks, fix for check on sign_k value
2021-05-27 17:27:15 +07:00
Sean Parkinson
4e88521a90
SP C ECC: mont sub - always normalize after sub before check for add
2021-05-27 11:08:05 +10:00
Sean Parkinson
6bf9a887e1
ECC FP: cached doesn't work when order has more bits than prime
...
Small curves that are not commonly used do not work with scalars that
are the length of the order when the order is longer than the prime.
The table is generated based on modulus length not order length.
Simple fix is to not allow these curves to be used with FP_ECC.
Order isn't passed into the pseudo-public APIs.
2021-05-27 09:53:03 +10:00
John Safranek
1fe445368c
Merge pull request #4069 from guidovranken/zd12349
...
Several ASN decoder fixes
2021-05-26 16:13:54 -07:00
TakayukiMatsuo
d1e3be1f43
Replace return code from literal to value
2021-05-27 06:20:34 +09:00
Guido Vranken
1fbc3dc2d4
Heap-allocate additional CertStatus structs in DecodeResponseData
2021-05-26 21:41:47 +02:00
Guido Vranken
cfef249041
Several ASN decoder fixes
...
See ZD 12349
2021-05-26 20:15:32 +02:00
Hayden Roche
88370285cc
Add an API function wc_DecryptPKCS8Key to handle decrypting a DER, PKCS#8
...
encrypted key.
2021-05-26 10:48:14 -07:00
Hayden Roche
5e4e73d6e9
Add an API function wc_EncryptPKCS8Key to handle encrypting a DER,
...
PKCS#8-formatted key.
There's already a function wc_CreatePKCS8Key, but this only creates the
unencrypted PKCS#8 key. TraditionalEnc exists, which takes a non-PKCS#8 key,
converts it to PKCS#8 format, and encrypts it, but this function isn't in the
public-facing API. I've modified TraditionalEnc to use wc_EncryptPKCS8Key after
wc_CreatePKCS8Key. wc_EncryptPKCS8Key is essentially the encryption portion of
TraditionalEnc moved out into its own function. wc_EncryptPKCS8Key will be in
the API going forward so that users can do PKCS#8 encryption without relying on
the non-API TraditionalEnc. Next, I'll be adding a corresponding
wc_DecryptPKCS8Key to handle decryption.
2021-05-26 10:48:11 -07:00
David Garske
8bf2cbf55e
Fix for NXP LTC to not modify incoming math variables (use temp). Added build option for testing/validation of the LTC math operation.
2021-05-26 10:30:47 -07:00
David Garske
0d3530b45d
Cleanup NXP LTC logic.
2021-05-25 16:49:58 -07:00
David Garske
c59349c7a7
Fix for ecc_map, which is handled in hardware. Fix for NXP LTC mp_mul N value. Fix for MMCAU cast warnings.
2021-05-25 15:58:22 -07:00
David Garske
63ac9decfc
Added error response checking for NXP LTC LTC_PKHA_ModMul. Isolated the result C to it's own variable.
2021-05-25 15:58:22 -07:00
David Garske
9453f83d28
Fix bad logic flow in WC_NO_RNG case.
2021-05-25 15:58:22 -07:00
David Garske
64ae0a827c
Fixes for RSA with NXP LTC. The invmod function must reduce if A > B. Added RSA Key Generation acceleration.
2021-05-25 15:58:22 -07:00
David Garske
41af3da0e3
Merge pull request #4057 from SparkiDev/no_tls12_pkcb
...
TLS: fix build with no TLSv12 but PK callbacks
2021-05-25 15:26:40 -07:00
Guido Vranken
360d6c8a4f
Additional fix for Base64_SkipNewline
2021-05-26 00:25:27 +02:00
David Garske
3cc69ee6a0
Merge pull request #4064 from SparkiDev/evp_aes_gcm_stream_leak
...
EVP AES-GCM Streaming: must free Aes
2021-05-25 15:11:03 -07:00
Hideki Miyazaki
1c0fd3f1c0
addressed review comments part3
2021-05-26 06:17:33 +09:00
Hideki Miyazaki
e2284d59bf
addressed review comments part2
2021-05-26 06:07:48 +09:00
Hideki Miyazaki
ae502c7a09
addressed review comments part1
2021-05-26 06:07:48 +09:00
Hideki Miyazaki
af67965f65
addressed jenkins failures part1
2021-05-26 06:07:48 +09:00
Hideki Miyazaki
33e91c577f
added unit test cases for cmdline
2021-05-26 06:07:47 +09:00
Hideki Miyazaki
394c0b5cdc
implemented CONF_cmd
2021-05-26 06:07:47 +09:00
Elms
7127dbeeec
fixes for gcc 11 compile and other whitespace
2021-05-25 12:34:04 -07:00
Sean Parkinson
e1bc0c4447
EVP AES-GCM Streaming: must free Aes
...
AES streaming implementation allocates data in Aes objects, when small
stack, that needs to be freed.
Fix memory leaks in streaming test case too.
2021-05-25 15:57:09 +10:00
Guido Vranken
b7663a51b4
Fix length calculations in Base64_SkipNewline
...
ZD 12328
2021-05-25 03:52:16 +02:00
Chris Conlon
956a0f2b5f
Merge pull request #3931 from julek-wolfssl/dsa-engine
...
Add more DSA parameters support
2021-05-24 14:57:02 -06:00
Chris Conlon
399ce70aba
Merge pull request #4055 from JacobBarthelmeh/PKCS7
...
set content type parsed
2021-05-24 13:21:19 -06:00
Chris Conlon
d03ce69009
Merge pull request #4050 from julek-wolfssl/devkitpro
...
Add support for running `wolfcrypt/test/testwolfcrypt` on Dolphin emulator
2021-05-24 13:20:42 -06:00
Takashi Kojo
159fe1541a
FP_MAX_BITS for ENCRYPT_LEN
2021-05-24 07:12:07 +09:00
Sean Parkinson
6747055d46
TLS: fix build with no TLSv12 but PK callbacks
...
./configure '--disable-tlsv12' '-enable-pkcallbacks'
Disable non-TLS13 cipher suite test as well.
2021-05-21 10:59:23 +10:00
Sean Parkinson
573c0fcba7
MP Integer: remove unsupported API prototypes
...
mp_read_signed_bin, mp_signed_bin_size, mp_to_signed_bin - not
implemented anywhere. (Removed fp versions that were commented out too.)
mp_read_raw, mp_raw_size, mp_toraw - map to unimplemented mp_*_signed_*
APIs.
2021-05-21 08:22:04 +10:00
Juliusz Sosinowicz
ceadb62d5b
Add support for running wolfcrypt/test/testwolfcrypt on Dolphin emulator
2021-05-20 21:07:50 +02:00
Jacob Barthelmeh
f4959cca8d
set content type parsed
2021-05-21 01:42:10 +07:00
Sean Parkinson
2c6285ccba
cppcheck: fixes from reviewing report
2021-05-20 17:55:06 +10:00
Chris Conlon
0e23d40250
Merge pull request #4038 from TakayukiMatsuo/tk12254
...
Add test cases for wc_ShaxxxUpdate funcs
2021-05-18 15:38:02 -06:00
Eric Blankenhorn
b87af6ae89
Merge pull request #4046 from SparkiDev/coverity_1
...
TFM: get returned error to act on
2021-05-18 14:26:04 -05:00
Daniel Pouzzner
687736fd56
Merge pull request #4047 from elms/automake_branch_switch
...
make: fix timing error when switching between revisions
2021-05-18 13:50:46 -05:00
David Garske
9661677d4d
Merge pull request #4041 from SparkiDev/tls13_psk_early_test_fix
...
TLS 1.3 PSK EarlyData testing
2021-05-18 10:00:03 -07:00
Elms
82981e9305
make: fix timing error when switching between revisions
...
On switching over revision that added server target specific CFLAGS,
could receive: `error: #warning "For timing resistance / side-channel
attack prevention consider using harden options"`
2021-05-18 09:43:29 -07:00
Sean Parkinson
ed5b134161
TLS 1.3 PSK EarlyData testing
...
Fix test to expect 3 or 5 lines with "Early Data" (release or debug
build).
2021-05-18 15:25:12 +10:00
Sean Parkinson
c1490bb91a
TFM: get returned error to act on
2021-05-18 14:30:26 +10:00
Sean Parkinson
ed3a0ae694
TFM prime checking: check for more errors
...
Small stack can produce errors that were being ignored.
Checks for valid size in fp_exptmod was being ignored.
2021-05-18 08:51:55 +10:00
David Garske
d8312a2e61
Merge pull request #4040 from JacobBarthelmeh/CAAM
...
add caam header files to make install
2021-05-17 12:22:41 -07:00
David Garske
4a1907ae88
Merge pull request #3976 from rliebscher/Use_Renesas_RX_intrinsics_with_CC-RX_compiler
...
Renesas RX: Use intrinsics for rot[rl], revl
2021-05-17 11:05:01 -07:00
David Garske
379312d23e
Merge pull request #4042 from danielinux/dcp_explicit_casts
2021-05-17 08:05:39 -07:00
Juliusz Sosinowicz
58e7d5388a
Check for XREAD when XFREAD fails
...
On Windows we would always fail with `NOT_COMPILED_IN` when reading a file BIO.
2021-05-17 16:57:53 +02:00
Daniele Lacamera
b09df89200
NXP DCP: add explicit casts
2021-05-17 10:35:00 +02:00
Jacob Barthelmeh
efa478c121
add caam header files to make install
2021-05-15 15:42:50 +07:00
David Garske
e18880f7dc
Merge pull request #4036 from SparkiDev/sp_asm_x86_64_ifdef
...
SP ASM: x86_64 asm files - protect with WOLFSSL_SP_X86_64_ASM
2021-05-14 10:35:59 -07:00
TakayukiMatsuo
8c71fb4113
Add test cases for wc_ShaxxxUpdate funcs
2021-05-14 09:46:21 +09:00
Sean Parkinson
740f200156
SP ASM: x86_64 asm files - protect with WOLFSSL_SP_X86_64_ASM
2021-05-14 09:22:41 +10:00
David Garske
19526f050e
Merge pull request #4035 from JacobBarthelmeh/CAAM
...
add macro guard on debug print
2021-05-13 12:46:11 -07:00
Jacob Barthelmeh
82a2797b56
add macro guard on debug print
2021-05-13 23:58:51 +07:00
David Garske
263105abec
Merge pull request #4033 from JacobBarthelmeh/CAAM
...
set partition number on key import and use ocb address for free'ing d…
2021-05-13 09:39:36 -07:00
David Garske
44a9346305
Merge pull request #4025 from danielinux/hdrbg_double_include_sha256
...
Fix double include of sha256.h causing a build error
2021-05-13 09:15:51 -07:00
Eric Blankenhorn
9eebaaf352
Fix declarations for EVP_VerifyFinal and RSA_private_encrypt
2021-05-13 10:48:49 -05:00
Juliusz Sosinowicz
5865dc08dd
Code review changes
2021-05-13 15:21:33 +02:00
Jacob Barthelmeh
311c929fe2
set partition number on key import and use ocb address for free'ing dangling partitions on close
2021-05-13 17:34:30 +07:00
Daniele Lacamera
420a48a5aa
Removed unnecessary headers
2021-05-13 07:40:22 +02:00
Daniele Lacamera
563c7391ed
DCP: moved guards so code is not included when building *.c
2021-05-13 07:29:33 +02:00
Daniele Lacamera
6ea5254bb9
DCP refactor: do not override wc_Sha types
2021-05-12 17:11:09 +02:00
David Garske
0a8996f467
Merge pull request #4028 from danielinux/freescale_rng
...
Allow use of FREESCALE hw RNG without a specific port
2021-05-12 06:41:01 -07:00
Daniele Lacamera
1dfde34852
Allow use of FREESCALE hw RNG without a specific port
2021-05-12 10:10:42 +02:00
Daniele Lacamera
f3c07e5f3f
include sha256.h when required by smallstackcache
2021-05-12 09:42:41 +02:00
Daniele Lacamera
8c008b81ac
random.h: removed include of sha256.h with HASHDBRG
2021-05-12 07:46:22 +02:00
Sean Parkinson
8a17e6c10e
Merge pull request #4019 from dgarske/zd11435
...
ECC, SP math all: Add `wc_ecc_gen_k` arg checking. Fix SP math debug support (mp_dump)
2021-05-12 08:21:56 +10:00
Chris Conlon
c75830e2e8
Merge pull request #4011 from miyazakh/set_verify_depth2
...
fix out of bound access when peer's chain is greater than verifyDepth + 1
2021-05-11 15:38:39 -06:00
Kareem Abuobeid
cba029a436
PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.
2021-05-11 14:35:41 -07:00
Chris Conlon
ae0591b1db
Merge pull request #4016 from miyazakh/qt_sanity_check
...
add sanity check
2021-05-11 15:06:54 -06:00
David Garske
64330d468e
Merge pull request #4023 from danielinux/dcp_rt1060_fixes_aes
...
DCP port: Fixed AES, aligned key for the HW module
2021-05-11 09:55:50 -07:00
David Garske
92a524820b
Merge pull request #4018 from SparkiDev/jenkins-nightly-1
...
Fixes from nightly builds
2021-05-11 09:11:42 -07:00
David Garske
fce9870a64
Merge pull request #4020 from ejohnstown/options-export
...
New Option Export/Import
2021-05-11 09:10:17 -07:00
Daniele Lacamera
d9cc013fd2
DCP port: Fixed AES, aligned key for the HW module
2021-05-11 08:27:03 +02:00
John Safranek
d74b74d156
Also adjust for v3 of export, and update the API test case.
2021-05-10 18:06:31 -07:00
David Garske
7e69277680
Improve SP mp_dump to use macro.
2021-05-10 16:27:06 -07:00
Sean Parkinson
bab0d9bd4a
Merge pull request #4022 from dgarske/test_fix
...
Test AES CBC: Fix for the unmodified check for AesCbc test
2021-05-11 08:38:04 +10:00
David Garske
db7888ceaa
Fix for the unmodified check for AesCbc test.
2021-05-10 10:04:50 -07:00
John Safranek
a608b083b4
Take into account a new flag in the DTLS state export and import.
2021-05-10 09:33:38 -07:00
David Garske
8c91a0c6b0
Support for mp_dump with SP Math ALL.
2021-05-10 09:26:33 -07:00
David Garske
f5509780c6
Add argument checking to wc_ecc_gen_k . Cleanup return codes for wc_ecc_mulmod_ex2.
2021-05-10 09:26:33 -07:00
David Garske
ead656c4db
Fixes for NO_BIO related to ZD11886. Replaces PR #3888 .
2021-05-10 09:19:08 -07:00
Juliusz Sosinowicz
ddbd26305f
OpenVPN additions and fixes
...
- `SSL_CTX_set_min_proto_version` now allows setting not compiled in protocols but checks that the constraints leave any compiled in protocol available
- wolfSSL_HmacCopy return already returns `WOLFSSL_SUCCESS` or `WOLFSSL_FAILURE`
2021-05-10 12:00:18 +02:00
Sean Parkinson
0c1af66843
Fixes from nightly builds
...
output not read.
g++ realloc cast.
curve25519 - no fix, only format changes
2021-05-10 11:59:52 +10:00
Sean Parkinson
8779c3a884
ECC: Disable ECC but have Curve25519/448 and PK callbacks fix
...
Fix ed25519 certificates.
Tidy up testsuite.c
2021-05-10 10:32:55 +10:00
Hideki Miyazaki
07872189eb
add sanity check
2021-05-08 13:15:50 +09:00
John Safranek
e247161b2e
Merge pull request #3992 from embhorn/zd12169
...
Allow parsing spaces in Base64_SkipNewline
2021-05-07 14:30:24 -07:00
Daniel Pouzzner
49717328dd
Merge pull request #4014 from haydenroche5/cmake
...
Add support for reproducible builds with CMake.
2021-05-07 15:54:01 -05:00
David Garske
aa3f9f8459
Merge pull request #4013 from kabuobeid/smime_fixes
...
S/MIME: Fix issue with canonSection size when adding newlines.
2021-05-07 13:12:54 -07:00
David Garske
28e2d68677
Merge pull request #4015 from embhorn/zd12221
...
Fix XMALLOC of sp_point_256 array
2021-05-07 13:11:41 -07:00
David Garske
3807304243
Fixes in additional places for incorrect point heap allocation size in SP ecc_mulmod with small stack or SP no malloc.
2021-05-07 09:43:17 -07:00
Eric Blankenhorn
0bc0e0f562
Fix XMALLOC of sp_point_256 array
2021-05-07 09:12:22 -05:00
Hayden Roche
051d1c2579
Add support for reproducible builds with CMake.
...
Unlike the autotools build, I've chosen NOT to make the build un-deterministic
if WOLFSSL_REPRODUCIBLE_BUILD is set to no (the default). Instead, I just use
whatever CMake's default is. On my system, ar and ranlib run in deterministic
mode by default, and the CMake defaults for the relevant ar and ranlib variables
are:
CMAKE_C_ARCHIVE_CREATE = <CMAKE_AR> qc <TARGET> <LINK_FLAGS> <OBJECTS>
CMAKE_C_ARCHIVE_APPEND = <CMAKE_AR> q <TARGET> <LINK_FLAGS> <OBJECTS>
CMAKE_C_ARCHIVE_FINISH = <CMAKE_RANLIB> <TARGET>
So my builds are automatically deterministic. This is normal on my system so I
wouldn't want to make them not deterministic by default, hence the decision.
I validated with md5sum on libwolfssl.a that explicitly making the build not
deterministic indeed results in different checksums across multiple runs. The
checksums are the same when flipping back to deterministic mode.
2021-05-06 23:05:33 -07:00
Kareem Abuobeid
62bb0a8527
S/MIME: Fix issue with canonSection size when adding newlines.
2021-05-06 16:35:24 -07:00
David Garske
6c131e3e8b
Fix off by 1 in rollover calculation.
2021-05-06 14:46:35 -07:00
David Garske
c88afdef87
Fixes for building with WOLFSSL_USER_IO (with no built-in socket support). Related to issue #3998 .
2021-05-06 11:07:05 -07:00
David Garske
1cd8bd3a94
Merge pull request #3993 from ejohnstown/actions
2021-05-06 08:32:37 -07:00
Hideki Miyazaki
2a39f1dc5c
fixed memory leak
2021-05-06 16:55:51 +09:00
Hideki Miyazaki
93f04543b0
fixed unit test intermittent failure
2021-05-06 15:40:24 +09:00
Hideki Miyazaki
0539b99c86
fix boundary access when peer's chain is less than verifyDepth + 1
2021-05-06 14:54:16 +09:00
Jacob Barthelmeh
2c2f389373
set pointer to null after free
2021-05-06 12:11:52 +07:00
Jacob Barthelmeh
e185a9b7ca
reset pointer on SMIME fail case
2021-05-06 11:44:46 +07:00
toddouska
4cfa6c43a5
Merge pull request #4000 from dgarske/sizeof_ctc
...
Fix for SIZEOF detection and issue with CTC_SETTINGS
2021-05-05 15:46:14 -07:00
toddouska
014bd21df0
Merge pull request #3983 from tmael/tls_down
...
TLS minimum downgrade option
2021-05-05 15:38:45 -07:00
toddouska
bc043ee358
Merge pull request #3980 from embhorn/gh3978
...
Fix Espressif win script
2021-05-05 15:37:04 -07:00
toddouska
0b16b33de4
Merge pull request #3973 from SparkiDev/pkcs11_sign
...
PKCS#11: rework RSA operations to be clearer
2021-05-05 15:35:27 -07:00
David Garske
94c0bff839
Merge pull request #3997 from tmael/minor_fixes
...
Fix test build
2021-05-04 08:51:30 -07:00
David Garske
ed188903e0
Merge pull request #4007 from haydenroche5/ocsp_bug
...
Fix test_wolfSSL_CertManagerCheckOCSPResponse.
2021-05-03 16:55:52 -07:00
Hayden Roche
822aa92fcc
Fix test_wolfSSL_CertManagerCheckOCSPResponse.
...
This test broke once we went past the nextUpdate time in the static, raw OCSP
response being used. This change makes it so that response is valid until 2048.
2021-05-03 15:26:39 -07:00
David Garske
6e0197e171
Merge pull request #4002 from kabuobeid/smime_fixes
...
S/MIME: Canonicalize multi-part messages before hashing. Improve error checking in wc_MIME_parse_headers.
2021-05-03 09:24:43 -07:00
TakayukiMatsuo
9eab854c61
Revised logic along review comments
2021-05-03 07:44:04 +09:00
Kareem Abuobeid
8071fac306
S/MIME: Add smime-test-canon.p7s to include.am
2021-04-30 15:30:55 -07:00
Kareem Abuobeid
effcecf40d
S/MIME: Add non-canonicalized test case
2021-04-30 15:07:37 -07:00
David Garske
f8ecd4b441
Fixes for building with NO_ASN_TIME. If used with TLS user must supply LowResTimer and TimeNowInMilliseconds.
2021-04-30 15:04:31 -07:00
David Garske
c9634952d5
Fix to handle time rollover in TLS v1.3 diff calculation.
2021-04-30 15:04:09 -07:00
David Garske
651860dce7
Merge pull request #3991 from kaleb-himes/OE6_MINOR_PORTING_CHANGE
...
Implement minor port change requested by customer
2021-04-30 14:37:35 -07:00
David Garske
9e48de9d42
Merge pull request #3970 from embhorn/zd12122
...
Clarify that units of size parameters are in bits
2021-04-30 14:28:50 -07:00
David Garske
fa9f1f8012
Merge pull request #3977 from embhorn/zd12136
...
Improve PSK callback doc
2021-04-30 14:26:39 -07:00
David Garske
ea2e2994af
Reversing hunk in test.c for DEOS (suspect that was in error).
2021-04-30 14:21:23 -07:00
Kareem Abuobeid
baa80284c0
S/MIME: Code review fixes
2021-04-30 14:00:59 -07:00
Chris Conlon
57e03d7e2f
Merge pull request #3961 from miyazakh/qt_oslext_pskss_cb
...
added psk session callback compatibility layer API
2021-04-30 14:26:44 -06:00
Chris Conlon
44b7dd828e
Merge pull request #3972 from TakayukiMatsuo/newindex
...
Add wolfSSL_CRYPTO_get_ex_new_index
2021-04-30 14:21:55 -06:00
Chris Conlon
3daafb47d5
Merge pull request #3982 from dgarske/atca_bool
...
Fix for ATECC on platforms where bool and int have different sizes
2021-04-30 13:59:49 -06:00
Chris Conlon
37cb24874e
Merge pull request #3994 from miyazakh/esp_rsa_hw
...
Fixed esp32 RSA hw accelerator initialization issue
2021-04-30 13:58:24 -06:00
Kareem Abuobeid
573d51966a
S/MIME: Canonicalize multi-part messages before hashing. Improve error checking in wc_MIME_parse_headers.
2021-04-30 12:50:27 -07:00
David Garske
6489d69c7c
For platforms that support limits.h or windows make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set, otherwise causes issues with CTC_SETTINGS.
2021-04-30 11:06:09 -07:00
David Garske
e97692c521
Merge pull request #3926 from vppillai/vppillai-patch-2
...
Fix ATECC608A TNGTLS certificate size issue
2021-04-30 10:58:09 -07:00
David Garske
751cb8f43f
Merge pull request #3974 from JacobBarthelmeh/sniffer
...
add fatal error return value for sniffer
2021-04-30 10:57:33 -07:00
David Garske
1388956a35
Merge pull request #3995 from SparkiDev/sha3_align
...
SHA-3: Aligned access of 64 bit value.
2021-04-30 10:54:21 -07:00
Tesfa Mael
f9a9b139ed
Fix a build err
2021-04-29 16:44:51 -07:00
Sean Parkinson
1fbe0cb408
SHA-3: Aligned access of 64 bit value.
2021-04-30 08:45:05 +10:00
Vysakh P Pillai
8ede17f337
code formating changes based on PR review.
2021-04-29 07:48:31 +05:30
Hideki Miyazaki
f4935f52b5
clear PROT_RSA_PD bit in PORT_RSA_PD_CTRL_REG to be initialization and activate RSA accelerator
2021-04-29 09:20:16 +09:00
John Safranek
3aa3fc889f
Add simple push and pull-request triggered build checks.
2021-04-28 16:52:54 -07:00
Sean Parkinson
985482a2ad
PKCS#11: rework RSA operations to be clearer
2021-04-29 08:42:53 +10:00
Eric Blankenhorn
cdede0515c
Allow parsing spaces in Base64_SkipNewline
2021-04-28 10:30:16 -05:00
kaleb-himes
0b4b0193e7
Implement minor port change requested by customer
2021-04-28 08:58:23 -06:00
TakayukiMatsuo
f652ac2a04
Removed unused macro guard.
2021-04-28 10:47:22 +09:00
TakayukiMatsuo
a56de6361d
Removed the double-defined function.
2021-04-28 10:41:49 +09:00
TakayukiMatsuo
c4782a7a1c
Fix macro guard for wolfSSL_CRYPTO_get_ex_new_index and get_ex_new_index.
2021-04-28 10:41:49 +09:00
TakayukiMatsuo
9c0ff73370
Add wolfSSL_CRYPTO_get_ex_new_index
2021-04-28 10:38:53 +09:00
Hideki Miyazaki
4063e33b02
addressed review comments p1
2021-04-28 10:08:22 +09:00
Hideki Miyazaki
9de3fab74c
fixed jenkins failures part1
2021-04-28 10:08:21 +09:00
Hideki Miyazaki
0e40293798
added psk session callback
2021-04-28 10:08:21 +09:00
David Garske
385e0bedaa
Merge pull request #3990 from haydenroche5/ocsp_bug
...
Fix CompareOcspReqResp.
2021-04-27 17:07:58 -07:00
Chris Conlon
edb0beb9b6
Merge pull request #3969 from TakayukiMatsuo/koyo
...
Add wolfSSL_DH_get0_pqg
2021-04-27 17:52:17 -06:00
Chris Conlon
6fad8c4a57
Merge pull request #3975 from TakayukiMatsuo/resumable
...
Add implementation for wolfSSL_SESSION_is_resumable.
2021-04-27 16:45:34 -06:00
Hayden Roche
73076940af
Fix CompareOcspReqResp.
...
There was a bug in this function that could cause a match to be reported even
when the OCSP request and response in fact had a mismatch.
2021-04-27 13:54:43 -07:00
Chris Conlon
1bff411191
Merge pull request #3986 from miyazakh/qt_ctx_min_max_proto
...
add MIN/MAX_PROTO into CTX_ctrl
2021-04-27 14:54:16 -06:00
Hideki Miyazaki
6d381a6c7f
do nothing when version is zero
2021-04-27 21:13:19 +09:00
Hideki Miyazaki
3b070e1bd0
add MIN/MAX_PROTO into CTX_ctrl
...
add unit test for min/max proto of CTX ctrl
2021-04-27 21:13:17 +09:00
Vysakh P Pillai
e716fcc635
do not reserve ATMEL_SLOT_ECDHE type for TNGTLS
2021-04-27 16:51:49 +05:30
Vysakh P Pillai
c34fcf908c
code cleanup based on PR review comments
2021-04-27 12:17:23 +05:30
Sean Parkinson
7e87c01a7d
Merge pull request #3987 from tmael/pss_salt
...
RSA: Fix RSA PSS padding check
2021-04-27 14:50:32 +10:00
Tesfa Mael
1637bd3e02
Fix RSA PSS padding
2021-04-26 19:21:23 -07:00
toddouska
b7b2347804
Merge pull request #3985 from elms/fix/dtls_no_asn
...
fix define gates for `AddFragHeaders` with DTLS
2021-04-26 15:13:59 -07:00
Elms
d20f7e7143
fix define gates for AddFragHeaders with DTLS
...
fixes build with `./configure --enable-dtls --disable-asn`
2021-04-24 07:23:50 -07:00
toddouska
3502bdc8df
Merge pull request #3960 from elms/msys_build_fix
...
mingw/msys: fix build error with TFM
2021-04-23 15:56:10 -07:00
Tesfa Mael
f8e9f32eb8
Add a new file
2021-04-23 15:56:09 -07:00
toddouska
54b17ba465
Merge pull request #3952 from julek-wolfssl/ZD12062
...
Using `--enable-chacha=noasm` wouldn't actually enable chacha
2021-04-23 15:55:10 -07:00
toddouska
40fe746710
Merge pull request #3942 from dgarske/get_static_ephemeral
...
Added API's for getting pointer to loaded static ephemeral key
2021-04-23 15:54:46 -07:00
toddouska
47fe114a02
Merge pull request #3901 from dgarske/bio_read
...
Fix for BIO read callback not called
2021-04-23 15:51:38 -07:00
toddouska
bbda833909
Merge pull request #3720 from elms/deos/project_files
...
DEOS: Add project files for shared library
2021-04-23 15:44:33 -07:00
toddouska
91e90f7a98
Merge pull request #3604 from haydenroche5/stunnel
...
Make changes to get latest verison of stunnel (5.57) working with wolfSSL.
2021-04-23 15:41:22 -07:00
toddouska
c3fefc6e27
Merge pull request #3889 from douzzer/network-introspection
...
--enable-wolfsentry
2021-04-23 15:38:01 -07:00
Tesfa Mael
0c16ef4b29
Check for TLS downgrade
2021-04-23 14:45:35 -07:00
David Garske
fa353b1ee0
Fix for ATECC on platforms where bool and int have different sizes. Related to issue #3971
2021-04-23 11:15:36 -07:00
elms
33f9f98569
Deos: fixup readme
2021-04-23 10:15:23 -07:00
TakayukiMatsuo
2b6f623777
Add implementation for wolfSSL_SESSION_is_resumable.
2021-04-23 11:12:20 +09:00
TakayukiMatsuo
c442841e4a
Fix some along review.
2021-04-23 10:53:22 +09:00
TakayukiMatsuo
d22ed7443b
Fix unit test.
2021-04-23 09:47:24 +09:00
TakayukiMatsuo
568c09bcde
Add guard to the unit test
2021-04-23 09:47:24 +09:00
TakayukiMatsuo
63826e227b
Add wolfSSL_DH_get0_pqg
2021-04-23 09:47:24 +09:00
Chris Conlon
878e0006ad
Merge pull request #3965 from miyazakh/qt_oslext_epk_param_ck
...
added wofSSL_EVP_PKEY_param_check for compatibility layer API
2021-04-22 15:43:47 -06:00
Chris Conlon
a83c6c68fe
Merge pull request #3940 from miyazakh/qt_v5p15p2_r3
...
Added compatibility layer API for Qt5.15.2 part2
2021-04-22 15:36:20 -06:00
Eric Blankenhorn
cb02f46fec
Fix Espressif win script
2021-04-22 16:20:34 -05:00
Eric Blankenhorn
3c0a77485e
Improve PSK callback doc
2021-04-22 10:47:46 -05:00
René Liebscher
fa98477f22
Renesas RX: Use intrinsics for rot[rl], revl
...
For byte order reverse and rotation we have builtins
in the CC-RX compiler.
Especially when rotating registers with fixed amounts
this can be compiled efficiently into opcodes with
embedded values for shift (without needing other registers).
2021-04-22 16:44:19 +02:00
Jacob Barthelmeh
14ddfa6894
add fatal error return value for sniffer
2021-04-22 14:28:10 +07:00
Daniel Pouzzner
9c7ee3fa64
examples/server/server.c: when TEST_IPV6, set the remote address to IPv6 localhost for wolfsentry_route_insert_static().
2021-04-22 00:20:12 -05:00
Daniel Pouzzner
1650e8b88a
ssl.c: add back missing line continuation backslash.
2021-04-21 17:45:08 -05:00
Daniel Pouzzner
0cf9bacf1b
WOLFSSL_WOLFSENTRY_HOOKS/HAVE_EX_DATA*: refactor wolfSSL_CRYPTO_cleanup_ex_data() to take only one arg (the WOLFSSL_CRYPTO_EX_DATA *); fix preprocessor gates on wolfSSL_set_ex_data() and wolfSSL_X509_get_ex_new_index(); fix line lengths.
2021-04-21 17:34:47 -05:00
Daniel Pouzzner
40d5aad8fe
configure.ac: improve dynamics of --enable-wolfsentry and --with-wolfsentry*, including existence-checking user-supplied paths.
2021-04-21 17:28:27 -05:00
David Garske
67277d13cd
Merge pull request #3937 from elms/intime/dir_pre_intimever6
...
INTIME: support CRL for INTIME version < 6
2021-04-21 10:42:33 -07:00
Daniel Pouzzner
0afcd4227b
ssl.c/internal.c: refactor _EX_DATA_CLEANUP_HOOKS cleanup in _free() routines to use a common wolfSSL_CRYPTO_cleanup_ex_data() routine; remove superfluous WOLFSSL_API qualifiers in ssl.c.
2021-04-21 12:20:56 -05:00
Daniel Pouzzner
89d7f4faf3
tests/api.c: add missing void arglists.
2021-04-21 03:22:10 -05:00
Daniel Pouzzner
660e64cdff
examples/server/server.c: clean up wolfsentry printfs.
2021-04-21 03:19:55 -05:00
Daniel Pouzzner
c874d9259c
configure.ac: add --with-wolfsentry option.
2021-04-21 03:19:35 -05:00
Hideki Miyazaki
23b5447050
Qt v5.15 requires greater than version 1.1.1
2021-04-21 17:01:06 +09:00
Daniel Pouzzner
cb976db02b
server.c: update for wolfSentry API changes.
2021-04-20 23:59:58 -05:00
Daniel Pouzzner
6175e11156
server.c: update wolfsentry_init() usage (hpi pointer).
2021-04-20 23:59:58 -05:00
Daniel Pouzzner
23d8df720e
remove WOLFSSL_NETWORK_INTROSPECTION code; add wolfSSL_X509_STORE_set_ex_data_with_cleanup(); refactor WOLFSSL_WOLFSENTRY_HOOKS code in server.c to use HAVE_EX_DATA/HAVE_EX_DATA_CLEANUP_HOOKS.
2021-04-20 23:59:58 -05:00
Daniel Pouzzner
4458ed37c1
fix a couple stray WOLFSSL_NETWORK_INTROSPECTION gates that needed to be WOLFSSL_WOLFSENTRY_HOOKS.
2021-04-20 23:59:58 -05:00
Daniel Pouzzner
2a05fcb59a
examples/server: fix wolfSentry integration to handle DTLS correctly.
2021-04-20 23:59:57 -05:00
Daniel Pouzzner
1cbe696716
checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry).
2021-04-20 23:59:57 -05:00
Daniel Pouzzner
734860f535
WOLFSSL_NETWORK_INTROSPECTION WIP
2021-04-20 23:59:57 -05:00
Daniel Pouzzner
ba2cc00e5d
initial implementation of WOLFSSL_NETWORK_INTROSPECTION: --enable-network-introspection, struct wolfSSL_network_connection, wolfSSL_*_endpoints*(), NetworkFilterCallback_t, wolfSSL_*set_AcceptFilter().
2021-04-20 23:59:57 -05:00
John Safranek
38ff193368
Merge pull request #3962 from julek-wolfssl/dtls-allow-future
...
Change default DTLS future packet behaviour
2021-04-20 17:32:42 -07:00
John Safranek
6e7b43056d
Merge pull request #3956 from dgarske/zd12010
...
Fix in sniffer for possible use of uninitialized variable
2021-04-20 17:29:46 -07:00
John Safranek
9d387b13d0
Merge pull request #3938 from julek-wolfssl/dtls-mtu
...
Refactor DTLS MTU logic
2021-04-20 17:18:12 -07:00
Hideki Miyazaki
d3b41a2fed
addressed review comments p1
2021-04-21 09:10:32 +09:00
Hideki Miyazaki
2f5b280d6c
fixed jenkins failure part1
2021-04-21 07:53:19 +09:00
Hideki Miyazaki
e063984d17
added EVP_PKEY_param_check
2021-04-21 07:53:18 +09:00
Hideki Miyazaki
b37f1ac0c0
addressed review comments part1
2021-04-21 07:39:13 +09:00
Hideki Miyazaki
bca3cd1d49
fix jenkins failures
2021-04-21 07:39:12 +09:00
Hideki Miyazaki
89b5b90be6
added compatibility layer API stub for Qt 5.15.2
2021-04-21 07:39:12 +09:00
Sean Parkinson
31bc2e4114
Merge pull request #3967 from embhorn/zd12116
...
PKCS#11: Add debug for failure in wc_Pkcs11_Initialize
2021-04-21 08:06:14 +10:00
Chris Conlon
b9c52729d1
Merge pull request #3959 from kaleb-himes/WINCE_settings_update
...
Update WINCE for wolfEngine and turn off MD5
2021-04-20 10:15:44 -06:00
Chris Conlon
537d33d5fa
Merge pull request #3951 from dgarske/stm32_aes_h7
...
Fix for AES GCM with STM32H7
2021-04-20 10:14:13 -06:00
Chris Conlon
f931e67cd7
Merge pull request #3946 from TakayukiMatsuo/tk11899
...
Add test cases for EVP_CIPHER_CTX_cleanup and BIO_free
2021-04-20 10:10:41 -06:00
Chris Conlon
c3aee06b23
Merge pull request #3939 from miyazakh/qt_v5p15p2_r1
...
added and modified compatibility layer APIs for Qt v5.15.2 part1
2021-04-20 10:02:27 -06:00
Chris Conlon
bd5dc0b21d
Merge pull request #3948 from miyazakh/qt_unittest_cert
...
added favourite drink pilot attribute
2021-04-20 09:50:30 -06:00
Eric Blankenhorn
1d50962889
Clarify that units of size parameters are in bits
2021-04-20 09:28:17 -05:00
Elms
9dd5768ecc
Intime: simplify and fix stat on different directory
2021-04-19 22:34:31 -07:00
Eric Blankenhorn
94eb096e42
Add debug for failure in wc_Pkcs11_Initialize
2021-04-19 17:53:21 -05:00
Daniel Pouzzner
d08a2b1761
Merge pull request #3966 from SparkiDev/arm-jenkins-2
...
ARMv8 ASM AES-CBC: Fix parameter validation
2021-04-19 17:06:48 -05:00
Sean Parkinson
d274c80789
ARMv8 ASM AES-CBC: Fix parameter validation
2021-04-19 16:47:34 +10:00
Sean Parkinson
d7b0b97352
Merge pull request #3955 from kaleb-himes/OE18-external-to-module-changes
...
non-const versions only needed when using inlined ARM assembly in the module.
2021-04-19 09:13:11 +10:00
elms
a26a19b4c8
Deos: rebase fix and add note about importing to readme
2021-04-16 16:35:30 -07:00
elms
6600a531c8
Deos: project relative include paths and ignore fips files by default
2021-04-16 15:39:24 -07:00
Elms
3e6f663a38
DEOS: update readme
2021-04-16 15:39:24 -07:00
Elms
d6a29b269d
DEOS: add files to dist
2021-04-16 15:39:24 -07:00
Elms
57f4adf438
DEOS: updated memory and add DTLS
...
Tested: DDC-I 9.2.0r94156 and OpenArbor on PPC hardware
2021-04-16 15:39:19 -07:00
Kaleb Himes
3da32e75ad
Correct commentary based on peer feedback
2021-04-16 15:12:35 -06:00
David Garske
099f88e45b
Revert the change to test.c.
2021-04-16 12:02:04 -07:00
David Garske
7cfd22304e
Fix to improve STM32 AES GCM with partial blocks. Use a local buffer for partial remainder and make sure remainder is zero'd.
2021-04-16 11:58:45 -07:00
Juliusz Sosinowicz
2bc2a911d7
Change default DTLS future packet behaviour
...
This is a better default for most users. Most users who make use of DTLS, allow messages from "too far into the future". It makes sense that DTLS may lose connection for a period of time and will lose all messages from this period. Losing connection effectively stalls the wolfSSL DTLS connection.
2021-04-16 19:27:39 +02:00
Juliusz Sosinowicz
70a3857ae8
Fragmentation for ServerKeyExchange and CeriticateVerify
...
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-16 17:30:51 +02:00
TakayukiMatsuo
9553188099
Added type cast to the parm of wolfSSL_BIO_write.
2021-04-16 11:51:58 +09:00
TakayukiMatsuo
1a4adab52e
Changed DumpElement() so that the allocated buffer is freed in the WOLFSSL_SMALL_STACK build case.
2021-04-16 10:05:48 +09:00
Sean Parkinson
5955603c51
Merge pull request #3958 from TakayukiMatsuo/tk11969
...
Changed the logic for determining the group used for KeyShare in TLSX_PopulateExtensions.
2021-04-16 09:34:54 +10:00
Hideki Miyazaki
cc0359accb
changed callback func name corresponding other cb func name convention
2021-04-16 08:20:12 +09:00
Elms
cc4116de24
mingw/msys: fix build error with TFM
...
Conditional was always true. Rule out using preprocessor.
2021-04-15 15:16:21 -07:00
David Garske
38637bb276
Merge pull request #3957 from SparkiDev/sp_div_word_fix
...
SP DIV word C: Add instead of OR
2021-04-15 12:20:56 -07:00
kaleb-himes
96256a3ec1
Update WINCE for wolfEngine and turn off MD5
2021-04-15 10:27:41 -06:00
David Garske
64c7830c93
Fix for possible use of invalid *sslFrame and calculated headerSz in partial case with WOLFSSL_SNIFFER_CHAIN_INPUT.
2021-04-15 09:01:11 -07:00
TakayukiMatsuo
2db06eb3b7
Changed the logic for determining the group used for KeyShare.
2021-04-15 19:30:02 +09:00
Sean Parkinson
bb75c4d610
SP DIV word C: Add instead of OR
2021-04-15 09:22:29 +10:00
David Garske
d34161e482
Fix in sniffer for possible use of uninitialized length when skipPartial is set. ZD 12010
2021-04-14 15:14:14 -07:00
Hideki Miyazaki
5a1d171236
fixed unit test failure
2021-04-14 21:25:50 +09:00
Hideki Miyazaki
03cfc3dc8f
addressed review comments part1
2021-04-14 11:15:23 +09:00
kaleb-himes
88aed28a3f
Refactor following peer review
2021-04-13 17:28:43 -06:00
Hideki Miyazaki
f8e7f9bf03
addressed review comment part1
2021-04-14 07:58:22 +09:00
TakayukiMatsuo
f245ba0ca1
Merge remote-tracking branch 'upstream/master' into tk11899
...
# Conflicts:
# tests/api.c
2021-04-14 06:13:46 +09:00
Chris Conlon
21faeff478
Merge pull request #3916 from JacobBarthelmeh/PKCS7
...
fix for streaming with PKCS7
2021-04-13 14:04:06 -06:00
Chris Conlon
c129f630e2
Merge pull request #3933 from miyazakh/rand_bytes_regression
...
fix retrun code regression on RAND_bytes
2021-04-13 13:55:04 -06:00
Chris Conlon
71e2f191a6
Merge pull request #3947 from dgarske/nxp_ltc
...
Fixes for NXP LTC
2021-04-13 13:49:22 -06:00
kaleb-himes
87a2cdea31
const poisoning - gcc 4.x prefers consistency in prototypes and implementations
2021-04-13 13:29:40 -06:00
Hayden Roche
4cd3f2e826
Make changes to get latest verison of stunnel (5.57) working with wolfSSL.
2021-04-13 09:18:25 -05:00
JacobBarthelmeh
295418fa3e
Merge pull request #3954 from ejohnstown/m1
...
M1 Update
2021-04-13 12:08:11 +08:00
David Garske
54e111aa85
Update copy/paste error in comment.
2021-04-12 17:02:35 -07:00
David Garske
89e4bae8d2
Fix for STM32 AES GCM decrypt to support partial (not multiple of 4) for auth tag calculation.
2021-04-12 16:57:57 -07:00
Chris Conlon
2739759072
Merge pull request #3953 from JacobBarthelmeh/build-tests
...
add option to use an engine with openssl test script
2021-04-12 13:22:52 -06:00
Juliusz Sosinowicz
c6077b6767
Refactor DTLS MTU logic
...
- wolfSSL_GetMaxRecordSize will now take additional cipher data into account
- The set MTU size is understood as the maximum size of a DTLS record. The WOLFSSL_MAX_MTU was adjusted to account for UDP/IP headers.
2021-04-12 21:01:15 +02:00
John Safranek
74df158c5c
Update the check for 64-bit on the M1 to filter out other ARM processors.
2021-04-12 11:18:52 -07:00
David Garske
021c22c038
Merge pull request #3950 from embhorn/zd11850
...
Fix build error with NO_PKCS12
2021-04-12 10:46:45 -07:00
toddouska
0f1a702f58
Merge pull request #3949 from JacobBarthelmeh/StaticAnalysisTests
...
remove dead code, variable gn will currently always be null
2021-04-12 10:26:02 -07:00
Hideki Miyazaki
501de37cad
fixed memory leak in unit test
2021-04-12 18:34:07 +09:00
Hideki Miyazaki
ad6f8e4246
added and modified compatibility layer APIs for Qt v5.15.2 part1
2021-04-12 18:34:07 +09:00
Jacob Barthelmeh
4a7434a56d
add missing ret checks
2021-04-12 16:33:14 +08:00
Jacob Barthelmeh
160faa851c
add deterministic k generation for ECC sign
2021-04-12 16:33:14 +08:00
JacobBarthelmeh
d44549fd77
only update OPENSSL_ENGINE_ID if already set
2021-04-12 01:47:01 -06:00
Sean Parkinson
7345b2418b
Merge pull request #3944 from guidovranken/zd12039
...
Account for sp_sqr failure in _sp_exptmod_nct
2021-04-12 11:03:38 +10:00
Sean Parkinson
0197e133b1
Merge pull request #3929 from hicksjacobp/tls13-cbclientcert
...
fix: call CBClientCert for TLS 1.3 certificate requests
2021-04-12 09:25:22 +10:00
JacobBarthelmeh
ee22d27cf8
add sanity check that engine can be loaded
2021-04-11 20:48:18 +07:00
JacobBarthelmeh
c34025b186
add option to use an engine with openssl test script
2021-04-11 20:06:13 +07:00
David Garske
8538869d33
Added runtime checking for LTC big integer buffer sizes.
2021-04-09 15:51:57 -07:00
David Garske
070dfad07a
Fix for NXP LTC ECC public key computation broken in PR #2859 for contstant time changes.
2021-04-09 15:51:30 -07:00
Daniel Pouzzner
04cc48b810
Merge pull request #3935 from miyazakh/x509_store_ex_data
...
add X509_STORE_get/set_ex_data
2021-04-08 21:51:03 -05:00
Chris Conlon
a4ebeac932
fix minor typo in function return comment
2021-04-08 16:37:16 -06:00
Elms
18eca4deff
INTIME: fix check returns Find{First,Next,Close} for version <6
2021-04-08 10:23:26 -07:00
Juliusz Sosinowicz
beff4daf7e
Refactor wolfSSL_BIO_BASE64_write to simplify its logic
2021-04-08 19:11:55 +02:00
TakayukiMatsuo
07022eebe7
Add a OPENSSL_EXTRA guard to call SSL_get_early_data_status
2021-04-09 01:10:45 +09:00
David Garske
f298bb9f22
Peer review feedback.
2021-04-08 08:06:45 -07:00
TakayukiMatsuo
424d97ca3d
Merge remote-tracking branch 'upstream/master' into tk11899
...
# Conflicts:
# src/ssl.c
2021-04-08 23:59:51 +09:00
TakayukiMatsuo
bc7191ca4c
Added test cases for NULL-parameter
2021-04-08 23:11:00 +09:00
Juliusz Sosinowicz
d8dd69cf44
Using --enable-chacha=noasm wouldn't actually enable chacha
2021-04-08 12:46:05 +02:00
toddouska
3b9e7942ea
Merge pull request #3908 from embhorn/zd11866
...
Sanity check size in TLSX_Parse
2021-04-07 16:34:56 -07:00
toddouska
b3177ffc17
Merge pull request #3945 from dgarske/ecc_nomalloc
...
Improve ECC with `WOLFSSL_NO_MALLOC`
2021-04-07 16:29:13 -07:00
toddouska
418e5b46d6
Merge pull request #3934 from SparkiDev/armv8-asm-sha256-fix
...
ARMv8 SHA-256: recalc data in SHA256 update
2021-04-07 16:22:27 -07:00
toddouska
86fe77d776
Merge pull request #3924 from dgarske/sp_math_all
...
Sp math all fixes
2021-04-07 16:21:58 -07:00
toddouska
de8653be35
Merge pull request #3941 from JacobBarthelmeh/Compatibility-Layer
...
add implementation of EC_KEY_set_group
2021-04-07 16:20:50 -07:00
toddouska
9e9506c260
Merge pull request #3919 from JacobBarthelmeh/StaticAnalysisTests_2
...
Static analysis tests 2
2021-04-07 16:18:37 -07:00
David Garske
acf1a9833b
Fix for AES GCM with STM32H7 to use crypto hardware in all cases except IV size != 12.
2021-04-07 15:51:50 -07:00
Eric Blankenhorn
ef69a9b458
Fix build error with NO_PKCS12
2021-04-07 15:36:35 -05:00
David Garske
4747ba9ccb
Fix for BIO base64 write valgrind issue.
2021-04-07 12:23:26 -07:00
Jacob Barthelmeh
f16136c29b
remove dead code, variable gn will currently always be null
2021-04-07 20:56:50 +07:00
Hideki Miyazaki
8e6710e030
added favourite drink pilot attribute
...
fix OCSP authority access info
2021-04-07 18:44:32 +09:00
TakayukiMatsuo
7da85c6f3f
Merge remote-tracking branch 'upstream/master' into tk11899
2021-04-07 12:01:39 +09:00
David Garske
786bbabbdc
Improve ECC with WOLFSSL_NO_MALLOC
...
Tested with `./configure --enable-cryptonly --disable-examples --disable-rsa --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DBENCH_EMBEDDED" && make check`.
All ECC operations can work now with WOLFSSL_NO_MALLOC and variables will be on stack.
ZD 11829
2021-04-06 15:31:40 -07:00
David Garske
779dabc04e
Cleanups to KSDK port for LTC.
2021-04-06 13:50:33 -07:00
David Garske
f4e1d96cfc
Fixes for building K82. Fixes for warning with const mp_int* k changes.
2021-04-06 11:38:05 -07:00
Jacob Barthelmeh
4eb8265c46
add ecc guard on test case
2021-04-06 20:01:15 +07:00
TakayukiMatsuo
0a05acff09
Add test cases for EVP_CIPHER_CTX_cleanup and BIO_free
2021-04-06 14:21:53 +09:00
Guido Vranken
52e6ff7c56
Account for sp_sqr failure in _sp_exptmod_nct
...
ZD 12039
2021-04-06 01:34:09 +02:00
David Garske
5ebe5d071f
Fixes for wolfSSL_BIO_BASE64_write changes.
2021-04-05 14:35:47 -07:00
Juliusz Sosinowicz
1a9d59c185
front may be unused and generate a warning
2021-04-05 14:35:47 -07:00
Juliusz Sosinowicz
d257cf5003
Return error when using not compiled in BIO
...
Refactor base64 BIO write into static function
2021-04-05 14:35:47 -07:00
David Garske
5b751d9eaa
Fix for possible unused label "exit_chain".
2021-04-05 14:35:47 -07:00
David Garske
8984ce03e9
Refactor BIO read/write to use switch.
2021-04-05 14:35:47 -07:00
David Garske
072e6e010c
Handle the BIO want read in BioReceive.
2021-04-05 14:35:47 -07:00
David Garske
5c762afb94
Fix for BIO with callbacks not called after PR #3824 (was always returning WANT_READ).
2021-04-05 14:35:47 -07:00
David Garske
e13c93d493
Added API's for getting pointer to load static ephemeral key.
2021-04-05 13:40:48 -07:00
David Garske
6b46669641
Merge pull request #3917 from embhorn/zd11959
...
Sanity check sockfd max value
2021-04-05 11:50:13 -07:00
David Garske
7935b7c485
Merge pull request #3920 from SparkiDev/sp_int_ullong
...
SP int: Handle ULLONG_MAX not being defined
2021-04-05 11:48:38 -07:00
David Garske
53d97d1961
Fix for DSA only case and missing sp_read_radix
2021-04-05 11:43:21 -07:00
David Garske
24d8e1b104
SP math all edge cases without RSA.
2021-04-05 11:31:55 -07:00
David Garske
eb37953061
Fix for WOLFSSL_SP_MATH_ALL typo. Plus a few other minor ones.
2021-04-05 11:31:55 -07:00
JacobBarthelmeh
63c96c3585
add implementation of EC_KEY_set_group
2021-04-05 22:22:31 +07:00
Jacob Barthelmeh
9a86f133c8
additional fixes for reports with test cases
2021-04-05 21:26:52 +07:00
Jacob Barthelmeh
71fea2bdd1
initialize hash size variable to 0 in the case that getting the digest size returns 0
2021-04-05 21:26:52 +07:00
Jacob Barthelmeh
4e8769ba6b
initialize variable
2021-04-05 21:26:52 +07:00
Jacob Barthelmeh
39f34ef88b
check return values
2021-04-05 21:26:52 +07:00
Jacob Barthelmeh
1c3ba77bee
remove dead code path
2021-04-05 21:26:52 +07:00
Jacob Barthelmeh
fdb3221ea7
check variable is not null before use in error case
2021-04-05 21:26:52 +07:00
Jacob Barthelmeh
b4c0301f57
add sanity check on serial size
2021-04-05 21:26:52 +07:00
Jacob Barthelmeh
9ea60db80a
add free of bio in error case
2021-04-05 21:26:22 +07:00
Jacob Barthelmeh
4ead19e21f
check return value of hash digest size
2021-04-05 21:26:22 +07:00
Jacob Barthelmeh
75abeebaf7
free memory in test case
2021-04-05 21:26:22 +07:00
Jacob Barthelmeh
97b83a2550
free PKCS7 structure on error case
2021-04-05 21:26:22 +07:00
Jacob Barthelmeh
141d1cb5af
fix for potential leak on fail case
2021-04-05 21:26:22 +07:00
Elms
379e1fb630
INTIME: support CRL for INTIME version < 6
2021-04-01 11:15:23 -07:00
Juliusz Sosinowicz
c5b6d20483
Add more DSA parameters support
...
- Implement wc_DsaParamsDecode and wc_DsaKeyToParamsDer
- Don't include NIDs without OpenSSL builds
2021-04-01 19:47:09 +02:00
Hideki Miyazaki
ea0f4580de
add X509_STORE_get/set_ex_data
2021-04-01 17:06:02 +09:00
Sean Parkinson
e3c86f8f77
ARMv8 SHA-256: recalc data in SHA256 update
2021-04-01 17:01:21 +10:00
Sean Parkinson
fd94d05b0a
Merge pull request #3932 from guidovranken/zd12012
...
MP integer.c: Use unsigned integers in mp_is_bit_set
2021-04-01 15:41:01 +10:00
Hideki Miyazaki
b8684f3f7e
fix retrun code regression on RAND_bytes
...
fix jenkins fail
2021-04-01 13:35:50 +09:00
Guido Vranken
2ecaa3c4c6
Use unsigned integers in mp_is_bit_set
...
ZD 12012
2021-04-01 00:57:06 +02:00
toddouska
95b91d8913
Merge pull request #3886 from DKubasekRA/fix/RA/v4.7.0-coverity
...
RA - Fixes for Coverity issues
2021-03-31 10:41:54 -07:00
toddouska
49b29bec32
Merge pull request #3930 from JacobBarthelmeh/Testing
...
add link to wolfssl-examples repository in README
2021-03-31 10:10:44 -07:00
toddouska
38cec4b0d4
Merge pull request #3922 from dgarske/have_secret
...
Expose functions to get client/server random for have secret callback
2021-03-30 16:03:57 -07:00
toddouska
f7046ca12a
Merge pull request #3906 from douzzer/AES-BAD_ALIGN_E-consistency
...
Adds optional AES CBC length checking
2021-03-30 16:01:29 -07:00
toddouska
4d1ad6acd6
Merge pull request #3885 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis fixes for items listed as high priority
2021-03-30 16:00:03 -07:00
Chris Conlon
4044b30363
Merge pull request #3915 from TakayukiMatsuo/os_ecdh
...
Add unit tests for OpenSSL compat APIs
2021-03-30 16:18:16 -06:00
Jacob Barthelmeh
dfb7848320
add link to wolfssl-examples repository in README
2021-03-31 01:34:14 +07:00
Jake Hicks
0ea9163253
fix: call CBClientCert for TLS 1.3 certificate requests
2021-03-30 07:25:05 -05:00
TakayukiMatsuo
56b1406a30
Fix to call wc_FreeDhKey only after wc_InitDhKey succeeds.
2021-03-30 00:18:40 +09:00
Sean Parkinson
c3fcb2e95f
Merge pull request #3923 from dgarske/armv8
...
ARMv8: do not compile code if module is disabled
2021-03-29 08:50:41 +10:00
Vysakh P Pillai
4911977946
rename I2C address var per cryptoauthlib 3.3.0
2021-03-28 00:11:11 +05:30
Vysakh P Pillai
ccc50714d0
Fix TNGTLS certificate size issue
...
TNGTLS devices has shown variations in the device and signer certificate sizes causing failure.
This fix makes the size query dynamic.
2021-03-28 00:02:17 +05:30
Chris Conlon
a9ff314840
Merge pull request #3912 from miyazakh/rsa_bits_
...
Added RSA_bits
2021-03-26 17:00:56 -06:00
Chris Conlon
b67f270e3d
Merge pull request #3910 from miyazakh/openssl_ext_unit_test
...
Update compatibility layer api unit test
2021-03-26 16:58:21 -06:00
David Garske
a22defec50
Fix for availability of wolfSSL_SESSION_print.
2021-03-26 15:39:55 -07:00
David Garske
95ff75c43d
Fix for wolfSSL_SESSION_print
2021-03-26 13:41:11 -07:00
David Garske
724a415d51
Fix ARMv8 to not compile code if module is disabled
2021-03-26 13:28:15 -07:00
David Garske
f65e1f1f09
Expose functions to get client/server random when HAVE_SECRET_CALLBACK is defined.
2021-03-26 13:23:00 -07:00
Daniel Pouzzner
5f6b618e71
configure.ac: add --enable-aescbc-length-checks and add it to --enable-all; api.c: fix expected error code in WOLFSSL_AES_CBC_LENGTH_CHECKS path of test_wc_AesCbcEncryptDecrypt(); aes.c: add explanatory comment on WOLFSSL_AES_CBC_LENGTH_CHECKS to top of file.
2021-03-26 14:04:25 -05:00
Daniel Pouzzner
5d9ee97530
WOLFSSL_AES_CBC_LENGTH_CHECKS: add gated logic to aes.c wc_AesCbc{En,De}crypt() to return BAD_LENGTH_E when input length is not a multiple of AES_BLOCK_SIZE; add gated tests of new functionality in test_wc_AesCbcEncryptDecrypt(); fix first encrypt-decrypt-memcmp in test_wc_AesCbcEncryptDecrypt() to span all of test vector and extend test vector length to be block-multiple; add ungated logic in platform-specific wc_AesCbc{En,De}crypt() routines to return with early success when blocks == 0 (also mitigates buffer overrun on short (less-than-AES_BLOCK_SIZE) input); add BAD_LENGTH_E error code; update documentation.
2021-03-26 13:40:08 -05:00
David Garske
f201d65459
Merge pull request #3898 from elms/intime_rtos/crl_directory_fix
...
INTIME: add support for directory file search
2021-03-26 09:37:21 -07:00
toddouska
79fa71d600
Merge pull request #3882 from TakayukiMatsuo/tk11899
...
Return code differences in wolfSSL_EVP_PKEY_cmp et al.
2021-03-26 09:36:52 -07:00
toddouska
212be50a23
Merge pull request #3899 from SparkiDev/shake256_improve
...
SHA-3: Improve SHAKE256 change to support longer output
2021-03-26 09:35:52 -07:00
toddouska
bb7dce8b46
Merge pull request #3921 from SparkiDev/sp_modinv_win
...
SP MSVC: movslq -> movsxd
2021-03-26 09:34:15 -07:00
TakayukiMatsuo
f7477b932d
Add return value checks and fixed typos.
2021-03-26 17:06:14 +09:00
TakayukiMatsuo
5456765dca
Changed API names to call in unit tests.
2021-03-26 17:05:25 +09:00
Sean Parkinson
1b832bf8fa
SHA-3: Improve SHAKE256 change to support longer output
...
Added tests for 1 complete block output and longer from NIST's CAVP
tests vectors.
2021-03-26 14:59:12 +10:00
Sean Parkinson
a188ef251c
SP MSVC: movslq -> movsl
2021-03-26 14:12:58 +10:00
TakayukiMatsuo
4460180214
Fix implicit conv error.
2021-03-26 08:18:16 +09:00
Sean Parkinson
08be489bf5
SP int: Handle ULLONG_MAX not being defined
2021-03-26 09:03:39 +10:00
Sean Parkinson
0d995527aa
Merge pull request #3918 from dgarske/fix_ecc_mulmod_fast
...
Fix for SP ecc_mulmod_fast
2021-03-26 08:39:48 +10:00
TakayukiMatsuo
5887c2f2e2
Fix fall through.
2021-03-26 04:45:10 +09:00
Eric Blankenhorn
23bd46bac6
Sanity check sockfd
2021-03-25 14:40:38 -05:00
TakayukiMatsuo
79837eeb8e
Changed the function name to be called in the unit test to the OpeSSL function name.
2021-03-26 04:30:36 +09:00
Eric Blankenhorn
11189fe386
Sanity check size in TLSX_Parse
2021-03-25 14:16:22 -05:00
TakayukiMatsuo
da9131d30d
Added return value checks and removed ToDec()
2021-03-26 04:14:14 +09:00
TakayukiMatsuo
dd6db22bc6
Changed the function name to be called in the unit test to the OpenSSL function name.
2021-03-26 04:08:02 +09:00
Elms
4eb4cecff4
INTIME: whitespace fixup and zero context in wc_ReadDirFirst
2021-03-25 10:54:05 -07:00
David Garske
c9b5806575
Fix for ecc_mulmod_fast broken in PR #3868 . The "t" needs 1 extra point for "rt".
2021-03-25 09:19:17 -07:00
David Garske
06966a203b
Merge pull request #3914 from SparkiDev/sp_c_sub_fixes
...
SP C 32/64: fix corner cases around subtraction
2021-03-25 08:11:06 -07:00
Stanislav Klima
6c7b3d806a
Fixed modifying a const value.
2021-03-25 15:36:30 +01:00
Radim Smat
fd7131197f
Updated fix of CID 587269.
2021-03-25 13:28:47 +01:00
Jacob Barthelmeh
a472d2af4a
fix for streaming with PKCS7
2021-03-25 18:54:09 +07:00
Stanislav Klima
67d4611fda
Review fixes.
2021-03-25 11:26:34 +01:00
TakayukiMatsuo
8dcaa8c4b6
Merge remote-tracking branch 'upstream/master' into os_ecdh
...
# Conflicts:
# tests/api.c
2021-03-25 19:17:22 +09:00
TakayukiMatsuo
952a9b3497
Add unit tests for CONT_modules_xxx, CRYPTO_set_dynlock_xxx, CRYPTO_THREADID_xxx and ENGINE_cleanup.
2021-03-25 19:02:13 +09:00
Sean Parkinson
d8a81d0c0f
SP C 32/64: fix corner cases around subtraction
...
Affected RSA PSS
2021-03-25 16:19:54 +10:00
Hideki Miyazaki
c9be50c3a0
added RSA_bits
2021-03-25 13:31:47 +09:00
TakayukiMatsuo
03bad1c056
Added logic to wait for TCP disconnect so that SSL_read behaves the same as OpenSSL after a bidirectional shutdown.
2021-03-25 12:54:05 +09:00
John Safranek
8bee2af550
Merge pull request #3904 from julek-wolfssl/dtls-chacha-poly-fix
...
Chacha-Poly AEAD fix for SCR
2021-03-24 18:53:46 -07:00
David Garske
64555cdd11
Merge pull request #3907 from JacobBarthelmeh/CAAM
2021-03-24 18:47:47 -07:00
John Safranek
662d04ce74
Merge pull request #3879 from julek-wolfssl/dtls-timeout
...
Let user inspect error in wolfSSL_dtls_got_timeout
2021-03-24 18:31:05 -07:00
John Safranek
f2f2976e96
Merge pull request #3837 from haydenroche5/zd11808
...
Fix for ZD 11808.
2021-03-24 18:24:04 -07:00
Sean Parkinson
08ea90ad94
Merge pull request #3905 from dgarske/sp_nb_sync
...
SP ECC: Fix for non-blocking test and synchronization of changes
2021-03-25 10:35:30 +10:00
Hideki Miyazaki
f7652d18a0
use compatibility layer API when they are enabled
2021-03-25 08:09:06 +09:00
JacobBarthelmeh
e074513d38
fix for memory management with mmap function calls
2021-03-25 01:32:37 +07:00
Jacob Barthelmeh
183917f102
change debug message type from review
2021-03-25 01:16:20 +07:00
Martin Kinčl
7f64950da4
Fixed fix of CID 576329.
2021-03-24 17:23:49 +01:00
Martin Kinčl
bf1482a2d7
Fixed another CID 529732.
2021-03-24 17:05:02 +01:00
JacobBarthelmeh
13d81f1fb9
Merge pull request #3902 from dgarske/snicb
...
Fix for SNI recv callback
2021-03-24 15:34:35 +07:00
David Garske
a6851a44af
Fix for ECC non-blocking test R/S values not zero padded causing occasstional wolfCrypt test failures with ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP".
2021-03-23 17:32:36 -07:00
David Garske
a6e9e71fde
Synchronization of SP ECC non-blocking code. Adds WOLFSSL_ECDSA_SET_K_ONE_LOOP support to SP ECC non-block. Removes double code in verify steps. Fixes verify result logic. Spelling error.
2021-03-23 17:30:56 -07:00
toddouska
14ef517b61
Merge pull request #3884 from SparkiDev/tfm_read_bin
...
TFM read_unsigned_bin: endian may not be defined
2021-03-23 14:47:18 -07:00
toddouska
d539dc59be
Merge pull request #3903 from SparkiDev/sha2_arm
...
ARMv8 SHA256, SHA512: Add wc_Sha256Transform, wc_Sha512Transform
2021-03-23 14:46:45 -07:00
toddouska
1643bec05f
Merge pull request #3862 from kaleb-himes/WIN32_WCE_PORTING
...
_WIN32_WCE port of wolfCrypt - OE12
2021-03-23 14:40:48 -07:00
toddouska
6134de6a22
Merge pull request #3855 from miyazakh/openssl_ext_r2
...
Compatibility layer API addition
2021-03-23 14:37:47 -07:00
Stanislav Klima
ee79e1082a
Updated fix of 58787.
2021-03-23 13:19:32 +01:00
Juliusz Sosinowicz
3abcdf059a
Chacha-Poly AEAD fix for SCR
...
Wrong cipher material was being used when using Chacha-Poly AEAD for DTLS 1.2 with secure renegotiation
2021-03-23 10:38:48 +01:00
Sean Parkinson
089ebf277f
ARMv8 SHA256, SHA512: Add wc_Sha256Transform, wc_Sha512Transform
2021-03-23 12:53:06 +10:00
David Garske
9313d59479
Fix for SNI callback
...
* Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback.
* Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI`
2021-03-22 11:28:16 -07:00
kaleb-himes
b3eb2e3ddd
Implement peer review feedback
...
Fix items that were missed from peer review
Remove dead code
Add ret capture of return from XVSNPRINTF
2021-03-22 11:55:16 -06:00
David Garske
3accd4dd86
Merge pull request #3900 from JacobBarthelmeh/CAAM
...
account for leading 0's with r and s during ECC verify
2021-03-22 09:08:44 -07:00
JacobBarthelmeh
b7ac12edb6
account for leading 0's with r and s during ECC verify
2021-03-22 18:16:21 +07:00
Stanislav Klima
2e25c53111
Revert "Fixed CID 583215."
...
This reverts commit 26578be1a7
2021-03-22 09:50:20 +01:00
Stanislav Klima
a8abeeb50e
Fixed CID 58787.
2021-03-22 09:47:52 +01:00
Sean Parkinson
24b67599c8
Merge pull request #3896 from strongX509/wolfssl-shake256
...
Full implementation of SHAKE256
2021-03-22 09:57:05 +10:00
TakayukiMatsuo
53c54ab475
Added bounds checks.
2021-03-21 12:30:45 +09:00
TakayukiMatsuo
a86a638698
Fix for PRB tests.
2021-03-21 08:19:02 +09:00
TakayukiMatsuo
6bf14dfa56
Added bounds checks, smallstack pattern.
2021-03-21 07:37:02 +09:00
TakayukiMatsuo
a1ff026670
Revert the change of wolfSSL_EVP_CHIPER_CTX_cleanup.
2021-03-21 00:14:57 +09:00
Elms
c3e6195da5
INTIME: add support for directory file search
...
Directory support allows CRL use with undefining `NO_WOLFSSL_DIR`
Also increase stack size to avoid page fault and add
`_USE_64BIT_TIME_T` to example project to pass ASN test
2021-03-20 00:53:02 -07:00
Hideki Miyazaki
526688a1a5
adressed review comments part 5-1
2021-03-20 14:57:26 +09:00
Hideki Miyazaki
fae36f108e
adressed review comments part 5
2021-03-20 12:29:42 +09:00
toddouska
14b7d70ae4
Merge pull request #3846 from kabuobeid/builtinEngsRandMethod
...
Add wolfSSL_RAND_set_rand_method() and document ENGINE_load_builtin_engines()
2021-03-19 14:23:03 -07:00
toddouska
a0a1406a43
Merge pull request #3894 from SparkiDev/eccsi_sakke_g++
...
ECCSI/SAKKE: fix for g++
2021-03-19 14:03:06 -07:00
toddouska
fc2dff0af6
Merge pull request #3895 from SparkiDev/no_dhe_psk_fix
...
TLS 1.3 PSK no DHE: When not doing PSK don't allow noPskDheKe to be set
2021-03-19 14:02:43 -07:00
Chris Conlon
19c321f165
Merge pull request #3891 from JacobBarthelmeh/PKCS7
...
adjust size when streaming with PKCS7 verify
2021-03-19 11:53:38 -06:00
David Garske
761bebc4a0
Merge pull request #3893 from SparkiDev/sp_dyn_stack
...
SP dyanmic stack: WOLFSSL_SP_NO_DYN_STACK disable use
2021-03-19 10:53:02 -07:00
Chris Conlon
f49e8669cd
Merge pull request #3892 from dgarske/stm32g0
...
Adds support for STM32G0
2021-03-19 11:31:17 -06:00
Andreas Steffen
6e383cf6cd
Full implementation of SHAKE256
...
The current SHAKE256 implementation squeezes output bytes only up
to the rate limit of 136 bytes. This has been fixed to support
the output of an unlimited amount of bytes complying with the
NIST FIPS 202 standard.
2021-03-19 11:13:54 +01:00
TakayukiMatsuo
4136dcb098
Add modifications to fix following issues:
...
- bounds checks
- sanity checks
- smallstack pattern
- coding standard
- typos
2021-03-19 14:58:56 +09:00
TakayukiMatsuo
491f3bc423
Add two public key files in certs folder and register them to gencertbuf.pl
2021-03-19 14:52:58 +09:00
TakayukiMatsuo
62304411dd
Remove wc_EccPublicKeyDecode_ex
2021-03-19 14:48:46 +09:00
TakayukiMatsuo
1c81afcc0a
Add wc_FreeDhKey in wolfSSL_d2i_PUBKEY
2021-03-19 14:23:40 +09:00
TakayukiMatsuo
364e35575c
Add following modifications to unit-test:
...
- Modify reference data in test_wolfSSL_EVP_PKEY_print_public
- Remove test_wc_EccPublicKeyDecode_ex
- Rewrite test_wc_DhPublicKeyDecode to have Assert
2021-03-19 14:17:26 +09:00
Hideki Miyazaki
300cbf7a5b
fixed NO_WOLFSSL_DIR configuration case
2021-03-19 13:13:03 +09:00
Hideki Miyazaki
ffa6a80725
addressed review comments part 4
2021-03-19 13:13:02 +09:00
Hideki Miyazaki
7b81ff1bc6
fixed api testing for hash dir
2021-03-19 13:13:01 +09:00
Hideki Miyazaki
c5327866a4
addressed review comments part 3
2021-03-19 13:13:01 +09:00
Hideki Miyazaki
84368eed3f
addressed review comment part 2 moving BY_DIR_xxx functions to internal
2021-03-19 13:13:00 +09:00
Hideki Miyazaki
4650aaf4fb
addressed review comments part 1
2021-03-19 13:13:00 +09:00
Hideki Miyazaki
f9c9de5855
free Mutex
2021-03-19 13:12:59 +09:00
Hideki Miyazaki
2d79578eda
addressed jenkins failure
...
fix missing mutex initialization
2021-03-19 13:12:59 +09:00
Hideki Miyazaki
a13784abe1
fixed jenkins failure
2021-03-19 13:12:58 +09:00
Hideki Miyazaki
cb0f082e39
simplified wc_EncodeName*
2021-03-19 13:12:57 +09:00
Hideki Miyazaki
e73b06e797
add comments and description to new function and API
2021-03-19 13:12:57 +09:00
Hideki Miyazaki
39b0c4eaf8
fixed sanitize errors
2021-03-19 13:12:56 +09:00
Hideki Miyazaki
b4a573ca98
Initial implemented X509_LOOKUP_ctrl L_ADD_DIR
2021-03-19 13:12:55 +09:00
Hideki Miyazaki
ce485d99b3
implemented L_FILE_LOAD case
2021-03-19 13:12:54 +09:00
Sean Parkinson
e7472384c2
TLS 1.3 PSK no DHE: When not doing PSK don't allow noPskDheKe to be set
2021-03-19 12:11:30 +10:00
Sean Parkinson
7cacfc53e6
ECCSI/SAKKE: fix for g++
...
Cast XMALLOC return.
2021-03-19 10:49:34 +10:00
Sean Parkinson
f6840ca907
SP dyanmic stack: WOLFSSL_SP_NO_DYN_STACK disable use
...
For small code and not small stack, arrays are being defined with a size
dependent on the input parameters, where compiler supports it.
Disable this with: WOLFSSL_SP_NO_DYN_STACK
2021-03-19 09:56:56 +10:00
Sean Parkinson
a688245738
Merge pull request #3868 from dgarske/sp_nomalloc
...
Fixes for SP RSA/DH with `WOLFSSL_SP_NO_MALLOC`
2021-03-19 09:41:30 +10:00
David Garske
14e79a165a
Merge pull request #3880 from embhorn/cov_fixes
...
Fix resource leak
2021-03-18 15:18:38 -07:00
toddouska
a363077b1e
Merge pull request #3841 from SparkiDev/aes_gcm_stream
...
AES GCM: implement streaming
2021-03-18 14:36:55 -07:00
David Garske
6bf3c08634
Fixes for SP RSA/DH with WOLFSSL_SP_NO_MALLOC. Cleanup of the SP no malloc code for ECC, RSA and DH.
2021-03-18 14:00:51 -07:00
David Garske
a27a61c937
Adds support for STM32G0.
2021-03-18 11:25:48 -07:00
Kareem Abuobeid
a85e348c0e
Change void return from RAND_seed back to int.
2021-03-18 11:20:56 -07:00
Kareem Abuobeid
5aa23424a4
wolfSSL_RAND_set_rand_method: Cleanup
2021-03-18 10:27:31 -07:00
Jacob Barthelmeh
de50209cdf
adjust size when streaming with PKCS7 verify
2021-03-18 22:52:36 +07:00
David Garske
e7ad9b423f
Merge pull request #3881 from embhorn/zd11906
...
Fix der struct mem leak in AddTrustedPeer
2021-03-18 07:40:27 -07:00
David Garske
89a461595f
Merge pull request #3890 from douzzer/fix-linuxkm-tls13-typo
...
src/tls13.c: fix typo introduced in commit 697d34c80d
2021-03-18 07:36:58 -07:00
Jacob Barthelmeh
360c961b48
fix for unused variable in dh.c from Jenkins test
2021-03-18 20:34:38 +07:00
Jacob Barthelmeh
a64bb8aef7
fix unused variable in test case from Jenkins test
2021-03-18 15:17:08 +07:00
Daniel Pouzzner
717c0089c0
src/tls13.c: fix typo introduced in commit 697d34c80d.
2021-03-18 00:04:53 -05:00
Kareem Abuobeid
832c99597c
wolfSSL_RAND_set_rand_method: Code review feedback
2021-03-17 17:02:20 -07:00
David Garske
7760dcb43b
Fixes and cleanups for the openssl compatibility layer RAND_ functions. For opensslextra=x509small don't include the RAND method code. Removed abandonded "ENABLED_SMALL" option in configure.ac.
2021-03-17 15:51:52 -07:00
Kareem Abuobeid
1477af9a22
Add wolfSSL_RAND_set_rand_method() and support for RAND_ callbacks.
2021-03-17 14:29:24 -07:00
toddouska
a3be049e0e
Merge pull request #3883 from SparkiDev/sp_asm_config
...
SP config: allow asm to be an SP options (--enable-sp=asm,yes)
2021-03-17 12:53:14 -07:00
Jacob Barthelmeh
12b290cbaf
remove duplicate (deadcode) for clearing mp_int's
2021-03-17 17:34:54 +07:00
Jacob Barthelmeh
6ef905c9e3
use err goto for error out
2021-03-17 17:06:03 +07:00
Jacob Barthelmeh
2732ba2bba
check return value is not negative
2021-03-17 16:50:53 +07:00
Jacob Barthelmeh
1ca3604212
add check on init mutex return value
2021-03-17 16:42:16 +07:00
Jacob Barthelmeh
da56c33f48
add debug message on BIO write return value when printing out error nodes
2021-03-17 16:33:37 +07:00
Jacob Barthelmeh
d439694eb6
sanity check on length in wolfSSL_BN_rand
2021-03-17 13:41:27 +07:00
Jacob Barthelmeh
6995f6dedc
help out static analyizer and memset buffer created
2021-03-17 12:34:12 +07:00
Jacob Barthelmeh
48d13bbfa5
fix for leak with wolfSSL_a2i_ASN1_INTEGER
2021-03-17 12:24:18 +07:00
Sean Parkinson
2dafb3ed96
TFM read_unsigned_bin: endian may not be defined
2021-03-17 12:10:06 +10:00
Sean Parkinson
38d268dbbb
fixup
2021-03-17 11:31:03 +10:00
Sean Parkinson
7f1e63e7f5
SP config: allow asm to be an SP options (--enable-sp=asm.yes)
2021-03-17 11:24:55 +10:00
TakayukiMatsuo
3bd7127188
Wrap some long lines.
2021-03-17 06:58:51 +09:00
toddouska
cba348dbf1
Merge pull request #3853 from SparkiDev/sp_add_d
...
SP int neg add_d/sub_d: handle small values properly
2021-03-16 14:16:01 -07:00
TakayukiMatsuo
07807526c6
Change the following functions to behave the same as opeSSL:
...
- EVP_CIPHER_CTX_cleanup
- BIO_free
- EVP_PKEY_cmp
2021-03-17 05:47:45 +09:00
Eric Blankenhorn
3f8444e7ea
Fix der struct mem leak in AddTrustedPeer
2021-03-16 11:57:49 -05:00
David Garske
e668b9b5d6
Merge pull request #3876 from kabuobeid/sslSuitesNullCheck
...
Fix missing NULL check in FreeSuites(). Fixes #3873 .
2021-03-16 09:02:10 -07:00
JacobBarthelmeh
df2e0905e0
Merge pull request #3874 from dgarske/cryptocb_devctx
...
Fixes for for crypto callbacks (SHA1, HMAC and CMAC)
2021-03-16 21:26:50 +07:00
TakayukiMatsuo
9f6d1fe964
Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint
2021-03-16 15:55:51 +09:00
Sean Parkinson
35659be06f
AES GCM: implement streaming
...
Updated EVP layer to use streaming API when enabled.
Assembly for x64 updated to include streaming.
2021-03-16 16:39:49 +10:00
David Garske
f3900be6dc
Merge pull request #3877 from SparkiDev/sakke_eccsi_fixup
2021-03-15 20:18:09 -07:00
TakayukiMatsuo
9fd8fde714
Add fixes along the review commnents.
2021-03-16 11:55:18 +09:00
Sean Parkinson
9caf366a25
SP x86_64 asm: put back in lost fixes
...
Corner case for P-256.
ModInv P-256 AVX2 fix carry and use movslq for clang.
Get entry P-384 non-AVX2 don't assume table data is aligned.
2021-03-16 11:08:34 +10:00
Sean Parkinson
6fc0440904
SP int neg add_d/sub_d: handle small values properly
2021-03-16 10:22:48 +10:00
toddouska
5c82ef9420
Merge pull request #3858 from julek-wolfssl/x509-set-pub-key
...
wolfSSL_X509_set_pubkey fix
2021-03-15 17:19:30 -07:00
toddouska
5c4c101ac5
Merge pull request #3863 from JacobBarthelmeh/Testing
...
fix for wolfSSL_ASN1_TIME_adj set length
2021-03-15 17:17:33 -07:00
toddouska
1b8c0c73a9
Merge pull request #3851 from SparkiDev/sp_read_bin_align
...
SP int: read_unsigned_bin and BIG_ENDIAN
2021-03-15 17:12:23 -07:00
toddouska
3ac03d3d66
Merge pull request #3805 from JacobBarthelmeh/copyright
...
update copyright date to 2021
2021-03-15 16:16:50 -07:00
toddouska
5fd0950a3a
Merge pull request #3654 from SparkiDev/sakke_eccsi
...
ECCSI and SAKKE: add support
2021-03-15 16:15:59 -07:00
Kareem Abuobeid
46b3beeccd
Fix missing NULL check in FreeSuites(), with OPENSSL_ALL enabled, this was causing a segfault in when freeing a WOLFSSL object created with wolfSSL_write_dup().
2021-03-15 16:15:21 -07:00
Juliusz Sosinowicz
0fa39a04dc
Let user inspect error in wolfSSL_dtls_got_timeout
2021-03-15 19:00:11 +01:00
David Garske
2e247cc176
Merge pull request #3870 from JacobBarthelmeh/Benchmark
...
fix for using devId with benchmarking ECC
2021-03-15 10:09:23 -07:00
David Garske
d4d30a0078
Merge pull request #3875 from SparkiDev/sp_get_entry
...
SP x86_64 non-AVX2: Fix get_entry to no load table aligned
2021-03-15 10:00:27 -07:00
Sean Parkinson
0f605b2aab
SP x86_64 non-AVX2: Fix get_entry to no load table aligned
2021-03-15 18:05:10 +10:00
David Garske
e2aee302ef
Merge pull request #3867 from douzzer/autoconf-2.71-gcc-10.2-updates
2021-03-12 16:19:28 -08:00
David Garske
7a020e4bb6
Fix for FIPS and CMAC init.
2021-03-12 14:23:34 -08:00
Eric Blankenhorn
36f80d53aa
Fix resource leak
2021-03-12 14:57:45 -06:00
Daniel Pouzzner
92854a5ddc
configure.ac: advance AC_PREREQ from 2.63 (2008) to 2.69 (2012) to reflect current automated testing coverage, and to avoid intractable best-practice conflicts between 2.63 and 2.70 (2020); advance AM_INIT_AUTOMAKE from 1.11 (2009) to 1.14.1 (2013) to reflect current automated testing coverage; advance LT_PREREQ from 2.2 (2008) to 2.4.2 (2011) to reflect current automated testing coverage.
2021-03-12 13:49:29 -06:00
David Garske
697d34c80d
Fix for for crypto callback devCtx on symmetric algorithms (missing for SHA1 and CMAC). Fix for HMAC to use devId for hashing. Fixes for CMAC crypto callbacks and testing.
2021-03-12 11:49:25 -08:00
John Safranek
62ec4ef3b9
Policy Constraints Extension
...
Read the policy constraints extension from a certificate. Save the skip value but don't do anything with it at this time.
2021-03-12 10:23:23 -08:00
Juliusz Sosinowicz
c5c80b67d2
wolfSSL_X509_set_pubkey fix
...
wolfSSL_X509_set_pubkey should always regenerate the key to make sure that it does not contain the private key
2021-03-12 18:13:15 +01:00
JacobBarthelmeh
e9b39c3091
fix for using devId with benchmarking ECC
2021-03-12 21:14:20 +07:00
David Garske
fa8934c5fc
Merge pull request #3861 from haydenroche5/cmake_session_ticket
2021-03-11 21:05:31 -08:00
Jacob Barthelmeh
5369c133ad
add macro guard around test
2021-03-12 11:44:09 +07:00
Sean Parkinson
a20b7fae32
ECCSI/SAKKE: add loop count to generation functions
2021-03-12 13:57:53 +10:00
Sean Parkinson
a55e94cf6f
ECCSI and SAKKE: add support
...
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
2021-03-12 09:31:22 +10:00
Daniel Pouzzner
771a7418ea
fixes for compat with autoconf 2.70 and gcc-10: update m4/ax_pthread.m4 and m4/ax_tls.m4 from upstream, fix declaration syntax in tests/api.c, add AC_CANONICAL_TARGET in configure.ac, and fix two spots with bad quoting syntax in configure.ac and m4/ax_linuxkm.m4. also fix myriad whitespace flubs in api.c.
2021-03-11 17:29:12 -06:00
elms
c091b968a3
Merge pull request #3864 from cconlon/0311
...
api.c fix for --enable-opensslall and --enable-debug
2021-03-11 14:54:40 -08:00
Chris Conlon
e93568816e
Merge pull request #3859 from TakayukiMatsuo/os_ecdh
...
Remove NO_WOLFSSL_STUB guard and add a comment to each API
2021-03-11 15:31:21 -07:00
elms
6241d56eec
Merge pull request #3865 from haydenroche5/fix_have_aes_ecb
...
Change WOLFSSL_AES_ECB to HAVE_AES_ECB in api.c.
2021-03-11 14:12:46 -08:00
Hayden Roche
211eefa155
Change WOLFSSL_AES_ECB to HAVE_AES_ECB in api.c.
2021-03-11 14:03:54 -06:00
Chris Conlon
e184cf5c29
fix api.c build with --enable-opensslall and --enable-debug
2021-03-11 12:56:13 -07:00
kaleb-himes
1d5d946273
Cleanup user_settings.h
2021-03-11 06:39:39 -07:00
Jacob Barthelmeh
eb8b40c64a
fix for wolfSSL_ASN1_TIME_adj set length
2021-03-11 20:34:17 +07:00
TakayukiMatsuo
b9464befb6
Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint
2021-03-11 16:21:09 +09:00
Jacob Barthelmeh
c729318ddd
update copyright date
2021-03-11 13:42:46 +07:00
John Safranek
fceba6eb6f
Merge pull request #3860 from julek-wolfssl/scr-hello-verify
...
SCR cookie exchange shouldn't change seq and epoch numbers
2021-03-10 16:11:03 -08:00
kaleb-himes
16d55b0b86
_WIN32_WCE port of wolfCrypt - OE12
...
Add user_settings.h for OE12
Restrict LPCWSTR typecast to be WINCE specific
2021-03-10 17:02:21 -07:00
toddouska
72eebd6e75
Merge pull request #3795 from JacobBarthelmeh/CAAM
...
Addition of QNX CAAM driver
2021-03-10 15:04:21 -08:00
toddouska
44c5ca9d39
Merge pull request #3825 from julek-wolfssl/openssl-key-wrap
...
Implement `AES_wrap_key` and `AES_unwrap_key`
2021-03-10 15:01:51 -08:00
toddouska
b081243af3
Merge pull request #3850 from SparkiDev/sp_x64_asm_fixes
...
SP ECC: Fix P-256 modinv for AVX2
2021-03-10 14:57:17 -08:00
toddouska
385ef17099
Merge pull request #3852 from SparkiDev/mp_is_bit_set
...
MP int: fix word range check in mp_is_bit_set()
2021-03-10 14:54:58 -08:00
David Garske
2b92abdd35
Merge pull request #3857 from embhorn/zd11865
...
Fix header cir ref with WPAS
2021-03-10 14:54:50 -08:00
toddouska
0bcde126d9
Merge pull request #3791 from TakayukiMatsuo/ZD11641
...
Causes SSL_CTX_load_verify_locations and X509_LOOKUP_load_file to return zero on failure if WOLFSSL_ERR_CODE_OPENSSL is defined
2021-03-10 14:54:14 -08:00
Chris Conlon
40b5d94db8
Merge pull request #3848 from JacobBarthelmeh/Testing
...
sanity check on size before compare
2021-03-10 15:18:44 -07:00
Hayden Roche
0403990cc8
Add support for session tickets in CMake.
...
Additionally, ensure duplicate definitions don't make it into options.h.
2021-03-10 11:48:59 -06:00
Juliusz Sosinowicz
26fb658206
SCR cookie exchange shouldn't change seq and epoch numbers
2021-03-10 18:34:09 +01:00
TakayukiMatsuo
0e699ff046
Remove NO_WOLFSSL_STUB guard and add a comment to each wolfSSL_set_dynlock_xxx API.
2021-03-11 00:04:17 +09:00
JacobBarthelmeh
4ad1b52108
Merge pull request #3824 from julek-wolfssl/ssl-bio-use-chain
...
WOLFSSL_BIO_SSL BIO should use remaining chain for IO
2021-03-10 18:21:09 +07:00
JacobBarthelmeh
28ae8e3e11
add include file for getting WOLFSSL_CAAM_DEVID in test case
2021-03-10 17:27:40 +07:00
Juliusz Sosinowicz
d7838155e5
WOLFSSL_BIO_SSL BIO should use remaining chain for IO
...
This is accomplished by passing the next BIO in the chain in to the `wolfSSL_set_bio` API.
2021-03-10 10:13:42 +01:00
David Garske
ce62a24325
Merge pull request #3856 from embhorn/gh3849
...
Typo in client example
2021-03-09 15:49:30 -08:00
Eric Blankenhorn
f421f949c9
Fix header cir ref with WPAS
2021-03-09 17:09:04 -06:00
Chris Conlon
23396a94c4
Merge pull request #3822 from TakayukiMatsuo/os_ecdh
...
Add CTX_set_ecdh_auto
2021-03-09 15:15:38 -07:00
John Safranek
fd6618170d
Merge pull request #3843 from julek-wolfssl/dtls-reset-seq-num
...
Correctly move the Tx sequence number forward
2021-03-09 13:06:04 -08:00
Juliusz Sosinowicz
d4302cc71b
Correctly reset the Tx sequence number
...
All DTLS records after the ClientHello should try to start from the sequence number of the ClientHello if it is available.
2021-03-09 18:30:10 +01:00
Stanislav Klima
9f9bf7345b
Fixed CID 13482
2021-03-09 15:12:31 +01:00
Stanislav Klima
dc1f11666d
Fixed CID 588443
2021-03-09 14:49:30 +01:00
Stanislav Klima
9e68d0d1a8
Fixed CID 586938
2021-03-09 12:30:39 +01:00
TakayukiMatsuo
153859f2b2
Merge remote-tracking branch 'upstream/master' into os_ecdh
...
# Conflicts:
# tests/api.c
2021-03-09 12:00:15 +09:00
Eric Blankenhorn
5e953d5968
Typo in client example
2021-03-08 17:31:12 -06:00
Sean Parkinson
ff3325fcaf
SP ECC: Fix P-256 modinv for AVX2
...
modinv AVX2: do quick norm on result twice and convert 32-bit signed to
64-bit signed before adding
P-256 mont_add, mont_dbl, mont_tpl, mont_sub x64: handle mul/sqr result
being greater than modulus but not greater than 1<<256.
2021-03-09 08:42:07 +10:00
Hayden Roche
b271da2954
Fix for ZD 11808.
2021-03-08 12:23:32 -06:00
David Garske
c73965b471
Merge pull request #3842 from danielinux/imx-rt1060-fixes
...
Fixed regressions in sha modules when compiling with WOLFSSL_IMXRT_DCP
2021-03-08 10:21:40 -08:00
Chris Conlon
7b2aa54044
Merge pull request #3801 from TakayukiMatsuo/os_bio
...
Add wolfSSL_BIO_tell
2021-03-08 09:56:01 -07:00
Chris Conlon
ec58765498
Merge pull request #3769 from miyazakh/openssl_ext_r1
...
Compatibility layer API addition
2021-03-08 09:54:07 -07:00
Sean Parkinson
419b426a1b
MP int: fix word range check in mp_is_bit_set()
2021-03-08 15:45:04 +10:00
Sean Parkinson
98683bf71c
SP int: read_unsigned_bin and BIG_ENDIAN
...
When unaligned access of sp_int_digit pointer causes segfault, define:
WOLFSSL_SP_INT_DIGIT_ALIGN
2021-03-08 15:17:12 +10:00
TakayukiMatsuo
feeb0ceb96
Change macro name to WS_RETURN_CODE and add more comments.
2021-03-08 11:57:36 +09:00
JacobBarthelmeh
2275c97602
check ret of lock and adjust return type
2021-03-06 14:21:44 +07:00
Jacob Barthelmeh
e497a8f589
sanity check on size before compare
2021-03-06 08:58:37 +07:00
Hideki Miyazaki
3b768bcb5e
addressed review comments
2021-03-06 10:18:31 +09:00
Martin Kinčl
5efd0bf2a4
Fixed CID 587445.
2021-03-06 00:58:39 +01:00
Martin Kinčl
db275268a1
Fixed CID 581667.
2021-03-06 00:40:08 +01:00
Martin Kinčl
c2629d34b5
Fixed CID 577166, 577196.
2021-03-06 00:07:37 +01:00
Martin Kinčl
5841ee8efb
Fixed CID 576945.
2021-03-05 23:40:49 +01:00
Martin Kinčl
7d9661d75c
Fixed CID 576884.
2021-03-05 23:24:34 +01:00
Martin Kinčl
876cc9239d
Fixed CID 576574.
2021-03-05 23:16:50 +01:00
toddouska
b6130513e3
Merge pull request #3844 from SparkiDev/mp_read_radix_fail
...
MP small: read radix set result to 0 on all errors
2021-03-05 12:09:38 -08:00
toddouska
8428823881
Merge pull request #3840 from SparkiDev/mp_neg_fixes
...
MP: fixes for negative
2021-03-05 12:08:45 -08:00
David Garske
b55e428795
Merge pull request #3826 from tmael/ecc_err
...
WOLFSSL_STATIC_MEMORY no longer requires fast math
2021-03-05 11:49:01 -08:00
Radim Smat
af7b1bd25e
Fixed CID 587328.
2021-03-05 17:18:34 +01:00
Radim Smat
e76da394b7
Fixed CID 587287.
2021-03-05 15:44:00 +01:00
David Kubasek
d01d32b6ed
Fixed the fix of CID 578018
2021-03-05 14:59:18 +01:00
David Kubasek
175fe250ba
Merge branch 'fix/RA/v4.7.0-coverity' of https://github.com/DKubasekRA/wolfssl into fix/RA/v4.7.0-coverity
2021-03-05 14:44:10 +01:00
David Kubasek
97a9938f94
Fixed CID 584275
2021-03-05 14:43:52 +01:00
Radim Smat
9732f6e74b
Fixed CID 587328.
2021-03-05 14:27:47 +01:00
Radim Smat
f7fbd0fceb
Fixed CID 587287.
2021-03-05 13:35:27 +01:00
Radim Smat
8588998234
Fixed CID 586797.
2021-03-05 12:22:59 +01:00
Radim Smat
8539e8c170
Fixed CID 584000.
