mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
15,506 Commits 5 Branches 162 Tags
Commit Graph

2032 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
a738c16b2f Can't have macros within macros 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
7d6f8ea255 Update wrong email in gen script 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
a6be157628 Gate new AKID functionality on WOLFSSL_AKID_NAME 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
d9af698aa4 Implement raw AKID with WOLFSSL_ASN_TEMPLATE 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
c162196b27 Add x509 name attributes and extensions to DER parsing and generation 
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
 2021-10-28 14:50:53 +02:00
David Garske
c16f0db1b5 Fixes for handling WC_PENDING_E async responses in API unit test and examples. Resolves all issues with --enable-all --enable-asynccrypt --with-intelqa=. 2021-10-27 15:08:39 -07:00
John Safranek
75df6508e6 Add a read enable for private keys when in FIPS mode. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
c2c2e5b4f5 tests/api.c: post_auth_version_cb(): add missing gating on !NO_ERROR_QUEUE for wolfSSL_ERR_get_error() test. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
a5c03f65e3 tests/api.c: fix test_CryptoCb_Func() to not attempt signing op on ephemeral ECC keys. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
aa6ca43e91 api.c: skip test_wolfSSL_EVP_PBE_scrypt() when FIPS 140-3 (test uses impermissibly short HMAC key). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f1c1f76851 ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg. 2021-10-26 20:24:27 -05:00
John Safranek
9bf36f329a Add sign/verify PCT to RSA key gen. 2021-10-26 20:24:25 -05:00
John Safranek
f49a09749e When building for FIPS, the unit test will run all the CASTs up front. 2021-10-26 20:24:25 -05:00
John Safranek
976402e04b RNG Update 
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
   as a default callback.
2. Modify all the tests and examples to use the default seed callback if
   the seed callback is enabled.
 2021-10-26 20:24:25 -05:00
John Safranek
a935f2f86d FIPS CAST Update 
1. In the unit test, when checking the build options, also check for
   FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
   getting called, so the FIPS flags didn't get checked. (It was using
   wc_InitSha_ex() which bypasses the FIPS checks.)
 2021-10-26 20:24:24 -05:00
JacobBarthelmeh
4825534062
Merge pull request #4500 from cconlon/errorQueueFix 
fix wc_ERR_print_errors_fp() unit test with NO_ERROR_QUEUE
 2021-10-27 05:56:32 +07:00
David Garske
9c665d7282
Merge pull request #4501 from embhorn/zd13114 
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
 2021-10-26 10:47:59 -07:00
David Garske
87baf7818e
Merge pull request #4505 from julek-wolfssl/fix-nids 
Make NID's consistent v2
 2021-10-26 10:29:42 -07:00
Eric Blankenhorn
19feab7850 Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow 2021-10-26 07:14:53 -05:00
Juliusz Sosinowicz
48b304be00 Fix issues with AIA_OCSP_OID and AIA_CA_ISSUER_OID 2021-10-26 11:47:27 +02:00
Juliusz Sosinowicz
348fec3d29 wc_ClearErrorNodes is a local API that is not exported for linking 2021-10-26 09:14:48 +02:00
Juliusz Sosinowicz
57b9170ac0 Make NID's consistent 
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
 2021-10-26 09:14:25 +02:00
Sean Parkinson
08d9b145d9 ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist 
Change SSL_FATAL_ERROR to  WOLFSSL_FATAL_ERROR
 2021-10-26 15:50:52 +10:00
John Safranek
a0c7c079b8
Revert "Make NID's consistent" 2021-10-25 21:57:28 -07:00
Sean Parkinson
