Eric Blankenhorn
a0d8327320
Coverity fixes 2 ( #1493 )
...
* Coverity fixes for wolfcrypt folder
* Fixes for remaining issues
* Fixes for test files
2018-04-13 05:35:18 -07:00
toddouska
84f7bd8cde
Merge pull request #1494 from dgarske/wpas
...
Fix for building wpa_supplicant
2018-04-12 13:49:31 -07:00
toddouska
eacd98fe4e
Merge pull request #1491 from dgarske/config
...
Configure improvements and new options
2018-04-12 13:48:20 -07:00
toddouska
8f1e8be2d0
Merge pull request #1490 from dgarske/hashoid_cleanup
...
Hash OID cleanup
2018-04-12 13:46:47 -07:00
David Garske
cf1230d232
Fix for building wpa_supplicant (`./configure --enable-wpas`) after PemToDer refactor in PR #1467 .
2018-04-12 06:53:44 -07:00
David Garske
1f7b954d47
Fix for `wc_GetCTC_HashOID` in FIPS mode. Uses the new `wc_HashTypeConvert` to handle conversion from unique WC_ALGO (`int`) to WC_HASH_TYPE_ALGO (`enum wc_HashType`).
2018-04-12 06:51:23 -07:00
David Garske
ce6728951f
Added a new `--enable-opensslall` option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build.
2018-04-11 13:54:07 -07:00
David Garske
689203d310
Added some more features to the `--enable-all`. Added new `--enable-webclient` option.
2018-04-11 13:54:07 -07:00
David Garske
ee5d78f84f
Added new `wc_OidGetHash` API for getting the hash type from a hash OID. Refactor PKCS7 and PKCS12 to use new API and reduce duplicate ocde. Updated `wc_GetCTC_HashOID` to use `wc_HashGetOID` and maintain back compat.
2018-04-11 13:53:30 -07:00
toddouska
d85580691b
Merge pull request #1492 from dgarske/fix_noasn_pwdbased
...
Fixes for ASN disabled and PWDBASED enabled / Win FIPS
2018-04-11 12:09:30 -07:00
David Garske
83bfdb1594
Fix for issue with unique hash types on ctoacrypt FIPS using different values than WC_HASH_TYPE_*. Add new API `wc_HashTypeConvert` to handle the conversion between `enum wc_HashType` and `int`. For FIPS it uses a switch() to convert and for non-FIPS it uses a simple cast. Changed the pwdbased_test to return actual ret instead of adding values (made it difficult to track down error location).
2018-04-11 09:30:30 -07:00
David Garske
3f3e332a3a
Fix for evp.c `statement will never be executed` in `wolfSSL_EVP_CIPHER_CTX_block_size`.
2018-04-11 08:18:39 -07:00
David Garske
38aa56cc40
Fix for Windows FIPS build in current master. Resolves issue with missing DES/AES key size enums.
2018-04-10 20:07:14 -07:00
David Garske
565f394972
Fix for building without ASN and PWDBASED enabled (`./configure --disable-asn --enable-pwdbased`).
2018-04-10 16:36:11 -07:00
toddouska
e25da80766
Merge pull request #1467 from dgarske/asnpemtoder
...
PEM Encrypted Keys cleanup and PemToDer move to wolfCrypt asn.c
2018-04-09 16:33:30 -07:00
David Garske
a38576146e
* Added support for disabling PEM to DER functionality using `WOLFSSL_PEM_TO_DER`. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests.
...
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
2018-04-09 13:28:15 -07:00
David Garske
5a46bdf6f6
Added unit test for using encrypted keys with TLS. Only works with `--enable-des3`, since the keys are all encrypted with DES3 (also requires either `--enable-opensslextra or --enable-enckeys`).
2018-04-09 13:28:15 -07:00
David Garske
d68a6fb4c7
Make sure wc_encrypt.h includes the ciphers.
2018-04-09 13:28:15 -07:00
David Garske
98c186017a
Fixes for build failures. Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. Added enum for unique cipher types. Added `CHACHA_MAX_KEY_SZ` for ChaCha.
2018-04-09 13:28:15 -07:00
David Garske
2c72f72752
Fixes for FIPS, sniffer (w/o enc keys), scan-build issues and backwards compatability.
2018-04-09 13:28:15 -07:00
David Garske
9be11bf62c
Fix to correct missing `wolfSSL_EVP_BytesToKey` header int he NO_MD5 case.
2018-04-09 13:28:15 -07:00
David Garske
1f00ea2115
Fixes for various build issues with type casting and unused functions. Moved `mystrnstr` to wc_port.c. Added some additional argument checks on pwdbased.