2021-03-05 12:10:40 +01:00
Radim Smat
0caed02db7
Fixed CID 576609.
2021-03-05 12:04:30 +01:00
David Kubasek
d2b26f66d5
Fixed CID 578018
2021-03-05 10:59:08 +01:00
David Kubasek
ad70112fd8
Fixed CID 576268
2021-03-05 10:35:14 +01:00
Radim Smat
d510c270cd
Fixed CID 212170.
2021-03-05 09:44:47 +01:00
Jacob Barthelmeh
6d0dbbe1c0
add IDE/QNX/README.md and add WOLFSSL_QNX_CAAM guard
2021-03-05 14:43:23 +07:00
Sean Parkinson
298ebd6024
MP small: read radix set result to 0 on all errors
2021-03-05 10:02:07 +10:00
Sean Parkinson
046b279ae2
MP: fixes for negative
...
sp_int.c:
- sp_addmod_ct(), sp_submod_ct(), sp_gcd() and sp_lcm() only support
positive numbers: updated comments.
- sp_mod(0, neg): fix to not add 0 and neg.
- sp_div(): set sign on rem when a is greater than d but same bit length
and fix sign setting on result when absolute values equal or
close.
- Modular exponentation functions: compare absolute values when
determining whether base needs to be reduced.
- Fix calculation of hex string when negative: add -ve nibble before
checking for need of extra 0.
- Fix size allocation in sp_mod when WOLFSSL_SP_INT_NEGATIVE defined
tfm.c:
- fp_mod(0, neg): fix to not add 0 and neg.
- fp_isone(): fixed to check for negative
- fp_add_d(): fix small stack version to support negative numbers
integer.c:
- mp_isone(): fixed to check for negative
2021-03-05 09:29:46 +10:00
Hideki Miyazaki
896245cae7
addressed jenkins cavp test failure
2021-03-05 08:19:25 +09:00
Hideki Miyazaki
464f82a575
addressed jenkins failure part4
2021-03-05 08:19:24 +09:00
Hideki Miyazaki
2246ea33cc
addressed sanitize failure
2021-03-05 08:19:23 +09:00
Hideki Miyazaki
302c6dfe11
addressed jenkins failure part3
2021-03-05 08:19:22 +09:00
Hideki Miyazaki
9bae05525c
addressed review comments
2021-03-05 08:19:22 +09:00
Hideki Miyazaki
5ddd2710d7
addressed jenkins failure part2
2021-03-05 08:19:21 +09:00
Hideki Miyazaki
cd26444e01
addressed jenkins failure part1
2021-03-05 08:19:21 +09:00
Hideki Miyazaki
5fb9aa3f9b
implemented SHA512_Transform and unit test
2021-03-05 08:19:20 +09:00
Hideki Miyazaki
82fb498ed5
Implemented MD5 unit tests
2021-03-05 08:19:19 +09:00
Hideki Miyazaki
525d28f38f
Implemented MD5_Transform
2021-03-05 08:19:18 +09:00
Hideki Miyazaki
502e1458f9
Implemented SHA one shot
...
Implemented SHA_Transform
2021-03-05 08:19:17 +09:00
Hideki Miyazaki
95cf3675e9
implemented SHA256_Transform
...
WIP SHA512_Transform
2021-03-05 08:19:17 +09:00
Hideki Miyazaki
cb3fa8ff9e
SHA224 implementation
2021-03-05 08:19:16 +09:00
Hideki Miyazaki
141d07e21b
addressed pre-review comments
2021-03-05 08:19:16 +09:00
Hideki Miyazaki
e39477c531
initial implement SSL_get_early_data_status
2021-03-05 08:19:15 +09:00
Hideki Miyazaki
44a20c8ce6
add more unit test case for load_crl_file
2021-03-05 08:19:14 +09:00
Hideki Miyazaki
544ed32893
implemented X509_load_crl_file
2021-03-05 08:19:14 +09:00
Hideki Miyazaki
2e223fb101
implemeted wolfSSL_CTX_get0/set1_param, and corresponding to sub-methods
2021-03-05 08:19:13 +09:00
JacobBarthelmeh
f15450f63e
Merge pull request #3839 from cconlon/pkcs7free
...
fix PKCS7 dynamic content save/restore in PKCS7_VerifySignedData
2021-03-05 05:53:38 +07:00
Tesfa Mael
19fa75c6a8
static memory no longer requires fast math
2021-03-04 14:40:14 -08:00
Tesfa Mael
16f39b4e77
Fix _sp_add_d err
2021-03-04 14:40:14 -08:00
Sean Parkinson
25228cb6c0
Merge pull request #3798 from dgarske/no_hash
...
wolfcrypt: Fixes for building without hash or rng
2021-03-05 08:16:34 +10:00
David Garske
7983734dcb
Merge pull request #3786 from tmael/cc310_ecc_importkey
...
Add Cryptocell wc_ecc_import_x963_ex
2021-03-04 13:59:54 -08:00
toddouska
53a7397418
Merge pull request #3828 from elms/test/fix_openssl_ticket_noaes
...
test: fix compile with session-ticket without AES-GCM
2021-03-04 11:15:20 -08:00
toddouska
bd57e3e4cf
Merge pull request #3818 from dgarske/zd11760
...
Fix for InTime RTOS v5 random
2021-03-04 11:14:34 -08:00
toddouska
b8235649ea
Merge pull request #3812 from haydenroche5/get-certs-refactor
...
Improve wolfSSL_CertManagerGetCerts.
2021-03-04 11:14:05 -08:00
toddouska
0a74fbf95f
Merge pull request #3789 from fabiankeil/configure-accept-amd64
...
configure: When enabling --enable-sp-asm, accept host_cpu amd64
2021-03-04 11:11:13 -08:00
toddouska
12d5c6d416
Merge pull request #3783 from haydenroche5/socat
...
Add support for OpenSSL compatibility function SSL_CTX_get_min_proto_…
2021-03-04 11:10:17 -08:00
toddouska
90d45028cc
Merge pull request #3781 from fabiankeil/NO_WOLFSSL_STUB-build-fix
...
Fix build with NO_WOLFSSL_STUB
2021-03-04 11:07:26 -08:00
toddouska
447b8c9318
Merge pull request #3831 from SparkiDev/sp_int_not_inf
...
SP int: define errors for backward compatability
2021-03-04 11:06:15 -08:00
Martin Kinčl
ea243e0906
Merge branch 'fix/RA/v4.7.0-coverity' of https://github.com/DKubasekRA/wolfssl into fix/RA/v4.7.0-coverity
2021-03-04 18:26:20 +01:00
Radim Smat
027f05e349
Fixed CID 583215.
2021-03-04 13:40:45 +01:00
Radim Smat
f056601d26
Fixed CID 587549.
2021-03-04 11:16:40 +01:00
Radim Smat
dbaf545694
Fixed CID 587348 and CID 587349.
2021-03-04 11:08:25 +01:00
Radim Smat
86b5434dcc
Fixed CID 587342.
2021-03-04 10:45:49 +01:00
TakayukiMatsuo
da75a4f803
Add comment to each added function and fix return value of wolfSSL_EVP_DecodedFinal
2021-03-04 18:39:47 +09:00
TakayukiMatsuo
5043f0229a
Add comment to each added functions
2021-03-04 17:41:18 +09:00
Daniele Lacamera
7610e4989c
iMX-RT1060 support: Fixed missing definition of wc_Sha256Free
2021-03-04 08:34:15 +01:00
Daniele Lacamera
791a5b4244
iMXRT1060 support: Fixed duplicate definition of wc_InitSha & wc_ShaCopy
2021-03-04 08:33:20 +01:00
TakayukiMatsuo
871933e3e8
Add s comment to wolfSSL_BIO_tell
2021-03-04 15:41:03 +09:00
TakayukiMatsuo
b141c2f4f2
Add comment for each added function
2021-03-04 15:02:53 +09:00
Martin Kinčl
d5cd9c4a7f
Fixed CID 591810.
2021-03-04 01:02:11 +01:00
Chris Conlon
2be80acdd3
fix PKCS7 dynamic content save/restore in PKCS7_VerifySignedData for multiPart bundles with certs
2021-03-03 16:19:58 -07:00
Sean Parkinson
8c3b5c3402
Merge pull request #3838 from guidovranken/zd11824
...
Return error code from sp_cond_swap_ct
2021-03-04 08:30:19 +10:00
Martin Kinčl
b383d93274
Fixed CID 582952.
2021-03-03 21:32:34 +01:00
Martin Kinčl
3770d4c581
Fixed CID 577295.
2021-03-03 21:20:33 +01:00
Martin Kinčl
c634c6c850
Fixed CID 577188.
2021-03-03 21:09:24 +01:00
Martin Kinčl
d3314f142a
Fixed CID 576946.
2021-03-03 21:04:51 +01:00
Martin Kinčl
f2b832415e
Fixed CID 576799.
2021-03-03 20:57:40 +01:00
Martin Kinčl
9ea66868d8
Fixed CID 536133.
2021-03-03 20:37:29 +01:00
Martin Kinčl
05156083ec
Fixed CID 529770.
2021-03-03 20:29:21 +01:00
Martin Kinčl
c27c78f9e4
Fixed CID 529748.
2021-03-03 20:12:59 +01:00
Guido Vranken
6725a4f5d2
Return error code from sp_cond_swap_ct
...
ZD 11824
2021-03-03 20:03:10 +01:00
Martin Kinčl
d941cb4456
Fixed CID 587279.
2021-03-03 19:48:54 +01:00
Martin Kinčl
806313ff1a
Fixed CID 576473.
2021-03-03 19:43:19 +01:00
Martin Kinčl
af42e2a799
Fixed CID 576329.
2021-03-03 19:21:51 +01:00
Martin Kinčl
b47678513a
Merge branch 'fix/RA/v4.7.0-coverity' of https://github.com/DKubasekRA/wolfssl into fix/RA/v4.7.0-coverity
2021-03-03 18:49:06 +01:00
Martin Kinčl
1aa718a438
Fixed CID 143658, 463100, 529732.
2021-03-03 18:49:00 +01:00
Radim Smat
061120dda6
Fixed CID 587340.
2021-03-03 17:18:24 +01:00
Radim Smat
18163c9a2a
Fixed CID 587269.
2021-03-03 16:38:28 +01:00
Radim Smat
d5c3d9ca4f
Fixed CID 587064.
2021-03-03 16:03:32 +01:00
Radim Smat
27c5714f11
Fixed CID 586826.
2021-03-03 15:58:55 +01:00
Radim Smat
0bdb2bf40c
Fixed CID 583972.
2021-03-03 15:55:02 +01:00
Radim Smat
26578be1a7
Fixed CID 583215.
2021-03-03 15:51:22 +01:00
Radim Smat
ef34e613e8
Fixed CID 582947.
2021-03-03 15:46:37 +01:00
Radim Smat
38cfe71732
Fixed CID 576552.
2021-03-03 15:41:28 +01:00
Jacob Barthelmeh
b801a6e809
silence warning of unused parameter in certain builds
2021-03-03 18:45:40 +07:00
Jacob Barthelmeh
9db0257e2e
changes after initial review
2021-03-03 18:45:40 +07:00
Jacob Barthelmeh
26a6643383
fix typo on black keymod size and set devid default with TLS
2021-03-03 18:45:40 +07:00
Jacob Barthelmeh
73349d9a83
add missing header file
2021-03-03 18:45:40 +07:00
Jacob Barthelmeh
ffbd565285
fix for cryptocb with private key check
2021-03-03 18:45:40 +07:00
Jacob Barthelmeh
79ec07f5e1
adjustment after rebase
2021-03-03 18:45:40 +07:00
Jacob Barthelmeh
69a0b643be
removing some magic numbers
2021-03-03 18:45:40 +07:00
Jacob Barthelmeh
4409be2a4e
some misra c changes
2021-03-03 18:45:40 +07:00
Jacob Barthelmeh
99f19b19d4
fix for valgrind ecc verify issue
2021-03-03 18:45:40 +07:00
Jacob Barthelmeh
3757e83c64
use hardset mmap device memory for flags
2021-03-03 18:45:40 +07:00
Jacob Barthelmeh
49aeafaa8d
adjust dist files and fix warning
2021-03-03 18:45:40 +07:00
Jacob Barthelmeh
749425e1e8
first pre alpha code for QNX + CAAM
...
manual run of RNG init and JDKEK print
job ring does initial rng
is successful on some red key blob operations
caam red key blob test pass
ecdsa sign/verify
ecdsa ecdh/sign/verify with black secure key
ecdsa ecdh/sign/verify with black secure key
initial cmac addition
initial cmac addition
black blob encap
black keys with cmac
add invalidate memory
refactoring and clean up
more code cleanup
add files for dist and remove some printf's
remove unneeded macro guard
use resource manager
2021-03-03 18:45:40 +07:00
David Kubasek
5dbc6db295
Fixed CID 576149
2021-03-03 10:25:54 +01:00
TakayukiMatsuo
bbf1284112
Replace immediate value "0" with WOLFSSL_FAILURE and add comment to the RETURN_CODE macro
2021-03-03 11:23:11 +09:00
Sean Parkinson
7b78c61ed3
Merge pull request #3833 from dgarske/ecc_keydp
...
ECC: Improve the key ecc_set NULL checking
2021-03-03 09:47:32 +10:00
David Garske
3752347f14
Improve the random logic for the INTIME RTOS RNG.
2021-03-02 15:04:01 -08:00
David Garske
4d8068a328
Merge pull request #3813 from douzzer/configure-autotools-boilerplate-at-the-top
...
configure.ac: put autotools boilerplate at the top
2021-03-02 09:22:09 -08:00
elms
7e8aa99471
Merge pull request #3820 from haydenroche5/cmake-options-cleanup
...
Clean up CMake option strings.
2021-03-02 08:55:12 -08:00
Elms
4ff886dbda
test: fix compile with session-ticket without AES-GCM
...
EVP compat layer doesn't support poly chacha so test shouldn't be
included to try and test it.
2021-03-02 08:40:19 -08:00
David Garske
9fe7be5ac4
Improve the key ecc_set NULL checking for possible use of key->dp == NULL cases. This is cases where the key has not been properly iniailized or loaded prior to calling from a public API.
2021-03-01 17:17:40 -08:00
David Garske
9d4d36f7fe
Fix hasty copy/paste with privSz2.
2021-03-01 16:02:51 -08:00
Sean Parkinson
84d5d37f61
SP int: define errors for backward compatability
2021-03-02 08:34:23 +10:00
David Garske
14faf16955
Dismiss unused warnings for dh_test.
2021-03-01 10:14:28 -08:00
David Garske
8c1a93d9e1
Using "rand()" to seed our PRNG as its available on all INTIME RTOS versions.
2021-03-01 09:23:19 -08:00
Juliusz Sosinowicz
39a28eeec2
Add RSA_NO_PADDING to wolfSSL_RSA_private_encrypt
2021-03-01 13:21:26 +01:00
TakayukiMatsuo
42e87fa542
Add DH key initialization
2021-03-01 01:13:25 +09:00
TakayukiMatsuo
a34c5b018f
Move the local variable declaration to the beginning of the function
2021-03-01 00:49:50 +09:00
TakayukiMatsuo
e72948b018
Fix for PR tests
2021-02-28 10:27:43 +09:00
Hayden Roche
265b456cac
Improve wolfSSL_CertManagerGetCerts.
...
- Use wolfSSL_d2i_X509. wolfSSL_CertManagerGetCerts duplicated a lot of work
that wolfSSL_d2i_X509 can do for us.
- This function gets the caLock from the CertManager and then calls ParseCert.
Ultimately, ParseCert calls GetCA, which attempts to acquire the same caLock.
Deadlock ensues. The solution is to get the caLock, make a copy of all the
certs, and release the lock. Then, we use the copy of the certs to build up
the stack of X509 objects. What happens if one of the certs is removed from
the CertManager between our copying and calling wolfSSL_d2i_X509? Nothing of
consequence for this use case. ParseCertRelative won't set the DecodedCert's ca
field, but we don't need that to be set here.
2021-02-26 10:45:27 -06:00
Hayden Roche
cd9f400cf3
Clean up CMake option strings.
...
This commit makes all the binary CMake options (i.e. yes/no) conform to one
string convention: "yes/no." Previously, we had a mixture of yes/no and ON/OFF.
2021-02-26 10:30:46 -06:00
TakayukiMatsuo
78e2e37fd6
Remove unneccessary local variable initializations and remove local variable declarations in for-loops
2021-02-26 17:17:32 +09:00
TakayukiMatsuo
e9719595fa
Removed commented-out line
2021-02-26 12:49:32 +09:00
TakayukiMatsuo
a54e3aadea
Fix for PR tests
2021-02-26 12:42:42 +09:00
TakayukiMatsuo
ec471af9c5
Add following stub funcs:
...
- wolfSSL_THREADID_current
- wolfSSL_THREADID_hash
- wolfSSL_CTX_set_ecdh_auto
2021-02-26 11:26:10 +09:00
toddouska
4c1a94a6ad
Merge pull request #3768 from SparkiDev/mp_add_d_too_big
...
MP small: mp_add_d doesn't support adding a digit greater than MP_DIG…
2021-02-25 16:56:23 -08:00
toddouska
e18eacfcd2
Merge pull request #3779 from embhorn/zd11711
...
Squelch interfering def of SHA_CTX
2021-02-25 16:05:24 -08:00
toddouska
2d13a43e71
Merge pull request #3819 from elms/fix/nightly_g++
...
ssl: fix g++ compile warning with explicit cast
2021-02-25 16:04:05 -08:00
toddouska
5682d61e75
Merge pull request #3817 from SparkiDev/i2d_x509_name_mv
...
ASN: move wolfSSL_i2d_X509_NAME to ssl.c
2021-02-25 16:03:30 -08:00
toddouska
7d002a7645
Merge pull request #3816 from SparkiDev/win_curve448
...
Windows Project: Include the X448 and Ed448 files
2021-02-25 16:00:53 -08:00
toddouska
dbc4c51a4e
Merge pull request #3815 from SparkiDev/sp_math_keygen
...
SP int: get keygen working with SP math again
2021-02-25 16:00:27 -08:00
toddouska
8d37da24dc
Merge pull request #3814 from SparkiDev/gcd_lcm_zero
...
Math: GCD(0,0) is undefined and LCM(0,*) is undefined.
2021-02-25 16:00:04 -08:00
Hayden Roche
10181b7bbf
Add support for OpenSSL compatibility function SSL_CTX_get_min_proto_version.
...
This is needed by socat-1.7.4.1.
2021-02-25 17:04:41 -06:00
David Garske
bc585e85b6
Dismiss unused warnings for rsa_test.
2021-02-25 11:23:21 -08:00
Juliusz Sosinowicz
2eb253330f
Implement AES_wrap_key and AES_unwrap_key
...
Add `wc_AesKeyWrap_ex` and `wc_AesKeyUnWrap_ex` API to accept an `Aes` object to use for the AES operations
2021-02-25 20:01:51 +01:00
Elms
afbe3607d7
ssl: fix g++ compile warning with explicit cast
...
cast OpenSSL callback to `void*` for storage as context to be used by
static callback
2021-02-25 11:01:16 -08:00
David Garske
acff0e8781
Fix for InTime RTOS v5. The arc4random_buf wasn't added until v6, so opting to use arc4random. ZD 11760.
2021-02-25 08:54:30 -08:00
David Garske
442f182c67
Merge pull request #3778 from haydenroche5/cmake_curve_ed
...
Add CMake support for CURVE25519, ED25519, CURVE448, and ED448.
2021-02-25 08:01:26 -08:00
Sean Parkinson
d271092aef
ASN: move wolfSSL_i2d_X509_NAME to ssl.c
...
Move WOLFSSL_X509_NAME APIs out of asn.[ch].
2021-02-25 11:45:12 +10:00
Sean Parkinson
7bc12bb536
Windows Project: Include the X448 and Ed448 files
2021-02-25 11:10:46 +10:00
Sean Parkinson
d805a5c681
SP int: get keygen working with SP math again
...
./configure --enable-sp --enable-sp-math --enable-keygen
2021-02-25 10:01:27 +10:00
Sean Parkinson
982ba6c1e0
Math: GCD(0,0) is undefined and LCM(0,*) is undefined.
...
All integers divide 0 so there is no greatest common divisor.
0 is not in the set of numbers for LCM.
2021-02-25 09:29:21 +10:00
David Garske
5cc8979309
Review feedback for unused `pubSz2.
2021-02-24 15:09:51 -08:00
David Garske
3a3c0be43f
Fixes for build warnings for CryptoCell with ECC and RSA.
2021-02-24 15:05:27 -08:00
Daniel Pouzzner
9be1e74dc3
configure.ac: move the autotools boilerplate/initializations back to the top, before --enable-distro and --enable-reproducible-build handling.
2021-02-24 17:04:33 -06:00
Elms
101b35e766
cmake: mirror configure logic for SHA3, SHAKE256, SHA224
2021-02-24 14:25:30 -08:00
David Garske
49a0f70c24
Fix errors from last commit.
2021-02-24 14:19:13 -08:00
Hayden Roche
074090049b
Add CMake support for CURVE25519, ED25519, CURVE448, and ED448.
2021-02-24 13:57:34 -08:00
Eric Blankenhorn
8988f1d5a2
Squelch interfering def of SHA_CTX
2021-02-24 15:46:02 -06:00
David Garske
9ebdc8d61c
Additional fixes for building without RNG. Fix for possible use of key->dp == NULL in wc_ecc_export_ex.
2021-02-24 13:21:54 -08:00
Daniel Pouzzner
c201b6801c
Merge pull request #3808 from lechner/enable-base64-with-all
...
Enable Base64 as part of --enable-all.
2021-02-24 14:39:20 -06:00
Daniel Pouzzner
764207a9f5
Merge pull request #3806 from elms/autoconf/oot_fips_check
...
configure: fix for FIPS out-of-tree builds
2021-02-24 14:38:26 -06:00
toddouska
94a23c1d48
Merge pull request #3646 from julek-wolfssl/nginx-1.19.6
...
Add support for Nginx 1.19.6
2021-02-24 12:21:51 -08:00
toddouska
d8a053ac35
Merge pull request #3809 from embhorn/zd11773
...
Warnings and error fixes
2021-02-24 12:14:08 -08:00
David Garske
bf63b41465
Fixes for building without hash. If all hash algorithms are disabled wc_HashAlg could report empty union. ZD 11585.
2021-02-24 11:04:03 -08:00
Elms
36ba2e134b
configure: FIPS error and compatability cleanup
...
Use autotools macros for case and if. Simplify validation logic.
2021-02-24 08:53:50 -08:00
Eric Blankenhorn
1d16af4f32
Warnings and error fixes
2021-02-24 09:08:15 -06:00
Felix Lechner
ae28550667
Enable Base64 as part of --enable-all.
...
Part of an effort to standardize build options across distributions.
When building with all options, this includes Base64, a feature that
was requested in the past.
This commit passed Debian's Salsa CI pipeline [1] as part of a larger
commit streamlining the build options for distributions. [2]
A related pull request by douzzer activated reproducible builds for
distributions by default. [3]
Thanks to David Garske for his generous contributions to this commit!
[1] https://salsa.debian.org/lechner/wolfssl/-/pipelines/233601
[2] https://salsa.debian.org/lechner/wolfssl/-/blob/debian/master/debian/patches/standardize-distro-options.patch
[3] e30b3d3554
2021-02-23 19:46:56 -08:00
David Garske
ac38e53fec
Merge pull request #3804 from tmael/aws-sdk
...
Use Unix line endings
2021-02-23 18:33:07 -08:00
David Garske
e30b3d3554
Merge pull request #3807 from douzzer/distro-reproducible-build
...
--enable-distro implies --enable-reproducible-build
2021-02-23 18:32:04 -08:00
Daniel Pouzzner
9dadd02fb9
configure.ac move --enable-distro handling to top (preceding --enable-reproducible-build handling), and turn on reproducible-build by default when enable-distro; fix spelling error in reproducible-build help text.
2021-02-23 17:05:44 -06:00
Sean Parkinson
3cdbc242b4
Merge pull request #3803 from dgarske/zd11759
...
Fix misplaced endif and brace
2021-02-24 09:04:38 +10:00
Elms
47872224d8
configure: fix for FIPS out-of-tree builds
...
Check for fips files relative to source directory.
2021-02-23 14:17:35 -08:00
David Garske
7a71ec4692
Merge pull request #3802 from tmael/pkcs8err
...
Fix PKCS8 build config
2021-02-23 13:42:17 -08:00
Tesfa Mael
9bfbc999d9
Move variable declarations to the top
2021-02-23 13:21:50 -08:00
TakayukiMatsuo
2d0207fc60
Fix undeclared identifier errors
2021-02-24 05:38:28 +09:00
JacobBarthelmeh
0dfdf92ff7
Merge pull request #3784 from elms/cmake_curve_ed
...
configure: ED448 to enable SHA3 and SHAKE256 properly
2021-02-24 03:20:38 +07:00
toddouska
5eba89c3ca
Merge pull request #3742 from julek-wolfssl/error-queue-per-thread
...
Add --enable-error-queue-per-thread
2021-02-23 12:02:16 -08:00
toddouska
ef916df1b1
Merge pull request #3761 from JacobBarthelmeh/Release
...
update changelog and bump version to 4.7.1 for development bundles
2021-02-23 12:00:59 -08:00
toddouska
60614ff8b1
Merge pull request #3772 from SparkiDev/sp_ecdsa_set_k
...
SP ECDSA sign: fix multiple loops work of generating k
2021-02-23 12:00:21 -08:00
toddouska
a1db869491
Merge pull request #3775 from haydenroche5/openldap
...
Add a define to openssl/ssl.h needed for openldap port.
2021-02-23 11:58:37 -08:00
toddouska
363185669a
Merge pull request #3776 from cconlon/pkcs7testfix
...
fix wolfCrypt PKCS#7 test when PKCS7_OUTPUT_TEST_BUNDLES is defined
2021-02-23 11:58:00 -08:00
toddouska
e471cba8df
Merge pull request #3780 from SparkiDev/tls13_key_up_resp
...
TLS 1.3: add API to tell if a KeyUpdate response is required
2021-02-23 11:57:10 -08:00
Tesfa Mael
d3c8720b56
Use Unix line endings
2021-02-23 11:54:02 -08:00
toddouska
244accece1
Merge pull request #3799 from SparkiDev/sp_gcd_protect
...
SP int: fix guard around sp_gcm and sp_lcm
2021-02-23 11:53:25 -08:00
David Garske
6cc137dce0
Fix misplaced endif and brace.
2021-02-23 10:22:59 -08:00
TakayukiMatsuo
760ea219a8
Fix for "unused variable" warning
2021-02-24 02:33:46 +09:00
Tesfa Mael
b199c2e444
Fix PKCS8 test
2021-02-23 09:33:14 -08:00
TakayukiMatsuo
c0a9f86de3
Move some variable declarations to the beginning of the block
2021-02-24 01:33:51 +09:00
TakayukiMatsuo
362d2a2d68
Moved int pos declaration at the top the func
2021-02-24 01:07:45 +09:00
Juliusz Sosinowicz
d074e7443f
Remove default ticket cb as this will be added in another PR
2021-02-23 10:06:11 +01:00
Sean Parkinson
22349e0539
Merge pull request #3800 from dgarske/zd11759
...
Fixes for warnings in Windows and failing `wc_BufferKeyEncrypt` test
2021-02-23 17:07:14 +10:00
TakayukiMatsuo
9e4dcfb66c
Add wolfSSL_BIO_tell
2021-02-23 11:12:12 +09:00
David Garske
b5239f97c4
Fixes for warnings in Windows. Fix for failing wc_BufferKeyEncrypt with PBKDF disabled. ZD 11759.
2021-02-22 16:51:17 -08:00
David Garske
3ac40be091
Merge pull request #3797 from tmael/builderr
...
Correct a build error with a non-standard configurations
2021-02-22 16:33:01 -08:00
Sean Parkinson
d2f9f4c4ce
SP int: fix guard around sp_gcm and sp_lcm
2021-02-23 10:21:32 +10:00
Sean Parkinson
fc6394b923
Merge pull request #3796 from elms/fix_valgrind_fpecc
...
tests: fix preprocessor test for gcd/lcm
2021-02-23 09:42:35 +10:00
TakayukiMatsuo
a7cca8a99b
Fix wolfSSL_EVP_PKEY_print_public
2021-02-23 07:57:45 +09:00
John Safranek
e9cdcf5bac
Merge pull request #3764 from embhorn/zd11668
...
Fix typo
2021-02-22 14:12:12 -08:00
Tesfa Mael
243c3ceacc
Fix build err
2021-02-22 13:36:21 -08:00
Elms
c4d2e7cfdb
configure: split SHA3 and SHAKE256 to work with ED448
...
Define flags and defaults early, but set CFLAGS later to allow
override.
2021-02-22 10:14:21 -08:00
Elms
451b8ede51
tests: fix preprocessor test for gcd/lcm
...
Fixes `--enable-valgrind --enable-fpecc --enable-ecc` build
2021-02-22 09:53:55 -08:00
TakayukiMatsuo
b495e12179
Fix such as "for loop initial declaration"
2021-02-23 02:29:37 +09:00
TakayukiMatsuo
e25284c690
Add wolfSSL_EVP_PKEY_print_public
2021-02-22 23:51:27 +09:00
TakayukiMatsuo
49d1b859d4
Add wolfSSL_EVP_Encode/Decode APIs
2021-02-22 17:51:44 +09:00
TakayukiMatsuo
4264a49246
Causes SSL_CTX_load_verify_locations and X509_LOOKUP_load_file to return zero on failure if WOLFSSL_ERR_CODE_OPENSSL is defined
2021-02-22 08:05:11 +09:00
Sean Parkinson
41c4a25b25
Merge pull request #3785 from embhorn/zd11752
...
Fix ret val for wolfSSL_BIO_set_ssl
2021-02-22 08:34:47 +10:00
Fabian Keil
1b319804ad
configure: When enabling --enable-sp-asm, accept host_cpu amd64 as alternative to x86_64
...
Allows to use --enable-sp-asm on ElectroBSD amd64.
Previouly configure failed with:
configure: error: ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm
2021-02-20 14:25:05 +01:00
Tesfa Mael
c7b1dc8f94
Fix Cryptocell ECC tests
2021-02-19 16:39:45 -08:00
Eric Blankenhorn
ebb2c7ae71
Fix ret val for wolfSSL_BIO_set_ssl
2021-02-19 16:35:01 -06:00
David Garske
078d78a884
Merge pull request #3782 from JacobBarthelmeh/Async
2021-02-19 14:24:09 -08:00
Elms
31d3dfdd4d
configure: ED448 to enable SHA3 and SHAKE256 properly
...
SHA3 and SHAKE256 are required for ED448, but were potentially
overwritten after being set when ED448, specifically others than
x86_64/aarch64
2021-02-19 13:18:52 -08:00
Jacob Barthelmeh
3079ca4d6a
add comment that use is blocking and adjust indentation
2021-02-20 02:54:10 +07:00
JacobBarthelmeh
8d7c61cf10
prep for Async release
2021-02-19 11:51:23 -07:00
Fabian Keil
2002ae9dca
tests/api.c: Fix build with NO_WOLFSSL_STUB defined
2021-02-19 05:45:19 +01:00
Fabian Keil
400a1d6927
Compile wolfSSL_ASN1_TIME_set_string() independently of NO_WOLFSSL_STUB
2021-02-19 05:45:09 +01:00
Sean Parkinson
8fabb9e9bb
Merge pull request #3767 from dgarske/rsapubonly
...
Fixes for building with RSA verify or public only
2021-02-19 10:36:00 +10:00
Sean Parkinson
fa7b5f55ee
TLS 1.3: add API to tell if a KeyUpdate response is required
2021-02-19 10:21:08 +10:00
David Garske
31c76dcc1a
Merge pull request #3777 from elms/cmake/configure_test_paths
...
cmake: configure `test_paths.h`
2021-02-18 15:02:19 -08:00
Elms
70ddaf8f2e
cmake: configure test_paths.h
2021-02-18 12:17:55 -08:00
Chris Conlon
4da0328e1a
fix wolfCrypt PKCS#7 test when PKCS7_OUTPUT_TEST_BUNDLES is defined
2021-02-18 12:14:48 -07:00
David Garske
10be54054e
Minor fixes for build errors and bad macro names.
2021-02-18 10:55:47 -08:00
David Garske
c62b48f7d0
Fixes for building with RSA public or verify only. Fixes issue with reserved "div" keyword as variable name. ZD11585
2021-02-18 07:47:00 -08:00
Hayden Roche
2290d1b4c8
Add a define to openssl/ssl.h needed for openldap port.
2021-02-18 09:17:47 -06:00
Sean Parkinson
3bf9b49274
SP ECDSA sign: fix multiple loops work of generating k
...
Support only one loop of generated k.
2021-02-18 09:06:50 +10:00
Sean Parkinson
ad58478d29
Merge pull request #3765 from embhorn/zd11703
...
Validate name size
2021-02-18 08:42:26 +10:00
Sean Parkinson
276e090a1f
Merge pull request #3763 from embhorn/zd11726
...
Adding wolfSSL_CTX_get_TicketEncCtx
2021-02-18 08:35:03 +10:00
Sean Parkinson
5dc6de3063
Merge pull request #3771 from JacobBarthelmeh/Testing
...
fix build for apache without tls 1.3
2021-02-18 08:19:29 +10:00
Eric Blankenhorn
caa39f78ae
Fix from review and leak in wolfSSL_X509_get_serialNumber
2021-02-17 13:53:30 -06:00
Eric Blankenhorn
d31f184c49
Adding tests
2021-02-17 13:34:38 -06:00
Eric Blankenhorn
608083f559
Add more checks for name->sz
2021-02-17 12:19:42 -06:00
Jacob Barthelmeh
4def38dd7e
fix build for apache without tls 1.3
2021-02-17 18:23:03 +07:00
Sean Parkinson
7ce3860e19
MP small: mp_add_d doesn't support adding a digit greater than MP_DIGIT_MAX
2021-02-17 09:24:22 +10:00
Sean Parkinson
80e75c3db8
Merge pull request #3766 from guidovranken/zd11733
...
Better error propagation in _fp_exptmod_ct
2021-02-17 08:45:43 +10:00
David Garske
cc37227f18
Merge pull request #3762 from guidovranken/zd11732
...
Fix memory leak in fp_gcd
2021-02-16 13:04:10 -08:00
Eric Blankenhorn
806b5d7d23
Validate name size
2021-02-16 14:58:58 -06:00
Guido Vranken
b47809e718
Better error propagation in _fp_exptmod_ct
2021-02-16 19:54:59 +01:00
Jacob Barthelmeh
3a9d533d2c
update changelog with researchers names, thanks Aina and Olivier
2021-02-17 00:04:16 +07:00
Jacob Barthelmeh
5f3ee2985c
bump version for development bundles
2021-02-16 23:57:47 +07:00
Guido Vranken
7bd3cccd87
Fix memory leak in fp_gcd
...
ZD 11732
2021-02-16 17:47:00 +01:00
Juliusz Sosinowicz
b8f841599c
Add --enable-error-queue-per-thread
2021-02-16 16:08:13 +01:00
Juliusz Sosinowicz
89fd0b375b
Correctly read anon cipher run-time options
2021-02-16 14:27:19 +01:00
Juliusz Sosinowicz
9265c3f71f
Use native API for ticket callback
2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
0ae1a8b8c5
Jenkins fixes
...
- Change pushCAx509Chain to an iterative implementation
- Fix variable names shadowing global names
2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
e80158a96e
Set full chain with known CA's in wolfSSL_set_peer_cert_chain
2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
b90862fa3f
Free OcspEntry.status only when the struct owns the pointer
2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
26df833074
Compat layer session tickets
...
- OpenSSL uses an internal mechanism by default for session tickets. This is now implemented for OPENSSL_EXTRA in wolfSSL.
- Add testing of wolfSSL_CTX_set_tlsext_ticket_key_cb
2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
9a1e54cfd5
Nginx 1.19.6 Fixes
2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
b63f43a2af
Nginx 1.19.6
...
- Implement X509_pubkey_digest
- Initialize entire WOLFSSL_X509_NAME struct to zero
- Set raw and rawLen when copying WOLFSSL_X509_NAME
2021-02-16 14:25:45 +01:00
Jacob Barthelmeh
8f88ac7442
add note about s/mime addition to changelog
2021-02-16 08:35:21 +07:00
toddouska
830de9a9fb
Merge pull request #3760 from JacobBarthelmeh/Release
...
prepare for release v4.7.0
2021-02-15 14:29:51 -08:00
toddouska
30462fcf95
Merge pull request #3756 from SparkiDev/sp_math_dh_agree
...
DH SP math: return key size error with DH Agree
2021-02-15 12:26:04 -08:00
toddouska
917205442b
Merge pull request #3757 from SparkiDev/sp_smallstack_fixes
...
sp_lcm small stack: fix size of temporary
2021-02-15 12:25:13 -08:00
toddouska
888fab501b
Merge pull request #3758 from SparkiDev/sp_exch_fix
...
SP math all: sp_exch fixed up
2021-02-15 12:23:28 -08:00
toddouska
742731a65f
Merge pull request #3759 from JacobBarthelmeh/Testing
...
fix for haproxy and nginx build, remove execute bit on certs
2021-02-15 12:21:56 -08:00
Jacob Barthelmeh
847938f4d6
prepare for release v4.7.0
2021-02-16 02:41:37 +07:00
Eric Blankenhorn
b7b07e1945
Adding wolfSSL_CTX_get_TicketEncCtx
2021-02-15 11:28:46 -06:00
Jacob Barthelmeh
f4519018eb
remove execute bit on smime bundles
2021-02-15 23:33:31 +07:00
Jacob Barthelmeh
0b0f370384
fix for haproxy and nginx build
2021-02-15 22:09:44 +07:00
Sean Parkinson
ba1c67843a
Merge pull request #3752 from JacobBarthelmeh/Jenkins
...
changes from nightly Jenkins test review
2021-02-15 16:32:40 +10:00
JacobBarthelmeh
c5190d1294
Merge pull request #3753 from dgarske/wpas_revert
...
Fixes for hostapd (revert some configure.ac changes in PR #3289 )
2021-02-15 09:45:27 +07:00
Sean Parkinson
e4f8545e36
SP math all: sp_exch fixed up
2021-02-15 10:29:45 +10:00
Sean Parkinson
e187a74b1c
sp_lcm small stack: fix size of temporary
...
Temporary sp_int needs to be allocated to be 1 digit larger than a or b
for the div operation.
Change sp_div to check sizes of r and rem when passed in.
Fix sp_invmod, sp_gcm, sp_submod to use temporary sp_int sizes that work
with calls to sp_div().
2021-02-15 09:48:18 +10:00
Sean Parkinson
4b1c89ab38
DH SP math: return key size error with DH Agree
...
SP math requires SP to support DH operations.
When SP doesn't support bit size, WC_KEY_SIZE_E must be returned.
2021-02-15 09:04:43 +10:00
Sean Parkinson
505514415d
Merge pull request #3748 from JacobBarthelmeh/Testing
...
always check index into certs
2021-02-15 08:20:28 +10:00
David Garske
98b5900266
Revert of changes in PR #3289 , which should not have removed the HAVE_SECRET_CALLBACK and WOLFSSL_PUBLIC_ECC_ADD_DBL. These are required for hostapd.
2021-02-12 14:11:17 -08:00
toddouska
fc005f941c
Merge pull request #3750 from embhorn/buffer_conflict
...
Fix use of 'buffer' in test
2021-02-12 13:59:18 -08:00
Elms
bde1a2209a
tests: add include for ecc.h to fix compile error
...
fix testsuite implicit definition of `wc_ecc_fp_free` with
`./configure --enable-fpecc --enable-ecc --enable-stacksize`
2021-02-13 01:31:01 +07:00
David Garske
f311c9a038
Merge pull request #3751 from SparkiDev/aes_gcm_type
...
AES-GCM type fixes: internal functions now have word32 type parameters
2021-02-12 10:12:26 -08:00
Jacob Barthelmeh
1c852f60ab
fix for g++ build
2021-02-12 23:26:54 +07:00
Jacob Barthelmeh
7e72fafd44
do not turn on FP_64BIT by default on Aarch64
2021-02-12 23:16:04 +07:00
Jacob Barthelmeh
a49c867b38
increase test buffer size for updated pkcs7 bundle
2021-02-12 23:16:04 +07:00
Jacob Barthelmeh
0938a0055d
always use MAX_CHAIN_DEPTH for args->certs buffer
2021-02-12 15:18:14 +07:00
Sean Parkinson
3926ccd39b
AES-GCM type fixes: internal functions now have word32 type parameters
...
Lengths were signed int for decrypt while unsigned int for encrypt.
Use word32 across the board.
Also fix AES-NI code on Windows to cast lengths to word64 before
multiplying by 8 to avoid averflow.
2021-02-12 08:30:08 +10:00
Eric Blankenhorn
2ac826c37e
Fix use of 'buffer' in test
2021-02-11 15:58:26 -06:00
toddouska
ae073b7ce2
Merge pull request #3741 from elms/test/openssl_distcheck_fix
...
testing: fix openssl test for `distcheck`
2021-02-11 13:53:09 -08:00
toddouska
81dcf0d28b
Merge pull request #3640 from tmael/evp_rsa2
...
Remove EVP_PKEY_RSA2
2021-02-11 13:51:46 -08:00
toddouska
1283a4d9f0
Merge pull request #3686 from embhorn/zd11571
...
Fix Free/SafeRTOS with XMALLOC_USER
2021-02-11 13:50:55 -08:00
toddouska
d40ea03621
Merge pull request #3703 from SparkiDev/sp_int_malloc
...
SP int: Rework allocation of temporaries
2021-02-11 13:49:45 -08:00
toddouska
f0ce6ada0f
Merge pull request #3702 from guidovranken/zd11603
...
Prevent dangling pointer in TLSX_Cookie_Use
2021-02-11 12:31:02 -08:00
toddouska
3eeeb39fb7
Merge pull request #3711 from dgarske/ecc_encrypt_rng
...
Fix for `--enable-eccencrypt` with timing resistance enabled
2021-02-11 12:28:13 -08:00
toddouska
80b9949052
Merge pull request #3739 from kaleb-himes/FusionRTOS-Porting-R3
...
Fusion RTOS porting round 3
2021-02-11 12:25:55 -08:00
JacobBarthelmeh
e87e818c6e
Merge pull request #3749 from dgarske/zd11624_pkcs11
...
Fix another PKCS11 case where the ECC key type is not set
2021-02-12 01:36:41 +07:00
Eric Blankenhorn
2c2bdca200
Fix typo
2021-02-11 12:27:43 -06:00
toddouska
39cb84de25
Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff
...
OpenVPN master additions
2021-02-11 08:56:45 -08:00
David Garske
f006479645
Fix another PKCS11 case where the ECC key type is not set and causes failures. Broke in PR #3687 .
2021-02-11 08:04:58 -08:00
Jacob Barthelmeh
90140fc5a4
always check index into certs
2021-02-11 21:50:51 +07:00
David Garske
d05dc921a7
Merge pull request #3745 from douzzer/enable-reproducible-build
2021-02-11 06:39:28 -08:00
Daniel Pouzzner
d64315a951
configure.ac: add --enable-reproducible-build: put ar and ranlib in deterministic mode, and leave LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS out of the generated config.h. relates to PR #3417 .
2021-02-11 00:12:05 -06:00
Sean Parkinson
b330196c28
SP int: Rework allocation of temporaries
...
Allocate only as much is as needed.
Use macros to simplify code.
Don't use an sp_int if you can use an array of 'sp_int_digit's.
2021-02-11 10:34:40 +10:00
toddouska
acdc267104
Merge pull request #3718 from SparkiDev/sp_int_fast_nct
...
SP int: allow faster NCT exptmod to be compiled in
2021-02-10 16:14:39 -08:00
toddouska
032cc1645c
Merge pull request #3713 from SparkiDev/tls_def_sess_ticket_cb
...
TLS Session Ticket: default encryption callback
2021-02-10 16:13:33 -08:00
toddouska
389a5e0301
Merge pull request #3684 from SparkiDev/sp_fixes_5
...
SP fixes: even mod testing, ECC compilation with SP
2021-02-10 16:10:21 -08:00
toddouska
6983aa9331
Merge pull request #3700 from SparkiDev/sp_math_lshb
...
SP math lshb: check space for result
2021-02-10 16:01:27 -08:00
toddouska
67b1280bbf
Merge pull request #3545 from kabuobeid/smime
...
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-10 15:59:32 -08:00
Sean Parkinson
0403f5f18d
Merge pull request #3744 from JacobBarthelmeh/Certs
...
run renewcerts.sh script
2021-02-11 09:43:49 +10:00
Sean Parkinson
5151e1f749
Merge pull request #3715 from JacobBarthelmeh/Testing
...
openssl x509 small with req cert gen
2021-02-11 09:39:15 +10:00
Sean Parkinson
7efaf14fce
Merge pull request #3727 from JacobBarthelmeh/Prime
...
check prime is prime with ecc compressed keys
2021-02-11 09:22:40 +10:00
Elms
d67934f6b8
scripts: remove use of realpath and fix external.test
...
`external.test` could fail quietly for not finding `ping.test` for
out-of-tree builds. Make it look relative to the script location.
2021-02-10 14:18:32 -08:00
JacobBarthelmeh
ac96e58928
Merge pull request #3743 from dgarske/zd11624
...
Fix for copy/paste error for ECC key type
2021-02-11 04:02:54 +07:00
Jacob Barthelmeh
41e5e547c4
run renewcerts.sh script
2021-02-11 03:12:54 +07:00
kaleb-himes
223ba43c2c
Add debug message regarding failure
2021-02-10 12:15:43 -07:00
kaleb-himes
9e6ab4ab70
Address indendation, fix return on stub, remove warning
2021-02-10 11:26:29 -07:00
David Garske
c9c4a7ee68
Fix spelling errors.
2021-02-10 10:17:51 -08:00
David Garske
0c75099111
Fix for copy/paste error in PR 3728, which makes sure the ECC key type is specified.
2021-02-10 10:14:31 -08:00
kaleb-himes
4c171524dd
Address missed CloseSocket item and revert some white space changes
2021-02-10 09:14:54 -07:00
Elms
9b6f382b2c
testing: fix openssl test for distcheck
...
Previously missed case of cert locations for out-of-tree build. Use
relative path from script location for certificate path
2021-02-10 07:15:22 -08:00
Jacob Barthelmeh
3c0563908f
openssl x509 small with req cert gen
...
add test for build case with x509small and add back in function
adjust macro guard for i2d_X509_NAME implementation
add macro guard on test case
2021-02-10 21:48:29 +07:00
kaleb-himes
7e428f90f2
Revert zero return, to be handled in stand-alone PR
2021-02-10 05:31:57 -07:00
kaleb-himes
15f9902e94
Address new file issue by Jenkins and peer feedback on return val of time
2021-02-10 04:16:34 -07:00
Sean Parkinson
64bc4b663d
SP fixes: even mod testing, ECC compilation with SP
...
Even mod inversion will sometimes work with integer.c.
Don't call SP code to perform ECC ops unless WOLFSSL_HAVE_SP_ECC is
defined.
2021-02-10 14:38:58 +10:00
Sean Parkinson
794cb5c7a9
TLS Session Ticket: default encryption callback
...
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
2021-02-10 14:31:54 +10:00
kaleb-himes
89b97a0fbf
Implement peer feedback
2021-02-09 18:42:23 -07:00
toddouska
b704c3b3f8
Merge pull request #3693 from SparkiDev/curve448_ppc64
...
Curve448 PPC64: 'char' is not always signed - use type 'sword8'
2021-02-09 16:08:06 -08:00
toddouska
75d0496f77
Merge pull request #3722 from SparkiDev/sp_clang_fix
...
test.c: don't check key NULL when not small stack
2021-02-09 16:07:04 -08:00
toddouska
157ad65a6e
Merge pull request #3677 from SparkiDev/ecdsa_keep_e
...
ECDSA: don't modify the e mp_int (hash) value
2021-02-09 16:06:05 -08:00
toddouska
47b2e8342b
Merge pull request #3698 from SparkiDev/sp_math_no_asm_fix
...
SP math: fix one word Montgomery Reduction for non-asm
2021-02-09 16:04:38 -08:00
toddouska
32424f715c
Merge pull request #3699 from SparkiDev/sp_ecdsa_vfy_fix
...
SP ECC verify: check point for z=0 and set to infinity
2021-02-09 16:02:51 -08:00
toddouska
27475291b1
Merge pull request #3733 from SparkiDev/sp_int_mont_red_size
...
SP int: mont_red - check size of a relative to m
2021-02-09 16:00:24 -08:00
toddouska
ae3706d5e5
Merge pull request #3734 from SparkiDev/sp_int_8_bit
...
SP int: fixes for 8-bit digits
2021-02-09 15:59:26 -08:00
toddouska
2f47934184
Merge pull request #3735 from SparkiDev/sp_int_32_bit
...
SP int SP_WORD_SIZE=32: cast down explicitly
2021-02-09 15:56:49 -08:00
toddouska
fc30f379ee
Merge pull request #3736 from SparkiDev/sp_int_neg_zero
...
SP int neg: fix handling of negative zero and mp_cond_copy
2021-02-09 15:48:21 -08:00
kaleb-himes
cfadc7e25a
Merge branch 'FusionRTOS-Porting-R3' of https://github.com/kaleb-himes/wolfssl into FusionRTOS-Porting-R3
2021-02-09 16:47:44 -07:00
kaleb-himes
3472191af5
Remove ++ from VisualDSP dir, seems to be causing issues with make dist
2021-02-09 16:39:00 -07:00
toddouska
f63f0ccb94
Merge pull request #3740 from SparkiDev/tls13_one_hrr_sh
...
TLS 1.3: Only allow one ServerHello and one HelloRetryRequest
2021-02-09 14:59:10 -08:00
Sean Parkinson
ca3c5bf6c4
SP math lshb: check space for result
2021-02-10 08:58:58 +10:00
toddouska
33bfee0f1a
Merge pull request #3717 from kaleb-himes/OE11_ACVP
...
XSTRNCASECMP for OE11 ACVP (CMSIS RTOS)
2021-02-09 14:52:21 -08:00
Sean Parkinson
9792e062c3
SP int: allow faster NCT exptmod to be compiled in
...
For small builds, this may be needed to get the right performance.
2021-02-10 08:51:32 +10:00
toddouska
9a7aba265a
Merge pull request #3716 from kaleb-himes/OE10_ACVP_OE13_ACVP_WPAA
...
OE10 and OE13 ACVP updates for armv8 PAA
2021-02-09 14:50:42 -08:00
Kaleb Himes
73d7709724
Update comment about location for porting changes.
2021-02-09 15:39:12 -07:00
kaleb-himes
6d23728a56
Fusion RTOS porting round 3
2021-02-09 15:33:06 -07:00
toddouska
250b59f8fd
Merge pull request #3688 from julek-wolfssl/correct-cert-free
...
Use wolfSSL_X509_free to free ourCert
2021-02-09 12:41:12 -08:00
Chris Conlon
012841bba3
Merge pull request #3738 from embhorn/cmp_layer_high
...
Compatibility layer API
2021-02-09 08:33:41 -07:00
David Garske
47d5f6f624
Merge pull request #3714 from SparkiDev/sp_int_rsavfy
2021-02-09 07:28:40 -08:00
Chris Conlon
71b495c422
Merge pull request #3712 from miyazakh/RND_bytes
...
handle size greater than RNG_MAX_BLOCK_LEN
2021-02-09 08:26:30 -07:00
Sean Parkinson
5818923762
Merge pull request #3723 from douzzer/AesCcmEncrypt-zero-inSz-null-in
...
AES-CCM null payload buffers with inSz zero
2021-02-09 17:22:03 +10:00
Daniel Pouzzner
bdd4ceb445
aes.c: fix overwide code text in wc_AesCcmEncrypt().
2021-02-08 21:50:29 -06:00
Sean Parkinson
4d70d3a3c4
TLS 1.3: Only allow one ServerHello and one HelloRetryRequest
2021-02-09 12:51:53 +10:00
Sean Parkinson
539ef512fc
SP int neg: fix handling of negative zero and mp_cond_copy
...
mp_cond_copy: copy sign when available.
Check for zero and ensure sign is MP_ZPOS.
2021-02-09 11:03:06 +10:00
Kareem Abuobeid
a4e819c60a
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-08 17:14:37 -07:00
Sean Parkinson
763f388471
SP int: get rsavfy and rsapub working again
2021-02-09 09:58:23 +10:00
toddouska
0d499a28e5
Merge pull request #3725 from elms/build/fix_distcheck
...
build: fix `make distcheck`
2021-02-08 15:57:04 -08:00
Sean Parkinson
3217c7afae
Merge pull request #3732 from miyazakh/setverifydepth
...
issue callback when exceeding depth limit rather than error out
2021-02-09 09:51:45 +10:00
toddouska
f14f1f37d2
Merge pull request #3673 from elms/ssl_api/get_verify_mode
...
SSL: add support for `SSL_get_verify_mode`
2021-02-08 15:40:19 -08:00
toddouska
58f9b6ec01
Merge pull request #3676 from SparkiDev/tls13_blank_cert
...
TLS 1.3: ensure key for signature in CertificateVerify
2021-02-08 15:27:05 -08:00
Daniel Pouzzner
7a583d5b4b
aesccm_test(): test for (and require) BAD_FUNC_ARG when in or out pointer to wc_AesCcm{En,De}crypt() is null and inSz > 0.
2021-02-08 16:43:38 -06:00
Daniel Pouzzner
b8a019dedd
AES-CCM: allow null payload buffers in wc_AesCcmEncrypt() and wc_AesCcmDecrypt() when inSz is zero, and add to aesccm_test() a test for this, tolerating early BAD_FUNC_ARG (for FIPS and arch-specific 3rd party code), and a test for the zero-length string, that must succeed.
2021-02-08 16:34:09 -06:00
David Garske
dda4c3b3c4
Merge pull request #3724 from embhorn/zd11646
...
Move var declaration to top
2021-02-08 11:09:28 -08:00
Elms
12eddee104
scripts: fix tests for out of tree distcheck
...
Copying or using certs from directory relative to scripts source directory.
2021-02-08 10:43:31 -08:00
Eric Blankenhorn
6cff3f8488
Adding X509_LOOKUP_ctrl
2021-02-08 12:17:14 -06:00
Eric Blankenhorn
47b9c5b054
Adding X509_STORE_CTX API
2021-02-08 08:25:14 -06:00
Eric Blankenhorn
de47b9d88a
Adding X509_VERIFY_PARAM API
2021-02-08 08:25:14 -06:00
Jacob Barthelmeh
812b44d58e
guard check on prime with macro WOLFSSL_VALIDATE_ECC_IMPORT
2021-02-08 20:25:01 +07:00
Sean Parkinson
36d124ed2f
Merge pull request #3730 from guidovranken/zd11650
...
SP math: Better error propagation
2021-02-08 14:17:43 +10:00
Sean Parkinson
c3cc36c55f
SP int SP_WORD_SIZE=32: cast down explicitly
2021-02-08 13:20:12 +10:00
Sean Parkinson
7986b37aa5
SP int: fixes for 8-bit digits
...
Fix mask type in mp_cond_copy to be at least 16 bits to handle 'used'
being larger than 8-bit but mp_digit being 8-bit.
When large numbers are used with 8-bit words, mul/sqr partial sums will
overflow a word. Fix implementations to handle this.
2021-02-08 12:24:28 +10:00
Hideki Miyazaki
f13186827a
issue callback when exceeding depth limit rather than error out
2021-02-08 11:01:45 +09:00
Sean Parkinson
aefddaf2b8
SP int: mont_red - check size of a relative to m
2021-02-08 10:07:15 +10:00
Jacob Barthelmeh
cced2038b8
conditional compile and check on idx
2021-02-08 06:10:04 +07:00
Guido Vranken
358dbd5090
_sp_exptmod_base_2: Break out of loops on error
2021-02-08 00:09:29 +01:00
Sean Parkinson
2933db8915
Merge pull request #3729 from guidovranken/zd11649
...
SHA 256,512: Only write hash if no error has occurred
2021-02-08 08:47:51 +10:00
Sean Parkinson
ea4b3110e8
Merge pull request #3728 from dgarske/zd11624
...
Fix for PKCS11 not properly exporting the public key due to a missing key type field
2021-02-08 08:32:04 +10:00
Guido Vranken
bc707d67c3
SP math: Better error propagation
...
ZD 11650
2021-02-06 09:09:41 +01:00
Guido Vranken
3fd2647383
SHA 256,512: Only write hash if no error has occurred
...
ZD 11649
2021-02-06 08:15:30 +01:00
Jacob Barthelmeh
644636e0f8
only check prime value with custom curves
2021-02-06 05:46:19 +07:00
Elms
e26f1529c0
build: revert change so make generates testsuite.test
...
A change to `include.am` caused `make check` to generate, but `make`
without arguments to not generate it.`
2021-02-05 14:39:07 -08:00
Elms
c17597a4fb
build: arbitrary path for make check
...
To support builds in other directories, unit.test and wolfcrypt test
must be aware of the source and build directory.
2021-02-05 12:10:32 -08:00
David Garske
70b382e6cf
Fix for PKCS11 not properly exporting the public key due to a missing key type field. This broke due to changes in PR #3687 . Also resolved mismatch of enum types for the key type check.
2021-02-05 11:49:31 -08:00
Jacob Barthelmeh
c2be5dbe2b
check prime is prime with ecc compressed keys
2021-02-06 01:54:25 +07:00
Elms
93ea355217
build: fix make distcheck
...
Need to check if `unit.test` was run from make process and set
different path to run unit test executable.
Writing files in the dist is not allowed during distcheck so write
files to subdirectory used build during distmake
2021-02-05 07:25:07 -08:00
Eric Blankenhorn
e4d79bf49e
Move var declaration to top
2021-02-05 08:41:42 -06:00
Sean Parkinson
c4afce76f7
test.c: don't check key NULL when not small stack
2021-02-05 14:57:00 +10:00
kaleb-himes
4ade6eb802
XSTRNCASECMP for OE11 ACVP (CMSIS RTOS)
2021-02-03 16:03:20 -07:00
kaleb-himes
776964f7c7
OE10 and OE13 ACVP updates for armv8 PAA
2021-02-03 15:38:08 -07:00
Hideki Miyazaki
431e1c8ffe
handle size greater than RNG_MAX_BLOCK_LEN
2021-02-03 12:23:36 +09:00
David Garske
714aa97490
Merge pull request #3710 from cconlon/0202
...
fix and update README.md markdown
2021-02-02 16:15:53 -08:00
David Garske
72a8a1069a
Fix to only set missing RNG if needed. Resolves unit test, which already sets the RNG on the private key and the incoming context is not provided (use local).
2021-02-02 14:16:21 -08:00
David Garske
04e7fa3657
Fix for --enable-eccencrypt with timing resistance enabled. The ECC shared secret was missing the RNG. Fixes https://github.com/wolfSSL/wolfssl-examples/issues/243
2021-02-02 13:55:42 -08:00
Chris Conlon
7eb71b1bb1
Merge pull request #3344 from guidovranken/PKCS7_EncodeSigned-leak-fix
...
Check the right size before freeing flatSignedAttribs in PKCS7_EncodeSigned
2021-02-02 13:53:20 -07:00
Guido Vranken
f833d96ba3
Check the right size before freeing flatSignedAttribs in PKCS7_EncodeSigned
2021-02-02 10:15:00 -08:00
Chris Conlon
30c1c4a4f8
fix and update README.md markdown
2021-02-02 10:38:09 -07:00
Juliusz Sosinowicz
542e0d79ec
Jenkins Fixes
...
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
8a669615f8
Generate correct GCM tag
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
921fd34876
Detect version even if not compiled in
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
69dca4fd08
Rebase fixes
...
- wolfSSL_CTX_set1_groups_list and wolfSSL_set1_groups_list should use wolfSSL_CTX_set1_groups and wolfSSL_set1_groups respectively because it converts to correct groups representation
- Change to using "SHA1" as main name for SHA1
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
46821196ab
Fix call to wolfSSL_connect when in wolfSSL_connect_TLSv13
...
If a client is:
- TLS 1.3 capable
- calls connect with wolfSSL_connect_TLSv13
- on an WOLFSSL object that allows downgrading
then the call to wolfSSL_connect should happen before changing state to HELLO_AGAIN. Otherwise wolfSSL_connect will assume that messages up to ServerHelloDone have been read (when in reality only ServerHello had been read).
Enable keying material for OpenVPN
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
ff43d39015
GCC complains about empty if
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
f5cf24dbdc
SHA1 should not be called SHA. Leave alias for compatibility.
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
5d5d2e1f02
Check that curves in set_groups functions are valid
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
c18701ebe7
Implement RFC 5705: Keying Material Exporters for TLS
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
fdde2337a4
Add static buffer to wolfSSL_ERR_error_string
...
Add ED448 and ED25519 to wolfssl_object_info
Add more error messages
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
6ed45a23d9
Fix getting cipher suites in compat layer
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
294e46e21a
Set options when creating SSL
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
3494218d98
Implement missing functionality for OpenVPN 2.5
2021-02-02 12:06:11 +01:00
David Garske
5577a2215f
Merge pull request #3708 from JacobBarthelmeh/Testing
2021-02-01 10:11:16 -08:00
David Garske
ab5f9831ab
Merge pull request #3707 from douzzer/test-openssl-small-stack
...
wolfcrypt/test/test.c: smallstack refactor of openssl test routines.
2021-02-01 09:30:04 -08:00
Jacob Barthelmeh
a7066a9be2
add stdint to test.c if using non blocking ecc test
2021-02-01 23:07:03 +07:00
Jacob Barthelmeh
fd01f79f86
add guard for rsa public only
2021-01-31 23:43:53 +07:00
Daniel Pouzzner
d14f4f8451
wolfcrypt/test/test.c: smallstack refactor of openssl test routines.
2021-01-30 00:01:15 -06:00
David Garske
f5f19fda42
Merge pull request #3704 from douzzer/aesgcm-table-small-stack
...
--enable-aesgcm=table --enable-smallstack
2021-01-29 19:53:08 -08:00
Daniel Pouzzner
d0b20f90d5
wolfcrypt/test/test.c: use HEAP_HINT, not NULL, for XREALLOC() too.
2021-01-29 20:16:51 -06:00
Daniel Pouzzner
8c0100e60e
blake2b.c/blake2s.c: refactor so that smallstack code paths match performance of !smallstack path.
2021-01-29 17:19:42 -06:00
Daniel Pouzzner
a332cf36b5
add DYNAMIC_TYPE_AES and DYNAMIC_TYPE_CMAC to enum in types.h, and use these where appropriate;
...
in test.c: use use HEAP_HINT, not NULL in XMALLOC/XFREE calls;
fix a couple typos in aes_test() re WOLFSSL_ASYNC_CRYPT;
add various missing WOLFSSL_SMALL_STACK_STATIC qualifiers;
and streamline old smallstack refactor on-stack declarations declarations to use the much neater [1] construct.
2021-01-29 17:17:31 -06:00
David Garske
eae4124908
Merge pull request #3705 from lechner/repology-packaging-status
...
Show packaging status across Linux distributions in README.md
2021-01-29 14:48:26 -08:00
Felix Lechner
2033970369
Show packaging status across Linux distributions in README.md (from Repology)
...
Repology offers badges for wolfSSL's packaging status across all known
Linux distributions. [1] In Markdown documents, the HTML version with
a right-hand alignment uses up less space. It is added here.
The badge itself provides a hyperlink to more information [2]
including repositories in which wolfSSL is not yet represented.
[1] https://repology.org/project/wolfssl/badges
[2] https://repology.org/project/wolfssl/versions
2021-01-29 10:40:32 -08:00
Daniel Pouzzner
0f6ae330da
wolfcrypt: smallstack refactors of AES code for lkm compatibility with --enable-aesgcm=table.
2021-01-28 22:51:28 -06:00
Sean Parkinson
91299c5abd
Merge pull request #3701 from dgarske/pkcs7_devId
...
Fixes for PKCS7 with crypto callback (devId) with RSA and RNG
2021-01-29 10:56:41 +10:00
David Garske
4f6deb8ae9
Merge pull request #3594 from haydenroche5/zd10911
...
Fix issue with DoHandShakeMsgType/ShrinkInputBuffer when encryption i…
2021-01-28 16:55:04 -08:00
Hayden Roche
fc845da9f0
Fix issue with DoHandShakeMsgType/ShrinkInputBuffer when encryption is on (e.g.
...
during renegotiation).
This issue was brought to light by ZD 10911. When encryption is on (indicated
by the return value of IsEncryptionOn), DoHandShakeMsgType will finish up by
incrementing the input buffer index past the padding and MAC (if encrypt-then-
mac is enabled). In ProcessReply, if there are more messages to be read, the
index is decremented back before the padding and MAC. The issue arises when
ShrinkInputBuffer is called in between and copies data from the dynamic input
buffer to the static one. That function will get called with the index post-
increment, and thus the padding and MAC won't get copied into the static buffer,
which isn't what we want, since ProcessReply is going to decrement the index
since it thinks the padding and MAC are still there. This commit makes it so
the padding and MAC get included in the call to ShrinkInputBuffer when
encryption is on.
2021-01-28 15:37:00 -06:00
Guido Vranken
3da6b8364e
Prevent dangling pointer in TLSX_Cookie_Use
...
ZD 11603
2021-01-28 18:53:35 +01:00
David Garske
2bd63d27bf
Fixes for PKCS7 with crypto callback (deviceId), where it was not being used for RSA and RNG. ZD 11163.
2021-01-28 09:52:13 -08:00
David Garske
311a0d25dd
Merge pull request #3696 from JacobBarthelmeh/Testing
...
fix for tested x509 small build
2021-01-28 06:59:26 -08:00
Sean Parkinson
590597a0e2
SP ECC verify: check point for z=0 and set to infinity
2021-01-28 14:43:51 +10:00
Sean Parkinson
0ccb0d5fce
SP math: fix one word Montgomery Reduction for non-asm
...
Set the word size for x86.
2021-01-28 09:54:58 +10:00
Jacob Barthelmeh
bbcb98a8f7
fix for tested x509 small build
2021-01-27 23:00:24 +07:00
Sean Parkinson
7486cad291
Curve448 PPC64: 'char' is not always signed - use type 'sword8'
...
Ensure type 'sword8' is signed.
2021-01-27 18:16:25 +10:00
Sean Parkinson
c739b4d474
ECDSA sign: cleanup comments and variables
...
Remove mod at end as mulmod does this.
Change mp_add to mp_addmod_ct to keep the size of numbers to less than
order for mp_mulmod.
2021-01-27 09:39:11 +10:00
John Safranek
a1e083b5b1
Merge pull request #3689 from douzzer/fips-option-check-source
...
configure.ac: check compatibility of chosen FIPS option with source
2021-01-26 12:29:52 -08:00
John Safranek
d0e2566ad8
Merge pull request #3679 from julek-wolfssl/dtls-window
...
Correct old DTLS msg rcv update
2021-01-26 12:20:59 -08:00
Juliusz Sosinowicz
3d4f836c00
Correctly insert out of order msgs to queue
2021-01-26 15:12:08 +01:00
Juliusz Sosinowicz
4da9ade290
Use wolfSSL_X509_free to free ourCert
2021-01-26 11:32:05 +01:00
Daniel Pouzzner
a89087ed2d
configure.ac: check compatibility of chosen FIPS option with the source tree, for early prevention of accidental attempts to build FIPS with non-FIPS source, or non-FIPS with FIPS source.
2021-01-25 17:56:28 -06:00
toddouska
6e0e507dad
Merge pull request #3660 from dgarske/sess_ticket_aes_gcm
...
Added support for AES GCM session ticket encryption
2021-01-25 15:00:03 -08:00
toddouska
f91dcb950c
Merge pull request #3670 from dgarske/keil
...
Fix for ARM Keil MDK compiler issue with `DECLARE_VAR_INIT`.
2021-01-25 14:57:05 -08:00
toddouska
27ef5b9a3d
Merge pull request #3675 from SparkiDev/tls_no_ticket
...
TLS Session Ticket: Option to disable for TLS 1.2 and below
2021-01-25 14:54:10 -08:00
toddouska
f35f57c378
Merge pull request #3683 from SparkiDev/sp_int_mont_red_1
...
SP math all: fix 1 word Montgomery Reduce
2021-01-25 14:47:35 -08:00
toddouska
d201820e3a
Merge pull request #3687 from guidovranken/x963-export-reject-invalid-keys
...
Reject undefined keys (eg. state is ECC_STATE_NONE) from X963 export …
2021-01-25 14:46:59 -08:00
toddouska
cf9e4f0caf
Merge pull request #3518 from julek-wolfssl/openssh-fixes-v2
...
Fixes for openssh
2021-01-25 14:45:56 -08:00
Elms
234bf0c209
SSL: add const for *get_verify_mode to match openSSL
2021-01-25 10:37:50 -08:00
Elms
a2917ae29c
SSL: cleanup verify_mode coding style
2021-01-25 10:29:36 -08:00
David Garske
05e1ee1694
Cleanup to use fixed sizes from defines for DECLARE_VAR. Resolves issue with Visual Studio and using a variable (even const) to declare an array size.
2021-01-25 09:14:12 -08:00
Guido Vranken
29f7eebef7
Reject undefined keys (eg. state is ECC_STATE_NONE) from X963 export functions
...
Additionally, harmonize the failure conditions of wc_ecc_export_x963 and
wc_ecc_export_x963_compressed.
2021-01-25 16:22:21 +01:00
Eric Blankenhorn
f7408560c6
Fix Free/SafeRTOS with XMALLOC_USER
2021-01-25 09:10:15 -06:00
Sean Parkinson
4f0ed55232
SP math all: fix 1 word Montgomery Reduce
...
May have 3 words in partial result before shifting down.
2021-01-25 10:19:27 +10:00
David Garske
fb9836ed28
Merge pull request #3678 from guidovranken/zd11556
...
Fix wc_ecc_sign_hash memory leak. ZD 11556.
2021-01-22 18:06:56 -08:00
Tesfa Mael
d29518ecac
Remove duplicate macro
2021-01-22 13:02:30 -08:00
Elms
21ac86adb3
SSL: refactor SSL verify mode to be more compatible
...
This follows the bit flag pattern closer. Still doesn't support
`SSL_VERIFY_CLIENT_ONCE` and maybe other flags.
2021-01-22 12:17:07 -08:00
David Garske
13468d34e3
Apply same VS fixes to api.c as well.
2021-01-22 10:50:18 -08:00
David Garske
46aee19de3
Fix for Visual Studio issue with non-cost in array declaration.
2021-01-22 10:44:38 -08:00
toddouska
920c443864
Merge pull request #3250 from JacobBarthelmeh/Benchmark
...
add brainpool benchmark
2021-01-22 10:08:21 -08:00
David Garske
cd4dae8f09
Merge pull request #3674 from ejohnstown/alerts
...
Alerts
2021-01-22 09:16:56 -08:00
Juliusz Sosinowicz
b918fb9efe
Correct old DTLS msg rcv update
2021-01-22 14:33:33 +01:00
Jacob Barthelmeh
6fa1556daf
guard -ecc-all with HAVE_SELFTEST macro
2021-01-22 16:13:31 +07:00
Guido Vranken
905f0b1f5a
Fix wc_ecc_sign_hash memory leak. ZD 11556.
2021-01-22 09:55:30 +01:00
Sean Parkinson
a84f1c813a
TLS Session Ticket: Option to disable for TLS 1.2 and below
...
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
2021-01-22 13:19:29 +10:00
Sean Parkinson
9c34ecc130
ECDSA: don't modify the e mp_int (hash) value
...
Multiple loops of generating signatures require the same e value.
2021-01-22 12:51:21 +10:00
Sean Parkinson
fad1e67677
TLS 1.3: ensure key for signature in CertificateVerify
2021-01-22 11:54:53 +10:00
David Garske
9012317f5b
Fix copy/paste typo.
2021-01-21 17:41:11 -08:00
David Garske
1ee40ad7bd
Fix to always init the variable (not just when from heap). Cleanup of the DECLARE_ uses to make sure all allocations succeeded.
2021-01-21 17:12:29 -08:00
John Safranek
6f21995ec5
Alerts
...
Expand the guard around sending the PSK identity alert with a more limited option than enabling it with all the other alerts.
2021-01-21 16:42:54 -08:00
David Garske
4b47bf7b4e
Merge pull request #3090 from lechner/utf8
...
Convert a header file to UTF-8 encoding.
2021-01-21 16:32:27 -08:00
David Garske
2017de1b0f
Merge pull request #3617 from haydenroche5/cmake_user_settings
...
Add support for user settings to CMake.
2021-01-21 16:21:55 -08:00
David Garske
07f459b8d7
Merge pull request #3650 from kojo1/RsaSetRNG
...
add wc_RsaSetRNG to doc
2021-01-21 16:21:00 -08:00
David Garske
830b3cb676
Merge pull request #3653 from kojo1/fopen_binMode
...
binary mode, fopen
2021-01-21 16:20:07 -08:00
David Garske
aa64a8e835
Merge pull request #3672 from embhorn/zd11547
...
Fix FIPS compile errors
2021-01-21 16:08:53 -08:00
Elms
95d83c9856
SSL: refactor to allow session override or mode
2021-01-21 16:03:02 -08:00
toddouska
1acd6dfab2
Merge pull request #3635 from SparkiDev/hmac_openssl_fix
...
HMAC OpenSSL API: initialise HMAC ctx on new and allow key length of 0
2021-01-21 15:57:30 -08:00
toddouska
a8cfc23683
Merge pull request #3642 from SparkiDev/ecdsa_set_k_one_loop
...
ECDSA set k: WOLFSSL_ECDSA_SET_K_ONE_LOOP only tries k and fails when…
2021-01-21 15:56:36 -08:00
toddouska
5837d5e8de
Merge pull request #3649 from dgarske/stm_aesgcm_perf
...
STM32 AES GCM crypto hardware performance improvements
2021-01-21 15:55:58 -08:00
toddouska
85f08466f9
Merge pull request #3655 from SparkiDev/ext_cache_sess
...
SESSION: internal cache sessions can't be freed same as external
2021-01-21 15:54:16 -08:00
toddouska
e9e96dff6a
Merge pull request #3662 from embhorn/gh3659
...
Check method for NULL
2021-01-21 15:50:58 -08:00
toddouska
7b12dddf75
Merge pull request #3666 from SparkiDev/tls13_tick_before_group
...
TLS 1.3: don't group and wait on send session ticket
2021-01-21 15:49:52 -08:00
toddouska
22e6d52b7b
Merge pull request #3667 from SparkiDev/sp_fixes_4
...
SP int: fix _sp_mul_d inclusion checks
2021-01-21 15:49:03 -08:00
toddouska
b825e51d23
Merge pull request #3664 from SparkiDev/sp_math_all_ppc64
...
SP math all: Fixes for PPC64 compiler
2021-01-21 15:48:34 -08:00
toddouska
848ae3e514
Merge pull request #3668 from SparkiDev/jenkins_fixes_2
...
Compress: fix unused vars
2021-01-21 15:46:30 -08:00
toddouska
344ad2a3f8
Merge pull request #3625 from SparkiDev/disable_alg_fix
...
Disable algs: fix code to compile with various algs off/on
2021-01-21 15:45:29 -08:00
John Safranek
fe7be3e15f
Alerts
...
Alerts the server sends between receiving the client's CCS message and before it sends its own CCS message should not be encrypted.
2021-01-21 14:48:10 -08:00
Elms
7112a6dd78
SSL: add test and fix SSL_get_verify_mode
2021-01-21 14:20:27 -08:00
David Garske
fbe5fe1945
Merge pull request #3669 from embhorn/gh3657
...
Protect use of globalRNG
2021-01-21 14:09:59 -08:00
Elms
af3d842663
SSL: add support for SSL_get_verify_mode
2021-01-21 13:45:20 -08:00
John Safranek
3e4c3d13fe
Merge pull request #3671 from julek-wolfssl/dtls-scr-2
...
DTLS secure renegotiation fixes
2021-01-21 13:37:05 -08:00
Eric Blankenhorn
fd8527c15e
Fix FIPS compile errors
2021-01-21 15:27:42 -06:00
Jacob Barthelmeh
b418936f72
account for FIPS and g++ builds
2021-01-22 04:21:23 +07:00
Jacob Barthelmeh
177f4aecb6
add all curves to benchmark
2021-01-22 03:20:41 +07:00
Jacob Barthelmeh
e3fa462d72
add brainpool benchmark of key generation
2021-01-22 02:55:26 +07:00
JacobBarthelmeh
fe37137f12
add brainpool benchmark
2021-01-22 02:44:11 +07:00
Juliusz Sosinowicz
d8a01c6f8b
DTLS: client re-send on duplicate HelloRequest as well
2021-01-21 12:45:16 +01:00
Juliusz Sosinowicz
969de38764
Reset dtls_start_timeout on a timeout
2021-01-21 12:45:16 +01:00
Juliusz Sosinowicz
774fdc9fd6
Free HS data on rehandshake
...
When we call _Rehandshake before we receive application data and the receive application data during the renegotiation process then it is possible for the send queue to be preemptively deleted
2021-01-21 12:45:16 +01:00
David Garske
17f101ef13
Fix for ARM Keil MDK compiler issue with DECLARE_VAR_INIT.
2021-01-20 16:57:30 -08:00
Eric Blankenhorn
02114e7739
Protect use of globalRNG
2021-01-20 16:30:18 -06:00
Eric Blankenhorn
a3cbcf255f
Fix from review
2021-01-20 11:34:02 -06:00
David Garske
57b06f700d
Merge pull request #3656 from haydenroche5/windows_rsa_public_decrypt
...
Allow wolfSSL_RSA_public_decrypt on Windows.
2021-01-20 09:09:49 -08:00
Hayden Roche
12abb5191d
Allow wolfSSL_RSA_public_decrypt on Windows.
2021-01-20 06:57:59 -06:00
Sean Parkinson
55be60a63e
Compress: fix unused vars
...
configure: C_EXTRA_FLAGS="-fdebug-types-section -g1" --disable-memory
--enable-mcapi --enable-ecc --enable-sha512 --with-libz
2021-01-20 13:09:43 +10:00
Sean Parkinson
e3182ff06e
SP int: fix _sp_mul_d inclusion checks
...
configuration: --disable-asn --disable-filesystem --disable-shared --enable-cryptonly --enable-sp=smallrsa2048 --enable-sp-math --disable-dh --disable-ecc --disable-sha224 --enable-rsavfy --enable-rsapss
2021-01-20 12:38:10 +10:00
Sean Parkinson
7ec8d70eee
TLS 1.3: don't group and wait on send session ticket
...
The state machine goes on and frees the handshake resources which frees
the digest for the client Finished message.
2021-01-20 10:57:37 +10:00
David Garske
9044f709c1
Add support for STM32_AESGCM_PARTIAL build option to speedup platforms that allow AAD header sizes that are not a multiple of 4 bytes. ZD 11364.
2021-01-19 13:54:53 -08:00
David Garske
ea5af87de3
Revert of uint32_t and uint8_t changes in PR #3658 , which caused warnings.
2021-01-19 13:54:26 -08:00
David Garske
9ea5041d9d
Benchmark for GMAC (AES GCM GHASH).
2021-01-19 13:42:25 -08:00
John Safranek
eaa1bc1ace
Merge pull request #3595 from julek-wolfssl/dtls-only-resend-on-timeout
...
Only resend previous flight on a timeout from the network layer
2021-01-19 10:43:13 -08:00
David Garske
59305e9346
Fix for new include to pull in the AES GCM IV sizes in FIPS mode.
2021-01-19 07:53:36 -08:00
David Garske
8d1d616b39
Cleanup for the AES GCM IV and CCM IV sizes, which are missing with some FIPS builds.
2021-01-19 07:53:36 -08:00
David Garske
219cbd47eb
Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511.
2021-01-19 07:53:36 -08:00
Sean Parkinson
523119289b
SP math all: Fixes for PPC64 compiler
2021-01-19 21:30:36 +10:00
David Garske
209c4c08e1
Merge pull request #3663 from SparkiDev/sp_int_fixes_3
...
SP int: make sp_copy more available
2021-01-18 22:02:34 -08:00
Sean Parkinson
7d869a43b4
ECDSA set k: WOLFSSL_ECDSA_SET_K_ONE_LOOP only tries k and fails when it fails
2021-01-19 14:07:03 +10:00
Sean Parkinson
949af909bf
SP int: make sp_copy more available
2021-01-19 11:01:00 +10:00
Sean Parkinson
6a5e802cc4
Disable algs: fix code to compile with various algs off/on
...
benchmark.c: Only X25519/Ed25519/X448/Ed448 now compiles
asn.c/asn.h: Only DSA now compiles
2021-01-19 09:54:21 +10:00
toddouska
a13e9bde29
Merge pull request #3599 from julek-wolfssl/nginx-mem-leak
...
Fix memory leaks
2021-01-18 15:31:50 -08:00
toddouska
5b7e6ccc14
Merge pull request #3613 from SparkiDev/sp_rand_prime_len
...
SP rand_prime: fix length check
2021-01-18 15:23:15 -08:00
toddouska
279c3f4c1b
Merge pull request #3614 from SparkiDev/aes_test_fix
...
AES test: Remove unneeded loop
2021-01-18 15:22:06 -08:00
toddouska
78d2b3b440
Merge pull request #3616 from SparkiDev/sp_int_funcs
...
SP int: Hide func decls if only available with WOLFSSL_SP_MATH_ALL
2021-01-18 15:21:39 -08:00
toddouska
267b00e0a2
Merge pull request #3620 from haydenroche5/zd11434
...
Clamp the normalization value at the end of sp_mont_norm.
2021-01-18 15:21:03 -08:00
toddouska
85faf974aa
Merge pull request #3621 from SparkiDev/sp_mac_arm64
...
SP arm64 MAC: stop non-ct mod inv from using x29
2021-01-18 15:19:46 -08:00
toddouska
87a0ee5ef4
Merge pull request #3622 from SparkiDev/sp_int_fixes_2
...
SP math all: doco fix and don't assign 0 to o
2021-01-18 15:19:06 -08:00
toddouska
4b5d7d0595
Merge pull request #3624 from SparkiDev/tls13_set_groups
...
TLS 1.3 key share: add a key share from supported list
2021-01-18 15:18:14 -08:00
toddouska
8ae609d078
Merge pull request #3626 from SparkiDev/tls13_middlebox_fix
...
TLS send change cipher: Don't set keys when negotiating TLS 1.3
2021-01-18 15:14:58 -08:00
toddouska
1e9394d5a8
Merge pull request #3627 from elms/EVP/ofb_rc4_size
...
EVP: return proper cipher type and block size
2021-01-18 15:13:55 -08:00
Eric Blankenhorn
50843b22cd
Check method for NULL
2021-01-18 16:18:49 -06:00
toddouska
563e3c6b60
Merge pull request #3628 from SparkiDev/even_mp_test
...
RSA/DH test: even number error check fixup
2021-01-18 13:39:54 -08:00
toddouska
cd78a5dfb2
Merge pull request #3630 from SparkiDev/no_fs_all
...
X509 API no file system: hide wolfSSL_X509_NAME_print_ex_fp
2021-01-18 13:39:21 -08:00
toddouska
d514cc31b3
Merge pull request #3631 from SparkiDev/rsa_vfy_only_sp_fixes
...
RSA: verify only build fixes
2021-01-18 13:38:52 -08:00
toddouska
5a7e79cbfd
Merge pull request #3632 from SparkiDev/all_not_tls13_fix
...
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only op…
2021-01-18 13:37:34 -08:00
toddouska
3bae6e2dc2
Merge pull request #3633 from SparkiDev/ecc_gen_z_fix
...
ECC gen z: convert blinding value to Montgomery form before using
2021-01-18 13:36:13 -08:00
toddouska
fff3c77568
Merge pull request #3644 from dgarske/zd11476
...
Fix for sniffer with TLS v1.2 static ECDH ciphers
2021-01-18 13:32:57 -08:00
toddouska
b1c8825e74
Merge pull request #3647 from dgarske/zd11424
...
Fix for TLS v1.3 early data mac digest
2021-01-18 13:31:44 -08:00
toddouska
67d4f7c37b
Merge pull request #3658 from SparkiDev/curve25519_uint64_t
...
Curve25519: replace uint64_t with word64
2021-01-18 13:29:16 -08:00
Sean Parkinson
ac76ef8ee7
Curve25519: replace uint64_t with word64
...
Remove usages of stdint.h types
Added a sword type for signed words.
2021-01-18 17:30:36 +10:00
Sean Parkinson
eda1b52ee2
TLS 1.3 integrity only: initialize HMAC
...
Ensure the HMAC object is initialized when allocated.
2021-01-15 11:27:26 +10:00
Sean Parkinson
878f797a2b
SESSION: internal cache sessions can't be freed same as external
...
refMutex is initialized for external sessions but not internal.
Differentiate by ensuring the refCount is always 1 or more for external
and 0 for internal.
2021-01-15 11:02:34 +10:00
John Safranek
0ac43bb095
Merge pull request #3618 from haydenroche5/ocsp_self_signed_issue
...
Modify ParseCertRelative to ensure issuerKeyHash gets parsed and copi…
2021-01-14 14:22:06 -08:00
Takashi Kojo
d72f0a50f4
binary mode fopen to avoid auto expand to CR/LF on Widonws
2021-01-15 06:05:55 +09:00
Takashi Kojo
e21fddf553
add wc_RsaSetRNG to doc
2021-01-14 10:42:49 +09:00
Sean Parkinson
5a4dfc1a29
Don't set encrypt side if sending early data
...
Make check to see if early data has been or is going to be sent.
Last message encrypted with this key is EndOfEarlyData message.
2021-01-14 09:44:09 +10:00
David Garske
22ce25afba
Merge pull request #3648 from douzzer/disable-ecc-enable-dsa
...
--disable-ecc --enable-dsa
2021-01-13 14:00:20 -08:00
Daniel Pouzzner
1e49bc2e82
asn.c/asn.h: fix --disable-ecc --enable-dsa.
2021-01-13 13:55:06 -06:00
David Garske
d7aa8e1795
Fix for issue where mac digest changes between early data and server_hello, which can leave section of response uninitialized. ZD11424
2021-01-13 11:10:12 -08:00
Sean Parkinson
382deb1f86
Merge pull request #3645 from douzzer/sp_copy_pedantic_error_handling
...
sp_copy() pedantic error handling
2021-01-13 10:05:35 +10:00
Daniel Pouzzner
f8013580df
sp_int.c: fix 4 instances of "Value stored to 'o' is never read" found by LLVM9 scan-build.
2021-01-12 15:01:28 -06:00
Daniel Pouzzner
fb82114866
sp_int.c: pay attention to the return value from sp_copy(), for general hygiene and to eliminate an inlining-related warning in sp_todecimal().
2021-01-12 14:58:29 -06:00
David Garske
aaec9832e4
Fix for sniffer with TLS v1.2 static ECDH ciphers. The sniffer will now correctly try using the key for ECC if the RSA key decode fails. ZD 11476.
2021-01-12 09:49:32 -08:00
Sean Parkinson
129f3fd13f
HMAC OpenSSL API: initialise HMAC ctx on new and allow key length of 0
2021-01-12 09:16:24 +10:00
Elms
8fec1de07c
EVP: address CTR block size
2021-01-11 12:03:01 -08:00
Elms
3b07f5d8e3
EVP: expand tests for EVP_CIPHER_block_size
2021-01-11 12:03:01 -08:00
Elms
a6535528f3
EVP: add tests for openssl block size (including RC4)
2021-01-11 12:03:01 -08:00
Elms
0cccf58fec
EVP: return proper cipher type for AES OFB
2021-01-11 12:03:01 -08:00
David Garske
88faef9bd9
Merge pull request #3641 from JacobBarthelmeh/Testing
...
add ca-cert-chain.der to renewcerts.sh, update ed25519 certs and gen …
2021-01-11 11:00:55 -08:00
Jacob Barthelmeh
e2b411805d
add ca-cert-chain.der to renewcerts.sh, update ed25519 certs and gen script
2021-01-12 00:40:15 +07:00
Hayden Roche
a3cc4110b0
Clamp the normalization value at the end of sp_mont_norm.
2021-01-11 09:59:11 -06:00
Hayden Roche
798d9ed0d5
Various CMake changes.
...
- Add support for user settings to CMake.
- Update version number.
- Add an option to enable/disable generation of config.h and the HAVE_CONFIG_H
define.
2021-01-08 12:15:58 -06:00
Juliusz Sosinowicz
a745947498
Code review changes
2021-01-08 15:27:30 +01:00
Juliusz Sosinowicz
23a4d64caf
wolfSSL_EVP_PKEY_set1_EC_KEY should generate PKCS8 internal DER buffer
...
This PKCS8 buffer should include both the private and the public parts of the key.
2021-01-08 15:27:30 +01:00
Juliusz Sosinowicz
cd4affddac
Set ecc_key.rng when using ECC_TIMING_RESISTANT
...
Set ecc_key.rng to either a local rng struct or the globalRNG object when using ECC_TIMING_RESISTANT
Add helpful logs to some ecc functions
2021-01-08 15:18:00 +01:00
Juliusz Sosinowicz
0fe3efb8b4
Add option to only resend previous DTLS flight on a network read timeout
2021-01-07 19:13:35 +01:00
Chris Conlon
c57fee136a
Merge pull request #3568 from miyazakh/espidf_unittest
...
fix wolfssl unit test on ESP-IDF
2021-01-07 09:18:18 -07:00
Sean Parkinson
f955c92008
ECC gen z: convert blinding value to Montgomery form before using
2021-01-07 11:30:58 +10:00
David Garske
209ad82df2
Merge pull request #3629 from ejohnstown/aarch64
...
M1 Support
2021-01-06 14:12:45 -08:00
David Garske
931dc5b29f
Merge pull request #3619 from tmael/fuzz_math
...
Fix for OSS-Fuzz issue #29103 : out-of-bounds read in TLSX_CSR_Parse()
2021-01-06 14:10:28 -08:00
John Safranek
d4e13796c2
M1 Support
...
We separate out 64-bit desktop support based on the Intel check. With
the advent of the new Apple chip, ARM can also be a desktop processor.
Detect it like we do the Intel 64-bit, and treat it similarly with
respect to fast and normal math.
2021-01-06 09:21:07 -08:00
Sean Parkinson
fa86c1aa91
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options
...
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.
Also fix up tests that don't work without TLS 1.3 enabled.
2021-01-06 14:19:57 +10:00
Sean Parkinson
cd0670cbd7
RSA: verify only build fixes
...
configuration: --disable-ecc --disable-dh --disable-aes --disable-aesgcm
--disable-sha512 --disable-sha384 --disable-sha --disable-poly1305
--disable-chacha --disable-md5 --disable-sha3 --enable-cryptonly
--disable-inline --enable-rsavfy --disable-asn --disable-oaep
--disable-rng --disable-filesystem --enable-sp=rsa2048 --enable-sp-math
Fixes to make code build again.
2021-01-06 11:58:15 +10:00
Sean Parkinson
5accd57c21
X509 API no file system: hide wolfSSL_X509_NAME_print_ex_fp
...
configuration: --enable-all --disable-filesystem
wolfSSL_X509_NAME_print_ex_fp has XFILE as a parameter and cannot be
compiled with --disable-filesystem
2021-01-06 11:05:58 +10:00
Sean Parkinson
10722fba14
RSA/DH test: even number error check fixup
...
Configuration: --enable-sp=3072
Test only enabled when SP is used.
Return codes checked are those we expect from SP.
Code, with configuration, is compiled so that 2048-bit operations are
not going to SP and the error returns were not correct.
2021-01-06 09:39:24 +10:00
Hideki Miyazaki
b8997d0b47
revert test_wolfssl.c changes
...
add test.c as src target
2021-01-05 16:20:42 +09:00
Hideki Miyazaki
99d4a7417a
fix wolfssl unit test on ESP-IDF
2021-01-05 16:08:05 +09:00
Sean Parkinson
a6b69b6864
TLS send change cipher: Don't set keys when negotiating TLS 1.3
2021-01-05 14:32:48 +10:00
Sean Parkinson
f196c60c66
TLS 1.3 key share: add a key share from supported list
2021-01-05 13:08:48 +10:00
Sean Parkinson
1b94309a6c
SP math all: doco fix and don't assign 0 to o
...
o is not used after that point so no need to zero it.
2021-01-05 10:40:34 +10:00
Sean Parkinson
2a2b194d71
SP arm64 MAC: non-ct mod inv not use so many registers
2021-01-05 10:23:14 +10:00
Tesfa Mael
46e260dd61
Correct unsigned arithmetic
2021-01-04 15:48:27 -08:00
Chris Conlon
54f072fd8d
Merge pull request #3607 from douzzer/WOLFSSL_TEST_SUBROUTINE
...
test.c: add WOLFSSL_TEST_SUBROUTINE macro to make subtests optionally static
2021-01-04 10:10:56 -07:00
Hayden Roche
96ece3ac7d
Modify ParseCertRelative to ensure issuerKeyHash gets parsed and copied into the
...
decoded cert for self-signed CA certs.
The bit of code that does this copy was previously inside a conditional that's
only entered if the certificate is not self-signed. The primary purpose of this
conditional is to set the maxPathLen field. It's possible that the copying of
the issuerKeyHash was mistakenly included in the "else" block here, when it
should be outside.
2021-01-04 10:34:09 -06:00
Sean Parkinson
b5403fe6b9
SP int: Hide func decls if only available with WOLFSSL_SP_MATH_ALL
2021-01-04 16:39:51 +10:00
Sean Parkinson
413bde9146
Merge pull request #3608 from tmael/sp_squre
...
Fix SP integer square
2021-01-04 16:29:40 +10:00
Sean Parkinson
faf7d307b4
Merge pull request #3606 from dgarske/zd11438
...
Fix for possible ECC sign memory leak with custom "k"
2021-01-04 15:39:53 +10:00
Tesfa Mael
01c27068c1
Correct SP x->used with sp_clamp()
2021-01-03 20:08:06 -08:00
Sean Parkinson
68c2e36ad5
AES test: Remove unneeded loop
2021-01-04 12:43:34 +10:00
Sean Parkinson
40ab08be45
SP rand_prime: fix length check
...
-ve length indicates to use a BBS prime (last two bits set)
2021-01-04 12:31:59 +10:00
John Safranek
ef56bc09f1
Merge pull request #3596 from julek-wolfssl/dtls-multiple-hellorequest
...
Calling wolfSSL_Rehandshake during renegotiation should not be an error
2020-12-31 13:53:32 -08:00
David Garske
fbb3e9fca3
Merge pull request #3605 from tmael/cm_free
...
Free mutex and fix tls13.test script
2020-12-31 08:40:35 -08:00
David Garske
c9ac64d77d
Merge pull request #3609 from douzzer/lkm_kvmalloc
...
use kvmalloc()/kvfree() for heap allocations in the linuxkm build
2020-12-31 08:37:53 -08:00
Daniel Pouzzner
9dc8721032
linuxkm: on kernels >= 4.12, use kvmalloc()/kvfree() and a partial implementation of realloc() leveraging them, rather than kmalloc()/kfree()/krealloc(). this makes large allocations possible and relatively safe. note that the realloc() implementation fails gracefully when the supplied pointer is larger than the page size, but otherwise works normally.
2020-12-31 00:30:35 -06:00
Daniel Pouzzner
a2dec7ce9c
test.c: work around toolchain/ecosystem bug on aarch64 linux 4.14.0-xilinx-v2018.3.
