mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7,831 Commits 5 Branches 162 Tags
Commit Graph

640 Commits

Author SHA1 Message Date
John Safranek
239880a9de Subject Alt Name Matching 
1. Removed an external test tag from a failure test case. Ends up leaving a thread still running on exit.
 2018-07-10 17:07:48 -07:00
John Safranek
adb3cc5a5a Subject Alt Name Matching 
1. Added certificates for localhost where the CN and SAN match and differ.
2. Change subject name matching so the CN is checked if the SAN list doesn't exit, and only check the SAN list if present.
3. Added a test case for the CN/SAN mismatch.
4. Old matching behavior restored with build option WOLFSSL_ALLOW_NO_CN_IN_SAN.
5. Add test case for a correct certificate.

Note: The test for the garbage certificate should fail. If you enable the old behavior, that test case will start succeeding, causing the test to fail.
 2018-07-02 13:39:11 -07:00
toddouska
5d767aa004
Merge pull request #1641 from ejohnstown/rename-inline 
Rename INLINE
 2018-06-27 09:34:41 -07:00
John Safranek
586874b997 Rename INLINE 
1. Renamed the macro INLINE as WC_INLINE.
2. For FIPS and the "selftest" build, define INLINE as WC_INLINE. Allows the FIPS code to work unchanged.
 2018-06-26 15:17:46 -07:00
toddouska
d9b5948947
Merge pull request #1605 from dgarske/asyncfsanitize 
Fixes for async to resolve runtime fsanitize issues
 2018-06-26 14:27:07 -07:00
John Safranek
e6c7952f50 Merge master into fipsv2. Resolved a conflict in api.c. 2018-06-22 09:52:26 -07:00
David Garske
522f365279 Fix one more issue with PKCS7 and async, which is not supported. 2018-06-22 09:30:25 -07:00
toddouska
c1362cca60
Merge pull request #1629 from JacobBarthelmeh/Certs 
disable CRL with additional cn/alt test certs
 2018-06-19 14:42:21 -07:00
Jacob Barthelmeh
d3cd0b6b2e disable CRL with additional cn/alt test certs 2018-06-18 16:10:45 -06:00
Jacob Barthelmeh
a1295b3148 memory management with test cases 2018-06-15 15:43:42 -06:00
toddouska
0d0aa74444
Merge pull request #1623 from dgarske/fix_atecc508a 
Fixes for build with `WOLFSSL_ATECC508A` defined
 2018-06-15 11:06:33 -07:00
Jacob Barthelmeh
c03c10e1d4 move location of wolfSSL_d2i_RSA_PublicKey to fix x509 small build 2018-06-14 14:38:15 -06:00
toddouska
139a08a98e
Merge pull request #1621 from SparkiDev/tls13_no_cs 
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
 2018-06-14 09:08:13 -07:00
David Garske
5b2bb44bc8 Fixes for build with WOLFSSL_ATECC508A defined. 2018-06-13 20:10:01 -07:00
toddouska
15348d4936
Merge pull request #1612 from dgarske/fixmatchdomainname 
Fixes for `MatchDomainName` to properly detect failures
 2018-06-13 13:13:52 -07:00
David Garske
61056829c5 Added success test cases for domain name match (SNI) in common name and alternate name. 2018-06-13 09:26:54 -07:00
Sean Parkinson
a03c15e598 Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests 2018-06-13 11:42:16 +10:00
David Garske
1f16b36402 Fixes for MatchDomainName to properly detect failures: 
* Fix `MatchDomainName` to also check for remaining len on success check.
* Enhanced `DNS_entry` to include actual ASN.1 length and use it thoughout (was using XSTRLEN).

Added additional tests for matching on domain name:
* Check for bad common name with embedded null (CN=localhost\0h, Alt=None) - Note: Trouble creating cert with this criteria
* Check for bad alternate name with embedded null (CN=www.nomatch.com, Alt=localhost\0h)
* Check for bad common name (CN=www.nomatch.com, Alt=None)
* Check for bad alternate name (CN=www.nomatch.com, Alt=www.nomatch.com)
* Check for good wildcard common name (CN=*localhost, Alt=None)
* Check for good wildcard alternate name (CN=www.nomatch.com, Alt=*localhost)
 2018-06-12 14:15:34 -07:00
John Safranek
5e516cc2e0 Merge branch 'master' into fipsv2 2018-06-12 10:10:50 -07:00
David Garske
dac5f84f61 Fix build error with missing bio. Fix for pkey not being reset to NULL for d2i_PrivateKey failure case test. 2018-06-12 09:38:18 -07:00
David Garske
292e9535ae Fix for wolfSSL_ERR_clear_error to call wc_ClearErrorNodes when its available (mismatched macros), which was incorrectly causing test_wolfSSL_ERR_put_error to fail. Added test_wolfSSL_PEM_PrivateKey test for ECC based key. Refactored the RNG test to only run the reseed test if TEST_RESEED_INTERVAL is defined. This is the test that was causing the tests/api.c to take so long to complete. Will add this macro to the enable options test. 2018-06-12 09:38:18 -07:00
David Garske
9cbd2b00d4 Added test for PEM_read_bio_PrivateKey using BIO loaded using BIO_new_mem_buf. 2018-06-12 09:38:18 -07:00
David Garske
e1890a4b0e Added some bad argument checks on compatibility functions BIO_new_mem_buf and PEM_read_bio_PrivateKey. 2018-06-12 09:38:18 -07:00
David Garske
ad0a10441d Fixes for building with openssl compatibility enabled and no TLS client/server. 
Resolves issues building with:
`./configure --enable-opensslextra --disable-rsa --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`
`./configure --enable-opensslextra --disable-ecc --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`