2018-04-09 13:28:15 -07:00
David Garske
e60032b961
Fix for duplicate API defs.
2018-04-09 13:28:15 -07:00
David Garske
b01535b483
Fix for stray character.
2018-04-09 13:28:15 -07:00
David Garske
8a31f13cb6
Remove obsolete `WOLFSSL_PEMPUBKEY_TODER_DEFINED` header logic.
2018-04-09 13:28:15 -07:00
David Garske
6de8348918
Fixes for various build configurations. Added `--enable-enckeys` option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN `CryptKey` function to wc_encrypt.c as `wc_CryptKey`. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-04-09 13:28:15 -07:00
David Garske
1315fad7dc
Added ForceZero on the password buffer after done using it.
2018-04-09 13:28:15 -07:00
David Garske
3a8b08cdbf
Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz.
2018-04-09 13:28:15 -07:00
David Garske
c83e63853d
Refactor unqiue hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). Refactor the Sha3 types to use wc_ naming.
2018-04-09 13:28:15 -07:00
David Garske
264496567a
Improvements to EncryptedInfo. Added build option `WOLFSSL_ENCRYPTED_KEYS` to indicate support for EncryptedInfo. Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option.
2018-04-09 13:28:15 -07:00
David Garske
f9e830bce7
First pass at changes to move PemToDer into asn.c.
2018-04-09 13:28:14 -07:00
toddouska
2ded38ec2b
Merge pull request #1485 from dgarske/tlskeygeneccorcurve
...
Fix TLS 1.3 with ED25519/CURVE25519 enabled and ECC disabled
2018-04-09 12:12:31 -07:00
David Garske
21833e245f
Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. Resolves issue with using `./configure --disable-ecc --enable-curve25519 --enable-ed25519 --enable-tls13`. Refactor `TLSX_KeyShare_GenEccKey` to support either ECC or CURVE25519. Fix for `PemToDer` to handle ED25519 without ECC enabled.
2018-04-09 10:10:08 -07:00
David Garske
2a460d3d05
Merge pull request #1484 from embhorn/coverity
...
Coverity fixes
2018-04-06 18:18:38 -07:00
Eric Blankenhorn
36b9b0b558
Updates from code review
2018-04-06 17:29:27 -05:00
Eric Blankenhorn
86767e727c
Fixes for CID 185033 185028 185142 185064 185068 185079 185147
2018-04-06 13:15:16 -05:00
Eric Blankenhorn
d2c1a1906d
Fixes for CID 184980 185017 185047 185167
2018-04-06 11:10:37 -05:00
toddouska
6090fb9020
Merge pull request #1483 from dgarske/winvs
...
Fixes for unused `heap` warnings
2018-04-06 09:01:49 -07:00
toddouska
e56209cee4
Merge pull request #1482 from dgarske/nourand
...
Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`
2018-04-06 09:00:37 -07:00
Eric Blankenhorn
920e6ed911
Fix warning in ssl.c
2018-04-06 09:30:54 -05:00
Eric Blankenhorn
c6ad885459
Coverity fixes for tls.c/n CID 184996 185112 185122
2018-04-06 09:08:00 -05:00
Eric Blankenhorn
ec429e50b1
Fixes for ssl.c
2018-04-06 07:45:12 -05:00
David Garske
426335b68f
Found additional VS unused `heap` warnings. Replace tabs with 4-spaces.
2018-04-05 12:28:32 -07:00
toddouska
2b48a074eb
Merge pull request #1480 from dgarske/extcache
...
Fix for HAVE_EXT_CACHE callbacks not being available without OPENSSL_EXTRA
2018-04-05 10:52:44 -07:00
David Garske
bab62cc435
Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. Added better named define `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay.
2018-04-05 09:34:43 -07:00
David Garske
ede006b3e1
Merge pull request #1479 from JacobBarthelmeh/HardwareAcc
...
Fix PIC32 AES-CBC and add test case
2018-04-05 09:15:08 -07:00
Eric Blankenhorn
5439402c1d
Refactor for max record size ( #1475 )
...
* Added new internal function `wolfSSL_GetMaxRecordSize`.
* Modified tls_bench to use dynamic buffer based on max record size.
* Added comment for DTLS maxFragment calculation.
2018-04-05 09:11:58 -07:00
David Garske
412d4d76ee
Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. Added tests for external cache callbacks.
2018-04-05 07:10:04 -07:00
toddouska
a1d6bc68de
Merge pull request #1478 from dgarske/fixeccmaxsize
...
Fix for ECC max bits
2018-04-04 16:27:15 -07:00
Jacob Barthelmeh
815219b589
fix pic32 AES-CBC and add test case
2018-04-04 16:09:11 -06:00