2020-12-30 20:03:13 -06:00
Tesfa Mael
9598c03716
Free mutex and fix test script
2020-12-30 17:40:15 -08:00
Daniel Pouzzner
3d88676ff1
test.c: add WOLFSSL_TEST_SUBROUTINE macro to qualify all previously global subtest handlers, defaulting to the empty string. this restores the version<=4.5 test.c namespace allowing end users to call the tests directly piecemeal. --enable-linuxkm[-defaults] sets -DWOLFSSL_TEST_SUBROUTINE=static for extra namespace hygiene.
2020-12-30 16:12:08 -06:00
David Garske
060ebd1ca2
Fix for possible ECC sign memory leak when using WOLFSSL_ECDSA_SET_K and wc_ecc_sign_set_k, where the k is not valid. ZD 11438.
2020-12-30 09:54:54 -08:00
David Garske
7fb2c0f63f
Merge pull request #3603 from haydenroche5/zd11434
...
Ensure that all leading zeros are skipped in sp_tohex.
2020-12-30 08:28:52 -08:00
David Garske
1b6a988dc0
Merge pull request #3601 from tmael/mp_rand_p
...
Add parameter check in sp_rand_prime()
2020-12-30 08:20:18 -08:00
Hayden Roche
81f70fba5f
Ensure that all leading zeros are skipped in sp_tohex.
2020-12-30 08:32:01 -06:00
Tesfa Mael
d366ca74af
Review comments and cast
2020-12-29 19:48:45 -08:00
John Safranek
c482d16029
Merge pull request #3544 from haydenroche5/ocsp_stapling_bug
...
Fix bug where OCSP stapling wasn't happening even when requested by client
2020-12-29 14:23:10 -08:00
Chris Conlon
da007ecd7b
Merge pull request #3409 from kojo1/mqx
...
add IDE/MQX
2020-12-29 13:53:37 -07:00
David Garske
c6abb59343
Merge pull request #3593 from tmael/sp_cast
...
casting fix for clang-12
2020-12-29 09:51:37 -08:00
tmael
837e9856f5
Merge pull request #3590 from dgarske/stcube_rel
...
Fixes for STM Cube Pack rename
2020-12-29 09:37:39 -08:00
David Garske
dc21d56545
Merge pull request #3600 from douzzer/low-resources-fixes
...
--enable-lowresource --enable-sp-math-all
2020-12-29 08:01:51 -08:00
Daniel Pouzzner
2bd0d4c467
wolfcrypt/src/evp.c: fix wolfSSL_EVP_CipherUpdate_GCM() to not fail when inl is zero, to properly handle realloc implementations that return NULL for zero-size allocations.
2020-12-28 23:49:48 -06:00
Daniel Pouzzner
fbcfc6adbf
test.c: rehab fail codes in ecc_test_curve_size().
2020-12-28 21:56:39 -06:00
Daniel Pouzzner
b0ca598d59
sp_int.h and ecc.h: add one more to SP_INT_DIGITS and FP_SIZE_ECC, to accommodate extra digit used by sp_mul(), sp_mulmod(), sp_sqr(), and sp_sqrmod().
2020-12-28 18:06:18 -06:00
Tesfa Mael
cedec3ae28
Add parameter check
2020-12-28 15:53:56 -08:00
Daniel Pouzzner
764b3cf09d
examples/client/client.c: add missing !defined(NO_SESSION_CACHE) gate around wolfSSL_get_session() for "print out session" code.
2020-12-28 17:49:58 -06:00
Juliusz Sosinowicz
8c07aafc43
Fix memory leaks
...
- Freeing the session object depends on the callback return
- The session object is malloc'ed when ssl->options.internalCacheOff
- wolfSSL_CTX_use_certificate needs to own the cert when KEEP_OUR_CERT because either it is up ref'ed or copied
2020-12-28 22:33:01 +01:00
Juliusz Sosinowicz
54479359f3
Calling wolfSSL_Rehandshake during renegotiation should not be an error
...
If we call wolfSSL_Rehandshake during a renegotiation then it should not result in a SECURE_RENEGOTIATION_E. wolfSSL_Rehandshake might be called when multiple HelloRequest messages are processed or the user could call this API during renegotiation. Either way wolfSSL should not treat this as an error if renegotiation is enabled.
2020-12-24 12:10:04 +01:00
David Garske
8b517975d1
Fixes from peer review.
2020-12-23 16:54:29 -08:00
elms
4280861af0
Merge pull request #3591 from dgarske/wolftpm
...
Added helper configure option '--enable-wolftpm`
2020-12-23 12:22:44 -08:00
Tesfa Mael
5c4011b3b4
cast to int
2020-12-23 12:09:35 -08:00
David Garske
b2155e6e26
Merge pull request #3592 from douzzer/verbose-heap-instrumentation
...
--enable-trackmemory=verbose
2020-12-23 11:40:45 -08:00
Daniel Pouzzner
d5dd35c739
add --enable-trackmemory=verbose, and add WOLFSSL_TEST_MAX_RELATIVE_HEAP_{BYTES,ALLOCS} and -m/-a (runtime counterparts) to wolfcrypt_test(). also add -h to wolfcrypt_test() to print available options.
2020-12-23 12:03:06 -06:00
David Garske
daa6833f37
Added helper configure option '--enable-wolftpm` to enable options used by wolfTPM. This enables (cert gen/req/ext, pkcs7, cryptocb and aes-cfb).
2020-12-23 08:09:24 -08:00
David Garske
e0f36baebe
Fixes for STM Cube Pack rename.
2020-12-23 07:02:12 -08:00
Daniel Pouzzner
542ad0a81b
linuxkm/module_hooks.c: separate cleanup into static libwolfssl_cleanup(), and call it from wolfssl_init() if wolfcrypt_test() fails.
2020-12-22 21:57:17 -06:00
David Garske
9c87f979a7
Merge pull request #3586 from tmael/cc310_tests
...
Fix Cryptocell and revert test.c use of static const
2020-12-22 16:58:25 -08:00
Daniel Pouzzner
f06361ddf6
add WOLFSSL_SMALL_STACK_STATIC macro, and use it to conditionally declare const byte vectors in test.c static for stack depth control -- currently only enabled for linuxkm, but should be compatible with any target with a TLB (virtual memory).
2020-12-22 17:12:57 -06:00
David Garske
90b14e260d
Merge pull request #3588 from JacobBarthelmeh/Release
...
fix regression of --enable-wpas=small build
2020-12-22 14:32:33 -08:00
Tesfa Mael
56071ac21f
Fix for Cryptocell tests
2020-12-22 16:23:16 -06:00
Jacob Barthelmeh
81980aa7b6
fix regression of --enable-wpas=small build
2020-12-23 01:30:34 +07:00
Chris Conlon
85d0a71747
Merge pull request #3587 from JacobBarthelmeh/Release
...
add blog link to README and adjust for nginx build
2020-12-22 08:50:21 -07:00
Jacob Barthelmeh
8ecc2f1771
add blog link to README and adjust for nginx build
2020-12-22 20:14:38 +07:00
toddouska
5eddcb24dd
Merge pull request #3584 from JacobBarthelmeh/Release
...
prepare for release 4.6.0
2020-12-21 14:20:14 -08:00
toddouska
8b48353c18
Merge pull request #3585 from dgarske/async_rel
...
Fixes in preparation for release
2020-12-21 14:15:45 -08:00
David Garske
53e79f1053
Fix for mp_radix_size with radix 2 and mp_int equal to zero. Fix applies to normal and fast math only. ZD11419.
2020-12-21 12:41:32 -08:00
Jacob Barthelmeh
47c186df34
prepare for release 4.6.0
2020-12-22 02:33:58 +07:00
David Garske
b4111e2f65
Fix for possible leaks with wc_ecc_sign_set_k when building with WOLFSSL_CUSTOM_CURVES enabled. ZD11416.
2020-12-21 11:27:14 -08:00
Chris Conlon
476a3e5d4f
fix wc_curve25519_generic() ifdef on NXP LTC builds
2020-12-21 23:57:39 +07:00
David Garske
1c0a6b92ad
Fix RSA hash warning for operations with no hash specified.
2020-12-21 08:37:15 -08:00
David Garske
28420b6e4d
Fix for building with --with-intelqa and custom curves disabled.
2020-12-21 08:36:48 -08:00
David Garske
e6c71a1465
Merge branch 'master' into mqx
2020-12-21 07:28:26 -08:00
Jacob Barthelmeh
8c16bd2450
fix for infer memory leak report and for clang unused warning
2020-12-21 17:24:35 +07:00
Jacob Barthelmeh
5bd9c1b60d
fix for haproxy build
2020-12-21 17:24:35 +07:00
Jacob Barthelmeh
4de1c1b037
add cert gen to lighty build for function wolfSSL_PEM_write_bio_X509
2020-12-21 17:24:35 +07:00
Jacob Barthelmeh
4ef5956757
fix for declaring variable with Windows build
2020-12-21 17:24:35 +07:00
Jacob Barthelmeh
f30d4c1b0b
fix for nightly g++ build test
2020-12-21 17:24:35 +07:00
JacobBarthelmeh
9c64630c56
Merge pull request #3582 from douzzer/scan-build-fix-20201218
...
fix deadstore in ssl.c warned by LLVM11 scan-build.
2020-12-21 17:23:13 +07:00
Daniel Pouzzner
4d1d891a34
src/ssl.c: fix deadstore in wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio() warned by LLVM11 scan-build.
2020-12-18 17:30:25 -06:00
toddouska
0df41d865f
Merge pull request #3580 from douzzer/fix-mp-read-bin-bit-accounting
...
fix mp_read_unsigned_bin() calculation of mp_int.used_bits
2020-12-18 14:41:16 -08:00
toddouska
fcf060b19b
Merge pull request #3581 from cconlon/releasefixes_selftest
...
Release fixes for CAVP selftest builds
2020-12-18 14:15:53 -08:00
toddouska
ea3c385021
Merge pull request #3579 from SparkiDev/sp_math_all_4096
...
SP math all: enable 4096-bit support by default for x64
2020-12-18 14:14:36 -08:00
toddouska
7e5f838f48
Merge pull request #3577 from dgarske/releasefixes_async
...
Release fixes for asynchronous crypto
2020-12-18 14:10:01 -08:00
toddouska
fe92d29eb5
Merge pull request #3574 from cconlon/releasefixes
...
Release fixes for Jenkins tests, example client
2020-12-18 14:06:27 -08:00
toddouska
cdc0753bfb
Merge pull request #3571 from JacobBarthelmeh/Testing
...
Some initial testing and clean up
2020-12-18 14:05:26 -08:00
toddouska
814ed3f5a6
Merge pull request #3439 from julek-wolfssl/libest
...
Compatibility layer additions for cisco/libest
2020-12-18 14:03:34 -08:00
toddouska
bdd4799400
Merge pull request #3578 from SparkiDev/x509_len
...
ASN X509: Don't allow any more data after signature
2020-12-18 09:54:39 -08:00
Chris Conlon
a222be1fa3
rename dup to dupl, fix variable shadow warning on i386 selftest compiler
2020-12-18 10:53:55 -07:00
Chris Conlon
ae984508cc
fix CAVP selftest v2 build, issue with pkcs7.h
2020-12-18 10:26:19 -07:00
Juliusz Sosinowicz
6226edb394
Use CSR with smaller key size 4096 -> 2048
2020-12-18 12:48:25 +01:00
Daniel Pouzzner
b0ec2bf058
wolfcrypt/src/integer.c: fix mp_read_unsigned_bin() accounting on mp_int.used_bits to avoid spurious .used > .alloc condition at loop exit.
2020-12-18 02:05:18 -06:00
Sean Parkinson
7f5a85ae85
Reduce stack usage
2020-12-18 13:15:50 +10:00
Sean Parkinson
e452b74470
SP math all: enable 4096-bit support by default for x64
2020-12-18 10:20:33 +10:00
David Garske
e49409b13a
Fix api.c tests using "free()" instead of "XFREE" causing issues with custom allocators.
2020-12-17 16:08:46 -08:00
Sean Parkinson
a4f8a21b9b
ASN X509: Don't allow any more data after signature
2020-12-18 10:02:38 +10:00
David Garske
ce0a2f3bc9
Fixes for Cavium Nitrox and Intel QuickAssist.
2020-12-17 15:53:28 -08:00
David Garske
73a5ee5ffb
Fix for async post handshake auth. The re-handshake was not resetting the processReply state.
2020-12-17 15:10:11 -08:00
Chris Conlon
420a040774
fix WOLFSSL_ASYNC_CRYPT usage in test.c, test_wolfSSL_OBJ_ln() in api.c
2020-12-17 11:08:36 -07:00
Jacob Barthelmeh
97bc5e870c
fix for default OCSP cmp value and fix for WOLFSSL_NO_CLIENT_AUTH build
2020-12-18 00:36:00 +07:00
Chris Conlon
e8785666c4
fix NXP LTC build with wc_curve25519_generic(), only supports single basepoint
2020-12-17 09:50:18 -07:00
toddouska
b11b08bb10
Merge pull request #3543 from WKJay/master
...
Port for RT-Thread
2020-12-17 08:36:09 -08:00
Juliusz Sosinowicz
f2694134b0
Fix after rebase
2020-12-17 17:28:29 +01:00
Chris Conlon
71c6654687
Merge pull request #3573 from douzzer/scripts-nix-unportable-timeout-wrapper
...
scripts/: nix `timeout` wrappers in ocsp-stapling[2].test
2020-12-17 09:13:43 -07:00
Juliusz Sosinowicz
c03744db61
Refactor wc_CheckPrivateKey
...
- Change wc_CheckPrivateKey to wc_CheckPrivateKeyCert and wc_CheckPrivateKey
- wolfSSL_X509_check_private_key no longer needs to decode cert to check key
- Fix scope in api.c
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
dc266bc524
Call X509_REQ_get_extensions and X509_get_ext_by_NID on a CSR object
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
383df620bf
Add CSR test with Extension Request attribute
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
24b89928dc
Code review names changes and refactoring
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
3231cfe9e0
Refactor extension stack generation
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
8b9f8029a8
Sanity check protocol version.
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
22ae66dfe1
wolfSSL_BIO_do_connect should look for a socket bio in the chain
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
2dd28ec5b3
Check if downgrading is allowed in SetSSL_CTX
...
Pkcs7 cert limit based on build
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
77c730361e
Jenkins fixes
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
25f5427bdd
Rebase and test fixes
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
b528a1a344
Plug memory leaks
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
7df8f2e2bb
Internal unit tests
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
f5c463148f
check null
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
031ce68546
Differentiate between server and client sessions
...
This is important is the client and server share memory space. If a server and client both save the same session in SessionCache it may cause inconsistencies. The hash of the sessionID will be the same causing one of the sides to overwrite the other. A possible problem is that the peer certificate will be incorrect for one of the sides.
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
8edeaae3e2
Add DSA support to x509 certs
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
031ca80fe7
Fix max SSL version handling for client
...
Enable CRL when adding one to store
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2197748a51
Implement wolfSSL_X509_check_private_key
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
cb84213ffd
Support more extensions
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
cd20512b90
wolfSSL_X509_REQ_add1_attr_by_txt for libest
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
911d5968b4
Store more certs in PKCS7 struct
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
acf3156fac
Dynamically allocate memory in wolfSSL_i2d_PKCS7_bio
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
c405c3477f
Protect against invalid write in RsaPad_PSS
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2a9bb906a9
Implement wolfSSL_BIO_*_connect and wolfSSL_BIO_set_conn_port
...
Forgot to commit csr.dsa.pem for api.c
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
78a20ec3ae
Extension manipulation
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
65c6a71bde
Init wolfSSL_X509_REQ_add_extensions
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
6a635b339c
Fixes
...
- Fix challengePw copy in ReqCertFromX509
- Proper header length in wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio
- Special case for extended key usage in wolfSSL_OBJ_cmp
- Numerical input in wolfSSL_OBJ_txt2obj can just be encoded with EncodePolicyOID. Searching for the sum can return wrong values since they are not unique.
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
b808124a47
Add DSA support to ConfirmSignature and add DSAwithSHA256
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2a20896e44
Add CRL loading to wolfSSL_PEM_X509_INFO_read_bio
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
86d2177876
wolfSSL_X509_resign_cert updates x509 der buffer as well
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
932ef25e79
Set default digest NID
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2689d499b9
Tests starting to pass
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff7b8d3715
Don't attempt TLS 1.3 if server options disable it
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2e2beb279d
WIP
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
8e62bf2588
Pass libest estclient_simple example
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
aaba7ed286
OpenSSL Compat layer
...
Implement/stub:
- wolfSSL_X509V3_EXT_add_nconf
- wolfSSL_EVP_PKEY_copy_parameters
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff2574b3cb
OpenSSL Compat layer
...
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
753a3babc8
OpenSSL Compat layer
...
Implement/stub:
- wolfSSL_NCONF_get_number
- wolfSSL_EVP_PKEY_CTX_ctrl_str
- wolfSSL_PKCS12_verify_mac
- wc_PKCS12_verify_ex
- wolfSSL_BIO_new_fd
- wolfSSL_X509_sign_ctx
- wolfSSL_ASN1_STRING_cmp
- wolfSSL_ASN1_TIME_set_string
- X509V3_EXT_add_nconf
- X509V3_set_nconf
Implement TXT_DB functionality:
- wolfSSL_TXT_DB_read
- wolfSSL_TXT_DB_free
- wolfSSL_TXT_DB_create_index
- wolfSSL_TXT_DB_get_by_index
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
e7f1d39456
OpenSSL Compat layer
...
Implement WOLFSSL_CONF_VALUE:
- wolfSSL_CONF_VALUE_new
- wolfSSL_CONF_VALUE_new_values
- wolfSSL_CONF_add_string
- wolfSSL_X509V3_conf_free
- wolfSSL_sk_CONF_VALUE_push
- wolfSSL_NCONF_load
- wolfSSL_NCONF_free
- wolfSSL_CONF_new_section
- wolfSSL_CONF_get_section
Implment some buffer functions
- wolfSSL_strlcat
- wolfSSL_strlcpy
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
42d4f35a98
Implement OpenSSL Compat API:
...
- Implement lhash as a stack with hash members
- wolfSSL_lh_retrieve
- wolfSSL_LH_strhash
- IMPLEMENT_LHASH_COMP_FN
- IMPLEMENT_LHASH_HASH_FN
- wolfSSL_sk_CONF_VALUE_new
- wolfSSL_sk_CONF_VALUE_free
- wolfSSL_sk_CONF_VALUE_num
- wolfSSL_sk_CONF_VALUE_value
- wolfSSL_NCONF_new
- wolfSSL_NCONF_get_string
- wolfSSL_NCONF_get_section
- wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
- wolfSSL_CONF_modules_load
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
be98404b3b
Implement wolfSSL_X509_REQ_verify
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
4aa30d0bde
Add CSR parsing capabilities to ParseCertRelative and wc_GetPubX509
...
- wolfSSL_BIO_get_mem_data now returns the last memory BIO in the chain
- Change wolfSSL_BIO_pending calls to wolfSSL_BIO_get_len calls to get accurate length depending on BIO
- Refactor X509 and X509_REQ functions to reuse similar code
- X509 and X509_REQ i2d functions now generate their DER outputs instead of returning the input DER
- Signature generated by wolfSSL_X509_resign_cert is now saved in the x509->sig buffer and added when calling *i2d
- Add test_wolfSSL_d2i_X509_REQ
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
1a50d8e028
WIP
...
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
a7ec58003e
PKCS7 changes
...
- Allow PKCS7_EncodeSigned to be called with a zero content length
- wc_HashUpdate now doesn't error out on zero length data
- First cert in wolfSSL_PKCS7_encode_certs is treated as main cert and the PKCS7 struct is initialized with it
- wolfSSL_BIO_get_mem_data returns the buffer from the last bio in chain
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
85b1196b08
Implement/stub:
...
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
728f4ce892
Implement/stub:
...
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
b52e11d3d4
Implement/stub the following:
...
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
3721d80e84
Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT
...
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
1e26238f49
Implement/stub the following functions:
...
- X509_REQ_sign_ctx
- X509_REQ_get_subject_name
- X509_REQ_set_version
- X509_NAME_print_ex_fp
- X509_STORE_CTX_get0_parent_ctx
- wolfSSL_PKCS7_encode_certs
Add cms.h file to avoid including the OpenSSL version.
2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
777bdb28bc
Implement/stub the following:
...
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
7bd0b2eb44
Implement ASN1_get_object
2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
a9d502ef85
Add --enable-libest option to configure.ac
...
Refactoring and adding defines for functions
2020-12-17 14:26:30 +01:00
WKJay
641a2a8cb0
update RTTHREAD/readme.md
2020-12-17 08:44:45 +08:00
WKJay
498e3eb6fe
Add include.am
2020-12-17 08:42:53 +08:00
Chris Conlon
6d9cf6b31e
fix for wc_AesFeedbackCFB8() on big endian platforms
2020-12-16 16:38:38 -07:00
toddouska
b4fddf3f24
Merge pull request #3572 from dgarske/zd11381
...
Fix for `wc_SetAltNamesBuffer`
2020-12-16 15:33:12 -08:00
Daniel Pouzzner
eeefe043ec
scripts/: nix timeout wrappers in ocsp-stapling.test and ocsp-stapling2.test, for portability.
2020-12-16 17:31:53 -06:00
Chris Conlon
7e1a066963
Merge pull request #3555 from kojo1/doc-PSS_Sign-Verify
...
Doc wc_RsaPSS_Sign/Verify/CheckPadding
2020-12-16 15:18:24 -07:00
David Garske
51c3f87811
Fix for wc_SetAltNamesBuffer broken in PR #2728 . The SetAltNames was changed in PR 2728 to rebuild the SAN OID, so only the flattened list of DNS entries is required. Fix is in SetAltNamesFromDcert to use already has a parsed DecodedCert and flatten the alt names DNS_Entry list. ZD 11381
2020-12-16 12:28:28 -08:00
Chris Conlon
502e471cde
fix spelling of Nitrox in configure option summary
2020-12-16 13:08:32 -07:00
Chris Conlon
f375cff685
enable AES-CTR for libsignal build
2020-12-16 12:44:01 -07:00
Chris Conlon
16ce8e077a
only call wolfSSL_UseKeyShare() in example client with TLS 1.3
2020-12-16 12:06:35 -07:00
Jacob Barthelmeh
9a968bdf53
disable XChaCha with armasm
2020-12-17 01:58:36 +07:00
Jacob Barthelmeh
a948066f86
some infer fixes
2020-12-17 01:49:48 +07:00
JacobBarthelmeh
f6c3eae1de
g++ build fix
2020-12-16 15:05:33 -05:00
toddouska
5f30727b32
Merge pull request #3531 from vppillai/patch-1
...
support TNGTLS certificate loading for Harmony3
2020-12-16 09:21:28 -08:00
toddouska
7f20b97927
Merge pull request #3569 from SparkiDev/cppcheck_fixes_5
...
cppcheck: fixes
2020-12-16 09:04:59 -08:00
toddouska
cee91c91f5
Merge pull request #3532 from julek-wolfssl/nginx-1.7.7
...
Changes for Nginx 1.7.7
2020-12-16 09:01:27 -08:00
toddouska
b0464c93e2
Merge pull request #3542 from SparkiDev/sp_mod_odd
...
SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops
2020-12-16 08:51:10 -08:00
Vysakh P Pillai
3063264f00
formatting updates
2020-12-16 18:05:58 +05:30
Vysakh P Pillai
63f8fbe92f
update formatting
2020-12-16 17:59:36 +05:30
Sean Parkinson
6dc06993bf
SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops
2020-12-16 21:49:09 +10:00
Sean Parkinson
75c062a298
cppcheck: fixes
2020-12-16 17:28:20 +10:00
Takashi Kojo
010c8db54e
duplicated \ingroup, missing closing comment
2020-12-16 08:52:12 +09:00
Sean Parkinson
922ca916a9
Merge pull request #3554 from ejohnstown/psk-fix
...
PSK Alert
2020-12-16 09:40:04 +10:00
toddouska
bab2f55661
Merge pull request #3563 from SparkiDev/base64_cr
...
Base64: Cache attack resistant decode
2020-12-15 15:16:09 -08:00
Hayden Roche
c47b98bca1
Allow OCSP stapling and NO_WOLFSSL_CLIENT to coexist.
2020-12-15 16:56:21 -06:00
Hayden Roche
eb6473b00f
Fix bugs that made it so client side wasn't verifying certificate status.
2020-12-15 16:56:21 -06:00
Hayden Roche
801aa18b9e
Fix bug where OCSP stapling wasn't happening even when requested by client.
...
The OCSP request that we created didn't have a URL for the OCSP responder, so
the server couldn't reach out to the responder for its cert status.
2020-12-15 16:56:21 -06:00
Daniel Pouzzner
7f44247954
Merge pull request #3567 from SparkiDev/sp_math_fix
...
SP math all: fixes for different compilers and configs
2020-12-15 15:37:25 -06:00
Juliusz Sosinowicz
575f4ba140
Nginx 1.7.7 changes
...
- Push error when decryption fails
- If wolfSSL_CTX_use_certificate keeps passed in cert then it should either copy it or increase its reference counter
- Make wolfSSL_PEM_read_bio_DHparams available with FIPS
2020-12-15 19:32:55 +01:00
JacobBarthelmeh
e0b0c329b3
build fix for --enable-afalg
2020-12-15 10:50:57 -07:00
Jacob Barthelmeh
c048ce5f99
build fix for --enable-ip-alt-name
2020-12-15 23:56:04 +07:00
toddouska
38a11368e0
Merge pull request #3557 from JacobBarthelmeh/Cert-Report2
...
Strict alt names check with DIR name constraint
2020-12-15 08:51:55 -08:00
toddouska
f362c6ecf5
Merge pull request #3562 from SparkiDev/session_mutex
...
SESSION mutex: copying a session overwrote mutex
2020-12-15 08:50:57 -08:00
Vysakh P Pillai
aa2e02807d
Avoid conversions to PEM and register DER certificate chain
2020-12-15 16:15:36 +05:30
Sean Parkinson
356b419532
SP math all: fixes for different compilers and configs
2020-12-15 17:37:59 +10:00
Sean Parkinson
972d6cfefc
Base64: Cache attack resistant decode
2020-12-15 17:22:02 +10:00
Sean Parkinson
52f63ca44b
SESSION mutex: copying a session overwrote mutex
...
New session creation function, NewSession, that doesn't initialize
mutex.
Calling functions, wolfSSL_SESSION_new() and wolfSSL_SESSION_copy(),
initialize the mutex.
2020-12-15 17:20:40 +10:00
Sean Parkinson
65d0cc62fd
Merge pull request #3566 from douzzer/STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK-decl-order
...
C89 decl order in STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK()
2020-12-15 17:01:22 +10:00
WKJay
4f15cfde16
Add rt-thread porting files
2020-12-15 14:49:49 +08:00
Daniel Pouzzner
87e5b55033
don't special case get_digit_count for SP, i.e. eliminate sp_get_digit_count(), to fix -Waddress in sp_get_digit_count macro use in api.c:test_get_digit_count() (sp_get_digit_count() was a non-inline function before commit 91d23d3f5a (sp-math-all)).
2020-12-14 20:14:39 -06:00
John Safranek
123c713658
Key Change
...
Move the setting of the key in the handshake from right before
sending the finished message to between building change cipher spec
and sending it. This way there won't be any opportunity to send a
message after the change cipher spec that won't be encrypted.
2020-12-14 18:13:26 -08:00
John Safranek
f8e674e45d
PSK Alert
...
When the server cannot match the client's identity, the server sends a unknown_psk_identity alert to the client.
2020-12-14 17:56:19 -08:00
toddouska
7fe24daf6c
Merge pull request #3561 from dgarske/st_cube_rel
...
ST Cube Pack Fixes
2020-12-14 16:20:18 -08:00
toddouska
3f6a444bef
Merge pull request #3564 from SparkiDev/tls13_add_sess
...
TLS 1.3: Don't add a session without a ticket
2020-12-14 16:09:52 -08:00
toddouska
43182b9389
Merge pull request #3548 from gstrauss/HAVE_SNI
...
put all SNI code behind simpler preprocessor directive HAVE_SNI
2020-12-14 16:08:53 -08:00
Daniel Pouzzner
70808647ef
move decl of _ret to top in STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(), for C89 happiness.
2020-12-14 17:50:28 -06:00
toddouska
bd871280d7
Merge pull request #3497 from elms/erf32/se_acceleration
...
ERF32: HW acceleration
2020-12-14 15:43:15 -08:00
toddouska
56e2c0e268
Merge pull request #3534 from douzzer/linuxkm-cryptonly
...
--enable-linuxkm --enable-cryptonly
2020-12-14 15:14:54 -08:00
David Garske
428c6b4301
Merge pull request #3523 from SparkiDev/pkcs11_fixes_2
...
Pkcs11 fixes 2
2020-12-14 14:09:26 -08:00
David Garske
032b289835
Merge pull request #3559 from tmael/cc310_ecc_k
...
Fix Cryptocell ecc build err
2020-12-14 10:50:30 -08:00
Sean Parkinson
fb5b415e83
TLS 1.3: Don't add a session without a ticket
...
TLS 1.3 doesn't support resumption with PSK (session ticket or with the
PSK callback).
2020-12-14 14:03:31 +10:00
David Garske
337e95e52b
Fix for AES GCM with hardware crypto and missing wc_AesSetKeyLocal. Broken in PR #3388 .
2020-12-13 13:59:30 -08:00
David Garske
757c07801a
Updates to v4.5.1.
2020-12-13 13:59:30 -08:00
Takashi Kojo
203b7739c9
fix paths, add download site in README
2020-12-13 19:42:20 +09:00
Takashi Kojo
d3aacf4934
add IDE/MQX
2020-12-13 17:41:14 +09:00
Takashi Kojo
6154f29a31
Merge https://github.com/wolfssl/wolfssl
2020-12-13 17:27:53 +09:00
Tesfa Mael
4ee5ae0115
Fix Cryptocell ecc build err
2020-12-11 15:12:42 -08:00
Takashi Kojo
b2a66a10f4
add XXX_ex APIs, corret spelling, descriptions
2020-12-12 07:29:24 +09:00
John Safranek
0e9926bd83
Merge pull request #3553 from haydenroche5/cert_status_fix
...
Fix OCSP cert status check in internal.c
2020-12-11 13:27:29 -08:00
Daniel Pouzzner
2804cb2521
wolfcrypt/test/test.c: more smallstack refactoring in aes_test().
2020-12-11 14:17:25 -06:00
Daniel Pouzzner
0b42f3ae72
wolfcrypt/src/dsa.c: disable MSVC warning C4127 (compiler bug) as in wolfcrypt/src/tfm.c and src/internal.c.
2020-12-11 14:16:44 -06:00
Daniel Pouzzner
f2e1595eef
wolfcrypt/src/dsa.c: use do{}while(0) with break, rather than goto, for top level flow control in wc_DsaSign() and wc_DsaVerify() smallstack refactor.
2020-12-11 14:16:44 -06:00
Daniel Pouzzner
53c6d33695
test.c:aes_test(): add WOLFSSL_SMALL_STACK codepaths for WOLFSSL_AESNI test.
2020-12-11 14:16:44 -06:00
Daniel Pouzzner
1c0df61247
wolfssl/test.h and wolfcrypt/test/test.c: add STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(), recognize macro WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES, and add to wolfcrypt_test() runtime settability of relative cumulative stack depth assert threshold using "-s stacksize".
2020-12-11 14:16:44 -06:00
Daniel Pouzzner
2ed75402b8
wc_DsaSign(): removal several redundant mp_clear()s preceded by mp_forcezero()s.
2020-12-11 14:16:44 -06:00
Daniel Pouzzner
bfff28ab28
ecc.c: fix mp_init_multi() vs mp_clear() dynamics in wc_ecc_verify_hash_ex() and mp_sqrtmod_prime().
2020-12-11 14:16:44 -06:00
Daniel Pouzzner
ec96e5ad74
wolfSSL_BN_is_odd(): fix function signature to match header (unsigned long reverted to WOLFSSL_BN_ULONG).
2020-12-11 14:16:44 -06:00
Daniel Pouzzner
525382fb13
test.c:pkcs7authenveloped_run_vectors(): small stack refactor, and reenable for WOLFSSL_LINUXKM.
2020-12-11 14:16:44 -06:00
Daniel Pouzzner
18984abc9e
configure.ac: replace --enable-stacksize-verbose with --enable-stacksize=verbose, and change _LINUXKM_DEFAULTS ENABLED_SP_DEFAULT and ENABLED_SP_MATH_ALL_DEFAULT from small to yes.
2020-12-11 14:16:44 -06:00
Daniel Pouzzner
4efa85dc03
linuxkm/module_hooks.c: add support for WOLFCRYPT_ONLY.
2020-12-11 14:16:44 -06:00
Daniel Pouzzner
f73fc23282
ecc.c: add smallstack codepaths to ecc_mul2add().
2020-12-11 14:16:44 -06:00
David Garske
cb8c6608f3
Merge pull request #3558 from douzzer/fix-mp_mod_2d-sub-byte-clearing
...
fix mp_mod_2d() for DIGIT_BIT != sizeof(mp_digit)*8
2020-12-11 08:43:51 -08:00
Elms
40087f1fd0
SiLabs: AES return code fixup and comment cleanup
2020-12-10 22:56:11 -08:00
Sean Parkinson
8b2bd1277a
Merge pull request #3551 from douzzer/fix-unit-test-EVP-arc4-32-bit
...
32 bit targets vs test_wolfSSL_EVP_X_STATE_LEN()
2020-12-11 16:46:10 +10:00
Sean Parkinson
3e8e7aa17f
Merge pull request #3550 from douzzer/sp-math-all-sp-word-typo
...
sp_int.c: fix typos in _sp_mul_4() and _sp_sqr_4().
2020-12-11 16:16:48 +10:00
Daniel Pouzzner
ef1284165f
wolfcrypt/src/integer.c: fix sub-byte clearing step of mp_mod_2d() to work when DIGIT_BIT != sizeof(mp_digit)*8.
2020-12-10 23:50:30 -06:00
Jacob Barthelmeh
04e22b0747
add restriction to excluded DIR name constraint
2020-12-11 10:00:11 +07:00
Jacob Barthelmeh
f00263889b
add test case
2020-12-11 08:20:48 +07:00
Sean Parkinson
a075540343
Merge pull request #3552 from tmael/shiftNeg
...
Check shift value
2020-12-11 10:19:27 +10:00
Tesfa Mael
9042843e42
Fix shift and clear digits
2020-12-10 16:13:30 -08:00
toddouska
2c652151ac
Merge pull request #3510 from SparkiDev/sp_modinv_nct
...
SP modinv: add non-constant time modinv
2020-12-10 16:06:12 -08:00
toddouska
cb61dc7d2f
Merge pull request #3522 from douzzer/cleanups-20201119
...
misc cleanups re sp-math-all, FIPS, smallstack
2020-12-10 15:58:33 -08:00
Takashi Kojo
47f7e46ffe
Add wc_RsaPSS_Sign/Verify/CheckPadding
2020-12-11 07:58:39 +09:00
Jacob Barthelmeh
17f32c3e05
add strict check on name constraints with DIR alt names
2020-12-11 05:22:46 +07:00
Daniel Pouzzner
e9a79b2e0d
configure.ac: fix rebase error, re enable-sp-asm on ARM.
2020-12-10 14:46:22 -06:00
Glenn Strauss
59cefd2c99
match preproc defs around wolfSSL_ctrl()
...
match preproc defs around wolfSSL_ctrl() in src/ssl.c
2020-12-10 15:46:20 -05:00
Glenn Strauss
9d095066eb
wrap SNI-related code with HAVE_SNI
...
perhaps some of this code should additionally be wrapped in
- #ifndef NO_WOLFSSL_SERVER
It is fragile and ugly to litter the code with the likes of
- #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
- defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
- defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
while it is much clearer and much more maintainable to wrap SNI-related
code with an SNI-specific feature-define HAVE_SNI (and possibly further
restrict with feature-define #ifndef NO_WOLFSSL_SERVER).
2020-12-10 15:46:20 -05:00
Daniel Pouzzner
f4af6c053c
wolfssl/openssl/aes.h: restore ALIGN16 attribute to pad member of struct WOLFSSL_AES_KEY.
2020-12-10 14:21:19 -06:00
Daniel Pouzzner
0fa4bde5b5
configure.ac: move --enable-sp-asm handling to follow --enable-sp-math-all handling, so that $ENABLED_SP requirement is properly met.
2020-12-10 14:21:08 -06:00
Daniel Pouzzner
f277339528
add explicit casts to XMALLOC()s, even for (void *), to avoid warnings in C++ and MSVC/MSVS builds, and to avoid false positives on simple text searches.
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
f47cdfcaed
wolfcrypt/test/test.c: fix skipped initialization warned by LLVM11 scan-build.
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
3b8e7d546a
sp_int.h: force C linkage, so that enable-sp-math-all is compatible with CC=g++.
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
741098c108
sp_int.c, srp.c: fixes for 5 deadcode.DeadStores found by LLVM11 scan-build.
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
f49e9bf954
dsa.c, srp.c, wolfcrypt/test/test.c: smallstack refactors: wc_DsaExportKeyRaw(), wc_DsaSign(), wc_SrpSetKey(), ecc_test_cdh_vectors(), ecc_test_custom_curves().
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
1fc2c7714c
hmac.c: include wc_port.h rather than settings.h, to pick up WOLFSSL_LINUXKM namespace tweaks.
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
f4ecaf05c0
openssl/aes.h: refactor WOLFSSL_AES_KEY typedef to inline sizeof(Aes) long words, rather than computing the size of Aes from its members.
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
b723c7ddbe
bn.h and ssl.c: define WOLFSSL_BN_ULONG to be target-native unsigned long, revert *_word() bn.h API functions to use WOLFSSL_BN_ULONG, and change wolfSSL_BN_get_word() to return WOLFSSL_BN_ULONG rather than unsigned long, for consistency.
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
27a6de2c2f
configure.ac, wolfssl/wolfcrypt/settings.h, wolfssl/wolfcrypt/wc_port.h: update linuxkm defaults and settings for compatibility with sp-math-all, and change linuxkm default math from sp-math to sp-math-all; refactor enable-all and enable-all-crypto logic to allow piecemeal exclusion of options from the command line.
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
78b2b3ca3b
ssl.c:wolfSSL_BN_get_word_1(): remove dead logic inadvertently retained.
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
f7bf0a78fb
test.c:ecc_test_curve_size(): use a macro, not a static const size_t, for size of exportBuf, to make MS Visual Studio happy.
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
89e6b1eebc
wc_ecc_mulmod_ex(): be more careful freeing temp key.
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
e6b587772f
fix pointer type clash in wolfSSL_BN_mod_word(); restore accidentally removed WOLFSSL_KEY_GEN gate in dsa_test().
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
cbc190f13c
wolfcrypt/src/ecc.c: smallstack refactors of wc_ecc_mulmod_ex() and mp_sqrtmod_prime().
2020-12-10 14:16:21 -06:00
Daniel Pouzzner
ad2cb67047
wolfcrypt/test/test.c: _SMALL_STACK refactors of dsa_test(), srp_test(), openssl_pkey1_test(), and ecc_test_curve_size(); add missing FIPS gates.
2020-12-10 14:16:20 -06:00
Daniel Pouzzner
5286cb1a46
optimize domain check in wolfcrypt/src/integer.c and wolfcrypt/src/tfm.c.
2020-12-10 14:16:20 -06:00
Daniel Pouzzner
53cfa55941
src/ssl.c and wolfssl/openssl/bn.h: refactor _word mp routines to consistently accept/return target-native unsigned long type, for compatibility with sp-math-all. needed because WOLFSSL_BN_ULONG can, surprisingly, be only 16 bits, when sp-math-all in a 32 bit build.
2020-12-10 14:16:20 -06:00
Daniel Pouzzner
7cfe1e2143
sha3.h: rename struct Sha3 to struct wc_Sha3 for consistency, and compatibility with FIPS source.
2020-12-10 14:16:20 -06:00
Daniel Pouzzner
cfc08cc13f
configure.ac: remove smallstackcache from linuxkm default options; add several feature exclusions to enable-all and enable-all-crypto to make them compatible with fips=ready; render the FIPS option in the feature summary at end.
2020-12-10 14:16:20 -06:00
Daniel Pouzzner
2a2ba896ec
documentation typo: wc_InitSha356() sounds like an interesting algorithm but, alas, we will have to settle for wc_InitSha256().
2020-12-10 14:16:20 -06:00
Daniel Pouzzner
c5e2ccabb1
fix --enable-stacksize-verbose: relocate declarations for HAVE_STACK_SIZE_VERBOSE global variables from wolfssl/test.h to wolfssl/wolfcrypt/logging.h, matching their location in wolfcrypt/src/logging.c.
2020-12-10 14:16:20 -06:00
toddouska
b93109cf1c
Merge pull request #3540 from SparkiDev/int_toradix_fix
...
MP integer: fix map string for toradix and read_radix
2020-12-10 12:01:45 -08:00
toddouska
cd3b91a8fe
Merge pull request #3536 from SparkiDev/arm64_rev
...
ByteReverseWord32 AARCH64: Use proper instruction - REV32
2020-12-10 11:59:00 -08:00
Elms
9ba78eb825
SiLabs: Clarify comments and fix sig buffer size
2020-12-10 10:45:55 -08:00
Hayden Roche
a6378de4f0
Fix OCSP cert status check in internal.c
...
I missed one line in internal.c when I recently modified the OCSP ASN code.
2020-12-10 10:32:30 -06:00
Tesfa Mael
4bd49d2b28
Update with a proper check
2020-12-09 17:05:56 -08:00
Elms
93fc37f87b
SiLabs: add cleanup and address PR comments
2020-12-09 16:28:39 -08:00
Sean Parkinson
2862a9ce56
SP modinv: add non-constant time modinv
...
Can only be used in ECC verify - sign operation must be constant time.
Not used for small code.
2020-12-10 09:24:22 +10:00
Tesfa Mael
44903ff8ae
Check shift value
2020-12-09 15:04:28 -08:00
John Safranek
ad1118326b
Merge pull request #3546 from dgarske/gh_no_rng
...
Fix for `WC_NO_RNG` with GreenHills
2020-12-09 14:30:44 -08:00
Chris Conlon
21625ab0c2
Merge pull request #3533 from JacobBarthelmeh/PKCS7
...
fix for PKCS7 decompress
2020-12-09 14:00:42 -07:00
Elms
586a75302b
SiLabs: extra check on importing key to se_key buffer
2020-12-09 12:54:24 -08:00
Daniel Pouzzner
181f439028
api.c: in test_wolfSSL_EVP_X_STATE_LEN(), fix assert on size of EVP state to work on 32 bit targets.
2020-12-09 14:04:16 -06:00
Daniel Pouzzner
2de261c2de
sp_int.c: fix typos in _sp_mul_4() and _sp_sqr_4().
2020-12-09 12:10:46 -06:00
toddouska
f31b41fcca
Merge pull request #3495 from haydenroche5/httpd
...
Add OpenSSL compatibility functions for latest version of Apache httpd
2020-12-09 09:55:13 -08:00
toddouska
b7aa0ebf57
Merge pull request #3458 from julek-wolfssl/EVP_Cipher-api
...
EVP_Cipher should return length written.
2020-12-09 09:52:44 -08:00
toddouska
367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe
...
TLS 1.3: PSK only
2020-12-09 09:45:34 -08:00
toddouska
7834dee991
Merge pull request #3503 from SparkiDev/dtls_mtu_write
...
DTLS MTU: check MTU on write
2020-12-09 09:42:44 -08:00
toddouska
6c62899ea8
Merge pull request #3535 from SparkiDev/sp_fixes_4
...
SP: change implicit casting downs to be explicit
2020-12-09 09:25:57 -08:00
toddouska
0b78137dfa
Merge pull request #3537 from SparkiDev/sp_int_configs
...
SP math all: fixes for configurations that don't specify size
2020-12-09 09:16:46 -08:00
toddouska
cbf8e754e0
Merge pull request #3541 from SparkiDev/rsavfy_sp
...
SP: Get RSA verify only to build with DH
2020-12-09 09:15:45 -08:00
toddouska
b726ec52d2
Merge pull request #3547 from haydenroche5/benchmarking_tput
...
Fix RX/TX throughput reporting in example server.
2020-12-09 09:15:00 -08:00
David Garske
ec6163c0f6
Merge pull request #3549 from ejohnstown/sniffer-fix
...
Sniffer Test Filename Fix
2020-12-09 08:18:51 -08:00
John Safranek
3e8bad7ae9
Sniffer Test Filename Fix
...
1. When using multiple filenames, keep the original entered string
around so it may be reused for each IP address.
2. Strip the trailing newline from the entered filename list.
2020-12-08 17:16:34 -08:00
Sean Parkinson
d34b0072a2
ARM: identify ARM CPU for Thumb and Cortex
...
Better detailed check of CPU architecture for 32-bit byte reversal asm
2020-12-09 08:54:18 +10:00
Hayden Roche
5fdc4cf6e1
Fix RX/TX throughput reporting in example server.
...
- I observed that client TX throughput < client RX throughput, but server TX
throughput > server RX throughput. Turns out this is just a typo in the
printing of the stats. The RX stat was being printed as the TX stat and vice-
versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
for the server to come up. If you were to time this script with the time
command, you'll see that 2 seconds in the result, which might be confusing
if you didn't realize the sleep was there.
2020-12-08 16:49:09 -06:00
Elms
ef4db5b808
SiLabs: simplify init
2020-12-08 13:16:13 -08:00
Elms
620fe2da14
SiLabs: Fix tests and wc_ecc_import_private_key
2020-12-08 12:22:35 -08:00
David Garske
9ced741ef3
Fix for WC_NO_RNG with GreenHills.
2020-12-08 12:16:41 -08:00
Jacob Barthelmeh
bc50b7b836
fix order of arguments with PKCS7 decompression
2020-12-08 23:11:59 +07:00
Jacob Barthelmeh
081cea7405
set optional limit on max decompression buffer size
2020-12-08 20:16:27 +07:00
Elms
919c2a2dfb
SiLabs: address PR comments to cleanup
2020-12-07 16:16:11 -08:00
Elms
3abc4719ae
SiLabs: cleanup TODOs
2020-12-07 15:32:44 -08:00
Elms
44243278a5
SiLabs: renable ecc_ssh_test and disable AES non-12Byte IV
2020-12-07 15:04:00 -08:00
WKJay
227faedcc7
Port for RT-Thread
2020-12-07 16:22:28 +08:00
Sean Parkinson
9b894048fd
PKCS #11 : only open/close session when performing op, use C_Sign for RSA
...
Was opening and closing sessions when operations not compiled in were
being attempted (e.g. hashing during certificate signing).
C_Sign can be used with X509 RSA (raw) as it does the same operations as
C_Decrypt. Use the function matching hig level operation where
supported.
Make debugging functions take a CK_ULONG rather than an int - to avoid
casting.
2020-12-07 10:15:43 +10:00
Sean Parkinson
dbe4ce0e24
SP: Get RSA verify only to build with DH
...
Fix configuration: --enable-rsavfy --enable-sp --enable-cryptonly
[--enable-sp-asm]
2020-12-07 09:46:14 +10:00
Sean Parkinson
9bbef90546
MP integer: fix map string for toradix and read_radix
2020-12-07 09:12:53 +10:00
Glenn Strauss
034248b964
add more missing HAVE_LIGHTY
2020-12-05 15:52:17 -05:00
Sean Parkinson
281ba96bd0
SP math all: fixes for configurations that don't specify size
2020-12-04 16:47:11 +10:00
Sean Parkinson
d475463c91
Merge pull request #3528 from JacobBarthelmeh/Testing
...
fix build with ARM64 SP, FP_ECC and WC_NO_CACHE_RESISTANT
2020-12-04 12:17:24 +10:00
Sean Parkinson
a72393eb33
ByteReverseWord32 AARCH64: Use proper instruction - REV32
2020-12-04 12:05:33 +10:00
Sean Parkinson
56cb4c8ea7
SP: change implicit casting downs to be explicit
2020-12-04 11:52:39 +10:00
Hayden Roche
03c7e52f5f
Add OpenSSL compatibility functions for Apache httpd's OCSP module.
2020-12-03 11:22:43 -06:00
Hayden Roche
bca43654df
Make changes to OCSP ASN code.
...
- Use OcspEntry in OcspResponse instead of CertStatus. OcspEntry is more
analogous to an OCSP SingleResponse, which contains issuer name and key
hashes. Correspondingly, remove these hashes from OcspResponse, since they'll
now be stored per SingleResponse in an OcspEntry.
- Add a hashAlgoOID to OcspEntry (corresponds to hashAlgorithm in CertId in RFC
6960). This makes OcspEntry more closely resemble an OCSP SingleResponse.
- Change WOLFSSL_OCSP_CERTID to map to OcspEntry. OcspEntry contains all the
information that an OCSP CertID contains, and is a better fit than
OcspRequest.
- Add a pointer to the raw CertId in an OCSP SingleResponse to OcspEntry, along
with a size field to indicate how many bytes the CertId occupies. This will
be used in an OpenSSL compatibility function, i2d_OCSP_CERTID, which yields
the raw bytes of the CertId.
2020-12-03 11:22:43 -06:00
Vysakh P Pillai
c31f20706b
use const variable as the size for an array
2020-12-03 22:25:28 +05:30
Jacob Barthelmeh
fbf56bcf96
fix for PKCS7 decompress
2020-12-03 18:57:25 +07:00
Vysakh P Pillai
376cac5ab1
Implement review comments
2020-12-03 08:25:40 +05:30
toddouska
69d642206d
Merge pull request #3513 from SparkiDev/ecc_vfy_r_s_check
...
ECC verify: validate r and s before any use
2020-12-02 14:33:38 -08:00
toddouska
9f5141a333
Merge pull request #3524 from SparkiDev/ocsp_resp_free
...
OCSP callback: call embed free in test callback
2020-12-02 13:48:09 -08:00
toddouska
b4c7b5e6ce
Merge pull request #3525 from SparkiDev/tls13_session
...
TLS 1.3: always add session when sending finished message
2020-12-02 13:47:38 -08:00
toddouska
36b73b738b
Merge pull request #3526 from SparkiDev/aes_prefetch
...
AES: When not X86_64, PreFetch*() not used
2020-12-02 13:28:58 -08:00
toddouska
d75a983766
Merge pull request #3527 from SparkiDev/ecc_safe
...
ECC add and dbl point: always use safe add and dbl
2020-12-02 13:28:10 -08:00
toddouska
0be45e731b
Merge pull request #3529 from SparkiDev/ocsp_single_ext
...
OCSP: Handle extensions in singleResponse
2020-12-02 13:26:46 -08:00
Vysakh P Pillai
3a2675fb63
implement additional review comments
2020-12-02 22:30:02 +05:30
Vysakh P Pillai
9e475b01be
implement review comments
2020-12-02 22:15:02 +05:30
Kaleb Himes
fd158411e8
Merge pull request #3494 from JacobBarthelmeh/CSharp
...
pin the C# verify callback
2020-12-02 06:08:41 -07:00
Vysakh P Pillai
ecc6ec4d97
support TNGTLS certificate loading for Harmony3
...
Changes to atmel.c file that lets a user to
1. Use Harmony3 generated configurations to initialize the device in atmel_init().
2. Read the device certificate chain from ECC608 TNGTLS and initialize the ctx with it to use as device certificate.
- This is the true purpose of going with TNGTLS
2020-12-02 13:53:46 +05:30
Sean Parkinson
3d9b4f10f0
AES: When not X86_64, PreFetch*() not used
...
When WC_INLINE is defined then compiler doesn't mind. Otherwise, this is
a warning.
2020-12-02 09:04:48 +10:00
Juliusz Sosinowicz
0d87dfa493
EVP_Cipher should return length written.
2020-12-01 18:36:36 +01:00
Elms
dbcb42e509
SiLabs: fix unused variable #if
2020-12-01 08:56:01 -08:00
Sean Parkinson
9b5b9fd85d
OCSP: Handle extensions in singleResponse
2020-12-01 16:41:20 +10:00
Elms
099ed25da8
SiLabs: fixing compiler warnings and better error checking
2020-11-30 21:01:49 -08:00
Elms
e1e8ca48c3
SiLabs: README and include updates
2020-11-30 21:01:49 -08:00
Elms
9f7ef0b3e6
SiLabs: Add ECC hardware acceleration support
2020-11-30 21:01:49 -08:00
Elms
a9f8b6e5b7
SiLabs: TRNG hardware acceleration
2020-11-30 21:01:49 -08:00
Elms
e501346047
SiLabs: add AES-CCM hardware acceleration support
2020-11-30 21:01:49 -08:00
Elms
79c31a5f2c
SiLbs: SHA and AES-{GCM,CBC} hardware acceleration using se_manager
2020-11-30 21:01:49 -08:00
Elms
1899a72d27
Micrium: benchmark fixes
...
* Time update for v5.8 to avoid rollover issues
* define `XSNPRINTF`
* `printf` based on Micrium version
2020-11-30 16:32:30 -08:00
Elms
6e21f547ff
Micrium: fix compiler warnings
2020-11-30 16:32:30 -08:00
Elms
0cbf8c7f28
Micrium: readme url fix and add additional link to k70 example with TCP
2020-11-30 16:32:30 -08:00
Elms
165cb443e7
Micrium v5.8 support
...
* OS error type change from uc OS3 to v5
* detect if network or TCP is available
* XMEMCMP change workaround
2020-11-30 16:32:30 -08:00
John Safranek
6fc64263f2
Merge pull request #3519 from julek-wolfssl/scr-timeout
...
Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage
2020-11-30 11:40:35 -08:00
JacobBarthelmeh
42a63e8cc8
fix build with ARM64 SP, FP_ECC and WC_NO_CACHE_RESISTANT
2020-11-29 20:26:55 -08:00
Sean Parkinson
6bb38a1066
ECC add and dbl point: always use safe add and dbl
...
Can be using basepoint or public key at any time. Can't tell difference.
Always use the safe versions.
For private key operations, only working on the basepoint and will never
do any timinig different operations.
No impact on performance.
2020-11-30 11:44:50 +10:00
Sean Parkinson
22a8be412b
TLS 1.3: always add session when sending finished message
2020-11-27 09:46:02 +10:00
Sean Parkinson
40154d69cf
OCSP callback: call embed free
...
Leaks memory if not called.
Configuration:
./configure --disable-shared --enable-ocsp --enable-sni
C_EXTRA_FLAGS="-DWOLFSSL_NONBLOCK_OCSP"
Leaking test:
valgrind ./examples/client/client -X -C -h www.globalsign.com -p
443 -A certs/external/ca-globalsign-root.pem -g -o -N -v d -S
www.globalsign.com
2020-11-27 09:16:24 +10:00
Sean Parkinson
35acfa0f42
SP ECC: check the length of public key ordinates and private key
...
Do quick bit length check before loading the MP integers into fixed size
arrays.
Changed ECC to use SP key check function if SP enabled and not only with
SP Math.
2020-11-27 08:49:30 +10:00
Sean Parkinson
38740a1caa
Fix dynamic type name
2020-11-27 08:37:16 +10:00
Sean Parkinson
5ca8e8f87c
PKCS#11: Label fixes and add support for checking private key
...
Check private key matches the public key passed in.
Need to use a new API to pass in the token to use to perform PKCS #11
operations with.
2020-11-27 08:37:16 +10:00
Sean Parkinson
43aeac4cf4
PKCS #11 SSL: detect key size when certificate set
2020-11-27 08:31:45 +10:00
Sean Parkinson
19f10cd382
PKCS #11 : implement identifying keys by label
2020-11-27 08:31:45 +10:00
toddouska
84a9e16805
Merge pull request #3388 from SparkiDev/aesgcm_4bit_table
...
AES-GCM: GMULT using 4-bit table
2020-11-25 15:45:28 -08:00
toddouska
86bbaad7fa
Merge pull request #3505 from kojo1/EVP-gcm
...
set tag for zero inl case 2
2020-11-25 15:43:27 -08:00
toddouska
dc76a4d522
Merge pull request #3511 from cconlon/zd11268
...
return err from fp_invmod_slow() when fp_add() fails
2020-11-25 15:41:12 -08:00
toddouska
e882159a02
Merge pull request #3516 from cconlon/zd11287
...
wc_ecc_rs_to_sig(): move r and s zero check before StoreECC_DSA_Sig()
2020-11-25 15:36:30 -08:00
David Garske
9f07f3e96e
Merge pull request #3520 from ejohnstown/vrf-fix
...
Verify Callback Fix
2020-11-25 11:37:06 -08:00
JacobBarthelmeh
1668b7060c
Merge pull request #3500 from cconlon/zd11011v2
...
PKCS#7: verify extracted public key in wc_PKCS7_InitWithCert
2020-11-26 02:26:08 +07:00
JacobBarthelmeh
719403cd0c
Merge pull request #3509 from kojo1/openssl-version
...
OPENSSL_VERSION_NUMBER to be defined by the user
2020-11-26 02:10:24 +07:00
toddouska
a0cd75081d
Merge pull request #3514 from SparkiDev/aesni_sse4
...
AESNI compile flags: clang doesn't need -msse4
2020-11-25 08:55:35 -08:00
Sean Parkinson
ca5ffc0743
AESNI compile flags: clang can't have -msse4
...
Setting the SSE4 architecture with clang creates executables that can't
run on old machines.
2020-11-25 10:32:42 +10:00
Sean Parkinson
d0703f8931
AES-GCM: GMULT using 4-bit table
...
When 64-bit data type available and not big endian code is faster.
--enable-aesgcm=4bit
2020-11-25 08:47:50 +10:00
John Safranek
4baf923218
Verify Callback Fix
...
1. Removed a flag set that would force all certificates in a chain
to be verified. There was a compile time option to make that happen
already.
2. Replace some options for some test failure test cases that were added
and immediately removed.
(ZD 11292)
2020-11-24 11:46:10 -08:00
Juliusz Sosinowicz
95132b1c55
Make renegotiation information available outside of OPENSSL_EXTRA
2020-11-24 17:03:40 +01:00
Juliusz Sosinowicz
41d58465c0
Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage
...
Reset DTLS stored messages on a FreeHandshakeResources call even if secure renegotiation is enabled. Without this, in a server initiated rehandshake, the server would keep old messages (ChangeCipherSpec and Finished) even when it sent a HelloRequest message.
2020-11-24 16:06:35 +01:00
Sean Parkinson
b1f9aba0ca
SP div: stop overflow on divide
2020-11-24 16:14:14 +10:00
Sean Parkinson
b9a2725429
ECC verify: validate r and s before any use
...
SP code assumes r and s are valid values.
Code for ATECC508A, ATECC608A and CRYPTOCELL assumes that the r and s
are the size of the key when converting to byte arrays.
2020-11-24 16:14:14 +10:00
John Safranek
f5c2bef78f
Merge pull request #3492 from julek-wolfssl/dtls-scr-optimizations
...
Save the HelloRequest message just like other handshake mesasges
2020-11-20 11:50:51 -08:00
Juliusz Sosinowicz
69bea008dd
Save the HelloRequest message just like other handshake mesasges
...
Implement a timeout mechanism for non-blocking sockets
2020-11-20 11:41:19 +01:00
John Safranek
2d79e38436
Merge pull request #3485 from julek-wolfssl/dtls-scr-seq-correct-num
...
Fix overlapping sequence number error.
2020-11-19 14:19:13 -08:00
Chris Conlon
64429693ff
add MP_ZERO_E unit tests for wc_ecc_rs_to_sig()
2020-11-19 14:41:02 -07:00
Chris Conlon
f8fd3f8bc1
wc_ecc_rs_to_sig: check r,s for zero before StoreECC_DSA_Sig()
2020-11-19 14:35:35 -07:00
Chris Conlon
1d599272e7
add unit test for wc_PKCS7_InitWithCert() with malformed cert
2020-11-19 14:19:55 -07:00
David Garske
d4c59e369e
Merge pull request #3335 from julek-wolfssl/RSA-PSS-padding-in-EVP_Digest-API
...
Enable RSA-PSS padding in EVP_Digest* API
2020-11-19 09:31:12 -08:00
toddouska
43f8eac8ba
Merge pull request #3362 from SparkiDev/sp_math_all
...
Implement all relevant mp functions in sp_int
2020-11-19 08:10:11 -08:00
Sean Parkinson
91d23d3f5a
Implement all relevant mp functions in sp_int
2020-11-19 11:58:14 +10:00
toddouska
aa9ed17afa
Merge pull request #3512 from dgarske/openssl_pem
...
Fix for missing `wolfSSL_PEM_write_bio_PrivateKey` with WebRTC
2020-11-18 16:17:46 -08:00
toddouska
de6f1c1ae2
Merge pull request #3508 from JacobBarthelmeh/DH
...
fix for no filesystem build with DH test case
2020-11-18 16:15:42 -08:00
toddouska
3808865f57
Merge pull request #3504 from SparkiDev/fp_div_oob_read
...
TFM div: fix initial value of size in q so clamping doesn't OOB read
2020-11-18 16:15:08 -08:00
toddouska
ca281f976e
Merge pull request #3493 from dgarske/zd11245
...
Sniffer fixes for handling TCP `out-of-range sequence number`
2020-11-18 16:14:09 -08:00
Takashi Kojo
7c68136a8b
OPENSSL_VERSION_NUMBER to be defined by the user
2020-11-19 09:13:05 +09:00
toddouska
a280df1892
Merge pull request #3488 from kabuobeid/x509_objtxt_lname
...
Return long names instead of short names in wolfSSL_OBJ_obj2txt().
2020-11-18 16:10:46 -08:00
toddouska
6860d419c6
Merge pull request #3483 from SparkiDev/mp_rshb_word
...
rshb: handle cases of shift amount being multiple of DIGIT_BIT
2020-11-18 16:07:57 -08:00
toddouska
b0979f4225
Merge pull request #3476 from dgarske/sniffer_hrr
...
Fixes for TLS sniffer with v1.3 (HRR and Certs)
2020-11-18 16:07:11 -08:00
toddouska
3adeff672b
Merge pull request #3472 from SparkiDev/pickhashsigalgo_rework
...
TLS PickHashSigAlgo: rework
2020-11-18 15:58:59 -08:00
toddouska
dedde4c058
Merge pull request #3456 from JacobBarthelmeh/Certs
...
strict certificate version allowed from client
2020-11-18 15:55:50 -08:00
toddouska
9183c35fb8
Merge pull request #3446 from haydenroche5/client_want_write_sim
...
Add an option to the example client to simulate WANT_WRITE errors.
2020-11-18 15:54:09 -08:00
toddouska
9bde34ef5b
Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names
...
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
2020-11-18 15:52:52 -08:00
Chris Conlon
f02187eef7
fix additional err returns in fp_invmod_slow()
2020-11-18 16:29:13 -07:00
Sean Parkinson
d8b58286d1
TLS 1.3: PSK only
...
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
2020-11-19 09:21:24 +10:00
Chris Conlon
fa08930921
Merge pull request #3498 from ethanlooney/30th_branch
...
Added unit tests for blake2b
2020-11-18 13:34:21 -07:00
David Garske
4cfe5a1bc1
Fix for missing wolfSSL_PEM_write_bio_PrivateKey with WebRTC. If keygen or certgen is not specified this was incorrectly being excluded with opensslextra or opensslall.
2020-11-18 11:30:53 -08:00
Chris Conlon
68744c4da0
return err from fp_invmod_slow() when fp_add() fails
2020-11-18 10:25:15 -07:00
tmael
3b552fecc9
Merge pull request #3481 from dgarske/no_ecc
...
Fixes for various build configurations
2020-11-17 17:11:27 -08:00
Sean Parkinson
c17f8b58e4
Merge pull request #3506 from dgarske/sp_check_ecc
...
Fixes for SP math only with ECC check key
2020-11-18 09:19:54 +10:00
Ethan Looney
3692c760b9
Changed key to size BLAKE2B_KEYBYTES
2020-11-17 14:03:08 -07:00
Chris Conlon
3640bf241c
Merge pull request #3507 from ethanlooney/32nd_branch
...
Doxygen - Removed link/button to annotated.html page as it is currently broken
2020-11-17 13:40:27 -07:00
Juliusz Sosinowicz
a0a3a2b74c
Review changes
2020-11-17 19:15:12 +01:00
David Garske
508ba85b69
Fixes for SP math only with ECC check key. Fix SP math when loading an ECC public only and calling wc_ecc_check_key. Fix for missing ecc_check_privkey_gen with SP math only. Applies to: /configure --enable-sp --enable-sp-math CFLAGS="-DWOLFSSL_VALIDATE_ECC_IMPORT".
2020-11-17 08:13:08 -08:00
David Garske
8fe6186621
Merge pull request #3496 from haydenroche5/pre_commit_stash_fix
...
Modify pre-commit.sh to only stash and stash pop if there are modified files not add to the index
2020-11-17 07:54:50 -08:00
Juliusz Sosinowicz
b4754d5706
CAVP, Windows, and FIPS tests
2020-11-17 15:06:35 +01:00
Juliusz Sosinowicz
d18e2d7386
Refactoring and use salt length discover if available
2020-11-17 15:06:35 +01:00
Juliusz Sosinowicz
fa03113460
enum wc_HashType switch
...
switch needs to handle all possible enum values or else the compiler generates warnings
2020-11-17 15:04:57 +01:00
Juliusz Sosinowicz
248dd12993
Enable RSA-PSS padding in EVP_Digest* API
2020-11-17 15:04:57 +01:00
Jacob Barthelmeh
9cdbff8ee7
fix for no filesystem build with DH test case
2020-11-17 18:27:32 +07:00
Ethan Looney
7467b4c456
Removed link/button to annotated.html page as it is currently broken
2020-11-16 14:25:22 -07:00
Ethan Looney
549c446aaa
Removed leftovers from merge conflict
2020-11-16 13:17:49 -07:00
David Garske
710cb7c9f5
Fixes for ECC tests with WOLFSSL_NO_MALLOC defined.
2020-11-16 12:17:30 -08:00
David Garske
e5a0a264b3
Fix for coverity report with possible use of uninitialized value "err" in WC_ECC_NONBLOCK case. More fixes for building with WOLFSSL_NO_MALLOC.
2020-11-16 12:17:28 -08:00
David Garske
40387ab0a0
Fixes for building with WOLFSSL_NO_MALLOC and/or NO_ASN_CRYPT defined.
2020-11-16 12:17:28 -08:00
David Garske
f3b176d7e3
Fix for unused parameter with NO_ASN in ECC.
2020-11-16 12:17:28 -08:00
David Garske
4a790cd024
Fixes for building with --disable-ecc and --disable-dh.
2020-11-16 12:17:27 -08:00
Ethan Looney
48f2d917b9
Added unit tests for blake2b
2020-11-16 13:06:51 -07:00
Chris Conlon
4e37036cba
Merge pull request #3499 from ethanlooney/31st_branch
...
Added blake2s unit tests
2020-11-16 09:37:31 -07:00
JacobBarthelmeh
4efbb2fc70
Merge pull request #3418 from cconlon/zd11003
...
PKCS#7: check PKCS7 VerifySignedData content length against total bundle size
2020-11-16 18:14:41 +07:00
Takashi Kojo
10380c6850
(ctx->gcmBuffer != NULL && ctx->gcmBufferLen == 0)
2020-11-16 15:48:39 +09:00
Sean Parkinson
a00c75c51b
DTLS MTU: check MTU on write
2020-11-16 09:30:04 +10:00
Sean Parkinson
837de435ba
TFM div: fix initial value of size in q so clamping doesn't OOB read
2020-11-16 09:29:13 +10:00
David Garske
e9f0cb234b
Merge pull request #3425 from haydenroche5/cmake
...
CMake improvements
2020-11-14 08:35:54 -08:00
Chris Conlon
c436bc44e6
verify extracted public key in wc_PKCS7_InitWithCert
2020-11-13 17:23:40 -07:00
Ethan Looney
0541a59edd
Added blake2s unit tests
2020-11-13 14:43:50 -07:00
Hayden Roche
cd61fbd0fe
Modify pre-commit.sh to only stash and stash pop if there are modified files not
...
added to the index.
Before this change, if there was nothing to stash, the last thing you stashed
would get popped at the end of the script.
2020-11-13 13:38:58 -06:00
Kareem Abuobeid
da06ef8c3f
Return long names instead of short names in wolfSSL_OBJ_obj2txt().
2020-11-13 12:03:26 -07:00
David Garske
d4e1340027
Merge pull request #3486 from douzzer/refactor-gccish-macros
...
sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions
2020-11-13 09:26:00 -08:00
Hayden Roche
8f6c21d600
CMake improvements.
...
- Begin adding options to enable/disable different features.
- Increase minimum CMake version to 3.2.
- Support installation of the built files.
- Add checks for necessary include files, functions etc.
- Generate options.h and config.h.
- Use GNUInstallDirs to support installation, which is designed to be somewhat
cross-platform.
- Export wolfssl CMake target during installation, so others using CMake can
link against wolfssl easily.
- Disallow in-source builds.
- Place the generation of BUILD_* flags (controlled with AM_CONDITIONALs
in configure.ac) in a separate function in functions.cmake,
generate_build_flags.
- Implement the logic to conditionally add source files from
src/include.am in a function in functions.cmake, generate_lib_src_list.
- Exclude tls_bench from Windows. Doesn't compile with MSVC. WIP.
- Update INSTALL with latest CMake build instructions.
- Add a cmake/include.am to ensure CMake files get added to the distribution.
2020-11-13 11:25:04 -06:00
David Garske
7f559b1d1a
Merge pull request #3487 from ejohnstown/sbf
...
Scan-Build Fixes
2020-11-13 09:24:17 -08:00
Hayden Roche
3d5c747ed5
Modify a couple tests to use WANT_WRITE simulation.
2020-11-13 10:35:56 -06:00
Hayden Roche
2fc594d319
Modify example server to be resilient to WANT_WRITE errors.
2020-11-13 10:33:10 -06:00
Hayden Roche
e035eb8f8a
Add an option to the example client to simulate WANT_WRITE errors.
...
- Add this option as "-6."
- Turn on non-blocking mode if WANT_WRITE simulation is enabled.
- Create a send IO callback that gets registered when this option is turned on.
This callback alternates between letting the TX through and returning a
WANT_WRITE error.
2020-11-13 10:30:24 -06:00
John Safranek
28be1d0cb3
Scan-Build Fixes
...
1. Fix some potential uninitialized pointer errors in the functions sp_RsaPublic_2048, sp_RsaPublic_3072, and sp_RsaPublic_4096 for small stack builds.
To recreate:
$ scan-build ./configure --enable-sp=small --enable-smallstack --enable-smallstackcache CPPFLAGS="-DECC_CACHE_CURVE -DHAVE_WOLF_BIGINT"
2020-11-12 20:58:25 -08:00
John Safranek
1e348b991d
Scan-Build Fixes
...
1. Fix a potential dereference of NULL pointer.
To recreate:
$ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
2020-11-12 20:58:17 -08:00
Jacob Barthelmeh
3773d33070
pin the C# verify callback
2020-11-13 11:57:20 +07:00
JacobBarthelmeh
a8333b09a0
memory cleanup with test case
2020-11-12 20:24:47 -08:00
David Garske
f02cc650a2
Fixes for handling TCP out-of-range sequence number.
2020-11-12 16:09:09 -08:00
David Garske
c7053e9a36
Fix scenario where FreeHandshakeResources is called and server hello is recevied and WOLFSSL arrays is NULL.
2020-11-12 16:09:00 -08:00
Chris Conlon
53c6698678
Merge pull request #3445 from kojo1/EVP-gcm
...
set tag for zero inl case
2020-11-12 15:49:45 -07:00
Chris Conlon
735fb19ea9
break out on error parsing PKCS#7 SignedData inner OCTET_STRING
2020-11-12 15:44:25 -07:00
David Garske
b931b1bd4d
Fix to not allow free for globally cached sessions. Resolves a false-positive scan-build warning.
2020-11-12 12:51:41 -08:00
John Safranek
38867ae2bf
Scan-Build Fixes
...
1. Added a check to see if the "d" in sp_div() ended up with a negative used length. Return error if so.
To recreate:
$ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
2020-11-12 10:24:11 -08:00
David Garske
cdf44f6ff6
Pass static ephemeral keys for TLS v1.2 as well.
2020-11-12 09:18:24 -08:00
John Safranek
e996a7d15b
Scan-Build Fixes
...
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.
To recreate:
$ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
$ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
2020-11-12 09:06:59 -08:00
David Garske
a6f2081af1
Fixes for key loading errors in snifftest application.
2020-11-12 08:59:11 -08:00
David Garske
a53b734c83
Fix for client_hello keyshare with multiple entries. Fix for change_cipher_spec after finished.
2020-11-12 08:59:11 -08:00
David Garske
ea21ddf540
Fix to only free existing key in SetStaticEphemeralKey if the incoming algorithm type has been specified.
2020-11-12 08:59:11 -08:00
David Garske
5cda549d00
Allow passing multiple keys (comma separated) with the sniffer test tool. This allows setting both DH and ECC static ephemeral keys. Do not fail on resume not found.
2020-11-12 08:59:11 -08:00
David Garske
720919198f
Fix for Scan-buld and when building without ECC or DH.
2020-11-12 08:59:11 -08:00
David Garske
71d9f1e9bd
Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral.
2020-11-12 08:59:11 -08:00
David Garske
1c87f3bdc1
Improve sniffer resume logic.
2020-11-12 08:59:10 -08:00
David Garske
d208779974
Added test case for TLS v1.3 with HRR (hello_retry_request)
2020-11-12 08:59:10 -08:00
David Garske
b74f0fb6b8
Fixes for sniffer with hello_retry_request. Fix for TLS v1.3 certificate processing.
2020-11-12 08:59:10 -08:00
David Garske
c7bb602a30
Merge pull request #3482 from douzzer/scan-build-fixes-20201110
...
scan-build fixes -- 1 null deref, 34 unused results
2020-11-12 07:45:45 -08:00
Daniel Pouzzner
1cbc2e8608
openssl.test: recognize TLS13-AES128-CCM-8-SHA256 and TLS13-AES128-CCM8-SHA256 as equivalent while iterating through $wolf_ciphers.
2020-11-11 23:23:28 -06:00
Daniel Pouzzner
7850d71ccb
add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases.
2020-11-11 22:47:47 -06:00
Daniel Pouzzner
68ebca8573
wolfcrypt/test/test.c: fix typos in aesgcm_test() malloc checks.
2020-11-11 22:47:47 -06:00
toddouska
d3e3b21c83
Merge pull request #3393 from dgarske/zd11104
...
Fix for TLS ECDH (static DH) with non-standard curves
2020-11-11 14:22:37 -08:00
toddouska
197c85289b
Merge pull request #3468 from SparkiDev/sp_c_mul_d
...
SP C32/64 mul_d: large div needs mul_d to propagate carry
2020-11-11 14:06:25 -08:00
Daniel Pouzzner
f96fbdb7d1
sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions.
2020-11-11 13:44:26 -06:00
Daniel Pouzzner
5fe1586688
fix 34 deadcode.DeadStores detected by llvm11 scan-build.
2020-11-11 13:04:14 -06:00
JacobBarthelmeh
fe2dcf76fe
Merge pull request #3413 from cconlon/zd11011
...
PKCS#7: check PKCS7 SignedData private key is valid before using it
2020-11-11 22:55:03 +07:00
Jacob Barthelmeh
4705ebde88
add guard on test case for cert gen
2020-11-11 21:53:52 +07:00
Juliusz Sosinowicz
d49038ae24
Fix overlapping sequence number error.
...
wolfSSL wants to use the same sequence number for the ServerHello as the ClientHello. This is an issue when this sequence number is already taken.
2020-11-11 15:35:05 +01:00
Jacob Barthelmeh
979216d595
add test case for rejecting version 2 x509
2020-11-11 18:57:09 +07:00
Sean Parkinson
5f0d788bfb
TLS PickHashSigAlgo: rework
...
Make default to pick lowest hash with RSA and ECC (TLS 1.2 and lower).
WOLFSSL_STRONGEST_HASH_SIG picks the strongest hash.
WOLFSSL_ECDSA_MATCH_HASH will pick the hash to match the ECC curve.
2020-11-11 10:06:09 +10:00
Sean Parkinson
f5561b926c
rshb: handle cases of shift amount being multiple of DIGIT_BIT
...
tfm.c and integer.c fixed
2020-11-11 10:04:14 +10:00
Takashi Kojo
d7ea8b953b
fold long lines
2020-11-11 08:43:16 +09:00
Takashi Kojo
eab3bf9ab4
Add a test case for zero len plain text
2020-11-11 08:43:16 +09:00
Takashi Kojo
417ff1b0f2
set tag for zero len case
2020-11-11 08:43:16 +09:00
Takashi Kojo
1d2eb44bfb
Merge https://github.com/wolfssl/wolfssl
2020-11-11 08:34:03 +09:00
David Garske
68209f91fb
Merge pull request #3465 from kaleb-himes/DOX_UPDATE_wc_RsaPublicEncrypt
...
Address report on issue #3161
2020-11-10 14:52:20 -08:00
David Garske
fcd73135f5
Merge pull request #3479 from tmael/ocsp_NULL
...
Check <hash> input parameter in GetCA
2020-11-10 14:46:05 -08:00
Daniel Pouzzner
958fec3b45
internal.c:ProcessPeerCerts(): fix a core.NullDereference detected by llvm9 and llvm11 scan-builds.
2020-11-10 16:40:28 -06:00
Chris Conlon
7b50cddf8c
Merge pull request #3387 from ethanlooney/27th_branch
...
Added unit test for evp.c
2020-11-10 13:27:33 -07:00
David Garske
8645e9754e
Only set ssl->ecdhCurveOID if not already populated.
2020-11-10 09:47:38 -08:00
David Garske
1d531fe13b
Peer review fixes.
2020-11-10 09:47:37 -08:00
David Garske
fa1af37470
Fix for FIPS ready CAVP tests. For now it requires ECC 192-bit.
2020-11-10 09:47:37 -08:00
David Garske
5de80d8e41
Further refactor the minimum ECC key size. Adds --with-eccminsz=BITS option. Fix for FIPSv2 which includes 192-bit support. If WOLFSSL_MIN_ECC_BITS is defined that will be used.
2020-11-10 09:47:37 -08:00
David Garske
b13848e568
Fix tests to handle ECC < 224 not enabled.
2020-11-10 09:47:37 -08:00
David Garske
6bd98afdd0
Only allow TLS ECDH key sizes < 160-bits if ECC_WEAK_CURVES is defined.
2020-11-10 09:47:37 -08:00
David Garske
c697520826
Disable ECC key sizes < 224 bits by default. Added --enable-eccweakcurves or ECC_WEAK_CURVES to enable smaller key sizes. Currently this option is automatically enabled if WOLFSSL_MIN_ECC_BITS is less than 224-bits.
2020-11-10 09:47:36 -08:00
David Garske
62dca90e74
Fix for server-side reporting of curve in wolfSSL_get_curve_name if client_hello includes ffdhe, but ECC curve is used.
2020-11-10 09:47:36 -08:00
David Garske
d7dee5d9e6
Fix for ECC minimum key size, which is 112 bits.
2020-11-10 09:47:36 -08:00
David Garske
6ac1fc5cff
Fix include.am typo.
2020-11-10 09:47:36 -08:00
David Garske
10f459f891
Added TLS v1.2 and v1.3 test cases for ECC Koblitz and Brainpool curves (both server auth and mutual auth). Cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256 and TLS13-AES128-GCM-SHA256.
2020-11-10 09:47:36 -08:00
David Garske
fb9ed686cb
Fix for TLS with non-standard curves. The generted ECC ephemeral key did not use the same curve type as peer. Only the server was populating ssl->ecdhCurveOID. Now the curveOID is populated for both and as a fail-safe the peer key curve is used as default (when available).
2020-11-10 09:47:36 -08:00
David Garske
045fc4d686
Fixes to support overriding minimum key sizes for examples.
2020-11-10 09:47:36 -08:00
David Garske
bfb6138fc5
Merge pull request #3480 from douzzer/fix-sniffer-printf-null-Wformat-overflow
...
TraceSetNamedServer() null arg default vals; FIPS wc_MakeRsaKey() PRIME_GEN_E retries; external.test config dependencies
2020-11-10 09:37:36 -08:00
Daniel Pouzzner
5625929c83
scripts/external.test: skip test when -UHAVE_ECC.
2020-11-10 01:27:45 -06:00
Daniel Pouzzner
196ae63eb2
scripts/external.test: skip test when -DWOLFSSL_SNIFFER (staticCipherList in client.c is incompatible).
2020-11-10 00:03:02 -06:00
Daniel Pouzzner
bd38124814
ssl.c: refactor wolfSSL_RSA_generate_key() and wolfSSL_RSA_generate_key_ex() to retry failed wc_MakeRsaKey() on PRIME_GEN_E when -DHAVE_FIPS, matching non-FIPS behavior, to eliminate exposed nondeterministic failures due to finite failCount.
2020-11-09 21:24:34 -06:00
toddouska
3050f28890
Merge pull request #3467 from cconlon/rc2vs
...
rc2.c to Visual Studio projects, fix warnings
2020-11-09 13:52:03 -08:00
David Garske
f02c3aab2e
Merge pull request #3475 from ejohnstown/nsup
...
Hush Unused Param Warning
2020-11-09 11:04:05 -08:00
Daniel Pouzzner
4b1a779fcc
tests: fix for fips-test -Wunused-variable on "rng"
2020-11-09 11:54:49 -06:00
David Garske
7e3efa3792
Merge pull request #3474 from douzzer/lighttpd-update-1.4.56
...
lighttpd support update for v1.4.56
2020-11-09 09:24:58 -08:00
Tesfa Mael
a5caf1be01
Check for NULL
2020-11-09 08:45:48 -08:00
Daniel Pouzzner
22bcceb2d3
src/sniffer.c: guard against null arguments to TraceSetNamedServer(), to eliminate -Werror=format-overflow= warnings from gcc.
2020-11-06 17:40:12 -06:00
Chris Conlon
c0c452b0a1
reset content length in PKCS7_VerifySignedData for multiPart OCTET_STRING bundles
2020-11-06 16:36:58 -07:00
Kaleb Himes
937a7ce8ce
Merge pull request #3448 from dgarske/crypto_cb
...
Improve the crypto callback for ASN
2020-11-06 15:26:11 -07:00
John Safranek
884a9b59ab
Merge pull request #3461 from dgarske/fips_ready_wopensslextra
...
Fix for FIPS ready with openssl compat
2020-11-06 13:14:06 -08:00
Ethan Looney
a6e0d3eb29
Changed hardcoded values to variables, changed where some variables were defined, etc
2020-11-06 14:04:27 -07:00
Chris Conlon
ac4c8a0112
Merge pull request #3419 from ethanlooney/29th_branch
...
Added case for Logging.c unit test
2020-11-06 13:10:24 -07:00
toddouska
4110297b62
Merge pull request #3473 from embhorn/zd11198
...
wc_SetIssuerRaw should copy raw subject to issuer
2020-11-06 10:48:37 -08:00
toddouska
b4e7f196df
Merge pull request #3470 from SparkiDev/config_fix_3
...
TLS configurations fixes
2020-11-06 10:35:51 -08:00
toddouska
3f25cda354
Merge pull request #3469 from SparkiDev/cpuid_sp_asm
...
cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined
2020-11-06 10:34:40 -08:00
John Safranek
abd6f6ce18
Hush Unused Param Warning
...
Removed a guard check for NO_WOLFSSL_STUB from wolfSSL_X509_print_ex().
To recreate:
$ ./configure --enable-opensslextra CPPFLAGS="-DNO_WOLFSSL_STUB"
$ make
2020-11-06 10:30:47 -08:00
toddouska
f3d961b1b1
Merge pull request #3453 from dgarske/ZD11159
...
Fix for possible memory leak when overriding error for verify callback
2020-11-06 10:18:52 -08:00
toddouska
f9ec7c472a
Merge pull request #3440 from ejohnstown/ntf3
...
Nightly Test Fix
2020-11-06 10:15:23 -08:00
Hayden Roche
2cad844d29
Merge pull request #3421 from dgarske/apache_httpd
...
Apache httpd w/TLS 1.3 support
2020-11-06 12:14:58 -06:00
David Garske
0d2e28ce80
Fix for error: unused function 'MonthStr'
2020-11-06 10:11:48 -08:00
Daniel Pouzzner
dcff103c84
tests/api.c: fixes for compilability re NO_BIO
2020-11-05 22:19:16 -06:00
Daniel Pouzzner
4030523eb5
ssl.c: remove duplicate definition of wolfSSL_CTX_check_private_key().
2020-11-05 21:57:33 -06:00
Glenn Strauss
f9e48ee361
build updates for lighttpd: recommend -DNO_BIO
...
(cherry picked from commit bfe12839e18ccc3ab95cfc33b34c875ebe55c14a)
2020-11-05 20:40:43 -06:00
Glenn Strauss
92c3296e13
preprocessor -DNO_BIO to omit OpenSSL BIO API
2020-11-05 20:40:43 -06:00
Glenn Strauss
030eb9347c
lighttpd: allow ssl3, tls1.0 if explicitly enabled
2020-11-05 20:40:43 -06:00
Glenn Strauss
7cee131e37
restore --enable-lighty with --enable-all
...
protect lighttpd recommendations (and recommended restrictions)
to when building wolfSSL specifically for use by lighttpd, and
omit these optional settings when building `--enable-all`
2020-11-05 20:40:43 -06:00
David Garske
a9a495270c
Fix to disable CRL monitor for single threaded or lighttpd. Do not set --enable-lighty with --enable-all.
2020-11-05 20:40:43 -06:00
Glenn Strauss
daca327ba3
expose (get|set)_(app|ex)_data with HAVE_EX_DATA
...
when OPENSSL_EXTRA_X509_SMALL is set
2020-11-05 20:40:43 -06:00
Glenn Strauss
d01616a357
unhide some non-fs funcs hidden by NO_FILESYSTEM
2020-11-05 20:40:43 -06:00
Glenn Strauss
bcf1f0375b
build updates for lighttpd: recommended flags
2020-11-05 20:40:43 -06:00
Glenn Strauss
f4e2db831e
enable SNI_Callback for lighttpd
2020-11-05 20:40:43 -06:00
Glenn Strauss
be7592fb43
implement wolfSSL_dup_CA_list()
...
wolfSSL_dup_CA_list() duplicates a WOLF_STACK_OF(WOLFSSL_X509_NAME)
(replaces stub function)
2020-11-05 20:40:43 -06:00
Glenn Strauss
e5ed227a87
build updates for lighttpd: -DOPENSSL_ALL
...
avoid potential for WolfSSL to silently omit expected functionality
2020-11-05 20:40:43 -06:00
Glenn Strauss
503de43cbd
build updates for lighttpd
...
Update configure.ac and various #ifdefs to enable WolfSSL to
build features for use by lighttpd.
Change signature of wolfSSL_GetVersion() to take const arg.
Pass (const WOLFSSL*) to wolfSSL_GetVersion() for use with
SSL_CTX_set_info_callback(), where OpenSSL callback takes (const SSL *)
2020-11-05 20:40:43 -06:00
kaleb-himes
182a3e6bc2
Also addressing opensslall, pkcs7 and combinations
2020-11-05 17:29:30 -07:00
Ethan Looney
232ac03bbe
Changed it to only the inverse
2020-11-05 14:38:23 -07:00
Ethan Looney
0aee4b78cd
Changed md5 to sha256 in DigestFinal_ex function
2020-11-05 14:36:42 -07:00
Eric Blankenhorn
a92e31f6cb
Fix from review
2020-11-05 14:47:10 -06:00
David Garske
d784bd61cd
Merge pull request #3462 from kabuobeid/wolfrand_freescale_ecc_fix
...
Fix build issue when building wolfrand on a Freescale platform.
2020-11-05 12:29:49 -08:00
Ethan Looney
06f1a1870d
Added inverse case
2020-11-05 13:05:15 -07:00
David Garske
1dc7293b19
Fix the return code. openssl uses void on these, but let's go ahead and do a return code.
2020-11-05 09:31:12 -08:00
David Garske
063fb2cfa0
Merge pull request #3455 from douzzer/linuxkm-install-rules
...
add "module", "modules_install", and "clean_module" rules for linuxkm
2020-11-05 09:09:35 -08:00
Kaleb Himes
648c5e4735
Merge pull request #3471 from douzzer/fix-scan-build-20201104
...
fix various possibly spurious scan-build null deref reports.
2020-11-05 09:36:42 -07:00
Eric Blankenhorn
fa9a0a4b49
Copy raw subject to issuer
2020-11-05 09:06:02 -06:00
Daniel Pouzzner
5751319e00
fix various possibly spurious scan-build null deref reports.
2020-11-04 23:11:42 -06:00
Kaleb Himes
b40543b342
Merge pull request #3466 from douzzer/fix-benchmark-dh-key-size
...
fix bench_dh() key size initialization
2020-11-04 20:33:06 -07:00
Sean Parkinson
78309cd7aa
SP C32/64 mul_d: large div needs mul_d to propagate carry
...
Change implementation to pre-calc products to allow for reordering of
operations.
2020-11-05 12:50:33 +10:00
Sean Parkinson
8a42ee7ffd
TLS configurations fixes
...
--enable-leanpsk --disable-tls13:
ensure WriteSEQ is defined when !WOLFSSL_NO_TLS12 (tls.c)
CFLAGS=-DWOLFSSL_NO_CLIENT_AUTH -disable-tls13"
TLS server was expecting certificate from peer when verifyPeer is
set. Fix with checks for !WOLFSSL_NO_CLIENT_AUTH.
2020-11-05 12:21:19 +10:00
Sean Parkinson
2588fe366e
cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined
...
WOLFSSL_X86_64_BUILD is defined only when fast math is enabled.
Define it when SP ASM is enabled and on an x86_64 host.
Undo cpuid code being enabled when WOLFSSL_SP_ASM as it shouldn't for
non-Intel CPUs.
2020-11-05 11:16:27 +10:00
Kareem Abuobeid
37952b2776
Fix build issue when building wolfrand on a Freescale platform.
2020-11-04 16:52:59 -07:00
David Garske
3b4ec74174
Fixes for openssl compatibility. Added SSL_CTX_set_post_handshake_auth and SSL_set_post_handshake_auth API's for enabling or disabling post handshake authentication for TLS v1.3.
2020-11-04 15:05:50 -08:00
David Garske
eb19306f16
Merge pull request #3459 from haydenroche5/sniffer_fixes
...
Fix a couple of issues related to the sniffer.
2020-11-04 14:09:43 -08:00
Daniel Pouzzner
2d149b1bef
benchmark.c: backport fixes to bench_dh() DH key size initialization from SparkiDev:sp_math_all.
2020-11-04 15:35:58 -06:00
Daniel Pouzzner
3858bda7e9
add "module", "modules_install", and "clean_module" rules to BUILD_LINUXKM section of Makefile.am, and add working install rule to linuxkm/Makefile, so that "make module" and "make modules_install" now work when --enable-linuxkm; fix "make dist" logic in Makefile.am and scripts/include.am to be unaffected by --enable-linuxkm; don't build wolfcrypt/benchmark or testwolfcrypt when --enable-linuxkm and --enable-crypttests.
2020-11-04 14:13:39 -06:00
Chris Conlon
6953049305
fix Visual Studio type conversion warnings
2020-11-04 11:11:40 -07:00
Chris Conlon
83b0847e66
add rc2.c to Visual Studio projects
2020-11-04 10:37:47 -07:00
kaleb-himes
288ad68b4d
Address report on issue #3161
2020-11-04 10:37:46 -07:00
Hayden Roche
3b1c536418
Fix a couple of issues related to the sniffer.
...
- Fix an issue in sniffer.c where some pointer math was giving a warning.
- Fix an issue in snifftest.c where a local variable was never read.
- Ignore non-TCP/IP packets in snifftest.c. Fixes some tests with pcaps with
other types of packets.
2020-11-04 10:46:11 -06:00
David Garske
00dd22adc4
Merge pull request #3464 from SparkiDev/sha512_valgrind_fix
...
SHA-512 AVX2: use register for wk other than rsp
2020-11-04 07:15:04 -08:00
Sean Parkinson
235ea98b90
SHA-512 AVX2: use register for wk other than rsp
...
Valgrind thinks that stack values are uninitialised when the stack
pointer is added to.
The asm code was moving rsp around rather than use another register.
Put length to hash onto stack and use that register instead.
2020-11-04 12:02:34 +10:00
toddouska
b76ac0b842
Merge pull request #3442 from SparkiDev/config_fix_2
...
Configuration fixes
2020-11-03 14:48:49 -08:00
toddouska
e52efc7a8a
Merge pull request #3441 from SparkiDev/ecdsa_vfy_safe
...
ECDSA verification: handle doubling of infinity
2020-11-03 14:47:45 -08:00
toddouska
2acef1c114
Merge pull request #3436 from haydenroche5/chacha_msvc_fix
...
Fix MSVC compile issue in chacha.c.
2020-11-03 14:44:43 -08:00
toddouska
63bf5dc56c
Merge pull request #3426 from SparkiDev/rsa_pss_fix
...
RSA-PSS: Handle edge case with encoding message to hash
2020-11-03 14:43:56 -08:00
toddouska
3cce86d7a8
Merge pull request #3420 from dgarske/small_pk
...
ECC memory reductions with key and signature parsing
2020-11-03 14:42:43 -08:00
toddouska
9f9901e10e
Merge pull request #3417 from douzzer/fix-ipv6-ocsp-tests
...
Fix ipv6 ocsp tests
2020-11-03 14:38:32 -08:00
David Garske
d6b219bd38
Fix for ./configure --enable-fips=ready --enable-opensslextra.
2020-11-03 14:23:08 -08:00
Ethan Looney
813a94ab9a
Added bad and good case to EVP_DigestFinal_ex test
2020-11-03 14:57:30 -07:00
Jacob Barthelmeh
39d0b032e8
strict certificate version allowed from client
2020-11-03 19:30:56 +07:00
David Garske
f8176dd646
Merge pull request #3454 from SparkiDev/sp_def_fix
...
SP C64/32: Fix define check
2020-11-02 17:07:56 -08:00
Sean Parkinson
b3f6c483bf
SP C64/32: Fix define check
...
WOLFSSL_SP_DH -> WOLFSSL_HAVE_SP_DH
2020-11-03 08:42:55 +10:00
Ethan Looney
48073fb678
Removed unnecessary test
2020-11-02 14:22:01 -07:00
Ethan Looney
cf05a060f7
Removed cases that caused fips test to fail
2020-11-02 14:16:02 -07:00
Ethan Looney
05d01dcccd
Added if defined checks for rc4 and fips
2020-11-02 14:11:07 -07:00
Ethan Looney
251f3e15d4
Added fips check for specific size
2020-11-02 14:11:07 -07:00
Ethan Looney
7412374496
Changed from hardcoded values, changed types and deleted comments
2020-11-02 14:11:07 -07:00
Ethan Looney
8122c031bf
Added ifdef's, changed key sizes to relevant sizes
2020-11-02 14:11:07 -07:00
Ethan Looney
b46f87ffe6
Added unit test for evp.c
2020-11-02 14:11:07 -07:00
David Garske
89c39dcfe5
Fix for possible memory leak when overriding error for verify callback on cert 0 (peer) if OPENSSL_EXTRA or OPENSSL_EXTRA_X509_SMALL and KEEP_PEER_CERT is not defined.
2020-11-02 12:04:56 -08:00
John Safranek
29c7351fe0
Merge pull request #3383 from kaleb-himes/ACVP_TESTING_UPDATE
...