Ticket 3872
 2018-06-12 09:38:18 -07:00
John Safranek
df6fe0b07c FIPS Revalidation (acceptance fixes) 
1. Update the fips-check script to pull the FIPSv2 code from the main repositories.
2. Script cleanup.
3. Disable the api.test check of wc_ecc_mulmod() when WOLFSSL_VALIDATE_ECC_IMPORT is enabled.
 2018-06-08 10:36:28 -07:00
John Safranek
234228e5af FIPS Revalidation (acceptance fixes) 
1. Fixed some whitespace in api.c.
 2018-06-06 17:50:55 -07:00
John Safranek
7e9a32fffd FIPS Revalidation 
Merge branch 'master' into fipsv2. Using a merge instead of a rebase to retain commit IDs and tags.
 2018-06-06 12:43:15 -07:00
Sean Parkinson
4ac34b74bd Fix test to work with configurations not including AES-GCM 2018-06-05 10:30:15 +10:00
toddouska
c43a84547a
Merge pull request #1572 from dgarske/cryptodev 
Added crypto device framework
 2018-05-31 10:28:58 -07:00
Jacob Barthelmeh
5849e9f1a1 update macro name in test case 2018-05-30 17:42:07 -06:00
toddouska
999663fae1
Merge pull request #1498 from JacobBarthelmeh/Certs 
update before/after dates with certificates
 2018-05-30 10:09:49 -07:00
Go Hosohara
8cd357aa3a d2i_PKCS12_fp 2018-05-30 12:10:41 +09:00
Go Hosohara
c715bb5ade X509_check_ca 2018-05-30 12:08:27 +09:00
Go Hosohara
3f6b7c8833 Merge with openSSL-Compat-CRL-STORE on kojo1/wolfssl 2018-05-30 12:08:27 +09:00
Go Hosohara
0fb446ad36 i2c_ASN1_INTEGER 2018-05-30 12:03:58 +09:00
Go Hosohara
d7e4bbf1cf ASN1_STRING_print_ex 2018-05-30 11:56:43 +09:00
Go Hosohara
5c11e1440f ASN1_TIME_to_generalizedtime 2018-05-30 11:56:43 +09:00
Go Hosohara
5ff460bb7f OPENSSL_add_all_algorightms_noconf 2018-05-30 11:53:18 +09:00
Go Hosohara
005284a127 ASN1_GENERALIZEDTIME_free 2018-05-30 11:53:17 +09:00
Go Hosohara
24ff55b085 RAND_poll 2018-05-30 11:53:17 +09:00
toddouska
52179eba16
Merge pull request #1583 from dgarske/nomatch 
Added test for common name failure with check domain name
 2018-05-29 13:30:42 -07:00
toddouska
2cf853d1f1
Merge pull request #1582 from SparkiDev/tls13_only 
Allow TLS 1.2 to be compiled out.
 2018-05-29 13:26:54 -07:00
Chris Conlon
16738f1449
Merge pull request #1569 from kojo1/openSSL-Compat-CRL-STORE 
openSSL compatibility APIs: X509_CRL, STORE
 2018-05-29 09:47:22 -06:00
Takashi Kojo
3939eadf9c get derLen by RsaPublicKeyDerSize 2018-05-26 10:55:17 +09:00
Chris Conlon
af471a360d
Merge pull request #1574 from cariepointer/test/wolfcrypt 
Add unit test for wc_SignatureGetSize
 2018-05-25 11:29:58 -06:00
Carie Pointer
12dc346058 Change return value to 0 for null key when HAVE_USER_RSA is defined 2018-05-25 09:25:25 -06:00
Sean Parkinson
ba8e441e53 Allow TLS 1.2 to be compiled out. 2018-05-25 11:00:00 +10:00
Carie Pointer
65014248f9 Fix typos, update ret for if HAVE_USER_RSA defined 2018-05-24 16:32:27 -06:00
David Garske
a5c2e8b912 Added test for common name with invalid domain fails as expected when set with wolfSSL_check_domain_name. 2018-05-24 14:39:35 -07:00
toddouska
453daee965
Merge pull request #1523 from SparkiDev/ed25519_key 
Allow Ed25519 private-only keys to work in TLS
 2018-05-24 09:56:17 -07:00