cdf72facbf
Merge pull request #4429 from julek-wolfssl/fix-nids 
Make NID's consistent
 2021-10-26 09:59:26 +10:00
Sean Parkinson
6070981366
Merge pull request #4490 from dgarske/static_mem_unittest 
Add CTX static memory API unit tests
 2021-10-26 09:52:14 +10:00
Chris Conlon
eb0b6ca122 fix unit test for wc_ERR_print_errors_fp() when NO_ERROR_QUEUE is defined 2021-10-25 13:50:39 -06:00
Chris Conlon
402ee29163 fix nid2oid/oid2nid for oidCertAuthInfoType 2021-10-22 16:53:18 -06:00
John Safranek
d83d16af59
Merge pull request #4483 from julek-wolfssl/cov-reports 2021-10-22 13:07:57 -07:00
David Garske
229f0d5fd1
Merge pull request #4485 from JacobBarthelmeh/certs 
Improve permitted alternate name logic in certificate ASN handling
 2021-10-22 11:59:16 -07:00
David Garske
c027fffa92 Fix for CTX free heap hint issue. With openssl extra the param and x509_store.lookup.dirs are allocated at CTX init and if heap or static pool was used depends on ctx->onHeapHint. Added test case for this and inline code comment. 2021-10-22 11:58:02 -07:00
John Safranek
aad230a7e3
Restore a test case. Add a missing null-check. 2021-10-22 10:36:17 -07:00
David Garske
4c0527490d Fixes for API unit test with WOLFSSL_NO_ASN_STRICT. Fix spelling error. 2021-10-22 09:59:16 -07:00
Hayden Roche
0b6523d933 Rename pem_password_cb to wc_pem_password_cb. 
Recently, we had a wolfEngine customer report a compilation error because
wolfSSL and OpenSSL both define the typedef pem_password_cb. The solution is to
namespace our typedef with the wc_ prefix. In order to not break existing code
that relies on wolfSSL providing pem_password_cb, if OPENSSL_COEXIST is not
defined, we define pem_password_cb as a macro that maps to wc_pem_password_cb.
 2021-10-21 16:47:29 -07:00
David Garske
b5f4a0c005 Improve API unit test to use X509_NAME_get_sz and make it widely available. 2021-10-21 16:42:19 -07:00
David Garske
f17187aad9 Fixes for static memory testing. Fix clang memory sanitizer warnings. 2021-10-21 16:33:57 -07:00
David Garske
785e37790a Cleanup API test case debugging. 2021-10-21 12:35:06 -07:00
David Garske
911d95e5e4 Add CTX static memory API unit tests. Expanded crypto callback TLS tests to older SSL/TLS and DTLS. 2021-10-21 11:47:00 -07:00
Juliusz Sosinowicz
79b738b5a6 commit-test and jenkins fixes 2021-10-21 14:29:28 +02:00
Juliusz Sosinowicz
4268763adb wc_ClearErrorNodes is a local API that is not exported for linking 2021-10-21 13:47:55 +02:00
Juliusz Sosinowicz
20473ba563 Make NID's consistent 
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
 2021-10-21 13:01:57 +02:00
Jacob Barthelmeh
12f86b020a clean up test case memory and common name size 2021-10-20 17:13:34 -06:00
Jacob Barthelmeh
f57801c17b more name constraint test cases and adjust DNS base name matching to not require . 2021-10-20 14:25:02 -06:00
David Garske
6d2a5fab9b Added test cases for EVP_PKCS82PKEY and EVP_PKEY2PKCS8. 2021-10-20 09:18:13 -07:00
Jacob Barthelmeh
e0e43b6a16 clean up test case 2021-10-19 23:12:07 -06:00
Jacob Barthelmeh
3b73c6e3ae handle multiple permitted name constraints 2021-10-19 23:12:07 -06:00
Jacob Barthelmeh
afee92e0cf bail out when a bad alt name is found in the list of alt names 2021-10-19 23:12:07 -06:00
David Garske
de8798f4be Fix API unit tests where DH 3072-bit is not enabled. 2021-10-19 17:04:18 -07:00
David Garske
a03ed32380 Support for Android KeyStore compatibility API's: 
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
 2021-10-19 17:04:18 -07:00
Sean Parkinson
f04380d624
Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode 
scan-build LLVM-13 fixes and expanded coverage
 2021-10-20 08:30:46 +10:00