In ACVP testing NIST needs to see failed decryption output
2020-11-02 10:42:28 -08:00
Chris Conlon
87abb5257e
Merge pull request #3447 from dgarske/microchip
...
Fixes for building with Microchip
2020-11-02 10:09:13 -07:00
JacobBarthelmeh
a411dab74f
Merge pull request #3410 from cconlon/zd11001
...
PKCS#7: Reset variables correctly in VerifySignedData
2020-11-02 11:33:52 +08:00
John Safranek
d24add10f2
Nightly Test Fix
...
When performing a fast_mp_montgomery_reduce(), scan-build didn't like
that the destination buffer was fully zeroed out. We were only zeroing
what was expected to be used. This zeroes only the expected to be used
section of the output buffer.
2020-11-01 18:58:05 -08:00
David Garske
0df5079f8b
Fixes for building with Microchip. The min/max patch allows non PIC32MZ parts to build in MPLABX. The cryptoauthlib already defines SHA_BLOCK_SIZE, so undef to prevent redef error.
2020-10-30 12:46:14 -07:00
Ethan Looney
8728eaf93f
Removed duplicate return check and added return check
2020-10-30 13:19:12 -06:00
David Garske
64b081f3c9
Improve the SHA256 crypto callback for ASN, so a wc_Sha/wcSha256 context exists for certificate hashing.
2020-10-30 12:18:19 -07:00
Chris Conlon
54fe98716d
Merge pull request #3415 from kojo1/config-options
...
Config options
2020-10-30 11:55:11 -06:00
Takashi Kojo
22816b53de
set tag for zero len case
2020-10-30 16:13:37 +09:00
David Garske
e4f3f8b80a
Further tuning of the zero trim / is leading set logic for new ECC signature encoding/decoding API's.
2020-10-29 15:59:51 -07:00
Sean Parkinson
bd3841c7d1
Merge pull request #3444 from julek-wolfssl/aad-reset
...
AAD should be reset on Init call
2020-10-30 08:11:26 +10:00
David Garske
95c8a48285
Trim leading zero's first, then check for MSB being set.
2020-10-29 08:38:55 -07:00
Juliusz Sosinowicz
aff14091e0
AAD should be reset on Init call
2020-10-29 12:13:35 +01:00
Sean Parkinson
320afab227
Configuration fixes
...
--enable-sp --enable-sp-asm --disable-fastmath:
cpuid.h - check for WOLFSSL_SP_ASM as well
-enable-curve448 --enable-ed448 --disable-rsa --disable-dh
--enable-tls13 --disable-ecc --enable-certgen --enable-keygen:
api.c - certificate loaded that was RSA but RSA disabled
--enable-sp --enable-sp-asm --enable-sp-math:
cpuid.c - check for WOLFSSL_SP_ASM as well
--disable-shared --disable-ecc --disable-dh --enable-cryptonly
--enable-rsavfy --disable-asn --disable-rng --disable-filesystem:
test.c - rsa_test()
'CC=clang -fsanitize=address' '-enable-distro' '--enable-stacksize':
testsuit.c - echoclient_test_wrapper needs to free ECC FP cache when
it is in a separate thread
2020-10-29 16:21:06 +10:00
Sean Parkinson
32ea0910de
ECDSA verification: handle doubling of infinity
2020-10-29 12:12:01 +10:00
David Garske
ef7a987759
Peer review fixes.
2020-10-28 17:09:15 -07:00
Daniel Pouzzner
7d177e78d7
don't include wolfssl/options.h in logging.c, use AM_CFLAGS (not wolfssl/options.h) to communicate HAVE_WC_INTROSPECTION to the compiler, and use config.h (not wolfssl/options.h) to communicate LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS to the compiler (for logging.c).
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
fda84576b0
name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h.
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
139b0431cb
ocsp-stapling*.test: prefix waited servers with "timeout 60" to avoid deadlock failure modes; grep output from "openssl s_client" in "test interop fail case" for expected error message ("self signed certificate in certificate chain").
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
a5d96721ac
wolfcrypt/src: remove wc_debug.c and move its contents to logging.c.
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
0568ec304f
pass -4 flag to openssl and nc only when IPV6_SUPPORTED.
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
94a3f86dcd
scripts/ocsp-stapling*.test: check if IPv6 is supported by the installed openssl and nc executables, and if not, don't attempt to wrestle the version. with no IPv6 support, and an --enable-ipv6 wolfssl build, skip the test entirely. also, restore a couple -b (bind-all-interfaces) flags to examples/server/server recipes in case that's useful.
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
94d4ea3a57
examples/client/client.c:client_usage_msg[][]: add correct sensing and reporting of WOLFSSL_SP_4096.
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
1ba0883f4c
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
f37c25f9c0
wc_XChaCha20Poly1305_crypt_oneshot(): use ForceZero, not XMEMSET(), to safely clear the AEAD state before return.
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
7a5cbaa9bc
fix scripts/ocsp-stapling*.test to accommodate IPv6 examples/ client/server build.
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
b918e1fd4c
examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively.
2020-10-28 17:28:05 -05:00
Daniel Pouzzner
8be2d7690a
add API functions libwolfssl_configure_args() and libwolfssl_global_cflags() to retrieve build parameters at runtime.
2020-10-28 17:28:01 -05:00
toddouska
931eea30f5
Merge pull request #3397 from cconlon/rc2
...
RC2 ECB/CBC and PKCS#12 Integration
2020-10-28 15:06:47 -07:00
Hayden Roche
90258b6f34
Fix MSVC compile issue in chacha.c.
...
Use XMEMSET instead of initializing with {}.
2020-10-28 14:57:59 -05:00
toddouska
112cce8cf2
Merge pull request #3407 from SparkiDev/pkcs11_sign_vfy
...
PKCS #11 : changes for signing and loading RSA public key from private
2020-10-28 12:53:58 -07:00
toddouska
6a98601895
Merge pull request #3427 from SparkiDev/ecdsa_shamir_precomp
...
ECC Shamir's Trick: infinity in precomp
2020-10-28 12:08:40 -07:00
toddouska
3a9758f257
Merge pull request #3433 from dgarske/sniffer_sni
...
Fix for Sniffer with SSLv3 where SNI is not supported
2020-10-28 12:06:37 -07:00
David Garske
a15769b12e
Merge pull request #3435 from ejohnstown/ntf2
...
Nightly Test Fix 2
2020-10-28 06:39:15 -07:00
Hayden Roche
91f0d8bfef
Fix MSVC compile issue in chacha.c.
...
MSVC generates a syntax error when you initialize
an array with {}. {0} has the same effect and compiles.
2020-10-27 21:14:15 -05:00
David Garske
4277ec62f9
Merge pull request #3431 from kaleb-himes/NO_FILESYSTEM_FIX
...
Remove file system constraint on wolfSSL_CTX_check_private_key()
2020-10-27 15:25:59 -07:00
John Safranek
6a77a8d8d6
Compatibility Layer
...
When making a AUTHORITY KEY object, if the ASN1 OBJECT fails, the key object is leaked.
2020-10-27 14:51:35 -07:00
David Garske
a43d239271
Fix for Sniffer with SSLv3 where SNI is not supported. ZD 11169.
2020-10-27 11:26:02 -07:00
David Garske
76e84e0830
Merge pull request #3423 from ejohnstown/nightly-test-fix
...
Nightly Scan-Build Test Fixes
2020-10-27 08:31:19 -07:00
kaleb-himes
f934fb03bd
Remove file system constraint on wolfSSL_CTX_check_private_key()
2020-10-27 08:57:46 -06:00
Sean Parkinson
fb2288c46d
RSA-PSS: Handle edge case with encoding message to hash
...
When the key is small relative to the digest (1024-bit key, 64-byte
hash, 61-byte salt length), the internal message to hash is larger than
the output size.
Allocate a buffer for the message when this happens.
2020-10-27 12:39:06 +10:00
John Safranek
7dbd6102d2
Compatibility Layer
...
When wolfSSL_X509_NAME_ENTRY_create_by_txt() needs to make a new ASN.1 object ID, actually store it in the name entry.
2020-10-26 16:10:44 -07:00
David Garske
2ebb47ec32
Merge pull request #3424 from douzzer/fix-save-vector-registers-gating
...
wc_port.h: improve/fix gating on {SAVE,RESTORE}_VECTOR_REGISTERS()
2020-10-26 15:33:00 -07:00
Daniel Pouzzner
fd5a309a47
wc_port.h: improve gating on {SAVE,RESTORE}_VECTOR_REGISTERS() to assure no-op fallback definitions in non-autotools builds.
2020-10-26 12:06:18 -05:00
Sean Parkinson
74b834a78c
Merge pull request #3422 from ejohnstown/ecc-name
...
Tautological Name Fix
2020-10-26 10:12:51 +10:00
John Safranek
9c1049f112
Compatibility Layer
...
1. Changed the ASN1_OBJECT member of the X509_NAME_ENTRY to be a pointer
rather than an object. It could lead to a double free on the name
entry.
2. The ASN1_OBJECT allocator should set the dynamic flag, as the
deallocator is the one that uses it.
3. General changes to treat the member as a pointer rather than a
member.
4. In the api test, we were iterating over the name members in the name
checking the NIDs. After the loop we freed the name member object.
This led to a double free error.
2020-10-25 14:38:07 -07:00
John Safranek
f5f883597e
RSA PSS Fix
...
1. Change the utility function in wc_encrypt that returns the size of a
hash to initialize the size to HASH_TYPE_E, like the other utility
functions.
2. When getting the hash size returns an error, RSA-PSS verify inline
should return a BAD_FUNC_ARG error.
2020-10-24 13:06:42 -07:00
John Safranek
3f5620089e
PKCS7: In EncodeEncryptedData, free the attribs and flattenedAttribs if
...
they were allocated, not based on if they should be allocated.
2020-10-24 12:41:10 -07:00
John Safranek
bfccf35eaf
Tautological Name Fix
...
Depending on the build option WOLFSSL_ECC_CURVE_STATIC, the name in the
ecc_set may be a pointer (default) or an array. With the above set with
the CFLAG -Wtautological-pointer-compare you'll get a build error.
Changed the comparison in the for loop with this problem to check the
name's pointer only if appropriate.
2020-10-23 15:23:16 -07:00
Takashi Kojo
277edbb514
fix for --disable-tls13 --enable-sniffer
2020-10-24 07:14:43 +09:00
Takashi Kojo
02536461e6
fix for --enable-opensslall --disable-sha224
2020-10-24 07:06:24 +09:00
David Garske
685a35e097
Add missing stdint.h reference.
2020-10-23 13:42:25 -07:00
Chris Conlon
e24ac4211d
Merge pull request #3405 from kojo1/EVP-gcm-zero
...
set tag including if(inl == 0) case
2020-10-23 14:35:47 -06:00
Ethan Looney
a5f86729f9
Deleted comment
2020-10-23 13:52:06 -06:00
David Garske
a50e88430f
Add OPENSSL_init_crypto and OPENSSL_init_ssl API's.
2020-10-23 12:13:08 -07:00
David Garske
6dbc1cb75d
Add support for TLS v1.3 compatibility API SSL_verify_client_post_handshake for the server-side to support rehandshake. Required for Apache v2.4.39 with TLS v1.3.
2020-10-23 12:13:08 -07:00
David Garske
589057245f
Improvement to ECC wc_ecc_rs_raw_to_sig to reduce memory use (avoid the mp_int). Additional test cases. Fixes for previous function changes.
2020-10-23 11:00:46 -07:00
Chris Conlon
c27d5f57c4
check PKCS7 content length is not larger than bundle if not using separate header/footer
2020-10-23 09:56:34 -07:00
John Safranek
a7b325f542
Merge pull request #3414 from kabuobeid/wolfrand_build_fix
...
Fix wolfrand build failure.
2020-10-22 22:54:05 -07:00
Sean Parkinson
24af0497b5
PKCS #11 : changes for signing and loading RSA public key from private
2020-10-23 14:02:59 +10:00
David Garske
ff092c02d2
Merge pull request #3396 from SparkiDev/fips_armasm
...
FIPS ARMASM: get build working
2020-10-22 15:26:24 -07:00
David Garske
05094460b2
Merge pull request #3353 from douzzer/XChaCha
...
XChaCha
2020-10-22 15:25:56 -07:00
Kareem Abuobeid
42583b5270
Fix wolfrand build failure, caused by defining NO_ASN without NO_CERTS.
2020-10-22 14:48:37 -07:00
Ethan Looney
2bd761bb4c
Added a case for logging.c unit test with debug not enabled
2020-10-22 14:51:07 -06:00
David Garske
0065756efc
Improvement to ECC wc_ecc_sig_to_rs to reduce memory use (avoid the mp_int).
2020-10-22 13:34:19 -07:00
David Garske
cb8e625e32
Fix to allow import of private key with ATECC. Its okay to load private key material into ecc_key struct.
2020-10-22 13:26:00 -07:00
tmael
6265006553
Merge pull request #3403 from elms/cppcheck/cleaup_fixes
...
Address some cppcheck issues
2020-10-22 12:56:19 -07:00
David Garske
be8e4d1949
Fix to reduce memory use with small stack on ECC key import.
2020-10-22 12:41:49 -07:00
Chris Conlon
1ced948391
check PKCS7 SignedData private key is valid before using it
2020-10-22 10:37:11 -07:00
Chris Conlon
df382f382f
fix case in PKCS7_VerifySignedData where pkiMsgSz may not be set correctly
2020-10-22 09:23:32 -07:00
David Garske
f75dc4727d
Merge pull request #3408 from ejohnstown/opt-fix
...
Example Client OCSP Option Fix
2020-10-22 09:00:04 -07:00
Chris Conlon
5e78a0107d
check Rc2EcbEncrypt/Decrypt returns during CBC ops
2020-10-22 09:57:34 -06:00
Chris Conlon
d1f13a6570
rearrange Rc2 struct for optimal alignment
2020-10-22 09:43:40 -06:00
John Safranek
e28303b40a
In DoServerKeyExchange(), when reading the DH key from the server, the
...
client was checking it too strictly. The pubkey value should be checked
as strictly as the generator, for too large. The public key value is
checked mathematically elsewhere.
2020-10-21 21:47:32 -07:00
Daniel Pouzzner
81849e64b8
scripts/openssl.test: for "-psk" cases, use "-psk key", not "-psk=key", for OpenSSL 1.0.2 compatibility.
2020-10-21 23:30:14 -05:00
John Safranek
ca7161a86f
Example Client OCSP Option Fix
...
1. Before checking to see if the must staple flag is on the 'W' option,
check the length of myoptarg.
2020-10-21 23:23:45 -05:00
John Safranek
d2dac8e4b8
Example Client OCSP Option Fix
...
1. Before checking to see if the must staple flag is on the 'W' option,
check the length of myoptarg.
2020-10-21 13:30:51 -07:00
Daniel Pouzzner
b468ea77ea
linuxkm: use EXPORT_SYMBOL_NS(x, WOLFSSL) if available, else fall back to EXPORT_SYMBOL(x).
2020-10-21 14:37:43 -05:00
Daniel Pouzzner
c910c94824
rename API wc_XChaCha20Poly1305_{encrypt,decrypt}_oneshot to wc_XChaCha20Poly1305_{Encrypt,Decrypt} for consistency; remove stray debugging printf in XChaCha20Poly1305_test().
2020-10-21 14:36:46 -05:00
Daniel Pouzzner
299e88a993
minor fixes and commentary.
2020-10-21 14:08:41 -05:00
Daniel Pouzzner
99b76241bd
wolfcrypt/test/test.c: remove debugging printf in XChaCha20Poly1305_test().
2020-10-21 14:08:41 -05:00
Daniel Pouzzner
e1d3f2c7b4
chacha20_poly1305.c: add _SMALL_STACK code in wc_XChaCha20Poly1305_crypt_oneshot().
2020-10-21 14:08:41 -05:00
Daniel Pouzzner
1949378d61
wc_Chacha_purge_current_block(): init "scratch" buffer to zeros, to avoid "garbage value" warnings.
2020-10-21 14:08:41 -05:00
Daniel Pouzzner
f65947ae09
rename wc_XChaCha_init() to wc_XChacha_SetKey() for consistency, and add a counter argument to provide for future random access scenarios; refactor wc_Chacha_purge_current_block() to use a dummy wc_Chacha_Process() call for intrinsically correct counter dynamics.
2020-10-21 14:08:41 -05:00
Daniel Pouzzner
6142c22948
add wc_XChaCha_init(), wc_XChaCha20Poly1305_Init(), wc_XChaCha20Poly1305_encrypt_oneshot(), wc_XChaCha20Poly1305_decrypt_oneshot(), and wc_Poly1305_EncodeSizes64(). also, remove redundant arg check (typo) in wc_Poly1305Update().
2020-10-21 14:08:41 -05:00
Elms
c3dba3f9af
Add additional checks to sp_ecc_point_new
2020-10-21 09:59:39 -07:00
Sean Parkinson
00ee24b998
ECC Shamir's Trick: infinity in precomp
...
Code now handles generating and having infinity in the precomp.
2020-10-21 11:58:31 +10:00
toddouska
e4eda3e125
Merge pull request #3384 from SparkiDev/tls13_sess_tick_compat
...
TLS session tickets: cannot share between TLS 1.3 and TLS 1.2
2020-10-20 15:56:03 -07:00
toddouska
7aae784a53
Merge pull request #3399 from dgarske/zd11128
...
Fix for TLS sniffer with non-standard curves
2020-10-20 15:14:53 -07:00
toddouska
7c38be407c
Merge pull request #3398 from dgarske/async_test
...
Fixes for `--enable-asynccrypt` tests
2020-10-20 15:13:51 -07:00
toddouska
a1afc6ca4f
Merge pull request #3389 from tmael/ocsp_status
...
Process multiple OCSP responses
2020-10-20 15:11:42 -07:00
toddouska
1e43d65d2a
Merge pull request #3392 from SparkiDev/ocsp_must_staple
...
TLS OCSP Stapling: MUST staple option
2020-10-20 15:07:08 -07:00
Sean Parkinson
ffd55ac1fe
Merge pull request #3406 from ejohnstown/dh-fix-2
...
DH Fix 2
2020-10-21 08:05:42 +10:00
toddouska
c863ca54a3
Merge pull request #3308 from julek-wolfssl/thread-safety
...
Introduce thread safety to unsafe functions in wolfSSL
2020-10-20 14:56:04 -07:00
toddouska
7c89d10e53
Merge pull request #3260 from julek-wolfssl/non-blocking-scr
...
(D)TLS non-blocking SCR with example
2020-10-20 13:45:19 -07:00
John Safranek
2c5a4ba508
DH Fix 2
...
1. Add some missing frees for the error cases when the server DH public
key is rejected.
2020-10-20 10:32:09 -07:00
David Garske
a575403ca3
Merge pull request #3404 from haydenroche5/cmake
...
Tweak CMakeLists.txt
2020-10-20 06:58:00 -07:00
Takashi Kojo
6767646e54
set tag for zero len case
2020-10-20 19:11:35 +09:00
Sean Parkinson
ebde736ee7
Merge pull request #3400 from ejohnstown/dh-fix
...
DH Fix
2020-10-20 11:45:18 +10:00
David Garske
fb35013bf2
Merge pull request #3402 from douzzer/lkm-kernel_time_t
...
Linux __kernel_time_t version test
2020-10-19 17:28:48 -07:00
Hayden Roche
06977ebbdf
Tweak CMakeLists.txt
...
- Change minimum CMake version from 2.6 to 3.0, which has support for targets.
- Favor explicit file lists in CMakeLists.txt over globs.
- Use target_compile_options to specify -DNO_MAIN_DRIVER for the unit_test target.
2020-10-19 16:38:51 -05:00
Hayden Roche
31b6c507f9
Tweak CMakeLists.txt
...
- Add generated CMake files/directories to .gitignore.
- Use lowercase for CMake commands, UPPERCASE for variables.
- Favor the CMake "option" command over SET(... CACHE BOOL ...).
- Use CMAKE_CURRENT_SOURCE_DIR in place of CMAKE_CURRENT_BINARY_DIR.
- Use CMAKE_USE_PTHREADS_INIT instead of CMAKE_HAVE_PTHREAD_H.
- Use target_include_directories on the wolfssl library target instead of include_directories.
2020-10-19 16:07:48 -05:00
Elms
86b2118550
Address some cppcheck issues
2020-10-19 11:47:53 -07:00
Daniel Pouzzner
48f4b927f6
wc_port.h: fix threshold of change in __kernel_time_t typedef from kernel 5.0.0 to 5.5.0 to accommodate Ubuntu 20.02 (kernel 5.4) -- see 2a785996cc (diff-2cd5bedb19d5e0a575d6f73a6c3290ecf8d9c01eb7567ba6fa282cb1b0ce2d54)
2020-10-19 13:27:00 -05:00
John Safranek
cd05ed3347
iDH Fix
...
1. Changed the bounds of checking the key from comparisons to constants
to comparisons against WOLFSSL object settings for the DH key bounds.
2. Removed redundant bounds check on the server's prime.
2020-10-19 08:08:04 -07:00
Chris Conlon
79dea1c85c
add test-servercert-rc2.p12 to include.am
2020-10-19 08:01:19 -06:00
Juliusz Sosinowicz
147cb8e60c
Jenkins scope fixes
2020-10-19 12:46:11 +02:00
Sean Parkinson
f0d400a506
Merge pull request #3401 from kojo1/EVPcipher_tbl
...
cipher_tbl for EVP_get_cipherbyname
2020-10-19 14:28:59 +10:00
Takashi Kojo
a87f7c9185
cipher_tbl for EVP_get_cipherbyname
2020-10-19 06:17:15 +09:00
John Safranek
4f8c2b971f
Move the binSz check variable to a spot where it is only declared in the same condition it is used and initialize it to zero.
2020-10-17 19:07:44 -07:00
John Safranek
fc86e6a960
Fix a double error return.
2020-10-16 18:18:47 -07:00
John Safranek
ec0aab1a23
DH Fix
...
1. Check the length values for the DH key domain and public key in the
server key exchange message to make sure they are within the bounds
set by the configuration. (Minimum key size is 2048 bits for DH.)
2020-10-16 16:28:27 -07:00
David Garske
85b4170047
Fix for TLS sniffer with non-standard curves. If curve not provided in key share data, then use private key curve. ZD 11128.
2020-10-16 16:13:42 -07:00
David Garske
fbd98be7af
Fixes for --enable-asynccrypt tests after PR #3244 .
2020-10-16 15:55:17 -07:00
John Safranek
4364700c01
DH Fix
...
These changes fix several fuzz testing reports. (ZD 11088 and ZD 11101)
1. In GetDhPublicKey(), the DH Pubkey is owned by the SSL session. It
doesn't need to be in the check for weOwnDh before freeing. There
could be a chance it leaks.
2. In GeneratePublicDh() and GeneratePrivateDh(), the size of the
destination buffer should be stored at the location pointed to by the
size pointer. Check that before writing into the destination buffer.
3. Ensure the size of the private and public key values are in the size
value before generating or getting the DH keys.
2020-10-16 15:35:23 -07:00
Chris Conlon
d4bbe529fb
switch RC2 struct name to Rc2 for consistent camel case across algorithms
2020-10-16 15:19:47 -06:00
Chris Conlon
062df01737
add PKCS12 RC2 test case, example p12 bundle
2020-10-16 12:02:20 -06:00
Chris Conlon
2c0f4b619e
add RC2-40-CBC support to PKCS#12 parsing
2020-10-16 12:02:20 -06:00
Chris Conlon
0854efe168
add API unit tests for RC2
2020-10-16 12:02:20 -06:00
Chris Conlon
a6923ff100
initial implementation of RC2-CBC
2020-10-16 12:02:16 -06:00
Chris Conlon
4c75037bdb
initial implementation of RC2-ECB
2020-10-16 12:00:56 -06:00
David Garske
b58ea5842a
wolfSSL RC2 template.
2020-10-16 11:46:40 -06:00
Juliusz Sosinowicz
24030d5f32
Move globalRNG and co to ssl.c
2020-10-16 17:33:28 +02:00
David Garske
ab88ab160c
Merge pull request #3395 from douzzer/misc-fixes-20201015
...
misc fixes for coverage and buildability
2020-10-16 07:28:48 -07:00
Sean Parkinson
aeb44c5352
FIPS ARMASM: get build working
2020-10-16 16:41:18 +10:00
Sean Parkinson
07e69829d7
TLS 1.3 PSK: fix for session ticket timeout
...
Return straightaway if the ticket is out of date.
Need to fallback to full handshake.
2020-10-16 14:48:29 +10:00
Sean Parkinson
a595e3cc48
Merge pull request #3394 from ejohnstown/wolfssh-update
...
wolfSSH Update
2020-10-16 09:08:37 +10:00
Sean Parkinson
60b0b0170b
TLS OCSP Stapling: MUST staple option
...
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
2020-10-16 09:03:27 +10:00
David Garske
9793414d78
Merge pull request #3381 from SparkiDev/ecc_ct_fix
...
ECC mulmod: some curves can't do order-1
2020-10-15 14:46:46 -07:00
Daniel Pouzzner
eb7a79aa5e
misc fixes for coverage and buildability: add MD2 to --enable-all*; fix spelling of "Sno" to "no" for $ENABLED_BLAKE2S default; when ENABLED_QSH add -DWOLFSSL_STATIC_DH -DWOLFSSL_STATIC_PSK (relates to ZD11073); add missing gating for !defined(WOLFSSL_DEVCRYPTO) in api.c:test_wc_Sha256FinalRaw(); fix tests/api.c:IsValidCipherSuite() to build under gcc10 (relates to ZD11073).
2020-10-15 15:05:29 -05:00
John Safranek
69ac13c2e9
wolfSSH Update
...
Originally, wolfSSH required some algorithms to be enabled in wolfCrypt
to work correctly. wolfSSH is now more flexible with how wolfCrypt is
configured, and these combinations do not have to be restricted.
2020-10-15 11:37:31 -07:00
David Garske
49b3fb21c8
Merge pull request #3391 from ejohnstown/autoconf-fix
...
Automake Fixes
2020-10-15 10:12:27 -07:00
Sean Parkinson
134e1be189
TLS session tickets: cannot share between TLS 1.3 and TLS 1.2
...
When parsing ticket, check TLS version to see whether they are version
compatible.
2020-10-15 13:02:06 +10:00
John Safranek
c2bb359eb4
Automake Fixes
...
1. A couple cert scripts don't need to be included in the makefile or the distribution.
2020-10-14 17:23:58 -07:00
toddouska
f69fa13e02
Merge pull request #3357 from guidovranken/StoreECC_DSA_Sig-fix
...
Improve StoreECC_DSA_Sig bounds checking
2020-10-14 16:53:46 -07:00
David Garske
b18d43abb9
Fix for possible uninitialized use of prev.
2020-10-14 15:52:51 -07:00
toddouska
026ba4e750
Merge pull request #3368 from dgarske/zd11057
...
Fix for possible malformed encrypted key with DES3 causing negative length
2020-10-14 15:32:48 -07:00
David Garske
751f64b4aa
Fix for OCSP single response last optional part handling and restore original size arg since its required for the ASN elements.
2020-10-14 14:55:18 -07:00
David Garske
10b1884993
Added support for handling an OCSP response with multiple status responses.
2020-10-14 14:47:24 -07:00
toddouska
1c4b15d427
Merge pull request #3369 from dgarske/sniffer_ccm
...
Add AES CCM support to sniffer
2020-10-14 14:31:57 -07:00
toddouska
8898abcc99
Merge pull request #3378 from dgarske/zd11085
...
Fixes SSLv3 use of ECDH in sniffer
2020-10-14 14:30:15 -07:00
toddouska
3f4bf9144b
Merge pull request #3366 from SparkiDev/pkcs11_lookup
...
PKCS #11 : improve key lookup
2020-10-14 14:22:56 -07:00
Tesfa Mael
5ac3e7d542
Process multiple ocsp responses
2020-10-14 01:10:07 -07:00
David Garske
232028d03b
Merge pull request #3386 from ejohnstown/dh-maint
...
Fuzz Fix
2020-10-13 15:47:11 -07:00
David Garske
b68828d3c9
Merge pull request #3361 from tmael/ocsp-nocheck
...
Add support for id-pkix-ocsp-nocheck
2020-10-13 15:46:02 -07:00
David Garske
048a3a8d5b
Merge pull request #3374 from JacobBarthelmeh/Testing
...
NO_FILESYSTEM build on Windows
2020-10-13 13:26:46 -07:00
John Safranek
422683f4c3
Fuzz Fix
...
GetPublicDhKey() assumes the ssl session owns the DH public key parts, and
tries to free them. They belong to the CTX initially, so it shouldn't be
freeing them, necessarily.
1. Add a check for weOwnDh first, then free the buffers if needed.
2. If there is a problem reading the keys, free the new buffers before exiting.
3. Set weOwnDh once the buffers and values have been stored
successfully.
2020-10-13 10:15:58 -07:00
Jacob Barthelmeh
6aa0eacc62
use correct key buffer for example private key
2020-10-13 09:26:54 -06:00
Sean Parkinson
f0db2c177e
ECC mulmod: some curves can't do order-1
...
Change implementation of timing resistant scalar multiplication to use
Joye double-add ladder.
No longer have fake operations being performed therefore can remove the
order adding operations.
Still need to check for boundary condition: order-1 wil not work with
SECP256K1 as it results in an add of order/2 and (order/2)+1 times base
point which are the negatives of each other. The sum is infinity and not
handled by maths.
Added mp_cond_swap_t - Conditionally swap in constant time.
2020-10-13 09:55:35 +10:00
David Garske
0d685e4f28
Merge pull request #3358 from douzzer/wolfSSL_get_ocsp_producedDate
...
add wolfSSL_get_ocsp_producedDate().
2020-10-12 15:21:10 -07:00
David Garske
de6164df5a
Merge pull request #3382 from ejohnstown/aes-clear
...
AES Clear Temp
2020-10-12 15:17:00 -07:00
David Garske
4396e10500
Merge pull request #3379 from ejohnstown/mfix
...
Maintenance Fixes
2020-10-12 14:53:56 -07:00
Chris Conlon
1f78297c5c
Merge pull request #3372 from miyazakh/Renesas_APRA6M
...
added set up guide for APRA6M board
2020-10-12 14:23:06 -06:00
Chris Conlon
2a1efda140
Merge pull request #3380 from kojo1/mqx
...
minor fix for MQX, Kinetis
2020-10-12 14:03:20 -06:00
kaleb-himes
8826823724
In ACVP testing NIST needs to see failed decryption output
2020-10-12 12:05:44 -06:00
John Safranek
5ead4386b3
AES Clear Temp
...
ForceZero()'ed a couple local variables that have keying material at some point.
2020-10-12 10:30:34 -07:00
John Safranek
0ca202f389
Rename SKIP_SUITE to something more descriptive. Add some comments.
2020-10-12 09:49:02 -07:00
Tesfa Mael
a4bfa0dec7
Add support for id-pkix-ocsp-nocheck
2020-10-11 19:47:50 -07:00
Takashi Kojo
ce97eadae1
fix for MQX
2020-10-11 06:57:33 +09:00
Daniel Pouzzner
9de5eea1d9
configure.ac: supplement AC_CHECK_FUNCS() (function link test) with AC_CHECK_DECLS() (function declaration test) to avoid false positives. fixes various build failure modes.
2020-10-09 22:18:51 -05:00
Hideki Miyazaki
bf59d169dd
Update include.am to include new README files
2020-10-10 09:57:05 +09:00
John Safranek
a05a305d70
Fix unused parameters in SKIP_SUITE.
2020-10-09 15:59:14 -07:00
John Safranek
6cfb038d11
Fix a bad ifdef.
2020-10-09 15:54:44 -07:00
John Safranek
2d85061c47
Maintenance Fixes
...
Improve the reporting of the NTRU based cipher suites with the function
wolfSSL_sk_CIPHER_description().
2020-10-09 15:01:39 -07:00
John Safranek
d8299e2764
Maintenance Fixes
...
When building the list of ciphers with wolfSSL_get_ciphers_compat(),
skip the fake indicator ciphers like the renegotiation indication
and the quantum-safe hybrid since they do not have encryption or mac
algorithms associated to them.
2020-10-09 15:01:38 -07:00
John Safranek
aeeeb666a7
Maintenance Fixes
...
1. The test_wolfSSL_X509V3_EXT_print() test was using stderr for output,
changed to stdout.
2. A call to XFREAD wasn't typecasting its output to the size of the
variable getting the output in decodedCertCache_test().
2020-10-09 15:01:32 -07:00
John Safranek
724eb96047
Merge pull request #3377 from douzzer/PR3371
...
fix pkcs7compressed_test() (test gated on HAVE_LIBZ), broken by PR#3244.
2020-10-09 15:00:15 -07:00
David Garske
f3fbb921c0
Fixes SSLv3 use of ECDH. The public key length byte needs to be skipped for import with SSLv3 and TLS (not TLS v1.3). ZD 11085
2020-10-09 12:01:41 -07:00
Daniel Pouzzner
29d4de6307
fix pkcs7compressed_test() (test gated on HAVE_LIBZ), broken by PR#3244.
2020-10-09 12:42:14 -05:00
JacobBarthelmeh
bfb10ddfb5
NO_FILESYSTEM build on Windows
2020-10-09 09:45:00 -07:00
David Garske
3e69318ac7
Merge pull request #3373 from danielinux/imx-rt1060-shaonly-fix
...
Fixed SHA256 support for IMX-RT1060
2020-10-09 09:30:11 -07:00
Daniele Lacamera
9cb2c9f1ac
Fixed SHA256 support for IMX-RT1060
2020-10-09 13:36:53 +02:00
Hideki Miyazaki
1765eeddb2
added set up guide for APRA6M board
...
added TLS 1.3 settings into user_settings.h
2020-10-09 19:52:20 +09:00
Daniel Pouzzner
570f55a0e3
wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac.
2020-10-08 23:26:28 -05:00
Daniel Pouzzner
7a77b6d990
rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true).
2020-10-08 22:47:16 -05:00
Daniel Pouzzner
e162d0f889
add wolfSSL_get_ocsp_producedDate().
2020-10-08 22:47:16 -05:00
toddouska
4d11e3c83b
Merge pull request #3365 from SparkiDev/ticket_align
...
SSL session ticket: decrypted ticket access aligned
2020-10-08 15:01:41 -07:00
toddouska
8bc3d33c4e
Merge pull request #3360 from SparkiDev/ecc_safe_add
...
ECC add points: more cases where add point is a double or infinity
2020-10-08 14:55:04 -07:00
toddouska
f0c5fb76bb
Merge pull request #3359 from ejohnstown/tfm-read-radix-16
...
TFM Read Radix 16 OOB Read
2020-10-08 14:52:42 -07:00
toddouska
c69e9927fa
Merge pull request #3354 from SparkiDev/mac_arm_asm_2
...
ARM ASM ChaCha20: Fix calc of left over bytes
2020-10-08 14:49:33 -07:00
toddouska
6b4b92a549
Merge pull request #3356 from embhorn/zd11044
...
Allow wolfSSL_EVP_get_hashinfo with x509small
2020-10-08 14:48:28 -07:00
toddouska
e0f3ceefa2
Merge pull request #3349 from vaintroub/remove_gccism
...
#3348 - Fix MSVC build
2020-10-08 14:47:15 -07:00
David Garske
8a57eead51
Add AES CCM support to sniffer. ZD 11078.
2020-10-08 13:58:31 -07:00
David Garske
d33d100526
Fix for possible malformed encrypted key with DES3 causing negative length. If length is less than DES_BLOCK_SIZE then it could result in a negative der->length. ZD 11057
2020-10-08 13:07:07 -07:00
JacobBarthelmeh
46f8f53268
Merge pull request #3367 from kaleb-himes/NTRU_MAINTENANCE
...
Fix NTRU + QSH build
2020-10-08 14:04:21 -06:00
kaleb-himes
d9eaeb4a3b
Fix NTRU + QSH build
2020-10-08 09:13:00 -06:00
Sean Parkinson
15aa0a2f8c
PKCS #11 : improve key lookup
...
Refactor the find key by template to eliminate duplicate code.
Improve documentation.
Add more informative debugging information.
2020-10-08 13:36:30 +10:00
Sean Parkinson
4f6c1db9a2
Merge pull request #3355 from douzzer/enable-more-all
...
--enable-all coverage update, plus --enable-all-crypto and --enable-linuxkm-defaults
2020-10-08 09:52:56 +10:00
Sean Parkinson
257551b134
ECC add points: more cases where add point is a double or infinity
...
Extract method to perform safe point add (handling double and infinity
result).
Replace all instances of the extracted code.
2020-10-08 09:26:10 +10:00
Sean Parkinson
8d82fb2add
SSL session ticket: decrypted ticket access aligned
...
Decrypted session ticket using encrypted ticket buffer.
Alignment not correct on platforms requiring 32-bit aligned access.
Copy the decrypted data into temporary for access.
Also zeroize the unencrypted tickets after use.
2020-10-08 08:56:49 +10:00
Sean Parkinson
270da3c33c
Merge pull request #3364 from dgarske/zd11064
...
Fix for sniffer without TLS v1.3
2020-10-08 08:10:21 +10:00
David Garske
4f3632c7a6
Fix for sniffer without TLS v1.3 (--enable-sniffer --disable-tls13). ZD11064.
2020-10-07 11:08:05 -07:00
Daniel Pouzzner
1c492dc0b6
cosmetic cleanups.
2020-10-06 22:14:08 -05:00
John Safranek
413b0d171d
TFM Read Radix 16 OOB Read
...
Change the location of the update of the write index when in
fp_read_radix_16(). It will do multiple writes into a word, and update
the index when the word is full and there is more to write. If there
isn't more to write, the index isn't incremented. This ensures the used
value in the mp_digit is correct, and not off-by-one when the last word
is full.
2020-10-06 17:03:03 -07:00
Guido Vranken
4c5c1d5dac
Improve StoreECC_DSA_Sig bounds checking
2020-10-06 23:11:50 +02:00
Eric Blankenhorn
6bc34cb1a8
Allow wolfSSL_EVP_get_hashinfo with x509small
2020-10-06 11:18:08 -05:00
Juliusz Sosinowicz
a7fdfbaf40
Passing scr-app-data in to -i to client sends a message during SCR
...
Modify mygetopt so that if an argument expects a value and that value is the next argument then myoptarg is set to a NULL pointer.
2020-10-06 17:28:23 +02:00
Daniel Pouzzner
c18f7010cf
configure.ac: remove enable_apachehttpd and enable_secure_renegotiation from new --enable-all (valgrind woes).
2020-10-02 18:54:45 -05:00
Kaleb Himes
84ee1509b7
Merge pull request #3311 from tmael/neclab
...
Update release notes
2020-10-02 15:50:20 -06:00
Daniel Pouzzner
d900e57ae4
improve --enable-linuxkm-defaults fidelity.
2020-10-01 18:07:48 -05:00
Chris Conlon
232eb6a620
Merge pull request #3323 from danielinux/nxp_imxrt_dcp
...
Added support for NXP DCP (i.MX-RT series)
2020-10-01 16:44:58 -06:00
Daniel Pouzzner
a522207b14
fix memory leaks in src/internal.c:DoSessionTicket() and testsuite/testsuite.c:file_test().
2020-10-01 14:38:26 -05:00
Daniel Pouzzner
2ed8f93592
src/internal.c: fix memory leaks in ProcessPeerCerts() and GetDhPublicKey().
2020-10-01 14:38:26 -05:00
Daniel Pouzzner
7fb8457459
fix whitespace.
2020-10-01 14:38:26 -05:00
Daniel Pouzzner
c37ba164bf
configure.ac: don't include enable_certgencache=yes in --enable-all[-crypto] feature sets, to avoid memory leak false alarms.
2020-10-01 14:38:26 -05:00
Daniel Pouzzner
24b20352f8
configure.ac: refactor-for-clarity enable-all[-crypto] feature selection logic conditionalized on sp-math and linuxkm.
2020-10-01 14:38:26 -05:00
Daniel Pouzzner
a3185310ca
tests/api.c: clean up and parameterize key/buffers sizes in test_wc_CheckProbablePrime().
2020-10-01 14:38:26 -05:00
Daniel Pouzzner
70474659a0
wc_ShaFinal(): remove superfluous ret=0 when WOLF_CRYPTO_CB, complained by PRB-scan-build-distro-check.
2020-10-01 14:38:26 -05:00
Daniel Pouzzner
fd3815c708
configure.ac: include enable_xchacha in --enable-all-crypto.
2020-10-01 14:38:26 -05:00
Daniel Pouzzner
a4bd213099
configure.ac: improve --enable-all coverage and make it compatible with --enable-sp-math, add --enable-all-crypto (crypto-only subset of --enable-all), and add --enable-linuxkm-defaults ("Enable feature defaults for Linux Kernel Module").
2020-10-01 14:38:26 -05:00
Daniel Pouzzner
79978f5c7a
ecc_check_pubkey_order(): add missing braces.
2020-10-01 14:38:26 -05:00
Daniel Pouzzner
3ef242e889
tests/api.c: change RSA keysize from 1024 to 2048 for sp-math compatibility, in test_wc_CheckProbablePrime(), test_wc_CheckProbablePrime(), test_wc_RsaPSS_Verify(), test_wc_RsaPSS_VerifyCheck(), test_wc_RsaPSS_VerifyCheck(), test_wc_RsaPSS_VerifyCheckInline(), and test_wolfSSL_DC_cert().
2020-10-01 14:38:26 -05:00
Daniele Lacamera
cec3d542d1
Rework of DCP after reviewer's comments.
...
- using wolfSSL_CryptHwMutexLock/UnLock as DCP mutex.
- fixed AES Free
- using separate per-channel key store
2020-10-01 11:36:03 -07:00
Daniele Lacamera
ce62f46442
Fixed comments
2020-10-01 11:36:03 -07:00
Daniele Lacamera
9244bbbf83
NXP-DCP: Fixed AES-GCM setkey; added AES direct.
2020-10-01 11:36:03 -07:00
Daniele Lacamera
05098f7ab8
Reentrant DCP driver. DCP protected by mutex.
2020-10-01 11:36:03 -07:00
Daniele Lacamera
a07f9ded63
Added support for NXP DCP (i.MX-RT series)
2020-10-01 11:36:03 -07:00
David Garske
050252e5d4
Merge pull request #3340 from kabuobeid/fsanitize_thread
...
Fix issues found by -fsanitize=thread.
2020-10-01 11:28:05 -07:00
Kareem Abuobeid
d59784e646
Fix issues found by -fsanitize=thread.
2020-09-30 14:24:20 -07:00
toddouska
20d28e1b65
Merge pull request #3221 from julek-wolfssl/wolfSSL_dtls_import-const-buf
...
Change buffer in wolfSSL_dtls_import to be const
2020-09-30 10:45:25 -07:00
toddouska
bb6c612209
Merge pull request #3312 from kabuobeid/apple_arm64
...
Added instructions for building for Apple ARM64.
2020-09-30 10:44:22 -07:00
toddouska
74259fe9ce
Merge pull request #3351 from dgarske/sniffer_sesstick
...
Fix for sniffer with TLS v1.2 session ticket
2020-09-30 10:42:56 -07:00
toddouska
9bfe4f1fb2
Merge pull request #3341 from SparkiDev/fp_sqr_size
...
TFM mp_sqr: error on number overflow
2020-09-30 10:35:01 -07:00
Sean Parkinson
f76165a3fa
ARM ASM ChaCha20: Fix calc of left over bytes
2020-09-30 15:57:33 +10:00
Sean Parkinson
a1991da458
TFM mp_sqr: error on number overflow
...
Change mp_sqr to return an error if the result won't fit into the fixed
length dp.
2020-09-30 08:54:20 +10:00
Kareem Abuobeid
0a791a957e
Added instructions for building for Apple ARM64.
2020-09-29 15:12:34 -07:00
toddouska
fc988ad3e7
Merge pull request #3325 from julek-wolfssl/openssl-compat-aes-gcm-2-part-aad
...
Buffer AAD in wolfSSL_EVP_CipherUpdate_GCM so that whole value is hashed
2020-09-29 13:46:44 -07:00
toddouska
d415bbf2eb
Merge pull request #3346 from SparkiDev/mac_arm_asm
...
ARM asm: fixes for compiling on Mac and ChaCha20 streaming
2020-09-29 13:36:13 -07:00
David Garske
3e0d478543
Fix for sniffer with TLS v1.2 session ticket. Logic broken in PR #3044 . ZD 10926.
2020-09-29 11:11:32 -07:00
Juliusz Sosinowicz
2153009efa
Fix access violation in Visual Studio Test
2020-09-29 19:47:58 +02:00
Vladislav Vaintroub
efe7c42775
Fix MSVC build
...
Don't use GCC-specific extensions
Fixes #3348
2020-09-29 18:00:21 +02:00
Juliusz Sosinowicz
52be7c94b8
Introduce thread safety to unsafe functions in wolfSSL
...
Add warnings to one shot hash functions
2020-09-29 16:29:45 +02:00
Juliusz Sosinowicz
78e003e7de
Plug leak
2020-09-29 12:24:59 +02:00
Sean Parkinson
66ed9b1522
ARM asm: fixes for compiling on Mac and ChaCha20 streaming
...
Don't set the CPU to generic on Mac.
Implement streaming for ChaCha20.
2020-09-29 13:38:02 +10:00
Sean Parkinson
46b9531bec
Merge pull request #3345 from dgarske/sp_spell
...
Fix spelling error and sync with latest scripts
2020-09-29 08:46:52 +10:00
David Garske
30a74e0597
Merge pull request #3343 from ejohnstown/test-ecc521
...
Test ECC-521 Only
2020-09-28 14:06:42 -07:00
Juliusz Sosinowicz
07f6c19156
Update EVP_CIPHER to handle multi-part AAD
2020-09-28 20:42:23 +02:00
David Garske
a85c93e44a
Fix spelling error and sync with latest scripts.
2020-09-28 10:41:31 -07:00
toddouska
d01dae00bc
Merge pull request #3342 from SparkiDev/arm64_clang_fix
...
SP ARM64: Fix assembly for clang
2020-09-28 09:57:19 -07:00
John Safranek
dbf18b8532
Test ECC-521 Only
...
Update benchmark and wolfcrypt test to support using only ECC-521 in a custom curve list.
2020-09-28 09:22:24 -07:00
Chris Conlon
d143015059
Merge pull request #3336 from ethanlooney/26th_branch
...
Added unit test for Des3
2020-09-28 10:14:31 -06:00
Juliusz Sosinowicz
942168c62d
Add decrypt tests
2020-09-28 15:59:50 +02:00
Sean Parkinson
b61b3e34dd
SP ARM64: Fix assembly for clang
...
clang doesn't auto correct size of register (declared byte n but 64-bit
usage)
clang doesn't always handle use of x29 (FP or Frame Pointer) in inline
assembly code correctly - reworked sp_2048_sqr_8 to not use x29.
2020-09-28 12:35:58 +10:00
David Garske
7d33312f4b
Merge pull request #3339 from ejohnstown/dtls-flag
...
DTLS Flag
2020-09-25 17:05:22 -07:00
toddouska
e1f54b1df1
Merge pull request #3296 from dgarske/sniffer_fixes
...
Fixes for Sniffer (Max Fragment, ECC Static and SNI)
2020-09-25 12:50:07 -07:00
toddouska
8266680ab7
Merge pull request #3338 from SparkiDev/dh_fips3
...
DH EXTRA test: Disable DH test unless not FIPS or FIPS > 2
2020-09-25 12:42:40 -07:00
Ethan Looney
e49505fbb8
Added key free
2020-09-25 13:42:19 -06:00
toddouska
6f1d626671
Merge pull request #3337 from SparkiDev/evp_xts_3
...
EVP AES XTS: check correct define
2020-09-25 12:42:09 -07:00
toddouska
2d97acadc9
Merge pull request #3331 from dgarske/armasm
...
Fixes for ARM ASM and API unit test bad build macros
2020-09-25 12:41:30 -07:00
John Safranek
b36877c20b
DTLS Flag
...
Fix an ifdef flag that should have been WOLFSSL_DTLS, not HAVE_DTLS.
2020-09-25 10:49:34 -07:00
Juliusz Sosinowicz
84f0fc56ef
check ClientWrite return
2020-09-25 11:35:23 +02:00
Juliusz Sosinowicz
7e38b6bee6
Test 2 part GCM data and EVP context re-use
2020-09-25 11:03:58 +02:00
Sean Parkinson
c798c7f396
DH EXTRA test: Disable DH test unless not FIPS or FIPS > 2
...
statickeys/dh-ffdhe2048.der is an alternate format that is supported
when WOLFSSL_DH_EXTRA is defined.
The decoding is not supported when FIPS and FIPS version is less than 3.
Fix test to not use file unless not FIPS or FIPS > 2.
2020-09-25 11:41:59 +10:00
Sean Parkinson
d514189710
EVP AES XTS: check correct define
...
HAVE_AES_CTX -> WOLFSSL_AES_XTS
2020-09-25 11:17:04 +10:00
David Garske
5ef5c279b5
Fix for previous max fragment commit to correctly process a TLS packet with multiple handshake messages. Fix to free the wolfSSL objects first then wolfSSL_CTX.
2020-09-24 15:53:12 -07:00
David Garske
bbaf4090b8
Fixes for sniffer when using static ECC keys. Adds TLS v1.2 ECC key fallback detection and fixes new ECC RNG requirement for timing resistance.
2020-09-24 15:03:26 -07:00
Ethan Looney
4662690fdc
Added unit test for Des3
2020-09-24 14:05:14 -06:00
David Garske
7cfbc598ed
Fix to not assume TLS v1.3 based on extended key share extension.
2020-09-24 13:05:01 -07:00
David Garske
bc960a9c25
Fix for sniffer with SNI enabled to properly handle WOLFSSL_SUCCESS error code in ProcessClientHello. ZD 10926
2020-09-24 13:05:01 -07:00
David Garske
adedde7d16
Fix to not treat cert/key not found as error in myWatchCb and WOLFSSL_SNIFFER_WATCH. The key can be pased as argument to ./snifftest and if built with sniffer watch let's keep trying to parse instead of throwing an error.
2020-09-24 13:05:01 -07:00
David Garske
7e2d44ba9a
Fix possible unused rhSize.
2020-09-24 13:05:01 -07:00
David Garske
b5163bd1fa
Added support for 802.11Q VLAN frames. Fix build error with unused "ret" when building with WOLFSSL_SNIFFER_WATCH. Fixed bad characters in sniffer README.md configure example.
2020-09-24 13:05:01 -07:00
David Garske
ce1c1fe0a6
Fix for sniffer using HAVE_MAX_FRAGMENT in "certificate" type message. ZD 10903
2020-09-24 13:05:01 -07:00
toddouska
1668f6f626
Merge pull request #3244 from douzzer/20200820-linuxkm
...
Linux Kernel Module support
2020-09-24 12:57:22 -07:00
toddouska
1eed409bdf
Merge pull request #3332 from SparkiDev/sp_cortexm_fix_1
...
SP Cortex-M4 assembly: Fix for GCC compile
2020-09-24 12:55:21 -07:00
toddouska
1e293e4be4
Merge pull request #3321 from SparkiDev/evp_xts_2
...
EVP CIPHER: fix block size, mode and table
2020-09-24 12:49:38 -07:00
toddouska
d75d3108b0
Merge pull request #3314 from SparkiDev/evp_hmac_sha3
...
Test wolfSSL_HMAC with SHA-3
2020-09-24 12:48:40 -07:00
Chris Conlon
b3fc5eb254
Merge pull request #3326 from ethanlooney/25th_branch
...
Added unit tests for PKCS7
2020-09-24 13:33:57 -06:00
Chris Conlon
679b107044
Merge pull request #3333 from miyazakh/espidf_pkcs7
...
add user settings of pkcs7 for ESP-IDF port
2020-09-24 09:58:00 -06:00
Chris Conlon
6780e5eb0b
Merge pull request #3290 from ethanlooney/22nd_branch
...
Added unit tests for RSA.c
2020-09-24 09:54:11 -06:00
Hideki Miyazaki
a22b2085b1
add settings for pkcs7
...
add wrapper to check the return value of snprintf
fixed unit test
fixed uninitialized variable
2020-09-24 17:20:45 +09:00
David Garske
3adb64b196
Merge pull request #3330 from ejohnstown/tfm-no-64bit
...
TFM NO 64-BIT
2020-09-23 18:47:48 -07:00
Sean Parkinson
ec59acbae0
SP Cortex-M4 assembly: Fix for GCC compile
...
b<cond>.n not allowed with GCC.
Fix sizeof to use tmp_arr not tmp which is now a pointer.
2020-09-24 11:03:50 +10:00
Daniel Pouzzner
09b9ac8b86
add AM_CONDITIONAL([BUILD_DEBUG],...) to configure.ac, and use it to gate inclusion of wolfcrypt/src/debug.c in src/include.am; remove superfluous includes from wolfcrypt/src/debug.c.
2020-09-23 18:32:17 -05:00
Daniel Pouzzner
6a3da9477e
fix --enable-stacksize[-verbose] (HAVE_STACK_SIZE[_VERBOSE]) to work correctly in testsuite.c.
2020-09-23 18:32:17 -05:00
Daniel Pouzzner
38cb4a2d69
blake2{b,s}.c: return and propagate meaningful error codes.
2020-09-23 18:32:17 -05:00
Daniel Pouzzner
fda22f851a
random.c: use "DRBG_internal", not "__DRBG", for typedef struct DRBG_internal, to avoid possible conflict with reserved-label restrictions with some compilers.
2020-09-23 18:32:17 -05:00
Daniel Pouzzner
6a7a87545a
wc_MakeRsaKey(): add missing allocation failure checks for WOLFSSL_SMALL_STACK.
2020-09-23 18:32:17 -05:00
Daniel Pouzzner
0f3283ce7b
add wc_curve25519_generic().
2020-09-23 18:32:17 -05:00
Daniel Pouzzner
4742a17006
configure.ac: move AC_ARG_ENABLE([linuxkm] before AC_ARG_ENABLE([filesystem], and add ENABLED_FILESYSTEM_DEFAULT=no when ENABLED_LINUXKM.
2020-09-23 18:32:17 -05:00
Daniel Pouzzner
529549f117
settings.h: protect against double definitions in _LINUXKM case.
2020-09-23 18:32:17 -05:00
Daniel Pouzzner
fc592e8434
tests/api.c: in test_wc_PKCS7_BER(), provide for !NO_DES3 && !NO_RSA && WOLFSSL_SP_MATH case.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
10bf7a2086
examples/: fix undersized array lengths in client_usage_msg and server_usage_msg.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
8a6216363d
ecc.c: add (void)rng to wc_ecc_mulmod_ex2() to cover WOLFSSL_SP_MATH case.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
a571378b5f
blake2.h/blake2b.c: fix typos.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
0c9ba76a93
fix rebase error on aes.c
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
60506af5f5
add WOLFSSL_API wrappers wc_InitBlake2b_WithKey(), wc_InitBlake2s_WithKey(), and wc_curve25519_make_priv().
2020-09-23 18:32:16 -05:00
David Garske
c0823c8a7e
Refactor of AES wc_AesSetKeyLocal and wc_AesSetKey for software only use. Added missing aes argument check on wc_AesSetKeyDirect.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
a75f88cbcd
wolfssl/test.h: gate strerror() in err_sys_with_errno() on HAVE_STRING_H && HAVE_ERRNO_H as in PR #3291 .
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
bf054838a1
wc_port.h: WOLFSSL_LINUXKM: fix typo in WOLFSSL_ARMASM definition of RESTORE_VECTOR_REGISTERS().
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
da6a5566b6
wc_port.h: for WOLFSSL_LINUXKM, gate kernel includes and libwolfssl-specific preprocessor directives on BUILDING_WOLFSSL, to avoid disrupting environment for builds of other kernel components.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
185994cb0b
scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
8b53b181dd
add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
1c3415e26f
wolfssl/test.h:err_sys_with_errno(): printing the errno msg seems to blow up all the parse tests, so only do it when -DDEBUG_TEST_ERR_SYS_WITH_ERRNO.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
1ebd851b2e
wolfssl/test.h: if SO_REUSEPORT is defined, use it in tcp_listen() and udp_accept(). also, add err_sys_with_errno(), identical to err_sys() unless defined(HAVE_STRING_H) && defined(HAVE_ERRNO_H), in which case strerror(errno) is appended to the rendered message. changed to use err_sys_with_errno() wherever applicable.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
62bbef2f2e
wolfcrypt/test/test.c: add missing gating for -DBENCH_EMBEDDED.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
92fa0f18f0
Makefile.am: use an aux variable to add linuxkm to $SUBDIRS when BUILD_LINUXKM is true, to avoid recursion into linuxkm/ for "make distdir". solution by John Safranek, with a million thanks.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
291febb270
configure.ac: clean up AC_ARG_ENABLE() for linuxkm, and make AC_ARG_WITH for linux-source and linux-arch unconditional.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
2609fa9aeb
test.c:rsa_test(): fix cpp gating for clearing of keypub buffer.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
453698ba27
add explanatory comments for do_div(), used when WOLFSSL_LINUXKM.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
8496a64ed4
linuxkm/Kbuild: the x86 _asm object files still reference "_GLOBAL_OFFSET_TABLE_", so they can't work in the kernel as-is.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
7c2aefcfdd
linuxkm: enable the rest of the _asm implementations for x86, wrapped in {SAVE,RESTORE}_VECTOR_REGISTERS().
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
331fe47eb6
linuxkm: add ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE ASFLAGS_FPUSIMD_DISABLE ASFLAGS_FPUSIMD_ENABLE to facilitate erroring for unexpected fp/simd instructions in Kbuild, while allowing expected ones.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
96fe6dc049
test.h: fix math in final "stack used" message when -DHAVE_STACK_SIZE_VERBOSE.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
60a686f48c
tidying suggested by Sean in review.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
a9cad51b65
sp_mod_word(): add unoptimized alternative if -U__GNUC__.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
c8cd042bdd
configure.ac: for linuxkm, make --enable-sp-math the default, and add additional exclusions --enable-fastrsa and --with-libz.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
5f972d2ae6
test.c: now that sp math is fixed and working in linuxkm, reenable prime_test() for WOLFSSL_LINUXKM, and add a small stack refactor for it.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
fdbd6addd0
sp_int.c: add sp_mod_word() gated on WOLFSSL_SP_MOD_WORD_RP for runtimes lacking intrinsic support for int128 % int64; for linuxkm, use WOLFSSL_SP_DIV_WORD_HALF and the new WOLFSSL_SP_MOD_WORD_RP.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
8f130f3642
test.c: tweaks to accommodate clang's belligerent -Wparentheses-equality.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
447a238e8e
test.c: missed a _SMALL_STACK spot in rsa_ecc_certgen_test().
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
5bfb5a3a83
test.c: fix missed spot in rsa_certgen_test(), and do another _SMALL_STACK refactor of a missed object in rsa_ecc_certgen_test().
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
fdf87fe152
test.c: another missed spot.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
ebca451c93
test.c: missed a spot -- inadvertently unused return value.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
99501ffefd
m4/ax_linuxkm.m4: use test "$var" = "" construct, not test -z "$var", for maximal portability.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
43c12ede50
ge448_double_scalarmult_vartime(): streamline WOLFSSL_SMALL_STACK refactor.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
80961ea913
test.c:ecc_decode_test(): WOLFSSL_SMALL_STACK refactor
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
5801719ac3
wolfcrypt/src/asn.c:wc_GetKeyOID(): stack->heap refactor.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
dbe0273bf4
test.c: additional WOLFSSL_SMALL_STACK refactoring, covering --enable-sp-math and various missed spots.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
4f5bbbdca8
rsa.c:wc_CheckProbablePrime(): WOLFSSL_SMALL_STACK refactor
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
af6bd1d163
configure.ac: tidying linuxkm reqs/exclusions tests at end.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
16267a1889
configure.ac: error when ENABLED_LINUXKM but $KERNEL_ARCH is empty (no default, no user value).
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
cd88a2c7df
wolfcrypt/test/test.c: when WOLFSSL_LINUXKM, don't do the large-malloc-incurring wc_scrypt()s in scrypt_test().
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
76cba38971
wolfcrypt/src/ge_448.c: redo small stack refactor of ge448_double_scalarmult_vartime(), so that when -UWOLFSSL_SMALL_STACK, code is effectively unchanged.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
f4981d4c91
linuxkm/module_exports.c.template: include openssl compat layer headers in case user configuration needs them.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
8331079c36
configure.ac: --enable-compkey gates in the recursive do_mp_jacobi(). mutex with --enable-linuxkm.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
dc4b15a265
test.c: fix gating on heap deallocation in hc128_test() to match earlier tweak to gating on allocation.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
b52d50d903
test.c: various improvements and fixes pursuant to dgarske's comments on PR #3244
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
a80b0c1982
test.c: don't exclude prime_test when -DOLD_PRIME_CHECK, but to exclude it when -DWOLFSSL_LINUXKM.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
170322956b
wolfssl/test.h: polish implementation of HAVE_STACK_SIZE_VERBOSE, now enabled with --enable-stacksize-verbose; internal symbol renamed from original DEBUG_STACK_SIZE_VERBOSE, helper functions and macros refactored to be formally threadsafe and to track the overall high water mark (reports same "stack used" value as --enable-stacksize after final return); add "setting stack relative offset reference mark in funcname() to x" message at entry; add configure mutexing of --enable-stacksize[-verbose] relative to --enable-linuxkm.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
63e3eae416
src/wolfio.c: update patch to wolfIO_HttpProcessResponse() (PR #3204 ).
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
b99908ae66
configure.ac: refactor test -z "${KERNEL_ROOT}" into "${KERNEL_ROOT}" = "", and remove new AM_CFLAGS="$AM_CFLAGS -msse4" (bringing back identical to logic in master) now that $CFLAGS_SIMD_ENABLE et al take care of it.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
d033b1fe24
m4/ax_linuxkm.m4: add autosensing of -msse4.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
5589565051
linuxkm: add autotools detection of usable compiler flags for enabling and disabling SIMD and fp registers and auto-vectorization, and integrate into linuxkm makefiles.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
5d1bea4ff7
linuxkm/Makefile: rename KERNEL_OPT to KERNEL_EXTRA_CFLAGS.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
767f1972e3
aes.{c,h}: move SIMD includes from aes.h to aes.c, to avoid compiler errors on other .c's compiled -mno-sse for linuxkm.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
5504d9cd4e
linuxkm: dial in SIMD options in Kbuild; add boilerplate at the top of all files added for linuxkm.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
4f38fb2f78
linuxkm/Kbuild: gate EXPORT_SYMBOL(wolfcrypt_test) on -UNO_CRYPT_TEST.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
cd14cfb092
linuxkm: override-disable SIMD instructions for all .c.o's, with exceptions enumerated in Kbuild (currently only aes.c), and couple -msse with -fno-builtin-functions; export ENABLED_ASM for use as a pivot in Kbuild; use asm/i387.h, not asm/simd.h, for kernel_fpu_{begin,end}() protos.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
3626332334
wolfcrypt/src/aes.c for linuxkm: add missing vector register push/pops.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
87b2384cac
linuxkm settings.h: define NO_STDIO_FILESYSTEM
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
69052ff535
linuxkm: explanatory message and error exit on attempted make install.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
e881d92366
add linuxkm/module_exports.c.template to linuxkm/include.am $EXTRA_DIST.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
05bca8b0ee
when BUILD_LINUXKM, suppress building the library; rename $KROOT/$KARCH to $KERNEL_ROOT/$KERNEL_ARCH; remove SIMD enablement from linuxkm CFLAGS; add linuxkm support for -DKERNEL_OPT=x.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
360c749703
add {SAVE,RESTORE}_VECTOR_REGISTERS() macros for kernel_fpu_{begin,end} when WOLFSSL_LINUXKM, to allow safe use of AESNI and SIMD instructions in the kernel.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
2c564a7728
update .gitignore with more artifacts from linuxkm build.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
9549a5f973
linuxkm: add linuxkm/module_exports.c.template, and autogenerate linuxkm/module_exports.c.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
e8b69f8a6a
dh_test(): fix missing casts for XMALLOC().
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
7bc33f4ec1
linuxkm: retain noinline from kernel headers, and use it directly in wolfssl/wolfcrypt/sp.h.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
9aa3a4c559
linuxkm/Kbuild: make dependency on get_thread_size order-only, to suppress frivolous rebuilds on kernel 4.x.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
f440089e92
dh_test(): fix typo (undersized dynamic buffers).
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
8b19a9b58c
benchmark.c: fix always-true tests for DECLARE_VAR_IS_HEAP_ALLOC.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
f106fea0d8
rsa_no_pad_test(): fix uninited pointer.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
4ea8b46177
dh_test(): refactor remaining bare returns to ERROR_OUT().
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
2ee218761e
dh_test(): missed a spot in last commit.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
ca1a991de5
wolfcrypt/test/test.c: fix an error-path leak in dh_test(), and deal with possible -Wdeclaration-after-statement for XFILE file.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
a7381f8a48
test.c:rsa_test(): fix uninited pointer
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
6c32a730c2
more work on DECLARE_VAR -- fix allocation failure handling in bench_rsa_helper() to avoid uninitialized variables.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
426de2101a
more work on DECLARE_VAR -- proper handling of failed allocations. WIP.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
d8e71e8dd2
linuxkm/Kbuild: disable objtool on AESNI asm objects -- they work in the kernel as-is, despite "unannotated intra-function call" and "BP used as a scratch register" warnings.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
3c91ce9342
wolfcrypt/src/sp_int.c: undo 8efb1142f1f2744ff128033df8a3a2d43e42fd93 to take dgarske's better wc_bigint_init()-based take on it (aa870861921a317cca9a978a75a7de127809e100).
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
d7450b85f7
linuxkm/Makefile: use -Wno-declaration-after-statement (needed for heapful DECLARE_VAR() et al).
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
c5d28c16b5
wolfcrypt/src/sp_int.c: clear whole struct in sp_init() and sp_init_multi(), to fix uninited pointer free()s in sp_free() when --enable-sp-math -DHAVE_WOLF_BIGINT.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
9b7c753165
wolfssl/wolfcrypt/types.h: make DECLARE_VAR() et al use heap allocation not only when WOLFSSL_ASYNC_CRYPT but also when WOLFSSL_SMALL_STACK.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
ce8f2e65de
wolfcrypt/src/sha256.c: undo c801de9d23c2f3348b84fdb8d893f81e6c3c2849 (dgarske has better&correct fix in 76e1760f915934bdc4911f3ae41abe6803ae094a).
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
571bf897c4
wolfcrypt/test/test.c: stack->heap refactor for dh_test().
2020-09-23 18:32:15 -05:00
David Garske
66b59bda9b
Fix for expected fail test in openssl_test for partial block. Fix for mp_test with ECC disabled, which uses mp_init_copy.
2020-09-23 18:32:15 -05:00
David Garske
0f8cf32122
Fix for possible leak in openssl_test because EVP free not called with WOLFSSL_SMALL_STACK_CACHE (SHA256/SHA512). Added return code checking to the openssl_test in wolfCrypt test.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
32e30d23c6
wolfcrypt/test/test.c: fix uninitialized values in aesofb_test().
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
e09487de1f
sha256.c: add missing _SMALL_STACK_CACHE initialization in InitSha256().
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
922b023aea
wolfcrypt/src/random.c: rename the DRBG internal type __DRBG, because some customer is compiling libwolfssl with a "g++" override, which precludes typedefs and structs with different types but equal labels.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
9611f7abfd
linuxkm/Makefile: add no-op distdir rule.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
03fe9c15c0
linuxkm/Makefile: add do-nothing dist rule, and refactor setness tests for libwolfssl.ko to be make-dist-compatible.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
f56c6d1d8f
wolfcrypt/test/test.c and wolfssl/test.h: implement DEBUG_STACK_SIZE_VERBOSE, measuring and reporting stack usage separately for each test. to use, ./configure --enable-stacksize && make CFLAGS+=-DDEBUG_STACK_SIZE_VERBOSE; also, remove a throwaway dev pragma that snuck into an earlier commit.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
925afe3b74
cast XMALLOC() return values assiduously, for Visual Studio compatibility.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
195b5d2d2c
lkm: add linuxkm/include.am, and include it in Makefile.am.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
d86b0601b9
lkm: tweak Kbuild to work on 4.x (hardcoded fallback stack size); add linuxkm/get_thread_size.c.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
c194fb3beb
lkm: add autodetection of kernel stack frame size; reactivate objtool scrutiny since _asm files are indeed not yet kernel-compatible; delete linuxkm/lkm_testcrypto.c and use wolfcrypt/test/test.c.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
535822f4df
wolfcrypt/test/test.c: refactor for stack size and namespace control, allowing embedding of wolfcrypt_test() in kernel module.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
f5975d95db
src/ssl.c: use heap for workspace in wolfSSL_X509_sign(), wolfSSL_d2i_RSAPrivateKey_bio(), and wolfSSL_CTX_use_RSAPrivateKey().
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
9ca94d6ca7
wolfcrypt/src/ge_448.c: refactor ge448_double_scalarmult_vartime() to use heap for workspace unless WOLFSSL_NO_MALLOC.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
1735bd7430
lkm_testcrypto.c: refactor subtests at end of dh_test() to use ERROR_OUT() with proper codes.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
217ec4ebd3
lkm: tweaks to self-test dynamics/messages.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
554879da00
lkm: self-test working now (certain options, which ones TBD, crash kernel).
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
34fd53b4fc
linuxkm: WIP support for wolfcrypt_test() at module load time.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
0c35998178
linuxkm/module_hooks.c: log "cleanup complete" at unload time.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
92df5692b1
wolfcrypt/src/ecc.c: revert to commit g0fa5af9, which has all the necessary fixes.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
0cfe9ca5d6
configure.ac: --enable-linuxkm: improved defaults and consistency checking.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
92406e17ca
wolfssl/wolfcrypt/settings.h: for _LINUXKM, set WOLFSSL_SP_DIV_64 to help avoid gcc xdivti3() references.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
5efdee4277
wolfssl/wolfcrypt/types.h: tweak _LINUXKM macros XMALLOC(), XFREE(), and XREALLOC() to dummy-use "heap" and "dynamic type" arguments.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
add78dfba9
wolfcrypt/src/sp_int.c: add _LINUXKM do_div codepaths for a couple more 64 bit divisions, in sp_div_word() and sp_mod_d().
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
9ab1df690a
wolfcrypt/src/ecc.c: fix uncompilable !WOLFSSL_SP_MATH && WOLFSSL_SMALL_STACK_CACHE implementations of ecc_key_tmp_init() and ecc_key_tmp_free() (the latter misnamed ecc_key_tmp_final()).
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
836915d05f
linuxkm: configure.ac more incompatible options: --enable-fastmath, --enable-iopool, and --enable-fips; linuxkm/Makefile: reduce -Wframe-larger-than from 65536 to kernel-compatible 5000; wolfssl/wolfcrypt/settings.h: unset HAVE_THREAD_LS when WOLFSSL_LINUXKM; wolfssl/wolfcrypt/types.h: when NO_INLINE and __GNUC__, #define WC_INLINE __attribute__((unused)) rather than to nothing to avoid -Wunused-function warnings; wolfssl/wolfcrypt/wc_port.h: #undef noinline after Linux kernel header includes (another macro conflict).
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
03d5a4eadd
wolfcrypt/src/integer.c: mp_div_d(): refactor another 64 bit division to use do_div() when WOLFSSL_LINUXKM.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
2a3fd57b36
linuxkm/Kbuild, linuxkm/module_hooks.c: tweaks for buildability on kernel 4.9 (may also fix build on 3.x).
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
2591479866
linuxkm: add macros mapping malloc(), free(), and realloc() to the kernel equivalents, don't set WOLFSSL_NO_MALLOC, and reduce -Wframe-larger-than= from 256k to 64k; tweak fix for HAVE_INTEL_RDSEED conflict with WOLFSSL_LINUXKM; add clean rule to linuxkm/Makefile.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
911b23d2b4
configure.ac: check for incompatible combinations, and restore check for non-empty $KROOT when --enable-linuxkm.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
2bcdfce6df
wolfcrypt/src/evp.c: tweak to silence gcc -Wmaybe-uninitialized.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
dff5344d82
configure.ac: when --enable-asm (default on), for gcc amd64 target always include -msse4 even if not --enable-intelasm (it's needed for TFM_X86_64 inline asm).
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
c0d831ea3a
whoops, can't assert on non-empty "$(AM_CCASFLAGS)$(CCASFLAGS)" in linuxkm/Makefile -- they are often legitimately empty.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
1aa15632ce
initial buildability of full libwolfssl.ko loadable kernel module for Linux via ./configure --enable-linuxkm && make.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
0e480d1a14
Linux KM compilability cont'd: conform to C89isms (declarations before statements); iffdef WOLFSSL_LINUXKM use do_div() for long long division rather than C operator (avoids unresolvable compile-time callouts to libgcc function); misc gating and relocations for includes.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
603da9e747
fix whitespace.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
14e3da9206
.gitignore: add *~ for emacs backup files.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
bc1c85842d
WIP: autotools support for LKM
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
0f783077f8
fix stray whitespace
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
dd825d90c4
more LKM WIP: polish up the struct DRBG refactor ("struct DRBG_internal"), tweaks for buildability on 3.x kernels (now builds on 3.x, 4.x, and 5.x up to 5.8.1), move a slew of #[un]def[ines] from wc_port.h to settings.h where they belong, misc cleanup.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
3c2155f4a9
linuxkm WIP -- update for kernels 4.9.x (LTS representative) and 5.8.x (latest).
2020-09-23 18:32:15 -05:00
David Garske
6425ebb60e
Linux Kernel Module support using "--enable-linuxkm".
2020-09-23 18:32:15 -05:00
David Garske
8d2c8b0c89
And the CAVP self test.
2020-09-23 16:23:55 -07:00
Sean Parkinson
4136e132b2
EVP CIPHER: fix block size, mode and table
...
Block size incorrect for GCM - 1.
Add block size for more ciphers in wolfSSL_EVP_CIPHER_block_size().
Add more ciphers to WOLFSSL_CIPHER_mode().
Cipher table was compiling in entries without support.
2020-09-24 09:18:25 +10:00
toddouska
1c07de883c
Merge pull request #3306 from SparkiDev/tls13_pha_psk
...
TLS 1.3: Post-handshake Authentication and resumption secret
2020-09-23 16:06:55 -07:00
David Garske
f77157bfea
Looks like FinalRaw was added post FIPS v2.
2020-09-23 16:06:21 -07:00
David Garske
5e1c0f886f
Fix for FIPS and raw hash API's.
2020-09-23 15:59:35 -07:00
David Garske
3c28fe3640
Fixes for bad build options around new hash unit tests. Cleanup indent and newlines.
2020-09-23 15:45:31 -07:00
David Garske
b34bf65b66
Fix for --enable-armasm missing wc_Sha256FinalRaw. Reproduced with ./configure --enable-all --enable-cryptocb --enable-armasm && make.
2020-09-23 15:32:43 -07:00
toddouska
2bb8427ab2
Merge pull request #3320 from dgarske/stmcube
...
STM32 Cube Pack and AES GCM improvements
2020-09-23 14:39:53 -07:00
Chris Conlon
b7fb202ad3
Merge pull request #3294 from miyazakh/espidf_win
...
Add setup script for ESP-IDF windows
2020-09-23 14:15:17 -06:00
Ethan Looney
95995d2272
Removed forgotten comment
2020-09-23 13:42:33 -06:00
Ethan Looney
59294708a8
Changed test function call, uses internal AssertIntEQ instead of single call
2020-09-23 13:22:59 -06:00
David Garske
c46301f111
Merge pull request #3328 from ejohnstown/fips-ready-fix
...
FIPS Ready Windows Fix
2020-09-23 12:18:23 -07:00
John Safranek
9dfbf896a8
TFM NO 64-BIT
...
When diabling 64-bit fastmath using the flag NO_TFM_64BIT, the sizes of
fp_digit and fp_word get smaller. Using them in math with an int gives
incorrect values. Changed the fp_cmp_mag_ct to return a fp_digit since
its return value is used with an fp_digit. Compare its result against
a FP_LT cast as a fp_digit.
2020-09-23 12:17:41 -07:00
David Garske
ecd5a015eb
Merge pull request #3317 from ejohnstown/evp-fix
...
EVP Fix
2020-09-23 11:10:07 -07:00
toddouska
b0998fb030
Merge pull request #3327 from SparkiDev/pkcs11_ecc
...
PKCS#11 fix: Generate ECC key for decrypt/sign or derive
2020-09-23 09:28:53 -07:00
toddouska
ad00cf0fc8
Merge pull request #3268 from dr-m/intel-intrinsics
...
Use Intel intrinsic functions for RDSEED and RDRAND
2020-09-23 09:24:47 -07:00
toddouska
2f74817e32
Merge pull request #3288 from embhorn/zd10901
...
Fix mp_radix_size off by 1 error
2020-09-23 09:19:02 -07:00
toddouska
cee99de6e1
Merge pull request #3324 from JacobBarthelmeh/Testing
...
fix WOLFSSL_X509_NAME parse of empty field and add test case
2020-09-23 09:15:24 -07:00
Sean Parkinson
4ed3438be0
TLS 1.3: Post-handshake Authentication and resumption secret
...
The master secret in arrays is not available post-handshake.
Use the master secret in the session when calculating resumption secret.
2020-09-23 17:09:06 +10:00
John Safranek
07e1baadc9
EVP Fix
...
Change a few missed strings to use the constant names.
2020-09-22 15:55:46 -07:00
David Garske
f1effea638
Improve the IDE/WIN10 readme to clarify the difference between this and IDE/WIN.
2020-09-22 15:55:08 -07:00
Sean Parkinson
e539322a88
PKCS#11 fix: Generate ECC key for decrypt/sign or derive
...
Add debugging information to PKCS#11.
2020-09-23 08:30:22 +10:00
John Safranek
54c4258c4b
FIPS Ready Windows Fix
...
1. Modify the WIN10 FIPS solution user_settings.h to check for a
FIPS Ready flag and to override HAVE_FIPS_VERSION to 3 if set.
2. Removed some redundant constants from the EVP file.
2020-09-22 15:23:36 -07:00
David Garske
41ebc9161a
Fix include.am for the renamed configuration example wolfSSL_conf.h
2020-09-22 15:18:11 -07:00
David Garske
99d96246bd
Fix for STM32 issue with some Cube HAL versions (such as F777) which could modify non-block aligned bytes in the output buffer during decrypt. For TLS these bytes are the authentication tag. Workaround is to save off the incoming expected authentication tag. ZD 10961.
2020-09-22 15:04:30 -07:00
Ethan Looney
1d4e7d8278
Added unit tests for PKCS7
2020-09-22 14:50:08 -06:00
Juliusz Sosinowicz
77969ae042
Buffer AAD in wolfSSL_EVP_CipherUpdate_GCM so that whole value is hashed
2020-09-22 21:58:57 +02:00
Ethan Looney
53b82fccdb
Fixed valgrind issues -2
2020-09-22 13:26:52 -06:00
John Safranek
87d042e37d
EVP Fix
...
Clean up a bad guard check for AES-CTR.
2020-09-22 09:46:27 -07:00
Chris Conlon
8816577824
Merge pull request #3319 from kojo1/no_dh
...
fix NO_DH guard
2020-09-22 10:33:01 -06:00
John Safranek
fc425b74fc
EVP Fix
...
Add a few more guard flag checks to leave out things appropriately.
2020-09-22 09:06:30 -07:00
David Garske
4922baee30
Updates to README.md. Fix tabs to spaces.
2020-09-22 08:26:20 -07:00
Marko Mäkelä
99a481b28e
Use Intel intrinsic functions for RDSEED and RDRAND
...
Starting with GCC 9 or clang 9, we can actually use <immintrin.h>
without any problems. We only have to flag such
functions where such instructions are being used.
The benefit of using intrinsic functions over inline assembler
is that the compiler is given more flexibility. In particular,
clang -fsanitize=memory (MemorySanitizer, MSAN) will not raise
bogus alarms about memory being uninitialized.
Both intrinsic functions are available starting with GCC 5 and
clang 3.8. The RDRAND wrapper is available starting with clang 3.7
via <immintrin.h>. Before GCC 9 and clang 9, the RDSEED wrapper is
not available via <immintrin.h> but via <x86intrin.h>, and only after
jumping through some hoops to enable it.
2020-09-22 09:45:46 +03:00
Jacob Barthelmeh
cb3338bd57
fix WOLFSSL_X509_NAME parse of empty feild and add test case
2020-09-21 18:44:13 -06:00
Sean Parkinson
f4db9c8986
Test wolfSSL_HMAC with SHA-3
...
Add more support for HMAC with SHA-3.
2020-09-22 09:39:09 +10:00
David Garske
0f48ae77ef
Added the wolfSSL configuration template that is used for the Cube pack. This will be the source for the template going forward. Added some useful debugging options and increased the timeout for the TLS example.
2020-09-21 15:35:35 -07:00
Takashi Kojo
83cdd1c314
fix NO_DH guard
2020-09-22 07:30:21 +09:00
David Garske
deaf3b4b40
Merge pull request #3318 from wolfSSL/revert-3310-stmcubemx/add_401
...
Revert "stmcubemx: add flags for STM32F401"
2020-09-21 15:05:10 -07:00
toddouska
d3ac2eebe3
Revert "stmcubemx: add flags for STM32F401"
2020-09-21 15:02:56 -07:00
elms
3067e28c4a
Merge pull request #3310 from elms/stmcubemx/add_401
...
stmcubemx: add flags for STM32F401
2020-09-21 14:46:50 -07:00
John Safranek
4f8dbf4f3e
EVP Fix
...
There are some cases when the EVP wrapper code could call strncmp with
a null pointer. This was refactored to remove this possibility.
2020-09-21 14:31:42 -07:00
toddouska
47a720bdc6
Merge pull request #3315 from SparkiDev/evp_xts
...
EVP XTS key length: two keys used so double length
2020-09-21 13:56:35 -07:00
toddouska
b0dca724d4
Merge pull request #3303 from dgarske/spcortexm
...
Fixes for building with SP Cortex-M ASM in Rowley CrossWorks and the GCC-ARM examples
2020-09-21 13:53:36 -07:00
toddouska
0e66f9d835
Merge pull request #3299 from dgarske/ocsp_certchain
...
Fix for possible NULL use if certChain not loaded and OCSP cert request called
2020-09-21 13:40:21 -07:00
toddouska
1274a01dc7
Merge pull request #3289 from dgarske/wpas_small
...
Fixes for building `--enable-wpas=small` with WPA Supplicant v2.7
2020-09-21 13:37:58 -07:00
toddouska
0f6d391ea1
Merge pull request #3295 from SparkiDev/tls13_p521
...
TLS 1.3: Fix P-521 algorithm matching
2020-09-21 13:36:48 -07:00
toddouska
117d0e3916
Merge pull request #3273 from dgarske/xilinx_vitis
...
Xilinx SDK / Vitis improvements
2020-09-21 13:31:06 -07:00
toddouska
793a7bd8c7
Merge pull request #3228 from SparkiDev/expired_cert_crl
...
Script to find exipred CRLs and certificates
2020-09-21 13:29:32 -07:00
Sean Parkinson
d7525f0f86
EVP XTS key length: two keys used so double length
2020-09-21 11:02:07 +10:00
Hideki Miyazaki
0fd65a2ae3
added ESP-IDF setup script for windows
...
fixed warnings when using v4.0 esp-idf
added new file, setup_win.bat to include.am
2020-09-20 17:13:39 +09:00
Kaleb Himes
5afd313912
Merge pull request #3298 from ejohnstown/fix-client-usage
...
Fix Client Usage
2020-09-18 17:32:19 -06:00
Tesfa Mael
f1b4c52c78
Update release note credits
2020-09-18 13:11:10 -07:00
Elms
13c54627e2
stmcubemx: add flags for STM32F401
2020-09-18 09:17:32 -07:00
David Garske
b4aed22eb1
Remove execute bit on files.
2020-09-18 09:16:31 -07:00
David Garske
3eb12cc8e9
Port for Xilinx (xilffs) file system support.
2020-09-18 09:16:31 -07:00
David Garske
0ae9adcfd9
Add Xilinx SDK printf support.
2020-09-18 09:16:31 -07:00
David Garske
63e993b9c1
Fix to allow XTIME override for Xilinx. Spelling fixes in Xilinx README.md.
2020-09-18 09:16:31 -07:00
David Garske
b4c964f729
Fix for possible NULL buffer use if certChain not loaded and OCSP cert request called.
2020-09-18 09:15:44 -07:00
David Garske
135cf1680f
Fixes for building with SP Cortex-M ASM in Rowley CrossWorks and the generic IDE/GCC-ARM examples.
2020-09-18 09:15:21 -07:00
David Garske
9deb85ceb1
Fixes to reduce code size.
2020-09-18 09:14:41 -07:00
David Garske
cd6283d3a2
Fix last commit macro logic.
2020-09-18 09:14:41 -07:00
David Garske
d37adefe98
Fixes for edge case builds with certificate req/gen/ext without --enable-opensslextra.
2020-09-18 09:14:41 -07:00
David Garske
d61be6f030
Restore the normal --enable-wpas macro.
2020-09-18 09:14:41 -07:00
David Garske
780e8a4619
Fixes for building --enable-wpas=small with WPA Supplicant v2.7.
2020-09-18 09:14:41 -07:00
Kaleb Himes
eb466668ce
Merge pull request #3304 from douzzer/20200917-fix-script-races-and-bwrap-unit-test
...
20200917 fix script races and bwrap unit test
2020-09-18 08:33:16 -06:00
Sean Parkinson
409daa665d
Script to find exipred CRLs and certificates
...
Check for expiration in 3 months.
First argument is the offset. e.g. "+1 year"
2020-09-18 11:26:27 +10:00
Sean Parkinson
d63ff07edc
TLS 1.3: Fix P-521 algorithm matching
...
Digest size compared to key size - P521 has large key size.
Fixed to round down.
Added P-521 keys and certificates.
Added testing of P-521 keys and certificcates to unittest.
2020-09-18 10:51:55 +10:00
Daniel Pouzzner
a1d231b4dc
tests/api.c:test_wolfSSL_ERR_print_errors(): add missing gating on !defined(NO_ERROR_STRINGS).
2020-09-17 12:03:44 -05:00
Daniel Pouzzner
cc1d016d1e
configure.ac: define BUILD_TESTS as ENABLED_EXAMPLES, rather than ENABLED_EXAMPLES && !ENABLED_LEANTLS; add missing preprocessor gating in tests/api.c test_wolfSSL_EVP_Digest() and test_wolfSSL_i2d_PrivateKey().
2020-09-17 12:03:44 -05:00
Daniel Pouzzner
9df9fb7936
unit.test: add bwrap wrapper script at scripts/unit.test.
2020-09-17 12:03:44 -05:00
Daniel Pouzzner
5ed2fe8092
scripts/: more race elimination/mitigation.
2020-09-17 12:03:44 -05:00
Daniel Pouzzner
26901d1cd9
scripts/ocsp-stapling2.test: eliminate races.
2020-09-17 12:03:44 -05:00
David Garske
d22de947b7
Merge pull request #3300 from elms/fix/sp_iar_v6.70
...
CortexM SP ASM compiling for IAR 6.70
2020-09-17 09:41:52 -07:00
Elms
cd077d74c1
CortexM SP ASM compiling for IAR 6.70
...
* asm can handle pointers but not arrays, use redirection pointers
* branch width must be specified explicitly
2020-09-16 16:23:51 -07:00
toddouska
0694eafb5e
Merge pull request #3286 from dgarske/aesctr_aesni
...
Fix for AES CTR with AESNI
2020-09-16 15:11:11 -07:00
toddouska
fe92fa6f3f
Merge pull request #3282 from SparkiDev/sp_mod_exp_bits
...
SP mod exp: support exponents of different lengths
2020-09-16 15:07:31 -07:00
toddouska
86e5a2c528
Merge pull request #3276 from SparkiDev/jacobi_iterative
...
ECC mp_jacobi: iterative implementation
2020-09-16 15:04:20 -07:00
toddouska
85da1a1d0a
Merge pull request #3271 from SparkiDev/tls13_peek
...
TLS 1.3: allow wolfSSL_peek() to return WANT_READ
2020-09-16 15:02:42 -07:00
toddouska
533bc099eb
Merge pull request #3265 from SparkiDev/cpuid_set
...
Allow the CPU Id flags to be programmatically set
2020-09-16 15:00:30 -07:00
toddouska
ab7408f7d6
Merge pull request #3258 from dgarske/nxp_hw
...
Fixes for NXP MMCAU/LTC mutex locking and build
2020-09-16 14:57:58 -07:00
toddouska
a3fca7f593
Merge pull request #3247 from JacobBarthelmeh/Compatibility-Layer
...
Compatiblity Layer Fixes for serial number / ASN1 time / and order of name components
2020-09-16 14:53:51 -07:00
John Safranek
30443dbf23
Fix Client Usage
...
A string in the client's usage text was made optional depending on the
NO_PSK option, but there was still an attempt to print it. This lead to
a NULL being printed instead. Fixed the print statement.
2020-09-16 13:37:01 -07:00
Juliusz Sosinowicz
04b4ef3e3b
Don't send null byte
2020-09-16 14:02:51 +02:00
Ethan Looney
da4478bdf1
Fixed valgrind issues
2020-09-15 12:58:52 -06:00
Kaleb Himes
b22d2a2195
Merge pull request #3291 from douzzer/ocsp-stapling-script-happy-birthday
...
fix birthday problem in ocsp-stapling*.test
2020-09-15 08:47:39 -06:00
Eric Blankenhorn
5d69c9f1dc
Move neg check
2020-09-15 09:12:45 -05:00
Daniel Pouzzner
b669f8eeb9
scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh.
2020-09-14 16:06:45 -05:00
Eric Blankenhorn
6451c4e471
Fix for negative values
2020-09-14 10:00:02 -05:00
Juliusz Sosinowicz
b9527600f4
Return size of consumed buffer
2020-09-14 09:22:47 +02:00
Daniel Pouzzner
d8dc6be5b9
scripts/ocsp-stapling2.test: try using a static prechecked port for the servers on ready_file5 too.
2020-09-12 01:13:35 -05:00
Daniel Pouzzner
51046d45d3
add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET.
2020-09-12 00:20:38 -05:00
Daniel Pouzzner
1e9971f64c
scripts/ocsp-stapling*.test: add bwrap attempt at top, to isolate network namespace.
2020-09-11 18:20:27 -05:00
David Garske
2ac5835ee8
Fix for CAAM to evaluate before the keylen check. Added checking to make sure keylen cannot overrun buffer.
2020-09-11 15:07:31 -07:00
Daniel Pouzzner
8f25456f86
scripts/ocsp-stapling*.test, wolfssl/test.h: refactor scripts/ocsp-stapling*.test for orthogonality and robustness, with retries and early failure detection. also, reduce sleeps in ocsp-stapling-with-ca-as-responder.test to 0.1, matching sleeps in other 2 scripts. finally, in wolfssl/test.h, #ifdef SO_REUSEPORT do that when binding ports, and add optional rendering of errno strings for failed syscalls using err_sys_with_errno() when -DDEBUG_TEST_ERR_SYS_WITH_ERRNO.
2020-09-11 15:30:37 -05:00
Ethan Looney
a466a57f1d
Added fips check and cast variable to word32
2020-09-11 14:28:10 -06:00
John Safranek
3e77dcab5d
Merge pull request #3285 from julek-wolfssl/DtlsCheckWindow-window-check
...
Fix window check
2020-09-11 11:35:02 -07:00
John Safranek
01ad4d59a1
Merge pull request #3263 from douzzer/20200828-neg-SN-invalid-padding
...
GetASNInt(): check for invalid padding on negative integer.
2020-09-11 08:48:43 -07:00
Eric Blankenhorn
4688f5fa59
Handle leading zero
2020-09-11 08:39:34 -05:00
David Garske
6fcdd848c9
Refactor of AES wc_AesSetKeyLocal and wc_AesSetKey for software only use. Added missing aes argument check on wc_AesSetKeyDirect.
2020-09-10 15:57:36 -07:00
Sean Parkinson
5010572856
Merge pull request #3287 from dgarske/sp_mask
...
Fix for wrong cast type and added "U" and "UL".
2020-09-11 08:14:13 +10:00
Ethan Looney
7dce2e7f2c
Added unit tests for RSA.c
2020-09-10 14:47:51 -06:00
Eric Blankenhorn
78a1670334
Fix mp_radix_size off by 1 error
2020-09-10 09:58:26 -05:00
David Garske
f68eee0788
Fix for wrong cast type and added "U" and "UL".
2020-09-09 16:35:05 -07:00
Sean Parkinson
7a0fba20cf
Merge pull request #3281 from dgarske/sp_mask
...
Fix in SP math for casting signed -1 to unsigned
2020-09-10 08:43:30 +10:00
David Garske
dfc8ed5a73
Fix for AES CTR with AESNI. The flag to indicate use of AES was not set with wc_AesSetKeyDirect.
2020-09-09 14:53:08 -07:00
Juliusz Sosinowicz
e34ccaf481
Fix window check
...
If `curLT` then diff needs to be decremented. For example: `diff` = 1 represents last packet so it would be the `window[idx] & (1 << 0)` bit of the window variable.
2020-09-09 23:27:49 +02:00
Juliusz Sosinowicz
a65ffe15bc
Implement non-blocking SCR on server side
2020-09-09 21:41:20 +02:00
Chris Conlon
29a840aee0
Merge pull request #3280 from dgarske/ebsnet
...
Fix for bad pre-processor logic
2020-09-09 13:17:45 -06:00
Sean Parkinson
3ecbc7762a
SP mod exp: support exponents of different lengths
2020-09-09 15:23:04 +10:00
John Safranek
39b5448601
Merge pull request #3279 from dgarske/minor_fixes
...
Minor build fixes for typo and CMake
2020-09-08 16:45:52 -07:00
David Garske
b8bdeec940
Fix in SP math for casting signed -1 to unsigned.
2020-09-08 14:18:09 -07:00
JacobBarthelmeh
58e03b2d26
Merge pull request #3272 from embhorn/zd10650
...
Check for non-blocking return code in BioSend
2020-09-08 14:25:16 -06:00
David Garske
7b8fa42ae1
Fix for bad pre-processor logic. Some compilers are unhappy with the #sslpro even in a block of code not used!
2020-09-08 13:12:11 -07:00
David Garske
6f5a7e87c5
Fix for CMake to only set ranlib arguments for Mac. Fix for stray typo of , -> ;. Fixes #3275 and Fixes #3278
2020-09-08 11:07:12 -07:00
Juliusz Sosinowicz
234705a80c
Change buffer in wolfSSL_dtls_import to be const
2020-09-08 09:25:34 +02:00
Sean Parkinson
6fb1feadc7
ECC mp_jacobi: iterative implementation
...
Slightly faster and less stack used.
2020-09-08 10:05:52 +10:00
Sean Parkinson
5b43977b95
Merge pull request #3277 from julek-wolfssl/failing-nightly-532c2f5
...
wolfSSL_SESSION_free: Fix failing nightly
2020-09-08 08:11:37 +10:00
Juliusz Sosinowicz
ee2d051536
Fix failing nightly
...
Failed tests when configured with `./configure --enable-dtls --enable-opensslextra --enable-sessioncerts`. Valgrind discovered a use after free bug. Nulling session->peer fixes the issue.
2020-09-07 14:36:57 +02:00
Sean Parkinson
93bb12ce86
TLS 1.3: allow wolfSSL_peek() to return WANT_READ
...
When handshake message is processed in wolfSSL_peek() then return
WANT_READ from peek instead of blocking waiting for application data.
Server may send an alert if the client certificate is invalid.
The server also may send NewSesionTicket after client has sent finished
message.
To detect alert before handling application data, then the socket needs
to be checked for data. If the data is an alert then wolfSSL_peek() will
handle the alert, but if it is a NewSessionTicket then wolfSSL_peek()
will process it and block waiting for application data - so return
WANT_READ if no application data seen after processing handshake
message.
2020-09-07 08:30:24 +10:00
Sean Parkinson
70854b8eec
Allow the CPU Id flags to be programmatically set
2020-09-04 09:01:27 +10:00
toddouska
7fd51cf9d9
Merge pull request #3267 from SparkiDev/no_client_auth
...
Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing
2020-09-03 15:55:38 -07:00
David Garske
e2b0b11732
Fix for AES CBC with NXP MMCAU locking.
2020-09-03 15:28:45 -07:00
David Garske
a9ff89eafa
Refactor of the MMCAU and LTC hardware mutex locking.
2020-09-03 15:28:45 -07:00
David Garske
e791b78d23
Fix to add wrapper for new timing resistant wc_ecc_mulmod_ex2 function version in HW ECC acceleration. Broken in PR #2982 .
2020-09-03 15:26:10 -07:00
toddouska
8753b5b947
Merge pull request #3257 from kojo1/user-mutex
...
fix guard, user define mutex
2020-09-03 15:21:53 -07:00
toddouska
a626ac39f2
Merge pull request #3253 from SparkiDev/chacha20_stream_fix
...
ChaCha20: Enable streaming with Intel x86_64 asm
2020-09-03 15:18:00 -07:00
toddouska
862eea3962
Merge pull request #3252 from SparkiDev/fe448_32bit_fix
...
Curve448: fix 32-bit implementation
2020-09-03 15:12:28 -07:00
toddouska
d8ee6fc96d
Merge pull request #3251 from SparkiDev/rsa_pkcs11_dox
...
Add doxygen comments for wc_InitRsaKey_Id()
2020-09-03 15:10:20 -07:00
toddouska
9901eb9272
Merge pull request #3249 from SparkiDev/tls13_early_data_fix
...
TLS 1.3 Early Data: fix
2020-09-03 14:49:39 -07:00
toddouska
db805524de
Merge pull request #3248 from SparkiDev/aes_cbc_oob
...
AES-CBC check for input size of 0
2020-09-03 13:40:34 -07:00
Jacob Barthelmeh
682b1468b8
free test certificate when test is done
2020-09-02 16:05:05 -06:00
toddouska
b3acd57de5
Merge pull request #3254 from dgarske/leaks
...
Fixes valgrind leak reports (related to small stack cache)
2020-09-02 10:44:49 -07:00
toddouska
9268de229a
Merge pull request #3266 from dgarske/unit_test
...
Fix for DH compute key compatibility function failure
2020-09-02 10:23:23 -07:00
JacobBarthelmeh
914905f1bc
Merge pull request #3193 from embhorn/zd10457_b
...
Fix CheckHostName matching
2020-09-02 10:36:02 -06:00
toddouska
6f56c3c800
Merge pull request #3204 from dgarske/ocsp_nonblock
...
Fix for OCSP response in non-blocking mode and testing script improvements
2020-09-01 15:56:52 -07:00
Chris Conlon
97241331ac
Merge pull request #3246 from ethanlooney/23rd_branch
...
Added ecc.c unit tests to api.c - final PR
2020-09-01 14:44:14 -06:00
Jacob Barthelmeh
fd2074da00
fix for order of components in issuer when using compatiblity layer api to generate cert
2020-09-01 09:27:45 -06:00
Sean Parkinson
89b9a77eca
Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing
...
Fix build for no client or server and no client auth.
Fix tests to detect when no client auth compiled and test is trying to
do client auth.
2020-09-01 15:27:46 +10:00
David Garske
c587ff72d2
Fix for occasional unit.test failure in test_wolfSSL_EVP_PKEY_derive.
2020-08-31 14:04:51 -07:00
Ethan Looney
568184f53f
Changed len from hardcoded value to sizeof oid
2020-08-31 13:42:23 -06:00
Ethan Looney
c8d93d4d5e
Added ecc.c unit tests to api.c
2020-08-31 13:42:23 -06:00
David Garske
e9b1ceae7e
Merge pull request #3255 from tmael/big_endian
...
Make ByteReverseWords available for big and little endian
2020-08-31 07:34:50 -07:00
David Garske
28b2be37cd
Merge pull request #3259 from ejohnstown/sniffer-no-oldtls
...
Sniffer without OldTls
2020-08-31 07:34:24 -07:00
Sean Parkinson
54c8774103
ChaCha20: Enable streaming with Intel x86_64 asm
2020-08-31 09:06:51 +10:00
Sean Parkinson
91c131fbd8
Curve448: fix 32-bit implementation
...
Fix small define check
2020-08-31 09:05:06 +10:00
Sean Parkinson
db864be6a4
TLS 1.3 Early Data: fix
...
Will process early data packets now.
Added test to check output of server for early data being received.
2020-08-31 09:03:05 +10:00
Sean Parkinson
d2802f2d15
Merge pull request #3264 from dgarske/iar_sp
...
Fix for building SP math with IAR
2020-08-31 08:40:50 +10:00
Sean Parkinson
f444c63560
Merge pull request #3262 from julek-wolfssl/missing-cipherExtraData-2
...
HAVE_SESSION_TICKET can also be defined without TLS 1.2
2020-08-31 08:34:54 +10:00
David Garske
5692135819
Fix for building SP math with IAR to force noinline. ZD 10839
2020-08-28 11:04:28 -07:00
Daniel Pouzzner
9c76f19625
GetASNInt(): check for invalid padding on negative integer.
2020-08-28 12:43:21 -05:00
Juliusz Sosinowicz
c6d1d524fc
HAVE_SESSION_TICKET can also be defined without TLS 1.2
2020-08-28 16:05:28 +02:00
Juliusz Sosinowicz
605b274442
Jenkins fixes
2020-08-28 12:04:11 +02:00
Sean Parkinson
015c73686f
Merge pull request #3261 from dgarske/zd10848
...
Fixes for several implicit cast warnings
2020-08-28 16:49:03 +10:00
David Garske
94b0dcb7e9
Peer review feedback to add explicit parenthesis on cast.
2020-08-27 16:18:54 -07:00
David Garske
0d2e37cc42
Fixes for several implicit cast warnings. ZD 10848.
2020-08-27 13:51:55 -07:00
Juliusz Sosinowicz
52df9d6c69
TLS and DTLS both need to support APP DATA during SCR
...
Also some misc fixes
2020-08-27 21:13:19 +02:00
David Garske
21d17b17d0
Fix typo in code comment for ECC curve cache. Fix for valgrind report of possible use of uninitialized value with ChaCha/Poly AEAD test.
2020-08-27 12:01:24 -07:00
David Garske
32b46e344d
Fix for ECC curve cache without custom curves enabled.
2020-08-27 11:18:55 -07:00
David Garske
3e685fdb5b
Fix for DTLS DoClientHello HMAC free (function has another exit point).
2020-08-27 10:02:15 -07:00
Jacob Barthelmeh
ab52bcf43d
add overried for max entries and certificate generation size
2020-08-26 19:22:57 -06:00
John Safranek
5b39976cc0
Sniffer without OldTls
...
1. Put a guard around the call to DeriveKeys() when building with
--enable-sniffer --disable-oldtls. Disabling OldTls removes the
DeriveKeys() function. Similar logic used in internal.c.
2020-08-26 16:47:44 -07:00
Eric Blankenhorn
ea5c290d60
Fix CheckHostName matching
2020-08-26 14:03:17 -05:00
David Garske
9af0e5528e
New openssl_test return code checking requires fix from PR #3243 .
2020-08-26 10:22:00 -07:00
Tesfa Mael
b90acc91d0
Make ByteReverseWords available for big and little endian
2020-08-26 10:13:06 -07:00
David Garske
1b2b3de2c9
Fixes for missing free calls on hash tests.
2020-08-26 09:48:46 -07:00
David Garske
6d5731b8e9
Fixes for HMAC_CTX cleanup not being called to free SHA2 resources with WOLFSSL_SMALL_STACK_CACHE. Added return code checking and cleanup for openssl_test.
2020-08-26 09:45:26 -07:00
David Garske
5c76afc41c
Fix for SHA256 missing initialization of small stack cache variable. Fixes issue with Intel ASM and WOLFSSL_SMALL_STACK_CACHE
2020-08-26 09:44:32 -07:00
David Garske
3878af96cd
Fix for SP init and free with HAVE_WOLF_BIGINT. Fix for sp_free macro typo. Fix to expose mp_init_copy with ECC disabled because its used by mp_test.
2020-08-26 09:42:29 -07:00
David Garske
61545df606
Fix to make sure DTLS cookie HMAC free gets called. Note: This does not cover the many error case paths.
2020-08-26 09:41:26 -07:00
David Garske
14e1489365
Fix for SRP leaks with WOLFSSL_SMALL_STACK_CACHE
2020-08-26 09:41:09 -07:00
Jacob Barthelmeh
bc58dde700
fix for serial number containing 0's and for RNG fail case
2020-08-26 00:03:39 -06:00
Sean Parkinson
e2b5de2657
Add doxygen comments for wc_InitRsaKey_Id()
2020-08-26 09:04:40 +10:00
David Garske
6a984da53f
Fixes and Improvements to OCSP scripts. Fix for OCSP test with IPV6 enabled (use -b bind to any on server). Fix to use random port number for the oscp-stapling.test script. Reduce delay times in scripts.
2020-08-25 10:55:41 -07:00
Juliusz Sosinowicz
8b934624f5
DTLS non-blocking scrwith example
2020-08-25 11:26:20 +02:00
Sean Parkinson
3a25faea60
AES-CBC check for input size of 0
...
Don't need to do anything when size is 0.
2020-08-25 13:36:45 +10:00
Jacob Barthelmeh
ef9beaf271
adjust sanity check on serial number size to match fix
2020-08-24 18:15:05 -06:00
Jacob Barthelmeh
c7136498ec
add test case
2020-08-24 17:19:03 -06:00
Jacob Barthelmeh
c4a6fba591
fix for ASN1 time and serial number
2020-08-24 17:00:19 -06:00
toddouska
d077efcbb3
Merge pull request #3237 from SparkiDev/mp_oob_1
...
Fix out of bounds read when writing to very long buffer
2020-08-24 15:28:00 -07:00
toddouska
c5cab6afba
Merge pull request #3236 from dgarske/retcheck
...
Various fixes and improvements (return codes, build warns and func doc)
2020-08-24 15:27:04 -07:00
toddouska
7e6100593e
Merge pull request #3223 from SparkiDev/fp_gcd_fix
...
Check the error return from fp_mod in fp_gcd
2020-08-24 15:24:20 -07:00
toddouska
cf208901fd
Merge pull request #3218 from guidovranken/wc_PKCS12_PBKDF_ex-leak-fix
...
In wc_PKCS12_PBKDF_ex, free outer loop variable if inner loop fails
2020-08-24 15:23:47 -07:00
David Garske
a23b30bc18
Merge pull request #3245 from tmael/ctx_pKey
...
Correct a mismatch of directives
2020-08-24 14:39:43 -07:00
David Garske
749025963e
Merge pull request #3239 from SparkiDev/ed448_cast
...
Ed448: Fix compiler warning Intel -m32
2020-08-24 10:13:25 -07:00
David Garske
7ee2b61a5a
Peer review feedback to also check EAGAIN and always have supported.
2020-08-24 08:18:25 -07:00
David Garske
47cc8d232a
Fix in ED448 wc_ed448_check_key function for possible dereference of a null pointer.
2020-08-24 07:31:06 -07:00
Sean Parkinson
4f44df96dc
MP: integer OOB write fix
...
mp_to_unsigned_bin_len() now checks length passed in is greater than or
equal length to write.
2020-08-24 22:48:52 +10:00
Sean Parkinson
955a53dce3
Ed448: Fix compiler warning Intel -m32
2020-08-24 16:29:48 +10:00
Sean Parkinson
e30361e186
Fix out of bounds read when writing to very long buffer
...
mp_to_unsigned_bin_len() didn't handle buffers longer than maximum MP
size. Fixed tfm and sp_int versions.
2020-08-24 09:18:07 +10:00
David Garske
085f55195a
Fix for handling OCSP response in non-blocking mode.
2020-08-21 15:50:34 -07:00
David Garske
7d45e85b03
Add ED448 to the "all" options.
2020-08-21 15:47:02 -07:00
David Garske
083f143c89
Fixes for warnings with minimum ECC build.
2020-08-21 15:47:02 -07:00
David Garske
51c2960407
Added function comment for wolfSSL_i2a_ASN1_OBJECT. Added heap context for wolfSSL_CertManagerCheckOCSP
2020-08-21 15:47:02 -07:00
David Garske
5f059306fd
Fix for case with ssl->error not being set.
2020-08-21 15:47:02 -07:00
David Garske
03b7ac559a
Fix for example return code checking.
2020-08-21 15:47:02 -07:00
toddouska
44e575b8c4
Merge pull request #3227 from dgarske/release-4.5.0-async
...
Release 4.5.0 async
2020-08-21 15:34:20 -07:00
David Garske
fd2aece058
Fix for building ECC_CACHE_CURVE without WOLFSSL_CUSTOM_CURVES.
2020-08-20 16:16:18 -07:00
David Garske
3fbaccc8a1
Fix for API unit test test_wolfSSL_X509_sign, which can have a varying length depending on if MSB is set. About 1 in 200 tests would fail.
2020-08-20 15:33:28 -07:00
David Garske
dd517fd81c
Fixed several compiler warnings with inline variable declaration, deprecated func decl and small stack use of invaid memory (heap). Thanks @douzzer for these.
2020-08-20 15:13:43 -07:00
David Garske
92cf0d7b10
Fix numerous maybe-uninitialized errors in WOLFSSL_SP_SMALL and WOLFSSL_SMALL_STACK cases.
2020-08-20 15:05:20 -07:00
David Garske
25f9d15980
Fix for benchmark example when using the ECC encrypt (--enable-eccencrypt) and timing resistance. New timing resistance RNG requirements for ECC Shared Secret.
2020-08-20 14:25:06 -07:00
David Garske
1d55b2f526
Fixes for several memory leaks related to HAVE_WOLF_BIGINT.
2020-08-20 14:25:06 -07:00
David Garske
79c0fd3f29
Fix for ECC make key test not waiting for async completion.
2020-08-20 14:25:05 -07:00
David Garske
0011b7b376
Fix possible ECC curve cache leak for custom curves. Fix possible memory leak with wc_DhKeyDecode and WOLFSSL_DH_EXTRA. Fix leak in dh_test with new call to DH key import.
2020-08-20 14:25:05 -07:00
toddouska
0fa5af9929
Merge pull request #3224 from ejohnstown/release-update
...
Release v4.5.0 Supplement
2020-08-20 09:34:58 -07:00
John Safranek
05671d183c
update README/ChangeLog
2020-08-19 10:53:26 -07:00
Sean Parkinson
549c47de65
Handle when k is 1 or order + 1 for timing resistant ECC
2020-08-19 10:50:37 -07:00
John Safranek
362e328180
NTRU fixes
...
1. When configuring for NTRU, enable static RSA.
2. The echoserver should not try to use NTRU with TLSv1.3.
2020-08-19 10:46:03 -07:00
David Garske
1f10e77b0f
Fix for SP math with WOLFSSL_VALIDATE_ECC_KEYGEN. Fixes logic error on point x/y zero check.
2020-08-19 09:30:32 -07:00
John Safranek
55632a0567
Two more out of order DTLS message fixes.
2020-08-18 17:54:25 -07:00
Sean Parkinson
38b717eb42
Clear MP in ECC to free allocated memory
2020-08-18 17:54:25 -07:00
John Safranek
113753370d
Long Test Fixes
...
1. Sniffer was trying to log a NULL pointer as a string. Logged a string instead.
2. Few misc fixes in ECC.
2020-08-18 17:54:25 -07:00
Tesfa Mael
fbe0e04388
Correct mismatch of directives
2020-08-18 16:44:43 -07:00
Sean Parkinson
3a7ad4f03b
Check the error return from fp_mod in fp_gcd
...
Error can occur when using small stack and memory allocation fails.
2020-08-19 08:50:27 +10:00
John Safranek
6e49a63e50
fix call to MakeAnyCert from wc_MakeNtruCert(); it was missing the new parameter
2020-08-17 17:12:11 -07:00
John Safranek
c1090cff3f
update rpm-spec.in
2020-08-17 14:42:20 -07:00
toddouska
028bddd7ab
Merge pull request #3215 from ejohnstown/release-4.5.0
...
Release Update
2020-08-17 13:51:23 -07:00
John Safranek
5c6da52ac1
Update release notes.
2020-08-17 09:20:53 -07:00
Sean Parkinson
cb5d6a5c12
Check ECC scalar before multiplication
...
A k with more bits than in order doesn't work in ECC scalar
multiplication.
Check private key length in wc_ecc_check_key()
Check private key length in ecc_make_pub_ex()
2020-08-17 08:39:39 -07:00
John Safranek
3be7f3ea3a
Reject DTLS application data messages in epoch 0 as out of order.
2020-08-14 17:21:39 -07:00
John Safranek
ef5271dd9f
fips-check script shouldn't force FIPS-ready build to be v2.
2020-08-14 14:31:50 -07:00
John Safranek
3f6861ee82
FIPS Ready Fix with ECC Timing Resistance
...
Commit 6467de5
2020-08-14 10:54:55 -07:00
John Safranek
1dc0a76436
Patch from Jacob. When parsing a certificate name, if an item is unknown, its NID is set to 0. Don't try to add NID's of 0.
2020-08-13 17:01:26 -07:00
John Safranek
e16496512e
Merge pull request #3216 from SparkiDev/rel_fixes_1
...
Fixes from C++ and address access checking
2020-08-13 15:32:16 -07:00
Eric Blankenhorn
7744f0d543
Check for non-blocking return code in BioSend
2020-08-13 15:33:20 -05:00
John Safranek
7e6863e78b
resolving build issues for FIPSv2 OE2 with --enable-opensslextra
2020-08-13 13:24:44 -07:00
John Safranek
64084bcba2
Add a void to the empty parameter list for the function wolfSSL_SESSION_new().
2020-08-13 13:18:29 -07:00
Guido Vranken
087fa7cbec
In wc_PKCS12_PBKDF_ex, free outer loop variable if inner loop fails
2020-08-13 19:22:36 +02:00
Sean Parkinson
bc74bfebdd
Fixes from C++ and address access checking
...
Fix access of table for cache resistance.
Don't name variable public or private.
Cast from void*
2020-08-13 15:19:49 +10:00
John Safranek
ceed98b952
Modify the openssl test script to run the openssl commands in an eval.
2020-08-12 16:59:10 -07:00
John Safranek
3bd27f7912
fix a bad path in renewcerts
2020-08-12 15:17:21 -07:00
John Safranek
95337e666c
Release Update
...
1. Update the usual versions.
2. Update README and ChangeLog.
3. Modify genecc and renewcerts to update two certificate files that had expired.
4. Update the expired certificate files.
2020-08-12 14:43:47 -07:00
John Safranek
e30341ea83
Merge pull request #3190 from embhorn/zd10712
...
Sanity check key sizes
2020-08-12 09:37:40 -07:00
toddouska
21ed05b85e
Merge pull request #3214 from dgarske/snifferFreeFix
...
Fix for SSL sniffer free to properly cleanup globals
2020-08-11 20:27:09 -07:00
toddouska
fa146870bd
Merge pull request #3155 from julek-wolfssl/openssh-fixes-cherry-picked
...
Additional OpenSSL compat stuff for OpenSSH
2020-08-11 16:32:31 -07:00
toddouska
532c2f50e8
Merge pull request #3083 from julek-wolfssl/openssl-compat-X509V3_EXT_i2d
...
Implement more OpenSSL compatibility functions
2020-08-11 15:01:41 -07:00
David Garske
65bcc03885
Fix for SSL sniffer free to properly cleanup globals (resolves issue with then calling ssl_InitSniffer -> ssl_FreeSniffer then ssl_InitSniffer again). ZD 10757.
2020-08-11 14:07:32 -07:00
toddouska
1681ed1b85
Merge pull request #3211 from cconlon/jniconfig
...
Update "enable-jni" option for current JSSE requirements
2020-08-11 12:39:54 -07:00
Jacob Barthelmeh
5cede22d1e
wait to set size till after sanity check
2020-08-11 12:59:01 -06:00
Daniel Pouzzner
e4fe6b6573
Merge pull request #3210 from dgarske/rsa_checkkey_sp
...
Fix for `unit.test` error with SP and RSA 1024-bit key gen
2020-08-11 12:00:41 -05:00
toddouska
87a00df2ea
Merge pull request #3118 from julek-wolfssl/aead-only-fix
...
Check for WOLFSSL_AEAD_ONLY in wolfSSL_dtls_import_internal
2020-08-11 09:33:47 -07:00
toddouska
4e6bc02257
Merge pull request #2982 from SparkiDev/ecc_sc
...
ECC now calls mp_submod_ct and mp_addmod_ct
2020-08-11 09:26:56 -07:00
JacobBarthelmeh
8b7f588aaf
Merge pull request #3108 from SparkiDev/openssl_interop
...
Update OpenSSL interopability testing
2020-08-11 09:42:43 -06:00
Juliusz Sosinowicz
6e14b224da
Add NULL check in wolfSSL_EC_POINT_invert
2020-08-11 10:11:48 +02:00
Sean Parkinson
93cdfd7132
Update OpenSSL interopability testing
...
Added TLS 1.3 testing.
Added Ed25519 and Ed448 testing.
Added tesitng of OpenSSL client against wolfSSL server.
Fixed builds of Curve25519/Curve448/Ed25519/Ed448 in different
configurations.
2020-08-11 16:44:45 +10:00
Sean Parkinson
6467de5a88
Randomize z ordinates in scalar mult when timing resistant
...
An RNG is required for shared secret calculation now.
Use wc_ecc_set_rng() to set an RNG against the ECC object.
ECC verification does not need timing resistance and does not randomize
z ordinates.
2020-08-11 16:12:47 +10:00
Sean Parkinson
3ce933c90a
Make fp_montgomery_reduce constant time
2020-08-11 16:12:10 +10:00
Sean Parkinson
0102902445
Add and use a mp_cmp_mag that is constant time.
2020-08-11 16:12:10 +10:00
Sean Parkinson
8b05160349
Reworked ECC mulmod and fix size of k
...
When using wc_ecc_mulmod_ex2(), the k size can be fixed to be one bit
longer than order.
2020-08-11 16:12:10 +10:00
Sean Parkinson
9ef9671886
ECC uses CT vers of addmod, submod and div_2_mod
...
The TFM implementations of mp_submod_ct, mp_addmod_ct,
mp_div_2_mod_t are more resilient to side-channels.
2020-08-11 16:12:10 +10:00
toddouska
4f30e37094
Merge pull request #3074 from julek-wolfssl/dtls-multiple-app-records
...
Handle 2+ dtls APP data records in one udp packet
2020-08-10 14:52:04 -07:00
toddouska
242df3d11a
Merge pull request #3209 from SparkiDev/jenkins_fixes_1
...
Fixes from Jenkins failures
2020-08-10 14:30:27 -07:00
toddouska
98b4272e5b
Merge pull request #3202 from ejohnstown/abi-server
...
ABI Update for Server
2020-08-10 14:25:05 -07:00
David Garske
26aaf473db
Fix for unit.test error with RSA 1024-bit key gen when using ./configure --enable-keygen --enable-sp. Issue started in PR #3119
2020-08-10 12:40:29 -07:00
Juliusz Sosinowicz
a50affb408
Malloc enough space
2020-08-10 16:08:46 +02:00
Eric Blankenhorn
50647ccdb1
Sanity check key sizes
2020-08-10 07:19:33 -05:00
Juliusz Sosinowicz
ef4b29ebc7
Jenkins fixes
2020-08-10 12:49:18 +02:00
Juliusz Sosinowicz
55d4817956
Jenkins fixes
2020-08-10 12:39:16 +02:00
Juliusz Sosinowicz
da190b8177
Don't map back to affine in wc_ecc_mulmod. It is done in ecc_map later.
2020-08-10 12:33:18 +02:00
Sean Parkinson
3444b115ba
Fix valgrind check to ignore bash leak
2020-08-10 14:02:50 +10:00
Sean Parkinson
0232239959
Ignore test-log-dump-to-file.txt
...
Sometimes left behind by unit.test
2020-08-10 12:46:53 +10:00
Sean Parkinson
7bb2a69161
Fix memory leak in api.c
...
When testing wc_ecc_import_raw(), the mp_int's in the ecc object are
initialized.
For small math, this throws away the allocated buffer.
Must free the object before importing.
2020-08-10 12:42:46 +10:00
Sean Parkinson
72d1352bd6
Fix ARM builds
...
Need to include options.h in assembly now.
bufPt declared in block but not outside.
poly1305_block and poly1305_blocks need prototype - declaration in
wolfcrypt/src/port/arm/armv8-poly1305.c (__arch64__ only).
2020-08-10 11:59:10 +10:00
Sean Parkinson
920c97963c
Fix Jenikins failure - ToTraditional not declared
...
./configure --disable-asn --disable-ecc -disable-rsa --enable-psk
--enable-testcert
2020-08-10 10:57:07 +10:00
Sean Parkinson
19ade820b0
Merge pull request #3208 from dgarske/sp_nonblock
...
Fixes and improvements for SP ECC non-blocking
2020-08-10 09:59:23 +10:00
David Garske
b25eccb07e
Merge pull request #3203 from tmael/libwebsockets
...
Enable HAVE_EX_DATA for libwebsockets
2020-08-08 14:34:18 -07:00
David Garske
62e78b7cf4
Fix state machine after script rebase.
2020-08-07 16:56:58 -07:00
David Garske
bc03b5793c
Add state for ECC verify non-blocking and mont_inv_order to reduce maximum blocking time.
2020-08-07 16:48:16 -07:00
David Garske
f7fcef5f32
Fix for build error / typo for ECC 256-bit non-blocking only.
2020-08-07 16:47:08 -07:00
David Garske
c0a664a8e5
Merge pull request #3200 from douzzer/20200805
...
Add an error-checking wc_curve25519_make_pub() routine to the API for use by Wireguard
2020-08-07 16:32:52 -07:00
toddouska
1724347f7a
Merge pull request #3091 from julek-wolfssl/sess-serialization
...
Expose session serialization outside of `OPENSSL_EXTRA`
2020-08-07 15:41:27 -07:00
toddouska
89e6f3bcd5
Merge pull request #3206 from SparkiDev/ed448_oob
...
ED448: Fix out of bounds read in import public
2020-08-07 15:36:11 -07:00
toddouska
17cc941b29
Merge pull request #3195 from SparkiDev/sp_ecc_cache
...
SP ECC Cache Resitance
2020-08-07 15:35:06 -07:00
JacobBarthelmeh
dd6238fb77
Merge pull request #3174 from embhorn/zd10655
...
Fix CheckAltNames to handle IP type
2020-08-07 16:04:56 -06:00
Daniel Pouzzner
0faff24a65
refactor wc_curve25519_make_key() to use wc_curve25519_make_pub() to complete the pair. also, add call to fe_init() in the non-NXP codepath of wc_curve25519_make_pub() (note fe_init() is currently a no-op).
2020-08-07 13:02:35 -05:00
Juliusz Sosinowicz
cbd9b3717f
Map points to Montgomery form for arithmetic.
2020-08-07 18:18:30 +02:00
Juliusz Sosinowicz
ea6edb6913
Fix memory leak
2020-08-07 17:39:48 +02:00
Chris Conlon
b03e1dd2a9
Merge pull request #3197 from ethanlooney/19th_branch
...
Added asn.c unit tests
2020-08-07 09:25:50 -06:00
Eric Blankenhorn
064bfa583d
Fix CheckAltNames to handle IP type
2020-08-07 10:12:56 -05:00
David Garske
9e1012b48a
Merge pull request #3205 from SparkiDev/sp_fixes_3
...
SP ECC: initialize infinity in make key
2020-08-07 07:12:04 -07:00
Sean Parkinson
4c00af1136
ED448: Fix out of bounds read in import public
...
Fix formatting
2020-08-07 14:11:11 +10:00
Sean Parkinson
1ea3dc5f55
SP ECC: initialize infinity in make key
2020-08-07 12:15:31 +10:00
Daniel Pouzzner
f6acbd5f97
test_wc_curve25519_make_pub(): fix order of args to wc_curve25519_make_pub().
2020-08-06 18:37:00 -05:00
Tesfa Mael
6379ca8e10
libwebsockets requires *CRYPTO_EX_DATA* APIs
2020-08-06 16:29:39 -07:00
Daniel Pouzzner
c325001d0d
note argument endianness and return values in intro comment for wc_curve25519_make_pub().
2020-08-06 18:07:39 -05:00
toddouska
82d927d40f
Merge pull request #3199 from dgarske/openssl_sha
...
Fix for building openssl compat without SHA-1
2020-08-06 15:59:26 -07:00
Daniel Pouzzner
0f59e632e1
tests/api.c: add test_wc_curve25519_make_pub(); fix some old stray tabs; remove weird extra string-terminating null in test_wolfSSL_sk_CIPHER_description().
2020-08-06 17:52:48 -05:00
Daniel Pouzzner
758665e347
Fix for TLS anonymous cipher and PKCS11 cast warnings. (author=dgarske)
2020-08-06 17:49:55 -05:00
Sean Parkinson
132adeac14
Merge pull request #3188 from julek-wolfssl/missing-cipherExtraData
...
Move `cipherExtraData` so that it is available when HAVE_SESSION_TICKET
2020-08-07 08:18:57 +10:00
Daniel Pouzzner
52a2222c79
curve25519.c: call the new API routine wc_curve25519_make_pub(), not wc_curve25519(), for clarity and consistency (hat tip to Jacob).
2020-08-06 14:48:29 -05:00
John Safranek
14ff41a88c
ABI Update for Server
...
Added WOLFSSL_ABI tags to the functions wolfTLSv1_2_server(),
wolfTLSv1_3_server(), and wolfSSL_accept().
2020-08-06 11:17:25 -07:00
toddouska
e121139178
Merge pull request #3179 from ejohnstown/suitesz
...
Suite Size Check
2020-08-06 11:05:10 -07:00
toddouska
15be5476e9
Merge pull request #3185 from SparkiDev/fp_check_max
...
tfm: Check for overflow and return error (fixed max size)
2020-08-06 10:54:26 -07:00
toddouska
4e9d49556e
Merge pull request #3194 from SparkiDev/unit_fix_1
...
Fix unit.test to not fail randomly
2020-08-06 10:51:12 -07:00
toddouska
462f4f9e45
Merge pull request #3196 from cconlon/cavpmarvell
...
Add fips-check.sh target for marvell-linux-selftest, selftest v2 support
2020-08-06 10:45:03 -07:00
Daniel Pouzzner
b2e7c09b71
ksdk_port.c: third time's the charm? (typo, s/curve25529_bCurveParam/curve25519_bCurveParam)
2020-08-06 12:02:01 -05:00
Daniel Pouzzner
7ae789dbb0
wolfcrypt/src/curve25519.c: fix typo in wc_curve25519() -- CURVE25519_KEYSIZE, not CURVE25519_KEY_SIZE; add static kCurve25519BasePoint at top level
2020-08-06 11:45:54 -05:00
Daniel Pouzzner
5cad0b10e5
fix typo in wolfcrypt/src/port/nxp/ksdk_port.c ("curve_bCurveParam" vs correct curve25529_bCurveParam) introduced in aadec345ab.
2020-08-06 11:35:04 -05:00
Ethan Looney
77bb300409
Removed unnecessary pointers, matched Xfree arugments and checked the return values of generated keys
2020-08-06 09:21:41 -07:00
Ethan Looney
afcb40724e
Added proper ifdef's to EccPrivateKeyToDer
2020-08-06 08:06:06 -07:00
David Garske
435eabfb4b
Fix build error with unused variables. Added compat function for X509_add_ext.
2020-08-06 07:51:04 -07:00
Juliusz Sosinowicz
25619119b4
Change implicit conversions to explicit conversions
2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
f1e2a3c8b9
Code review changes
2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
139a192185
Implement wolfSSL_d2i_X509_NAME
2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
ca3a608408
Implement functions
...
- `wolfSSL_d2i_ECPrivateKey`
- `wolfSSL_EC_POINT_add`
- `wolfSSL_EC_POINT_invert`
2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
2529ce21b0
Implement wolfSSL_EC_GROUP_dup
2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
ea8dd31de0
Implement wolfSSL_i2d_PUBKEY and refactor wolfSSL_i2d_PrivateKey
2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
1f0d6d5f31
New functions implemented
...
- `EC_POINT_is_on_curve`
- `i2d_EC_PUBKEY`
- `i2d_ECPrivateKey`
- `wc_ecc_point_is_on_curve`
2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
88b9bf3fba
Fix memory leak with EncryptDerKey
2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
e131d6be5b
group->curve_nid is now set to the real NID of the curve
2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
471a9bd9fd
Handle 2+ dtls APP data records in one udp packet
...
Just return one message at a time if processing application data
2020-08-06 14:03:38 +02:00
Juliusz Sosinowicz
c28b7b59c3
Fix jenkins leaks
2020-08-06 13:47:26 +02:00
Juliusz Sosinowicz
ad2e710563
Fix missing free
2020-08-06 13:47:26 +02:00
Juliusz Sosinowicz
a6651a21f8
Fix segfault
2020-08-06 13:47:26 +02:00
Juliusz Sosinowicz
229c5e9563
wolfSSL_X509V3_EXT_i2d cont.
2020-08-06 13:47:26 +02:00
Juliusz Sosinowicz
dfee8d0346
wolfSSL_X509V3_EXT_i2d now copies structs instead of trying to convert to DER format
2020-08-06 13:47:26 +02:00
Juliusz Sosinowicz
fe1f815761
wolfSSL_X509V3_EXT_i2d: NID_ext_key_usage
2020-08-06 13:45:36 +02:00
Juliusz Sosinowicz
e89015b58a
WIP: wolfSSL_X509V3_EXT_i2d
2020-08-06 13:45:36 +02:00
Juliusz Sosinowicz
3621af9996
Implement new OpenSSL API
...
- i2d_PKCS8PrivateKey_bio
- X509V3_EXT_i2d
- SSL_renegotiate_pending
2020-08-06 13:45:36 +02:00
Juliusz Sosinowicz
42c8f8f9b5
Check for WOLFSSL_AEAD_ONLY in wolfSSL_dtls_import_internal
2020-08-06 13:44:09 +02:00
Daniel Pouzzner
18178e056d
add missing const qualifiers to arch variants of curve25519(), and to nxp_ltc_curve25519().
2020-08-05 21:12:50 -05:00
David Garske
4a167c0f2c
Merge pull request #3119 from tmael/do178-fix
...
DO-178 fix
2020-08-05 16:30:00 -07:00
Sean Parkinson
8afd629a30
Fix unit.test to not fail randomly
...
Get the serial number from the certificate to calculate the encoding size.
Fix making of the certificate to copy serial number out if not already set.
2020-08-06 08:52:21 +10:00
Ethan Looney
9671901de6
Added a free call to SetSubjectBuffer
2020-08-05 15:52:09 -07:00
Sean Parkinson
83caf39caa
SP ECC Cache Resitance
...
SP ECC improved cache attack resistant implementation.
On by defualt and turn off with WC_NO_CACHE_RESISTANT.
2020-08-06 08:21:08 +10:00
Chris Conlon
e5e87db6aa
add HAVE_EX_DATA, OPENSSL_ALL, HAVE_ALPN to enable-jni configure option
2020-08-05 15:43:26 -06:00
David Garske
c421445ba9
Added no SHA-1 hash support for OPENSSL compatibility. Fix for ./configure --enable-opensslextra --disable-sha. This allows using SHA2-256 for the hashing including the derived issuerHash and subjectHash. Adds issuer hash openssl compatibility function X509_issuer_name_hash.
2020-08-05 14:43:24 -07:00
Daniel Pouzzner
ffa2cdd2d1
add public function wc_curve25519() "compute the public key from an existing private key, using bare vectors."; rename existing _LOCAL functions wc_curve25519_GetBasePoint() and wc_curve25519() to nxp_ltc_curve25519_GetBasePoint() and nxp_ltc_curve25519() respectively; add const qualifiers opportunistically to existing _LOCAL function curve25519()
2020-08-05 16:28:17 -05:00
Ethan Looney
49e5d8efea
Added additional ifdef's to Ed25519 functions and cast derSz to word32
2020-08-05 12:31:50 -07:00
Ethan Looney
633e950942
Added asn.c unit tests
2020-08-05 10:57:32 -07:00
Chris Conlon
d12b80abdf
Merge pull request #3192 from ethanlooney/21st_branch
...
Added check for wolfmath.c for digits == 0 and test for api.c
2020-08-05 09:51:51 -06:00
JacobBarthelmeh
1034139214
Merge pull request #3081 from kaleb-himes/GH2998_REWORK_FOLLOWUP
...
Cleanup of example client/server buffer sizes
2020-08-05 09:31:30 -06:00
Sean Parkinson
6c4bcb3b59
tfm: Check for overflow and return error (fixed max size)
2020-08-05 10:42:32 +10:00
Tesfa Mael
5d7649c959
Review comment in sp_int file
2020-08-04 15:37:20 -07:00
Daniel Pouzzner
def3192073
Merge pull request #3189 from SparkiDev/ed448_pkcb_fix
...
Fix calls to Ed448 sign and verify in test.h
2020-08-04 17:23:45 -05:00
toddouska
0bdaa2d572
Merge pull request #3169 from dgarske/stmcube
...
STM Cube fixes and documentation improvements
2020-08-04 15:08:04 -07:00
Ethan Looney
42856287ee
Added check for wolfmath.c for digits == 0 and test for api.c
2020-08-04 13:25:10 -07:00
toddouska
8d00b015c1
Merge pull request #3182 from dgarske/configall_noold
...
Fix to NOT enable SSLV3 and TLS v1.0 with `--enable-all`
2020-08-04 12:25:59 -07:00
Chris Conlon
5641e2ae50
Merge pull request #3173 from ethanlooney/18th_branch
...
Added unit tests for wolfmath.c
2020-08-04 09:10:21 -06:00
Sean Parkinson
c6f83645fe
Fix calls to Ed448 sign and verify in test.h
2020-08-04 09:56:14 +10:00
toddouska
0df2da47ff
Merge pull request #3180 from embhorn/zd10697
...
Fix OOB in fp_read_radix_16
2020-08-03 16:44:01 -07:00
toddouska
a536e8acd6
Merge pull request #3187 from SparkiDev/config_fix_1
...
Fixes for different configurations
2020-08-03 16:41:50 -07:00
toddouska
48be407852
Merge pull request #3186 from SparkiDev/rsa_pss_oob
...
RSA PSS check input length is hash length
2020-08-03 16:41:15 -07:00
toddouska
87f5dac3c4
Merge pull request #3170 from kaleb-himes/FIPS_USER_SETTINGS
...
Remove fixed len constraint in FIPS mode
2020-08-03 16:35:26 -07:00
toddouska
bfb4b2079b
Merge pull request #3163 from dgarske/nrf52
...
Fixes for building against latest nRF52 SDK
2020-08-03 16:33:49 -07:00
toddouska
3e84f1c53f
Merge pull request #2882 from dgarske/example_configs
...
Added area for template user_settings files in `examples/config`
2020-08-03 16:32:57 -07:00
Ethan Looney
7f381275b1
Removed comment and changed len equal to variables instead of numbers
2020-08-03 13:31:11 -07:00
Juliusz Sosinowicz
6c92116124
Move cipherExtraData so that it is available when HAVE_SESSION_TICKET
2020-08-03 15:32:49 +02:00
Sean Parkinson
d0969ea1ce
Fixes for different configurations
...
Fix SkipInt() to work with DSA.
Fix protection around SetBitString16Bit() - when WOLFSSL_CERT_GEN and
WOLFSSL_CERT_EXT defined is only use.
WOLFSSL_RSA_VERIFY_ONLY and PSS means testing of PSS won't work.
Fix g++ build around ASN1_SEQUENCE - const variable required to be
initialized.
2020-08-03 14:55:09 +10:00
Sean Parkinson
3ffa4350e8
RSA PSS check input length is hash length
...
Input is the hash of the message and the hash type is the hash used to
generate the hash/input.
2020-08-03 12:17:03 +10:00
David Garske
4f91d60d22
Fixes for build issues without OPENSSL_EXTRA defined.
2020-07-31 15:25:58 -07:00
David Garske
776b1a2d17
Fix for ED25519 with user_settings.h. Fixes for build warnings. Fix spelling error. Added template for wolfBoot key/sign tools.
2020-07-31 15:17:53 -07:00
David Garske
197c21a508
Fix for --enable-all (also used by --enable-distro) to NOT enable SSLV3 and TLS v1.0.
2020-07-31 13:54:08 -07:00
Eric Blankenhorn
d21d95c629
Fix OOB in fp_read_radix_16
2020-07-31 15:19:40 -05:00
David Garske
3531b581b5
Added return code check wolfSSL_CryptHwMutexInit
2020-07-31 12:01:09 -07:00
David Garske
904241cba4
Fix to only init the RNG once for nRF51/nRF52x.
2020-07-31 11:56:32 -07:00
John Safranek
fd4f8fe7a0
Suite Size Check
...
1. Check that the cipher suite size is even when doing the Client
Hello message.
2. Check that the cipher suite size is a multiple of three when doing
the Old Client Hello message.
3. Check that the hash/signature algorithm list size is even when
processing the extensions.
2020-07-31 11:44:24 -07:00
toddouska
ff08a01f94
Merge pull request #3171 from SparkiDev/tls13_fin_fix
...
TLS 1.3: Client requires cert_vfy before finished when not PSK
2020-07-31 11:28:24 -07:00
toddouska
e7fe460fac
Merge pull request #2746 from dgarske/cmake
...
Adds CMake support to wolfSSL
2020-07-31 11:14:59 -07:00
David Garske
71cc5381ad
Added new examples/config area with template user_settings.h files and instructions for using.
2020-07-31 11:01:58 -07:00
Ethan Looney
b627610cde
Added bad test cases for get_digit and corrected comment formatting
2020-07-31 09:44:10 -07:00
David Garske
db20fb6ca1
Fixes for using CMake with Visual Studio. Improvements to documentation for portability.
2020-07-30 16:44:36 -07:00
David Garske
c30ffad622
Fix for STM PKA ECC parameters. Improvements to the STM AES GCM code. Cleanup of hardware mutex code.
2020-07-30 16:00:19 -07:00
David Garske
48e1dfc910
Remove the STM Cube .ioc files. These examples have been moved to the wolf Cube pack ( https://www.wolfssl.com/files/ide/I-CUBE-WOLFSSL-WOLFSSL.pack )
2020-07-30 14:45:52 -07:00
Ethan Looney
c52930bb8a
Added freerng to 'test_mp_rand'
2020-07-30 09:37:05 -07:00
Tesfa Mael
d03971e233
Add comment to clarify errno in test
2020-07-30 09:18:45 -07:00
Tesfa Mael
493510e2ea
Review comments
2020-07-30 09:18:45 -07:00
Tesfa Mael
4cc7f9e4a9
Check correct returned value
2020-07-30 09:18:45 -07:00
Tesfa Mael
cebb283822
DO-178 changes
2020-07-30 09:18:45 -07:00
Ethan Looney
3381eb2094
Added tests for Sha512.c
2020-07-30 09:18:45 -07:00
Kaleb Himes
d96f86fcd9
Merge branch 'master' into GH2998_REWORK_FOLLOWUP
2020-07-30 09:47:48 -06:00
Chris Conlon
1168bdd05b
Merge pull request #3165 from ethanlooney/17th_branch
...
Added unit tests for wc_port.c
2020-07-30 09:08:28 -06:00
Sean Parkinson
4c0105ed9d
Merge pull request #3175 from ejohnstown/dtls-speed-redux
...
DTLS Test Speed Fix Redux
2020-07-30 22:17:40 +10:00
David Garske
a38f7a4fca
Added STM32F1 Cube HAL support (we had StdPeriLib, not Cube).
2020-07-29 17:22:41 -07:00
John Safranek
397d1ab19c
DTLS Test Speed Fix Redux
...
1. Fix the check for XSLEEP_US in the client.
2. Added XSLEEP_MS to mirror XSLEEP_US, in terms of XSELECT().
2020-07-29 16:51:08 -07:00
toddouska
64f6dc08f7
Merge pull request #3164 from SparkiDev/tls13_ocsp2
...
TLS 1.3 server MUST NOT use OCSP Status V2
2020-07-29 16:23:24 -07:00
David Garske
46ef82e2fd
For for STM32 with TLS v1.3 and AES-GCM. The IV was not being reset after using hardware causing the aes->reg to be incorrect.
2020-07-29 15:39:49 -07:00
David Garske
e4650a9151
Fixes for STM32 Crypto hardware acceleration locking to work with multiple threads. Fix for api.c missing devId in new RNG test. Added STM32F207 to configuration template.
2020-07-29 14:55:35 -07:00
Ethan Looney
b4cd0886bb
Changed test returns for 'get_digit' to remove implicit conversion errors
2020-07-29 14:23:03 -07:00
Chris Conlon
7861a22d28
add marvell-linux-selftest target to fips-check.sh
2020-07-29 15:10:47 -06:00
Chris Conlon
c6b4fa3be3
add selftest version for newer 4.1.0 validation
2020-07-29 15:10:47 -06:00
David Garske
dafc2bf8d4
Added redirect note for OpenSTM32 to STM32Cube example. PR #3031 . Updates to README.md from ST.
2020-07-29 12:04:14 -07:00
Ethan Looney
7c59c74e07
Added unit tests for wolfmath.c
2020-07-29 10:34:15 -07:00
Ethan Looney
b524926837
Deleted unneeded xfopen and xfclose
2020-07-29 09:31:37 -07:00
Kaleb Himes
80678d96b6
Change to inline comment
2020-07-29 10:10:33 -06:00
Chris Conlon
af92c531bf
Merge pull request #3168 from ethanlooney/16th_branch
...
Added semicolons to two functions to fix doxygen issues and deleted ssl param and replaced it with ctx param
2020-07-29 09:31:14 -06:00
Sean Parkinson
f59a1fa295
TLS 1.3: Client requires cert_vfy before finished when not PSK
2020-07-29 10:21:34 +10:00
toddouska
e618257f21
Merge pull request #3167 from dgarske/test_fixups
...
Fixes for `mutex_test` and API unit test `derSz`
2020-07-28 16:45:58 -07:00
David Garske
4cbf3c3dcd
Fixes for the STM Cube TLS in-memory example for CMSIS RTOS v2.
2020-07-28 15:52:02 -07:00
Chris Conlon
70aa11f0a9
Merge pull request #3153 from ethanlooney/15th_branch
...
Added unit tests for Logging.c
2020-07-28 16:35:31 -06:00
Kaleb Himes
567f1b8be4
Add to settings.h w a warning directive
2020-07-28 15:52:36 -06:00
David Garske
1ed66f11a9
Fixes for STM32L5 benchmarks.
2020-07-28 13:56:23 -07:00
kaleb-himes
ffdc2eddf6
Remove fixed len constraint in FIPS mode
2020-07-28 13:34:52 -06:00
David Garske
223f848dae
Expanded documentation for using the wolfSSL Cube pack. Added STM32 benchmarks for several boards.
2020-07-28 12:08:12 -07:00
David Garske
9160a126e4
Fixes for running wolfCrypt test/benchmark with SECP256R1 disabled. Improved detection of ECC key generation size.
2020-07-28 11:43:48 -07:00
toddouska
ff12da30df
Merge pull request #2713 from akmcomau/16bit
...
Updates for 16bit processors / Disable ATECC transport key
2020-07-28 09:27:27 -07:00
Ethan Looney
5af4872bab
Changed lock type to 0
2020-07-28 09:16:43 -07:00
Ethan Looney
0448004535
Added semicolons to two functions to fix doxygen issues and deleted ssl param and replaced it with ctx param
2020-07-28 08:39:23 -07:00
David Garske
25fcd082d7
Improve the mutex_test test with pthreads. Fixes #3109
2020-07-28 08:19:32 -07:00
David Garske
8440973d99
Fix for derSz calculation on non-const value keySz. ZD 10654
2020-07-28 08:18:42 -07:00
toddouska
c67aeba806
Merge pull request #3156 from dgarske/armasm
...
Fixes for building with `WOLFSSL_ARMASM` when `user_settings.h` is used
2020-07-27 16:45:25 -07:00
toddouska
f46e08e9ea
Merge pull request #3158 from kaleb-himes/ZD10580_R2
...
Address buffer underflow, thanks to J.S. for the report on ZD10580
2020-07-27 16:42:42 -07:00
toddouska
5ef7ff6054
Merge pull request #3149 from SparkiDev/tls13_no_cli_cert_err
...
TLS 1.3: Client with no certificate an error with define
2020-07-27 16:40:07 -07:00
David Garske
13eab0aeab
Also check for NRF52_SERIES, since NRF52 is only for NRF52832_XXAA.
2020-07-27 15:26:55 -07:00
David Garske
99f72faedb
Fix for nRF5x AES GCM so key is set. Fixes GMAC test. Don't force enable wolf memory and no ASN time for WOLFSSL_NRF5x.
2020-07-27 14:30:41 -07:00
David Garske
8b25b48621
Improvements to CMake support based on feedback from users.
2020-07-27 12:13:08 -07:00
David Garske
b273ba771e
Add new file to automake.
2020-07-27 11:04:37 -07:00
David Garske
9a281e5e3a
Adds CMake support to wolfSSL:
...
* Build wolfSSL as a library and builds all examples / tests.
* Added instructions in the INSTALL file.
* Fix for evp.c when being included directly due to improperly placed `WOLFSSL_EVP_INCLUDED`.
2020-07-27 11:04:37 -07:00
Ethan Looney
e7429c8504
Added unit tests for wc_port.c
2020-07-27 09:32:25 -07:00
Chris Conlon
6b3b37604f
Merge pull request #3159 from ethanlooney/16th_branch
...
Added doxygen comments and changed footer date to 2020
2020-07-27 09:24:59 -06:00
Chris Conlon
b0ed250f09
Merge pull request #3162 from ethanlooney/18th_branch
...
Changed ifndef(NO_SHA224) to ifdef(WOLFSSL_SHA224)
2020-07-27 09:21:28 -06:00
Sean Parkinson
76a35f2a77
TLS 1.3: Client with no certificate an error with define
...
WOLFSSL_NO_CLIENT_CERT_ERROR
2020-07-27 09:54:51 +10:00
Sean Parkinson
b775058f49
TLS 1.3 server MUST NOT use OCSP Status V2
...
Parses the extension but does not use the information.
TLSX code change to ensure that the OCSP Status V2 extension is not
written out in EncryptedExtension, CertificateRequest nor Certificate
messages.
2020-07-27 09:32:14 +10:00
Sean Parkinson
7883156f49
Merge pull request #3160 from dgarske/ecc_nb_noctx
...
Fix for ECC non-blocking only to allow calling without context set
2020-07-27 08:53:42 +10:00
David Garske
8417e0b725
Fixes for building against latest nRF52 SDK. Allow nRF5x AES GCM to be enabled (uses software, but ECB is accelerated). Fix in wolfCrypt test for building AES GSM only with NO_AES_DECRYPT.
2020-07-24 15:46:17 -07:00
Ethan Looney
b734b13120
Changed ifndef(NO_SHA224) to ifdef(WOLFSSL_SHA224) due to 'NO_SHA224' not existing
2020-07-24 14:24:50 -07:00
Ethan Looney
7b357cff39
Changed param's, examples and brief's
2020-07-24 12:54:29 -07:00
toddouska
e84defb268
Merge pull request #3044 from dgarske/sniffer_tls13
...
TLS v1.3 sniffer support
2020-07-24 11:46:38 -07:00
Ethan Looney
6088a7bd79
Added if defined debug check to only print to file if debug is enabled
2020-07-24 10:03:49 -07:00
David Garske
6324aec179
Fix for ./configure --enable-sp=yes,nonblock --enable-sp-math CFLAGS="-DWC_ECC_NONBLOCK_ONLY".
2020-07-24 09:30:45 -07:00
David Garske
38cef2b3c9
Merge pull request #3151 from ejohnstown/dtls-size
...
DTLS Size Fix
2020-07-24 08:19:50 -07:00
toddouska
8789ebb02e
Merge pull request #3152 from ejohnstown/dtls-test-speedup
...
DTLS Test Speedup
2020-07-23 16:53:39 -07:00
David Garske
1559d66261
Fix for WC_ECC_NONBLOCK_ONLY case to also check WC_ECC_NONBLOCK.
2020-07-23 15:41:09 -07:00
John Safranek
fd1a1bd0f7
Add some missing frees to the example client when using in the return-not-exit mode for tests.
2020-07-23 14:32:48 -07:00
David Garske
20ef2daa9f
Fix for ECC non-blocking to allow calling without context set and block when WC_ECC_NONBLOCK_ONLY is defined. In FIPS mode we need "blocking".
2020-07-23 14:31:41 -07:00
Ethan Looney
6bc4bfd7f2
Added doxygen comments to include all missing ABI functions and changed footer date from 2017 to 2020
2020-07-23 13:25:18 -07:00
JacobBarthelmeh
81475fac96
Merge pull request #3154 from embhorn/zd10651
...
Fix build error with X509_SMALL config
2020-07-23 13:34:29 -06:00
John Safranek
839044d9e1
1. Remove dead assignment from client test.
...
2. Fix memory leak in example server test.
3. Use verify callback on certificates to allow callback to fail
them.
4. Restore the forced failure test cases.
5. Make the verify action thread local.
2020-07-23 12:26:49 -07:00
JacobBarthelmeh
303d0dfedb
Merge pull request #3157 from embhorn/zd10631
...
Fix build issue with OPENSSL_EXTRA_X509_SMALL
2020-07-23 13:18:28 -06:00
kaleb-himes
3c5c0f88d4
Address buffer underflow, thanks to J.S. for the report on ZD10580
2020-07-23 12:20:41 -06:00
Ethan Looney
563806c497
Changed the log dump txt file's directory to include /tests and added it to make clean
2020-07-23 10:12:40 -07:00
Martin Akman
1f8d4149a5
Merge in master
2020-07-23 21:39:18 +10:00
Martin Akman
d02e52e07b
More updates from code review
2020-07-23 21:28:51 +10:00
Sean Parkinson
568fc8f5bd
Fixes for compiling for ARM64 iOS
...
Fix bug in ChaCha20 assembly code (was writing one byte too many).
Fix the assembly code to have APPLE format.
Change Poly1305 inline assembly as requested by compiler.
Initialize variables that will be set anyway - compiler complaint.
Change to use the assembly code files for Curve25519 and SHA-512.
Ed25519 not suported with ARM assembly.
2020-07-23 18:08:37 +10:00
toddouska
e198f6e73b
Merge pull request #3141 from SparkiDev/tls_cert_alert
...
Send more detail alerts for bad certificates
2020-07-22 16:46:14 -07:00
toddouska
ab7535c3f6
Merge pull request #3135 from SparkiDev/fp_set_bit
...
fp_set_bit: return error when bit offset is too large
2020-07-22 16:40:17 -07:00
toddouska
d75e6d4f55
Merge pull request #3131 from JacobBarthelmeh/Testing
...
add sanity check on padSz
2020-07-22 16:39:27 -07:00
toddouska
ea21d56463
Merge pull request #3127 from SparkiDev/mp_sub_d
...
mp_sub_d (integer.c): return error when digit is too big
2020-07-22 16:38:37 -07:00
Ethan Looney
f7e4c1c8ad
Added SetLoggingCb check
2020-07-22 15:44:13 -07:00
Eric Blankenhorn
9b421ce497
Fix for config failure
2020-07-22 17:22:46 -05:00
Chris Conlon
5f2de9e176
Merge pull request #3130 from TakayukiMatsuo/master
...
Add support for "X72N Envision Kit" evaluation board
2020-07-22 16:22:14 -06:00
John Safranek
98ae3a2352
Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test.
2020-07-22 13:20:23 -07:00
David Garske
fe08f23a50
Improved test sleep. Cleanup sleep calls.
2020-07-22 13:08:57 -07:00
David Garske
3a2be13043
Remove execute bit on file.
2020-07-22 12:52:53 -07:00
David Garske
c5371a2dbd
Fix for kResumeMsg unused if NO_SESSION_CACHE defined.
2020-07-22 12:15:14 -07:00
Eric Blankenhorn
39271e9234
Fix build issue with OPENSSL_EXTRA_X509_SMALL
2020-07-22 14:08:57 -05:00
David Garske
1af38c5c55
Fixes for building with WOLFSSL_ARMASM when user_settings.h is used.
2020-07-22 10:47:35 -07:00
Ethan Looney
5e515c12fb
Removed unneeded comment
2020-07-22 08:28:43 -07:00
John Safranek
c8e9d058f0
DTLS Test Speedup
...
Change the example client to use select instead of sleep.
If building for the standalone client, it will wait 1 second.
If built for no main driver, it'll wait 10ms rather than 1 second.
2020-07-21 18:40:18 -07:00
David Garske
11b0d963d3
Fix for example client to send HTTP GET on resume with "-g". Fixes issue with ./scripts/openssl.test.
2020-07-21 15:42:33 -07:00
Sean Parkinson
056ee0987c
Merge pull request #3146 from dgarske/sp_nonblock
...
ECC non-blocking support
2020-07-22 08:36:21 +10:00
Ethan Looney
953e7cf181
Changed sz type from int to long
2020-07-21 15:28:17 -07:00
Eric Blankenhorn
89913076f1
Fix build error with X509_SMALL config
2020-07-21 16:36:30 -05:00
David Garske
639f73fe1f
Fix for client writes to not include the null term.
2020-07-21 13:42:01 -07:00
David Garske
4e637ddf10
Cleanup on example client/server messages and sizes. Original PR #3023 caused sending extra null characters in normal (non HTTP) example cases.
2020-07-21 13:34:25 -07:00
David Garske
8ead28f2f4
Merge pull request #3150 from ejohnstown/sctp-test
...
SCTP Test
2020-07-21 12:46:13 -07:00
Ethan Looney
b500a54fc5
Added new file to read in and dump error message and added cleanup within cleanup script
2020-07-21 12:30:43 -07:00
Ethan Looney
e8034619ba
Add more if defined to ERR_print_errors_fp
2020-07-21 12:30:43 -07:00
David Garske
9268ae1397
Fix line length issues. Add debug msg in test to show number of non-blocking iterations.
...
```
$ ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" --enable-debug && make
$ ./wolfcrypt/test/testwolfcrypt
...
ECC non-block sign: 18063 times
ECC non-block verify: 35759 times
ECC test passed!
```
2020-07-21 10:41:25 -07:00
Sean Parkinson
c45e192581
Send more detail alerts for bad certificates
2020-07-22 00:07:23 +10:00
TakayukiMatsuo
c204eb0fb1
commented out NO_ASM_TIME macro to enable certificate validation
2020-07-21 16:09:16 +09:00
John Safranek
5d5aa129ca
When attempting to send a message with DTLS, if it is too large, return an error rather than splitting it across records. (ZD 10602)
2020-07-20 16:14:53 -07:00
John Safranek
10c293a76c
SCTP Test
...
1. Removed test cases for DTLSv1.0 that used AEAD ciphers.
2. Cleaned up some typos in the test configs.
3. Fixed typo in a WOLFSSL_SCTP ifdef check.
2020-07-20 15:03:48 -07:00
toddouska
61d81dd878
Merge pull request #3123 from SparkiDev/mp_rshb
...
rshb check range of n
2020-07-20 13:08:45 -07:00
David Garske
29abd72c39
Merge pull request #3024 from kaleb-himes/ZD10411
...
Update arduino script to reflect includes of inline files
2020-07-20 11:29:49 -07:00
David Garske
e6017de19d
Fix in snifftest to try loading private key into static ephemeral and private key. Updated pcap files (were missing TCP packets).
2020-07-20 11:10:46 -07:00
Chris Conlon
ddb2923c19
Merge pull request #3133 from ethanlooney/13th_branch
...
Added unit tests for Hash.c - Fixed hash formatting errors
2020-07-20 10:03:28 -06:00
Chris Conlon
86745dd7fc
Merge pull request #3134 from ethanlooney/14th_branch
...
Added unit tests for Random.c
2020-07-20 10:02:22 -06:00
Sean Parkinson
52d363390a
rshb check range of n
2020-07-20 11:12:35 +10:00
Sean Parkinson
a8f121b5f8
Merge pull request #3144 from JacobBarthelmeh/examples
...
increase example client key share group array size
2020-07-20 08:38:20 +10:00
David Garske
23a3ead758
Framework for new TLS v1.3 sniffer tests.
2020-07-17 15:56:56 -07:00
David Garske
9409d8682f
Fix for building without session-ticket.
2020-07-17 15:22:35 -07:00
David Garske
e15e0828bf
Cleanup of the SHOW_SECRET debugging. Use only latest wolf API's (not older Cyassl names).
2020-07-17 15:22:35 -07:00
David Garske
3be390d50d
Added TLS v1.3 session resumption support. TLS v1.3 uses session tickets and a resumption secret is derived after the "finished" message. This uses the internal static wolf session cache to retain the resumption secret between sniffer sessions.
2020-07-17 15:22:35 -07:00
David Garske
1b051d9c5b
TLS v1.3 sniffer support:
...
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
2020-07-17 15:22:35 -07:00
David Garske
80f5fe1494
Added documentation for wc_ecc_set_nonblock.
2020-07-17 15:20:23 -07:00
David Garske
90ee12f51a
Added test case for ECC non-blocking. ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" && make.
2020-07-17 15:13:50 -07:00
David Garske
547144bc9c
Adds ECC non-blocking sign/verify support when used with SP math. New --enable-sp=nonblock and --enable-ecc=nonblock options. Example ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock.
2020-07-17 15:13:50 -07:00
David Garske
080ccd9820
Merge pull request #3145 from JacobBarthelmeh/Compatibility-Layer
...
sanity check on return value for wolfSSL_X509_NAME_ENTRY_get_object
2020-07-17 15:05:25 -07:00
Ethan Looney
ef71099225
Removed duplicate semicolon and deleted unneeded initrng
2020-07-17 10:34:38 -07:00
JacobBarthelmeh
01a01c373f
sanity check on return value for wolfSSL_X509_NAME_ENTRY_get_object
2020-07-17 11:03:12 -06:00
Jacob Barthelmeh
e55ca1a8cf
increase example client key share group array size
2020-07-17 10:26:34 -06:00
Ethan Looney
93c6e99aef
Added a ret check
2020-07-17 08:45:39 -07:00
David Garske
4ff6b6a908
Merge pull request #3142 from SparkiDev/sp_int_small
...
Fix SP math for small builds. Fixes #3139
2020-07-17 08:33:05 -07:00
Sean Parkinson
0336fdb98d
Fix SP math for small builds
2020-07-17 12:00:14 +10:00
TakayukiMatsuo
cd025d4e03
Added RX72NEnvisionkit/include.am
2020-07-17 09:30:40 +09:00
Ethan Looney
96e59118fc
Changed the if defined order and to include fips and selftest
2020-07-16 15:50:03 -07:00
Ethan Looney
2275b89654
Removed unnecessary comments and added HashInit's and checked that they returned errors when they should
2020-07-16 12:38:55 -07:00
toddouska
50f228af0a
Merge pull request #3125 from SparkiDev/mp_leading_bit
...
Change mp_leading_bit (integer.c) to not to require a copy
2020-07-16 11:05:09 -07:00
toddouska
859a1eebe4
Merge pull request #3124 from SparkiDev/sp_add_d
...
Fix sp_add_d
2020-07-16 10:56:28 -07:00
toddouska
9137794cb4
Merge pull request #3105 from embhorn/zd10457_a
...
Adding wolfSSL_X509_check_ip_asc
2020-07-16 10:53:27 -07:00
Sean Parkinson
eb7a01342f
fp_set_bit: return error when bit offset is too large
...
If the bit to set is beyond the predefined maximum size then return an
error.
Same for fp_is_bit_set().
2020-07-16 12:34:31 +10:00
Eric Blankenhorn
f2b279e834
Update from review
2020-07-15 20:57:04 -05:00
toddouska
fbe0c8cba7
Merge pull request #3122 from JacobBarthelmeh/Compatibility-Layer
...
fix X509 multiple OU's and refactor
2020-07-15 15:06:22 -07:00
toddouska
925e9d9213
Merge pull request #3075 from julek-wolfssl/dtls-no-cookie
...
DTLS session resumption fixes
2020-07-15 14:07:34 -07:00
toddouska
edf88c3da1
Merge pull request #3073 from SparkiDev/tls13_dox
...
Update TLS 1.3 function Doxygen documentation
2020-07-15 13:58:07 -07:00
Ethan Looney
d54a51cd20
Added if not defined wc_no_rng
2020-07-15 13:56:12 -07:00
Ethan Looney
7a642e2b78
Added unit tests for Random.c
2020-07-15 12:55:19 -07:00
Ethan Looney
6be76e84ec
Fixed formatting for Shake256Hash
2020-07-15 12:52:17 -07:00
Ethan Looney
9a07df9631
Changed hash size to 144 for Shake256Hash
2020-07-15 12:52:17 -07:00
Ethan Looney
379212acec
Initialized variable data
2020-07-15 12:52:17 -07:00
Ethan Looney
aaa6e892da
Added unit tests for hash.c
2020-07-15 12:52:17 -07:00
Eric Blankenhorn
525a3cb9c3
Move API out of OPENSSL_EXTRA
2020-07-15 10:48:11 -05:00
Eric Blankenhorn
d1a82589f9
Adding wolfSSL_X509_check_ip_asc
2020-07-15 10:48:11 -05:00
David Garske
12478a4534
Merge pull request #3128 from tmael/fips_ossl
...
Correct string truncation of XSTRNCAT
2020-07-14 17:17:27 -07:00
Sean Parkinson
e754076c37
Change mp_leading_bit (integer.c) to not to require a copy
2020-07-15 09:20:15 +10:00
Sean Parkinson
ddad95d52c
mp_sub_d (integer.c): return error when digit is too big
...
Code can't handle subtracting a number (an mp_digit) larger than
DIGIT_BIT. Now returns an error rather than giving wrong result.
2020-07-15 09:18:35 +10:00
Sean Parkinson
51e49dbfac
Fix sp_add_d
2020-07-15 09:15:04 +10:00
Jacob Barthelmeh
a8736dd89d
set heap hint for name malloc
2020-07-14 14:23:49 -06:00
toddouska
1caa6f860b
Merge pull request #3088 from kaleb-himes/ZD10539
...
Change Hash union to wc_Hmac_Hash
2020-07-14 11:23:30 -07:00
toddouska
2dcf4c1696
Merge pull request #3087 from SparkiDev/sp_math_mod
...
Fix div implementation in SP int
2020-07-14 11:19:15 -07:00
Jacob Barthelmeh
173b9833fc
fixes for edge build cases and static memory
2020-07-14 09:07:23 -06:00
TakayukiMatsuo
20682ef0aa
Add support for RX72N Envision Kit
2020-07-14 11:33:19 +09:00
Tesfa Mael
aee208f1b1
Correct build
2020-07-13 17:29:12 -07:00
Chris Conlon
4938baa892
Merge pull request #3121 from ethanlooney/12th_branch
...
Added unit tests for Sha3.c
2020-07-13 17:29:45 -06:00
Jacob Barthelmeh
85437e4097
add sanity check on padSz
2020-07-13 17:17:57 -06:00
Jacob Barthelmeh
63c8f7d1b1
x509 small build and memory free
2020-07-13 15:51:27 -06:00
Chris Conlon
a77085960e
Merge pull request #3103 from TakayukiMatsuo/master
...
Supprted TSIP v1.09 for target board GR-ROSE
2020-07-13 14:35:07 -06:00
Ethan Looney
c5b8181005
Added a free call for shake256_copy
2020-07-13 09:58:00 -07:00
Chris Conlon
cbfda8e596
Merge pull request #3111 from ethanlooney/tenth_branch
...
Changed EXTRACT_ALL from NO to YES in order to document every function using Doxygen
2020-07-13 10:05:54 -06:00
Jacob Barthelmeh
d880d59974
fix for init of renegotiation and fix for compiler warnings
2020-07-13 00:31:40 -06:00
Jacob Barthelmeh
eec5f4a109
set initial NID value and account for null character on string
2020-07-12 19:54:50 -06:00
TakayukiMatsuo
af1b532758
Applied review comments to the code
2020-07-11 17:17:33 +09:00
Chris Conlon
ed9648770d
Merge pull request #3120 from ethanlooney/11th_branch
...
Added unit tests for Sha512.c
2020-07-10 17:12:23 -06:00
Jacob Barthelmeh
2aaeb2a2df
fix X509 multiple OU's and refactor
2020-07-10 17:12:20 -06:00
Ethan Looney
84aa7d746a
Added unit tests for Sha3
2020-07-10 15:43:08 -07:00
toddouska
a90d6b2a5e
Merge pull request #3039 from tmael/cov-fix2
...
Coverity fix in wolfSSL 4.4.0 - part 2
2020-07-10 13:06:22 -07:00
toddouska
b8078ab789
Merge pull request #3092 from dgarske/sniffer_loadbuf
...
Added sniffer API's to load buffer directly
2020-07-10 12:58:45 -07:00
Ethan Looney
7e23273d1c
Changed directory for Doxygen's search to only the necessary header files
2020-07-10 12:51:21 -07:00
toddouska
b931dc0d6e
Merge pull request #3110 from JacobBarthelmeh/SGX
...
add SP build for SGX
2020-07-10 10:29:50 -07:00
Ethan Looney
295aa4ac55
Added tests for Sha512.c
2020-07-10 10:15:32 -07:00
kaleb-himes
64c0d53a2d
Use portable friendly XVALIDATE_DATE in ssl.c and add wc_ to default
2020-07-10 09:43:24 -06:00
Ethan Looney
03839ea641
Changed EXTRACT_ALL from NO to YES in order to document every function
2020-07-10 08:16:15 -07:00
David Garske
ed0f2bb8f5
Added sniffer API's to load buffer directly, not file. ZD 10547
2020-07-09 08:54:26 -07:00
TakayukiMatsuo
942226dc5a
Merge branch 'master' of https://github.com/wolfSSL/wolfssl to get updated ocsp tests
2020-07-09 07:47:54 +09:00
Sean Parkinson
b952f18eb4
Merge pull request #3104 from JacobBarthelmeh/nginx
...
Nginx 1.15.7
2020-07-09 08:46:30 +10:00
Sean Parkinson
3e0d0677ee
Merge pull request #3116 from embhorn/zd10570
...
Sanity check in DoTls13HandShakeMsgType
2020-07-09 08:42:37 +10:00
Sean Parkinson
e37bd2ade6
Merge pull request #3113 from guidovranken/scrypt-return-memory-e
...
Return MEMORY_E from wc_scrypt if allocation fails
2020-07-09 08:28:51 +10:00
Tesfa Mael
890500c1b1
Fix Coverity
2020-07-08 08:20:43 -07:00
TakayukiMatsuo
1e94f0478c
Added resetting size info output-buffer before calling export APIs
...
Added resetting size into output-buffer before calling export APIs
2020-07-08 08:20:43 -07:00
Eric Blankenhorn
b9855b51bf
Sanity check in DoTls13HandShakeMsgType
2020-07-08 07:55:05 -05:00
Eric Blankenhorn
5f5040686e
Merge pull request #3112 from kaleb-himes/INTERNAL_OCSP_STAPLING_FIX
...
Put both potential roots for login.live.com into collection for stapl…
2020-07-07 20:46:09 -05:00
Guido Vranken
7f66671449
In wc_PKCS12_PBKDF_ex, break out of outer loop on error
2020-07-08 01:38:02 +02:00
Guido Vranken
43e1eee55d
Return MEMORY_E from wc_scrypt if allocation fails
2020-07-08 01:04:37 +02:00
kaleb-himes
aa704420fd
Fix typo in include.am
2020-07-07 16:39:39 -06:00
toddouska
c8dcd59565
Merge pull request #3082 from JacobBarthelmeh/Testing
...
restrict the cert version allowed
2020-07-07 15:37:01 -07:00
kaleb-himes
42f3a6d7a4
Put both potential roots for login.live.com into collection for stapling test
2020-07-07 16:02:48 -06:00
Chris Conlon
6196698d8b
Merge pull request #3099 from ethanlooney/eighth_branch
...
Added unit tests to sha256.c for sha224 and sha256.
2020-07-07 15:37:38 -05:00
Jacob Barthelmeh
333f4ccced
add SP build for SGX
2020-07-07 10:43:44 -06:00
TakayukiMatsuo
a95b31041c
Added NO_ASN_TIME macro to avoid cert expiration validation
2020-07-07 18:40:41 +09:00
Sean Parkinson
80246dfbc3
Merge pull request #3102 from guidovranken/free-tlsx
...
In TLSX_SupportedFFDHE_Set, free TLSX list if TLSX_PopulateSupportedG…
2020-07-07 08:25:13 +10:00
Ethan Looney
296b562113
Fixed formatting and forgotten curly bracket
2020-07-06 12:33:06 -07:00
Ethan Looney
1b7a96627c
Changed formatting
2020-07-06 12:05:55 -07:00
toddouska
301e5c03b9
Merge pull request #3097 from SparkiDev/sp_int_mul_of
...
Fix SP int size of result checks
2020-07-06 11:17:01 -07:00
toddouska
b8314a70f9
Merge pull request #3089 from kaleb-himes/ZD10539_LICENSING
...
Add or later verbage to LICENSING and sync header license versions
2020-07-06 11:11:11 -07:00
toddouska
514254e294
Merge pull request #3069 from SparkiDev/gnu-stack
...
Add section to asm files to avoid exe stack
2020-07-06 11:08:24 -07:00
JacobBarthelmeh
e194a11cb8
add wolfSSL_SESSION_new and change to peek error
2020-07-06 10:47:46 -06:00
Ethan Looney
dfde73620c
Added if defined cases for tests using hashes
2020-07-06 08:07:03 -07:00
TakayukiMatsuo
9554e54e8f
Resolved conflict
2020-07-06 10:58:58 +09:00
Sean Parkinson
1af2e5cf02
Fix div implementation in SP int
2020-07-06 08:52:44 +10:00
Guido Vranken
04d063f2ba
In TLSX_SupportedFFDHE_Set, free TLSX list if TLSX_PopulateSupportedGroups fails
2020-07-05 23:41:50 +02:00
TakayukiMatsuo
464cd49e45
Supprted TSIP v1.09 for target board GR-ROSE
2020-07-04 23:40:10 +09:00
Sean Parkinson
0e79943a5c
Fix SP int size of result checks
...
sp_lshb: Only put values in extra word id necessary
2020-07-03 09:12:27 +10:00
Ethan Looney
5f3a287a6a
Added tests to sha256.c for sha224 and sha256.
2020-07-02 14:30:30 -07:00
Takashi Kojo
fd257ee8b9
fix guard
2020-07-03 05:42:44 +09:00
Chris Conlon
655022cfc5
Merge pull request #3095 from ethanlooney/sixth_branch
...
Added additional tests for curve25519 and fixed a print format error from previous tests.
2020-07-02 10:07:55 -05:00
Juliusz Sosinowicz
3efd8a8576
Jenkins fixes
2020-07-02 14:59:07 +02:00
Ethan Looney
3242fa3669
Fixed formatting, redundant if's and added a comment explaining why a value was chosen.
2020-07-01 16:01:50 -07:00
JacobBarthelmeh
df9a1a2a0e
revert error peek function
2020-07-01 16:26:38 -06:00
Juliusz Sosinowicz
fd79ebfe8d
TLS 1.3 requires chacha and poly1305 for myTicketEncCb
2020-07-01 20:24:50 +02:00
Ethan Looney
f526a11126
Added additional tests for curve25519 and fixed a print format error from previous tests
2020-07-01 10:19:40 -07:00
Ethan Looney
a59560a1d5
Added tests to curve25519.c and fixed a print error from previous curve25519 tests
2020-07-01 09:32:03 -07:00
tmael
f89686a1ec
Merge pull request #3086 from SparkiDev/sp_c_mod_fix
...
Fix normalization in all SP C divs
2020-07-01 09:02:29 -07:00
Chris Conlon
eb4b575b3a
Merge pull request #3085 from ethanlooney/fourth_branch
...
API tests for Curve448
2020-06-30 17:24:07 -05:00
Ethan Looney
4ad904909c
Added a return check
2020-06-30 12:40:20 -07:00
Ethan Looney
78efb48acf
Added two more tests to hit xmemset lines
2020-06-30 12:40:20 -07:00
Ethan Looney
b7e682e677
Added more tests to api.c for curve448
2020-06-30 12:40:20 -07:00
Chris Conlon
94654c7a46
Merge pull request #3062 from TakayukiMatsuo/branch-2
...
Added testcases for wc_curve25519_export_key_xx
2020-06-30 14:27:24 -05:00
Juliusz Sosinowicz
e63a80f1af
Use NO_SESSION_CACHE as well in preproc checks
2020-06-30 21:21:43 +02:00
JacobBarthelmeh
e6746639af
add SSL_SESSION_up_ref and fix for get lib
2020-06-30 13:16:28 -06:00
kaleb-himes
8d37f57990
Change variable name from Hash to hashAlg
2020-06-30 12:50:26 -06:00
Juliusz Sosinowicz
b57cf802eb
Expose session serialization outside of OPENSSL_EXTRA
...
Use `./configure CFLAGS='-DHAVE_EXT_CACHE'` to enable session serialization without `OPENSSL_EXTRA`.
2020-06-30 20:17:21 +02:00
Felix Lechner
24e10bf4ab
Convert a header file to UTF-8 encoding.
...
The file contained characters from the ISO 8859-1 legacy text
encoding. This commit onverts the file to UTF-8.
2020-06-30 11:14:52 -07:00
kaleb-himes
970391319b
Add or later verbage to LICENSING and sync header license versions
2020-06-30 12:13:13 -06:00
kaleb-himes
55985ad1b4
Change Hash union to wc_Hmac_Hash
2020-06-30 12:01:57 -06:00
Ethan Looney
c39bd55aca
Removed comment, deleted redundent WC_RNG initialization and fixed indentation
2020-06-30 09:32:10 -07:00
toddouska
2c11f96c9d
Merge pull request #3048 from embhorn/zd10216
...
Override CRL error for NO_VERIFY
2020-06-29 15:35:53 -07:00
Sean Parkinson
4e584595f0
Fix normalization in all SP C divs
2020-06-30 08:32:42 +10:00
Ethan Looney
e32e206d7c
Added a return check
2020-06-29 12:55:42 -07:00
Ethan Looney
7fb4a98009
Added two more tests to hit xmemset lines
2020-06-29 09:48:22 -07:00
Ethan Looney
6745733e2e
Added more tests to api.c for curve448
2020-06-29 09:30:17 -07:00
Chris Conlon
b6aaedd3b4
Merge pull request #3080 from ethanlooney/second_branch
...
Added additional tests to curve448.c through api.c
2020-06-29 11:21:15 -05:00
David Garske
7a2384deaf
Merge pull request #3071 from kojo1/user-mutex
...
User defined mutex
2020-06-28 21:45:30 -07:00
Jacob Barthelmeh
14d0b4e7d6
adjust test case
2020-06-26 10:25:50 -06:00
Chris Conlon
7bd5da70a6
Merge pull request #3066 from kaleb-himes/DOX_UPDATES
...
Update v23 methods to reflect TLSv1.3
2020-06-26 10:59:04 -05:00
Ethan Looney
1c1ddaa6c2
Added checks to initial returns and free rng
2020-06-25 16:40:38 -07:00
Sean Parkinson
a10500e5a7
Merge pull request #3079 from tmael/sp_mod
...
Correct SP mod calculation
2020-06-26 08:38:07 +10:00
Sean Parkinson
f6d26b4e81
Merge pull request #3072 from kaleb-himes/SANITY_CHECKS
...
ed25519 and ed448 check sigLen against expected
2020-06-26 08:31:55 +10:00
Jacob Barthelmeh
0c7b851bd3
restrict the cert version allowed
2020-06-25 15:45:18 -06:00
David Garske
e2afbae6aa
Merge pull request #3054 from JacobBarthelmeh/CRL
...
fix for x509 store add crl
2020-06-25 09:52:12 -07:00
JacobBarthelmeh
26f0a74d29
Merge pull request #3023 from kaleb-himes/GH2998-REWORK
...
cleanup GET messages
2020-06-25 10:22:09 -06:00
John Safranek
73c26c5188
Merge pull request #3078 from dgarske/dup_defines
...
Remove duplicate macros in VS user_settings.h files.
2020-06-25 09:09:30 -07:00
kaleb-himes
17466727b2
Implement peer review feedback
2020-06-25 09:43:22 -06:00
John Safranek
4dbdfdea08
Merge pull request #3077 from kaleb-himes/ZD10235_CONFIG
...
configure.ac change == to = when not C code
2020-06-25 08:21:01 -07:00
Tesfa Mael
60d6f616c2
Fix typo
2020-06-25 08:06:14 -07:00
Tesfa Mael
a8f5602e10
Correct mod calculation
2020-06-25 08:01:05 -07:00
Ethan Looney
fe7d9ea7c1
changed RNG to WC_RNG
2020-06-24 15:40:58 -07:00
Ethan Looney
79981e3cf7
Added additonal tests to curve448.c
2020-06-24 15:40:38 -07:00
Ethan Looney
86b7f18502
Added additional tests to curve448.c through api.c
2020-06-24 15:40:22 -07:00
David Garske
a10ee78980
Remove duplicate macros in VS user_settings.h files.
2020-06-24 15:08:49 -07:00
toddouska
07c5f36d6d
Merge pull request #3068 from SparkiDev/modexp-cr
...
Use temp with mont mul in constant time exptmod
2020-06-24 13:19:06 -07:00
kaleb-himes
308562e853
configure.ac change == to = when not C code
2020-06-24 13:41:03 -06:00
JacobBarthelmeh
483b970772
Merge pull request #3061 from embhorn/zd10457
...
Remove multiple defines of GEN_IPADD
2020-06-24 11:33:16 -06:00
kaleb-himes
fdce5152c5
Address peer feedback
2020-06-24 11:25:12 -06:00
toddouska
9cd6f92d19
Merge pull request #3058 from JacobBarthelmeh/Certs
...
Fix and test case for malformed name constraint
2020-06-24 10:15:08 -07:00
Jacob Barthelmeh
b8b2f7ef7d
vs build warning fixes
2020-06-24 10:57:31 -06:00
Sean Parkinson
be5648986c
Update TLS 1.3 function Doxygen documentation
...
Give parameters a name in function prototypes.
2020-06-24 12:35:47 +10:00
Kaleb Himes
23ddc1c4c2
Merge pull request #3067 from SparkiDev/tls13-test-fix
...
Cleanup after TLS 1.3 tests
2020-06-23 17:35:48 -06:00
kaleb-himes
722961f55c
ed25519 and ed448 check sigLen against expected
2020-06-23 17:32:00 -06:00
Eric Blankenhorn
ec755f8dd9
Override CRL error for NO_VERIFY
2020-06-23 18:09:03 -05:00
Sean Parkinson
582240a84d
Merge pull request #3051 from embhorn/zd10451
...
Sanity check wc_ecc_import_raw x, y, and key
2020-06-24 08:52:10 +10:00
Takashi Kojo
55bb95823c
coding template
2020-06-24 07:31:20 +09:00
Jacob Barthelmeh
8511d07698
store chain is free'd when store is free'd
2020-06-23 15:42:32 -06:00
Jacob Barthelmeh
ae90119af4
remove double free in test case
2020-06-23 14:45:31 -06:00
Eric Blankenhorn
7cc64377d0
Sanity check wc_ecc_import_raw x, y, and key
2020-06-23 08:54:47 -05:00
Takashi Kojo
1253be0142
Remove user_setting.h and user-mutex.c example files
2020-06-23 17:30:03 +09:00
Sean Parkinson
e8e455bf39
Add section to asm files to avoid exe stack
...
For Linux ELF need a note section for GNU to indicate stack is not
executable.
2020-06-23 11:58:46 +10:00
Sean Parkinson
7c615967a9
Use temp with mont mul in constant time exptmod
...
For cache attack resistance.
2020-06-23 10:45:31 +10:00
Sean Parkinson
392e09c474
Cleanup after TLS 1.3 tests
...
Make sure the server is dead after each test.
Client may not connect to server if cipher suite not supported and
return error as expected.
2020-06-23 09:14:51 +10:00
Sean Parkinson
5b07905818
Merge pull request #3065 from dgarske/sp_revert
...
Fix SP cache resistant build (reverts part of PR 2970)
2020-06-23 08:42:00 +10:00
toddouska
877b9975eb
Merge pull request #3064 from dgarske/dox_sni
...
Fixes for dox SNI documentation / examples.
2020-06-22 13:38:41 -07:00
toddouska
180439ca34
Merge pull request #3060 from dgarske/git3059_cryptocell
...
Fixes for CryptoCell
2020-06-22 13:37:37 -07:00
toddouska
93bd0dbfe1
Merge pull request #2980 from dgarske/psoc6
...
Fix for `WOLFSSL_ALT_CERT_CHAINS` with long chain
2020-06-22 13:36:35 -07:00
kaleb-himes
646ecb54c2
Update v23 methods to reflect TLSv1.3
2020-06-22 12:04:16 -06:00
David Garske
a29250e87d
Revert SP changes in https://github.com/wolfSSL/wolfssl/pull/2970 that broke --enable-sp CFLAGS="-DWOLFSSL_SP_CACHE_RESISTANT". This was generated with latest scripts.
2020-06-22 07:56:54 -07:00
David Garske
6ecb88da47
Fixes for dox SNI documentation / examples.
2020-06-22 07:37:04 -07:00
JacobBarthelmeh
b88342eeaf
memory handling fixes
2020-06-19 10:08:42 -07:00
JacobBarthelmeh
22d6774966
Merge pull request #2909 from SKlimaRA/SKlimaRA/crl-and-pkcb
...
ParseCrl fix, GetPrivateKeySigSize moved from client only section and Coverity fixes.
2020-06-19 10:51:50 -06:00
TakayukiMatsuo
771d60c085
Replaced some hard-tabs with spaces in wc_curve25519_export_key_raw_ex()
2020-06-19 13:40:16 +09:00
David Garske
6b1a6309ce
Fixes for CryptoCell. Fix for signature wrapper signing to allow larger signing input buffer. Cleanup of some duplicate code. Fix for bad cryptocell ECC make key result check (-9628). Fixes #3059 . Thanks Sylwester.
2020-06-18 13:40:30 -07:00
Eric Blankenhorn
a5664b5ba9
Remove multiple defines of GEN_IPADD
2020-06-18 15:40:22 -05:00
toddouska
f8c6c783db
Merge pull request #3047 from SparkiDev/curve448_dox
...
Add Doxygen documentation for Curve448/Ed448
2020-06-18 13:05:59 -07:00
David Garske
352328348a
For example client "-H verifyFail", which was not setting the verify callback.
2020-06-18 12:54:47 -07:00
David Garske
823b3d90d8
Add braces around new debug message to avoid compiler warning.
2020-06-18 12:12:28 -07:00
toddouska
248b8c9b62
Merge pull request #3057 from kaleb-himes/FIPSv2_plus_OPENSSLALL
...
Resolve issues with FIPSv2 when opensslall set
2020-06-18 10:12:06 -07:00
toddouska
48cd6f36ff
Merge pull request #2967 from dgarske/ecc_null
...
Fixes for ECC key import
2020-06-18 10:10:49 -07:00
Jacob Barthelmeh
1e431e1ade
add test case and fixes from review
2020-06-18 10:57:25 -06:00
David Garske
667d9ca896
Fix to catch the issue in this PR with alt cert chains, which only happens if the verify callback is used and the chain is long enough. Cleanup of the myVerify callback to allow specific actions. Fix the suites.c to not crash if no newline at end of file. Added helpful debug message to show that a CA was found.
2020-06-18 09:26:50 -07:00
David Garske
efa169e595
Fix for invalid files in include.am. Improvement to new alt-chain tests to catch case this PR fixes.
2020-06-18 08:33:59 -07:00
David Garske
d70f6b7ede
Fix for tests/test-chains.conf with new intermediate CA.
2020-06-18 08:33:59 -07:00
David Garske
9be61c61f5
Add alternate chain test case where peer presents chain (INT -> INT2 -> PEER) and only INT2 is loaded as trusted. Update existing alternate chain partial test cases to use INT2. Fix for test suite to allow extra newlines in .test files.
2020-06-18 08:33:59 -07:00
David Garske
5a5bc34aa5
Added second intermediate CA to testing certs. This creates a chain that looks like: ROOT (www.wolfssl.com) -> INT (wolfSSL Intermediate CA) -> INT2 (wolfSSL Intermediate2 CA) -> PEER (wolfSSL Client Chain / wolfSSL Server Chain).
2020-06-18 08:33:59 -07:00
David Garske
0ef5a3d00e
Fix for WOLFSSL_ALT_CERT_CHAINS incorrectly failing on success case.
2020-06-18 08:33:59 -07:00
David Garske
21e0f863b9
Fix for NO_WOLFSSL_SERVER typo.
2020-06-18 08:33:58 -07:00
Juliusz Sosinowicz
03c5359fcd
Add session resumption testing for DTLS
2020-06-18 14:18:02 +02:00
Juliusz Sosinowicz
b590e06f42
DTLS fixes
...
- `SendFinished` resetting`dtls_expected_peer_handshake_number` should depend on side and if we are resuming a connection
- No need to do a cookie exchange on session resumption
2020-06-18 12:13:52 +02:00
TakayukiMatsuo
28819bd45e
Made two lines wrap around in test_wc_curve25519_export_key_raw_ex()
2020-06-18 12:25:21 +09:00
TakayukiMatsuo
a855d6355e
Added cleanup to test_wc_curve25519_export_key_raw_ex
2020-06-18 12:25:21 +09:00
TakayukiMatsuo
1d98c960cf
Added resetting size info output-buffer before calling export APIs
...
Added resetting size into output-buffer before calling export APIs
2020-06-18 12:24:03 +09:00
David Garske
13753d56bb
Cleanup in wc_ecc_sign_hash_ex for blinding value to not call free twice (mp_clear already does mp_free).
2020-06-17 17:11:54 -07:00
David Garske
0fd5eda5af
Fix for test_wolfSSL_DTLS_either_side, which was not properly free'ing in error case. Improves the test shared context logic to make it explicit.
2020-06-17 17:08:09 -07:00
toddouska
220e2634af
Merge pull request #3056 from dgarske/nullcipher_noaes
...
Fixes for a few build edge cases (async w/o DTLS, null cipher w/o AES)
2020-06-17 16:48:48 -07:00
toddouska
f20a2de284
Merge pull request #3055 from dgarske/ocsp_resp
...
Fix for possible use of NULL in the OCSP response nonce
2020-06-17 16:45:53 -07:00
toddouska
3acc31400c
Merge pull request #3053 from SparkiDev/ed448_fixes
...
Fix ED448 calls to use context and correct variable name
2020-06-17 16:41:40 -07:00
Jacob Barthelmeh
dafd35e4c1
remove unused variable
2020-06-17 15:55:08 -06:00
Jacob Barthelmeh
f75659641a
test on malformed name constraint
2020-06-17 14:33:10 -06:00
kaleb-himes
e2fb4c55b8
Resolve issues with FIPSv2 when opensslall set
2020-06-17 14:03:02 -06:00
David Garske
3fb432cef8
Fix for building async without DTLS.
2020-06-17 11:20:08 -07:00
David Garske
81892f4594
Fix for use of WC_MAX_SYM_KEY_SIZE in macro. Fixes build case with --enable-nullcipher --disable-aes.
2020-06-17 11:16:33 -07:00
David Garske
0a38ab8ac2
Fix for possible use of NULL is the OCSP response nonce. This is optional and may not be provided in the OCSP response and should be skipped if not set in the response. ZD 10475.
2020-06-17 11:00:05 -07:00
Jacob Barthelmeh
82921f8650
fix for x509 store add crl
2020-06-17 11:30:18 -06:00
Kaleb Himes
b1aa903c1b
Merge pull request #3052 from julek-wolfssl/infinite-loop-fuzzer
...
Alert level must be cleared or ProcessReply will loop indefinitely
2020-06-16 18:55:15 -06:00
Sean Parkinson
6bb73fb25d
Fix ED448 calls to use context and correct variable name
...
Added basic test of OpenSSL compatability APIs:
- wolfSSL_ED25519_generate_key
- wolfSSL_ED25519_sign
- wolfSSL_ED25519_verify
- wolfSSL_ED2448_generate_key
- wolfSSL_ED448_sign
- wolfSSL_ED448_verify
2020-06-17 10:05:50 +10:00
Juliusz Sosinowicz
90caeaf925
Alert level must be cleared or ProcessReply will loop indefinitely
2020-06-16 23:21:54 +02:00
JacobBarthelmeh
7c6dccd4a0
Merge pull request #3038 from embhorn/zd10457
...
Unused var error
2020-06-16 14:10:54 -06:00
Sean Parkinson
7a15639927
Add Doxygen documentation for Curve448/Ed448
...
Update Curve25519/Ed25519 Doxygen documentation too.
Make public key is a public API - check pubKey pointer is not NULL.
2020-06-16 22:16:13 +10:00
Chris Conlon
b9f13dba61
Merge pull request #3030 from TakayukiMatsuo/usertime
...
ASN1_TIME_new in correct macro condition
2020-06-15 17:49:44 -05:00
toddouska
aa7168df0b
Merge pull request #3045 from SparkiDev/aes_small_fix
...
AES small table fix
2020-06-15 14:19:09 -07:00
toddouska
096d0073ef
Merge pull request #3043 from dgarske/renesas_ra6m3
...
Renesas requested name change to "RA6M3"
2020-06-15 14:18:19 -07:00
toddouska
9d932d09bf
Merge pull request #3042 from dgarske/xcode_updates
...
Updates to Xcode projects to add new files / features
2020-06-15 14:16:14 -07:00
toddouska
74098340ff
Merge pull request #3031 from dgarske/stm32cubeide
...
Adding STM32CubeIDE support
2020-06-15 14:14:43 -07:00
Jacob Barthelmeh
f020b0f24a
add check on decode subtree return value
2020-06-15 14:41:05 -06:00
Sean Parkinson
3f344b7d89
AES small table fix
...
Symbol not needed when only compiling AES algorithms (AES-GCM, AES-CCM,
AES-CTR) not using AES decrypt.
Allow AES-CCM to be compiled without AES-GCM.
2020-06-15 14:46:39 +10:00
Takashi Kojo
8ff1b474bc
Tentative: User defined mutex
2020-06-14 07:12:13 +09:00
David Garske
baaf741c79
Merge pull request #3037 from JacobBarthelmeh/CSharp
...
add peer certificate print to callback with C#
2020-06-12 13:32:50 -07:00
toddouska
1e07563411
Merge pull request #2984 from julek-wolfssl/dtls-scr
...
Add secure renegotiation to DTLS 1.2
2020-06-12 11:22:55 -07:00
toddouska
6166902f66
Merge pull request #2990 from julek-wolfssl/fix-leak
...
Fix leak in SetIndividualInternal
2020-06-12 11:17:40 -07:00
toddouska
4c2dee77d8
Merge pull request #3028 from julek-wolfssl/CRYPTO_memcmp
...
Implement CRYPTO_memcmp
2020-06-12 11:16:18 -07:00
David Garske
eea22eb65d
Renesas requested name change to "RA6M3".
2020-06-12 10:58:20 -07:00
David Garske
d43d75bf81
Updates to xcode projects to add new files.
...
Ran updated iPhone X benchmarks:
```
RNG 330 MB took 1.010 seconds, 326.879 MB/s
AES-128-CBC-enc 920 MB took 1.005 seconds, 915.507 MB/s
AES-128-CBC-dec 6095 MB took 1.000 seconds, 6092.130 MB/s
AES-192-CBC-enc 820 MB took 1.000 seconds, 819.644 MB/s
AES-192-CBC-dec 4860 MB took 1.001 seconds, 4855.794 MB/s
AES-256-CBC-enc 710 MB took 1.005 seconds, 706.419 MB/s
AES-256-CBC-dec 3935 MB took 1.001 seconds, 3930.830 MB/s
AES-128-GCM-enc 1245 MB took 1.003 seconds, 1241.589 MB/s
AES-128-GCM-dec 575 MB took 1.001 seconds, 574.547 MB/s
AES-192-GCM-enc 1235 MB took 1.001 seconds, 1234.343 MB/s
AES-192-GCM-dec 570 MB took 1.003 seconds, 568.521 MB/s
AES-256-GCM-enc 1230 MB took 1.003 seconds, 1226.034 MB/s
AES-256-GCM-dec 570 MB took 1.001 seconds, 569.199 MB/s
3DES 10 MB took 1.386 seconds, 7.213 MB/s
MD5 95 MB took 1.037 seconds, 91.629 MB/s
SHA 80 MB took 1.013 seconds, 78.943 MB/s
SHA-256 1625 MB took 1.000 seconds, 1624.565 MB/s
SHA3-224 60 MB took 1.010 seconds, 59.399 MB/s
SHA3-256 60 MB took 1.073 seconds, 55.921 MB/s
SHA3-384 45 MB took 1.042 seconds, 43.195 MB/s
SHA3-512 35 MB took 1.164 seconds, 30.063 MB/s
HMAC-MD5 95 MB took 1.044 seconds, 91.014 MB/s
HMAC-SHA 80 MB took 1.007 seconds, 79.480 MB/s
HMAC-SHA256 1705 MB took 1.001 seconds, 1703.126 MB/s
RSA 2048 public 32800 ops took 1.003 sec, avg 0.031 ms, 32716.405 ops/sec
RSA 2048 private 1200 ops took 1.041 sec, avg 0.868 ms, /33 ops/sec
DH 2048 key gen 2354 ops took 1.000 sec, avg 0.425 ms, 2353.254 ops/sec
DH 2048 agree 2500 ops took 1.013 sec, avg 0.405 ms, 2467.525 ops/sec
ECC 256 key gen 46503 ops took 1.000 sec, avg 0.022 ms, 46502.069 ops/sec
ECDHE 256 agree 14100 ops took 1.005 sec, avg 0.071 ms, 14034.697 ops/sec
ECDSA 256 sign 29600 ops took 1.003 sec, avg 0.034 ms, 29500.554 ops/sec
ECDSA 256 verify 11000 ops took 1.007 sec, avg 0.092 ms, 10921.516 ops/sec
```
2020-06-12 10:39:26 -07:00
toddouska
f30eb0197b
Merge pull request #3032 from JacobBarthelmeh/PKCS12
...
fix error checking when parsing a PKCS12 DER into an internal structure
2020-06-12 09:57:40 -07:00
JacobBarthelmeh
2b5ed1564c
add error function and print out
2020-06-12 09:45:23 -07:00
Eric Blankenhorn
0f36cdf066
Unused var error
2020-06-12 10:43:01 -05:00
Unknown
cab8dd3731
Ignore duplicate or out of order CCS message
...
Init variables since compiler complains they might be used without initialization.
2020-06-12 12:27:48 +02:00
Juliusz Sosinowicz
ac028e551d
Code Review
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
69802ed1a9
Missing ssl->heap in FreeBuildMsgArgs
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
3980d6117d
Fix Jenkins
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
01b446f469
Fix SessionTicket length in unencrypted case
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
f2d2dadc89
ASYNC: Fix issues with TLS and DTLS
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
eb7a49a1d7
ASYNC: Working TLS SCR
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
a7c4d88876
ASYNC: Working AES128-SHA
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
7b604ad714
WIP
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
73105305cf
WIP
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
a107688891
Fix asynchronous DTLS issue
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
d88f6f1156
DTLS test cases
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
4e60e4b3b7
DTLS Message Grouping
...
Flush output buffer when we suspect that the grouped messages may exceed MTU.
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
d2542dcf38
Restore StoreKeys functionality for TLS case
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
c2ca9f614e
Jenkins tests fixes
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
eb910a64d0
Comments and formatting
2020-06-12 11:36:43 +02:00
Juliusz Sosinowicz
651a7a97b9
Add secure renegotiation to DTLS 1.2
...
- Hash of fragmented certificate was not calculated as a single message and instead we were hashing individual fragments which produced the wrong digest, shared secret, etc...
- Reset handshake number after server Finished packet is sent or received (depending on side)
- Reserve space in buffer for cipher stuff
- Take `DTLS_RECORD_EXTRA` and `DTLS_HANDSHAKE_EXTRA` into size and offset calculations for DTLS path
- Fix renegotiation in DTLS with AES128-SHA
- Fix renegotiation in DTLS with AES-GCM
- Support HelloVerify request during secure renegotiation
- Save renegotiation handshake messages for retransmission in timeout
- Handle cipher parameters from different epochs. DTLS may need to resend and receive messages from previous epochs so handling different sets of encryption and decryption parameters is crucial.
2020-06-12 11:36:43 +02:00
David Garske
255cc016b3
Merge pull request #3034 from kaleb-himes/FORUM_DSA_ISSUE
...
Seperate QT and DSA dependencies
2020-06-11 15:40:12 -07:00
David Garske
ad7e636e34
Adds STM32H7 support. Tested on NUCLEO-H753ZI board.
...
STM32H753ZI at 480MHz
```
Running wolfCrypt Benchmarks...
------------------------------------------------------------------------------
wolfSSL version 4.4.1
------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 250 KB took 1.047 seconds, 238.777 KB/s
AES-128-CBC-enc 4 MB took 1.004 seconds, 3.623 MB/s
AES-128-CBC-dec 4 MB took 1.004 seconds, 3.623 MB/s
AES-192-CBC-enc 4 MB took 1.000 seconds, 3.613 MB/s
AES-192-CBC-dec 4 MB took 1.000 seconds, 3.613 MB/s
AES-256-CBC-enc 4 MB took 1.000 seconds, 3.613 MB/s
AES-256-CBC-dec 4 MB took 1.000 seconds, 3.613 MB/s
AES-128-GCM-enc 3 MB took 1.004 seconds, 3.380 MB/s
AES-128-GCM-dec 3 MB took 1.004 seconds, 3.356 MB/s
AES-192-GCM-enc 3 MB took 1.004 seconds, 3.380 MB/s
AES-192-GCM-dec 3 MB took 1.003 seconds, 3.359 MB/s
AES-256-GCM-enc 3 MB took 1.000 seconds, 3.369 MB/s
AES-256-GCM-dec 3 MB took 1.004 seconds, 3.356 MB/s
CHACHA 850 KB took 1.020 seconds, 833.333 KB/s
CHA-POLY 650 KB took 1.015 seconds, 640.394 KB/s
POLY1305 4 MB took 1.004 seconds, 4.037 MB/s
SHA-256 3 MB took 1.004 seconds, 3.088 MB/s
HMAC-SHA256 3 MB took 1.004 seconds, 3.015 MB/s
RSA 2048 public 78 ops took 1.023 sec, avg 13.115 ms, 76.246 ops/sec
RSA 2048 private 4 ops took 1.682 sec, avg 420.500 ms, 2.378 ops/sec
DH 2048 key gen 6 ops took 1.165 sec, avg 194.167 ms, 5.150 ops/sec
DH 2048 agree 6 ops took 1.165 sec, avg 194.167 ms, 5.150 ops/sec
ECC 256 key gen 96 ops took 1.004 sec, avg 10.458 ms, 95.618 ops/sec
ECDHE 256 agree 50 ops took 1.027 sec, avg 20.540 ms, 48.685 ops/sec
ECDSA 256 sign 64 ops took 1.000 sec, avg 15.625 ms, 64.000 ops/sec
ECDSA 256 verify 32 ops took 1.039 sec, avg 32.469 ms, 30.799 ops/sec
Benchmark complete
Benchmark Test: Return code 0
```
2020-06-11 15:17:29 -07:00
David Garske
3b86a4db20
Adding STM32CubeIDE support (and deprecation of OpenSTM32).
...
* Updated example to add support for CMSIS v2 and static memory.
* Improved example to support more build options.
* Added support for detecting Cube HAL and including `wolfSSL.wolfSSL_conf.h`.
2020-06-11 14:45:17 -07:00
JacobBarthelmeh
d97c23edd8
set dynamic flag
2020-06-11 12:46:21 -07:00
JacobBarthelmeh
6af052faae
add peer certificate print to callback
2020-06-11 10:57:26 -07:00
Chris Conlon
cc13c9f062
Merge pull request #3035 from ejohnstown/changelog
...
Fix changelog error
2020-06-11 10:19:10 -05:00
toddouska
29bdc7d8b5
Merge pull request #3015 from tmael/cov-fix
...
Coverity fix in wolfSSL 4.4.0
2020-06-10 17:07:47 -07:00
John Safranek
f7c233af9c
Fix error in the changelog. AES-CTR with AES-NI wasn't actually added.
2020-06-10 15:15:11 -07:00
Juliusz Sosinowicz
d5577c9404
Explicit convert
2020-06-10 18:43:27 +02:00
Kaleb Himes
2fe08e1951
Update comment
...
Thanks @dgarske, great catch!
2020-06-09 17:10:57 -06:00
kaleb-himes
80e888c1c8
Seperate QT and DSA dependencies
2020-06-09 16:47:35 -06:00
Chris Conlon
fb51a2298e
Merge pull request #3019 from kaleb-himes/ZD10380
...
init components as best practice
2020-06-09 17:23:55 -05:00
toddouska
e993cb6cc0
Merge pull request #2942 from dgarske/tls13_on
...
Enable TLS v1.3 by default
2020-06-09 13:30:02 -07:00
toddouska
48783c1982
Merge pull request #2996 from dgarske/stm32hal
...
Fixes and improvements for STM32 crypto hardware
2020-06-09 13:24:27 -07:00
toddouska
c023efb2aa
Merge pull request #3025 from JacobBarthelmeh/Compatibility-Layer
...
fix macro to match *_FLAGS_*
2020-06-09 13:19:29 -07:00
toddouska
7a7bfce565
Merge pull request #3026 from cconlon/selftestfixes
...
Fix warnings with NetBSD gcc compiler
2020-06-09 13:18:44 -07:00
toddouska
ef742c4a42
Merge pull request #3027 from danielinux/psoc6_crypto
...
Cypress PSoC6 wolfcrypt driver
2020-06-09 13:17:37 -07:00
toddouska
8fc908989a
Merge pull request #3029 from SparkiDev/aes-ccm-fix
...
Fix optimized AES-CCM - counter
2020-06-09 13:13:42 -07:00
Jacob Barthelmeh
3a430522da
fix error checking when parsing a PKCS12 DER into an internal structure
2020-06-08 14:23:40 -06:00
Kaleb Himes
72360dee38
Also bring over openSSL headers
2020-06-08 11:39:06 -06:00
David Garske
8b6b54603f
Add STM32WB55 crypto hardware support for AES.
2020-06-08 08:48:59 -07:00
Tesfa Mael
28913a276f
Include GCM in latest FIPS and Windows build
2020-06-08 08:38:59 -07:00
David Garske
5837c70e99
Support for STM32L5 PKA ECC sign/verify acceleration.
2020-06-08 08:37:55 -07:00
David Garske
16c0160e63
Added support for STM32L5.
2020-06-08 08:37:55 -07:00
David Garske
21a34bde8c
Fix whitespace.
2020-06-08 08:37:55 -07:00
David Garske
6f82f15d1b
Performance improvements for STM32 AES CBC and GCM crypto hardware.
...
* AES CBC:
- Do all blocks, not just one at a time.
* AES GCM:
- Use local stack for authentication header if < block size.
- Use hardware GHASH for all authentication header sizes.
Tested with STM32F437II (old/new Cube HAL/StdPeriLib), STM32F777ZI (CubeMX) and STM32L4A6ZG (CubeMX).
2020-06-08 08:37:55 -07:00
David Garske
efe9da0994
Fix for STM32 crypto hash with WOLFSSL_SMALL_STACK_CACHE possible free of invalid pointer.
2020-06-08 08:37:55 -07:00
David Garske
dff7c0fcfa
Fix for hardware mutex protection in case where STM32 hardware acceleration is used for RNG or HASH only.
2020-06-08 08:37:55 -07:00
David Garske
42ee313286
Fix for using WOLFSSL_SMALL_STACK_CACHE with STM32 SHA256 hardware acceleration.
2020-06-08 08:37:55 -07:00
David Garske
8791573dfe
Fix for building with NO_PUBLIC_GCM_SET_IV when ChaCha20/Poly1305 is enabled. Cleanup use of not used STD_PERI_LIB.
2020-06-08 08:37:54 -07:00
Tak
b883617c0d
Moved wolfSSL_ASN1_TIME_new() to under #ifndef NO_ASN_TIME condition
2020-06-08 14:10:20 +09:00
Sean Parkinson
d543e305f1
Fix optimized AES-CCM - counter
...
AES-NI optimized 4 block at a time was not incrementing counter
poprerly.
2020-06-08 10:48:19 +10:00
David Garske
3af4316cfd
Fix for session test with TLS v1.3 and session tickets not enabled. Cleanups in AddSession.
2020-06-05 13:33:03 -07:00
David Garske
fb5c9e5268
Adjust static memory case with TLS v1.3 enabled.
2020-06-05 11:11:23 -07:00
David Garske
3b8455fcd0
Fix for building without ECC and DH (TLS v1.3 cannot be enabled).
2020-06-05 10:26:32 -07:00
Juliusz Sosinowicz
a75f83c9f2
Implement CRYPTO_memcmp
2020-06-05 16:44:12 +02:00
Daniele Lacamera
254dd9f823
Added new files to include.am
2020-06-05 15:28:49 +02:00
Daniele Lacamera
76ab8bfb6b
Added psoc6 ECDSA verification support
2020-06-05 11:30:29 +02:00
Daniele Lacamera
b1947478bb
Added support for SHA512 via psoc6 crypto
2020-06-05 11:30:29 +02:00
Daniele Lacamera
82520572b0
Initial support for psoc6_crypto (sha256 only)
2020-06-05 11:30:29 +02:00
David Garske
dffc677561
Fix for TLS v1.3 with --enable-sniffer.
2020-06-04 16:42:40 -07:00
David Garske
7879e83ae0
Fixes for building with ./configure --enable-tls13 --disable-rsa --disable-ecc --enable-psk. Fix to properly detect if missing a asymmetric key algorithm (required by TLS v1.3).
2020-06-04 16:31:19 -07:00
David Garske
1d01b87741
Fix to detect if NO_CERTS / --disable-asn is used in scripts/tls13.test.
2020-06-04 16:08:08 -07:00
David Garske
66fdc2c536
Disable TLS v1.3 if none of these are available "ECC, CURVE25519, CURVE448 or DH".
2020-06-04 15:31:19 -07:00
David Garske
93be04f380
Can't send empty list for the client when sniffer is enabled or it will use AES128-SHA.
2020-06-04 15:31:18 -07:00
David Garske
ad93813d75
Fix for expected failure case on client write. Resolves test-fails.con server TLSv1.3 fail on no client certificate test.
2020-06-04 15:31:18 -07:00
David Garske
d4fdd1e590
Fix for TLS v1.3 test PSK callback to support cipher list. Add support for GetCipherSuiteFromName to accept a name ending with colon.
2020-06-04 15:31:18 -07:00
David Garske
3b63e55a68
Fix for TLS v1.3 PSK tests work with additional cipher suites (not just TLS13-AES128-GCM-SHA256) and the echo server/client.
2020-06-04 15:31:18 -07:00
David Garske
8823a581d0
Add PSK user context support (Fixes #2952.).
2020-06-04 15:31:18 -07:00
David Garske
0228d1eeea
Cleanups for the TLS v1.3 build requirements. Add check for TLS v1.3 call to EncodeSigAlg.
2020-06-04 15:31:18 -07:00
David Garske
ab2afbd37b
Allow the TLS 13 draft 18 build option and just use the final version. This allows the automated test scripts to pass.
2020-06-04 15:31:18 -07:00
David Garske
4d8cf5b571
Fixes for building TLSv1.3 with FIPS v1 (no RSA PSS or HKDF).
2020-06-04 15:31:18 -07:00
David Garske
8300754ecd
Fix for "testsuite" with TLSv1.3 and --enable-sniffer.
2020-06-04 15:31:18 -07:00
David Garske
ba8227bcf7
Fix for building TLS v1.3 with NO_WOLFSSL_CLIENT.
2020-06-04 15:31:18 -07:00
David Garske
b417a76613
Fixes for build TLS v1.3 with NO_CERTS.
2020-06-04 15:31:18 -07:00
David Garske
093d9981fb
Disable fast-rsa if RSA PSS is enabled (not supported).
2020-06-04 15:31:18 -07:00
David Garske
cd1c2d5fae
Enable TLS v1.3 by default. Remove old TLS v1.3 draft build support.
2020-06-04 15:31:18 -07:00
David Garske
ca9dc7d509
Fix for wc_ecc_import_unsigned failing if first private key byte is zero ( Fixes #2950 ). Fix wc_ecc_is_point to return better code IS_POINT_E on failure (was returning -1). Improved ECC import API unit tests. Added WOLFSSL_VALIDATE_ECC_IMPORT and WOLFSSL_VALIDATE_ECC_KEYGEN to --enable-all.
2020-06-04 15:25:56 -07:00
toddouska
3529d9a40d
Merge pull request #3016 from kaleb-himes/FIPSv2-MAINTENANCE
...
New OpenSSL features relying on changes in module files must account for locked FIPS versions of those files
2020-06-04 15:08:17 -07:00
JacobBarthelmeh
976db2545d
Merge pull request #3007 from embhorn/zd10318
...
Fix OOB access in ParseCRL
2020-06-04 13:11:59 -06:00
toddouska
23d1550439
Merge pull request #2989 from julek-wolfssl/openvpn
...
Additional OpenSSL compat layer stuff
2020-06-04 11:57:55 -07:00
toddouska
b48699c1f0
Merge pull request #3022 from cconlon/jnisni
...
enable SNI by default for JNI/JSSE build
2020-06-04 11:07:56 -07:00
toddouska
79465d70f7
Merge pull request #3020 from SparkiDev/tls13_psk_cr
...
TLS 1.3: Never send CertiifcateRequest when PSK
2020-06-04 11:07:22 -07:00
Jacob Barthelmeh
c8b87eab5f
fix macro to match *_FLAGS_*
2020-06-04 11:53:46 -06:00
kaleb-himes
27f37df0e0
Update arduino script to reflect includes of inline files
2020-06-04 09:50:47 -06:00
kaleb-himes
2285071fbc
Use old convention, consolidate assignments
2020-06-04 09:34:49 -06:00
kaleb-himes
923fc30043
Change to memcpy
2020-06-03 17:36:40 -06:00
kaleb-himes
8c3f7a77ca
cleanup GET messages
2020-06-03 16:53:36 -06:00
kaleb-himes
5a4d84ecad
Consolidate to one-line where possible
2020-06-03 16:19:34 -06:00
toddouska
c3407e2052
Merge pull request #3004 from SparkiDev/asn1_int_lead_0_any
...
Define to allow badly formed ASN integers
2020-06-03 14:55:04 -07:00
toddouska
4ddbe546a3
Merge pull request #2993 from dgarske/math_fixes
...
Improvements around the ECC max bits calculation
2020-06-03 14:53:51 -07:00
Eric Blankenhorn
4b10f6aa03
Update from review
2020-06-03 15:56:46 -05:00
Chris Conlon
0b9d06e529
return value from FailTestCallBack to prevent NetBSD noreturn warning
2020-06-03 14:45:31 -06:00
Tesfa Mael
d000ceb495
Resolve Warnings
2020-06-03 13:42:37 -07:00
Chris Conlon
cafcaa4181
enable SNI by default for JNI/JSSE build
2020-06-03 14:24:10 -06:00
Chris Conlon
504b887851
fix NetBSD warnings in ASN1_INTEGER_set() tests around int max/min
2020-06-03 14:14:43 -06:00
Chris Conlon
1c1a01fffe
rename dup to resolve NetBSD global shadow warnings
2020-06-03 14:11:12 -06:00
Chris Conlon
d220168384
Merge pull request #3017 from kojo1/supplicant-error
...
alertWhy: unknown_ca for ASN_NO_SIGNER_E
2020-06-03 10:44:31 -05:00
Tesfa Mael
6176f8537f
Typecast to fix conversion loses
2020-06-02 22:06:14 -07:00
Sean Parkinson
0d1ed9efc7
TLS 1.3: Never send CertiifcateRequest when PSK
...
Server must not send a CertificateRequest when authenticating with a
PSK.
Increase the max size of the signature algorithms as ED448 has been
added.
2020-06-03 12:48:31 +10:00
Tesfa Mael
d5241bbcc6
Coverity fix
2020-06-02 15:35:27 -07:00
kaleb-himes
8cd92f68f2
init components as best practice
2020-06-02 14:28:50 -06:00
toddouska
dc1472692a
Merge pull request #3011 from dgarske/nomalloc
...
Fixes for using static memory with no malloc
2020-06-02 11:46:29 -07:00
toddouska
c7331fa699
Merge pull request #3008 from embhorn/zd10320
...
Fix possible NULL dereference error in TLSX_SecureRenegotiation_Parse
2020-06-02 11:13:17 -07:00
kaleb-himes
6ab5f2d9d7
remove unused variables
2020-06-01 17:56:03 -06:00
kaleb-himes
0604e7d208
no priv or pub in dhKey struct in FIPS
2020-06-01 17:36:27 -06:00
kaleb-himes
bc02f2c74e
Revert GCM_NONCE_MID_SZ changes
2020-06-01 17:13:23 -06:00
kaleb-himes
6217118ee4
Account for unmodifiable FIPS module files when adding new OpenSSL functionality
2020-06-01 16:28:32 -06:00
Takashi Kojo
5bcd121ab5
alertWhy: unknown_ca for ASN_NO_SIGNER_E
2020-06-02 05:54:16 +09:00
David Garske
b947f69f60
Fix to correct SP 4096-bit enable. Correct nonexistent WOLFSSL_SP_NO_4096, which should be WOLFSSL_SP_4096.
2020-06-01 10:49:08 -07:00
David Garske
bfe1760c17
Improvements to the ECC max bits calculation used with fast math (USE_FAST_MATH and ALT_ECC_SIZE). Updated example code comments to reflect accurate calculation.
2020-06-01 10:48:52 -07:00
toddouska
9c73a4bdbc
Merge pull request #3009 from embhorn/zd10358
...
Fix OOB access in RsaUnPad
2020-06-01 09:29:10 -07:00
Chris Conlon
aeefc09579
Merge pull request #3013 from miyazakh/fix_espidf_buildfail
...
fix build failrue on esp-idf
2020-06-01 09:56:29 -06:00
Hideki Miyazaki
5f783f0198
fix build failrue on esp-idf
2020-05-30 15:19:37 +09:00
toddouska
63a1ccda9b
Merge pull request #3012 from SparkiDev/ecc_mulmod_fix
...
Fix ecc mulmod to only do one more bit than modulus len
2020-05-29 13:07:18 -07:00
toddouska
2ee8f335b7
Merge pull request #2992 from SparkiDev/tls13_enc_alert_2
...
Actually make TLS 1.3 alerts encrypted when possible
2020-05-29 13:04:49 -07:00
Sean Parkinson
2eb9e05518
Fix ecc mulmod to only do one more bit than modulus len
2020-05-29 11:21:37 +10:00
David Garske
e498e07390
Merge pull request #3005 from cconlon/608a
...
ATECC608A improvements for use with Harmony 3 and PIC32MZ
2020-05-28 16:10:39 -07:00
David Garske
10a1cad2dc
Fix for TFM _fp_exptmod_nct with WOLFSSL_NO_MALLOC.
2020-05-28 15:15:52 -07:00
David Garske
fd51eecb4f
Fix for using signature wrapper with WOLFSSL_NO_MALLOC. Improve wc_SignatureVerifyHash to use RSA verify inline.
2020-05-28 15:12:01 -07:00
David Garske
7ce7d244f8
Fix for using static memory AES GCM test.
2020-05-28 15:12:01 -07:00
toddouska
5962931b21
Merge pull request #2947 from SparkiDev/tls13_integ_fix
...
Fix TLS 1.3 integrity only for interop
2020-05-28 13:48:43 -07:00
toddouska
5360783d7e
Merge pull request #3003 from JacobBarthelmeh/Testing
...
fix for gcc 10+ error on snprintf
2020-05-28 13:28:30 -07:00
Eric Blankenhorn
233a5ca6b8
Fix OOB access
2020-05-28 14:14:19 -05:00
Eric Blankenhorn
4e8f5fce66
Fix NULL dereference error
2020-05-28 12:17:29 -05:00
Eric Blankenhorn
91fb6216a9
Fix OOB access
2020-05-28 09:39:44 -05:00
David Garske
99d8be4f4d
Merge pull request #3002 from ejohnstown/bump-minor-ver
...
Bump Patch Version
2020-05-27 21:09:38 -07:00
Sean Parkinson
3fec01c0aa
Actually make TLS 1.3 alerts encrypted when possible
...
Pervious fix didn't work.
This time, if TLS 1.3 and encryption is on then it will encrypt the
alert.
2020-05-28 10:57:33 +10:00
Sean Parkinson
8dee048b04
Define to allow badly formed ASN integers
...
Define: WOLFSSL_ASN_INT_LEAD_0_ANY
Allows positive integers to have a leading 0 byte.
DER/BER encoding specifies that leding 0 only on negative numbers
(highest bit of first octet set).
2020-05-28 08:50:21 +10:00
Chris Conlon
896fcd9aec
add WOLFSSL_ATECC6088A, Trust&GO support, PIC32 HAL compatibility, 608A expansions
2020-05-27 16:49:29 -06:00
Chris Conlon
8ebd121cac
add extern prototype for PIC32 pic32_time()
2020-05-27 16:46:40 -06:00
Chris Conlon
d8a6d16f72
add MICROCHIP_TCPIP_BSD_API for using Microchip TCP/IP with BSD API
2020-05-27 16:46:40 -06:00
Chris Conlon
b8e1fe666b
include errno.h with MICROCHIP_PIC32 for GetLastError use
2020-05-27 16:46:40 -06:00
Sean Parkinson
1cc9a8ffbf
Merge pull request #3001 from DKubasekRA/DKubasekRA-fix-ctMask16LT
...
Reverted comparison in ctMask16LT
2020-05-28 08:24:48 +10:00
JacobBarthelmeh
8e9f518caa
fix for gcc 10+ error on snprintf
2020-05-27 16:20:39 -06:00
John Safranek
19fba3648c
Bump Patch Version
...
1. Increase the patch level of the version number in configure.ac.
2. Added a template for the next version in ChangeLog.md.
3. Bumped version.h.
2020-05-27 10:11:58 -07:00
DKubasekRA
5ef738855c
Reverted comparison in ctMask16LT
2020-05-27 10:43:36 +02:00
toddouska
e388885407
Merge pull request #2997 from kaleb-himes/ZD10356
...
Fix a seg fault when cert not loaded prior to key check
2020-05-26 16:19:43 -07:00
toddouska
c5ebf23c25
Merge pull request #2994 from JacobBarthelmeh/Xilinx
...
add additional sanity check on pointer before free
2020-05-26 16:18:58 -07:00
Kaleb Himes
5179503e8f
Merge pull request #2995 from julek-wolfssl/va-copy-check
...
Enable wolfSSL_BIO_vprintf on Windows
2020-05-26 08:58:05 -07:00
Sean Parkinson
eed5943b6f
Fix TLS 1.3 integrity only for interop
...
Make key size the size of the digest.
2020-05-25 16:02:53 +10:00
Chris Conlon
165fce7c57
Merge pull request #2988 from miyazakh/peakmem
...
added WOLFSSL_LEAVE for measuring peak memory script
2020-05-22 15:37:30 -06:00
kaleb-himes
53d2a17b43
Fix a seg fault when cert not loaded prior to key check
2020-05-22 15:03:11 -06:00
Juliusz Sosinowicz
de61a8e5d3
Enable wolfSSL_BIO_vprintf on Windows
...
Enable wolfSSL_BIO_vprintf use with WOLFSSL_BIO_MEMORY and WOLFSSL_BIO_SSL on Windows with the HAVE_VA_COPY flag
2020-05-21 19:41:40 +02:00
toddouska
d27c023dd9
Merge pull request #2983 from dgarske/stm_stdperilib
...
Fixes for building with STM32 StdPeriLib and CubeMX
2020-05-21 10:39:36 -07:00
Jacob Barthelmeh
cd1a50bfb6
add additional sanity check on pointer before free
2020-05-21 11:19:17 -06:00
Juliusz Sosinowicz
a67e1fc2ad
Fix implicit conversions
2020-05-21 13:20:42 +02:00
Juliusz Sosinowicz
70c55ce30a
Set offset in cipher struct
2020-05-21 12:51:23 +02:00
Juliusz Sosinowicz
986c8f351c
Fix leak in SetIndividualInternal
...
SetIndividualInternal should not do mp_init on mpi since it should have been zero'ed during allocation and if it isn't zero'ed then it must mean that memory has already been allocated to it
2020-05-20 20:34:45 +02:00
David Garske
363b9528af
Fix for STM32 AES only (L4) AES Decrypt Direct (ECB).
2020-05-20 11:23:14 -07:00
David Garske
de4d2e6436
Fix for CubeMX HAL headerSize (older CubeMX HAL uses actual bytes, not multiple of 32-bit). Fix for GMAC case in STM32_CRYPTO_AES_ONLY.
2020-05-20 10:49:26 -07:00
toddouska
a6f5bc84e6
Merge pull request #2987 from JacobBarthelmeh/Xilinx
...
Update for RSA calls to Xilsecure
2020-05-20 09:03:52 -07:00
toddouska
516f329f23
Merge pull request #2975 from JacobBarthelmeh/Testing
...
init FP mutex on wolfCrypt init
2020-05-20 09:01:46 -07:00
David Garske
19848076ec
Merge pull request #2986 from kaleb-himes/ZD9610_REPORT2
...
Fix building with openssl extra x509 small writes to heap without alloc
2020-05-20 08:10:43 -07:00
Juliusz Sosinowicz
5f7832909b
BIO_new_mem_buf with negative len should take strlen of buf as len
2020-05-20 16:55:16 +02:00
Juliusz Sosinowicz
4a85bf8108
Additional OpenSSL compat layer stuff
...
- Add X509_get0_notBefore and X509_get0_notAfter
- Implement EVP_PKEY_get0_DSA and DSA_bits
- OpenSSL_version now prints "wolfSSL $VERSION"
- Remove define guards in `wolfSSL_internal_get_version` as all protocols are defined regardless in `wolfssl/internal.h`and this function just returns the string description of the protocol
2020-05-20 16:55:16 +02:00
JacobBarthelmeh
d09b947478
update for test case and sha3
2020-05-19 19:27:38 -06:00
JacobBarthelmeh
03ed495f84
free temporary buffer
2020-05-19 19:27:29 -06:00
JacobBarthelmeh
6a7a8fa5b7
updated RSA calls to Xilsecure
2020-05-19 19:27:21 -06:00
David Garske
2033be9aed
Fixes for building against older STM32 CubeMX HAL.
2020-05-19 17:42:36 -07:00
David Garske
13e6462ea7
Fixes for build with STM32 Standard Periperal Library (StdPeriLib).
2020-05-19 17:42:36 -07:00
David Garske
99ebae9f7c
Merge pull request #2985 from cconlon/iarwarn
...
fix minor IAR warnings in test.c
2020-05-19 16:42:47 -07:00
kaleb-himes
08c02b037c
Fix building with openssl extra x509 small writes to heap without alloc
2020-05-19 17:12:36 -06:00
toddouska
0af4e76c40
Merge pull request #2978 from SparkiDev/curve448_cast
...
Curve448 - cast down
2020-05-19 15:55:32 -07:00
toddouska
7901f74d0b
Merge pull request #2977 from SparkiDev/tlsx_ks_ecc_fix
...
KeyShare ECC shift index range check
2020-05-19 15:49:41 -07:00
toddouska
754c96965a
Merge pull request #2974 from SparkiDev/tls13_enc_alert
...
If encryption setup, TLS 1.3 alerts encrypted
2020-05-19 15:48:54 -07:00
Chris Conlon
9efd9afdfb
fix minor IAR warnings in test.c
2020-05-19 14:12:13 -06:00
toddouska
45def39c18
Merge pull request #2972 from ejohnstown/portability
...
Script Portability
2020-05-18 14:53:27 -07:00
John Safranek
ba9fd89314
Script Portability
...
1. The openssl interop test script should check that it should run before
doing anything else.
2. The process to create a random port number was using a non-portable
option to the head command. Changed to use the od tool reading from
/dev/random.
3. Ran into a sed that doesn't use the -i option, so changed it to cp its
own bak file and sed from that.
2020-05-18 09:04:41 -07:00
Sean Parkinson
adb3bdd26e
Curve448 - cast down
2020-05-18 09:07:20 +10:00
Sean Parkinson
5b918f7ace
KeyShare ECC shift index range check
2020-05-18 08:49:38 +10:00
toddouska
c4fee4ce38
Merge pull request #2969 from julek-wolfssl/fix-lut-cache
...
Fix LUT cache implementation
2020-05-15 15:15:18 -07:00
Jacob Barthelmeh
b615dbe9d5
add additional FP_ECC lock sanity check for case where wolfCrypt_Init is not called
2020-05-15 11:50:05 -06:00
toddouska
684654cd25
Merge pull request #2962 from tmael/fips_solaris
...
FIPS on Solaris
2020-05-15 10:15:09 -07:00
toddouska
bdddb00ebc
Merge pull request #2973 from kaleb-himes/FIPS-OE6
...
for OE6 sp_arm32.c asm code is inlined in rsa.c and ecc.c
2020-05-14 10:55:54 -07:00
toddouska
91bfa31f70
Merge pull request #2968 from dgarske/stm32_hal_v2
...
Fixes for STM32 CubeMX HAL with AES GCM
2020-05-14 10:55:04 -07:00
toddouska
fbfb28d5ee
Merge pull request #2926 from SparkiDev/tls13_failnocert
...
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-05-14 10:53:18 -07:00
Tesfa Mael
f894d4c0d2
FIPS on Solaris
2020-05-14 10:11:54 -07:00
Juliusz Sosinowicz
24634a02c9
Fix comment
2020-05-14 10:54:45 +02:00
toddouska
88b8ea04f6
Merge pull request #2971 from SparkiDev/sp_cortexm_comment
...
Fix SP Cortex-M ASM comments
2020-05-13 16:30:14 -07:00
toddouska
902e3a2d97
Merge pull request #2970 from SparkiDev/sp_arm32_divw
...
Fix div word in SP ARM32
2020-05-13 16:29:31 -07:00
toddouska
6f750c07b5
Merge pull request #2964 from SparkiDev/tls13down_tls12
...
Only check downgrade when TLS 1.2 and no flag set
2020-05-13 16:25:02 -07:00
JacobBarthelmeh
1876fe1c22
init FP mutex on wolfCrypt init
2020-05-13 13:59:35 -07:00
Sean Parkinson
0295b5ae3b
If encryption setup, TLS 1.3 alerts encrypted
2020-05-13 16:14:47 +10:00
Sean Parkinson
57756bfa8d
Remove unused 4096-bit functions
2020-05-13 10:23:05 +10:00
kaleb-himes
9a8fc94181
for OE6 sp_arm32.c asm code is inlined in rsa.c and ecc.c
2020-05-12 16:28:39 -06:00
David Garske
778b5dd9d5
Fixes for STM32 CubeMX HAL with AES GCM. Fix AES GCM authentication header size, which expects size as number of 32-bit values. Fix the authentication size round up logic. Fix to use software for authentication tag if authentication data size is not multiple of 4. Fix to ensure 32-bit aligned buffers are used.
2020-05-12 08:27:43 -07:00
Sean Parkinson
786e21b107
Fix SP Cortex-M ASM comments
2020-05-12 23:28:39 +10:00
Sean Parkinson
479b54e78e
Fix div word in SP ARM32
2020-05-12 23:14:57 +10:00
Juliusz Sosinowicz
3d2cbdd3e8
Fix LUT cache implementation
...
- Make sure that the cache is actually set (and not just depend on the LRU_count)
- test_wolfSSL_EC should also be run without ECC_SHAMIR
2020-05-12 13:48:59 +02:00
toddouska
6c9a0e440e
Merge pull request #2959 from dgarske/wpas_tiny
...
Added wpa_supplicant support with reduced code size option
2020-05-11 08:55:22 -07:00
Sean Parkinson
ed4899dd91
Only check downgrade when TLS 1.2 and no flag set
...
The flag, SSL_OP_NO_TLSv1_2, indicates not to negotiate TLS v1.2.
2020-05-11 13:18:50 +10:00
Sean Parkinson
7c98451f24
Merge pull request #2961 from kaleb-himes/WOLFSSL_EXAMPLES
...
Fix failing build for rsa_verify_only example
2020-05-11 09:31:31 +10:00
Hideki Miyazaki
5dfc36d32a
added WOLFSSL_LEAVE for measuring peak memory script
2020-05-09 17:03:17 +09:00
JacobBarthelmeh
81dc0ac56f
Merge pull request #2956 from tmael/hkdf
...
Check HKDF-Expand length of output <= 255*HashLen
2020-05-08 16:36:40 -06:00
kaleb-himes
82c86447e7
Fix failing build for rsa_verify_only example
2020-05-08 16:18:30 -06:00
David Garske
51b5f84d00
Merge pull request #2938 from JacobBarthelmeh/Xilinx
...
add Xilinx Vitis 2019.2 example and update README
2020-05-08 15:05:19 -07:00
David Garske
10aa8a4ffc
Added support --enable-wpas=small for reduced code size when building against the WPA supplicant with EAP-TLS. This does not use OPENSSL_EXTRA, which helps reduce code size.
2020-05-08 13:38:26 -07:00
toddouska
6b930d996c
Merge pull request #2958 from julek-wolfssl/ASN_IP_TYPE-without-openssl
...
Support IP alternative subject name without OpenSSL
2020-05-08 13:27:27 -07:00
toddouska
4a44b7b781
Merge pull request #2954 from SparkiDev/sp_rsa_pq_len
...
Only use SP for RSA private operations if P and Q half bits
2020-05-08 08:30:30 -07:00
Juliusz Sosinowicz
b5886e0e37
Add option --enable-ip-alt-name
...
This commit adds the configure option `--enable-ip-alt-name` that enables support for the IP alternative subject name parsing in `wolfcrypt/src/asn.c:DecodeAltNames`.
2020-05-08 13:20:24 +02:00
Tesfa Mael
b39e384cfd
Review comment
2020-05-07 13:39:53 -07:00
toddouska
cb0fb88e44
Merge pull request #2955 from JacobBarthelmeh/Testing
...
fix for scep build without aes
2020-05-07 08:44:39 -07:00
toddouska
3ef7e588d2
Merge pull request #2932 from kaleb-himes/ZD10223
...
Fix building with one-side only tls13/dtls
2020-05-07 08:43:36 -07:00
David Garske
943f6c4447
Merge pull request #2957 from SparkiDev/sp_c_cr_fix
...
SP C: Fix array size for cache resistant modexp
2020-05-07 06:26:39 -07:00
Juliusz Sosinowicz
9e68de0fb7
Add test certs for ASN_IP_TYPE
2020-05-07 11:52:49 +02:00
Sean Parkinson
b331804c27
SP C: Fix array size for cache resistant modexp
2020-05-07 10:00:14 +10:00
Jacob Barthelmeh
6619db580d
fix for scep build without aes
2020-05-06 16:58:54 -06:00
Tesfa Mael
2ab478f8fd
Check length of output <= 255*HashLen
2020-05-06 15:47:39 -07:00
Sean Parkinson
c4af5db4b9
Only use SP for RSA private operations if P and Q half bits
2020-05-07 08:46:48 +10:00
JacobBarthelmeh
c962aa4181
add sprj file
2020-05-06 12:13:22 -07:00
toddouska
be3c39ed1c
Merge pull request #2948 from JacobBarthelmeh/SanityChecks
...
update armv8 aes gcm sanity checks
2020-05-06 10:31:09 -07:00
Jacob Barthelmeh
3b6b59cea0
add 2019.2 Xilinx example and update README
...
fix to remove xml extension
add missing project file
update project
update dist include
rm prj files
2020-05-06 09:54:06 -06:00
toddouska
5e45767cc3
Merge pull request #2943 from JacobBarthelmeh/Testing
...
check on length of unwrap before memmove
2020-05-05 11:09:06 -07:00
Jacob Barthelmeh
0f6fef8384
update armv8 aes gcm sanity checks
2020-05-05 09:47:05 -06:00
Sean Parkinson
74040c62af
Merge pull request #2944 from dgarske/sp_cacheres
...
Fixes for C32/C64 SP math with `WOLFSSL_SP_CACHE_RESISTANT`
2020-05-05 10:43:00 +10:00
Sean Parkinson
09bc460c2e
Merge pull request #2946 from dgarske/gcc9
...
Fix for GCC9 warning
2020-05-05 10:29:56 +10:00
David Garske
8161dfe3aa
Fix for GCC9 warning.
...
```
src/tls.c:201:13: note: in expansion of macro 'XSTRNCMP'
201 | if (XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
| ^~~~~~~~
In file included from src/tls.c:33:
./wolfssl/internal.h:4312:19: note: referenced argument declared here
4312 | static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
| ^~~~~~
```
2020-05-04 15:07:28 -07:00
David Garske
174b4d5159
Cleanup of SP with small stack. Expand support for WOLFSSL_SP_NO_MALLOC. Fix for evp.c when included directly.
2020-05-04 14:23:32 -07:00
Chris Conlon
df067b6781
Merge pull request #2919 from kaleb-himes/ZD10194
...
Fix for Freescale common examples that predated hardening warning
2020-05-04 13:43:07 -06:00
kaleb-himes
62d67c3da1
Don't need if not using TLS 1.2
2020-05-04 12:54:36 -06:00
toddouska
da01961254
Merge pull request #2939 from JacobBarthelmeh/SanityChecks
...
sanity check on PemToDer type
2020-05-04 11:26:33 -07:00
toddouska
d848495a66
Merge pull request #2937 from dgarske/wolfio_tcpcon_fd
...
Fix issue with failed TCP connect using invalid socket file descriptor
2020-05-04 11:22:54 -07:00
David Garske
8e0f5ef8ce
Fixes for WOLFSSL_SP_CACHE_RESISTANT with small stack.
2020-05-04 11:22:12 -07:00
David Garske
c28ad38b16
Fix for cast issue caused by PR #2900 . Applies to WOLFSSL_SP_CACHE_RESISTANT and c32/c64 versions only.
2020-05-04 10:49:59 -07:00
Jacob Barthelmeh
082e51d778
check on length of unwrap before memmove
2020-05-04 10:32:05 -06:00
Jacob Barthelmeh
9f735b4d6e
sanity check on PemToDer type
2020-05-01 16:41:18 -06:00
toddouska
3944c8eb73
Merge pull request #2935 from ejohnstown/hush-tfm
...
Hush TFM Warnings
2020-05-01 08:26:42 -07:00
David Garske
31502ec3f9
Fix issue with failed TCP connect using invalid socket file descriptor on close. Fixes #2936
2020-05-01 07:32:00 -07:00
John Safranek
b6bd86d2b1
TFM Warnings
...
When building in VS, the MSC will complain about some constants getting
implicitly promoted to 64-bit. Added some type-casts to hush the warnings.
2020-04-30 19:43:18 -07:00
toddouska
f772bc8d9a
Merge pull request #2923 from dgarske/pic32mz
...
Fixes for PIC32MZ crypto hardware cache and large hash
2020-04-30 16:22:13 -07:00
toddouska
df9dd3012f
Merge pull request #2934 from SparkiDev/tls13_cookie_ks
...
TLS13: Prepend the SupportedVersions extension to list
2020-04-30 14:58:11 -07:00
toddouska
a1489d981c
Merge pull request #2930 from JacobBarthelmeh/SanityChecks
...
check on tag length for AES-CCM
2020-04-30 14:51:20 -07:00
Sean Parkinson
7879d3762a
TLS13: Prepend the SupportedVersions extension to list
...
Must have SupportedVersions at start of list for Cookie to be
constructed correctly.
Application can set the key share extension before handshake and
SupportedVersions will be added after. Extensions written in order of
adding to list.
Prepend SupportedVersions so that it will always appear in the correct
place so when reconstructing HelloRetryRequest, the extensions will
always be in the same order.
2020-04-30 08:46:23 +10:00
Jacob Barthelmeh
505fbed4df
fix AES-CCM tag size check on decryption
2020-04-29 15:15:54 -06:00
toddouska
7e267546cb
Merge pull request #2933 from SparkiDev/tls13_rsa8192
...
Allow TLS 1.3 CertificateVerify to handle 8192-bit RSA
2020-04-29 11:24:44 -07:00
Sean Parkinson
390f066028
Allow TLS 1.3 CertificateVerify to handle 8192-bit RSA
2020-04-29 12:37:41 +10:00
Sean Parkinson
e9b433a998
Merge pull request #2928 from julek-wolfssl/evp-aes-gcm-fix
...
Fix AES-GCM in EVP layer to have compatiblity with OpenSSL
2020-04-29 09:00:04 +10:00
Jacob Barthelmeh
b73e52f33f
move AES-CCM tag check into a local function
2020-04-28 14:46:06 -06:00
kaleb-himes
951cb4aaf4
Fix building with one-side only tls13/dtls
2020-04-28 14:33:00 -06:00
toddouska
f770d28ff0
Merge pull request #2916 from dgarske/testfixes
...
Improvements to ECC key decode and tests
2020-04-28 09:57:44 -07:00
toddouska
a585e4115e
Merge pull request #2927 from SparkiDev/tls13_ccs
...
In TLS 1.3, don't allow multiple ChangeCipherSpecs in a row
2020-04-28 09:52:46 -07:00
toddouska
cb6fc56f3b
Merge pull request #2921 from dgarske/fixes_g++
...
Fixes for G++ and enable-all
2020-04-28 09:51:34 -07:00
Juliusz Sosinowicz
c02c408409
Only 80 characters a line
2020-04-28 12:38:02 +02:00
Sean Parkinson
a104caef13
Merge pull request #2929 from dgarske/sp_rsalowmem
...
Fix for SP math with `RSA_LOW_MEM` (ARM only)
2020-04-28 08:43:31 +10:00
Jacob Barthelmeh
c85a53c631
add macro guard for fips and selftest builds
2020-04-27 15:36:53 -06:00
David Garske
6185e0f477
Remove execute bit on files.
2020-04-27 11:16:02 -07:00
David Garske
327cdefc24
Fix for SP math with RSA_LOW_MEM, which was broken in PR #2892 .
2020-04-27 08:59:54 -07:00
Juliusz Sosinowicz
01a6dded72
Fix AES-GCM in EVP layer to have compatiblity with OpenSSL
...
- Tag checking in AES-GCM is done in Final call
- Reset `WOLFSSL_EVP_CIPHER_CTX` structure after Final call
- Don't zero `ctx->authTag` struct in Init call so that user can get the AES-GCM tag using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag)`
- `ctx->authTag` is only zeroed before authenticated, non-confidential data Update call since this means we are entering a new Udate-Final cycle. This doesn't need to be done in the decrypt case since the tag should be supplied by the user before the final call using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)`
2020-04-27 15:52:01 +02:00
David Garske
1e726e19a4
Fix for XMALLOC cast.
2020-04-27 06:48:41 -07:00
Sean Parkinson
c153873337
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-04-27 16:17:03 +10:00
Sean Parkinson
df1b7f34f1
In TLS 1.3, don't allow multiple ChangeCipherSpecs in a row
2020-04-27 15:27:02 +10:00
David Garske
3c93a7b757
Fix Value stored to 'ret' is never read.
2020-04-24 11:31:12 -07:00
David Garske
a4caa42793
Improve the Base64 line size for NO_ASN case. Fix report of unread ret.
2020-04-24 11:26:55 -07:00
David Garske
589712f870
PIC32MZ Fix for cache coherency to enable write-through (no write allocation) to resolve descriptor corruption. ZD 10212.
2020-04-24 09:13:28 -07:00
David Garske
0f11369680
PIC32MZ Fix for WOLFSSL_PIC32MZ_LARGE_HASH: Only submit to hardware if update data provided matches expected. ZD 10211.
2020-04-24 09:01:51 -07:00
David Garske
cfc0aeb857
Fix for RSA and KeyGen only in test.c.
2020-04-24 08:56:31 -07:00
David Garske
41fc208195
Fixes for isHMAC checks.
2020-04-24 08:51:56 -07:00
David Garske
5fa7bb5b9f
Fix possible unused args.
2020-04-24 07:48:41 -07:00
David Garske
6d025f8c0f
Refactor of the EVP macType to use enum wc_HashType to resolve issues with invalid casting.
2020-04-24 07:43:44 -07:00
TakayukiMatsuo
922ab1e944
Merge remote-tracking branch 'upstream/master' into branch-1
2020-04-24 18:00:29 +09:00
TakayukiMatsuo
bcc408442b
Added test cases for wc_curve25519_key_export_xx
2020-04-24 17:50:17 +09:00
David Garske
28b686a8ca
* Exposed useful sizes MAX_X509_HEADER_SZ and PEM_LINE_SZ
...
* Refactor the PEM saving code in `test.c`, so its not using large 4K buffer and calculates based on DER.
* Enable ECC key generation test even without `WOLFSSL_KEY_GEN`.
* Added `ECC_KEYGEN_SIZE` macro for ECC key generation testing.
* Refactor ECC DER key generation to use `ECC_BUFSIZE`.
2020-04-23 16:11:54 -07:00
David Garske
81f959336b
Added support for important private key DER using wc_EccPublicKeyDecode. Added ECC key generation and decode test case.
2020-04-23 16:07:43 -07:00
David Garske
b07dfa425d
Fixes for ./configure CC="g++" --enable-all && make. Resolves issues with implicit casts and use of reserved template keyword.
2020-04-23 15:26:04 -07:00
David Garske
5376763638
Merge pull request #2913 from SparkiDev/sp_cortexm4_ecc
...
Improve performance of SP Cortex M asm
2020-04-23 09:47:05 -07:00
toddouska
7318121d3a
Merge pull request #2915 from dgarske/async_v4.4.0
...
Fixes for async release v4.4.0
2020-04-23 09:26:08 -07:00
toddouska
54aa50e628
Merge pull request #2912 from SparkiDev/sp_movbe
...
Only use Intel instruction movbe when available
2020-04-23 09:25:02 -07:00
David Garske
6132176715
Merge pull request #2917 from ejohnstown/postrelease
...
Minor wolfCrypt Test Fixes
2020-04-23 07:16:07 -07:00
Sean Parkinson
7a0cbe084e
Improve performance of SP Cortex M asm
2020-04-23 11:05:42 +10:00
John Safranek
a064cb3943
Fix a couple of wolfCrypt test issues found during the long release build test.
2020-04-22 11:30:57 -07:00
toddouska
e116c89a58
Merge pull request #2906 from ejohnstown/release-rollup
...
Release Rollup
2020-04-22 10:43:44 -07:00
David Garske
4592e0ec95
Fix for use of incorrect devId for wolfSSL_SHA3_256_Init.
2020-04-22 10:16:20 -07:00
David Garske
88d04e5eeb
Fix for NULL == NULL test case in test_wolfSSL_EC_get_builtin_curves.
2020-04-22 10:15:52 -07:00
David Garske
36a556f927
Resolve issues with the openssl compatibility CRYPTO_malloc and CRYPTO_free.
2020-04-22 10:15:16 -07:00
kaleb-himes
12e4718c67
Fix for Freescale common examples that predated hardening warning
2020-04-22 11:06:36 -06:00
John Safranek
83152c767f
touch dates
2020-04-21 10:50:59 -07:00
John Safranek
bf680b4a92
Fix for QAT with Shake256. Fix for XFREE missing semicolon.
2020-04-21 10:38:27 -07:00
John Safranek
7b6cc2056b
Update release date in readme and changelog.
2020-04-21 10:21:59 -07:00
John Safranek
ccd096e1bb
Memory Leak Fix
...
1. In `wolfSSL_d2i_DHparams()`, when setting the internal key on a
WOLFSSL_KEY, set the flag inSet.
2. Not a leak, but in `wolfSSL_EVP_PKEY_set1_DH()`, only allocate one
buffer to store the flat key. Saves an alloc, memcpy, and free.
2020-04-21 10:21:59 -07:00
John Safranek
61f3783111
Fixes to test.c for the following build configurations:
...
1. ./configure --disable-rsa --enable-certgen --enable-certreq
2. ./configure --disable-ecc --enable-pkcs7
2020-04-21 10:21:59 -07:00
John Safranek
c134626946
Update credit names on vuln notice in README.
2020-04-21 10:21:59 -07:00
John Safranek
087675e31e
Update the RPM build spec.
2020-04-21 10:21:59 -07:00
John Safranek
4331b7df18
Update the VS library build resource.
2020-04-21 10:21:58 -07:00
John Safranek
bf4f50ab93
Add Azure Sphere file missing from release.
2020-04-21 10:21:58 -07:00
John Safranek
a29eac035b
Update credit for vulnerability report.
2020-04-21 10:21:58 -07:00
John Safranek
836e77508d
Remove notes for reverted DTLS commits.
2020-04-21 10:21:58 -07:00
John Safranek
7cbf496329
Encrypt key requirements check
...
The file wc_encrypt.c offers a function named wc_CryptKey(), which
requires PWDBASED and ASN. Added the check for ASN.
2020-04-21 10:21:58 -07:00
John Safranek
e84cd1a887
Updated the README file and ChangeLog for some spelling and omissions.
2020-04-21 10:21:58 -07:00
John Safranek
27011ff7ff
Release Rollup
...
1. Update configure with the new version.
2. Update the ChangeLog.
3. Update the readme.
2020-04-21 10:21:53 -07:00
Jacob Barthelmeh
231c488ddf
check on tag length for AES-CCM
2020-04-20 13:44:41 -06:00
JacobBarthelmeh
0cfde0794b
Merge pull request #2848 from julek-wolfssl/wpa-supplicant-openssl-compat
...
Added partial support for wpa_supplicant, hostapd, and cjose:
2020-04-20 12:17:55 -06:00
Sean Parkinson
75c14e4c8e
Only use Intel instruction movbe when available
2020-04-20 09:09:45 +10:00
John Safranek
f87f09fcd7
Merge pull request #2910 from embhorn/zd10169
...
Fix forbidden iv length 0 with AES-GCM
2020-04-16 16:01:03 -07:00
Stanislav Klima
8112c81fc5
Added missing NO_CERTS check.
2020-04-16 23:30:11 +02:00
Eric Blankenhorn
6b3642db36
Fix forbidden iv length 0 with AES-GCM
2020-04-16 13:48:56 -05:00
toddouska
75deec250c
Merge pull request #2908 from ejohnstown/dtls-revert
...
DTLS Revert
2020-04-16 09:58:48 -07:00
toddouska
9918ee8b68
Merge pull request #2907 from SparkiDev/sp_arm64_reg
...
SP ARM64 - use fewer registers in mont_reduces
2020-04-16 09:58:07 -07:00
Juliusz Sosinowicz
dd68074104
Fix merge issues
2020-04-16 10:09:15 +02:00
Stanislav Klima
eab451339c
Fixed dereference after null check.
2020-04-16 09:52:02 +02:00
Stanislav Klima
83044d7560
Fixed dereference after null check.
2020-04-16 09:46:15 +02:00
John Safranek
40ea386509
Revert "DTLS Fix"
...
This reverts commit 04dcb8f774
2020-04-15 21:33:33 -07:00
John Safranek
78a9185d0b
Revert "DTLS Fuzz Fix"
...
This reverts commit 70d03f3ba0
2020-04-15 21:33:27 -07:00
Sean Parkinson
da5d9a923b
SP ARM64 - use fewer registers in mont_reduces
2020-04-16 09:20:04 +10:00
Juliusz Sosinowicz
36403c1dad
Merge remote-tracking branch 'wolfSSL/master' into wpa-supplicant-openssl-compat
2020-04-15 16:55:03 +02:00
Stanislav Klima
314ff1137b
Fixed resource leak.
2020-04-15 16:29:11 +02:00
Stanislav Klima
68a2e03bd4
Fixed resource leak.
2020-04-15 16:27:34 +02:00
Stanislav Klima
1a80975d9e
Fixed resource leaks.
2020-04-15 15:47:32 +02:00
Stanislav Klima
e19334266e
This function is required by HAVE_PK_CALLBACKS option and it's used by server as well.
2020-04-15 14:43:12 +02:00
Stanislav Klima
74893edaf0
Fix of size constraint for parsing.
2020-04-15 14:36:36 +02:00
Juliusz Sosinowicz
1d3fd5cd07
Code review
...
- make `wc_ecc_export_point_der_compressed` a local function
- use `int` for `shortKeySize` in `wc_ecc_import_point_der_ex`
- check for null return value from `wolfSSL_OBJ_nid2obj` and `wolfSSL_d2i_PUBKEY`
- add comments to `ssl.c`
- check `lnlen` in `wolfSSL_OBJ_ln2nid`
2020-04-15 12:53:38 +02:00
toddouska
ebb490204a
Merge pull request #2898 from embhorn/zd9856
...
Fix EVP API to return NID types / SHA3 for RSA sign
2020-04-14 16:09:00 -07:00
toddouska
f97a56b9ce
Merge pull request #2905 from ejohnstown/dtls-fuzz
...
DTLS Fuzz Fix
2020-04-14 14:19:09 -07:00
Eric Blankenhorn
d9472b895f
Fix conflicts after rebase
2020-04-14 15:24:52 -05:00
Eric Blankenhorn
19ca00bcd4
Adding support for SHA3 in wolfSSL_RSA_sign_ex
2020-04-14 14:31:00 -05:00
Eric Blankenhorn
1487917214
Fix EVP_MD_CTX_type to return NID
2020-04-14 14:27:21 -05:00
Eric Blankenhorn
be437c0bd2
Fix EVP API to use NID instead of WC_ types
2020-04-14 12:47:10 -05:00
John Safranek
70d03f3ba0
DTLS Fuzz Fix
...
Only save a next epoch message if it is in the next epoch, not any future epoch.
2020-04-14 10:13:37 -07:00
toddouska
9c1b90170a
Merge pull request #2903 from SparkiDev/test_4096
...
Fix testing using 4096 bits keys and parameters
2020-04-14 09:25:00 -07:00
toddouska
06c6e583c8
Merge pull request #2891 from julek-wolfssl/refactor-evp-functions
...
Move EVP functions to evp.c
2020-04-14 09:22:51 -07:00
toddouska
a2892f66c0
Merge pull request #2889 from JacobBarthelmeh/SanityChecks
...
sanity check on input length before secure renegotiation compare
2020-04-14 09:21:29 -07:00
David Garske
b6d6b1db77
Added new DH 4096-bit key to gencertbuf.pl.
2020-04-14 07:11:07 -07:00
Juliusz Sosinowicz
dad0bc0159
Keep compatibility with old OPENSSL_EXTRA_X509_SMALL functions
2020-04-14 12:52:23 +02:00
Juliusz Sosinowicz
0b3a331265
Revert wc_OBJ_sn2nid
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz
0ded4d4ccb
wolfSSL_RSA_*_PKCS1_PSS rewrite
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz
89f7a51838
Add option to enable DPP support in wpa_supplicant (note DPP not yet supported as of this commit)
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz
20e669a65a
New API
...
Add `wc_ecc_import_point_der_ex` for correct importing DER ECC point and keep `wc_ecc_import_point_der` old functionality
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz
dbe4e778d3
Test fixes
...
- Add `parameter` to `WOLFSSL_X509_ALGOR`
- Implement `wolfSSL_ASN1_TYPE_new`, `wolfSSL_ASN1_TYPE_free`, and `wolfSSL_ASN1_TYPE_set`
- Fix leak where `pval` in `wolfSSL_X509_ALGOR_set0` was lost if `aobj` was provided
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz
18093a6b0b
Code review changes
...
- Don't include `ENABLED_OPENSSLALL` with `ENABLED_WPAS`
- Return length in `wolfSSL_i2d_DHparams`
- Implement `wolfSSL_EC_POINT_mul` with independent multiplication and addition if `ECC_SHAMIR` not defined
- Implment `ASN1_SIMPLE` without `offsetof` by using a dummy struct
- Style fixes
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz
9722082372
Fix nid2* and *2nid functions
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz
eb549f7095
Test fixes
2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz
ef5eefac91
Test fixes
2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz
b4d9007a48
Test fixes
...
Config fixes
Fix windows FIPS
2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz
680a481e61
Test fixes
...
Remove redundant macros
2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz
9ced70edc1
Test fixes
...
Free `x509->key.pkey` in `FreeX509
Fix type conversions
Fix memory leaks and use of uninitialized memory
2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz
73b4d78d5b
Added partial support for wpa_supplicant, hostapd, and cjose:
...
- Moved `SetECKeyInternal` and `SetECKeyExternal` to `internal.h` to allow usage outside of `ssl.c`
- Added `asn1t.h`
- Implemented the `IMPLEMENT_ASN1_FUNCTIONS` macro for a small subset of ASN1 tags
-- So far only `X509_ALGOR` and `ASN1_BIT_STRING` are supported
- Implemented `BN_mod_add` function
- Allow for setting of `EC_KEY` export form through EC_KEY_set_conv_form
- Implemented `i2o_ECPublicKey`
- Implemented `EC_POINT_copy`
- Implemented deriving DH and ECDH keys in `EVP_PKEY_CTX`. Functions added:
-- `EVP_PKEY_derive_init`
-- `EVP_PKEY_derive_set_peer`
-- `EVP_PKEY_derive`
- Implemented `EVP_PKEY_get0_DH`
- Implemented `X509_ALGOR_new`
- Implemented `X509_ALGOR_free`
- Implemented `X509_ALGOR_set0`
- Implemented `X509_PUBKEY_new`
- Implemented `X509_PUBKEY_free`
- Implemented `X509_PUBKEY_set`
- Implemented `RSA_padding_add_PKCS1_PSS`
- Implemented `RSA_verify_PKCS1_PSS`
- Changed second parameter of `wolfSSL_d2i_PUBKEY` to be constant
- Corrected long names in `asn.h`
- Added `wc_ecc_get_generator` as a way to get the generator point of a curve
- Added `wc_ecc_export_point_der_ex` to export an ECC point in compressed or uncompressed format with one API
- Added `wc_ecc_export_point_der_compressed` to export a point in an `ecc_point` structure in compressed DER format
- Added 'wc_RsaSSL_Verify_ex` which adds the option to choose a padding type
- Added `wc_RsaPad_ex` and `wc_RsaUnPad_ex` to `rsa.h` as `WOLFSSL_LOCAL` functions
- `CopyDecodedToX509` now fills `x509->key` and `x509->algor` when populating x509
- `wolfSSL_EVP_CipherInit` now uses `wc_AesGcmSetExtIV` to set the IV so that it is copied to `ctx->iv` by `wolfSSL_StoreExternalIV`
- Added error checking to `wolfSSL_EVP_PKEY_get_der`
- `wolfSSL_X509_ALGOR_get0` now attempts to return something in all parameters
- Refactored `wolfSSL_EC_KEY_new` to use `*_new` functions when available
- Added `setupPoint` to set the internal point if not yet set
- Always set external point in `wolfSSL_ECPoint_d2i`
- Added compressed point support to `wolfSSL_EC_POINT_point2oct`
- Fix `wolfSSL_EC_POINT_mul` so that it will calculate the full `generator * n + q * m` then OpenSSL does
- Added `WOLFSSL_RSA_GetRNG` helper function to get a `WC_RNG` from `WOLFSSL_RSA`
- Correct short names in `wolfssl_object_info`
- Added all currently supported curves to `wolfssl_object_info`
- Added `oidCurveType` to `oid2nid`
- Add more padding types to `wolfSSL_RSA_public_decrypt`
- Fix `keysize` in `wc_ecc_import_point_der`
- Added tests for new additions
2020-04-14 11:45:32 +02:00
Sean Parkinson
ba401c9bde
Fix testing using 4096 bits keys and parameters
...
RSA PKCS #1.5 padding for signing is not reliant on a random.
2020-04-14 12:03:51 +10:00
Sean Parkinson
416f0775d3
Merge pull request #2900 from dgarske/sp_no_malloc
...
Added option to build SP small without malloc
2020-04-14 09:40:11 +10:00
toddouska
3cb0c600ba
Merge pull request #2894 from SparkiDev/ecc_cr_fix
...
Change constant time and cache resistant ECC mulmod
2020-04-13 16:36:22 -07:00
JacobBarthelmeh
f309173518
Merge pull request #2899 from embhorn/zd9564
...
Adding check for invalid SAN ext with no entries
2020-04-13 15:31:06 -06:00
toddouska
ee0289bea6
Merge pull request #2825 from julek-wolfssl/self-include-options
...
OpenVPN changes
2020-04-13 13:11:18 -07:00
toddouska
aadec345ab
Merge pull request #2871 from vaintroub/master
...
Fix clang warnings (issue #2870 )
2020-04-13 09:02:51 -07:00
David Garske
1f5a7bffaa
Build fixes for WOLFSSL_NO_MALLOC in wolfCrypt test.
2020-04-13 07:39:06 -07:00
David Garske
b01ce168ea
Fixes for SP small with no malloc in sp_256_ecc_mulmod_10 and sp_384_ecc_mulmod_15.
2020-04-13 07:19:06 -07:00
toddouska
4748254b60
Merge pull request #2896 from embhorn/zd9916
...
Fix wc_KeyPemToDer with PKCS1 and empty key
2020-04-10 15:38:07 -07:00
David Garske
d412ccb6f8
Added new option WOLFSSL_SP_NO_MALLOC for building small SP without malloc. Added SP documentation. Added ./configure --enable-sp=yes,nomalloc supprt. https://github.com/wolfSSL/scripts/pull/79
2020-04-10 11:13:55 -07:00
Eric Blankenhorn
8644fdca7d
Update from review
2020-04-10 08:29:31 -05:00
Sean Parkinson
ffd06e359f
Change constant time and cache resistant ECC mulmod
...
Ensure points being operated on change to make constant time.
2020-04-10 09:28:20 +10:00
toddouska
0a40bbe2a9
Merge pull request #2897 from ejohnstown/omit-omit
...
Omit -fomit-frame-pointer from CFLAGS
2020-04-09 16:01:34 -07:00
toddouska
cf8459e518
Merge pull request #2892 from SparkiDev/cppcheck_fixes_4
...
Fixes from cppcheck
2020-04-09 16:01:11 -07:00
Eric Blankenhorn
7d82c4e3f2
Adding check for invalid SAN ext with no entries
2020-04-09 16:49:52 -05:00
Eric Blankenhorn
c3e0575914
Fix from review
2020-04-09 12:52:32 -05:00
Juliusz Sosinowicz
f6b9b2e0eb
Remove redundant guards
2020-04-09 18:26:23 +02:00
toddouska
2bf9dc4037
Merge pull request #2895 from dgarske/qat_tls13
...
Fix for asynchronous TLS v1.3 issue
2020-04-09 09:25:36 -07:00
Juliusz Sosinowicz
9cbbd164e0
Fix test errors
2020-04-09 14:54:09 +02:00
Sean Parkinson
6621465433
Merge pull request #2890 from JacobBarthelmeh/Testing
...
set ChaCha counter state for TLS 1.3 AEAD
2020-04-09 10:28:50 +10:00
John Safranek
7a6de91296
Omit -fomit-frame-pointer from CFLAGS.
2020-04-08 14:06:11 -07:00
Eric Blankenhorn
4d6e33b1dd
Fix wc_KeyPemToDer with PKCS1 and empty key
2020-04-08 11:34:24 -05:00
toddouska
97d798743a
Merge pull request #2893 from SparkiDev/tls13_capable_fix
...
Another place where TLS 1.3 capable check is required
2020-04-08 09:09:19 -07:00
David Garske
5e5af8e93a
Fix for asynchronous TLS v1.3 issue where connect or accept state is incorrectly advanced when there is data to queued to send.
2020-04-08 07:26:21 -07:00
Sean Parkinson
7001599782
Another place where TLS 1.3 capable check is required
2020-04-08 11:36:47 +10:00
Sean Parkinson
411aee6e05
Fixes from cppcheck
...
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
toddouska
9e08efe8e0
Merge pull request #2885 from SparkiDev/sp_x64_ecc_tweak
...
Tweak the SP x86_64 ECC assembly
2020-04-07 14:27:12 -07:00
toddouska
6e8d3f224d
Merge pull request #2888 from SparkiDev/tls13_down_rand
...
Fix downgrade fixed random to match spec
2020-04-07 14:22:07 -07:00
toddouska
690b546260
Merge pull request #2887 from dgarske/nodir
...
Fix for building with `NO_WOLFSSL_DIR`
2020-04-07 14:14:34 -07:00
toddouska
b6f98a3cde
Merge pull request #2886 from kaleb-himes/ZD10106
...
Avoid leak when HAVE_AESGCM and NO_AES_DECRYPT. Thanks to G.G. on ZD …
2020-04-07 14:13:43 -07:00
Juliusz Sosinowicz
4c0ea10e45
Move EVP functions to evp.c
2020-04-07 22:36:50 +02:00
toddouska
ebcf86070d
Merge pull request #2883 from miyazakh/esp_aescounter
...
add aes counter on esp32
2020-04-07 13:24:53 -07:00
toddouska
77b75ef3a2
Merge pull request #2881 from dgarske/ecc_asn
...
Fixes for building ECC without ASN
2020-04-07 13:09:37 -07:00
toddouska
dec111722f
Merge pull request #2880 from SparkiDev/tls_csr_ext_empty
...
GNU TLS server sends empty CSR extension
2020-04-07 13:08:21 -07:00
toddouska
c002df4cce
Merge pull request #2879 from ejohnstown/dtls-fix
...
DTLS Fix
2020-04-07 13:07:30 -07:00
toddouska
154dd552e9
Merge pull request #2877 from SparkiDev/tls_hmac_trunc
...
Allow use of truncated HMAC with TLS_hmac checking
2020-04-07 13:06:36 -07:00
toddouska
65cf5a0d46
Merge pull request #2802 from embhorn/zd9764
...
Fix for bidirectional shutdown
2020-04-07 13:03:54 -07:00
toddouska
f742693062
Merge pull request #2867 from SparkiDev/aes-ccm-aesni
...
For CCM using AES-NI, do 4 blocks at a time if possible
2020-04-07 13:03:23 -07:00
toddouska
4a4f383485
Merge pull request #2842 from julek-wolfssl/set_curve_groups_list
...
Check length to avoid XSTRNCMP accessing memory after `list`
2020-04-07 13:02:18 -07:00
Jacob Barthelmeh
bf332b459b
set ChaCha counter state for TLS 1.3 AEAD
2020-04-07 10:36:23 -06:00
Jacob Barthelmeh
1ce0268477
sanity check on input length before secure renegotiation compare
2020-04-07 10:10:03 -06:00
Sean Parkinson
e6affa386f
Fix downgrade fixed random to match spec
2020-04-07 09:42:08 +10:00
David Garske
31ea4b388c
Fix for building with NO_WOLFSSL_DIR when compatibility layer is enabled. ZD 10117.
2020-04-06 10:33:16 -07:00
kaleb-himes
4ec0591e45
Avoid leak when HAVE_AESGCM and NO_AES_DECRYPT. Thanks to G.G. on ZD #10106 for the report
2020-04-06 09:43:24 -06:00
Juliusz Sosinowicz
06f23223e4
Allow wolfSSL to include options.h with EXTERNAL_OPTS_OPENVPN header
2020-04-06 15:06:15 +02:00
Sean Parkinson
9c67bc2864
For CCM using AES-NI, do 4 blocks at a time if possible
2020-04-06 11:11:28 +10:00
Sean Parkinson
7dad0d3965
Tweak the SP x86_64 ECC assembly
...
Put back fixes undone in previous commits:
- Fix casting warning in SP when mp_digit < sp_digit
- SP fix check for NULL in EC point_new
2020-04-06 11:02:30 +10:00
Hideki Miyazaki
302e1d6818
add aes counter on esp32
2020-04-04 14:04:44 +09:00
David Garske
1831193c20
* Fixes for building ECC without ASN.
...
* Fix to expose `wc_ecc_import_private_key_ex` and its ability to import a private key even when `NO_ASN` is defined.
* Remove execute bit on CSharp files.
2020-04-03 10:55:31 -07:00
Sean Parkinson
c0dc3091e1
GNU TLS server sends empty CSR extension
2020-04-03 16:03:41 +10:00
toddouska
9a1687d00e
Merge pull request #2836 from dgarske/fips_ld
...
Example for FIPS Linker Descriptor (.ld)
2020-04-02 14:28:30 -07:00
toddouska
8128a269f3
Merge pull request #2876 from SparkiDev/sp_arm64
...
Improve speed of AArch64 assembly
2020-04-02 14:26:48 -07:00
Juliusz Sosinowicz
48e40fac2b
OpenVPN changes
...
Include <wolfssl/options.h> in settings.h for OpenVPN
Additional API fixes
2020-04-02 20:23:13 +02:00
toddouska
6126aca387
Merge pull request #2874 from SparkiDev/tls13_cert_hash
...
When picking hash alg for ECC certs use key size
2020-04-02 09:52:10 -07:00
toddouska
86adb7f9c5
Merge pull request #2873 from SparkiDev/aes_small
...
Smaller table version of the AES encrypt/decrypt
2020-04-02 09:50:58 -07:00
toddouska
5df5ab5931
Merge pull request #2862 from dgarske/iar_ropi
...
Support for IAR with position independent code (ROPI)
2020-04-02 09:49:00 -07:00
toddouska
06442c410d
Merge pull request #2861 from dgarske/zynqmp
...
Fixes for Xilinx SDK and Zynq UltraScale+ MPSoC
2020-04-02 09:46:48 -07:00
Juliusz Sosinowicz
b1a80973dd
size_t -> int
2020-04-02 18:45:53 +02:00
Sean Parkinson
c48ea3f567
When picking hash alg for ECC certs use key size
2020-04-02 11:53:35 +10:00
John Safranek
04dcb8f774
DTLS Fix
...
If the finished message (well, next epoch handshake message) is received,
store it. Process it after a change cipher spec message.
2020-04-01 17:17:51 -07:00
Sean Parkinson
e23a6b46b0
Allow use of truncated HMAC with TLS_hmac checking
2020-04-02 08:52:40 +10:00
Eric Blankenhorn
b1ec15de3e
Only try shutdown once in example
2020-04-01 17:48:17 -05:00
Eric Blankenhorn
3f7ce61dbd
Updates from review
2020-04-01 11:14:25 -05:00
Sean Parkinson
df1819b79f
Improve speed of AArch64 assembly
...
Improve point_dbl and point_dbl_n for all platforms.
2020-04-01 15:06:50 +10:00
David Garske
47d1cb8415
Changes to support IAR with position independent code (ROPI). Updated example wolfSSL IAR project to use "ropi" (Position indipendance for code and read-only data).
2020-03-31 08:17:09 -07:00
Martin Akman
568ce62b81
Updates from code review
2020-03-31 18:29:06 +10:00
David Garske
3bd52b166b
Merge pull request #2863 from miyazakh/dtls_benchmark
...
added dtls benchmark
2020-03-27 12:06:06 -07:00
Sean Parkinson
9339808ea1
Smaller table version of the AES encrypt/decrypt
...
Use WOLFSSL_AES_SMALL_TABLES.
Much slower. Decrypt much slower then encrypt.
2020-03-27 15:53:01 +10:00
Hideki Miyazaki
99b9f46e58
fixed not working on mac
...
fixed case of -s or -c
2020-03-27 12:33:51 +09:00
toddouska
ddb4b5eb89
Merge pull request #2872 from SparkiDev/rsa_pub_fix
...
Fix performance of RSA public key ops with TFM
2020-03-26 11:56:23 -07:00
toddouska
16fa1a4747
Merge pull request #2855 from JacobBarthelmeh/PKCS12
...
maintenance to PKCS12 create for outputting encrypted bundles
2020-03-26 10:41:04 -07:00
JacobBarthelmeh
1bc2ecff6a
Merge pull request #2849 from dgarske/csharp_wrapper
...
CSharp wrapper improvements
2020-03-26 09:10:24 -06:00
Sean Parkinson
c82531a41a
Fix performance of RSA public key ops with TFM
...
Have a constant and non-constant time modular exponentation available in
tfm.c.
Call the non-constant time version explicitly when performing RSA public
key mod exp.
2020-03-26 17:33:07 +10:00
David Garske
a6034a38c7
Fix for building with WOLFSSL_SMALL_STACK_CACHE only (no WOLFSSL_SMALL_STACK).
2020-03-25 16:04:45 -07:00
Vladislav Vaintroub
d57d194de3
Fix clang warnings (issue #2870 )
...
The warning was "comparison of array 'ecc_sets[i].name' not equal to a null
pointer is always true [-Wtautological-pointer-compare]"
Compiler is correct, ecc_sets[i].name is an array of size 16, thus
can't be NULL
Also, fix build error on Windows by changing uint8_t to "unsigned char"
(alternative fix could be including stdint.h)
2020-03-25 23:07:12 +01:00
David Garske
3717982d47
Fix to build wolfssl/testsuite in Any CPU case.
2020-03-25 14:53:58 -07:00
David Garske
70773f3b3e
Added "WOLFSSL_ARMASM" ifdef checks on ARMv8 port files.
2020-03-25 12:54:40 -07:00
toddouska
93fd1b1eeb
Merge pull request #2869 from JacobBarthelmeh/Testing
...
add single quotes around -? in test scripts
2020-03-25 11:03:19 -07:00
toddouska
083b8f680f
Merge pull request #2868 from JacobBarthelmeh/Certs
...
refactor decrypt content with PKCS12 and fix for AES-256 + HMAC SHA25…
2020-03-25 11:02:34 -07:00
Jacob Barthelmeh
2116c20f5d
add test case for PKCS12 to DER and back
2020-03-25 10:38:18 -06:00
David Garske
469de9a580
Fix for CSharp solution to eliminate Debug/Release. Only DLL Debug and DLL Release should be available.
2020-03-25 08:57:58 -07:00
Jacob Barthelmeh
0a6b93fda2
add single quotes around -? in test scripts
2020-03-24 22:40:48 -06:00
Jacob Barthelmeh
59ab600d76
refactor decrypt content with PKCS12 and fix for AES-256 + HMAC SHA256 case
2020-03-24 22:23:44 -06:00
Hideki Miyazaki
9fac21f463
replace the size at bench_embedded
2020-03-25 08:09:42 +09:00
toddouska
26f539400a
Merge pull request #2866 from SparkiDev/curve448_gcc_bug
...
Curve448 - 128-bit impl workaround for compiler
2020-03-24 09:55:43 -07:00
toddouska
e66334e56b
Merge pull request #2865 from SparkiDev/sp_cast_fix
...
Fix casting warning in SP when mp_digit < sp_digit
2020-03-24 09:52:26 -07:00
toddouska
b92e5d83c5
Merge pull request #2864 from JacobBarthelmeh/ARMv8
...
Fix for clang warning with ARM assembly build
2020-03-24 09:51:11 -07:00
Hideki Miyazaki
75eca61b3e
address review comments
2020-03-24 20:35:21 +09:00
Sean Parkinson
c95e7f88aa
Curve448 - 128-bit impl workaround for compiler
...
Old gcc compilers can keep track of the 128-bit multiplication and left
shift results' size.
Split all multiplication and left shift results into separate variables.
Add/subtract into the correct variable at end.
Don't want variable declarations after statements so reduce doesn't use
'tr' anymore.
2020-03-24 16:28:14 +10:00
Sean Parkinson
a7d265bf46
Fix casting warning in SP when mp_digit < sp_digit
2020-03-24 12:41:25 +10:00
David Garske
7fabd74a90
Merge pull request #2859 from SparkiDev/tfm_ec_invmod_ct
...
Constant time EC map to affine for private operations
2020-03-23 19:16:45 -07:00
Jacob Barthelmeh
dde1c3bc08
Fix for clang warning with ARM assembly build
2020-03-23 15:08:28 -06:00
David Garske
5c424769a0
Added DH and Curve/Ed25519.
2020-03-23 09:08:45 -07:00
Hideki Miyazaki
7d4b4e4994
added dtls benchmark
2020-03-22 17:56:28 +09:00
David Garske
a8f2c97e13
Added CSharp example for multi-threaded TLS server. Refactor to separate the ssl and ctx handles.
2020-03-20 16:10:19 -07:00
David Garske
97f08393e2
Added wolfCrypt Xilinx SDK project. Fix for stsafe.h inclusion of ssl.h with WOLFCRYPT_ONLY.
2020-03-20 14:40:17 -07:00
David Garske
2706d6d48a
Improve the benchmark to use snprintf then printf. Resolve issue showing results with xil_printf.
2020-03-20 12:34:08 -07:00
David Garske
3127a7e9e5
Fixes for building with bare-metal on Xilinx SDK with zynqmp. Added Zynqmp benchmark timer support.
2020-03-20 12:22:47 -07:00
toddouska
9b8752e314
Merge pull request #2858 from SparkiDev/netscape_cert_ext
...
Recognise Netscape Certificate Type extension
2020-03-19 16:33:25 -07:00
toddouska
0c3667ba93
Merge pull request #2857 from SparkiDev/sp_null_check
...
SP fix check for NULL in EC point_new
2020-03-19 16:30:59 -07:00
toddouska
33b95b8ad7
Merge pull request #2854 from JacobBarthelmeh/Certs
...
add +1 for string null terminator
2020-03-19 16:24:42 -07:00
toddouska
49f01450de
Merge pull request #2853 from SparkiDev/dtls_mtu
...
Allow setting of MTU in DTLS
2020-03-19 16:23:39 -07:00
toddouska
f4a8430115
Merge pull request #2851 from JacobBarthelmeh/SanityChecks
...
add space for null terminator and check on header pointer
2020-03-19 16:00:57 -07:00
Sean Parkinson
1de07da61f
Constant time EC map to affine for private operations
...
For fast math, use a constant time modular inverse when mapping to
affine when operation involves a private key - key gen, calc shared
secret, sign.
2020-03-20 08:59:41 +10:00
Jacob Barthelmeh
ce6aeebdb4
fixes for static analysis checks
2020-03-19 16:34:02 -06:00
Sean Parkinson
62a593e72e
Recognise Netscape Certificate Type extension
...
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
2020-03-19 12:43:03 +10:00
Sean Parkinson
c776a4219a
SP fix check for NULL in EC point_new
2020-03-19 08:56:52 +10:00
David Garske
a28fc5e70b
Peer review feedback. Handle socket.Connect() failures.
2020-03-18 13:33:15 -07:00
Jacob Barthelmeh
09dedfbe17
maintenance to PKCS12 create for outputting encrypted bundles
2020-03-18 12:00:57 -06:00
David Garske
00630baa53
Merge pull request #2826 from miyazakh/fix_csharp_dtlsexample
...
fix dtl server example of CSharp when freeing stuff
2020-03-18 09:26:14 -07:00
Jacob Barthelmeh
2bf39307f1
add +1 for string null terminator
2020-03-18 10:25:56 -06:00
Sean Parkinson
e17e064ce2
Allow setting of MTU in DTLS
2020-03-18 12:36:11 +10:00
toddouska
eb6f44e491
Merge pull request #2847 from tmael/memLeak
...
Fix memory leak
2020-03-17 13:31:10 -07:00
toddouska
d0767164c8
Merge pull request #2846 from SparkiDev/sp_rsa_priv_fix
...
Fix SP RSA private op
2020-03-17 13:28:11 -07:00
JacobBarthelmeh
aff80ab0d3
adjust test case for no ECC
2020-03-17 08:56:55 -07:00
JacobBarthelmeh
9fc8c8e0b6
add space for null terminator and check on header pointer
2020-03-16 15:14:29 -07:00
JacobBarthelmeh
74781a3d45
Merge pull request #2829 from cconlon/pkcs7multioctets
...
PKCS7/CMS EnvelopedData support for fragmented encrypted content
2020-03-16 13:12:23 -06:00
toddouska
321a43edee
Merge pull request #2850 from JacobBarthelmeh/SanityChecks
...
sanity check on IV size
2020-03-16 09:36:17 -07:00
Jacob Barthelmeh
2d950f1ab4
sanity check on IV size
2020-03-15 18:46:11 -06:00
David Garske
00a49dffd0
Add new files to autoconf.
2020-03-13 20:40:18 -07:00
David Garske
6498cb48bc
CSharp wrapper improvements. Added TLS client example. Added TLS v1.3 methods. Added set_verify and CTX_set_verify. Added example code for CTX_set_cipher_list.
2020-03-13 14:54:57 -07:00
Tesfa Mael
a6b01904d2
Release mem during failure
2020-03-13 14:22:06 -07:00
toddouska
bcc720ef68
Merge pull request #2773 from SKlimaRA/master
...
Coverity issues fixes.
2020-03-13 10:20:45 -07:00
toddouska
464631f920
Merge pull request #2841 from JacobBarthelmeh/Certs
...
add function wolfSSL_X509_NAME_ENTRY_create_by_txt
2020-03-13 10:17:52 -07:00
toddouska
fa4ccbe728
Merge pull request #2844 from JacobBarthelmeh/SanityChecks
...
set inital state of TLS 1.3 peerSuites structure
2020-03-13 10:16:53 -07:00
Tesfa Mael
452b4c03a6
Fix memory leak
2020-03-12 23:24:44 -07:00
Sean Parkinson
6321eabf86
Fix SP RSA private op
...
tmpa - tmpb can be less than -p.
Need to conditionally add p twice.
C and multiple platform fix.
2020-03-12 09:33:52 +10:00
Jacob Barthelmeh
0be0cf44e4
fix for returning NULL when text not found and add test case
2020-03-10 09:54:31 -06:00
Stanislav Klima
93326a7aeb
Changed dst NULL check.
2020-03-10 09:55:27 +01:00
Jacob Barthelmeh
fb0ad6532f
set inital state of TLS 1.3 peerSuites structure
2020-03-09 15:13:01 -06:00
Stanislav Klima
3fcbcbf42a
Revert "Logically dead code."
...
This reverts commit 2db62f744a
2020-03-09 17:45:15 +01:00
toddouska
87ff2fa47d
Merge pull request #2839 from ejohnstown/hmac-init
...
HMAC Init
2020-03-06 11:05:30 -08:00
toddouska
ab8bfc241d
Merge pull request #2833 from JacobBarthelmeh/Compatibility-Layer
...
compile for NO_WOLFSSL_STUB
2020-03-06 11:04:36 -08:00
Chris Conlon
4ad8a2bacb
store wc_PKCS7_DecodeEnvelopedData encryptedContentTotalSz in existing variable instead of adding another
2020-03-06 10:50:00 -07:00
Juliusz Sosinowicz
fe9a876895
Check length to avoid XSTRNCMP accessing memory after list
2020-03-06 17:13:59 +01:00
Jacob Barthelmeh
1035d73a05
add function wolfSSL_X509_NAME_ENTRY_create_by_txt
2020-03-05 16:29:55 -07:00
John Safranek
9fe2ddacf4
HMAC Init
...
1. wc_HmacSetKey() has a check against the hmac's type that assumes one
has called wc_HmacInit() on the object first. In FIPS Ready builds we
do not have wc_HmacInit() in the boundary. This change removes that check
and action when making a FIPS build. The free called doesn't do anything
in the FIPS build case.
2. Initialize the Hmac's macType to WC_HASH_TYPE_NONE. Check the macType
against that rather than 0. There are some build configs where none isn't
0.
2020-03-05 13:38:02 -08:00
toddouska
a6385a2b48
Merge pull request #2840 from SparkiDev/tls_show_fddhe
...
Fix to show the FFDHE group when negotiated
2020-03-05 08:33:49 -08:00
toddouska
59b9483cde
Merge pull request #2837 from SparkiDev/sp_x64_rsa_priv
...
Fix SP x64 RSA Private op
2020-03-05 08:33:11 -08:00
toddouska
f24622596f
Merge pull request #2827 from kaleb-himes/ZD9976
...
Fix infinite loop with small sha1 inputs. Thanks to Peter W. on ZD997…
2020-03-05 08:32:14 -08:00
Sean Parkinson
6fcfde0651
Fix to show the FFDHE group when negotiated
2020-03-05 12:37:49 +10:00
toddouska
9f6cf8a154
Merge pull request #2834 from dgarske/various_tls
...
Fix for TLS server with TLSv1.2 or less `wolfSSL_get_curve_name`
2020-03-04 16:24:28 -08:00
toddouska
9b54af199c
Merge pull request #2822 from dgarske/notime_openssl
...
Fixes for building NO_ASN_TIME with OPENSSL_EXTRA
2020-03-04 16:22:18 -08:00
toddouska
e1215e0e1b
Merge pull request #2810 from SparkiDev/tls13_mut_auth
...
Allow mutual authentication to be required for TLS server side
2020-03-04 16:21:03 -08:00
Sean Parkinson
3707eea2f3
Fix SP x64 RSA Private op
...
tmpa - tmpb can be less than -p.
Need to conditionally add p twice.
2020-03-04 15:54:17 +10:00
David Garske
fca5895090
Example for FIPS Linker Descriptor to explicitly set wolfCrypt FIPS boundaries.
2020-03-03 15:47:30 -08:00
David Garske
c5b4fe1283
Fix for namedGroup missing.
2020-03-03 15:35:56 -08:00
Jacob Barthelmeh
bb76495233
compile for NO_WOLFSSL_STUB
2020-03-03 14:03:11 -07:00
Chris Conlon
44d2fc55e6
scan-build fixes for wc_PKCS7_DecodeEnvelopedData()
2020-03-03 10:27:22 -07:00
David Garske
730c95cf38
Fix for TLS server incorrectly showing "FFDHE_2048" for "SSL curve name is" when using ECDHE and TLS v1.2 or less. The PickHashSigAlgo should be resetting ssl->namedGroup to indicate a named group was not used.
2020-03-03 09:20:58 -08:00
David Garske
4895fd7b0b
Added "either" side functions for SSLv3. These are only enabled with WOLFSSL_EITHER_SIDE and WOLFSSL_ALLOW_SSLV3. ZD 9984.
2020-03-03 09:18:11 -08:00
David Garske
41ff54f873
Fix for typo with wc_ecc_init in documentation.
2020-03-03 09:16:48 -08:00
Chris Conlon
d8eeefb4b7
initialize explicitOctet to 0 in pwc_PKCS7_DecodeEnvelopedData()
2020-03-02 09:13:11 -07:00
John Safranek
127e304901
DTLS Fix
...
An endpoint's retransmit pool was being reset when receiving its peer's
change cipher spec message. When the finished message was lost, and
retransmits need to happen, they weren't available, so nothing happened.
Moved the reset to the finished case rather than CCS.
2020-03-01 16:43:10 -08:00
Sean Parkinson
8cccb9008b
Change to work for other TLS versions
...
Send alert when client doesn't send a certificate on request.
2020-03-02 08:50:57 +10:00
Sean Parkinson
6334dd9cb0
Allow mutual authentication to be required for TLS 1.3
2020-03-02 08:50:57 +10:00
Chris Conlon
debb792690
fix PKCS7 encrypted content decoding for streaming API usage
2020-02-28 17:55:19 -07:00
David Garske
92114fef75
Fixes for building NO_ASN_TIME with OPENSSL_EXTRA. Fixes #2820 .
...
* `./configure --enable-opensslextra CFLAGS="-DNO_ASN_TIME"`
2020-02-28 09:35:17 -08:00
toddouska
805034bca3
Merge pull request #2830 from SparkiDev/sp_ff_x86_64
...
Improve performance of RSA/DH ops on x64
2020-02-28 09:03:22 -08:00
toddouska
5b58130210
Merge pull request #2806 from SparkiDev/curve448
...
Add Curve448, X448, Ed448 implementations
2020-02-28 08:59:08 -08:00
Sean Parkinson
441027a502
Improve performance of RSA/DH ops on x64
...
Focus on 3072-bit ops but others improved as well.
2020-02-28 10:42:37 +10:00
Sean Parkinson
2c6eb7cb39
Add Curve448, X448, Ed448 implementations
2020-02-28 09:30:45 +10:00
Chris Conlon
d21e370822
add support for PKCS7/CMS EnvelopedData with fragmented encrypted content
2020-02-27 14:42:57 -07:00
toddouska
c7a2510d97
Merge pull request #2823 from SparkiDev/sp_div_fix
...
Fix for SP x64 div
2020-02-27 12:57:35 -08:00
toddouska
a313b9d2cb
Merge pull request #2821 from dgarske/crl_bitmask
...
Fix for CRL bit-mask enum value issue
2020-02-27 12:54:08 -08:00
toddouska
b7d0b81443
Merge pull request #2818 from dgarske/rsa_sha3only
...
RSA with SHA-3 only and RSA 4096-bit tests
2020-02-27 12:44:29 -08:00
toddouska
6dabe82c65
Merge pull request #2814 from SparkiDev/curve25519_x64_fix
...
Curve25519 x64 asm: Fix negate and add fe_sq_n
2020-02-27 12:21:53 -08:00
toddouska
60afebdb86
Merge pull request #2811 from miyazakh/fix_espidf_buildtest_failure
...
fixed build failure and warnings in ESP-IDF port
2020-02-27 12:21:14 -08:00
toddouska
1288c6b249
Merge pull request #2809 from dgarske/conf_usersettings
...
Fix to enable inclusion of all .c files when using `--enable-usersettings`
2020-02-27 12:10:07 -08:00
toddouska
ed7a5b17d8
Merge pull request #2808 from dgarske/mdk5
...
Fix for minor typos in the MDK5 examples
2020-02-27 12:06:50 -08:00
toddouska
3349dbc852
Merge pull request #2807 from dgarske/arg_checks
...
Added missing argument checks for public API's in `wolfio.c`
2020-02-27 12:03:32 -08:00
toddouska
eddf4abf8e
Merge pull request #2775 from embhorn/api_port
...
openSSL compatibility API for EVP, BIO, and SSL_SESSION
2020-02-27 11:51:21 -08:00
kaleb-himes
d9e221806b
Fix infinite loop with small sha1 inputs. Thanks to Peter W. on ZD9976 for the report
2020-02-27 09:39:22 -07:00
Hideki Miyazaki
2d530499e3
fix dtl server example when freeing stuff
2020-02-27 21:56:25 +09:00
Sean Parkinson
f568f394b1
Merge pull request #2824 from julek-wolfssl/EVP-aesgcm
...
Fix AES-GCM IV length in wolfSSL_EVP_CIPHER_iv_length
2020-02-27 14:06:56 +10:00
Juliusz Sosinowicz
3b822ad3d5
Fix AES-GCM IV length in wolfSSL_EVP_CIPHER_iv_length
2020-02-26 22:11:36 +01:00
Sean Parkinson
2a5d7a2ac3
Fix for SP x64 div
...
Check the top half of number being divided to see if it is greater than
or equal.
If it is then the first div_word may crash as the result is more than
64-bits. So subtract modulus from the top to keep value small.
2020-02-26 10:53:35 +10:00
Martin Akman
3bbd8be5c9
ATECC: Don't init transport key if not used
2020-02-25 22:03:55 +10:00
David Garske
4b83b88a29
Fix for CRL bit-mask enum value issue. ZD 9948.
2020-02-24 18:52:50 -08:00
Sean Parkinson
969e4dccc5
Merge pull request #2803 from julek-wolfssl/EVP-aesgcm
...
Evp aesgcm
2020-02-25 08:24:30 +10:00
David Garske
ef2c1ae738
Fix for examples/benchmark/tls_bench.c:114:20: error: unused variable 'kShutdown' with WOLFCRYPT_ONLY.
2020-02-23 19:01:46 -08:00
David Garske
7a3138f841
Merge pull request #2817 from miyazakh/rename_enum_tisp
...
Rename enumeration definition
2020-02-23 18:40:48 -08:00
David Garske
da882f3912
Added wolfCrypt RSA 4096-bit test support using USE_CERT_BUFFERS_4096 build option (./configure CFLAGS="-DUSE_CERT_BUFFERS_4096").
2020-02-23 18:40:13 -08:00
David Garske
c8e618a817
Fix build for WOLFSSL_RSA_VERIFY_ONLY.
2020-02-23 15:58:28 -08:00
David Garske
e80c696d5f
Fix for RSA with SHA3 only (resolves warning with unsed RsaMGF1.
2020-02-23 13:54:48 -08:00
Hideki Miyazaki
3187624d9e
rename common naming enum
2020-02-22 11:35:02 +09:00
David Garske
0f188be892
Merge pull request #2805 from ejohnstown/update-config
...
configure
2020-02-21 09:35:52 -08:00
Sean Parkinson
c9ce065f8a
Curve25519 x64 asm: Fix negate and add fe_sq_n
2020-02-21 11:37:45 +10:00
Sean Parkinson
5716862a8a
Merge pull request #2813 from julek-wolfssl/openssh-8.1
...
Remove redundant wolfSSL_EVP_CIPHER_CTX_iv_length call
2020-02-21 09:52:44 +10:00
Eric Blankenhorn
403c263e0b
Fix valgrind issue
2020-02-20 17:28:34 -06:00
Eric Blankenhorn
b74dac6171
Fix WIN test
2020-02-20 17:28:34 -06:00
Eric Blankenhorn
60dea0c53a
Fix VS error
2020-02-20 17:28:34 -06:00
Eric Blankenhorn
e4188d935b
Fix WIN error
2020-02-20 17:28:34 -06:00
Eric Blankenhorn
b4563e6af3
Fix CFB and OFB
2020-02-20 17:28:34 -06:00
Eric Blankenhorn
61ebfd571c
Fix new file error
2020-02-20 17:28:34 -06:00
Eric Blankenhorn
a64e1540ba
Adding EVP support for SHA3
2020-02-20 17:28:34 -06:00
Eric Blankenhorn
6eda4e7b46
Fix in test
2020-02-20 17:28:34 -06:00
Eric Blankenhorn
95f973a5be
Adding test and dox for ERR_print_errors_cb
2020-02-20 17:28:34 -06:00
Eric Blankenhorn
936312f77e
Adding ERR_print_errors_cb
2020-02-20 17:28:33 -06:00
Jacob Barthelmeh
a0ddb05a07
change evp with cfb1 expect input size in bytes
2020-02-20 17:28:33 -06:00
Eric Blankenhorn
1a96558b6e
Adding macro and XTS support functions
2020-02-20 17:28:33 -06:00
Eric Blankenhorn
922b308029
Fix from review
2020-02-20 17:28:33 -06:00
Jacob Barthelmeh
3eee891cf5
fix redefinition warning on older clang compiler
2020-02-20 17:28:33 -06:00
Jacob Barthelmeh
51d55ed1c8
account for different peer certificate in test case, g++ build fix, static memory size increase
2020-02-20 17:28:33 -06:00
Jacob Barthelmeh
a9accb6c39
add more macro guards for builds
2020-02-20 17:28:33 -06:00
Jacob Barthelmeh
b67ade5164
account for cavp build
2020-02-20 17:28:33 -06:00
Jacob Barthelmeh
76eec8884b
clean up memory after test and don't leak x509 with get session peer
2020-02-20 17:28:33 -06:00
Eric Blankenhorn
258382048d
Fix test failures
2020-02-20 17:28:33 -06:00
Eric Blankenhorn
018f313cca
Fix clang warning
2020-02-20 17:28:33 -06:00
Eric Blankenhorn
5a87dbe094
Adding tests for EVP_CIPHER_CTX_reset
2020-02-20 17:28:33 -06:00
Eric Blankenhorn
64dcf5740a
Fix for AES_XTS
2020-02-20 17:28:33 -06:00
Eric Blankenhorn
e421d9f52c
Fix in evp_aes_xts init
2020-02-20 17:28:33 -06:00
Jacob Barthelmeh
d7c1b9561f
fix for cfb1 mode and add EVP tests
2020-02-20 17:28:33 -06:00
Jacob Barthelmeh
d6be24c4f7
add 192/256 key size tests of EVP cfb8
2020-02-20 17:28:33 -06:00
Jacob Barthelmeh
d4428ebc0c
add EVP cfb1 test and update some EVP code
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
887eeb3c47
add EVP tests for cfb128
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
9d61ba6c62
initial cfb1/cfb8 support added
2020-02-20 17:28:32 -06:00
Eric Blankenhorn
9c4e0807e2
Adding EVP_aes_###_xts tests (not complete)
2020-02-20 17:28:32 -06:00
Eric Blankenhorn
16ce670897
Revert "Testing aes_*_xts"
...
This reverts commit 776eeb756c70b052849323d7645622a3f1d2b76a.
2020-02-20 17:28:32 -06:00
Eric Blankenhorn
3197d67e62
Testing aes_*_xts
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
49def96998
add test for get0 session peer certificate
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
653235cd57
add stub implementation for SSL_MODE_AUTO_RETRY
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
b83a5840d6
add stub function for wolfSSL_EVP_mdc2
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
c2c3e0d4aa
add initial implementation for wolfSSL_SESSION_get0_peer
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
ab49120652
add aesofb benchmark
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
df0d5f3b08
add EVP_aes_*_ofb implementation and tests, add support for inline with OFB
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
e837894578
add AES-OFB mode
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
65732c2269
add bio retry and set close tests
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
3137312911
update to implementation of BIO_MD type
2020-02-20 17:28:32 -06:00
Eric Blankenhorn
62f20db48e
Adding more EVP and SSL API
2020-02-20 17:28:32 -06:00
Jacob Barthelmeh
8f7af875a4
add BIO_f_md and BIO_get_md_ctx tests
2020-02-20 17:28:32 -06:00
Eric Blankenhorn
0abc814792
EVP_MD_CTX_reset and EVP_aes fixes
2020-02-20 17:28:31 -06:00
Eric Blankenhorn
ba25161f6c
Adding BIO and EVP api
2020-02-20 17:28:31 -06:00
David Garske
49a9239cf2
Merge pull request #2804 from SparkiDev/sp_cache_resist_fix
...
Fix cache resist compile to work with SP C code
2020-02-20 15:05:18 -08:00
David Garske
da2980172b
Merge pull request #2812 from kaleb-himes/FAILING_FIPS_IN_MASTER
...
Fix failing FIPS tests in master stemming from PR #2733
2020-02-20 14:29:16 -08:00
Juliusz Sosinowicz
70ef925a48
Remove redundant wolfSSL_EVP_CIPHER_CTX_iv_length call
2020-02-20 18:32:56 +01:00
kaleb-himes
1f003967df
Fix failing FIPS tests in master stemming from PR #2733
2020-02-20 09:20:59 -07:00
Stanislav Klima
d4a9279a6c
Revert "Resource leak." to resolve the conflict (this fix is unapplicable, because the leaking code was removed).
...
This reverts commit 451d0a470a
2020-02-20 15:12:02 +01:00
Hideki Miyazaki
f7018c4765
fixed build failure and warnings
...
fixed unit test app failure
2020-02-20 18:40:16 +09:00
Sean Parkinson
c62f31cd27
Fix cache resist compile to work with SP C code
2020-02-20 10:10:05 +10:00
David Garske
418c508eba
Fixes for SCTP example to check build options.
2020-02-19 12:28:49 -08:00
David Garske
6036f604a6
Added missing argument checks for public API's in wolfio.c.
2020-02-19 12:18:00 -08:00
David Garske
75183262ad
Minor typos and fixes to the MDK5 examples.
2020-02-19 12:03:14 -08:00
David Garske
baace2c0e3
Fix to enable inclusion of all .c files when using the --enable-usersettings option.
2020-02-19 11:58:33 -08:00
JacobBarthelmeh
e72b87f372
Merge pull request #2733 from julek-wolfssl/openssh-8.1
...
Openssh 8.1
2020-02-19 10:14:35 -07:00
Juliusz Sosinowicz
cc597add48
Don't always include wolfssl/openssl/bn.h
2020-02-19 11:17:31 +01:00
John Safranek
9953f2d01d
1. Remove duplicate AM_CONDITIONAL statments from configure.ac.
...
2. Update copyright year in configure.ac.
2020-02-18 16:16:59 -08:00
JacobBarthelmeh
17c3bb00d8
Merge pull request #2798 from ejohnstown/vxworks-strings
...
VxWorks Strings
2020-02-18 17:10:31 -07:00
Juliusz Sosinowicz
26e2d6eacf
Adressing Todd's comments
...
Check for HAVE_GETADDRINFO beside WOLF_C99
Move STR_SIZEOF to wolfssl/wolfcrypt/types.h and rename to XSTR_SIZEOF to prevent collision in client projects
Remove wolfssl/openssl/ssl.h and wolfssl/internal.h from crypto layer
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
b736a65fa8
Fix redefinition issue
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
2218f7b95d
Fix merge issues
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
d6686f1320
Remove usage of res in wolfSSL_BN_clear_bit
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
5a766bd5bb
Change STR_SIZEOF declaration file
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
1512485926
Fix user-rsa tests
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
5c4d3df4f3
Fix broken Windows FIPS build
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
f55cfd7ba7
Fix missing wolfSSL_i2d_RSAPrivateKey references
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
3fcec191a4
Refactor wolfSSL_RSA_To_Der
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
5ed1c233b7
Sean comments
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
dac23dfe15
Add DSA and DH free to wolfSSL_EVP_PKEY_set1_EC_KEY
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
7aaa89aedc
Cleanup bn_one in wolfSSL_Cleanup
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
43ce272cb3
Variable declaration at start of scope
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
eedbce7c0a
Null-check keyFormat
...
Zero all of WOLFSSL_DH struct
Fix macros for self-test
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
97a4889bb3
Undo some stuff
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
1df9963b80
sha3.h
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
7ce7017521
Fix memory leaks when compiling with SMALL_STACK
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
f765b711bf
More macro preproc stuff
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
48b39a34c7
Properly Init mp_int number
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
b592b241c7
Fix Segfault in wolfSSL_EC_KEY_dup
...
Fix more header stuff
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
b58f26945d
Different configuration fixes
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
480227704d
Fix missing stuff in headers
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
59b001c484
Fix header definitions when running CAVP self test
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
50f8fb1475
Enable wc_RsaKeyToDer even when key generation is turned off
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
e6547c75cd
Reimplement external data as it was before: a fixed size vector. This makes external data implementation easier as it doesn't require allocation or cleanup. Only zeroing the entire structure that it is in (which happens in all structures anyway) and then calling the appropriate getter and setter functions to manipulate external data.
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
9a0d3ba369
Check boundaries in B64 decode
...
ERR_get_error will always return a positive error code
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
58c239a49f
Fix stuff after rebase
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
d6a160c637
Fix error codes for OpenSSL compatiblity
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
6e72a299d7
Don't undef HAVE_GETADDRINFO as it disables defines in projects using wolfSSL
...
Change test_wolfssl_EVP_aes_gcm so that changing the tag will fail the authentication check
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
ab56d078a4
keygen-moduli passed
...
Handle trailing newlines in wolfSSL_BN_hex2bn
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
ae948e2a07
Pass try-ciphers
...
define EVP_CIPHER_CTX_set_iv as wolfSSL_EVP_CIPHER_CTX_set_iv
add wolfSSL_GetLoggingCb functionality when compiling without enable-debug
fix initialization vector handling of all cipher modes when using our EVP layer. The IV was incorrectly handled in initialization as well as not being updated after processing
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
fbedabe601
OpenSSH changes
...
- increase FP_MAX_BITS for OpenSSH
- Add helpful loggin API (names are self-explanatory)
-- wolfSSL_GetLoggingCb
-- WOLFSSL_IS_DEBUG_ON
- Define WOLFSSL_EC_METHOD as an alias of WOLFSSL_EC_GROUP
- Add wolfSSL_EC_GROUP_method_of which really just returns the group itself
- Add wolfSSL_EC_METHOD_get_field_type which gets the curve type of the WOLFSSL_EC_GROUP(remember that WOLFSSL_EC_METHOD is an alias of WOLFSSL_EC_GROUP for now)
- Modify Base64_Decode so that it accepts arbitrary PEM line length
- Modify PemToDer so that it accepts private keys with a custom -----BEGIN * PRIVATE KEY----- header
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
84a2ca7a4e
Map the Jacobian point back to affine space in wolfSSL_EC_POINT_get_affine_coordinates_GFp
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
aea95232d1
WIP
...
Add EC_POINT conversion to BIGNUM (EC_POINT_point2bn)
Add setting affine coordinates for EC_POINT (EC_POINT_set_affine_coordinates_GFp)
Add bit clearing for BIGNUM (BN_clear_bit)
Add supporting unit tests in api.c
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
89e35e2547
openssh 8.1 compiles
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
b5c52d7c70
openssh WIP and some light refactoring
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz
41de1bb156
WIP
2020-02-18 21:36:26 +01:00
Juliusz Sosinowicz
b05cfaa601
Add aes-gcm to wolfSSL_EVP_get_cipherbyname and wolfSSL_EVP_get_cipherbynid
2020-02-18 21:34:23 +01:00
Stanislav Klima
6f3623f220
Moved infinite loop check to the other bad func arg check.
2020-02-18 09:59:59 +01:00
Eric Blankenhorn
41d3ba0efa
Tests and examples for bidirectional shutdown
2020-02-17 16:47:47 -06:00
Eric Blankenhorn
59fb81c950
Add fix
2020-02-17 16:47:47 -06:00
toddouska
2566986d41
Merge pull request #2632 from SparkiDev/sp_p384
...
Add support for P384 curve into SP
2020-02-17 11:46:09 -08:00
toddouska
bf1ec3004a
Merge pull request #2787 from dgarske/size_reduc
...
Adds options to disable the hash wrappers and base64 decode
2020-02-17 11:44:37 -08:00
toddouska
651ffe2c12
Merge pull request #2789 from JacobBarthelmeh/SanityChecks
...
fix return with error on process peer cert
2020-02-17 11:44:02 -08:00
toddouska
f2e1266f2d
Merge pull request #2791 from dgarske/async_fixes
...
Fixes for asynchronous crypto issues
2020-02-17 11:43:13 -08:00
toddouska
14b7355411
Merge pull request #2792 from SparkiDev/rsa_kg_blind_fix
...
Fix for rsa key gen blinding - don't call lcm
2020-02-17 11:42:25 -08:00
toddouska
44c327ee14
Merge pull request #2795 from SparkiDev/tls13_secret_cb
...
Call secret callback when TLS 1.3 secrets generated
2020-02-17 11:41:16 -08:00
toddouska
fda322829f
Merge pull request #2796 from JacobBarthelmeh/Compatibility-Layer
...
free existing cert store when setting a new one
2020-02-17 11:37:56 -08:00
Sean Parkinson
8972bf6278
Add support for P384 curve into SP
2020-02-17 15:46:34 +10:00
John Safranek
defa54f40d
Merge pull request #2800 from tmael/trim-padding
...
Trim trailing padding bytes from a key
2020-02-14 16:05:44 -08:00
JacobBarthelmeh
30936e7ad4
Merge pull request #2793 from kaleb-himes/ZD9865
...
Fix issue in wolfSSL_EVP_PKEY_assign_RSA when RSA key not zeroized
2020-02-14 16:40:52 -07:00
Tesfa Mael
aaaa191937
Trim trailing padding byte
2020-02-14 12:54:35 -08:00
David Garske
8f6a614d17
Merge pull request #2797 from kaleb-himes/JENKINS_STUFF
...
--disable-supportedcurves --enable-opensslextra - NIGHTLY DISABLE OPT…
2020-02-14 09:01:03 -08:00
Sean Parkinson
614e675a00
Call secret callback when TLS 1.3 secrets generated
2020-02-14 08:42:47 +10:00
Chris Conlon
b62064f6a8
Merge pull request #2737 from JacobBarthelmeh/dks7g2
...
changes for build with s7g2
2020-02-13 14:07:44 -07:00
toddouska
cabe30828c
Merge pull request #2786 from cconlon/android-debug
...
add Android debug for logcat
2020-02-13 10:12:40 -08:00
toddouska
fba40d14d4
Merge pull request #2785 from ottok/bugfix/menu-js-width
...
Wrap JavaScript source on multiple lines to make it readable
2020-02-13 10:07:13 -08:00
toddouska
b038e2e8f0
Merge pull request #2771 from JacobBarthelmeh/Windows
...
change public Timeval to WOLFSSL_TIMEVAL
2020-02-13 09:38:42 -08:00
John Safranek
63a005d71b
VxWorks Strings
...
When building for VxWorks, set HAVE_STRINGS_H as it uses strings.h, not string.h.
2020-02-13 09:08:54 -08:00
kaleb-himes
bb7508f570
--disable-supportedcurves --enable-opensslextra - NIGHTLY DISABLE OPTIONS TEST
2020-02-12 15:57:00 -07:00
Jacob Barthelmeh
8e1adb125c
free existing cert store when setting a new one
2020-02-12 15:45:44 -07:00
Jacob Barthelmeh
0814f61b11
fix code formating and turn on HW acc. by default
2020-02-12 10:31:34 -07:00
Stanislav Klima
1b13178182
Fixes possible compile error if NO_PKCS7_STREAM is defined.
2020-02-12 13:46:12 +01:00
Stanislav Klima
1a38c26097
Prevent infinite loop.
2020-02-12 13:29:33 +01:00
Stanislav Klima
109173d756
Fix two resource leaks.
2020-02-12 12:57:40 +01:00
kaleb-himes
5b7fc7b133
Address failure when blinding disabled and key not initialized to zero
2020-02-11 14:39:30 -07:00
David Garske
d1397656ef
Merge pull request #2790 from ejohnstown/abi-tweak
...
ABI Additions
2020-02-10 15:07:35 -08:00
Chris Conlon
61221742b7
Merge pull request #2734 from aaronjense/renesas-ra-port
...
Renesas RA e2studio projects for Client, Server, Test and Benchmark
2020-02-10 14:49:03 -07:00
Sean Parkinson
669d9b1ae4
Fix for rsa key gen blinding - don't call lcm
2020-02-10 08:51:43 +10:00
David Garske
f322b71526
wolfCrypt fixes for asynchronous (--enable-asynccrypt):
...
* Fix for ECC and using NULL curve->order (wasn't loaded).
* Fix for typo on heap.
* Fix for QT case where GetInt failure retry did not "init" the mp_int.
2020-02-07 13:34:43 -08:00
Jacob Barthelmeh
3c077a3cef
add NO_OLD_TIMEVAL_NAME macro for backwards compatibility
2020-02-07 11:56:30 -07:00
John Safranek
7648997e37
ABI Additions
...
Added the functions wolfSSL_GetRNG(), wolfSSL_CTX_GetDevId(),
wc_ecc_import_x963(), and wc_RNG_GenerateBlock() to the ABI
testing.
2020-02-06 13:33:38 -08:00
Jacob Barthelmeh
17bedbac67
fix return with error on process peer cert
2020-02-06 11:53:42 -07:00
JacobBarthelmeh
61a5fe3108
add macro for trng and gce driver names
2020-02-06 09:20:07 -08:00
JacobBarthelmeh
17cfe2589b
Merge pull request #2748 from tmael/fix_cppcheck
...
Fix cppcheck
2020-02-05 16:02:22 -07:00
Stanislav Klima
da3df4f9c6
Changing logic to remove dead code section.
2020-02-05 19:36:37 +01:00
Stanislav Klima
0964272dc6
Resource leak fix.
2020-02-05 18:28:50 +01:00
David Garske
ba9dc11e62
Adds options to disable the hash wrappers (NO_HASH_WRAPPER) and base64 decode (NO_WOLFSSL_BASE64_DECODE).
2020-02-05 11:58:44 -05:00
Stanislav Klima
bbfefd3cde
Sanity check NULL dereference.
2020-02-05 16:59:20 +01:00
JacobBarthelmeh
e75b1b5cb9
add suport for AES acceleration
2020-02-04 16:10:20 -08:00
JacobBarthelmeh
b7d772700a
update sha256 support for endian
2020-02-04 16:03:45 -08:00
Chris Conlon
b8b0b7da03
add Android debug for logcat
2020-02-04 10:07:26 -07:00
Tesfa Mael
e664a4f206
Review comments
2020-02-04 08:55:37 -08:00
Tesfa Mael
b67fd249e2
Fix for cppcheck
2020-02-04 08:55:37 -08:00
Chris Conlon
b29fe41a35
Merge pull request #2738 from SparkiDev/cppcheck_fixes_3
...
Changes to clear issues raised by cppcheck
2020-02-03 17:02:40 -07:00
toddouska
63a73be3f0
Merge pull request #2777 from dgarske/constchar
...
Fixes for char strings not marked as const.
2020-02-03 11:12:55 -08:00
toddouska
4ee022f788
Merge pull request #2776 from julek-wolfssl/set_curve_groups_list
...
Add SSL_CTX_set1_groups_list and SSL_set1_groups_list APIs
2020-02-03 11:11:59 -08:00
toddouska
6f2230e459
Merge pull request #2774 from SparkiDev/sp_x86_64_asm
...
Improve performance of SP Intel 64-bit asm
2020-02-03 11:08:17 -08:00
toddouska
61e78880a5
Merge pull request #2769 from dgarske/zd9791
...
Fix for `wc_EccPublicKeyDecode` to use the length from ASN sequence
2020-02-03 11:05:17 -08:00
toddouska
c98876d440
Merge pull request #2768 from julek-wolfssl/openvpn-config
...
Add --enable-openvpn build option
2020-02-03 11:01:06 -08:00
toddouska
0551b1f2de
Merge pull request #2765 from SparkiDev/client_read_write
...
Client using common read and write func
2020-02-03 11:00:15 -08:00
Otto Kekäläinen
967235c1f3
Wrap JavaScript source on multiple lines to make it readable
...
Closes : wolfSSL/wolfssl#2783
2020-02-03 20:15:18 +02:00
Sean Parkinson
cc2bf03e73
Client using common read and write func
2020-02-03 09:17:27 +10:00
Juliusz Sosinowicz
420e597c16
Move functions to ssl.c
2020-02-01 10:06:53 +01:00
JacobBarthelmeh
6ec136208c
add sha256 hardware acceleration
2020-01-31 14:26:04 -08:00
David Garske
d63bdf257d
Merge pull request #2337 from MKinclRA/fix-visual-studio-2019-build
...
Added stdio.h include to types.h.
2020-01-31 12:59:58 -08:00
David Garske
26794e7b5e
Merge pull request #2778 from ejohnstown/fix-abi
...
Fix ABI
2020-01-31 06:49:16 -08:00
Martin Akman
20c0beb9e5
'WOLFSSL_USE_FLASHMEM' to store constant tables in flash memory
2020-01-31 23:43:17 +10:00
Martin Akman
6c1e0ff049
ATECC: Option to disable I2C transport key
2020-01-31 23:32:48 +10:00
Martin Akman
809472febc
Added VERY_SMALL_SESSION_CACHE
2020-01-31 23:32:48 +10:00
Martin Akman
14dc5fe2e3
Fixes for 16bit processors
2020-01-31 23:32:48 +10:00
Juliusz Sosinowicz
e13d9f7f1b
Add SSL_CTX_set1_groups_list and SSL_set1_groups_list APIs
2020-01-31 06:38:38 +01:00
David Garske
3d233d624c
Merge pull request #2770 from JacobBarthelmeh/Testing
...
fix typo in wolfSSL_sk_X509_EXTENSION_pop_free
2020-01-30 18:55:54 -08:00
JacobBarthelmeh
aa498a7956
Merge pull request #2767 from dgarske/freertos
...
Fix for evp.c included and FREERTOS realloc
2020-01-30 15:53:05 -07:00
John Safranek
4bc0f79dd9
Fix ABI
...
Someone removed some of the WOLFSSL_ABI tags from the ssl.h header file. It looks like it was a bad manual merge.
2020-01-30 14:07:27 -08:00
David Garske
928f641064
Fixes for char strings not marked as const. The const is an optimization to allow use from flash, which saves RAM space on embedded devices.
2020-01-30 13:53:06 -08:00
Chris Conlon
0fda8cc3b3
Merge pull request #2756 from dgarske/changelog
...
Template for ChangeLog.md for next release
2020-01-30 10:47:12 -07:00
David Garske
ba49427cc4
Cleanup include.am whitespace.
2020-01-30 08:44:52 -08:00
David Garske
32f478d335
Better fix for using the ASN.1 provided length, not provided inSz. Confirmed CheckBitString will check case where inSz < ASN.1 length.
2020-01-30 08:38:22 -08:00
toddouska
75e30a33f1
Merge pull request #2764 from SparkiDev/rsa_q_modinv_p
...
Constant time q modinv p in RSA key gen
2020-01-30 08:08:07 -08:00
David Garske
3df9ca3fae
Fix to use TBD version for next release.
2020-01-30 06:26:45 -08:00
David Garske
6cf63b1738
Template for ChangeLog.md for next release. New PR's should update this document if its worth mention in the change log.
2020-01-30 06:26:45 -08:00
David Garske
e5426f85c9
Fix for evp.c when being included directly due to improperly placed WOLFSSL_EVP_INCLUDED. Fix for FREERTOS to expose XREALLOC for normal math.
2020-01-30 06:22:08 -08:00
David Garske
9bfbdfe695
Fix for wc_EccPublicKeyDecode to use the length from ASN sequence, not the provided inSz. Also checked the case where the sequence number is larger than supplied inSz and it will properly return ASN_PARSE_E. ZD 9791
2020-01-30 06:20:29 -08:00
Kaleb Himes
a90cc51a5f
Merge pull request #2772 from dgarske/cert_tests
...
Fixes for build with opensslextra and 3072-bit cert buffers
2020-01-30 06:47:51 -07:00
Sean Parkinson
55ea2facdd
Changes to clear issues raised by cppcheck
2020-01-30 14:24:32 +10:00
Sean Parkinson
81bebd8e5c
Improve performance of SP Intel 64-bit asm
...
RSA: Only constant time copy out when doing private key op
Improve performance of sp_count_bits
2020-01-30 12:23:38 +10:00
Stanislav Klima
c938cb35ca
Logically dead code.
2020-01-29 17:35:15 +01:00
Stanislav Klima
ed88e8d1c5
Logically dead code.
2020-01-29 17:34:58 +01:00
Stanislav Klima
2db62f744a
Logically dead code.
2020-01-29 17:34:40 +01:00
Stanislav Klima
37386f5fb5
NULL dereference.
2020-01-29 17:34:19 +01:00
Stanislav Klima
670ba75ea4
Missing varargs cleanup.
2020-01-29 17:33:59 +01:00
Stanislav Klima
2d36624d84
NULL dereference.
2020-01-29 17:33:38 +01:00
Stanislav Klima
c3fabb1da6
NULL dereference.
2020-01-29 17:33:21 +01:00
Stanislav Klima
df0b0a6e91
NULL dereference.
2020-01-29 17:31:14 +01:00
Stanislav Klima
70cb97c116
NULL dereference.
2020-01-29 17:30:57 +01:00
Stanislav Klima
972790fb86
Resource leak.
2020-01-29 17:30:35 +01:00
Stanislav Klima
451d0a470a
Resource leak.
2020-01-29 17:30:14 +01:00
Stanislav Klima
96d1593735
Possible use after free.
2020-01-29 17:29:52 +01:00
Stanislav Klima
77b69ebf56
Logically dead code.
2020-01-29 17:29:23 +01:00
David Garske
e183d95c86
Fix for moved file.
2020-01-29 07:22:07 -08:00
David Garske
5677a96c80
Fixes to resolve openssl_pkey1_test with updated test buffer sizes.
2020-01-29 06:51:47 -08:00
David Garske
5aabebddd8
Fix more 3072-bit cert buffer edge case builds (certext/certgen).
2020-01-29 06:43:35 -08:00
David Garske
3f1c3392e5
Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key.
2020-01-29 06:37:06 -08:00
Jacob Barthelmeh
a9e9120fa0
change public Timeval to WOLFSSL_TIMEVAL
2020-01-28 17:11:46 -07:00
Jacob Barthelmeh
59af7a8e35
fix typo in wolfSSL_sk_X509_EXTENSION_pop_free
2020-01-28 16:50:54 -07:00
John Safranek
3bdb7d8188
Merge pull request #2761 from JacobBarthelmeh/Testing
...
add close on pre to echoserver example
2020-01-28 09:29:29 -08:00
Juliusz Sosinowicz
044ad957e5
Add --enable-openvpn build option
2020-01-28 15:29:24 +01:00
David Garske
1ea7755232
Merge pull request #2742 from tmael/dsa_mem_leak
...
Fix mem leak in DSA
2020-01-28 06:25:58 -08:00
Tesfa Mael
43b7258d3b
Review comments
2020-01-27 12:44:16 -08:00
Aaron Jense
91a9117e1b
Renesas RA e2studio projects for Client, Server, Test and Benchmark
2020-01-27 13:22:32 -07:00
JacobBarthelmeh
695b126a1c
Merge pull request #2739 from dgarske/pkcs8_ed25519
...
Added PKCS8 support for ED25519
2020-01-24 10:56:40 -08:00
David Garske
b9f39b7c06
Merge pull request #2759 from ejohnstown/config-maint
...
Deprecate some configure flags
2020-01-24 10:40:19 -08:00
David Garske
126dceee1f
Merge pull request #2763 from SparkiDev/sp_int_div_word
...
Add support to sp_int.c for platforms that do not divide an sp_int_wo…
2020-01-23 18:37:04 -08:00
Sean Parkinson
b4cadae4e2
Constant time q modinv p in RSA key gen
2020-01-23 14:52:29 -08:00
Sean Parkinson
ec877aa91e
Add support to sp_int.c for platforms that do not divide an sp_int_word by an sp_int_digit
2020-01-23 14:39:19 -08:00
toddouska
945d34533c
Merge pull request #2727 from JacobBarthelmeh/Windows
...
update to ECC key parsing custom curves for Windows
2020-01-23 13:57:06 -08:00
Chris Conlon
d1e39668aa
Merge pull request #2740 from aaronjense/compatibility-fixes
...
Compatibility Layer Fixes
2020-01-23 08:25:40 -08:00
Chris Conlon
c7340fd90b
Merge pull request #2750 from ejohnstown/mingw
...
mingw update
2020-01-23 08:00:15 -08:00
Chris Conlon
1c56d62753
Merge pull request #2754 from dgarske/crypttest_3072
...
wolfCrypt Test 3072-bit Support
2020-01-23 07:55:19 -08:00
Jacob Barthelmeh
d9253afc04
add close on pre to echoserver example
2020-01-22 16:23:46 -08:00
John Safranek
f2db85c07c
Deprecate some configure flags
...
1. Add C_EXTRA_FLAGS and C_FLAGS to CFLAGS.
2. Remove the cached copied of C_EXTRA_FLAGS and C_FLAGS.
3. The option.h is set only on CFLAGS, CPPFLAGS, and the AM_ versions.
2020-01-22 14:26:16 -08:00
David Garske
06e3c90073
Merge pull request #2732 from kaleb-himes/ZD9730-spellchecker
...
Fixing some typos. Thanks to Fossies for the report
2020-01-22 13:52:56 -08:00
David Garske
e3efdc4b5d
Merge pull request #2755 from SparkiDev/rsa_enc_3072
...
Fix masking of 16 bits
2020-01-22 13:40:21 -08:00
Sean Parkinson
55d485cc45
Fix masking of 16 bits
2020-01-22 10:39:36 -08:00
David Garske
b022b651b3
wolfCrypt test fixes for hard coded "256" byte buffers to support 3072-bit RSA. Requires PR #2755
2020-01-22 10:04:53 -08:00
David Garske
84a878bda2
Fix for include .am issue.
2020-01-22 09:11:00 -08:00
David Garske
2a5c623c97
Fix for RSA without SHA512 build error. Fix or renew cert PEM to DER.
2020-01-22 08:15:34 -08:00
David Garske
e3e862c8b6
Test case fixes for sig wrapper test and DH.
2020-01-21 22:25:11 -08:00
David Garske
4d9dbc9ec3
Adds 3072-bit RSA tests using USE_CERT_BUFFERS_3072.
2020-01-21 22:16:54 -08:00
Takashi Kojo
37cad6e9ba
%zu, pragma: not supported,
2020-01-22 08:12:51 +09:00
John Safranek
aabdec214e
MinGW uses the Win32 setsockopt() function which uses a char for
...
SO_REUSEADDR's option. Everything else uses an int.
2020-01-21 10:53:19 -08:00
David Garske
2cd3474e9d
Improve "keyFormat" to always set based on "algId" and let the later key parsing code produce failure.
2020-01-20 20:49:55 -08:00
David Garske
0489cc97a8
Fix for ProcessBuffer with PEM private keys, where PemToDer call was only setting eccKey. Cleanup to use "keyFormat" OID sum.
2020-01-20 20:49:55 -08:00
David Garske
de8e5ffd6e
Cleanup asn.c use of WOLFSSL_LOCAL (only required in the header).
2020-01-20 20:49:55 -08:00
David Garske
77426e78e1
Added test case for PKCS8 ED25519 encrypted private key.
2020-01-20 20:47:47 -08:00
David Garske
40c8562dc2
Added PKCS8 support for ED25519.
2020-01-20 20:47:47 -08:00
David Garske
7707234901
Merge pull request #2743 from JacobBarthelmeh/Compatibility-Layer
...
adjust set1 curves list function for TLS extension sent
2020-01-20 16:19:55 -08:00
David Garske
98f14eff9f
Refactor to combine duplicate ECC param parsing code.
2020-01-20 16:17:12 -08:00
John Safranek
23427085af
1. Add an indent to a new line in user settings.
...
2. Remove the execute bit from the changed files.
2020-01-20 12:30:32 -08:00
Takashi Kojo
a08ab1fc7a
fix mnGW error
2020-01-20 12:19:18 -08:00
Jacob Barthelmeh
c581c56999
update return value of local GetCurveByOID
2020-01-20 10:40:56 -07:00
Jacob Barthelmeh
3508579f4c
add check on NETX duo build and return value of opening driver
2020-01-20 09:33:14 -07:00
John Safranek
a624ae14df
Merge pull request #2725 from kaleb-himes/ZD9735
...
Remove redundant packing flag
2020-01-18 21:21:32 -08:00
toddouska
66daac4c94
Merge pull request #2709 from JacobBarthelmeh/Testing
...
set chacha20 similar to aes-ctr when handling leftover stream and add…
2020-01-17 15:05:24 -08:00
Jacob Barthelmeh
356636e88d
fix typo
2020-01-17 15:13:52 -07:00
JacobBarthelmeh
87859f9e81
Merge pull request #2747 from dgarske/sizeof_long
...
Improvements for detection of 64-bit support
2020-01-17 15:10:44 -07:00
toddouska
204ef9543a
Merge pull request #2728 from ejohnstown/maint-x509
...
Maintenance: X509
2020-01-17 13:51:02 -08:00
toddouska
92877a1214
Merge pull request #2730 from SparkiDev/sp_div_word_fix
...
Fix for div_word builds of SP C code
2020-01-17 13:15:44 -08:00
toddouska
60afa72330
Merge pull request #2731 from SparkiDev/auth_key_id_set
...
Fix when extAuthKeyIdSet is set.
2020-01-17 13:14:22 -08:00
toddouska
cca545f76c
Merge pull request #2735 from dgarske/ecc_sign
...
Fixes for ECC sign with `WOLFSSL_ECDSA_SET_K`
2020-01-17 13:13:38 -08:00
toddouska
dadcce3eb8
Merge pull request #2741 from SparkiDev/ecc_no_cache
...
Fix for ecc and no cache resistance - set M[2]
2020-01-17 13:09:53 -08:00
Jacob Barthelmeh
c5932a9874
account for leantls and selftest builds
2020-01-17 13:32:59 -07:00
kaleb-himes
9760ed07a9
Based on peer feedback, remove WOLFSSL_PACK from sniffer.h
2020-01-17 12:27:46 -07:00
Jacob Barthelmeh
bd4a9c69dd
convert name to oidsum to curve type for setting supported curves
2020-01-17 11:56:46 -07:00
Jacob Barthelmeh
d8c5353466
adjust set1 curves list function for TLS extension sent
2020-01-16 13:21:14 -07:00
David Garske
c38d5e9a29
Further improved to use HAVE_LIMITS_H and ULL instead of ui64
2020-01-16 09:06:44 -08:00
David Garske
541bf3e639
Improvements for detection of 64-bit support. Adds support for IBM s390x. Improves detection on Windows. Adds new WC_USE_LIMITS_FOR_SIZEOF option to use limits.h to detect sizeof long. Fixes #2600 and Fixes #2745 .
2020-01-16 07:15:18 -08:00
Tesfa Mael
fbf91f7397
Fix mem leak in DSA
2020-01-15 16:03:42 -08:00
Sean Parkinson
584d8498f8
Fix for ecc and no cache resistance - set M[2]
...
Need to have a value in order to maintain timing resistance.
Small maths fails also.
2020-01-16 09:35:34 +10:00
Aaron Jense
3db7b44be4
Compatibility Layer Fixes
2020-01-15 13:49:47 -07:00
Jacob Barthelmeh
bd44091111
refactor solution
2020-01-15 09:29:10 -07:00
JacobBarthelmeh
c01cd808da
changes for build with s7g2
...
add project info
add project info
adjust wolfssl library template
change TRNG collection
fix include.am
fix argument for TRNG
rename example templates
comment out DEBUG_WOLFSSL
change include.am
update license
2020-01-14 17:48:41 -07:00
David Garske
989f3d3684
Fix for FREE_VAR call on sharedA.
2020-01-14 14:35:20 -08:00
David Garske
e429dd8f0b
Peer review feedback minor cleanup.
2020-01-14 14:33:23 -08:00
David Garske
e9bbf89287
Fix for WOLFSSL_ECDSA_SET_K with normal math. The sign_k mp_int was not initialized.
2020-01-14 14:13:12 -08:00
David Garske
95b6076fe1
Fixes for ECC sign with WOLFSSL_ECDSA_SET_K, which was not loading all curve params for the wc_ecc_make_pub_ex call and not correctly setting ALLOC_CURVE_SPECS for WOLFSSL_SMALL_STACK. Cleanup around the loading of curve specs.
2020-01-13 16:25:37 -08:00
David Garske
22f49d8597
Fixes for building with ECC sign/verify only.
2020-01-13 15:35:08 -08:00
David Garske
8974827fbe
Added WOLFSSL_ECC_CURVE_STATIC build option to allow using fixed arrays for ECC parameters. This is enabled by default on Windows. Fixed several compiler warnings. Fixed build macro for key->deallocSet.
2020-01-13 07:15:17 -08:00
John Safranek
c69bd5169f
Switch strncpy to memcpy in the altname store function.
2020-01-10 20:34:14 -08:00
John Safranek
8d1b20706c
Maintenance: X509
...
1. Add a test for the new alt name handling.
2. Added an API to set altnames in a WOLFSSL_X509 struct. Just adds
DNS_entries.
3. Removed the "static" from a bunch of constant byte arrays used inside
some of the ASN.1 code.
2020-01-10 20:26:35 -08:00
John Safranek
5dcffa6b40
Maintenance: X509
...
1. Fix for issue #2724 . When making a certificate out of an X.509
structure, the subject alt names weren't getting correctly copied.
2. Added a function to flatten the DNS_entries into a sequence of
GeneralNames.
3. Put the proper certificate extension wrapping around the flattened
general names.
2020-01-10 20:26:35 -08:00
John Safranek
7571fbdbfb
Maintenance: X509
...
1. Fix for issue #2718 . Added a flag to the X509 structure when someone
sets the issuer name.
2. When making a certificate out of the X509, if the issuer name is set
clear the self-signed flag in the cert.
3. Propigate the flat X509_NAMEs to the string the cert building code
uses.
2020-01-10 20:25:43 -08:00
JacobBarthelmeh
6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513
...
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
John Safranek
71f8f3031d
Merge pull request #2729 from dgarske/telit_time
...
Fixes for the Telit time functions
2020-01-10 14:51:39 -08:00
David Garske
1f104e52a3
Merge pull request #2715 from ejohnstown/maint-dtls
...
Maintentance: DTLS
2020-01-10 14:43:15 -08:00
kaleb-himes
9b8d4e91c2
Fixing some typos. Thanks to Fossies for the report
2020-01-10 11:45:51 -07:00
Carie Pointer
544ff3f9ac
Fix length in wolfSSL_sk_CIPHER_description
2020-01-10 11:26:57 -07:00
Jacob Barthelmeh
99d657af4f
adjust test cases
2020-01-10 10:31:56 -07:00
Chris Conlon
26a075cfec
Merge pull request #2716 from cariepointer/apache-fixes
...
Fixes for Apache nightly Jenkins tests
2020-01-10 10:20:43 -07:00
Carie Pointer
ef99086aee
Fix valgrind errors
2020-01-10 10:08:39 -07:00
Carie Pointer
de3536a067
More fixes from review
2020-01-09 17:28:20 -07:00
Jacob Barthelmeh
0c25588ad1
adjust TEST_SMALL_CHACHA_CHUNKS size and add more tests
2020-01-09 17:13:57 -07:00
Jacob Barthelmeh
1538e631a8
revert size of ChaCha structure and delay counter increment
2020-01-09 16:39:48 -07:00
Jacob Barthelmeh
a1944c477a
set chacha20 counter in TLS AEAD use
2020-01-09 16:39:48 -07:00
Jacob Barthelmeh
8e24bf6c2c
add macro guard for optimized versions
2020-01-09 16:39:48 -07:00
JacobBarthelmeh
0ec7b311d8
set chacha20 similar to aes-ctr when handling leftover stream and add test case
2020-01-09 16:39:48 -07:00
cariepointer
a9cf16cc2b
Merge branch 'master' into apache-fixes
2020-01-09 16:33:35 -07:00
Sean Parkinson
6e8f3faedd
Fix when extAuthKeyIdSet is set.
...
Was set when extension is seen - extension may not have hash.
But is used to indicate that the hash is set - ie look up by hash.
2020-01-10 09:28:45 +10:00
Sean Parkinson
03c42423eb
Fix for div_word builds of SP C code
2020-01-10 09:02:26 +10:00
toddouska
f3b2815e1f
Merge pull request #2708 from julek-wolfssl/nginx-fix
...
Nginx fix
2020-01-09 15:00:59 -08:00
toddouska
3c9f7809f1
Merge pull request #2714 from JacobBarthelmeh/Docs
...
update linux sgx readme for wolfssl/options.h creation
2020-01-09 14:58:22 -08:00
toddouska
51f44cb09b
Merge pull request #2719 from dgarske/nxp_k64_mmcau
...
Fixes for NXP K64
2020-01-09 14:57:11 -08:00
toddouska
21f82a5662
Merge pull request #2721 from SparkiDev/sp_small_stack_fixes
...
Fix in SP C impl for small stack
2020-01-09 14:55:44 -08:00
toddouska
99045a2fea
Merge pull request #2723 from SparkiDev/rsa_vfy_only_fix
...
Rsa vfy only fix
2020-01-09 14:55:10 -08:00
toddouska
3ea69676eb
Merge pull request #2726 from ejohnstown/maint-ren
...
Maintenance: Secure Renegotiation
2020-01-09 14:54:13 -08:00
toddouska
11a0b117f8
Merge pull request #2706 from dgarske/chapoly_aead_iuf
...
New API's for ChaCha20/Poly1305 AEAD init/update/final
2020-01-09 14:49:26 -08:00
Carie Pointer
0938cdde52
Remove dup->dynamicName = 1 call
2020-01-09 14:09:38 -08:00
Carie Pointer
47040f1dae
EC_KEY_dup fixes
2020-01-09 14:35:57 -07:00
David Garske
8fb586f3ee
Fixes for the Telit time functions. ZD 9733
2020-01-09 11:17:19 -08:00
Jacob Barthelmeh
41f134ae31
update to ECC key parsing custom curves for Windows
2020-01-08 14:45:59 -07:00
John Safranek
1f0f3eb97d
Maintenance: Secure Renegotiation
...
Allow sending application data during the secure renegotiation.
2020-01-08 11:50:18 -08:00
Carie Pointer
b9c99709f7
Fixes from review
2020-01-08 12:48:01 -07:00
kaleb-himes
187702efb9
bring sniffer.h inline with types.h
2020-01-08 09:45:59 -07:00
David Garske
bc1cb4ead8
Fix to keep existing behavior where AAD is optional for wc_ChaCha20Poly1305_Encrypt and wc_ChaCha20Poly1305_Decrypt.
2020-01-07 18:58:26 -08:00
Carie Pointer
f13cee2689
Add comments above functions
2020-01-07 17:30:25 -07:00
Sean Parkinson
b27ec58d20
Fix RSA verify only build
2020-01-08 10:18:37 +10:00
Carie Pointer
28cf563c76
Fixes from PR review: styling and formatting, remove duplicate code
2020-01-07 17:01:53 -07:00
Sean Parkinson
89d8a90781
Get code compiling with SP math and RSA key gen again.
2020-01-08 09:51:26 +10:00
Sean Parkinson
1f1a173d56
Fix in SP C impl for small stack
...
Memset correct size and only when pointer is not NULL.
2020-01-08 08:57:20 +10:00
toddouska
d257003341
Merge pull request #2711 from cconlon/copyright2020
...
update copyright to 2020
2020-01-07 08:40:15 -08:00
toddouska
190623cbb2
Merge pull request #2705 from dgarske/atecc_leak
...
Fix for possible ECC memory leak when using ATECC and TLS
2020-01-07 08:39:39 -08:00
toddouska
709d17904a
Merge pull request #2693 from SparkiDev/mp_rand
...
Improve speed of mp_rand
2020-01-07 08:39:11 -08:00
Carie Pointer
9e4836a863
Fix for jenkins test failure
2020-01-07 08:11:05 -08:00
toddouska
b7ac709617
Merge pull request #2692 from SparkiDev/rsa_gen_modinv
...
Add blinding of mod inverse to RSA key gen
2020-01-07 07:56:38 -08:00
David Garske
56e57f3216
Refactor Poly1305 AEAD / MAC to reduce duplicate code. Tested with TLS v1.3 interop and AEAD test vectors.
2020-01-07 07:04:01 -08:00
David Garske
0f0d307b76
Fix to avoid duplicate symbol for CheckRunTimeSettings when SP and TFM are built. Specifically with these build options: USE_FAST_MATH, WOLFSSL_SP and WOLFSSL_SP_MATH.
2020-01-07 05:43:59 -08:00
David Garske
acfe9717f8
Fix for K64 MMCAU with WOLFSSL_SMALL_STACK_CACHE. Moved random test prior to cipher tests (was getting called first time in GMAC test).
2020-01-07 05:39:17 -08:00
David Garske
914cd00e40
Merge pull request #2717 from SparkiDev/sp_cortexm_r7
...
Don't use r7 with Cortex-M SP assembly
2020-01-07 05:28:43 -08:00
Juliusz Sosinowicz
e0ab92058b
Check CRL extension errors but don't require them
2020-01-07 11:55:07 +01:00
Sean Parkinson
34a462b342
Don't use r7 with Cortex-M SP assembly
...
r7 not available when compiling Cortex-M4 in debug.
2020-01-07 12:53:34 +10:00
David Garske
d68d5229e1
Refactor wc_ChaCha20Poly1305_Encrypt and wc_ChaCha20Poly1305_Decrypt to use the new ChaChaPoly_Aead context and init/update/final functions.
2020-01-06 17:07:09 -08:00
Carie Pointer
681ecf0e58
Fixes for wolfSSL_CTX_load_verify_locations_ex
2020-01-06 14:32:32 -08:00
Carie Pointer
991ee662c0
Return 0 in ParseCRL_Extensions if there are no CRL extensions to parse
2020-01-06 08:42:37 -08:00
Jacob Barthelmeh
f593ff8776
update linux sgx readme for wolfssl/options.h creation
2020-01-06 09:27:17 -07:00
JacobBarthelmeh
ce0475a8e0
Merge pull request #2689 from tmael/pkey_freeMutex
...
Free EVP ctx pkey
2020-01-06 23:15:00 +07:00
Sean Parkinson
75637445ee
Improve speed of mp_rand
2020-01-06 09:39:29 +10:00
Carie Pointer
26eea36d7f
Fix X509_NAME issues for Apache
2020-01-03 15:40:52 -08:00
Chris Conlon
45c5a2d39c
update copyright to 2020
2020-01-03 15:06:03 -08:00
Juliusz Sosinowicz
443b7ed0c4
Accept newline and null teminator at end of X509 certificate
2020-01-02 10:52:02 +01:00
David Garske
01c7cc6502
Fixes to avoid declaring any variables mid-function and always initializing.
2019-12-31 11:43:13 -08:00
David Garske
784d95afbe
Improved state handling.
2019-12-31 10:34:06 -08:00
David Garske
7d2adb2fc0
Merge pull request #2707 from tmael/rsa_cc310
...
Cryptocell RSA improvements to sign/verify more digest types
2019-12-31 09:19:25 -08:00
David Garske
bff6dcec24
Added support for AAD calc only. Allows Init, UpdateAad and Final sequence. Verfied again with customer test cases.
2019-12-31 08:25:23 -08:00
David Garske
f01999b322
Peer review feedback.
2019-12-31 08:08:33 -08:00
David Garske
b901a2cd35
Use byte for bit-field. Line length cleanup.
2019-12-30 18:05:25 -08:00
toddouska
4f71bcfa7c
Merge pull request #2704 from ejohnstown/renegotiation
...
Maintenance: Renegotiation
2019-12-30 16:45:31 -08:00
Tesfa Mael
f58a9e81e9
Cryptocell rsa improvements to sign/verify more digest types
2019-12-30 16:31:30 -08:00
David Garske
1ee9d182cf
New API's for ChaCha20/Poly1305 AEAD init/update/final:
...
* Provides a context for AEAD to allow "chunked" updates of data then a final calculation for the authentication tag.
* New API's are on by default and can be disabled using NO_CHACHAPOLY_AEAD_IUF.
2019-12-30 15:20:55 -08:00
toddouska
abc96f20fb
Merge pull request #2696 from embhorn/cert_vfy_CB
...
CertManager verify callback
2019-12-30 11:57:44 -08:00
Juliusz Sosinowicz
1bf6eb466f
CRL extensions are optional so ext errors should be skipped
2019-12-30 19:08:59 +01:00
Tesfa Mael
4004963c6a
test pkey references count
2019-12-30 09:31:23 -08:00
David Garske
f51d940e34
Fix for ECC memory leak when using ATECC and non SECP256R1 curves for sign, verify or shared secret. Fixes #2701 .
2019-12-30 08:35:30 -08:00
toddouska
3b7b71c9e0
Merge pull request #2700 from JacobBarthelmeh/HardwareAcc
...
Hardware calls for DSP use
2019-12-27 13:58:43 -08:00
toddouska
deac82c8ed
Merge pull request #2683 from dgarske/various_items
...
Various cleanups and fixes
2019-12-27 13:53:39 -08:00
toddouska
95daec5326
Merge pull request #2633 from tmael/cc_310
...
Update Cryptocell readme
2019-12-27 12:58:19 -08:00
toddouska
78fa84be00
Merge pull request #2649 from SparkiDev/rsa_pubonly
...
Fix RSA public key only builds
2019-12-27 12:55:34 -08:00
toddouska
dd28f26c44
Merge pull request #2699 from JacobBarthelmeh/Testing
...
big endian changes
2019-12-27 12:52:30 -08:00
Juliusz Sosinowicz
38f466bdfe
Keep untrustedDepth = 0 for self signed certs
2019-12-27 17:48:34 +01:00
John Safranek
add7cdd4e2
Maintenance: Renegotiation
...
1. Found a corner case where secure renegotiation would fail trying to
inappropriately use a session ticket.
2. Explicitly split renegotiation into Rehandshake and SecureResume.
2019-12-26 16:39:44 -08:00
David Garske
e8afcbf031
Merge pull request #2702 from embhorn/spelling
...
Correct misspellings and typos from codespell tool
2019-12-26 08:19:20 -08:00
Eric Blankenhorn
8580bd9937
CertManager verify callback
...
Execute verify callback from wolfSSL_CertManagerLoadCA
2019-12-26 09:29:03 -06:00
JacobBarthelmeh
ac0acb3c37
fix for test case with big endian
2019-12-26 05:57:26 -07:00
Eric Blankenhorn
b83804cb9d
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
JacobBarthelmeh
ad9011a863
initial DSP build and success with Debug mode
...
build dps with ARM neon 64
fix for release mode build
add in threading protection and seperate out rng
added callback function and updates to README
update default handle to lock, and add finished handle call
cleanup after veiwing diff of changes
2019-12-23 14:17:58 -07:00
JacobBarthelmeh
5348ecb1f2
initial makefile and build with hexagon
2019-12-23 13:49:06 -07:00
JacobBarthelmeh
ca59bc2d16
big endian changes
2019-12-23 12:33:59 -07:00
Tesfa Mael
99a7aff31e
Increment pkey references count
2019-12-20 22:38:54 -08:00
Tesfa Mael
48e59eaeb1
Free EVP ctx pkey
2019-12-20 22:38:54 -08:00
toddouska
3f13b49fa3
Merge pull request #2695 from JacobBarthelmeh/Release
...
prepare for release v4.3.0
2019-12-20 11:10:34 -08:00
Jacob Barthelmeh
e1433867ce
fix for expected nightly config test report
2019-12-20 09:46:12 -07:00
Jacob Barthelmeh
5675a2b3c5
prepare for release v4.3.0
2019-12-20 08:43:34 -07:00
Sean Parkinson
9d94b48056
Add blinding of mod inverse to RSA key gen
2019-12-20 12:17:42 +10:00
toddouska
45d55c8f38
Merge pull request #2676 from SparkiDev/sp_cortexm_perf
...
Improve Cortex-M RSA/DH assembly code performance
2019-12-19 15:03:59 -08:00
John Safranek
6c7e86f366
Maintentance: DTLS
...
1. Client wasn't skipping a handshake state when the server sends a
hello without a hello verify. It ended up resetting the handshake hash
and resending Hello with its next messages.
2019-12-19 11:48:05 -08:00
toddouska
51f956490f
Merge pull request #2661 from SparkiDev/parse_cert_rel_fixes
...
Cleanup ParseCertRelative code
2019-12-19 11:03:56 -08:00
toddouska
3342a19e29
Merge pull request #2578 from cariepointer/ZD-9478-and-9479
...
Add sanity checks for parameters in wc_scrypt and wc_Arc4SetKey
2019-12-19 10:59:05 -08:00
David Garske
2aa8fa2de6
Merge pull request #2688 from kaleb-himes/GH2552
...
use const to declare array rather than variable sz - VS doesn't like …
2019-12-19 08:52:30 -08:00
JacobBarthelmeh
e10ace21df
Merge pull request #2690 from SparkiDev/sp_int_fixes_1
...
Fix SP to build for different configurations
2019-12-19 08:52:52 -07:00
Sean Parkinson
36f697c93d
Fix SP to build for different configurations
...
Was failing:
--enable-sp --enable-sp-math
--enable-sp --enable-sp-math --enable-smallstack
2019-12-19 15:15:19 +10:00
kaleb-himes
95c0c1f2a5
use const to declare array rather than variable sz - VS doesn't like this
2019-12-18 16:08:26 -08:00
Sean Parkinson
64a1045dc3
Cleanup ParseCertRelative code
...
Fix for case:
- can't find a signer for a certificate with the AKID
- find it by name
Has to error as the signer's SKID is always set for signer and would
have matched the AKID.
Simplify the path length code - don't look up CA twice.
Don't require the tsip_encRsaKeyIdx field in DecodedCert when
!WOLFSSL_RENESAS_TSIP - use local variable.
2019-12-19 08:53:24 +10:00
toddouska
6922d7031c
Merge pull request #2685 from embhorn/coverity_fixes
...
Coverity fixes
2019-12-18 14:06:48 -08:00
toddouska
531fedfbb4
Merge pull request #2687 from ejohnstown/dtls-cap
...
DTLS Handshake Message Cap
2019-12-18 13:50:52 -08:00
David Garske
031e78e103
Merge pull request #2606 from kaleb-himes/DOCS_UPDATE_19_NOV_2019
...
Add dox documentation for wc_ecc_make_key_ex
2019-12-18 13:49:57 -08:00
toddouska
0057eb16f8
Merge pull request #2686 from ejohnstown/crl-skid
...
Check name hash after matching AKID for CRL
2019-12-18 13:48:59 -08:00
toddouska
573d045437
Merge pull request #2682 from SparkiDev/akid_name_check
...
Check name hash after matching AKID
2019-12-18 13:08:19 -08:00
David Garske
c054293926
Merge pull request #2684 from JacobBarthelmeh/build-tests
...
fix for g++ build warning
2019-12-18 12:09:29 -08:00
Eric Blankenhorn
52893877d7
Fixes from review
2019-12-18 13:25:25 -06:00
John Safranek
6c6d72e4d6
Find CRL Signer By AuthKeyId
...
When looking up the signer of the CRL by SKID/AKID, also verify that the
CRL issuer name matches the CA's subject name, per RFC 5280 section 4.1.2.6.
2019-12-18 10:17:51 -08:00
kaleb-himes
2607cf3429
Fix up based on peer feedback
2019-12-18 10:55:20 -07:00
toddouska
5a04ee0d8b
Merge pull request #2640 from dgarske/alt_chain
...
Fixes for Alternate chain processing
2019-12-18 09:38:45 -08:00
toddouska
b89121236f
Merge pull request #2635 from dgarske/async_date
...
Fix for async date check issue
2019-12-18 09:34:08 -08:00
toddouska
74a8fbcff4
Merge pull request #2666 from SparkiDev/b64_dec_fix
...
Bade64_Decode - check out length (malformed input)
2019-12-18 09:30:41 -08:00
toddouska
c2e5991b50
Merge pull request #2681 from ejohnstown/crl-skid
...
Find CRL Signer By AuthKeyId
2019-12-18 09:29:17 -08:00
Jacob Barthelmeh
b5f645ea00
fix for g++ build warning
2019-12-18 10:01:52 -07:00
David Garske
22f0b145d3
Various cleanups and fixes:
...
* Fix for key gen macro name in benchmark.c
* Fix for possible RSA fall-through warning.
* Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`.
* Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`.
* Added options.h includes for test.c and benchmark.c.
* Added printf warning on the math size mismatch in test.c.
* Added support for benchmarking larger sizes.
* TLS benchmarks for HiFive unleashed.
2019-12-18 07:09:26 -08:00
David Garske
b126802c36
Clarify logic for skipping call to AddCA.
2019-12-18 06:04:26 -08:00
Sean Parkinson
c1218a541b
Check name hash after matching AKID
...
RFC 5280, Section 4.1.2.6:
If the subject is a CA (e.g., the basic constraints extension, as
discussed in Section 4.2.1.9, is present and the value of cA is TRUE),
then the subject field MUST be populated with a non-empty distinguished
name matching the contents of the issuer field (Section 4.1.2.4) in all
certificates issued by the subject CA.
The subject name must match - even when the AKID matches.
2019-12-18 17:57:48 +10:00
Sean Parkinson
6ccd146b49
Bade64_Decode - check out length (malformed input)
2019-12-18 17:06:58 +10:00
Tesfa Mael
69a0c1155f
Review comment
2019-12-17 17:36:38 -08:00
John Safranek
ef6938d2bc
DTLS Handshake Message CAP
...
Cap the incoming DTLS handshake messages size the same way we do for
TLS. If handshake messages claim to be larger than the largest allowed
certificate message, we error out.
2019-12-17 16:55:58 -08:00
toddouska
7e74d02da5
Merge pull request #2677 from SparkiDev/p12_pbkdf_tmp_fix
...
PKCS#12 PBKDF - maximum tmp buffer size
2019-12-17 16:48:08 -08:00
toddouska
ff026efe49
Merge pull request #2670 from SparkiDev/dec_pol_oid_fix
...
DecodePolicyOID - check out index
2019-12-17 16:47:36 -08:00
toddouska
892e951c8a
Merge pull request #2669 from SparkiDev/name_joi_fix
...
Decode X.509 name - check input length for jurisdiction
2019-12-17 16:46:30 -08:00
toddouska
435d4bf427
Merge pull request #2658 from SparkiDev/asn_date_check
...
Check ASN date characters are valid
2019-12-17 16:39:35 -08:00
toddouska
f81ce71c25
Merge pull request #2660 from JacobBarthelmeh/Compatibility-Layer
...
add --disable-errorqueue option
2019-12-17 16:37:02 -08:00
toddouska
06563ed3fa
Merge pull request #2642 from SparkiDev/sp_exptmod
...
sp_int: support for more values in sp_exptmod
2019-12-17 16:36:12 -08:00
John Safranek
037c319bab
Find CRL Signer By AuthKeyId
...
1. Add parsing of CRL extensions, specifically the Auth Key ID extension.
2. To verify CRL, search for CA signer by AuthKeyId first, then by name. If NO_SKID is set, just use name.
3. Update the ctaocrypt settings.h for the NO_SKID option with CRL so FIPS builds work.
2019-12-17 15:33:39 -08:00
toddouska
feeb18600f
Merge pull request #2636 from SparkiDev/mp_exptmod_fixes
...
Handle more values in fp_exptmod
2019-12-17 15:22:24 -08:00
toddouska
138377f30e
Merge pull request #2641 from SparkiDev/sp_c32_lshift
...
Fix lshift in SP 32-bit C code - FFDHE
2019-12-17 15:17:17 -08:00
toddouska
5ee9f9c7a2
Merge pull request #2637 from SparkiDev/ecc_cache_resist
...
Improve wc_ecc_mulmod_ex cache attack resistance
2019-12-17 15:16:16 -08:00
toddouska
028d9e5443
Merge pull request #2634 from SparkiDev/pkcs7_libz_fix
...
Fix missing variable declaration
2019-12-17 15:13:13 -08:00
David Garske
a176789f13
Fix for async issue with "badDate" and "criticalExt" check getting skipped on call to ConfirmSignature with WC_PENDING_E response. Added log message when date failure is skipped.
2019-12-17 15:03:00 -08:00
toddouska
06e5e81b1b
Merge pull request #2663 from embhorn/zd5050
...
Clarify wolfSSL_shutdown error on subsequent calls
2019-12-17 14:59:35 -08:00
Carie Pointer
5711d12364
Remove SSL_library_init() calls in unit tests to fix valgrind issues
2019-12-17 15:54:10 -07:00
Eric Blankenhorn
774a758f59
Fixes in test and example code
2019-12-17 15:56:40 -06:00
toddouska
ab14a26be0
Merge pull request #2650 from dgarske/boot_tpm
...
Fix API visibility for ED25519 check key
2019-12-17 13:45:39 -08:00
Carie Pointer
cfd91fb0b8
Add check for length == 0 in wc_Arc4SetKey
2019-12-17 13:28:50 -07:00
David Garske
e8594daab6
Merge pull request #2678 from tmael/night_valgrind
...
Fix memory leak detected with Valgrind
2019-12-17 09:11:30 -08:00
Tesfa Mael
88188b79e2
Fix mem leak
2019-12-16 18:03:11 -08:00
Sean Parkinson
8d7d2c74ee
PKCS#12 PBKDF - maximum tmp buffer size
...
Use WC_MAX_BLOCK_SIZE - only an issue if PBKDF is using SHA-3
algorithms.
2019-12-17 09:56:08 +10:00
Sean Parkinson
a71eb11b38
Improve Cortex-M RSA/DH assembly code performance
...
Performance of modular exponentiation improved by about 30%.
2019-12-17 09:03:34 +10:00
David Garske
8d8ab655fa
Merge pull request #2671 from ejohnstown/maint-conf
...
Maintenance: Configure
2019-12-16 13:38:02 -08:00
Chris Conlon
c0716b9e3f
Merge pull request #2673 from Naruto/feature/fix_readme_miss
...
fix spell miss of zephyr README.md
2019-12-16 12:31:55 -07:00
Eric Blankenhorn
af5c98a6a8
Fixes in wolfCrypt test
2019-12-16 10:22:42 -06:00
Naruto TAKAHASHI
7fbadeaa17
fix spell miss of zephyr README.md
2019-12-16 21:36:43 +09:00
Eric Blankenhorn
0bb8ae8564
Fixes for new defects in wolfCryot and wolfSSL (excluding test code)
2019-12-13 17:17:13 -06:00
David Garske
f2115b2c2b
Merge pull request #2652 from ejohnstown/maintenance-error
...
Maintenance: Error Strings
2019-12-13 15:03:32 -08:00
John Safranek
0348123261
Maintenance: Configure
...
1. Remove some redundant AM_CONDITIONAL macros checking for OCSP and CRL.
2. Moved the AM_CONDITIONAL macro setting BUILD_PKCS12 to the other AM_CONDITIONALS.
2019-12-13 15:02:03 -08:00
Chris Conlon
1a594d92ba
Merge pull request #2668 from ejohnstown/maintenance-scanbuild
...
Fixed a couple initialization issues scan-build indicated
2019-12-13 14:13:48 -07:00
Sean Parkinson
6a2975c742
DecodePolicyOID - check out index
2019-12-13 12:13:38 +10:00
Sean Parkinson
b3cbab4bf3
Decode X.509 name - check input length for jurisdiction
2019-12-13 11:55:15 +10:00
John Safranek
e7af2d2ba9
Fixed a couple initialization issues scan-build indicated.
2019-12-12 16:50:37 -08:00
John Safranek
a3cc2aa6ff
Merge pull request #2665 from kaleb-himes/ZD-9590-CCM-Benchmarking
...
Add CCM Decryption to benchmarking
2019-12-12 16:48:12 -08:00
Sean Parkinson
e063fb1631
sp_int.c: Strip leading zeros in sp_read_radix
2019-12-13 09:08:55 +10:00
kaleb-himes
0a38d7c178
Add CCM Decryption to benchmarking
2019-12-12 13:53:30 -07:00
Eric Blankenhorn
51d5abd63f
Clarify wolfSSL_shutdown error on subsequent calls
2019-12-12 13:16:52 -06:00
Sean Parkinson
adc14f7552
sp_int: Check size of numbers for overflow
2019-12-12 18:36:23 +10:00
Jacob Barthelmeh
2e5258fe15
add --disable-errorqueue option
2019-12-11 11:19:58 -07:00
Sean Parkinson
dffb59ea52
sp_int: support for more values in sp_exptmod and fix
...
SP C - fix mont reduce with fast mul_add
2019-12-11 11:10:18 +10:00
toddouska
093a31ed49
Merge pull request #2655 from kaleb-himes/ZD-9592
...
Remove forcing NO_SKID on unsuspecting CRL users
2019-12-10 16:33:16 -08:00
Carie Pointer
c66ca1b774
Remove unused dNSName malloc from wolfSSL_X509_get_ext_d2i
2019-12-10 17:00:16 -07:00
Sean Parkinson
05dafd0adb
Check ASN date characters are valid
2019-12-11 09:22:26 +10:00
John Safranek
74e54393ab
Remove a bitfield indicator from a structure member that didn't require it.
2019-12-10 13:17:30 -08:00
Carie Pointer
b08d180bc9
WOLFSSL_DH redefined error fix
2019-12-09 16:13:18 -07:00
Carie Pointer
4511557f01
More jenkins test fixes
2019-12-09 15:57:53 -07:00
kaleb-himes
2b66a9f1ec
Address reviewed items
2019-12-09 14:44:59 -07:00
Carie Pointer
9ad970d8a4
Fixes for jenkins test failures
2019-12-09 14:04:52 -07:00
kaleb-himes
e8c7d6f818
Account for ASN disabled
2019-12-07 05:06:41 -07:00
kaleb-himes
bbdf0d101f
Improve Decoded CRL initialization
2019-12-07 04:23:02 -07:00
kaleb-himes
072fe8fd6d
More complete fix for removing NO_SKID condition as default with CRL enabled
2019-12-07 03:39:57 -07:00
tmael
8450c4ae39
Merge pull request #2643 from ejohnstown/maintenance-prime
...
Maintentance: Prime
2019-12-06 18:50:51 -08:00
JacobBarthelmeh
05e672428d
Merge pull request #2645 from cconlon/cmsrsacb
...
CMS SignedData RSA sign callback for raw digest
2019-12-06 17:13:32 -07:00
Carie Pointer
ee13dfd878
Add Qt 5.12 and 5.13 support
...
Co-Authored-By: aaronjense <aaron@wolfssl.com >
Co-Authored-By: MJSPollard <mpollard@wolfssl.com >
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com >
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com >
2019-12-06 14:27:01 -07:00
Chris Conlon
6081bdaad6
free PKCS7 before creating new in API test
2019-12-06 12:00:33 -07:00
John Safranek
19a4371d48
Maintenance: Error Strings
...
1. One of the error string was >80 bytes long. Shortened it.
2. The function that copies an error string to an output array needs to
ensure the string is still null terminated.
3. Added a check to the wolfCrypt test to see that error strings aren't
>= 80 bytes long.
2019-12-06 09:53:39 -08:00
Chris Conlon
b4f67dabcf
Merge pull request #2647 from kojo1/SN-size
...
EXTERNAL_SERIAL_SIZE to build option
2019-12-06 09:13:07 -07:00
David Garske
b28f6aeb34
Work to support wolfBoot with wolfTPM. Fix missing visibility marker for wc_ed25519_check_key.
2019-12-06 06:53:23 -08:00
Sean Parkinson
2528121925
Fix RSA public key only builds
...
Client side only and no client auth
2019-12-06 20:42:27 +10:00
Takashi Kojo
87ec950221
Rollback the define in internal.h
2019-12-06 10:31:28 +09:00
toddouska
9fd5628148
Merge pull request #2631 from SparkiDev/mp_invmod_fix
...
mp_invmod handles more inputs
2019-12-05 16:21:33 -08:00
toddouska
7e391f0fd5
Merge pull request #2629 from SparkiDev/dsa_blinding
...
Blinding for DSA sign
2019-12-05 16:20:21 -08:00
toddouska
4b31a180c8
Merge pull request #2626 from SparkiDev/sp_invmod_fixes
...
Fix sp_invmod to handle more input values
2019-12-05 16:18:55 -08:00
toddouska
8cc4c62c14
Merge pull request #2625 from SparkiDev/set_ser_num_2
...
Support 20-byte serial numbers and disallow 0.
2019-12-05 16:17:54 -08:00
toddouska
bd8a612d6c
Merge pull request #2624 from ejohnstown/maintenance-ASN1
...
Maintenance: ASN.1
2019-12-05 16:16:42 -08:00
toddouska
7ec448ac0c
Merge pull request #2617 from embhorn/zd9553
...
Fix for vasprintf with AIX
2019-12-05 16:15:24 -08:00
toddouska
7631fdafa1
Merge pull request #2612 from SparkiDev/sp_div_small_a
...
sp_div improved to handle when a has less digits than d
2019-12-05 16:14:05 -08:00
toddouska
6d40c20f2c
Merge pull request #2609 from JacobBarthelmeh/Compatibility-Layer
...
Fix for EVP CipherUpdate decrypt and add test case
2019-12-05 16:12:26 -08:00
toddouska
312d5c98b3
Merge pull request #2535 from julek-wolfssl/nginx-1.15
...
Nginx 1.15.0 & 1.16.1
2019-12-05 14:40:45 -08:00
toddouska
a13ebf5258
Merge pull request #2543 from embhorn/zd5706
...
Update DoVerifyCallback to check verify param hostName and ipasc
2019-12-05 14:38:47 -08:00
Takashi Kojo
d74a1888bb
move it to build option
2019-12-06 06:28:25 +09:00
John Safranek
2c0fda4168
Maintentance: Prime
...
1. Revisited the option enables around the wolfCrypt prime test. Added a
check for key generation to the check for public MP.
2019-12-05 12:23:42 -08:00
Tesfa Mael
4f8a37ef7b
Remove wc_RsaSSL_VerifyInline from Cryptocell
2019-12-05 10:40:21 -08:00
Chris Conlon
be97444d24
add api test for wc_PKCS7_SetRsaSignRawDigestCb()
2019-12-05 10:33:49 -07:00
Chris Conlon
2063fa502f
add CMS RSA sign callback for raw digest
2019-12-05 10:33:49 -07:00
Sean Parkinson
0552fbc5de
Fix lshift in SP 32-bit C code - FFDHE
2019-12-05 09:08:30 +10:00
David Garske
9b437384de
Allow AddCA for root CA's over the wire that do not have the extended key usage cert_sign set.
2019-12-04 14:14:37 -08:00
David Garske
b01c558adb
Fix to not send alert until after the verify cert callback and alternate chain logic has been evaluated.
2019-12-04 12:41:23 -08:00
David Garske
acd4bc3305
Added logging for SendAlert call.
2019-12-04 11:02:22 -08:00
John Safranek
44fc3e14b1
Maintenance: ASN.1
...
1. Fix some preprocessor flag checking for function EncodePolicyOID. It
also needs to be available for OpenSSL Compatibility.
2. Fix for a name string for a test that can get left in or out
incorrectly.
2019-12-04 10:26:37 -08:00
David Garske
3646051434
Fix for alternate chain logic where presented peer's CA could be marked as trusted.
...
When building with `WOLFSSL_ALT_CERT_CHAINS` a peer's presented CA could be incorrectly added to the certificate manager, marking it as trusted.
Began in PR #1934
ZD 9626
2019-12-04 06:56:36 -08:00
Sean Parkinson
2a0c037f98
Improve wc_ecc_mulmod_ex cache attack resistance
2019-12-04 11:08:28 +10:00
Sean Parkinson
c5f9a601e8
Handle more values in mp_exptmod
...
Handle prime (modulus) of 0 and 1.
Handle exponent of 0.
Fix for base of 0 in fp_exptmod and hadnle base of 0 in mp_exptmod.
fp_exptmod - Don't modify X's sign during operation when passed in as negative.
2019-12-04 09:32:08 +10:00
Sean Parkinson
fd4fb28a2e
Fix missing variable declaration
...
--enable-scep --with-libz
PKCS#7 decompress code
2019-12-03 11:07:29 +10:00
Sean Parkinson
b9a82204e2
Blinding for DSA sign
2019-12-03 09:36:33 +10:00
Tesfa Mael
889f111454
Update CC readme
2019-12-02 14:55:21 -08:00
David Garske
7e45ae2ec6
Merge pull request #2621 from JacobBarthelmeh/SanityChecks
...
sanity check on "a" input to invmod
2019-12-02 10:57:01 -08:00
Jacob Barthelmeh
2efa91632e
revert adding import check in configure.ac
2019-12-02 08:56:00 -07:00
David Garske
bfaa970d84
Merge pull request #2628 from tmael/nightly_valgrind
...
Fix Valgrind Known Configs Test
2019-11-29 08:59:58 -08:00
Sean Parkinson
204045223f
Fix sp_invmod to handle more input values
2019-11-29 11:54:36 +10:00
Sean Parkinson
bd7a572a8f
mp_invmod handles more inputs
...
Value to invert: a
Modulus: b
integer.c - normal math
- a is one, or a mod b is one
tfm.c - fast math
- b is -ve (error), or b is zero
- a is zero or a mod b is zero
2019-11-29 09:08:44 +10:00
David Garske
f0c070b2cf
Merge pull request #2630 from SparkiDev/poly1305_avx2_fix
...
Poly1305 AVX2 asm fix
2019-11-28 09:28:22 -08:00
Sean Parkinson
06ca07c79f
Poly1305 AVX2 asm fix
...
Missed carry when converting from 26 in 64 bits to 64 in 64 bits.
2019-11-28 16:01:29 +10:00
Sean Parkinson
16ac0d8eb6
Support 20-byte serial numbers and disallow 0.
2019-11-28 10:21:48 +10:00
Sean Parkinson
245a2b7012
sp_int: clamp more results
2019-11-28 10:01:54 +10:00
Sean Parkinson
dadbeff433
sp_int: When setting digit of 0, set used to 0
2019-11-28 10:01:54 +10:00
Sean Parkinson
2ac0ac8776
Fix for sp_div when a > d but same bit length
2019-11-28 10:01:54 +10:00
Sean Parkinson
8315ae892f
sp_div improved to handle when a has less digits than d
2019-11-28 10:01:54 +10:00
toddouska
b396ed0984
Merge pull request #2627 from SparkiDev/rsa_sign_vfy
...
Change signature generation to verify by default
2019-11-27 14:08:07 -08:00
toddouska
e1ebb39296
Merge pull request #2618 from ejohnstown/maintenance-prime
...
Maintenance: Prime
2019-11-27 14:06:23 -08:00
toddouska
ff85cc7740
Merge pull request #2622 from SparkiDev/ber_to_der_rework
...
Rework BER to DER to not be recursive
2019-11-27 14:05:36 -08:00
Eric Blankenhorn
1026c4359d
Cast XMALLOC
2019-11-27 14:47:48 -06:00
Tesfa Mael
acdfc514b3
Use memset initialize
2019-11-27 11:09:57 -08:00
John Safranek
cc722468be
Maintenance: ASN.1
...
1. Add an additional check in GetCertHeader() to see that sigIndex is
bounded by maxIdx.
2019-11-27 10:43:51 -08:00
Eric Blankenhorn
806db8096c
Replace use of vasprintf
2019-11-27 11:00:28 -06:00
Juliusz Sosinowicz
b06cee333c
Add error on EOF
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
29a8262ea4
Only test X509_NAME_print_ex when defines enabled
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
0f4a002f4f
Formatting
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
9be1b4cfd8
Remove tabs
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
944d5e1045
Don't count null char in better way
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
7c1a1dfd1f
Variable declaration at start of scope
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
308c5f3370
Fix implicit cast
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
5f39e12b21
Fix leak in SSL_CTX_set0_chain
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
8dde06bbca
Fix compile errors
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
dd07344499
SSL_SESSION_dup
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
3c9d191a5b
Don't propogate ASN_NO_PEM_HEADER from wolfSSL_load_client_CA_file
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
1962159d89
more NGINX defines
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
b71758895e
Add support for SSL_CTX_set0_chain
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
b7913116c0
Remove redeclaration
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
9fbc167d0c
Declare at start of scope
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
d9ab0c4bcb
Check bounds
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
ea5ac675ed
WIP
2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
f0abd4ea82
WIP
2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz
9064de1e75
Set proper WOLFSSL_ASN1_TIME in thisupd and nextupd in wolfSSL_OCSP_resp_find_status
2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz
31c0abd610
wolfSSL_X509_NAME_print_ex should not put the null terminator in the BIO
2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz
de3c11d55c
opensslall required
2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz
a892f2a95a
Changes for nginx 1.15
...
- ssl.c: add to check to overwrite existing session ID if found
- evp.c: wolfSSL_EVP_DecryptFinal* was checking for wrong value
2019-11-27 17:45:49 +01:00
Tesfa Mael
2e487a2463
Init uninitialised values
2019-11-27 07:46:33 -08:00
Sean Parkinson
23878512c6
Change signature generation to verify by default
2019-11-27 10:47:03 +10:00
Sean Parkinson
776f4af7f6
Rework BER to DER to not be recursive
2019-11-27 10:20:32 +10:00
toddouska
1b63ab0e73
Merge pull request #2623 from SparkiDev/set_ser_rand
...
Generating serial number - clear top bit
2019-11-26 16:14:54 -08:00
John Safranek
2de52c7666
Maintenance: Prime
...
When returning a result from mp_prime_is_prime for normal math, the
result should be MP_YES or MP_NO, not a bare number (1 or 0).
2019-11-26 15:44:30 -08:00
toddouska
7cb5fe5e2a
Merge pull request #2620 from tmael/ALPN_input
...
Fix alpn buffer overrun
2019-11-26 15:31:56 -08:00
toddouska
57df5c10c9
Merge pull request #2619 from dgarske/async_mem
...
Fix for Intel QuickAssist asynchronous build
2019-11-26 15:29:04 -08:00
toddouska
0d69950d07
Merge pull request #2615 from SparkiDev/mp_exptmod_neg_p
...
Handle negative modulus with negative exponent in exptmod
2019-11-26 15:20:54 -08:00
toddouska
95c9dc9fe8
Merge pull request #2614 from ejohnstown/maintenance-OCSP
...
Maintenance: OCSP
2019-11-26 15:19:27 -08:00
toddouska
9b7cd6bdfd
Merge pull request #2613 from tmael/evp_aes_gcm
...
Set default IV length for EVP aes gcm
2019-11-26 15:18:27 -08:00
toddouska
5d41ef171c
Merge pull request #2610 from ejohnstown/maintenance-DTLS
...
Maintenance: DTLS
2019-11-26 15:17:22 -08:00
toddouska
9ecafa7afe
Merge pull request #2557 from tmael/cert_store_ls_x509
...
Retrieve a stack of X509 certs
2019-11-26 15:16:09 -08:00
John Safranek
55540c6bd3
Replace a compile option check around some filenames for certificate testing.
2019-11-25 16:13:01 -08:00
John Safranek
1ac0b1fc0b
Maintenance: ASN.1
...
1. Undo an earlier change with respect to parsing a long length with
length zero. If BerToDer is disabled, this will be treated as a zero
length. With BerToDer enabled, the conversion will do the right thing.
2019-11-25 16:08:32 -08:00
John Safranek
5e0ca866df
Maintenance: ASN.1
...
1. For certificates, when copying a member of a container, one shouldn't read
beyond the enclosing context.
2019-11-25 16:08:32 -08:00
John Safranek
d389133f33
Maintenance: ASN.1
...
1. Update the ParseCRL function to always obey the length value of a tag.
2019-11-25 16:08:31 -08:00
John Safranek
9753bf627b
Maintenance: ASN.1
...
1. Remove the function Word32ToString and replace with calls to
XSNPRINTF().
2. Simplify DecodePolicyOID(), which converts an ASN.1 OID to a text
string in the form a.b.ccccc.d... Return an error if it gets too long.
2019-11-25 16:08:26 -08:00
Jacob Barthelmeh
7c3a4a1975
update comment to reflect new sanity check
2019-11-25 10:57:09 -07:00
Jacob Barthelmeh
316b8b0b4d
add early return to normal math and WOLFSSL_VALIDATE_ECC_IMPORT to enable-all and enable-fpecc builds
2019-11-25 10:47:08 -07:00
Sean Parkinson
6325269236
Generating serial number - clear top bit
...
If the top bit is set then the encoding routine will drop a byte of the
serial number.
Better to ensure number is positive, top bit clear, and use as much of
the serial number data as possible.
2019-11-25 15:36:11 +10:00
Jacob Barthelmeh
9a0a48e093
sanity check on "a" input to invmod
2019-11-22 15:47:05 -07:00
Tesfa Mael
8bc3b7df35
Free x509
2019-11-22 14:31:59 -08:00
Eric Blankenhorn
dc25b79db6
Fix from review
2019-11-22 15:10:13 -06:00
John Safranek
3432a8a1fc
Maintenance: Prime
...
1. Prime test should return NO for 1. (ex function, normal math and fast
math)
2. Call mp_init() on the k value for the primality test case in the
wolfCrypt test.
2019-11-22 13:02:59 -08:00
John Safranek
481da3dcc1
Maintenance: Prime
...
1. Added a test case for checking "1" as a prime number to the wolfCrypt
test.
2. Allow the wolfCrypt prime test for SP builds.
3. Modify the prime test to use mp_mul rather than mp_mul_d, as the SP
math library doesn't export sp_mul_d.
2019-11-22 11:39:19 -08:00
Tesfa Mael
cf127ec05f
Fix buffer overrun
2019-11-22 10:33:17 -08:00
David Garske
be88bce36d
Fix for issues with wolfSSL_OBJ_nid2sn and wc_OBJ_sn2nid and logic finding max item when WOLFSSL_CUSTOM_CURVES and ECC_CACHE_CURVE are defined. Improvements to wolfSSL_EC_get_builtin_curves to avoid using "min" as variable name and eliminate using a local static.
2019-11-22 10:09:10 -08:00
John Safranek
0a924af894
Maintenance: Prime
...
1. Prime test should return NO for 1. (sp math)
2019-11-22 10:01:21 -08:00
David Garske
ffb3dfd6ec
Fixes for minor test.c build configuration issues.
2019-11-22 07:01:10 -08:00
David Garske
cdc50d7753
Revert header change in #2504 for asynchronous crypto quickassist_mem.h.
2019-11-22 05:59:57 -08:00
Sean Parkinson
50c4347748
More corner cases in tfm
...
Handle zero base in fp_exptmod better().
Handle negatives in fp_gcd().
Return FP_OKAY when writing out 0 with mp_toradix().
2019-11-22 09:56:02 +10:00
John Safranek
71943844d6
Maintenance: OCSP
...
1. Add a couple more bounds checks to wolfIO_HttpProcessResponseBuf().
2019-11-21 14:51:35 -08:00
John Safranek
452ba5b502
Maintenance: Prime
...
1. Prime test should return NO for 1. (normal math and fast math)
2019-11-21 13:49:26 -08:00
Eric Blankenhorn
b57294eff7
Fix for vasprintf with AIX
2019-11-21 12:23:15 -06:00
John Safranek
edb07cf68e
Merge pull request #2587 from guidovranken/ocsp-resp-decoder-bounds-fix
...
Properly limit array access in OCSP response decoder
2019-11-21 10:13:49 -08:00
Tesfa Mael
428d51e664
IV is set in the evp ctx level
2019-11-21 09:58:03 -08:00
toddouska
e883a2f696
Merge pull request #2611 from SparkiDev/sp_int_add_fix
...
Fix sp_add to handle carries properly
2019-11-21 08:59:09 -08:00
Sean Parkinson
f56a74b6b7
Handle negative modulus with negative exponent in exptmod
2019-11-21 14:55:13 +10:00
John Safranek
6720bc3890
Maintenance: OCSP
...
1. Add some minimum bounds checking on the HTTP responses as some can
end up being too short.
2019-11-20 17:25:03 -08:00
Tesfa Mael
f95d5eebff
Add FreeX509() to clean up when sk stack is empty
2019-11-20 17:02:13 -08:00
Tesfa Mael
6c732725b0
Test evp aes gcm with default IV length
2019-11-20 16:37:15 -08:00
toddouska
b33ce2207d
Merge pull request #2608 from SparkiDev/use_heap
...
When disabled memory, ensure all heap and types are used
2019-11-20 16:18:07 -08:00
toddouska
a2d036dcba
Merge pull request #2601 from SparkiDev/certs_exts_fix
...
ProcessPeerCerts allocating memory for exts with OPENSSL_EXTRA properly
2019-11-20 16:17:28 -08:00
Sean Parkinson
a20db0b8ad
Fix sp_add to handle carries properly
2019-11-21 09:47:17 +10:00
John Safranek
ce0136e968
Maintenance: Integers
...
In TFM and Integer, rshb() shouldn't try to shift a value that is 0.
This leads to using a negative offset to a pointer, but isn't used.
2019-11-20 13:55:57 -08:00
Jacob Barthelmeh
6f98d5d348
remove extra parentheses that clang complained about
2019-11-20 14:49:47 -07:00
John Safranek
71690fc73a
Maintenance: DTLS
...
1. Updated the window scrolling. There was a couple off-by-one errors in
the DTLS window handling. They canceled each other out, but there was a
rare case where they would shift too much.
2019-11-20 13:46:23 -08:00
John Safranek
188eb45433
Maintenance: DTLS
...
Removed redundant sequence increment when sending the Server Hello message.
2019-11-20 13:08:01 -08:00
Jacob Barthelmeh
1eb1755f07
add another evp decrypt test case
2019-11-20 12:29:22 -07:00
Jacob Barthelmeh
9880ad6926
updates to EVP_CipherUpdate for handling storage of last block
2019-11-20 11:57:06 -07:00
John Safranek
19d8ef405c
Maintenance: DTLS
...
When encrypting with AES-GCM, AES-CCM, or PolyChacha, do not increment
the DTLS sequence number. The sequence number should only be incremented
in BuildMessage. This was done because the sequence number used to be
incremented after calculating the HMAC or after the encrypt for AEAD
ciphers. The HMAC has been separated from the sequence increment.
2019-11-20 10:56:56 -08:00
Takashi Kojo
4896a48955
fix EVP_CipherUpdate padding
2019-11-20 11:49:30 -07:00
toddouska
88fb7efb8c
Merge pull request #2602 from SparkiDev/certs_exts_free
...
ProcessPeerCerts jump to error handling instead of returning
2019-11-20 09:25:48 -08:00
toddouska
2a7fb69523
Merge pull request #2604 from SparkiDev/disabled_curve_fix
...
TLS supported curve extension - validate support fix
2019-11-20 09:17:50 -08:00
toddouska
ccc8a49fcb
Merge pull request #2607 from SparkiDev/tls13_serverhello_cs
...
TLS 1.3 client detects non-TLS 1.3 cipher suite in ServerHello
2019-11-20 09:16:16 -08:00
toddouska
d5a1adab5d
Merge pull request #2605 from SparkiDev/set_ser_num
...
Added output size to SetSerialNumber
2019-11-20 09:15:36 -08:00
toddouska
1ba366920c
Merge pull request #2581 from SparkiDev/ecc_fixes_add
...
Add deterministic ECDSA sig gen. Fix corner cases for add point.
2019-11-20 09:12:28 -08:00
Tesfa Mael
f1fbabbb60
Use default 96-bits IV length when unset
2019-11-20 09:09:12 -08:00
Sean Parkinson
d441cee6fb
When disabled memory, ensure all heap and types are used
2019-11-20 17:06:42 +10:00
Sean Parkinson
917e5b0405
TLS 1.3 client detects non-TLS 1.3 cipher suite in ServerHello
2019-11-20 12:22:00 +10:00
Sean Parkinson
13c6346158
Check error returns from mp calls
2019-11-20 11:09:50 +10:00
Sean Parkinson
79b35860e0
Added output size to SetSerialNumber
...
Some internal calls were passing in output size as max number size.
2019-11-20 10:52:48 +10:00
kaleb-himes
ad3e105303
Add dox documentation for wc_ecc_make_key_ex
2019-11-19 17:06:52 -07:00
Sean Parkinson
c7f7d1b193
TLS supported curve extension - validate support fix
...
Check curve name is in range before checking for disabled
2019-11-20 09:38:06 +10:00
Tesfa Mael
62eaa27b41
Review comment, avoid double-free
2019-11-19 15:29:48 -08:00
toddouska
1a3455110e
Merge pull request #2599 from dgarske/cleanup_script
...
Useful script to cleanup test files created
2019-11-19 11:59:50 -08:00
toddouska
5c4da3e6fa
Merge pull request #2598 from dgarske/max_file_sz
...
Improvements to file size checks
2019-11-19 11:59:21 -08:00
toddouska
5de27443d0
Merge pull request #2596 from dgarske/mqx_fio_cleanup
...
Support for MQX 5.0 and cleanup of the MQX includes
2019-11-19 11:49:03 -08:00
David Garske
7b160a8cf3
Make MAX_WOLFSSL_FILE_SIZE overridable.
2019-11-19 07:46:50 -08:00
David Garske
9a4614f6e1
Fix for possible uninitialized memSz in bio.c
2019-11-19 05:35:22 -08:00
David Garske
e7bff37421
Add settings.h build macro note.
2019-11-19 05:33:59 -08:00
Sean Parkinson
1b8f136d29
ProcessPeerCerts jump to error handling instead of returning
2019-11-19 13:17:29 +10:00
Sean Parkinson
f08dfb4afc
ProcessPeerCerts allocating memory for exts with OPENSSL_EXTRA properly
2019-11-19 13:03:20 +10:00
toddouska
e6292eca9c
Merge pull request #2597 from ejohnstown/octeon-global
...
Sync OCTEON Sniffer
2019-11-18 17:06:30 -08:00
toddouska
c6dac64438
Merge pull request #2594 from ejohnstown/maintenance-BLAKE2
...
Maintenance BLAKE2
2019-11-18 17:05:01 -08:00
John Safranek
fea1f1d6e5
Maintenance: ASN.1
...
1. Reject as an error any ASN.1 length value that is multibyte of length 0.
2019-11-18 17:02:19 -08:00
toddouska
7a5c8f4e07
Merge pull request #2584 from SparkiDev/sp_rsa4096
...
SP now has support for RSA/DH 4096-bit operations
2019-11-18 15:38:47 -08:00
toddouska
b646b7258b
Merge pull request #2585 from dgarske/webrtc_m79
...
Support for Google WebRTC (ref m79)
2019-11-18 15:33:49 -08:00
toddouska
20c82f3c4b
Merge pull request #2586 from dgarske/STM32_HW
...
STM32 Crypto hardware fixes and improvements
2019-11-18 15:22:19 -08:00
toddouska
90f7a96721
Merge pull request #2593 from ejohnstown/maintenance-DH
...
Maintenance: DH
2019-11-18 15:18:16 -08:00
toddouska
12dfe027ed
Merge pull request #2595 from dgarske/hmac_devid
...
Adds PBKDF2 and Hash wrapper heap ctx and crypto callback support
2019-11-18 15:16:19 -08:00
Tesfa Mael
74dd142a51
Review comment
2019-11-18 15:13:59 -08:00
David Garske
abee442c1e
Useful script to cleanup test files created.
2019-11-18 15:08:54 -08:00
toddouska
6ffd931db1
Merge pull request #2564 from SparkiDev/tlsext_list_fix
...
Modify linked list traversal - fix for compiler bug
2019-11-18 15:04:26 -08:00
John Safranek
a1e33e7ec9
Maintenance: OCSP
...
1. Check array index bounds before using them in arrays.
2. When processing an HTTP buffer, check that the new buffer size is
valid before allocating a new one.
2019-11-18 14:15:55 -08:00
David Garske
48d0b53074
Fix for wolfSSL_cmp_peer_cert_to_file compiler warning with size_t vs long.
2019-11-18 14:01:16 -08:00
David Garske
ca5549ae91
Improvements for XFTELL return code and MAX_WOLFSSL_FILE_SIZE checking.
...
Fixes #2527
2019-11-18 13:49:06 -08:00
John Safranek
8347d00bf2
Maintenance BLAKE2
...
1. Remove the BLAKE2 HMAC from wolfSSL and its testing.
2019-11-18 13:31:15 -08:00
David Garske
1542482cd5
Cleanup of the MQX file headers for STDIO. Cleanup of fio.h and nio.h includes to use wc_port.h. ZD 9453.
2019-11-18 12:14:34 -08:00
David Garske
b780982aa4
Adds "devId" crypto device and "heap" context for Hash wrappers and PBKDF
...
* Adds new hash wrapper init `wc_HashInit_ex`.
* Adds new PBKDF2 API `wc_PBKDF2_ex`.
ZD 9494 (using PBKDF2)
2019-11-18 11:26:56 -08:00
John Safranek
14c986360d
Maintenance BLAKE2
...
1. Remove BLAKE2 support from HMAC.
2. Update doxy header for HMAC with removal of BLAKE2 and addition of SHA-3.
2019-11-18 10:45:30 -08:00
David Garske
cb9f16d3cb
Fix for proper sizing of in-memory buffer for TLS benchmarking (32 is not always the max digest size).
2019-11-18 10:34:15 -08:00
David Garske
12d2d17d18
Minor cleanups to TLS bench tool configuration.
2019-11-18 10:29:50 -08:00
David Garske
95b83272dd
Implementation for SSL_CTX_add1_chain_cert.
2019-11-18 10:19:48 -08:00
JacobBarthelmeh
c9f7741dfb
Merge pull request #2567 from aaronjense/scan-build-fix
...
Scan-Build Fixes for PKCS7 and PKCS12
2019-11-18 10:21:14 -07:00
toddouska
ea04dbede1
Merge pull request #2583 from ejohnstown/rng-ebsnet
...
RNG-EBSNET
2019-11-18 09:15:30 -08:00
David Garske
7e17904c54
Fix for AES GCM Decrypt auth tag. ZD 9507
2019-11-18 06:46:50 -08:00
David Garske
b676c69561
Fix for DES mutex return code. Fix TLS bench thread shutdown. README.md updates.
2019-11-18 06:46:20 -08:00
Tesfa Mael
520a032b71
Add show x509 test
2019-11-15 13:23:08 -08:00
Tesfa Mael
6ca12787ae
retrieve a stack of X509 certs in a cert manager and a store ctx
2019-11-15 13:23:08 -08:00
David Garske
7819fedca7
Update for OpenSTM32 project. Adds TLS benchmarking tool, which test client/server for each cipher suite.
2019-11-15 12:10:09 -08:00
David Garske
0c2c4fd91b
Improvements to tls_bench tool in wolfSSL lib for embedded use.
2019-11-15 12:09:19 -08:00
David Garske
961f9c4ecc
Cleanup for invalid use of NO_SHA512 in api.c unit test.
2019-11-15 12:08:50 -08:00
David Garske
a7e415d077
Fix for AEC CTR mode with STM32 and CubeMX.
2019-11-15 12:08:25 -08:00
David Garske
27d95d1dfd
Add mutex protection on STM32 RNG, AES/DES and Hashing crypto hardware calls for thread safety. Fixes #2580
2019-11-15 12:08:11 -08:00
David Garske
2a9449182c
* Make the wc_Stm32_Aes_Init API always available for STM32. ZD 9503
...
* Fix for SHA256 hash context to only be included for `STM32_HASH_SHA2`. ZD 9503
2019-11-15 12:07:08 -08:00
Chris Conlon
4282346eef
Merge pull request #2551 from kaleb-himes/ZD5815-EBSNET
...
Implement porting efforts from ZD5241 and ZD5815
2019-11-15 09:24:10 -07:00
John Safranek
3cd5a97473
Maintenance
...
1. When getting the DH public key, initialize the P, G, and Pub pointers
to NULL, then set that we own the DH parameters flag. This allows
FreeSSL to correctly clean up the DH key.
2019-11-14 14:42:58 -08:00
John Safranek
604219f2fc
Sync OCTEON fix
...
1. For OCTEON builds, leave out the "-DCVMX_BUILD_FOR_LINUX_HOST" option
from CFLAGS by default so it makes standalone host builds.
2. Add a check of the variable OCTEON_HOST for linux to add back in the
"-DCVMX_BUILD_FOR_LINUX_HOST" to CFLAGS.
2019-11-14 14:21:44 -08:00
John Safranek
2ace532e45
Sync OCTEON fix
...
1. The sniffer's global device ID wasn't tagged as global.
2. Make sure the sniffer's global device ID is used.
2019-11-14 14:21:44 -08:00
John Safranek
7c78130f70
Sync OCTEON fix
...
The preprocessor selection for the WOLFSSL_GLOBAL macro for OCTEON wasn't getting selected.
2019-11-14 14:21:44 -08:00
Kaleb Himes
4a2f8482b5
Remove static RSA setting
...
Customer confirmed their tests are passing without static rsa enabled.
2019-11-14 15:16:32 -07:00
Eric Blankenhorn
8c6c4e2432
Add unique error codes to verify failures
2019-11-14 16:02:02 -06:00
Chris Conlon
22042830d6
Merge pull request #2588 from kojo1/BasicConst2
...
BasicConstraint, compatibility
2019-11-14 13:16:30 -07:00
Takashi Kojo
dccb2e165e
if integer it is valid format with CA = False,
2019-11-14 14:51:58 +09:00
Sean Parkinson
cc880e39ae
Add deterministic ECDSA sig gen. Fix corner cases for add point.
...
In verify, two points are added and they may either be the same point
(different z) or result in infinity.
If they are the same point then a double needs to be performed instead.
Detection of infinity added.
Calculation of wc_ecc_sig_size fixed to handle wehn there are more bits
in the order than in the modulus.
2019-11-14 12:49:45 +10:00
Guido Vranken
a3fca34471
Properly limit array access in OCSP response decoder
2019-11-14 03:19:07 +01:00
Sean Parkinson
411b130369
Add new 4096-bit cert and key to distribution
2019-11-14 09:13:24 +10:00
John Safranek
8f08f001d2
Update the EBSNET GenerateSeed function with a better seed. It was
...
reseeding itself every few bytes and failing the simple entropy check.
2019-11-13 14:50:58 -08:00
David Garske
af142b307b
Support for WebRTC (ref m79):
...
* Fixed `set1_curves_list` API's to use `const char*` for names.
* Fixed `ossl_typ.h` to include `ssl.h` compatibility.
* Added `SSL_CTX_up_ref`.
* Added `wolfSSL_set1_curves_list`
* Added `TLS_method` and `DTLS_method`
* Added `SSL_CIPHER_standard_name`.
* Added `X509_STORE_CTX_get0_cert`
* Added `SSL_CTX_set_cert_verify_callback`.
* Enabled "either" side support when `--enable-opensslall` is used.
* Changed `SSL_CIPHER_get_rfc_name` to use `wolfSSL_CIPHER_get_name` instead of stub.
2019-11-13 12:34:33 -08:00
toddouska
99292158e4
Merge pull request #2573 from JacobBarthelmeh/staticmemory
...
handle case to avoid memcpy when staticmemory IO pool gives same buffer
2019-11-13 11:29:13 -08:00
toddouska
76e7e7349b
Merge pull request #2575 from tmael/valgrind_dhtest
...
Fix memory leak in dh_test
2019-11-13 11:28:04 -08:00
toddouska
46bc8e092a
Merge pull request #2582 from ejohnstown/abi-current
...
ABI
2019-11-13 11:24:45 -08:00
Aaron Jense
dab7d09570
Fix the possibility that memory is not free'd when GetLength returns 0
2019-11-13 11:55:45 -07:00
Aaron Jense
0beeb2356b
Fix scan-build not recognizing FlatAttrib array being initialized
2019-11-13 11:50:26 -07:00
JacobBarthelmeh
e3fb746f1d
Merge pull request #2503 from dgarske/openvpn
...
wolfSSL Compatibility support for OpenVPN
2019-11-13 11:04:08 -07:00
David Garske
546442c130
Fix for CAVP test issue trying to use AES_128_KEY_SIZE and AES_IV_SIZE.
2019-11-12 09:43:09 -08:00
Sean Parkinson
5221c082f1
SP now has support for RSA/DH 4096-bit operations
2019-11-12 12:04:06 +10:00
David Garske
d8e40dea3f
Fixes from peer review:
...
* Reduced codesize when building with `OPENSSL_EXTRA_X509_SMALL`.
* Additional argument checks in `wolfSSL_ASN1_BIT_STRING_set_bit`, `wolfSSL_ASN1_STRING_to_UTF8`, `wolfSSL_RSA_meth_new`, `wolfSSL_RSA_meth_set`.
* Fix for compiler warnings in asn.c using strncmp to duplicate string. "specified bound depends on the length of the source argument"
2019-11-11 15:39:23 -08:00
John Safranek
682cf6deac
wolfSSL ABI
...
Hide the RNG and ecc_key allocators from FIPS mode builds.
2019-11-11 15:16:39 -08:00
David Garske
d17748b1ad
Fix for EC_GROUP_order_bits and added unit test.
2019-11-11 14:58:23 -08:00
David Garske
2bae1d27a1
wolfSSL Compatibility support for OpenVPN
...
* Adds compatibility API's for:
* `sk_ASN1_OBJECT_free`
* `sk_ASN1_OBJECT_num`
* `sk_ASN1_OBJECT_value`
* `sk_X509_OBJECT_num`
* `sk_X509_OBJECT_value`
* `sk_X509_OBJECT_delete`
* `sk_X509_NAME_find`
* `sk_X509_INFO_free`
* `BIO_get_len`
* `BIO_set_ssl`
* `BIO_should_retry` (stub)
* `X509_OBJECT_free`
* `X509_NAME_get_index_by_OBJ`
* `X509_INFO_free`
* `X509_STORE_get0_objects`
* `X509_check_purpose` (stub)
* `PEM_read_bio_X509_CRL`
* `PEM_X509_INFO_read_bio`
* `ASN1_BIT_STRING_new`
* `ASN1_BIT_STRING_free`
* `ASN1_BIT_STRING_get_bit`
* `ASN1_BIT_STRING_set_bit`
* `DES_check_key_parity`
* `EC_GROUP_order_bits`
* `EC_get_builtin_curves`
* `EVP_CIPHER_CTX_cipher`
* `EVP_PKEY_get0_EC_KEY`
* `EVP_PKEY_get0_RSA`
* `EVP_PKEY_get0_DSA` (stub)
* `HMAC_CTX_new`
* `HMAC_CTX_free`
* `HMAC_CTX_reset`
* `HMAC_size`
* `OBJ_txt2obj`
* `RSA_meth_new`
* `RSA_meth_free`
* `RSA_meth_set_pub_enc`
* `RSA_meth_set_pub_dec`
* `RSA_meth_set_priv_enc`
* `RSA_meth_set_priv_dec`
* `RSA_meth_set_init`
* `RSA_meth_set_finish`
* `RSA_meth_set0_app_data`
* `RSA_get_method_data`
* `RSA_set_method`
* `RSA_get0_key`
* `RSA_set0_key`
* `RSA_flags`
* `RSA_set_flags`
* `RSA_bits`
* `SSL_CTX_set_ciphersuites`
* `SSL_CTX_set_security_level` (stub)
* `SSL_export_keying_material` (stub)
* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505 .
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
2019-11-11 14:58:23 -08:00
John Safranek
5a21cec030
wolfSSL ABI
...
Add ABI tags to the functions wolfSSL_Cleanup() to match wolfSSL_Init(),
wolfSSL_X509_free to match wolfSSL_load_certificate_file() which
allocates memory.
2019-11-11 10:16:58 -08:00
Tesfa Mael
68e4014c3f
memset DhKeys
2019-11-11 09:43:10 -08:00
toddouska
8246e02756
Merge pull request #2502 from cariepointer/gcm-tls10-fix
...
Return error with AES-GCM and negotiated versions < TLSv1.2
2019-11-08 15:06:54 -08:00
John Safranek
c6fa49d4b4
wolfSSL ABI
...
Add the ABI tag to the prescribed list of functions in the header and source files.
2019-11-08 15:06:18 -08:00
toddouska
44552fe707
Merge pull request #2536 from dgarske/nxp_mmcau_align
...
Fix NXP MMCAU when data pointer is not aligned
2019-11-08 15:02:43 -08:00
toddouska
801ffd4712
Merge pull request #2571 from SparkiDev/asn1_cert_parse_fix
...
Ensure space for name string. Reset policy count.
2019-11-08 15:02:02 -08:00
Carie Pointer
a2cdb87067
Add check for if length is <= 0 in wc_Arc4SetKey
2019-11-08 14:54:39 -07:00
Tesfa Mael
99ee4a407d
Fix mem leak for valgrind
2019-11-08 12:09:46 -08:00
Carie Pointer
39eaaddeae
Add tests for AEAD cipher suites with TLSv1.1 and TLSv1.0
2019-11-08 10:04:58 -08:00
JacobBarthelmeh
e329431bc1
Merge pull request #2572 from kaleb-himes/GH2559
...
Address logical fallacies and syntax issues in example server, addres…
2019-11-08 10:18:12 -07:00
Carie Pointer
1d02943658
Sanity check in wc_scrypt for invalid params <= 0
2019-11-08 09:40:07 -07:00
John Safranek
c69b6fb6d1
wolfSSL ABI
...
1. Add a blank #define WOLFSSL_ABI to tag functions as part of the ABI
to remind developers there are rules about those functions specifically.
2. Added allocators and deallocators for WC_RNG objects and ecc_key
objects so they don't have to be used on the stack.
3. Add tests for the new allocators.
2019-11-07 13:03:12 -08:00
kaleb-himes
f0d3d5d71c
80-character per-line coding standard format fix
2019-11-07 13:33:38 -07:00
Kaleb Himes
95796c80b7
Add prototype for ebsnet_fseek
...
Customer confirmed prototype was not present in vfile.h, added prototype to wolfSSL header.
2019-11-07 13:31:02 -07:00
kaleb-himes
5ce88b5086
seperate sanity checks on size and rnd allocation
2019-11-07 13:12:17 -07:00
Jacob Barthelmeh
fd3e4abb46
handle case to avoid memcpy when staticmemory IO pool gives same buffer
2019-11-07 11:36:20 -07:00
kaleb-himes
ad192786b1
Remove double assignment to pt caught by scan-build test
2019-11-07 11:35:36 -07:00
kaleb-himes
e24059691c
Address logical fallacies and syntax issues in example server, addresses GH issue #2559
2019-11-07 10:30:12 -07:00
Sean Parkinson
c06efb6c1f
Ensure space for name string. Reset policy count.
...
Only set the name string in one place, keeping a length of the name type
to copy. Also only move cert data index once.
Reset certificate extension policy number/count in case of malicious
cert with multiple policy extensions.
2019-11-07 13:51:50 +10:00
David Garske
0fe5d40507
Merge pull request #2568 from aaronjense/iar-build-fix
...
Fix changed sign warning for IAR build
2019-11-06 15:47:15 -08:00
Eric Blankenhorn
caaab11f60
Update from review
2019-11-06 15:58:50 -06:00
toddouska
b2270a068f
Merge pull request #2566 from SparkiDev/malloc_unused_fix
...
Fix unused parameter when XMALLOC doesn't use params
2019-11-06 13:08:48 -08:00
toddouska
c137c5a3e0
Merge pull request #2565 from SparkiDev/rsa_kg_sp_math
...
SP Math and RSA Key Gen working again
2019-11-06 13:08:19 -08:00
toddouska
1becdb9f3b
Merge pull request #2563 from SparkiDev/x509_dname_index
...
Check domain name location index hasn't exceed maximum before setting
2019-11-06 13:07:42 -08:00
toddouska
c995417d54
Merge pull request #2554 from SparkiDev/sp_misrac
...
MISRA-C changes to SP plus cppcheck fixes
2019-11-06 13:06:28 -08:00
toddouska
15d4da1e14
Merge pull request #2562 from JacobBarthelmeh/staticmemory
...
fix for memory management on edge case with staticmemory
2019-11-06 13:04:33 -08:00
toddouska
ba34b0d09f
Merge pull request #2547 from SparkiDev/rsa_pss_salt_len
...
Compile options for larger salt lengths in RSA-PSS
2019-11-06 13:03:15 -08:00
tmael
969488434a
Merge pull request #2544 from JacobBarthelmeh/SanityChecks
...
add null checks (QSH and CRYPTOCELL)
2019-11-06 12:18:00 -08:00
Aaron Jense
ea77cd743e
Fix changed sign warning for IAR build
2019-11-06 09:59:31 -08:00
JacobBarthelmeh
cd7001904a
Merge pull request #2561 from ejohnstown/x509-loss
...
X.509 and Secure Renegotiation
2019-11-06 10:53:18 -07:00
Sean Parkinson
d4ca48a513
Fix unused parameter when XMALLOC doesn't use params
2019-11-06 15:46:19 +10:00
Sean Parkinson
65cd8a930e
SP Math and RSA Key Gen working again
2019-11-06 15:24:12 +10:00
Tesfa Mael
a6e4926d2f
Init variables
2019-11-05 15:14:47 -08:00
Sean Parkinson
d2c4798459
Modify linked list traversal - fix for compiler bug
...
KeyShare and PreSharedKey traverse linked list using a handle.
Customer reported their compiler couldn't handle the assignment, so,
using a temporary.
2019-11-06 08:57:33 +10:00
Chris Conlon
77c36b5ea9
Merge pull request #2542 from kojo1/BasicConst
...
x.509 basic constratint
2019-11-05 15:38:07 -07:00
Sean Parkinson
52f28bd514
Check domain name location index hasn't exceed maximum before setting
2019-11-06 08:31:04 +10:00
Jacob Barthelmeh
890eb415b1
fix for memory management on edge case with staticmemory
2019-11-05 15:13:26 -07:00
David Garske
165105af95
Merge pull request #2558 from danielinux/pwbased-no-asn
...
Allow pwdbased module to compile without ASN
2019-11-05 13:26:45 -08:00
David Garske
e48cf88a70
Merge pull request #2556 from embhorn/arm-test-fix
...
Fix for ARM platforms
2019-11-05 12:25:56 -08:00
David Garske
c337ce2703
Merge pull request #2560 from cconlon/cavppss
...
use wc_RsaPSS_CheckPadding() for selftest build instead of extended
2019-11-05 12:09:25 -08:00
John Safranek
72e1afbe99
X.509 and Secure Renegotiation
...
1. When retaining the handshake resources for a session using resumption, do not delete the peer's certificate. If keeping peer certificates is enabled, the certificate needs to exist so it may be examined.
2. Free the saved peer certificate when receiving a peer certificate during a renegotiation.
2019-11-05 11:03:34 -08:00
Chris Conlon
e429558166
use wc_RsaPSS_CheckPadding() for selftest build instead of extended
2019-11-05 10:48:36 -07:00
Daniele Lacamera
51ea806d8b
Allow pwdbased module to compile without ASN
2019-11-05 10:16:46 +01:00
Jacob Barthelmeh
1361e4dbef
remove extra setting of ecc key size with CRYPTOCELL build
2019-11-04 23:25:47 -07:00
toddouska
e2b7bee9c8
Merge pull request #2533 from cariepointer/apache_bio_want_read
...
Apache: Return WANT_READ in wolfSSLReceive if BIO retry and read flags are set
2019-11-04 16:52:28 -08:00
Sean Parkinson
32f93be0b6
Replace magic PSS salt length numbers with enums
2019-11-05 09:03:30 +10:00
toddouska
5141623f48
Merge pull request #2548 from SparkiDev/rsa_check
...
Add more checks of RSA key
2019-11-04 13:05:35 -08:00
toddouska
28da0075d1
Merge pull request #2545 from SparkiDev/scrypt_iters
...
Add scrypt API that takes iterations rather than cost
2019-11-04 13:01:32 -08:00
toddouska
b723acf0f6
Merge pull request #2534 from SparkiDev/pss_1024_sha512_tls12
...
Pass the length of the RSA key in bits to PSS padding check in TLS
2019-11-04 11:42:55 -08:00
toddouska
f4afa4bc87
Merge pull request #2540 from SparkiDev/etm_rehand
...
Fix Encrypt-Then-MAC when rehandshaking
2019-11-04 11:41:44 -08:00
Eric Blankenhorn
16899b55b2
Fix for ARM platforms
2019-11-04 11:54:36 -06:00
David Garske
e2fb359538
Merge pull request #2549 from JacobBarthelmeh/Testing
...
fix for macro typo's
2019-11-04 08:05:09 -08:00
David Garske
683658de20
Merge pull request #2553 from miyazakh/fix_esp_buildfail
...
fix esp build failure
2019-11-04 07:44:01 -08:00
Sean Parkinson
f590f6522d
MISRA-C changes to SP plus cppcheck fixes
2019-11-04 16:13:48 +10:00
Sean Parkinson
35ec2bc6d4
Compile options for larger salt lengths in RSA-PSS
...
Salt length larger than the hash size allowed in RSA-PSS.
Passing -2 to PSS pad function uses maximum salt length.
Passing -2 to PSS un-pad function makes it discover salt length.
2019-11-04 14:27:02 +10:00
Hideki Miyazaki
0c8ab5b0e4
fix esp build failure
2019-11-03 12:19:59 +09:00
Takashi Kojo
76404c937e
#ifdef guard
2019-11-02 13:01:40 +09:00
David Garske
2084006b61
Merge pull request #2550 from cconlon/mmcau
...
fix mmCAU classic XFREE on aligned ptr
2019-11-01 15:59:57 -07:00
kaleb-himes
ffb80126ff
Implement porting efforts from ZD5241 and ZD5815
2019-11-01 16:00:06 -06:00
Jacob Barthelmeh
6ba3aa88ca
fix for build after CI tests
2019-11-01 14:47:50 -06:00
Chris Conlon
98a2322dd9
Merge pull request #2525 from tmael/open_coexist
...
Raise an error when opensslcoexist option is used with openssl[all][extra]
2019-11-01 11:32:46 -06:00
Chris Conlon
e07e07f831
Merge pull request #2537 from JacobBarthelmeh/PKCS7
...
fix for pkcs7 verify streaming
2019-11-01 10:15:44 -06:00
Chris Conlon
be2cb302ea
fix mmCAU classic XFREE on aligned ptr
2019-11-01 09:56:28 -06:00
Eric Blankenhorn
54f023ac2c
Clarify ipasc parameter usage
2019-11-01 10:33:49 -05:00
Jacob Barthelmeh
efca350cba
fix for macro typo's
2019-11-01 09:21:21 -06:00
Sean Parkinson
54c7619f81
Add more checks of RSA key
...
Check d is in valid range, p*q == n, and dP, dQ and u are valid.
2019-11-01 16:25:57 +10:00
Sean Parkinson
7623777857
Add scrypt API that takes iterations rather than cost
...
iterations = 1 << cost but matches APIs in other products and standard
2019-11-01 10:15:42 +10:00
Eric Blankenhorn
6839110507
Update from review
2019-10-31 17:45:33 -05:00
toddouska
9e852b3867
Merge pull request #2539 from dgarske/mutex_ref
...
Fixes for cases where mutex was not being free'd
2019-10-31 13:10:04 -07:00
toddouska
b27c1df348
Merge pull request #2538 from SparkiDev/cppcheck_fixes_2
...
Fixes for errors using cppcheck
2019-10-31 13:08:19 -07:00
toddouska
ac76b4b692
Merge pull request #2541 from SparkiDev/x25519_gcc_avx2
...
Fix loading and setting using RIP register with GCC
2019-10-31 13:07:27 -07:00
toddouska
626e0efd99
Merge pull request #2530 from SparkiDev/pkcs11_tls_client
...
Use the public key type as private key type with PKCS #11
2019-10-31 13:06:32 -07:00
toddouska
fca0705a0b
Merge pull request #2526 from aaronjense/libwebsockets-build-fix
...
libwebsockets build fixes
2019-10-31 13:05:46 -07:00
Jacob Barthelmeh
550fbcfff7
add null checks (QSH and CRYPTOCELL)
2019-10-31 10:07:47 -06:00
Eric Blankenhorn
58d800fbb7
Adding support for IP address verification
2019-10-31 09:15:22 -05:00
Eric Blankenhorn
9fc33e461c
Check names in verify callback.
2019-10-31 09:15:22 -05:00
Takashi Kojo
2ef4d1a16e
Keep else to GetBoolean
2019-10-31 17:29:46 +09:00
Takashi Kojo
4f602e02ba
accept ASN_INTEGER for compatibility
2019-10-31 12:06:59 +09:00
Sean Parkinson
adff4e719a
Fix loading and setting using RIP register with GCC
2019-10-31 12:14:05 +10:00
Sean Parkinson
4be36ef2bd
Fix Encrypt-Then-MAC when rehandshaking
...
New, encrypted handshakes change over to ETM correctly now.
2019-10-31 09:14:42 +10:00
David Garske
28d466cb10
Fix to ensure 4-byte alignment is default for MMCAU with SHA1, SHA256 and MD5.
2019-10-30 13:34:57 -07:00
David Garske
760a90ef5d
Fixes for cases where mutex is not being free'd.
2019-10-30 10:11:06 -07:00
Sean Parkinson
c354b240f2
Fixes for errors using cppcheck
2019-10-30 14:48:21 +10:00
Jacob Barthelmeh
a0955f8221
fix for pkcs7 verify streaming
2019-10-29 16:47:30 -06:00
David Garske
7f42b71571
Fix NXP MMCAU when data pointer is not aligned.
2019-10-29 13:45:25 -07:00
David Garske
6bc16a4acb
Merge pull request #2532 from aaronjense/mp-public-defines
...
Fix for configure used in wolfssl-examples/signature/rsa_vfy_only.…
2019-10-29 08:46:03 -07:00
Sean Parkinson
eb03e5de1e
Pass the length of the RSA key in bits to PSS padding check in TLS
2019-10-29 11:56:35 +10:00
Carie Pointer
e8db4cc2a0
Apache: Return WANT_READ in wolfSSLReceive if BIO retry and read flags are set
2019-10-28 15:08:00 -07:00
toddouska
140796d2aa
Merge pull request #2504 from ejohnstown/sync-octeon
...
Synchronous OCTEON Sniffer Support
2019-10-28 12:25:57 -07:00
David Garske
0aeb87f284
Merge pull request #2529 from SparkiDev/etm_max
...
Fix check for plaintext length when using Encrypt-Then-MAC
2019-10-28 11:59:32 -07:00
toddouska
51e8abf126
Merge pull request #2531 from SparkiDev/nginx_unittest
...
Fix unittest to pass when compiling for NGINX
2019-10-28 11:27:22 -07:00
Aaron Jense
34c37c58f4
Fixes for configure used in wolfssl-examples/signature/rsa_vfy_only and fix for wrong WOLFSSL_MP_PUBLIC defines.
...
./configure CFLAGS=-DWOLFSSL_PUBLIC_MP --disable-asn --disable-filesystem --enable-static --enable-shared --enable-cryptonly --enable-sp=smallrsa2048 --enable-sp-math --disable-dh --disable-ecc --disable-sha224 --enable-rsavfy
2019-10-28 09:50:59 -06:00
Sean Parkinson
8a92e1eae6
Fix check for plaintext length when using Encrypt-Then-MAC
2019-10-28 16:28:52 +10:00
Carie Pointer
ad9522c765
Add WOLFSSL_OLDTLS_AEAD_CIPHERSUITES to allow AEAD cipher suites in TLSv1.0 and TLSv1.1
2019-10-25 09:51:11 -07:00
David Garske
b80b10b980
Merge pull request #2498 from danielinux/stm32wb55
...
Support for STM32_PKA accelerator
2019-10-24 15:41:08 -07:00
Daniele Lacamera
9f34826173
stm32_pka: fixed remarks from code review
2019-10-24 21:48:35 +02:00
Daniele Lacamera
390b936331
stm32_pka: using XMEMCPY
2019-10-24 20:49:43 +02:00
Daniele Lacamera
f97452c859
STM32_PKA: using XMEMSET
2019-10-24 20:46:03 +02:00
Daniele Lacamera
025754e774
Fixed alignment/padding for hash. ECC tests passing on target.
2019-10-24 20:32:47 +02:00
John Safranek
17f44d4d29
OCTEON Sync
...
1. Add attributes to the OCTEON functions so they aren't optimized.
2. Disable the same test cases for OCTEON as we do QAT in sync.
2019-10-24 10:00:20 -07:00
David Garske
3ac4aa5a9b
Merge pull request #2524 from cconlon/cau_iar
...
mmCAU Classic AES key alignment, IAR warnings fixes
2019-10-24 09:23:20 -07:00
Daniele Lacamera
3677e4d735
[stm32hal-pka] Fixed after reviews, fix result allocation for sign/mulmod
2019-10-24 16:06:38 +02:00
Tesfa Mael
0b93109b3a
throw error when opensslcoexist configured with opensslall or opensslextra
2019-10-23 15:51:19 -07:00
toddouska
400dcfebba
Merge pull request #2516 from danielinux/freescale-ltc-spmath
...
Fixed Freescale LTC crypto module to compile with SP math
2019-10-23 15:11:43 -07:00
toddouska
28cc7daa68
Merge pull request #2511 from tmael/BN_bn2hex
...
Fix for hex digits with fastmath and normal integer
2019-10-23 15:10:40 -07:00
John Safranek
954d1ad13e
Sniffer Update
...
1. Add ssl_SetWatchKeyCallback_ex() which was missing.
2. Fix linking issue with OCTEON libraries.
2019-10-23 15:03:50 -07:00
Chris Conlon
cb7b4af986
Merge pull request #2523 from JacobBarthelmeh/SanityChecks
...
fix for selftest build
2019-10-23 15:24:16 -06:00
JacobBarthelmeh
4135850a32
Merge pull request #2522 from dgarske/rel_async_4.2.0
...
Fixes for building with async (rel v4.2.0 prep)
2019-10-23 14:33:00 -06:00
Jacob Barthelmeh
5b9e005802
fix for selftest build
2019-10-23 12:09:20 -06:00
John Safranek
b8f4b1a712
QAT Header Hiding
...
For the sync QAT, the QAT headers are included into the library after it
has been built and is being used. The actual headers should only be used
when building wolfSSL and should be hidden from the user.
1. Most of the functions in the sync QAT and OCTEON headers don't need
to be exported. Move all of that into the source files. Only export the
init and deinit functions.
2. Remove inline from the OCTEON support functions.
3. Remove the AES-ECB files for sync OCTEON as unused.
4. Configure defaults to OCTEON2 build, can be overridden with variable.
2019-10-23 09:58:11 -07:00
John Safranek
1ad23334bf
Sync Sniffer API Cleanup
...
1. Switched the IntelQa sync API back to local.
2. Added two functions to setup and cleanup the IntelQA device.
3. Changed the Octeon functions to match the IntelQa functions.
4. Updated sniffer, wolfcryptest, and benchmark.
2019-10-23 09:58:11 -07:00
John Safranek
b0dafbcd1b
Sync Octeon Sniffer
...
Added back some changes from a dropped commit.
1. The Octeon README should be a stub.
2. Changed the license notice in the octeon sync files back to GPLv2.
3. Added a flag to Aes that needed a build guard around it.
4. Replaced the disable for sniffer session stats.
2019-10-23 09:58:11 -07:00
John Safranek
54f0b1a44a
Sync QAT Fixes
...
1. The QAT callback's worker functions need to copy the IV into the AES IV register. QAT doesn't update it automatically.
2. Update the GMAC test to set its device to INVALID_DEVID.
3. Always allocate NUMA buffers before running crypto operation and store the results.
4. The QAT does not like non-multiple of 4 iv lenths, and aad lengths. Or 0. Remove a few test cases for those.
5. QAT wasn't getting a pointer to store the auth tag for GCM. Then store it.
2019-10-23 09:58:11 -07:00
John Safranek
825f311959
add OCTEON and QAT to wolfCrypt test, update SHA-1 to reset ret when it will do the software sha
2019-10-23 09:58:10 -07:00
John Safranek
41e0712eb0
Synchronous Cavium OCTEON Support for Sniffer
...
1. Fixes for AES-GCM.
2019-10-23 09:58:10 -07:00
John Safranek
67b11b8ece
Fixing some play-nice between sync QAT and sync Octeon.
2019-10-23 09:58:10 -07:00
John Safranek
989c964a95
Synchronous Cavium OCTEON Support for Sniffer
...
1. Add configure option for sync IntelQA that uses the crypto callback API.
2. Make a synchonous copy of the quickassist files.
3. Tie in the crypto device to the sniffer.
4. When making a sniffer build, define static DH enabled.
5. The readme files in the Cavium were being added to the distro optionally, changed to always add the readme files.
6. Added an include of the cavium_octeon header in the wc_ports.c.
7. Updated the Cavium OCTEON callback for AES-GCM.
8. Add the global tag to the list of crypto callback function pointers.
9. Add an accessor to the OCTEON crypto callback module to return the device ID of the OCTEON device.
10. Add a new version of ssl_SetWatchKeyCallback which takes an additional parameter of a device ID. This ID is used to set up the wolfSSL_CTXs in the sniffer session trackers.
11. Update the benchmark to use sync OCTEON and QAT.
2019-10-23 09:58:10 -07:00
David Garske
7386bd4df1
Fixes for building with ./configure --enable-asynccrypt --enable-all CFLAGS="-DWC_ASYNC_NO_CRYPT"
2019-10-22 13:37:16 -07:00
David Garske
48c4b2fedc
Merge pull request #2521 from JacobBarthelmeh/Release
...
prepare for release version 4.2.0
2019-10-22 09:12:33 -07:00
Sean Parkinson
8ce3b3a5e6
Use the public key type as private key type with PKCS #11
2019-10-22 10:34:44 +10:00
Sean Parkinson
a3c09f6794
Fix unittest to pass when compiling for NGINX
2019-10-22 08:47:49 +10:00
Jacob Barthelmeh
1cbc2536cc
prepare for release version 4.2.0
2019-10-21 16:32:41 -06:00
Jacob Barthelmeh
32f537cb6c
wrap time_t requirement in ssl.h by openssl extra build to fix sgx build
2019-10-21 16:29:31 -06:00
Jacob Barthelmeh
497818525a
check on keygen for make rsa key function
2019-10-21 14:54:17 -06:00
David Garske
9b8f1dadd0
Merge pull request #2520 from JacobBarthelmeh/Testing
...
Testing
2019-10-21 12:20:53 -07:00
Aaron Jense
eaa8f2a957
libwebsockets build fixes
...
1. Add --enable-libwebsockets option
2. Add OPENSSL_NO_EC (used in libwebsockets)
3. Add SSL_MODE_RELEASE_BUFFERS and debug message for when wolfSSL_CTX_set_mode doesn't recognize a mode.
2019-10-21 12:03:18 -06:00
David Garske
132877ea0b
Merge pull request #2519 from ejohnstown/dtls-fips-fix
...
Fix DTLS+OPENSSLALL+FIPS Failure
2019-10-21 10:00:23 -07:00
Jacob Barthelmeh
09a0859865
fix for fortress and no sha build with encrypted keys
2019-10-21 09:37:24 -06:00
Jacob Barthelmeh
e24787c8e4
add ecc header for fp_ecc cache free
2019-10-21 09:21:46 -06:00
Jacob Barthelmeh
ea45da5fa8
change add_all_* to be evp table init and fix valgrind report
2019-10-20 01:13:43 -06:00
John Safranek
26793359a2
Fix DTLS+OPENSSLALL+FIPS Failure
...
There was a problem with the combination of DTLS, OpenSSL Compatibility,
and FIPSv2 where the DTLS server would fail out because a HMAC key was
too short. FIPS requires a HMAC key be a minimum size. The DTLS server
uses HMAC to generate the first cookie key when initialized. When using
OpenSSL, the feature for creating a DTLS endpoint with its side being
set late is tested. The DTLS cookie wasn't getting set at init because
the server was "neither" at the time. Added a call to set cookie when
initializing a neither endpoint into a server.
2019-10-18 16:30:27 -07:00
Chris Conlon
42ddd63952
exclude packed __attribute__ on IAR ICC < 9
2019-10-18 16:33:01 -06:00
Chris Conlon
c18ff36959
fix uninitialized variable warning in IAR-EWARM 7.50.2
2019-10-18 14:08:23 -06:00
Chris Conlon
c4afbb3685
align AES key if needed when using MMCAU classic
2019-10-18 14:02:43 -06:00
Kaleb Himes
0eefa80d74
initialize max pathlen to preserve ASN no signer error
2019-10-18 11:30:08 -06:00
Jacob Barthelmeh
a0a572cf3e
fix sha256 build on armv8
2019-10-18 11:04:45 -06:00
David Garske
0e73af8b88
Merge pull request #2515 from JacobBarthelmeh/Testing
...
Initial pass on test cycle
2019-10-17 16:02:17 -07:00
JacobBarthelmeh
7135e9e500
Merge pull request #2517 from dgarske/x509_date
...
Fix to restore notBefore/notAfter functions
2019-10-17 16:59:20 -06:00
David Garske
fb8d2d4b2f
Fix to restore notBefore/notAfter functions that were removed in PR #2462 . These are not openssl compatibility functions, but are used by JSSE.
2019-10-17 13:02:00 -07:00
toddouska
78e1336598
Merge pull request #2514 from dgarske/fix_async_next_iv
...
Various fixes for asynchronous mode
2019-10-16 13:52:47 -07:00
Jacob Barthelmeh
b7d4c9f839
fix build with no server and enable all
2019-10-16 14:19:50 -06:00
Daniele Lacamera
f41f67d231
Fixed Freescale LTC crypto module to compile with SP math
2019-10-16 15:44:58 +02:00
Jacob Barthelmeh
b4a3ad6e2d
fix test case for enckeys + des3 with md5 disabled
2019-10-15 17:07:05 -06:00
Jacob Barthelmeh
acd0a55d47
add new certs to extra dist
2019-10-15 14:23:01 -06:00
Tesfa Mael
1267987c31
Review comment
2019-10-15 12:24:57 -07:00
Tesfa Mael
1a18e3bba8
Add leading zero padding for odd hex ASCII digits
2019-10-15 11:54:58 -07:00
David Garske
5c07391f1b
Various fixes for asynchronous mode:
...
* Fix for AES CBC issue with IV (QAT only).
* Fix for test cases with QAT.
* Remove poorly placed debug for AES CFB.
2019-10-15 11:18:55 -07:00
David Garske
928eb36b5e
Merge pull request #2513 from JacobBarthelmeh/UnitTests
...
update external test certificate
2019-10-15 11:18:01 -07:00
JacobBarthelmeh
63e74554a8
fix for warning when using c++ compiler
2019-10-15 10:07:02 -07:00
JacobBarthelmeh
bb6eeefe26
fix for build with --enable-all and gcc-9 on Linux
2019-10-15 09:56:26 -07:00
Jacob Barthelmeh
4bde06fbe3
fix for pkcs11 found running build_test.pl script
2019-10-15 10:25:46 -06:00
Jacob Barthelmeh
b27504b222
update external test certificate
2019-10-15 10:11:38 -06:00
Tesfa Mael
441f3a7f1f
Add leading zero for odd number of hex digits
2019-10-14 16:43:45 -07:00
Jacob Barthelmeh
95c036a08a
static analysis tests for memory management
2019-10-14 17:17:46 -06:00
toddouska
d30e4ac74f
Merge pull request #2499 from ejohnstown/sniffer-features
...
Sniffer Features
2019-10-14 15:35:55 -07:00
JacobBarthelmeh
c3e99e1394
Merge pull request #2510 from tmael/bio_base64
...
Fix a return value from wolfSSL_BIO_BASE64_write()
2019-10-14 15:44:14 -06:00
John Safranek
f0dfe5355b
Sniffer for IPv6
...
1. Better length checking on the IPv6 extension headers.
2. Removed the default size update analogous to the IPv4 header check
function. It cannot ever be 0, so the update was unnecessary.
2019-10-14 10:17:37 -07:00
toddouska
df77088d5c
Merge pull request #2461 from kaleb-himes/ZD_5541_PathLenConstraint
...
addressing non RFC compliance in handling of pathLen constraint
2019-10-14 09:41:09 -07:00
toddouska
9560b905af
Merge pull request #2509 from cconlon/selftest_version
...
Add CAVP selftest version API prototype
2019-10-14 09:23:16 -07:00
toddouska
2c3e4a2d18
Merge pull request #2508 from ejohnstown/dtls-fix
...
DTLS Redundant Check
2019-10-13 10:05:44 -07:00
toddouska
afb1c5f252
Merge pull request #2431 from JacobBarthelmeh/coldfire
...
M68K (coldfire MCF5441X) wolfcrypt build and examples
2019-10-13 09:16:03 -07:00
Jacob Barthelmeh
f2a3da94b6
refactor some openssl extra functions for cryptonly use
2019-10-11 16:40:08 -06:00
Tesfa Mael
54b6148259
Add comment
2019-10-11 15:19:02 -07:00
Tesfa Mael
ccc500e13f
Correct return value from wolfSSL_BIO_BASE64_write()
2019-10-11 14:52:53 -07:00
kaleb-himes
9357db4d0c
check value of ret in test cases
2019-10-11 15:27:15 -06:00
kaleb-himes
306b280ccd
Add test cases and implement peer suggestions
...
Fix failing jenkins test cases
Add detection for file size with static memory
Account for cert without pathLen constraint set including test cases
Resolve OCSP case and test where cert->pathLen expected to be NULL
2019-10-11 15:03:38 -06:00
Jacob Barthelmeh
d7fe000cfe
M68K (coldfire MCF5441X) wolfcrypt build and examples
...
fix for make dist and cleanup makefile
add aes file to Makefile
macro guards and entropy warning
add AES to build
2019-10-11 14:56:34 -06:00
Chris Conlon
fd6328aa8e
adjust NETBSD selftest tag in fips-check.sh for CAVP version API
2019-10-11 14:29:41 -06:00
Chris Conlon
2c6c88266b
add prototype for wolfCrypt CAVP version in selftest.h
2019-10-11 14:18:04 -06:00
toddouska
cd934a95a4
Merge pull request #2445 from JacobBarthelmeh/SanityChecks
...
sanity check on resulting ecc size
2019-10-11 10:53:20 -07:00
kaleb-himes
9c5fd165d0
addressing non RFC compliance in handling of pathLen constraint
2019-10-10 16:45:29 -06:00
John Safranek
774c0c5c3c
Remove a redundant sequence number check for epoch 0.
2019-10-10 14:21:14 -07:00
John Safranek
fabc6596b3
Merge pull request #2369 from JacobBarthelmeh/Testing
...
fix for inject clear alert from client test case
2019-10-10 13:25:51 -07:00
David Garske
d781734b55
Merge pull request #2507 from cariepointer/apache_updates
...
Apache updates
2019-10-10 12:45:01 -07:00
JacobBarthelmeh
65d1c3b8ce
Merge pull request #2506 from tmael/bio_mem_base64
...
Fix for BIO and base64 encoding/decoding
2019-10-10 13:41:38 -06:00
Carie Pointer
1d7f0de5b5
Fixes from review, adds some error checking, and adds const variables
2019-10-10 09:13:35 -07:00
Carie Pointer
4fa2b71848
Minor changes requested from review
2019-10-09 15:38:26 -07:00
Carie Pointer
af8968ee5e
Add REQUIRES_AEAD and move functionallity for checking AEAD ciphers to CipherRequires()
2019-10-09 14:37:39 -07:00
Carie Pointer
d137cab427
Update in XSTRCAT call
2019-10-09 13:12:34 -07:00
Carie Pointer
2312d0e125
Dynamically allocate buffer in wolfSSL_X509V3_EXT_print
2019-10-09 12:54:23 -07:00
Tesfa Mael
e22563ed00
BIO chain test
2019-10-09 11:38:07 -07:00
Carie Pointer
d89f9ddc42
Update X509V3_EXT_print for different extension types
2019-10-09 11:10:27 -07:00
Carie Pointer
5adcee9f2c
Update testsuite to expect ADH-AES256-GCM-SHA384 to fail with TLSv1.0 and TLSv1.1
2019-10-09 08:36:47 -07:00
Daniele Lacamera
99209d78a3
STM32 PKA: added include statement
2019-10-09 13:19:57 +02:00
Daniele Lacamera
0dfc64678c
STM32 PKA: added function prototype
2019-10-09 13:15:56 +02:00
Daniele Lacamera
3465a487d3
STM32 PKA fix: remove reverse array operations
2019-10-09 10:22:04 +02:00
John Safranek
89db0da0aa
Synchronous Quick Assist Support for Sniffer
...
1. Fixed a compiler warnings.
2. Fixed a memory issue when using the storage callback with QAT.
2019-10-08 16:49:38 -07:00
Tesfa Mael
b7fe49c8b4
NULL terminate a character sequence
2019-10-08 15:42:39 -07:00
Tesfa Mael
a84fbeae6b
Fix for a memory BIO and handle BIO chains
2019-10-08 12:26:54 -07:00
John Safranek
ff15b3cfaa
better display of the IPv6 addresses in the sniffer
2019-10-08 11:34:36 -07:00
Carie Pointer
136bc45857
Update wolfSSL_X509_NAME_print_ex for printing X509_NAME in reverse order
2019-10-07 11:36:00 -07:00
Carie Pointer
98b8cd35d8
Add ALT_NAMES_OID to switch in wolfSSL_X509_set_ext and update X509V3_EXT_print
2019-10-07 11:29:35 -07:00
Carie Pointer
b247b4565c
Fixes for build warnings with apache httpd
2019-10-07 11:15:55 -07:00
Carie Pointer
df22115920
Return error with AES-GCM and negotiated versions < TLSv1.2
2019-10-07 08:28:00 -07:00
David Garske
625bd121f2
Merge pull request #2495 from JacobBarthelmeh/staticmemory
...
check on if free'ing ctx/method back to heap hint
2019-10-07 08:10:05 -07:00
John Safranek
8ec90339d9
Change the sniffer testsuite to do the IPv6 test when the "-6" option is
...
on the command line.
2019-10-05 19:26:41 -07:00
John Safranek
f025f08315
Sniffer touches for Windows.
2019-10-04 17:06:35 -07:00
John Safranek
a467c75390
Change the GPL version back to v2 for the quickassist_sync files.
2019-10-04 14:56:42 -07:00
John Safranek
b6b57154e5
Add the new IPv6 sniffer test file to the automake list.
2019-10-04 14:54:17 -07:00
John Safranek
89ff909d73
Sniffer IPv6
...
1. Sorted out IPv6 configuration for sniff test.
2. Tests the sniffer using an IPv6 file.
2019-10-04 14:54:17 -07:00
John Safranek
ebd435ae46
skip IPv6 extended headers
2019-10-04 14:54:17 -07:00
John Safranek
a5bfb8a18b
Change the IP address wrappers to include the version. Makes comparing
...
easier. Hard-coded some IPv6 localhost tests.
2019-10-04 14:54:17 -07:00
John Safranek
d1d2eb0edd
Add IPv6 to the sniffer.
2019-10-04 14:54:17 -07:00
John Safranek
8b21082abe
Use wrapper macros for all touches of the sniffer statistics mutex.
2019-10-04 14:54:17 -07:00
John Safranek
1b057df610
When enabling SHOW_SECRETS one of the array counter variables for a
...
secret had a type mismatch. Changed the index to a word32 to match the
boundary variable's type.
2019-10-04 14:54:17 -07:00
John Safranek
841e469340
Convert the data the snifftest is about to print into printable text.
...
Anything that isprint() or isspace() is kept, anything else is changed
to a period.
2019-10-04 14:54:17 -07:00
John Safranek
725243b132
Changed how the sniffer calculates the sslFrame size, sslBytes, and the
...
end of packet pointer. The end of packet pointer is based on sslFrame
and sslBytes. sslBytes is calculated from the total length in the IP
header, rather than the caplen. The caplen may include things like
Ethernet's FCS, which throws packet processing off.
2019-10-04 14:54:17 -07:00
John Safranek
b2fb6d1a81
Move some stats captures to a different location.
2019-10-04 14:54:17 -07:00
John Safranek
3256fef7f9
Sniffer Chain Buffers
...
1. Fixed an issue when a TLS record is split across two chain buffers.
The second buffer was being treated as a new record.
2. Fixed an issue with STARTTLS_ALLOWED where the input buffer isn't
getting cleared and the skipped data just builds up blocking TLS
records.
2019-10-04 14:54:17 -07:00
John Safranek
53c7f864b2
Add midding function prototype.
2019-10-04 14:54:17 -07:00
John Safranek
b6ca72549c
Sniffer Fixes
...
Added a flag to disable the normally enabled session stats, WOLFSSL_NO_SESSION_STATS.
2019-10-04 14:54:17 -07:00
John Safranek
dea5e73852
Sniffer Chain Input
...
Add a new method for handling input records where the input is in the form of an iovec list.
2019-10-04 14:54:17 -07:00
John Safranek
62ac388f55
Store Data Callback
...
Added a callback and support to allow one to handle storing the data
directly without reallocating the data buffer. Also added an example
that uses this callback if the callback is enabled in the build.
2019-10-04 14:54:17 -07:00
John Safranek
98e94a6f0f
Added a preprocessor guard around ssl_GetSessionStats().
2019-10-04 14:54:17 -07:00
John Safranek
a0ad39cf70
Sniffer Stats
...
Moved the increment of the resume misses statistic.
2019-10-04 14:54:17 -07:00
John Safranek
73273f4fec
Sniffer Memory
...
1. Modify the sniffer code to use XMALLOC and XFREE.
2. Added some new dynamic memory types for the sniffer.
2019-10-04 14:54:17 -07:00
John Safranek
0e1073f622
Sniffer Statistics
...
Addded two more statistics, cache hits and cache inserts.
2019-10-04 14:54:17 -07:00
John Safranek
4292936efc
wolfSSL Global
...
1. Renamed the global variable tag to WOLFSSL_GLOBAL.
2. Tagged several more global variables with WOLFSSL_GLOBAL.
2019-10-04 14:54:17 -07:00
John Safranek
bbc208ad33
Updated some more globals in the sniffer and session cache with being shared.
2019-10-04 14:54:17 -07:00
John Safranek
a991cc42f4
Add function wolfSSL_get_cipher_name_iana_from_suite() a wrapper around
...
internal API GetCipherNameIana().
2019-10-04 14:54:17 -07:00
John Safranek
87a8447f0d
1. Added a tag for global variables in environments where they aren't
...
shared across threads by default.
2. Set the Trace file and flag up with the shared flag.
2019-10-04 14:54:17 -07:00
John Safranek
743a6ab829
Update the decrypted packet and byte counts.
2019-10-04 14:54:17 -07:00
toddouska
dd9635d8ff
Merge pull request #2469 from embhorn/sk_types
...
Sk types
2019-10-04 14:44:25 -07:00
toddouska
30829cec09
Merge pull request #2482 from SparkiDev/cppcheck_fixes_1
...
Fixes from using cppcheck tool
2019-10-04 14:39:31 -07:00
David Garske
b213a962e9
Merge pull request #2493 from ejohnstown/sync-qat
...
Synchronous Quick Assist Support for Sniffer
2019-10-04 11:45:08 -07:00
Daniele Lacamera
c26a7ccb68
Fix copy-paste from LTE module
2019-10-04 20:37:38 +02:00
Daniele Lacamera
52bf19eefd
Added initial support for STM32_PKA ECC accelerator
2019-10-04 20:15:33 +02:00
David Garske
0d43c1f3d7
Merge pull request #2488 from aaronjense/openssh-fixes
...
Fix defines that aren't in configure.ac
2019-10-04 10:35:07 -07:00
David Garske
d48e904c16
Merge pull request #2496 from embhorn/test_ASN1_INTEGER_set
...
Add conditional check to test_wolfSSL_ASN1_INTEGER_set test case failing for 32-bit platform
2019-10-04 10:33:37 -07:00
John Safranek
48d872187d
Synchronous Quick Assist Support for Sniffer
...
1. Add a HardwareStop for the QAT sync build in wolfCrypt_Cleanup();
2019-10-04 09:01:59 -07:00
David Garske
a258b84018
Merge pull request #2497 from danielinux/openssl-cleanup
...
Fix include path issue for openssl compatibility for dh.h.
2019-10-04 08:23:37 -07:00
Eric Blankenhorn
f47a9c8b20
Add conditional to 64-bit tests
2019-10-04 09:41:48 -05:00
Daniele Lacamera
3183ccc0c8
x509.h: include the correct header
2019-10-04 15:04:35 +02:00
Daniele Lacamera
5f1dcc3b0c
Removed inclusion of openSSL header
2019-10-04 10:22:38 +02:00
Jacob Barthelmeh
82fc96b7f3
adjust onHeap to be a bit field
2019-10-04 08:44:00 +07:00
tmael
197b22973b
Merge pull request #2490 from dgarske/riscv
...
Consolidate RISC-V examples and fix `make dist` file error
2019-10-03 15:08:49 -07:00
David Garske
12bf46296e
Consolidate RISC-V examples. Fix make dist file error.
2019-10-03 11:08:50 -07:00
David Garske
f5a4b82302
Merge pull request #2492 from ejohnstown/titan-cache
...
Titan Session Cache
2019-10-03 09:52:51 -07:00
John Safranek
177bab84e5
Synchronous Quick Assist Support for Sniffer
...
1. Add missing deinitializers for the QAT as the sniffer exits.
2019-10-03 09:15:50 -07:00
JacobBarthelmeh
df2c27af32
check on if free'ing ctx/method back to heap hint
2019-10-03 08:39:18 -07:00
John Safranek
c0a4143942
Titan Session Cache
...
1. Added a new build option for a TITAN session cache that can hold just over 2 million session entires.
2. Reordered the cache options from largest to smallest.
2019-10-02 14:36:38 -07:00
John Safranek
3b989329cd
Merge pull request #2491 from aaronjense/fix-shadow-ret
...
Fix shadow redeclaration
2019-10-02 12:17:35 -07:00
John Safranek
9a5eb1bb67
Synchronous Quick Assist Support for Sniffer
...
1. Add configure option for sync IntelQA that uses the crypto callback API.
2. Refactor the IntelQA configure checks so they are usable by both the sync and async options.
3. Make a synchonous copy of the quickassist files.
4. Replace the printfs in the code with a logging macro.
5. Added padding to the AES_KEY structure for WOLF_CRYPTO_CB.
6. Tie in the crypto device to the sniffer.
7. When setting up the symmetric operation, add a build case for the sniffer to use malloc instead of realloc. Sniffer usually uses the middle of another buffer for the input data rather than the beginning of the buffer as it has the TCP/IP data to handle as well.
8. Add the raw key to the DES3 structure.
9. Copy the functions from qa_mem over to qa_sync.
2019-10-02 10:08:46 -07:00
Aaron Jense
0340b323cd
Fix shadow redeclaration
2019-10-02 09:41:06 -06:00
Aaron Jense
91222bc887
Fix defines that aren't in configure.ac
2019-10-02 09:14:47 -06:00
David Garske
43e391528d
Merge pull request #2489 from ejohnstown/sniffer-etm
...
Sniffer and Encrypt-Then-Mac
2019-10-02 08:05:25 -07:00
Chris Conlon
ca817c50aa
Merge pull request #2481 from dgarske/nxp_mmcau
...
Improvements to SHA-1, SHA-256 and MD5 performance
2019-10-01 15:16:50 -06:00
John Safranek
7261ed8b6f
Sniffer and Encrypt-Then-Mac
...
The sniffer doesn't know how to deal with ETM. If the sniffer is enabled, disble ETM.
2019-10-01 13:00:55 -07:00
Sean Parkinson
901ee627fc
Fixes from using cppcheck tool
...
Various fixes for uninitialized variable use.
sniffer.c: close file when seek fails
tls.c: fix QSH_GET_SIZE macro
wolfio.c: uIPGenerateCookie: use the parameter, _ctx, instead of self
referencing.
wolfssl_adds.c: check for equivalent to XBADFILE to indicate error.
SP: change right shift of signed value to unsigned
sp_int.h: define 128-bit types
types.h: change a XMALLOC define to not use (,,) - cppcheck doesn't like
it and is unnecessary.
2019-10-01 09:22:00 +10:00
David Garske
ea68e146c7
Merge pull request #2487 from JacobBarthelmeh/Fuzzer
...
fix for infinite loop with CSR2
2019-09-30 10:38:26 -07:00
Kaleb Himes
caa5ba7551
Merge pull request #2411 from ejohnstown/wolfrand
...
wolfRand
2019-09-30 11:11:18 -06:00
Chris Conlon
056c374f85
Merge pull request #2486 from miyazakh/update_tisp_readme
...
update tsip porting readme
2019-09-30 10:07:46 -06:00
Jacob Barthelmeh
e7c2892579
fix for infinite loop with CSR2
2019-09-30 21:32:25 +07:00
Hideki Miyazaki
5486b535d1
update tsip readme
2019-09-29 17:09:08 +09:00
John Safranek
43476e80d4
Merge pull request #2462 from dgarske/webrtc
...
Support for Google WebRTC
2019-09-27 14:24:11 -07:00
Chris Conlon
ab4a78fdae
Merge pull request #2485 from aaronjense/HAproxy-defines
...
Fix defines for HAProxy build
2019-09-27 14:37:42 -06:00
David Garske
4c89a21d12
Updates from peer review. Refactor to combine some BIO elements into ptr. Revert change to BIO_set_fd.
2019-09-27 11:19:42 -07:00
David Garske
b47039b7ec
Fix for possible unused local32 warning.
2019-09-27 09:22:18 -07:00
Aaron Jense
bfa20c53b0
Fix defines for HAProxy build
2019-09-27 09:18:27 -06:00
David Garske
937a344682
Merge pull request #2484 from SparkiDev/armv8-x18-redo
...
Refix stopping use of x18 register
2019-09-26 18:55:59 -07:00
Sean Parkinson
5bcf54b9e2
Refix stopping use of x18 register
2019-09-27 09:41:54 +10:00
Sean Parkinson
1f393c9dde
Merge pull request #2483 from JacobBarthelmeh/BuildOptions
...
early data and enc-then-mac build fixes
2019-09-27 08:00:53 +10:00
David Garske
78f6bbcdb8
Adjusted the alignement macro to use WC_HASH_DATA_ALIGNMENT for shared settings across hash algos.
2019-09-26 11:53:24 -07:00
David Garske
6bfe6761d8
Disable the new hashing aligned build option by default. Does not increase performance... the memcpy is faster than the alignment check on modern CPU's. Embedded systems may benefit from this though, so leaving support for it in place.
2019-09-26 11:49:33 -07:00
David Garske
4c709f1f2c
Improvements to SHA-1, SHA-256 and MD5 performance:
...
* Added detection for buffer alignment to avoid memcpy.
* Added MD5 and SHA-1 support for XTRANSFORM_LEN to process blocks.
* Cleanups for consistency between algorithms and code commenting.
* Enhancement for NXP MMCAU to process more than one block at a time.
* Improved MMCAU performance: SHA-1 by 35%, SHA-256 by 20% and MD5 by 78%.
```
NXP K64 w/MMCAU after:
MD5 8 MB took 1.000 seconds, 7.910 MB/s
SHA 4 MB took 1.005 seconds, 3.644 MB/s
SHA-256 2 MB took 1.006 seconds, 2.306 MB/s
NXP K64 w/MMCAU before:
MD5 4 MB took 1.004 seconds, 4.450 MB/s
SHA 3 MB took 1.006 seconds, 2.670 MB/s
SHA-256 2 MB took 1.008 seconds, 1.913 MB/s
```
2019-09-26 11:32:59 -07:00
Eric Blankenhorn
a1b324f7f8
Adding sk_free support for CONF_VALUE
2019-09-26 11:28:59 -05:00
David Garske
9571f2fce8
Merge pull request #2447 from SparkiDev/sp_const
...
Change static globals to const where possible
2019-09-26 09:11:23 -07:00
David Garske
34e0eb498a
Fix for X509_set_subject_name and X509_set_issuer_name API unit test macro enables.
2019-09-26 08:42:35 -07:00
David Garske
606b76d06e
Fix for WPAS certificate size difference. Fix so BIO_METHOD is compatible. Moved BIO stuff into bio.h.
2019-09-26 08:42:35 -07:00
David Garske
a5f9d38c0d
Remove the BIO method custom... its not compat. Fix bio->ptr to be void*.
2019-09-26 08:42:35 -07:00
David Garske
872d222b59
* Adds the following openssl compatibility API's:
...
- SSL_CIPHER_get_id
- SSL_CIPHER_get_rfc_name
- SSL_get_cipher_by_value
- X509_print_ex
- X509_NAME_add_entry_by_NID
- X509_time_adj
- X509_time_adj_ex
- DTLSv1_get_timeout
- DTLSv1_handle_timeout
- DTLSv1_set_initial_timeout_duration
- SSL_CTX_set_current_time_cb
- PEM_write_bio_RSA_PUBKEY
- PEM_read_bio_RSA_PUBKEY
- PEM_write_bio_PUBKEY
- EVP_PKEY_missing_parameters
- EVP_PKEY_cmp
- BN_is_negative
- BIO_set_retry_write
* Improvements to the notBefore and notAfter date handling.
* Improvements to BIO and BIO_METHOD
- Moved structure to public area to allow for dereferencing
- Renamed members to provide compatibility.
- Added support for custom BIO methods for read/write.
* Added advanced openssl compatibility test cases for key and certificate generation.
* Fix for `ASN1_STRING_set` to allow NULL data.
* Fix to populate public key information on `EVP_PKEY_assign_RSA` and `EVP_PKEY_assign_EC_KEY`.
* Fix naming for `X509_get_notBefore` and `X509_get_notAfter` functions.
* Added `wc_EccPublicKeyDerSize`.
* Improvements to `wc_RsaPublicKeyDerSize`, so dummy memory doesn't have to be allocated.
* Made the `wc_*PublicKeyDerSize` functions public.
* Eliminate use of snprintf for UTC to generalized time conversion in `wolfSSL_ASN1_TIME_to_generalizedtime`.
2019-09-26 08:42:35 -07:00
Sean Parkinson
42d04a36d6
Change static globals to const where possible
...
Change parameters to functions to be const where possible (and
necessary).
2019-09-26 23:05:02 +10:00
Sean Parkinson
4a6925e2ef
Merge pull request #2480 from dgarske/nightly_20190925
...
Fixes for minor build issues
2019-09-26 17:34:21 +10:00
Jacob Barthelmeh
c6c7f67dfd
add check on AEAD only mode with enc-then-mac functions
2019-09-26 12:30:17 +07:00
Jacob Barthelmeh
8139fbd026
early data and enc-then-mac build fixes
2019-09-26 12:12:19 +07:00
Jacob Barthelmeh
f1b68873ef
add check on dependencies for tests
2019-09-26 11:43:12 +07:00
David Garske
02c5d36f72
Fixes for --enable-opensslextra or --enable-opensslall with NO_WOLFSSL_CLIENT or NO_WOLFSSL_SERVER defined.
2019-09-25 20:11:54 -07:00
David Garske
9d05e9c0b7
Fixes for minor nightly build tests.
2019-09-25 11:07:32 -07:00
David Garske
bcd8a521f5
Merge pull request #2479 from tmael/aes_gcm
...
Initialize AES GCM set key
2019-09-20 14:34:25 -07:00
Eric Blankenhorn
425548565f
Fix after rebase
2019-09-20 16:16:10 -05:00
Eric Blankenhorn
f01e943448
Adding support for STACKOF(CONF_VALUE)
2019-09-20 16:06:13 -05:00
Eric Blankenhorn
082d0e459d
Updates from review
2019-09-20 16:04:14 -05:00
Eric Blankenhorn
793df114f3
Adding stack object type support to sk_value
2019-09-20 16:02:58 -05:00
Tesfa Mael
74386fd0d0
Initialize GCM AAD in case wc_AesInit() wasn't called
2019-09-20 12:04:33 -07:00
John Safranek
b92509144b
Merge pull request #2475 from dgarske/qat_key
...
Fixes and improvements for async
2019-09-20 10:44:33 -07:00
Tesfa Mael
54cdab8005
Initialize AES GCM set key
2019-09-20 10:17:08 -07:00
Chris Conlon
8636bac12f
Merge pull request #2478 from miyazakh/fix_iar_build
...
Fix build failure on IAR EWRX
2019-09-20 09:01:56 -06:00
Sean Parkinson
3f10a37eda
Merge pull request #2477 from dgarske/keil_sp
...
Fixes for using Keil with single precision math.
2019-09-20 10:42:46 +10:00
David Garske
d762d2fa5d
Merge pull request #2450 from aaronjense/microsoft-azure-sphere
...
Visual Studio Solution for Azure Sphere Devices
2019-09-19 17:13:46 -07:00
cariepointer
2dafd2102c
Add Apache HTTP Server compatibility and --enable-apachehttpd option ( #2466 )
...
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 17:11:10 -07:00
Hideki Miyazaki
2f818f9508
Fix build failure on IAR EWRX
2019-09-20 09:07:51 +09:00
Sean Parkinson
dfc00bf057
Merge pull request #2476 from dgarske/pkcb_tls13
...
Fix for TLS v1.3 and PK callbacks
2019-09-20 08:10:43 +10:00
David Garske
3b6112e317
Fixes for using Keil with single precision math.
2019-09-19 14:34:30 -07:00
toddouska
c16b02a265
Merge pull request #2471 from dgarske/test_date_override
...
Fix for verify callback override not adding to trusted CA list
2019-09-19 13:54:24 -07:00
Chris Conlon
33a83cdba0
Merge pull request #2436 from miyazakh/Renesas_TSIP_Port
...
Support renesas tsip
2019-09-19 14:44:33 -06:00
toddouska
2dbf3f81fc
Merge pull request #2474 from SparkiDev/sp_int_prime
...
Add support for prime checking to sp_int.c
2019-09-19 13:44:22 -07:00
toddouska
fd1d65c4f9
Merge pull request #2470 from SparkiDev/build-fixes
...
Fixes from overnight build failures
2019-09-19 13:38:25 -07:00
toddouska
cc452adff1
Merge pull request #2465 from JacobBarthelmeh/Fuzzer
...
sanity check on length before read
2019-09-19 13:34:42 -07:00
David Garske
523b1801ed
Cleanup of the wc_ecc_sign_hash function to separate the async logic. This improves the ECC r/s local case to appease static analyzers. Fixes https://github.com/wolfSSL/wolfssl/issues/2342 .
2019-09-19 13:33:02 -07:00
John Safranek
ab86e78cbe
Merge pull request #2458 from JacobBarthelmeh/Certs
...
macro guards for re-defines
2019-09-19 12:54:26 -07:00
David Garske
6aecdf59c1
Fixes for async build and tests.
2019-09-19 12:30:05 -07:00
David Garske
ae25027135
Fix for TLS v1.3 and PK callbacks.
2019-09-19 12:07:14 -07:00
David Garske
1493b94b27
Eliminate async NUMA allocation for wc_ecc_gen_k. Additional DECLARE_VAR checks. Improve mp_rand to avoid alloc in async case.
2019-09-19 11:34:59 -07:00
Jacob Barthelmeh
f532143094
adjust CheckASNTag to be GetASNTag
2019-09-19 02:09:51 -06:00
Hideki Miyazaki
5c5aa45a5e
addressed review comments
...
tsip_usable() reconstruction
2019-09-19 14:35:23 +09:00
Hideki Miyazaki
a37b604da9
addressed review comments
2019-09-19 11:18:52 +09:00
Hideki Miyazaki
63d61c490d
addressed review comments
2019-09-19 11:18:52 +09:00
Hideki Miyazaki
a6b2d1621b
Free memory for a msg buffer when calling wc_ShaxxxFree()
2019-09-19 11:18:52 +09:00
Hideki Miyazaki
778a2065ab
Replaced key information by dummy data
2019-09-19 11:18:52 +09:00
Hideki Miyazaki
cb0184fe98
update Readme, added file header etc
2019-09-19 11:18:52 +09:00
Hideki Miyazaki
a292e69d3f
update readme
2019-09-19 11:18:52 +09:00
Hideki Miyazaki
5c6f6fdb7d
Renesas TSIP Support
...
merged from private repo
removed unneccessary #include
make line as 80 characters
added simple tls server
Disable TLS-linked API use when being SERVER SIDE, still use certificate verify API
Added utility tools, generate signature arrays etc
added vars to store tsip hmac keys
fix build failure when disabling dc_printf
2019-09-19 11:18:52 +09:00
Sean Parkinson
0bc16d47e2
Add support for prime checking to sp_int.c
...
This allows SP to support:
- DH parameter checking
- DH parameter generation
- RSA key generation
Improved performance of sp_mod operation.
Reworked some functions to have one exit point (return statement).
Fixed sp_sub_d().
Changed tests to perform 2048-bit RSA key generation only when using SP
math.
Fixed Intel x86_64 C file to not have DH specific functions available
unless WOLFSSL_HAVE_SP_DH is defined.
Fixed tfm to return an error when t is not the correct size in
fp_isprime_ex().
2019-09-19 09:08:15 +10:00
Aaron Jense
bdbe0943cf
Add function to print network interface and IP Address
2019-09-18 19:57:19 +01:00
Aaron Jense
4ef8f53c9e
PR Review Changes
...
1. Add more documentation
2. Add cleanup functions for client and server before return
3. Add the ability for client to use a hostname for SERVER_IP
2019-09-17 14:59:43 -06:00
toddouska
946a0f593f
Merge pull request #2472 from SparkiDev/enc_then_mac_fix
...
Enc-Then-MAC: when message size is less than digest size return error
2019-09-17 08:57:26 -07:00
Chris Conlon
f0e774d1e1
Merge pull request #2420 from kojo1/KDS-proj
...
add KDS sample project
2019-09-17 11:53:04 -04:00
Chris Conlon
bdad0fa53f
Merge pull request #2443 from miyazakh/fix_esp_examples
...
Fixed examples for esp-idf
2019-09-17 11:47:39 -04:00
David Garske
0e5de0c076
Fix to only AddCA when its CA type and veryNone is not set.
2019-09-17 07:56:02 -07:00
Sean Parkinson
2c2907c2a5
Enc-Then-MAC: when message size is less than digest size return error
2019-09-17 11:23:43 +10:00
David Garske
b7c08988dc
Fix for verify callback override of intermediate CA provided by peer not being added to trusted CA list.
...
Feature: Added support for testing date override at build-time using `TEST_BEFORE_DATE`.
```
./examples/server/server -H overrideDateErr -A ./certs/ca-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-chain.pem &
./examples/client/client -D -A ./certs/ca-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-chain.pem
```
2019-09-16 14:47:55 -07:00
Jacob Barthelmeh
708556d5c7
adjust sha3 typedef
2019-09-16 10:40:56 -06:00
Jacob Barthelmeh
3b7b81fea7
add local CheckASNTag function
2019-09-15 23:06:11 -06:00
David Garske
326f02d76d
Fix for buffer overrun check logic.
2019-09-15 23:04:13 -06:00
Jacob Barthelmeh
e6c48327c1
sanity check on length before read
2019-09-15 23:04:13 -06:00
Sean Parkinson
000fc64f27
Fixes from overnight build failures
...
ssl.c: Certificate store fields freed without being NULLed and then
freed again.
integer.c: Compiler complained that a->dp may be NULL in mp_set_bit when
setting bit.
pkcs12.c: ret is zero after GetLength and this is an error but data is
freed only when ret != 0.
pkcs7.c: derArr was not zeroized for full allocated size.
2019-09-16 10:21:08 +10:00
toddouska
9d69f17f17
Merge pull request #2468 from tmael/RSA_inline
...
Fix for RSA inline
2019-09-13 13:46:33 -07:00
toddouska
9d3d170411
Merge pull request #2456 from dgarske/freedom_unleashed
...
Support for SiFive HiFive Unleashed board
2019-09-13 11:58:11 -07:00
toddouska
40fc86dfd2
Merge pull request #2464 from SparkiDev/rshift_neg
...
Use constant time comparison in MaskMac with scanStart and macStart
2019-09-13 11:56:12 -07:00
toddouska
a2d3da2831
Merge pull request #2463 from ejohnstown/maintenance-dtls
...
Maintenance DTLS
2019-09-13 11:53:20 -07:00
toddouska
6894dde4e9
Merge pull request #2460 from dgarske/debug_buffer
...
Improvements to `WOLFSSL_BUFFER` function
2019-09-13 11:49:20 -07:00
John Safranek
b70f22e21a
1. Use the session deallocator on the deserialized session in the client.
...
2. Free the flatten session if the size check fails.
2019-09-12 16:04:34 -07:00
Chris Conlon
09541082d6
Merge pull request #2416 from kojo1/OCSP-error
...
Detail error code
2019-09-12 16:51:34 -04:00
Tesfa Mael
4e62d1f509
Fix for RSA inline
2019-09-11 22:57:54 -07:00
John Safranek
c27a4b3865
TLS Maintenance
...
When serializing the WOLFSSL_SESSION, serialize everything.
2019-09-11 16:44:54 -07:00
John Safranek
852d50adcf
DTLS Maintenance
...
To go with the fix for the functions wolfSSL_(i2d|d2i)_SSL_SESSION,
modify the example client to use a serialized session record for
resumption instead of the direct reference into the session cache. This
change only happens when OPENSSL_EXTRA and HAVE_EXT_CACHE are defined.
2019-09-11 15:29:57 -07:00
Sean Parkinson
2a1a9f36cc
Use constant time comparison in MaskMac with scanStart and macStart
...
Right shift of a negative value is undefined.
Add an 'int' return version of constant time greater than equal.
Change equal and not equal to be constant time in more situations.
2019-09-11 10:57:23 +10:00
David Garske
ed06f34f55
Updated benchmarks running at 1.5GHz (default is 1 GHz).
2019-09-10 16:09:18 -07:00
John Safranek
22c398494e
DTLS Maintenance
...
The options to switch on and off the code to serialize/deserialize items
in the struct need to match the options for the struct.
(ZD5130, ZD5590)
2019-09-10 16:01:48 -07:00
John Safranek
e93e3b60da
DTLS Maintenance
...
Allow the DTLS server to retransmit a stored flight of messages in an additional acccept state.
(ZD5644)
2019-09-10 11:51:38 -07:00
David Garske
def36ddfe8
Added instructions for installing Debian on Unleashed board.
2019-09-10 09:16:35 -07:00
David Garske
66b76a4420
Improvements to WOLFSSL_BUFFER function to eliminate recursive call and use snprintf for string safety. Adds support for build-time change of LINE_LEN.
2019-09-10 08:57:35 -07:00
David Garske
645f8ddd31
Update RISC 64-bit detection to use __riscv_xlen.
2019-09-10 07:47:28 -07:00
Jacob Barthelmeh
eb2aa3dce1
macro guards for re-defines
2019-09-09 19:24:45 -06:00
toddouska
99252cc936
Merge pull request #2399 from dgarske/ovs
...
Compatibility changes for OpenVSwitch
2019-09-09 16:02:27 -07:00
David Garske
95d3289fa2
Merge pull request #2437 from kaleb-himes/ZD_5546_IAR_CC_CHECK
...
Fix failing IAR builds, thanks to Joseph C. for the report
2019-09-09 11:42:19 -07:00
Aaron Jense
88036db223
Visual Studio Solution for Azure Sphere Devices
2019-09-09 10:50:56 -06:00
David Garske
ab5c12fd17
Added parenthesis around types.h pointer size macro.
2019-09-09 09:01:18 -07:00
David Garske
c0317ad198
Fix to only expose SSL_want when OPENSSL_EXTRA is defined.
2019-09-09 08:07:30 -07:00
David Garske
342d03a294
Added SSL_want.
2019-09-09 08:07:30 -07:00
David Garske
2cf26a1353
Compatibility changes for OpenVSwitch.
2019-09-09 08:07:30 -07:00
julek-wolfssl
c52801754c
Fips ready ( #2422 )
...
* Changes to update stunnel support
* Required additions for building fips-ready with speedups
* Fix SetASNIntRSA
2019-09-09 02:47:02 -07:00
julek-wolfssl
02419e248f
Fix clang 3.8 arm ( #2449 )
...
* Fix 'value size does not match register size' error in clang with arm assembly
* More readable casting
2019-09-09 02:46:48 -07:00
Hideki Miyazaki
87d0c70695
erase compiler complaint, not used var
2019-09-09 08:25:02 +09:00
Hideki Miyazaki
7433b20d43
renamed wolfSSL_CTX_IsPrivatePkSetForkeyType to wolfSSL_IsPrivatePkSet
2019-09-09 08:25:02 +09:00
Hideki Miyazaki
348be7fb00
Fix jankis test, known customer config. complaining unused var
2019-09-09 08:25:02 +09:00
Hideki Miyazaki
82d531562c
Fixed build warnings due to esp-idf update
...
Fixed server application TLS communicatio failure
2019-09-09 08:25:02 +09:00
julek-wolfssl
4c88d94d13
Chacha20 and poly1305 without x18 ( #2454 )
...
* Remove use of x18 and organize new optimizations
* Fix invalid operand
2019-09-08 16:03:04 -07:00
Sean Parkinson
afb15f6521
Merge pull request #2455 from JacobBarthelmeh/HardwareAcc
...
change detection of AESNI support to read bit 25 from ECX
2019-09-09 08:29:00 +10:00
David Garske
ebe99cf5ef
Support for SiFive HiFive Unleashed board.
2019-09-06 16:04:34 -07:00
toddouska
37328544ad
Merge pull request #2453 from SparkiDev/armv8_x18
...
ARM64 assembly - x18 not able to be used
2019-09-06 15:45:02 -07:00
toddouska
85b123046b
Merge pull request #2377 from SparkiDev/sha2_cs_oldtls
...
Disallow SHA-2 ciphersuites from TLS 1.0 and 1.1 handshakes
2019-09-06 15:41:15 -07:00
Sean Parkinson
3e12d260b8
ARM64 assembly - x18 not able to be used
...
Fix Curve25519/Ed25519, SHA-512 and SP code to not use x18.
2019-09-06 15:49:24 +10:00
Sean Parkinson
a975ba9e97
Disallow SHA-2 ciphersuites from TLS 1.0 and 1.1 handshakes
2019-09-06 09:31:14 +10:00
Jacob Barthelmeh
171902f1fb
change detection of AESNI support to read bit 25 from ECX
2019-09-05 17:02:44 -06:00
David Garske
1785089798
Merge pull request #2433 from kaleb-himes/ZD_5602_MINGW_XSNPRINTF
...
Resolve XSNPRINTF unconditional use in asn.c breaking mingw32 builds
2019-09-05 11:37:21 -07:00
toddouska
d6685edfa0
Merge pull request #2440 from SparkiDev/tlsfuzzer_fixes
...
Fixes for fuzz testing
2019-09-05 09:01:10 -07:00
toddouska
eaeaaf12c1
Merge pull request #2446 from SparkiDev/gplusplus_fix_1
...
Fixes for g++ compilation
2019-09-04 16:28:42 -07:00
toddouska
bf7296aefb
Merge pull request #2438 from SparkiDev/armv8-poly1305-clang
...
Fix ARMv8 Poly1305 inline assembly code to compile with clang 3.5
2019-09-04 16:28:02 -07:00
Sean Parkinson
56df8162bd
Fixes for g++ compilation
2019-09-04 10:09:36 +10:00
toddouska
b35fd4f1aa
Merge pull request #2441 from JacobBarthelmeh/UnitTests
...
strncpy gcc warning fixes
2019-09-03 15:44:10 -07:00
toddouska
0927f93b07
Merge pull request #2442 from JacobBarthelmeh/HardwareAcc
...
build fix for aesccm + devcrypto=cbc + wpas and afalg
2019-09-03 15:42:41 -07:00
toddouska
b19e785c2c
Merge pull request #2418 from dgarske/sha3_keccak256
...
Added support for older KECCAK256
2019-09-03 15:42:05 -07:00
toddouska
492ce6ac91
Merge pull request #2414 from dgarske/pkcs8_asn1
...
Added support for loading a PKCS8 ASN.1 formatted private key
2019-09-03 15:36:31 -07:00
Jacob Barthelmeh
03967d62f4
sanity check on resulting ecc size
2019-09-03 10:54:11 -06:00
Sean Parkinson
46790080a7
Fix ARMv8 Poly1305 inline assembly code to compile with clang 3.5
2019-09-02 09:52:25 +10:00
Sean Parkinson
60befc82c5
Fixes for fuzz testing
...
Changes
- Don't ignore decryption errors when doing TLS 1.3 and after Client
Finished.
- Put out an alert when TLS 1.3 decryption fails.
- Properly ignore RSA pss_pss algorithms when checking for matching
cipher suite.
- Check X25519 public value before import in TLS v1.2-
- REcognise TLS 1.3 integrity-only cipher suites as not negotiable with
TLS 1.2-.
- Send decode_error alert when bad message data in CertificateVerify.
- Negotiate protocol version in TLS 1.3 using extension and keep
decision when using TLS 1.2 parsing.
- Must have a signature algorithms extension in TLS 1.3 if not doing
PSK.
- More TLS v1.3 alerts.
- MAX_PSK_ID_LEN needs to be modified at compile time for tlsfuzzer to
work.
- change the good ecc public key to be a real public key when compiled
to check imported public keys
- Fix early data in TLS 1.3
- Make max early data size able to be changed at compile time - default
4K but fuzzer sends 16K
- Fix HRR, PSK and message hashes: Don't initialize hashes in parsing
ClientHello as need to keep hash state from previous ClientHello and
HelloRetryRequest
2019-09-02 08:58:14 +10:00
Jacob Barthelmeh
9fd38dc340
build fix for aesccm + devcrypto=cbc + wpas and afalg
2019-08-30 16:15:48 -06:00
Jacob Barthelmeh
2a750cd18d
strncpy gcc warning fixes
2019-08-30 13:34:51 -06:00
toddouska
ef20276ab5
Merge pull request #2424 from SparkiDev/enc_then_mac
...
Add support for Encrypt-Then-MAC to TLS 1.2 and below
2019-08-30 11:09:04 -07:00
toddouska
adc548fc61
Merge pull request #2428 from ejohnstown/ecckey-test-fix
...
Fix ECC key decode test
2019-08-30 11:07:00 -07:00
toddouska
347a859ffc
Merge pull request #2435 from JacobBarthelmeh/SanityChecks
...
sanity check on ticket encrypt callback
2019-08-30 10:18:58 -07:00
Chris Conlon
09f80c7f5f
Merge pull request #2439 from miyazakh/fix_espidf_issues
...
Fix build warnings while compiling wolfssl under esp-idf
2019-08-29 16:24:42 -06:00
toddouska
db2468154f
Merge pull request #2434 from tmael/phase2_compatibility_APIs
...
Adding phase 2 compatibility APIs
2019-08-29 12:26:27 -07:00
tmael
b8d2ccee83
Merge branch 'master' into phase2_compatibility_APIs
2019-08-29 09:16:41 -07:00
toddouska
9034e3a0fe
Merge pull request #2432 from embhorn/api_p2
...
Adding compatibility API phase 2
2019-08-29 09:05:01 -07:00
Juliusz Sosinowicz
5f77627857
Fix SetASNIntRSA
2019-08-29 16:24:09 +02:00
Hideki Miyazaki
d6bac37def
Fix build warnings while compiling wolfssl under esp-idf
2019-08-29 17:44:44 +09:00
Sean Parkinson
24e98dd05e
Add support for Encrypt-Then-MAC to TLS 1.2 and below
...
An extension is used to indicate that ETM is to be used.
Only used when doing block ciphers - HMAC performed on encrypted data.
2019-08-29 09:00:30 +10:00
Tesfa Mael
87e876d8c6
Match padding macro values and restore EVP non-AES-GCM
2019-08-28 15:45:07 -07:00
kaleb-himes
46b4654564
Fix failing IAR builds, thanks to Joseph C. for the report
2019-08-28 12:44:05 -06:00
Tesfa Mael
a76f719aac
Fix review comment
2019-08-28 10:42:57 -07:00
JacobBarthelmeh
411f15bec3
Merge pull request #2429 from cconlon/cmssig
...
Add internal PKCS7 content digest check
2019-08-28 09:41:10 -06:00
Eric Blankenhorn
0c9ba1b361
Adding compatibility API phase 2
2019-08-28 09:29:49 -05:00
Tesfa Mael
625c3074b9
Review comments, sanity check
2019-08-27 17:06:36 -07:00
Tesfa Mael
59dddda3a9
Updated with review comments
2019-08-27 15:37:00 -07:00
Tesfa Mael
dc5d11fef4
Updated with review comments
2019-08-27 15:14:58 -07:00
John Safranek
7fcb85b743
ECC-FP Cache Memory Leak
...
Each test case for ECC should be cleaning up the FP cache if it uses
the cache. Only a couple cases were getting freed.
2019-08-27 14:43:25 -07:00
David Garske
4ec90be4d6
Added --enable-hashflags option.
2019-08-27 13:28:33 -07:00
toddouska
a49f447e47
Merge pull request #2413 from dgarske/load_ca_nodate
...
Refactor of the verify option for processing X.509 files
2019-08-27 13:20:30 -07:00
Chris Conlon
e6252a94ce
check attrib->value and attrib->valueSz before use
2019-08-27 14:18:23 -06:00
Tesfa Mael
f9e364f893
Updated wolfSSL_EVP_Cipher() for AES GCM
2019-08-27 11:36:39 -07:00
Jacob Barthelmeh
10431738c7
sanity check on ticket encrypt callback
2019-08-27 11:41:27 -06:00
Tesfa Mael
208e9f3fcf
Fix Windows build
2019-08-27 08:49:27 -07:00
Tesfa Mael
e9d1f32441
Fix Windows build
2019-08-27 08:11:31 -07:00
Tesfa Mael
e8f468e2cf
correct ifdef directive
2019-08-26 19:17:41 -07:00
Tesfa Mael
00dadafddb
Add HAVE_FAST_RSA around RSA_print()
2019-08-26 16:54:10 -07:00
Kaleb Himes
6f9210d6af
Peer review feedback changes
...
Case ```__GNUC__``` already covered, just check for MINGW or CYGWIN cases now.
2019-08-26 16:53:52 -06:00
Tesfa Mael
b2555d38bc
Jenkins PRB enable options test
2019-08-26 15:43:58 -07:00
Tesfa Mael
9b3fee223f
Typecast to correct type
2019-08-26 14:17:13 -07:00
Tesfa Mael
6311ae425c
RSA_generate_key() needs WOLFSSL_KEY_GEN
2019-08-26 13:47:54 -07:00
toddouska
0f60ee8a85
Merge pull request #2402 from schlatterbeck/master
...
Fixes for 16-bit systems
2019-08-26 12:41:47 -07:00
Tesfa Mael
5e28dd94a2
OpenSSL compatible APIs:
...
ASN1_STRING_type
EVP_aes_128_gcm
EVP_CIPHER_CTX_ctrl
EVP_PKEY_sign
EVP_PKEY_sign_init
RSA_print
RSA_NO_PADDING
RSA_PKCS1_PSS_PADDING
2019-08-26 12:20:18 -07:00
kaleb-himes
ea4e7b2669
Resolve XSNPRINTF unconditional use in asn.c breaking mingw32 builds
2019-08-26 13:19:53 -06:00
Chris Conlon
256ac4a515
Merge pull request #2427 from miyazakh/fix_espbuild_failure
...
fix uninitialized var for esp idf build failure fix
2019-08-26 10:11:44 -06:00
Chris Conlon
61d01ab7f3
add unit test for PKCS7 invalid detached content
2019-08-26 09:43:20 -06:00
David Garske
76b9476b9a
Remove debug printf.
2019-08-23 16:24:45 -07:00
David Garske
99329b0fc4
Improvements to the CRL verify handling.
2019-08-23 16:09:39 -07:00
Chris Conlon
12687e5a2a
internally check PKCS7 content digest against messageDigest attribute
2019-08-23 16:40:12 -06:00
toddouska
2c97b040ff
Merge pull request #2419 from dgarske/ctx_sec_reneg
...
Adds use secure renegotiation at CTX level
2019-08-23 12:55:30 -07:00
toddouska
1bad2bed3c
Merge pull request #2404 from dgarske/strict_cipher
...
Added strict cipher suite check on client server_hello processing
2019-08-23 12:42:57 -07:00
toddouska
681de3e41a
Merge pull request #2375 from dgarske/stm32_cubemx_halv2
...
Fixes for STM32F7 and latest CubeMX HAL
2019-08-23 12:28:51 -07:00
toddouska
6209e8ff24
Merge pull request #2412 from JacobBarthelmeh/PKCS12
...
adjust wc_i2d_PKCS12 API
2019-08-23 10:30:04 -07:00
Juliusz Sosinowicz
63538fedde
Required additions for building fips-ready with speedups
2019-08-23 10:22:31 -07:00
toddouska
54fb08d6df
Merge pull request #2426 from JacobBarthelmeh/Fuzzer
...
sanity check on buffer size before reading short
2019-08-23 10:17:31 -07:00
John Safranek
2ba6c66d44
Fix ECC key load test
...
When using the configure options '--enable-certgen --enable-certext CPPFLAGS=-DWOLFSSL_VALIDATE_ECC_IMPORT', the ecc_decode_test() will fail the "good" test case. It is using the point (1, 1) in the test, and that fails the key validation. Changed the good key to one of the keys we have in the certs directory. The additional validation checks that the point is on the curve, and is validated in FIPS mode.
2019-08-22 14:18:59 -07:00
Hideki Miyazaki
8b2a1f13c4
fix uninitialized ver for esp idf build failure fix
2019-08-23 06:08:11 +09:00
David Garske
0e6bb4717e
Merge pull request #2425 from JacobBarthelmeh/SanityChecks
...
sanity check on buffer size
2019-08-22 12:30:06 -07:00
Jacob Barthelmeh
b83aebafb1
help out static analysis tool
2019-08-22 11:49:10 -06:00
Jacob Barthelmeh
65aeb71d6c
sanity check on buffer size before reading short
2019-08-22 11:36:35 -06:00
Jacob Barthelmeh
c6e4aebcdf
sanity check on buffer size
2019-08-22 09:23:02 -06:00
David Garske
cf83561b64
Merge pull request #2417 from SparkiDev/sp_mod_exp_cast_fix
...
SP Mod exp cast fix
2019-08-22 05:55:27 -07:00
David Garske
6544b5df88
Merge pull request #2423 from SparkiDev/fe_math_mac
...
Curve25519/Ed25519 x86_64 assembly working on Mac again
2019-08-22 05:54:49 -07:00
Sean Parkinson
132f60e77f
Curve25519/Ed25519 x86_64 assembly working on Mac again
2019-08-22 09:27:39 +10:00
Juliusz Sosinowicz
37f1522825
Changes to update stunnel support
2019-08-21 16:18:04 -07:00
Juliusz Sosinowicz
05d86ade20
Merge remote-tracking branch 'wolfSSL/master'
2019-08-21 16:17:55 -07:00
David Garske
e298b3290d
Fix to initialize hash flag.
2019-08-21 06:36:37 -07:00
Takashi Kojo
7deab4c54f
add KDS sample project
2019-08-21 11:12:09 +09:00
David Garske
67c3751836
Adds new wolfSSL_CTX_UseSecureRenegotiation API for setting secure renegotiation at the WOLFSSL_CTX level.
2019-08-20 16:43:28 -07:00
David Garske
a5d222a20e
Make public the hash set/get flags functions.
2019-08-20 16:25:48 -07:00
David Garske
154930d128
Added support for older KECCAK256 used by Ethereum. Uses existing hash flag API's.
...
To use add build flag `CFLAGS="-DWOLFSSL_HASH_FLAGS"`.
Example:
```c
wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256);
```
2019-08-20 16:14:37 -07:00
David Garske
24bfea1ad2
Fixes for various build options (!NO_RSA, HAVE_ECC, NO_PKCS8, NO_PKCS12). Added new NO_CHECK_PRIVATE_KEY to allow reduce code size when not required.
2019-08-20 10:38:08 -07:00
David Garske
644e7a8f45
Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with --disable-oldnames. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests.
2019-08-19 16:27:46 -07:00
Sean Parkinson
5530336617
SP Mod exp cast fix
2019-08-20 08:50:57 +10:00
Takashi Kojo
fd0390430d
Give error code resolution to wolfSSL_CertManagerCheckOCSPResponse
2019-08-20 07:22:54 +09:00
Jacob Barthelmeh
01a3b59e28
fix cast and initialization of variable
2019-08-19 14:54:53 -06:00
David Garske
3e1c103c78
Added support for loading a PKCS8 ASN.1 formatted private key (not encrypted).
2019-08-16 16:09:00 -07:00
David Garske
586b74b05f
Refactor of the verify option for processing X.509 files. Adds support for ignoring date checks when loading a CA using the WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY flag on wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex.
2019-08-16 15:19:55 -07:00
toddouska
7d4023f6a1
Merge pull request #2408 from dgarske/coverity
...
Minor fixes to resolve Coverity static analysis checks
2019-08-16 14:45:13 -07:00
Jacob Barthelmeh
487e66394e
adjust wc_i2d_PKCS12 API
2019-08-16 15:19:33 -06:00
David Garske
3f992ce39d
Additional STM32F7 fixes with HALv2.
2019-08-16 12:31:28 -07:00
David Garske
eb68ad162b
Enable strict cipher suite checking by default. Changed to enable by default and can be disabled using WOLFSSL_NO_STRICT_CIPHER_SUITE.
2019-08-16 10:20:25 -07:00
toddouska
dea4f2fb1a
Merge pull request #2410 from SparkiDev/poly1305_x64_fix
...
Fix Poly1305 on Intel AVX2
2019-08-16 09:08:27 -07:00
Sean Parkinson
8454bd1077
Fix Poly1305 on Intel AVX2
...
Fix define checks for other x86_64 assembly code files
2019-08-16 17:42:19 +10:00
David Garske
0d13b385ab
Fixes for possible cases where DerBuffer is not free'd in AddCA error cases.
2019-08-15 17:01:30 -07:00
David Garske
aee766e11b
Minor fixes for AES GCM with GMAC and STM32 HALv2.
2019-08-15 16:57:38 -07:00
David Garske
ed7ac6fb26
Coverity fixes to make static analysis happy.
2019-08-14 15:42:47 -07:00
David Garske
e75417fde1
Added build option to enforce check for cipher suite in server_hello from server. Enabled using WOLFSSL_STRICT_CIPHER_SUITE. Some cipher suites could be allowed if they were supported a build-time even though not sent in the cipher suite list in client_hello.
...
Example log output for test case where `client_hello` sent a cipher suite list and server choose a cipher suite not in the list:
```
wolfSSL Entering DoServerHello
ServerHello did not use cipher suite from ClientHello
wolfSSL Leaving DoHandShakeMsgType(), return -501
wolfSSL Leaving DoHandShakeMsg(), return -501
```
RFC 5246: 7.4.1.3: Server Hello: `cipher_suite: The single cipher suite selected by the server from the list in ClientHello.cipher_suites.`
2019-08-13 15:56:19 -07:00
Ralf Schlatterbeck
63c6c47165
Fixes for 16-bit systems
...
Systems with sizof(int) == 2 default to expressions with that size.
So we have to do some explicit casts or use unigned long constants in
some cases.
In ssl.h the prototype of a function was not matching the definition.
This resulted in a type incompatibility on a 16-bit system.
2019-08-10 18:27:29 +02:00
David Garske
e7c6fc221d
Fixes to handle byte swapping on Key and IV for STM32F7 with latest CubeMX.
2019-08-09 15:40:26 -07:00
David Garske
8e83fb2e67
Fix to resolve AES GCM auth calucation for GMAC where no in/out data is used.
2019-08-05 14:03:02 -07:00
David Garske
f5c1c33dba
Fixes for newer STM CubeMX HAL for STM32F7.
2019-08-02 15:12:09 -07:00
Jacob Barthelmeh
db9a17c8a7
fix for inject clear alert from client test case
2019-07-22 10:34:20 -06:00
Martin Kinčl
996cef6db2
Added stdio.h include to types.h.
2019-07-10 18:26:43 +02:00
Juliusz Sosinowicz
53cac0499f
Merge remote-tracking branch 'wolfSSL/master'
2019-06-12 14:42:02 +02:00
Juliusz Sosinowicz
b4ca2824cb
Merge remote-tracking branch 'wolfSSL/master'
2019-06-07 14:55:21 +02:00
Juliusz Sosinowicz
27e243085d
Merge remote-tracking branch 'wolfSSL/master'
2019-05-10 13:04:18 +02:00
